Reducing Compliance Risk in Workplaces Across Southeast Asia


Southeast Asia is a region of diverse cultures, religions, and political frameworks that holds a unique growth opportunity. Asia’s consumer markets are rapidly growing and diversifying. McKinsey Global Institute research found that consumers in Asia are now reaching higher tiers of the income pyramid. At the same time, diverse cohorts are developing within key cities. New behaviours, demographics, and growth angles and being created by emerging segments such as Gen Z gamers, digital natives, and older generations moving online, to name a few.

McKinsey also reports that Asian consumers are expected to account for half the global consumption growth in the next decade, equivalent to a US $10 trillion growth opportunity. In the same timeframe, one in two upper-middle-income (and above) households are expected to be in Asia. These higher-income consumers are also likely to have increased and more sophisticated financial needs.

Financial services firms across Asia Pacific (APAC) are capitalising on the opportunities presented by this growing hyper-transacting and hyper-digital customer demographic. But as growth evolves, so must compliance risk management. And that begins with workplace compliance.

Company Culture: the First Foundation of Risk Management

MCO-Reducing-Regulatory-Compliance-Risk-Across-Southeast-Asia-Company-CultureAccording to the EY Global Integrity Report 2022, Only 33% of respondents believe that behaving with ethical standards is an important characteristic of integrity. A further 50% of respondents cite that compliance with laws, regulations and codes of conduct is an important characteristic of integrity.

Financial services firms, in particular, must drive a company culture that leads with ethics, integrity, and compliance. Not just from an organisational health perspective but also in terms of public perception. Trust and transparency are becoming ever more essential for finance organisations to demonstrate value and gain the loyalty of their growing customer base across APAC.

So how can firms build the foundations of a strong, ethical company culture? Firstly, by taking a consultative approach. By encouraging staff to openly discuss opinions and raise potential issues (before they snowball into larger issues), organisations can create an environment where all staff feel comfortable to challenge and gain a deeper understanding of ethical standards.

Secondly, firms need to drive ethical behaviour from the top down. In the same EY Global Integrity Report, an astounding 42% of surveyed board members agree that unethical behaviour in senior or high performers is tolerated in their organisation (up from 34% in 2020).

With tools to gain better visibility, automation, and management of regulatory compliance risk across an organisation, however, firms stand to drive more ethical conduct at all levels.

By strengthening company culture through open communication and better management tools, organisations can proactively minimise compliance risk and help all staff make sound judgements about conducting business operations with integrity.

The Consequences of Operating Without the Right Ethical Foundation

A company culture led by ethics and integrity is crucial to protect an organisation and its people (at all levels). The repercussions of failing to meet regulatory compliance obligations are severe, as seen in recent cases across many countries in APAC. Here are some of the examples that highlight the need to build robust ethical foundations that support integrity and workplace compliance.


In its Enforcement Report 2020/2021, the Monetary Authority of Singapore (MAS) recently detailed severe enforcement outcomes that included:

  • 3 individuals sentenced to imprisonment
  • $2.59 million in financial penalties and compositions
  • 157 warnings
  • 20 Prohibition Orders where unfit representatives have been banned from re-entering the financial industry.

MAS Executive Director (Enforcement) Peggy Pao comments, “MAS has continued to take robust enforcement actions against errant firms and individuals so as to safeguard the integrity of our financial sector. We will continue to improve our processes to uphold Singapore’s reputation as a trusted financial centre that takes a tough approach to financial crime and misconduct.”


The Malaysian High Court recently ruled that the Securities Commission Malaysia (SC) had successfully proven its claim in a civil suit against former Deputy Chairman of Patimas Computers Berhad (Patimas), Raymond Yap, for insider trading. As a result, Raymond Yap was ordered to pay the SC a civil penalty of RM1 million and barred from being a director of any publicly-listed company for five years, commencing 7 April 2022. Additionally, the Patimas organisation was consequently delisted from Bursa Malaysia on 21 March 2014.

