July 14, 2017

Head of Regulatory Practice Nizam Ismail shares his views on the strong signals sent out by MAS on anti-money laundering controls in an interview with Channel NewsAsia

RHTLaw Taylor Wessing Head of Regulatory Practice Nizam Ismail was interviewed by Channel NewsAsia on the strong signals sent out by the Monetary Authority of Singapore (MAS) to enforce anti-money laundering (AML) controls in Singapore. The interview was featured on Channel NewsAsia’s Singapore Tonight segment on 12 July 2017. This interview makes relation to the additional jail time sentence to former BSI banker, Yeo Jia Wei, by the Singapore courts after MAS wrapped up a two-year investigation linked to the Malaysian state fund 1MDB. Nizam pointed out that MAS’ AML controls and intensified supervision of financial institutions sends “a very chilling effect on the Management and Board of Directors of banks”. He noted that these signals are important for banks to assess the extent to which they understand AML and terrorist financing risk, and what they are putting in place to protect their institutions. He added, “this is also a reality for Singapore being an international hub for private banking and wealth management. The fact is that we are located in a region where there is a risk for corruption, and when there is a risk for corruption, there is always a risk for money laundering.”
July 13, 2017

RHTLaw Taylor Wessing contributes an article to Singapore infocomm Technology Federation on digital transformation disrupting the legal sector

RHTLaw Taylor Wessing submitted a response to Singapore infocomm Technology Federation (SiTF) on “Digital Transformation”. The article was first published on Singapore infocomm Technology Federation’s (SiTF) website on 8 June 2017. Digital Transformation Source: Singapore infocomm Technology Federation (SiTF) ©  Date: 8 June 2017 Digital transformation is a process that involves the accelerated evolution of our business model that leverages on digital technology. In today’s world, digital transformation helps us remain relevant, competitive and profitable. In our context, digital transformation is a strategy that will cover four main areas of our business: (a) enhanced engagement within the client ecosystem (b) stream-lining the internal processes (c) innovation (d) scalability 1.  Can you describe RHTLaw Taylor Wessing LLP and how is the firm embracing digital transformation? Legal services are a segment of the professional services sector and it is primed for major disruption.  Advances in technology have made the client or customer a central feature in business. The clutter is no more as clients can now engage and interact directly with businesses and services.  Company incorporation and government services are now available online. Transparency and efficiency is a given and the layering of the various touchpoints has become a matter of history.  The legal services sector faces considerable challenges.  The pressure on fees, the commoditisation of work product and external disruption by law and non-law service providers are some of the growing challenges law firms face in the region. Legal practitioners must adapt to the changing circumstances and embrace technology to bring about disruption to their own practice.  It is no longer true that “if it isn’t broken, don’t fix it”.  Self-disruption is the only way to ensure a law firm’s continued survival. We have long recognised these challenges and embarked on a long-term strategy to force the evolution of our business models and processes.  Being clued in on new technology is essential for this transformation process.  Digital transformation is enabled by new technology.  However, technology isn’t the endgame.  People are. Client insight is an interesting aspect of this transformation process.  Cutting edge technology that will benefit clients counts for nothing if our people are not motivated to change the way we work.   On the other hand, rolling out a fantastic online client engagement tool will fail if we do not understand client behaviour, preferences and needs.  There are reasons why some apps succeed and why some fail miserably. The analysis of data must precede the change.  We cannot undertake the transformation process without an analysis of client behaviour, preferences and needs.  2.  