In a region as vast as Asia, security risks can vary widely from region to region, and even within a particular country. But experts indicate that the most common threats include theft of intellectual property and counterfeiting (particularly in China); extortion and corruption in many countries throughout Asia; and terrorism risks in Indonesia and in South Asia (particularly India, Pakistan, and the Kashmir region).
IP theft. When a local senior market researcher of a European multinational company operating in China quit in 2004 for “health reasons,” it was the company that felt the pain. That’s because the researcher had absconded with the company’s valuable proprietary information, which he then took to a competitor.
That unfortunate episode, related in a report by iJET, is alarmingly common, experts say. “It is no exaggeration to say that China is the world’s leader in terms of IP loss, counterfeiting, and economic espionage,” says Shanghai, China-based Dane Chamorro, deputy country manager with Control Risk.
As this case illustrates, the theft of proprietary information is a major concern for multinational companies doing business in Asia. A survey by global management consulting and technology services company Accenture of executives in the chemicals industry revealed that 59 percent of North American executives in this sector said that intellectual property theft was their biggest challenge with regard to investing in China.
Some companies are beginning to take the threat seriously. But many companies are simply going in blind. “[A]ll too frequently we see companies rushing into China without taking proper precautions to safeguard their proprietary knowledge,” says Chamorro.
Some of the precautions that they should be taking, such as the vetting of partners and workers and the operation of a hotline, have already been noted.
Other measures that can be taken to reduce the risk of IP theft include the implementation of information-classification systems, access and destruction protocols, and employment contracts that include separate information-protection clauses (such as noncompete and nondisclosure agreements), according to Chamorro.
Other crimes. Apart from IP theft, in many parts of Asia there exists the general threat of crime. Some are crimes of opportunity. Brown notes, for example, that Japanese businessmen working in other Asian countries are often targeted as “walking ATMs,” because they tend to carry lots of cash with them.
Thailand faces some serious crime issues, says Muller. “Last year crime in Bangkok increased by 12 percent” according to local police officials, he says. “Drugs are still a problem, and workplace violence has increased,” he adds.
Organized crime. Organized crime is a serious threat in the region and one that is not easy for companies to defend against, says Daniel T. Hsu, CPP, who works in Taiwan with American Express International as a manager of security services for the North East Asia region. Threats from organized gangs can take the form of robberies that target the transportation sector, he says.
Chamorro says that organized crime in China is usually very localized except in the southern province of Guangdong, “where the influence of Hong Kong’s triads and Taiwanese criminal gangs is not uncommon.”
These criminal groups typically focus on local citizens but can nevertheless present a threat to Western businesses. “In other areas of China, we note that the last several years have seen the emergence of new threats to affluent Chinese, including kidnap for ransom, extortion, contract killings,” and so on, Chamorro says, driven by the large gap between rich and poor.
“This is often overlooked by foreign companies because China is considered a relatively safe place,” Chamorro explains. While that’s true for foreigners, companies must be mindful that their senior managers “could easily become targets of such violence,” he says.
Extortion. Extortion is a major problem throughout the Asian continent. For example, gangsters sometimes “boycott for ransom,” says Hsu. In that scenario, they disrupt construction projects using fraudulent excuses until money is paid. This practice is common in China, as well as Taiwan, he notes.
Extortion can take some other novel forms. For example, when I worked in Japan, organized crime members (known as sôkaiya) would buy shares of stock in a company so that they would have the right to attend shareholder meetings, which these criminals would then threaten to disrupt if not paid to stay away or keep quiet.
Knowing that any sort of public humiliation would hurt the bottom line, some companies did pay gangsters not to attend. The company I worked for ordered its employees to come early and fill seats as a way of preventing the criminals from getting a foothold.
Corruption. Brown says that companies should talk to local authorities before investing and hash out “how is it that we’re going to cooperate, as I bring in this large investment that will employ X amount of your unemployed work force, to protect interests of intellectual property involved as well as other general security-writ-large kind of threats.”
Waiting until a problem, such as the illegal counterfeiting of your product, arises and then talking to the local official “is going to put you in the waiting room,” Brown says.
In China, Brown explains, local authorities are concerned with stability issues that could exacerbate unemployment and reduce the revenue that the official needs to send to Beijing—not with your company’s profit margin. “A lot of counterfeiters pay taxes, so for him to shut down a counterfeit operation is going to cause him to lose some tax revenue as well as make his unemployment problem worse,” he explains.
That’s just one example of how the local officials may lack the motivation to enforce rules or may have reason to look the other way. Selle says that in parts of China, for example, corruption is simply an expected and longstanding part of the business process, and Western companies for whom bribery is illegal need to realize that they’re simply not going to be able to advance their interests as quickly as they’d like.
Apart from corruption, businesses that need to operate in some of the world’s riskier locations face unique situations, and they may have to make tough choices about how much to tolerate. For example, iJET’s Bhattacharjee says that one of her company’s clients has a factory in Nepal, where Maoist rebels rule much of the countryside. The rebels “come in and for a day they’ll take workers and carry out indoctrination training, and they’ll send them back again the next day,” she says. The company could refuse to let its workers go, but could then face retribution. In this case, the company lets the workers go, having decided that it’s not worth fighting the practice.
Recently, I drove a friend visiting from Japan past the Pentagon and pointed out the location where, on 9-11, the hijacked plane had crashed into the building. My Japanese friend thought for a moment and then said, “Oh yes, I remember reading about that in the newspaper.”
It was a stark reminder that while the tragic events of that day changed the perception and status of security in the United States, other countries did not necessarily identify with the threat.