The Patimas case is just one stark reminder of the harsh penalties now being enforced. See my article, Regulatory Compliance Rising Rapidly in Malaysia (New Guidance), for more detail about the changes, updates, and guidance in the country.

Hong Kong

In 2021, the Securities & Futures Commission of Hong Kong (SFC) focused on pursuing “high impact” cases, particularly those involving fraud, whether corporate fraud by those within a listed company or fraud by others against individual investors. For the 2021/2022 annualised period based on Q3 reporting, the SFC completed:

  • 121 investigations resulting in 37 criminal charges being laid
  • 5 individuals and corporations charged in criminal proceedings
  • 47 notices of proposed disciplinary action issued
  • 173 Individuals or corporations made subject to ongoing civil proceedings

Additionally, in the 2021 calendar year, 46 individuals and 20 companies were fined a total of HK$72,165,000, averaging a massive HK$1,093,409 per fine.


The Indian financial services sector has seen unprecedented growth in recent years. The RBI (Reserve Bank of India) has, in turn, worked to tighten penal actions against regulated entities.

In December 2021, the RBI imposed a fine of Rs. 1 crore (10 million) on two payment system operators for disregarding net-worth requirements. In August 2021, RBI penalised five payment system operators for non-compliance with RBI guidelines like KYC (Know Your Customer) norms. In And in June 2022, the RBI imposed a penalty of Rs 27.5 lakh on Punjab & Sind Bank for non-compliance with specific directions issued by it on ‘external benchmark-based lending’.

Additionally, the RBI has taken one-of-a-kind punitive actions. Like banning HDFC bank’s new digital offerings due to tech outages and barring MasterCard, American Express and Diners Club from onboarding new customers as they failed to comply with data localisation norms.


As a result of Australia’s largest insider trading heist, The Australian Securities and Investments Commission (ASIC) worked with the Australian Federal Police (AFP) to arrest former NAB banker Lukas Kamay and former Australian Bureau of Statistics (ABS) analyst Christopher Hill.

Kamay and Hill used unpublished ABS data to predict movements in currency markets. Kamay turned AUD $10,000 of seed money into $7.8 million in just nine months. The trading activity sparked the largest joint investigations undertaken by the AFP and the corporate regulator, resulting in the pair being imprisoned. 

Current Challenges to Enacting Regulatory Compliance

MCO-Reducing-Regulatory-Compliance-Risk-Across-Southeast-Asia-Company-Work-from-HomeWhile a record 97% of respondents in the EY Global Integrity Report 2022 cite that integrity is important within their organisations, 41% say that the COVID-19 pandemic has made it more difficult to act with integrity in business dealings.

The “new norm” of hybrid and remote working arrangements has brought more significant challenges for leaders of financial services firms and other organisations to build and communicate business cultures of ethics and integrity effectively.

Andrew Gordon, EY Global Forensic & Integrity Services Leader, explains, “The COVID-19 pandemic has had a serious impact on integrity standards for companies around the world. The change to ways of working throughout the COVID-19 pandemic has created a heightened risk of fraud and unethical behaviour. Hybrid working makes it difficult to undertake effective compliance monitoring, and fraud risk factors typically increase at a time of crisis because companies and individuals face more financial pressures.”

Cross-Border Compliance Complexities

MCO-Reducing-Regulatory-Compliance-Risk-Across-Southeast-Asia-Company-Cross-BorderGlobalisation of the financial services sector over many decades has created a colossal depth of cross-border activity. Firms already have to contend with the complexities of laws and regulations within their head office home country. And with more organisations now serving a global client base, the need to actively manage regulatory compliance with a cross-border framework is critical.

Cross-border business operations happen in an environment of expanded corporate liability and a trend toward imposing greater demands on corporate compliance and self-governance. Unfortunately, traditional methods of managing compliance are no longer proving to be effective in a global setting. 

