Though Korea’s fascination with cryptocurrencies continues, it remains to be seen whether the latest proposal will put a damper on cryptocurrency exchanges. Recently, regulators announced policies to rein in the trading of cryptocurrencies over concerns that cryptocurrencies have been ballooning into a bubble. Sale of crypto-currencies in Korea through the exchanges increased by more than 88-fold in 2017.
Because of Korean regulators announcing policies to clamp down on the unregulated use and sale of cryptocurrency, over 20 cryptocurrency exchanges in Korea agreed to self-regulatory measures to create a secure crypto-currency market and comply with regulators’ demands. However, Korea’s cryptocurrency exchanges still face issues as Korea’s banks remain reluctant to issue virtual accounts to many small and medium exchanges once the real-name system was implemented. Korea’s main banks prefer to deal with the top 4 cryptocurrency exchanges instead.
Korea’s cryptocurrency environment still remains cloudy as the Korean government has not decided how to regulate it. Korean regulators, have recently backtracked on the original threat to ban cryptocurrency trading and now support it to a certain extent. However, it remains to be seen what regulations are finally implemented. One of the most active countries in the cryptocurrency space with over 3 Million citizens trading cryptocurrency on a regular basis, Korea suddenly turned an about face recently and announced regulations on the use of crypto currency and also blocked some individuals from trading. As of this writing, non-Korean citizens are not allowed to open cryptocurrency accounts under the real-name system in Korea.
With the boom in Bitcoin and other blockchain-based cryptocurrencies, industries of all sorts are seeking ways they can apply blockchain to automate transactions. As a cryptographic technology that provides for the validation of information without human input or review, blockchain has the potential to revolutionize the practice of law, the concept of contracts, the insurance industry, the banking and finance industry, along with any other industry relying on certification from neutral third parties.
That being said in its current state blockchain presents a wide array of risks and concerns. Here are just a few:
Unlike typical agreements, a blockchain agreement cannot be revoked. Traders using blockchain technology cannot revoke the trade once it is done as well.
Currently blockchain technologies do not address governance issues. Businesses using blockchain will have to decide what governance processes will apply before implementing blockchain transactions. Also, blockchain deployments could result in the equivalent of a contractual arrangement where none was intended.
Blockchains do not recognize jurisdictions. Hence, they could be used to transmit personal data in violation of data privacy laws.
Most jurisdictions have a defined law of contracts requiring numerous elements for contracts to be legally binding. Blockchain technologies disregard some of the elements, making it hard to enforce contracts. For instance, most jurisdictions require that the identity of the contracting parties and legal status of the parties be known prior to execution of the contract. However, simple contracts created by blockchain technologies may be entered into anonymously.
No one knows who the other contracting party is, making it hard to enforce contractual terms and hard to litigate if the contract is broken. It is also hard to determine whether parties to a contract in blockchain have the legal authorization to enter into a contract as well.
Blockchain technologies promise to revolutionize many industries and business practices. However, prior to actual implementation a a wide variety of issues will need to be resolved.
Anyone in an organization can take the lead on risk management, simply by posing the right questions to department heads and top executives before crisis arrives. You don’t have to be the CEO to make sure that your company is ready for one of the inevitable bumps and bruises that every company will eventually go through. The first step in leadership for any team is to look at the long list of stakeholders is to ask the hard questions.
What are these hard questions? To start with, take a long, hard look at all of your stakeholders and consider both what perils could face and what perils they can bring! From there, come up with some concrete questions regarding issues that may come up regarding PR risk, Credit Risk, HR risk. Here are some examples of good questions to ask to prevent crisis:
What are your communication protocols? Who comes up with the initial messaging? What communication channels do you have? Who is responsible for each of them?
When things go pear shaped, time will be of the essence, so you need to have the plan ready before the crisis hits. Don’t be left flat-footed when it does.
Where do you keep your compliance records, including evidence of training? Does your compliance program include relevant training for employees? Who determines the training you give to employees?
