With a population of over 666 million people and a GDP growth rate rivalling India and China’s, Southeast Asia’s burgeoning middle class is driving strong consumer demand that is attractive to foreign investors. The Asean Investment Report 2023 indicated that foreign direct investment (FDI) inflows into Asean reached an all-time high of US$224 billion ($300 billion) in 2022, despite a 12% decline globally.
Increased regulatory scrutiny, cyber crime and sustainability obligations
As investors seek growth potential of the region, they also need to be mindful of the risks of investing in the region. The 2022 Transparency International Corruption Perception Index placed eight of the 10 Asean countries in the higher risk category for corruption risks. Over the years, Asean regulators have responded to corruption and fraud risks by establishing anti-corruption agencies aligned with the United Nations Convention Against Corruption treaty, leading to more stringent legislations, enhanced enforcement actions and cross-border collaboration. Examples include Malaysia’s first prosecution under Section 17A of the Malaysian Anti-Corruption Commission Act 2009, as well as the ramping up of anti-corruption efforts in Vietnam, Thailand and Indonesia.
Across Southeast Asia, active anti-corruption crackdown efforts are evident from frequent high-profile cases reported in the media.
While financial crime is a global issue, cyber criminals and organised crime groups are also increasingly targeting Southeast Asia. With over 460 million Internet users and a projected US$1 trillion GDP boost over the next decade, rising financial crime has been spurred by rapid post-pandemic economic development, legal and regulatory changes, and complex sanctions.
In fact, research has found that three out of five (67%) businesses in Southeast Asia were victims of ransomware attacks that often resulted in data privacy breaches and loss of highly sensitive trade secrets. Countries like Singapore have enforced stricter penalties on organisations that encounter breaches by raising the financial penalty cap under its Personal Data Protection Act. Incidents such as bank phishing as well as investment and e-commerce scams are increasing at an alarming rate. Organised crime groups behind these scams are also actively trying to launder their illicit proceeds through the financial systems.
Lastly, with the rising focus on sustainability risks from regulators, investors and consumers, businesses need to scrutinise their supply chains for financial and socio-environmental risks via business partner due-diligence and monitoring programs. The consequences of getting caught off-guard by a business partner that breach international laws and norms, such as modern slavery, bribery and corruption or other compliance requirements, goes beyond operational disruption and financial losses. Doubts over management integrity and the reputational impact in such situations can alienate consumers, who expect businesses to hold themselves and their partners to a higher standard.
How investors can better manage risks
Fraud, corruption, cyber breaches, and non-compliance can cause significant financial loss, reputation loss and derail investment plans. To achieve expected returns, investors should assess risks carefully and allocate adequate resources to address the complex issues. Here are some ways that investors can better manage these risks.
See also: Sembcorp and NYSE-listed Bloom Energy to bring low-carbon solutions to Singapore
Manage integrity risks in M&As: M&As offer an avenue to quickly gain a foothold in the market. When working on an M&A deal, it is vital to involve the compliance team from the outset. The compliance team should have sufficient influence and authority for compliance-related issues and concerns about the deals to reach the board. Forensic professionals may be called in to conduct forensic due diligence procedures. Investors should note that while higher-risk markets have strong growth opportunities, potential penalties and the high costs to clean up improper operations should also be taken into consideration.
Effective whistleblower programme: Whistleblowers are the first line of defence against corruption, fraud and wrongdoing. An effective and independent whistleblower programme acts as an early warning system while promoting an integrity-focused culture. It is the organisation’s alarm system, which can be triggered by anyone — employees, customers or business partners. An effective whistleblowing process sets out how individuals can report actions that they believe are problematic and provide adequate safeguards to protect whistleblowers from retaliation, so that they are not afraid of speaking up.
Third-party risk management (TPRM) programme: The resilience of companies is related to the resilience of their third parties. The consequence of getting caught off-guard by a business partner that flouts international laws and norms goes beyond operational disruption and financial losses. A TPRM programme governs the conduct of due diligence and monitoring of business partners to ensure that they meet expected expectations at local and international standards. The most effective TPRM programmes are enabled by digital and artificial intelligence tools, coupled with advanced analytics and algorithms to evaluate risks.
See also: Goldman, JPMorgan weigh in after ESG fund flows hit historic low
Continuous monitoring of compliance data: Compliance programmes are more effective when measured using data. Monitoring, together with carefully calibrated risk indicators and scoring models, can be a game-changer for detecting risks. With digital scorecards that aggregate different data points, companies can have a broader view of their overall compliance performance. This not only facilitates effective communication with regulators and senior leadership on the organisation’s compliance efforts but also allows them to drive year-on-year improvements on their compliance efforts.
Cyber compromise detection: With many high-profile cases of cyber criminals bypassing companies’ cyber defences where attackers are not caught, companies need to rethink their cyber security strategy and shift their mindset from one of prevention to resilience. Cyber compromise detection involves identifying forensic data that suggest a system or network may have been breached. This allows companies to detect attacks and act quickly to prevent further breaches and limit damages by stopping attacks in earlier stages.
Before investing in Southeast Asia, assess and manage risks first
Strategically located at the crossroads of global trade, Southeast Asia provides investors access and opportunities into Asia. However, as with any investments, these opportunities present risks too. Implementing effective measures to manage business integrity risks will ultimately differentiate successful businesses from the crowd.
Ramesh Moosa is EY Asean and Singapore forensic & integrity services leader. The views reflected in this article are the views of the author and do not necessarily reflect the views of the global EY organisation or its member firms