MCO CEO Brian Fahey comments, “Financial services firms are dealing with changing regulations and increasing supervision across the globe. Compliance needs to easily understand the impact of regulatory developments to implement the right controls and prove assurance.”

Especially in complex jurisdictions, regulatory changes can happen frequently and be announced with little time before their enforcement dates. Often, organisations simply don’t have time to familiarise themselves with changes and make adjustments to prevent non-compliance.

RegTech (Regulatory Technology), however, is driving a positive disruption to the regulatory landscape. It delivers advanced solutions that meet the global demands of compliance within the financial services industry. RegTech solutions like MCO’s Regulatory Change Manager bring regulation news and horizon scanning tools to help firms understand changes to regulations across the globe. These tools are a game-changer for organisations, especially with compliance resources in a local head office, to stay informed of changes without bearing intensive manual workloads. Regulation and compliance across internationally-distributed workplaces have become a reality for those adopting the technology that’s now available.

RegTech that Empowers Regulatory Compliance

MCO-Reducing-Regulatory-Compliance-Risk-Across-Southeast-Asia-Company-DashboardAs the Asian market continues to grow and diversify, so do the needs of financial services firms across APAC. A company culture that leads with open communication and the ability for staff to raise potential issues offers a solid foundation to drive ethics, integrity, and compliance. And while in an ideal world, this would be sufficient to mitigate risk, RegTech makes monitoring, alerting, and acting on potential risk a manageable task for any organisation.

MCO’s Know Your Employee (KYE) module engages employees with a simple, intuitive interface to fulfil their compliance obligations more efficiently. In addition, KYE enables firms to manage code of conduct activities and mitigate misconduct risk across multiple business areas within one fully integrated SaaS solution.

MCO’s suite of compliance solutions also brings powerful dashboards to monitor and manage staff compliance. As one MCO client explains, "The cumulative nature of MCO's reporting and visibility is also incredibly helpful. We can see a profile of employees that includes all conduct, case, and gift-related data over time. Seeing this all on the one employee dashboard gives us a birds-eye view of overall activity."

There are more people buying and selling securities right now than ever before. It's therefore crucial that employees can easily understand the correct securities in which to invest. MCO’s personal trading module also adds security master dataset functionality that lets employees select their available securities from a simple drop-down list. In-built rules cross-check against potential conflicts of interest and automate any exception alerts. Without this kind of RegTech solution, firms would need full-time, resourced teams to monitor and manage this activity in real-time.

Importantly, RegTech helps financial services firms deal with a rapid pace of change by streamlining the management of global regulatory compliance developments and updates. MCO’s The Know Your Risk (KYR) module enables firms to set regulatory priorities, identify policy and procedure gaps, and deliver proof of adherence with metrics and documentation. The Regulatory Change Manager (RCM) adds a regulation news and horizon scanning tool that makes it incredibly efficient to understand what regulators are communicating and how that might apply to specific business operations.

When considering the RegTech solutions now available, it’s easy to appreciate the trend of firms moving from manual and in-house developed compliance solutions to vendor-led technologies. Integrated, pre-built SaaS solutions like MCO enable organisations to monitor, identify and remedy conduct risk across staff, customers, vendors and third parties.

With additional automation of a broad range of conduct risk issues, financial services firms using solutions like MCO are spending less time and resources on driving compliant workplaces and more time capitalising on the enormous growth opportunities across Southeast Asia.

Enacting regulatory compliance (in its many forms) is vital for enterprise risk management.

Download your detailed 15-page eBook with the insights about:

  • Understanding the many forms of compliance risk
  • Driving more than “tick-box compliance”
  • Dealing with cross-border compliance complexities
  • Empowering company-wide compliance through RegTech solutions

Compliance Risk Management Priorities Across Southeast Asia


Alternatively, request your no-obligation demonstration of MCO.

Discover how we can help you automate your compliance management, stay ahead of evolving regulations, and gain complete confidence in your risk reduction strategy.

New call-to-action