Your legal team should be actively supplying you with the relevant laws and regulations for your industry, and you need to keep meticulous records to show that you are in compliance with them. If not, when the regulators come calling you’ll make it easy for them to potentially levy fines. And if you don’t have the proper records, if your company is charged with crimes, such as antitrust violations, your company may not get credit for being in compliance.
Have you conducted an audit of the HR department to determine what risk issues exist? If you offer employee benefit plans, have you audited the employee benefit plans to determine if you are in compliance? What risk management processes are in place to prevent harassment claims?
Disgruntled employees - and former employees - are a fact of life. If you have properly trained your entire team by giving them guidance on acceptable and unacceptable behavior, and recorded your compliance and training records, then you can defend your organization against unfair allegations. If you didn’t then you’ll find yourself paying out in the end.
What processes are in place to protect your client’s data? Are you in compliance with all privacy policies of the countries you do business in? Do you train your employees on protocols to properly protect your data? What IT systems do you have in place to protect your data from hacking?
Target, SK Telecom, Uber, Equifax, even America’s NSA have been hacked. The fact that it has happened to so many organizations means that it can happen to anyone. You need to be actively testing your own systems, protocols and employees to make sure that it doesn’t happen to you.
In an effort to follow through on his populist promises, President Moon Jae-in and his administration have pledged to achieve “economic democratization” by rolling out changes to competition regulations and by strengthening the fair trade regulatory framework. These changes are likely to have a significant impact on compliance requirements and should be monitored closely by corporate leadership and risk management professionals.
The suggested changes include:
1. Strengthened investigatory and enforcement powers granted to the Korea Fair Trade Commission (KFTC), including a stepping criminal enforcement capacity, and a stricter regulation of conglomerates (chaebols) to ensure transparency in their corporate governance structures.
2. Prevention of abuse of superior economic power. They include:
a. Criminal sanctions for obstructing KFTC Investigations. Amendments to the Monopoly Regulation and Fair Trade Act (MRFTA) took effect on July 19 of this year that substantially increased the penalties for spoliation of evidence (i.e. tampering or destruction of evidence) or refusal to submit information/materials in a KFTC investigation.
b. Expansion of punitive damages to competition laws. Punitive treble damages have been newly introduced in amendments to various regulations, such as the recently amended Fair Retail Agency Transactions Act (FRATA) - under which retail agents may recover up to three times the damages incurred due to forced purchase or provision of economic benefit in violation of the FRATA. The amended Product Liability Act (PLA) which becomes effective in April of 2018, also introduces punitive treble damages and lowers the burden of proof for product liability claims.
c. New regulations to address abuse of superior economic power (“Leveling the playing field”). Various new laws and amendments have been introduced in order to prevent abuse of superior power for transactions such as franchising, subcontracting, agency transactions, and online transactions, among others. They will take effect over the course of the next year.
1. Abolishment of the KFTC’s exclusive criminal referral authority.
Currently, the KFTC has the exclusive authority to refer any alleged competition law violations to the Prosecutor’s Office for criminal prosecution. The KFTC has generally reserved referrals for severe violations. The Moon Administration has pledged to abolish this exclusive authority, which would enable the Prosecutor’s Office to initiate its own investigations into competition law violations and allow others to file complaints directly with the Prosecutor’s Office.
2. Class action suits for competition law violations.
The Moon Administration will likely seek to introduce a class action system to redress consumer harm caused by competition law violations. The Moon Administration has also stated that it will establish a fund to support consumers that suffer from anticompetitive conduct.
3. Increased regulation of conglomerates (chaebols).
In addition to its measures to prevent abuse of superior economic power (which will focus largely on the conglomerates), it is likely the Moon Administration will also regulate questionable practices prevalent among Chaebols.
After considering whether to eliminate the KFTC’s exclusive right to refer antitrust cases to the Prosecutor’s Office, the Chairman of the KFTC created a task force to consider potential reforms to the overall enforcement of antitrust laws in Korea. The task force, led by the Deputy Chairman of the KFTC, consists of government officers, professors and private sector professionals, including the leadership of NGOs.