Could you describe your strategy for digital transformation Our strategy for digital transformation encompasses four pillars of execution: enhancing the client experience internal processes continual innovation scalability Enhancing the Client Experience: Client insight is an interesting aspect of this transformation process.  Cutting edge technology that will benefit clients counts for nothing if our people are not motivated to change the way we work.   On the other hand, rolling out a fantastic online client engagement tool will fail if we do not understand client behaviour, preferences and needs.  There are reasons why some apps succeed and why some fail miserably.  What we think should be the client experience can be very different from what the client is inclined to prefer.  The analysis of data must precede this. We cannot undertake the transformation process without an analysis of client behaviour, preferences and needs.  Internal Processes: The internal process is invisible to the client.  For every shift in the client experience transformation, the internal processes will experience change.  Automating processes from submission of expense claims to document generation are the in thing today.  They make processes more efficient and seamless.  Filing systems and document management systems are also made flat to facilitate collaboration across departments.  Changes must be based on the analysis of real data and strategic decisions are made more quickly and in greater detail as a result.  Invariably, the redesign of the operational processes will impact our ability to provide our clients with not only good service but also a great experience. Continual Innovation and Scalability: In today’s world, it is not enough to undertake this exercise on a piecemeal or one-off basis.  There will have to be a cultural revolution to change mindsets.  Innovation must be a continual process with owners constantly thinking of the next best thing.  The business model of the firm will have to evolve; with new service offerings being constantly rolled out using new technology.  New technology must also be scalable in order to have economies of scale.  In the end, there must be the ability to do more with less.  It is key to understand that this is about efficiency, not productivity.  Productivity is about doing more with the same. Recent changes in the legal landscape show that the Singapore government is keen to see law firms evolve to change with the times. This is a move in the right direction. In fact, the legal industry is not the only sector set to embark on a digital transformation; other industries including transport, transportation, hospitality and education are affected as well, from the likes of Uber, Deliveroo, Airbnb and Coursera. 3.  How far ahead is RHTLaw Taylor Wessing LLP in implementing these changes? We’re collecting data.  A customer relationship management system is being put into place to collect client and prospect information into a common database.  Together with our practice management system, we will be able to analyse client trends and behaviours.  We are streamlining our internal processes: from the management of human resources, to expense claims and financial management, to digitising the entire workflow.: We already have in place a document management system and have begun studying our options for document assembly.  We are closely watching the artificial intelligence space for the latest developments. Replacing paper and manual processes with apps and software is the easier part.  It is more challenging dealing with the client ecosystem and understanding how clients want to be engaged.  There is unlikely to be a one-size-fits-all situation.  More sophisticated clients will want a bespoke client experience. To do this, we need to personalise the enhanced client experience to allow us this flexibility.  This aspect of the transformation is still underway. 4. What has been the  impact of Digital Transformation on your organisation? The jury is still out there but we are confident that the strategy that we have developed is the correct one for us.  We hope that the completion of the digital transformation will lead to increased efficiency and will give us a competitive edge in the crowded marketplace.  An enhanced client experience is a unique differentiator in the digital business world.  This transformation will continue over time as technology evolves. Contributed by Arcis Communications (SiTF PR Agency) Courtesy of RHTLaw Taylor Wessing LLP  Published date: 8 Jun 2017
July 11, 2017

