ey-how-to-manage-compliance-risks-when-investing-in-southeast-asia

How to manage compliance risks when investing in Southeast Asia

Photographic portrait of Ramesh Moosa
Ramesh Moosa

EY Asean and Singapore Forensic & Integrity Services Leader

5 minute read 26 Feb 2024
Related topics
Assurance
Forensics
Risk
Cybersecurity

Southeast Asia has robust growth potential and investors should be mindful of associated risks and obligations in this dynamic region.

In brief
  • Failure to effectively address risks relating to fraud, corruption, cyber breaches and non-compliance can have far-reaching negative consequences.
  • Investors must better manage such risks to effectively tap into Southeast Asia’s growth potential.
  • Some key actions include managing integrity risks in M&As, creating a robust third-party risk management program and implementing cyber compromise detection.

With a population of over 666 million people and a gross domestic product (GDP) growth rate rivaling India’s and China’s1, Southeast Asia is driving strong consumer demand that is attractive to foreign investors thanks to its burgeoning middle class. Foreign direct investment (FDI) inflows into Southeast Asia reached an all-time high of US$224 billion in 2022, despite a 12% decline globally.2

Increased regulatory scrutiny, cybercrime and sustainability obligations

As investors seek to benefit from the region’s growth potential, they also need to be mindful of the risks of investing.

Transparency International’s 2022 Corruption Perceptions Index (CPI) placed eight of the 10 Association of Southeast Asian Nations countries in the higher-risk category for corruption risks.3 Over the years, Southeast Asian regulators have responded to corruption and fraud risks by establishing anti-corruption agencies aligned with the United Nations Convention Against Corruption, leading to more stringent legislation, enhanced enforcement actions and cross-border collaboration. Examples include Malaysia’s first prosecution under Section 17A of the Malaysian Anti-Corruption Commission Act 2009 in 2021 and the recent ramping up of anti-corruption efforts in Vietnam, Thailand and Indonesia. Across Southeast Asia, active anti-corruption crackdown efforts are evident from frequent high-profile cases reported in the media.

While financial crime is a global issue, cybercriminals and organized crime groups are also increasingly targeting Southeast Asia. The region had over 516.5 million internet users in 20224 and its digital economy is forecast to grow by 6 per cent annually, reaching as high as US$1 trillion by 2030.5 In addition, rising financial crime in Southeast Asia has been spurred by rapid post-pandemic economic development, undeterred by legal and regulatory changes and complex sanctions.

In fact, research found that about three out of five (67%) businesses in Southeast Asia were victims of ransomware attacks, which often result in data privacy breaches and loss of highly sensitive trade secrets.6 Singapore has enforced stricter penalties on organizations that encounter breaches by raising the financial penalty cap under its Personal Data Protection Act.

Bank phishing and investment and e-commerce scams are increasing at an alarming rate. Organized crime groups behind these scams are also actively trying to launder their illicit proceeds through the financial systems.

With regulators, investors and consumers increasingly focusing on sustainability risks, business need to scrutinize their supply chains for financial and socio-environmental risks via business partner due diligence and monitoring programs. The consequences of getting caught off guard by a business partner that breaches international laws and norms, such as those relating to modern slavery, bribery and corruption or other compliance requirements, go beyond operational disruption and financial losses. Doubts over management integrity and the reputational impact in such situations can alienate consumers, who expect businesses to hold themselves and their partners to a higher standard.

How EY can Help

  • Transaction Forensics

    Our Transaction Forensics team can help your business mitigate financial, operational and reputational risks inherent to mergers and acquisition transactions. Learn more.

    Read more

How investors can better manage risks

Fraud, corruption, cyber breaches and noncompliance can cause significant financial and reputational loss and derail investment plans. To achieve expected returns, investors should assess risks carefully and allocate adequate resources to address the complex issues. Here are some ways that investors can better manage these risks. 

 

Manage integrity risks in M&As

M&As offer an avenue to quickly gain a foothold in the market. When working on an M&A deal, it is vital to involve the compliance team from the outset. The compliance team should have sufficient influence and authority for compliance-related issues and concerns about the deals to reach the board. Forensic professionals may be called in to conduct forensic due diligence procedures. Investors should note that while higher-risk markets have strong growth opportunities, potential penalties and the high costs of cleaning up improper operations should also be considered. 

 

Effective whistle-blower program 

Whistle-blowers are the first line of defense against corruption, fraud and wrongdoing. An effective and independent whistle-blower program acts as an early warning system while promoting an integrity-focused culture. It is the organization’s alarm system, which can be triggered by anyone — employees, customers or business partners. An effective whistle-blowing process sets out how individuals can report actions that they believe are problematic and provides adequate safeguards to protect whistle-blowers from retaliation so that they are not afraid of speaking up.

 

Third-party risk management (TPRM) program 

The resilience of companies is related to the resilience of their third parties. A TPRM program governs the conduct of due diligence and monitoring of business partners so that they meet expectations under local and international standards. The most effective TPRM programs are enabled by digital and artificial intelligence tools, along with advanced analytics and algorithms to evaluate risks. 

Digital and artificial intelligence tools, together with advanced analytics and algorithms to evaluate risks, can enhance the effectiveness of TPRM programs.

How EY can Help

Continuous monitoring of compliance data

Compliance programs are more effective when measured using data. Monitoring, together with carefully calibrated risk indicators and scoring models, can be a game changer for detecting risks. With digital scorecards that aggregate different data points, companies can have a broader view of their overall compliance performance. This not only facilitates effective communication with regulators and senior leadership on the organization’s compliance efforts but also allows them to drive year-on-year improvements in such efforts.

 

Cyber compromise detection 

With many high-profile cases of cybercriminals bypassing companies’ cyber defenses where attackers are not caught, companies need to rethink their cybersecurity strategy and shift their mindset from one of prevention to resilience. Cyber compromise detection involves identifying forensic data that suggest a system or network may have been breached. This allows companies to detect attacks, act quickly to prevent further breaches and limit damage by stopping attacks in earlier stages. 

 

Strategically located at the crossroads of global trade, Southeast Asia provides investors with opportunities and access to the wider Asian region. However, as with any investment, these opportunities present risks too. Before investing in the region, companies first need to assess business integrity risks and implement effective measures to manage such risks. This will allow them to better position themselves for success compared with businesses that fail to do so.


This article was first featured in The Edge Singapore on 1 February 2024.

Summary

Investors seeking to benefit from Southeast Asia’s growth potential need to enhance risk management capabilities relating to fraud, corruption, cyber breaches and non-compliance. To this end, management of integrity risks in M&As, an effective whistle-blower program, a robust third-party risk management program, continuous monitoring of compliance data and cyber compromise detection are crucial.

About this article

Photographic portrait of Ramesh Moosa
Ramesh Moosa
EY Asean and Singapore Forensic & Integrity Services Leader
Forensic and cyber professional. Leads highly talented teams serving multinational organizations. Agile and adaptable in any environment. Aspiring chef. Bike and car enthusiast.
Related topics
Assurance
Forensics
Risk
Cybersecurity

Our related articles

Why cyber breach detection is a crucial part of your defense strategy

Companies cannot afford to focus only on incident prevention as more cybercriminals breach cyber defenses without the victims’ knowledge. Learn more.

Ramesh Moosa

How boards can close the integrity “say-do” gap

Boards must strengthen the integrity agenda as companies find it harder to uphold integrity standards in the post-pandemic environment. Learn more.

Ramesh Moosa

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.