The first meeting of the task force was held on August 29 and will finish its review by January of 2018. The task force will publish a white paper covering the overall review as well as an interim report that will contain a discussion of issues and recommendations that the National Assembly may consider. The task force will consider issues involving civil enforcement, administrative enforcement and criminal enforcement as well.
Equifax, Credit Agencies and Risk (mis-) ManagementRecently, one of the largest credit reporting agencies in the US, Equifax, joined the long list of companies that have been the victim of a major data breach. Equifax is now trying to explain how over 143 million Americans — effectively most of the U.S. adult population — had their personal data compromised.
The company tracks the detailed financial affairs of all Americans in order to gauge their credit worthiness. Along with TransUnion and Experian, they maintain personal data on millions of US citizens, but that once breached, the information can expose nearly every American adult to identity theft.
Under the threat of massive litigation, which may cause its downfall, Equifax is finding out how important it is to protect the personal information of its users and why data privacy has become a growing area of concern around the world. There are five main reasons why data privacy has become a major area of extreme risk requiring the attention of a company’s management. They are:
Managing the risks inherent in data privacy related issues can be quite a task. However, failure to adequately protect customers’ personal data will lead to great reputational harm and risk to a company’s brand.
In determining the risks a company faces, an organization must answer a series of painful questions, including but not limited to the following:
Only once these questions have been answered and the risks associated with personal data has been considered is a company in the position of creating and implementing a risk management process to handle its personal data. But remember - the tough questions must be answered first.
Korea is unique in the world with regards to the extent to which directors on a company board and chief executive officers can be held personally liable for a wide range of corporate liabilities. Considering this situation, if you don’t already have Directors & Officers (D & O) Insurance, then you need to spend some time considering how you could be liable in the event of a catastrophe - man-made or otherwise - and may want to access the risk with a professional.
Obviously, to protect the BOD as well as officers from frivolous lawsuits, including shareholder actions, a company should purchase directors and officers insurance (D&O insurance). Whether to use D&O insurance is a question that must be decided in the context of legal risk management.
Good corporate governance requires the board to be fully informed as to the major risk issues facing the company. D&O insurance may be necessary to protect the BOD as well as executive management from lawsuits stemming from fiduciary responsibilities or lack thereof.
For American companies operating in Korea this is particularly relevant. Corporate governance scandals brought about Sarbanes-Oxley Act (SOX) in the United States in 2002. SOX requires, among other things, that proper internal financial controls be established in publicly traded companies as well as whistleblower provisions and compliance policies.
In fact the U.S. laws and regulations regarding compliance requires that the board of directors (BOD) are not only trained in compliance but also has compliance oversight.
Similar measures have been passed in other jurisdictions as well. The result of SOX and other laws in other jurisdictions was to force upon the BOD the obligation of ensuring that not only proper financial controls are in place and properly maintained but that the Board be apprised of all relevant risk management process as well.
Hence, risk management processes in general must be considered by the board of directors in light of the board’s fiduciary and legal responsibilities. As director’s have a duty of care to the company, they have a duty to protect corporate assets and IP, review risk management plans, including crisis management plans and take all actions that a prudent businessman or businesswoman would take to protect the company.
The fiduciary obligation directors’ have to their respective corporations includes the duty to be fully informed and knowledgeable on major issues of risk. Whether it is compliance issues, currency risk, antitrust, or, geopolitical risk, etc., the BOD must be fully informed to make the appropriate decisions involving the management of the company.
Due to its very nature, the BOD cannot escape its fiduciary obligations with regard to understanding and approving risk management processes.
Considering the potential litigation directors might face in light of geopolitical events, such as the current situation concerning North Korea, it is prudent to consider D&O insurance. What is the status of D&O insurance in your company? Have you examined the legal risks facing your directors and CEO recently?
What happens if things fall apart or the situation dramatically deteriorates? If you haven’t addressed the situation, the wise thing to do would be to sit down with your insurance broker, if you have one, and discuss the pros and cons of such insurance policies.