Intellectual Property & Technology Partner Jack Ow shares with TODAY how imposing licensing on cyber security service providers can improve assurance on safety

RHTLaw Taylor Wessing’s Intellectual Property & Technology Partner, Jack Ow, was quoted in a TODAY article titled “Laws proposed to boost Singapore defences against cyber attacks”. The article was first published in The Business Times on 11 July 2017. Laws proposed to boost Singapore defences against cyber attacks Source: TODAY © Mediacorp Press Ltd. Date: 11 July 2017 Author: Tan Weizhen SINGAPORE — To beef up the country’s defences against increasingly sophisticated cyber attacks, new laws have been proposed that, among other things, require owners of critical information infrastructure (CII) in 11 key sectors to report any cyber security incidents, and to share information with the authorities when ordered. These sectors provide essential services and comprise government, security and emergency, healthcare, telecommunications, banking and finance, energy, water, media, land transport, air transport and maritime. The draft Cybersecurity Bill also proposes to license cyber security service providers and practitioners, starting with those providing penetration testing and managed security operations centre services. Public consultation for the proposed laws began on Monday, and closes on Aug 3. The Bill may supersede existing secrecy laws in the various sectors, and establishes a framework to manage cyber security in Singapore. It also gives the Cyber Security Agency (CSA) powers to carry out its functions. Under the proposed Bill, public and private-sector owners of CII — defined as computer systems necessary for the continuous delivery of essential services — will have certain statutory duties, such as reporting cyber attacks to the Commissioner of Cybersecurity, and carrying out audits, risk assessments as well as participating in cyber security exercises. The list of CII will be constantly evaluated, and additions will be made when necessary by the CSA. While the CII owners will not be directly penalised for cyber security breaches, they are liable for criminal offences “in cases where they fail to perform their duties wilfully, or fail to comply with the commissioner’s directions without reasonable excuse”, based on the public consultation paper. In such cases, they could be fined up to S$100,000, and jailed for a maximum of two years if convicted. CSA chief executive officer David Koh said that the draft Bill is different from existing legislation — such as the Computer Misuse Act — in terms of having an expanded scope, officially designating CII, and spelling out clearly the duties of CII owners, for instance. “The (draft) Bill also aims to raise our overall cyber security posture, by licensing certain cyber security service providers,” he said. A framework will be established for the sharing of cyber security information with CSA officers. This will be for the purpose of preventing, detecting or investigating any cyber security threat or incident. If necessary, any relevant organisations that are outside the 11 key sectors may be compelled to share information with the CSA. The licensing regime was proposed in light of the “need for more credible services, as cyber security risks become more mainstream”, said the CSA. Nevertheless, in-house providers will be exempted. Two types of licences are proposed for investigative and non-investigative cyber security services. To meet licensing requirements, service providers must have key executive officers, who are fit and proper persons, comply with a code of ethics and retain service records for five years, among others. Under the new laws, unlicensed cyber service providers, for example, could be fined as much as S$50,000, or jailed for a maximum of two years, or both. Cyber security experts and lawyers TODAY spoke to welcomed the draft Bill, which “elevates” cyber security in sectors providing essential services “from what was previously a decision left to the business owner’s discretion”, as Mr Steve Lam, a partner at Ernst & Young Advisory, put it. Mr Vincent Loy, Cyber and Financial Crime leader at PWC, noted that it specifically places responsibility on individuals, rather than organisations. Under the draft Bill, senior management could be held liable for specific offences. “Now someone is personally liable, and he can go to jail or has to pay a fine. This creates more impact, and highlights the importance of complying with the rules,” Mr Loy said. Lawyer Bryan Tan of Pinsent Masons added: “In future, people do really need to pay attention, as the laws would have more bite than ever before.” He noted that with the licensing of penetration testing, a line would be drawn between white-hat and blackhat hackers, and this would encourage legitimate hackers to get licensed. The licensing regime would “improve assurance on security and safety”, as well as raise quality of cyber security services, said Mr Jack Ow, Intellectual Property & Technology partner at RHTLaw Taylor Wessing. KEY THRUSTS OF THE PROPOSED CYBERSECURITY BILL A total of 11 sectors will have to comply with the proposed Bill. Apart from the government, others include security and emergency, healthcare, telecommunications, banking and finance, water and media sectors. Critical information infrastructure (CII) owners in these sectors will have to report cyber attacks, carry out audits and risk assessments, as well as take part in cyber security exercises, among other statutory duties. CII owners are liable if they wilfully fail to comply with any of their duties. Organisations will be compelled to share cyber security information with Cyber Security Agency of Singapore officers, in order to investigate any cyber security threat or attack. Cyber security service providers and practitioners will be licensed, starting with those providing penetration testing and managed security operations centre services.
July 11, 2017

Intellectual Property & Technology Partner Jack Ow comments in The Business Times on the recent unveiling of Singapore’s draft Cybersecurity Bill

RHTLaw Taylor Wessing’s Intellectual Property & Technology Partner, Jack Ow, was quoted in The Business Times article titled “Cybersecurity Bill seeks to protect critical information infrastructure”.  The article was first published in The Business Times on 11 July 2017. Cybersecurity Bill seeks to protect critical information infrastructure Source: The Business Times © Singapore Press Holdings Ltd. Date: 11 July 2017 Author: Amit Roy Choudhury AS cyberattacks get more sophisticated and widespread, Singapore on Monday unveiled a comprehensive draft Cybersecurity Bill which seeks to protect Singapore's critical information infrastructure (CII), give more powers to the Cyber Security Agency (CSA), ensure proper information sharing during attacks, and introduce a licencing provision to regulate and ensure quality cybersecurity services are available here. The draft bill was released on Monday for public consultations and this process will continue until Aug 3. After changes, if any, it is likely to be tabled in Parliament for first reading by the end of this year. Work on the legislation started in late-2015. Under the bill, owners of CII will have to immediately inform CSA of a breach and share all relevant information. The bill sets out well-defined measures that CII owners need to undertake. These include, among others, providing technical information relating to the CII to CSA, conducting of compliance audits and risk assessments as well as compliance with codes of practice and standards of performance and issued directions (from the regulatory agencies). These measures are expected to be undertaken irrespective of whether there has been a breach or not. For CIIs, wilful non-compliance of duties generally carries a fine of up to S$100,000 and imprisonment of up to two years. These fines are separate from standard fines that are already in place in case of service disruption in CII sectors. The bill will provide CSA with enhanced powers to manage and respond to cybersecurity threats and incidents. In this regard, Section 15A of the current Computer Misuse and Cybersecurity Act (CMCA) provides some existing powers related to cybersecurity. These will be enhanced in the Cybersecurity Bill, and specific powers will be vested in CSA officers to allow them to deal with fast-moving cybersecurity threats and incidents. The bill also seeks to establish a framework for the sharing of cybersecurity information with and by CSA, and the protection of such information. It also seeks to introduce a "lighter-touch" licensing framework for the regulation of selected cybersecurity service providers. For example, licensing the provision of "penetration testing" - where specialists check to see if an IT network has any vulnerabilities by trying to "hack" into the network - and managed security operations centre (SOC) services. The proposed bill will focus on cybersecurity while crimes committed using a computer, such as hacking, will continue to be addressed by the CMCA. The bill is part of Singapore's Cybersecurity Strategy announced by Prime Minister Lee Hsien Loong last year. Singapore's move to table a comprehensive bill mirrors similar efforts being undertaken by several countries around the world which are seeking to enact an omnibus cybersecurity law, such as Germany. CSA chief executive David Koh noted that "currently the legislation or the regulations are disparate". As a result, he added, there are challenges, for example, in the area of information sharing. "This new bill will put everything together and seeks to provide us the capability to facilitate action, both pre-emptive action and reactive action. The focus of the bill is on CII, because these by definition are critical and provide essential services to the country. So it is everyone's interest to protect them," Mr Koh said. The CSA boss added that a need was also felt to facilitate CSA officers so that they would have the ability to respond to threats and facilitate information sharing "because . . . there are other rules which perhaps can be interpreted to prevent information sharing such as privacy rules, banking secrecy rules and others. "The bill is designed to allow information sharing within certain parameters," he added. Mr Koh will hold the position of the Commissioner of Cybersecurity. The Minister-in-charge of Cybersecurity could also appoint a Deputy Commissioner as well as a number of Assistant Commissioners. Talking to The Business Times, Jack Ow, intellectual property & technology partner, RHTLaw Taylor Wessing, noted: "The draft bill is intended to be a broad framework for cybersecurity requirements to be consistently applied across sectors, but yet flexible enough to take into account the unique circumstances of each sector. "In this regard, the requirements in the draft bill, especially the duties on cybersecurity imposed on owners of CII, can be viewed as baseline requirements applicable to all industries, as long as you are considered a 'CII'." Daryl Pereira, head of cybersecurity at KPMG in Singapore, added that the proposed bill, specifically the framework for the protection of CII, "seeks to level the playing field and raise the maturity and preparedness of all sectors in Singapore to a common baseline". "This Cybersecurity Bill will help to form a strong foundation for Singapore to transform itself into a digital economy, powered by innovation and enabled by cybersecurity readiness," Mr Pereira added. Steve Lam, advisory partner, Ernst & Young Advisory, added that the bill served to provide a framework for the protection of Singapore's essential services against cyber-attacks. "If passed in its current state, (the bill) clarifies and sets in law the accountability of the board, senior management and participants in protecting Singapore's national interests across both the public and private sectors."