“I don’t feel that there was much of a perceptible change after 9-11 except that in Hong Kong a number of financial firms—especially American ones—took a second look at their security and business continuity procedures,” notes Chamorro. “My personal view is that this was because the event seemed very remote and tied to what many believed to be America-specific issues vis-à-vis the Muslim world,” he says.
Bali bombing. But that all changed a year later. On October 12, 2002, a car bomb exploded in a popular tourist quarter in Bali, killing more than 200 people.
“Bali…had more of an impact since it was closer to home, in a spot where regional expatriates often holiday or own homes,” Chamorro says.
Another 13 people were killed by a car bomb that went off outside the lobby of Jakarta’s J. W. Marriott Hotel on August 5, 2003. Both of these bombings were carried out by the international Islamic-militant group Jemaah Islamiya (JI).
The dates of these bombings are significant, says Brown. “They’ve had four bombings there on the anniversary, give or take a month, from 9-11,” he says. In fact, seven of the 17 attacks in Indonesia mentioned previously occurred in August, September, or October.
“They’ll have another one [this] year; it’s going to happen,” predicts Brown. It’s the one place in Asia where I have real concerns about terrorism.”
That message is not lost on multinationals who have facilities there. “Companies in Indonesia have truly got religion on that,” Brown says.
“Before these regional incidents, as in the U.S. before 9-11, physical security measures in Asian countries other than Indonesia were historically aimed at loss prevention and were, therefore, focused internally,” says Craig Foster, Singapore-based senior vice president of asset protection and enterprise security with Hill & Associates Risk Consulting. After the Bali bombing, many organizations changed their focus to becoming harder targets, he says.
Muller concurs, noting that before the Bali bombing, “I can state that American companies in Thailand took very little interest in security. For years most of the American major corporations left security decisions to local management, human resources, or, worse yet, financial controllers” who had no security expertise. Now security is taken more seriously throughout the organization.
Since the Bali bombing, security experts have seen other changes in security management practices. Hsu says that in his region, he’s seeing more attention toward crisis management and response, in particular around bomb-threat countermeasures that were once considered only for extreme situations.
Collateral damage. Brown says that apart from those large attacks in Indonesia, disaffected local Muslims in Thailand or the Philippines have engaged in acts of violence aimed against local governments, rather than Western businesses. However, even if violent acts aren’t targeting foreigners, there is still a risk to employees. “If you’re in the wrong place at the wrong time, you can get into a collateral-damage situation,” Brown says.
Andrew A. Choong, head of security at Shell Refining in Port Dickson, Malaysia, says that after the Bali bombing, he reviewed existing security practices “to reflect the new threats of terrorism which were until then thought to be targeted towards Western targets in locations outside Southeast Asia.”
Esmeralda says that local security professionals must keep a close eye on how their countries deal with terrorist groups for clues on whether violence will occur; for example, how Malaysian, Indonesian, and the Philippine governments deal with Jemaah Islamiya threats or how the Philippine government handles ongoing peace talks with the Muslim and Communist rebels could indicate whether attacks are forthcoming. “Terror can be used as leverage at the negotiation stage,” he says, so that’s when security managers need to be on the alert.
South Asia. Countries in the South Asian region have a high risk of terrorism. Indeed, says Pakistan’s Anwar Khan, “Terrorism from across the border in Afghanistan and from within is the most pressing concern in Pakistan.”
Many of the attacks around the region don’t get much fanfare overseas, unless they are large attacks tied to a Western target. But international terror tactics are being adopted by local groups, which could endanger more businesses operating in the region.
For example, Bhattacharjee explains that many foreign textile companies have operations in Bangladesh, which has “a history of civil unrest.” She says that domestic groups fighting the government are beginning to emulate more sophisticated terrorist organizations such as al Qaeda and the Jagrata Muslim Janata Bangladesh, which has carried out bomb attacks against “anti-Muslim” targets such as movie theaters.
They learned their lessons well. On August 17, 2005, a local terrorist group detonated a series of small bombs—the National Memorial Institute for the Prevention of Terrorism estimates that there may have been as many as 350 separate explosions across Bangladesh. The attacks injured 115 people and resulted in one death. The most frightening thing about the incident, Bhattacharjee says, is that many of the bombs exploded simultaneously. That indicates a sophisticated and highly organized attack.
Despite the increased importance of sharing information on threats, experts in the region say they’ve seen only a slightly greater willingness of businesses to share such information with each other.
To the extent that sharing does take place, it seems to happen “more between foreign multinationals in these countries and not so much between Asian-held companies,” Bhattacharjee explains. “The overall impression is that Asian companies remain wary of sharing to the extent seen in the U.S.”
“There is still a great deal of reticence to sharing information,” agrees Ng. “Although some notable examples exist in the multinational corporations, banking, and hospitality sectors, these are limited and the public-private sector information exchange is minimal.”
Chamorro says that formalized sharing of information happens primarily through the Overseas Security Advisory Council (OSAC), a cooperative effort between American business interests at home and abroad and the Department of State. Its Country Councils provide a way for American businesses overseas to communicate with the local U.S. embassy. “Between businesses this tends to occur through personal relationships between security managers,” he says.
Muller says that he’s seen some progress. For example, he cites greater attendance at local American Chamber of Commerce meetings about security. He notes that American embassy Regional Security Offices (RSOs) in Thailand, Cambodia, and Laos “are reporting more corporate business and citizen registrations, and getting asked more questions about security issues.” He adds that the major international schools have organized security networking meetings where each quarter they share information with RSOs as well.
Esmeralda notes that the local ASIS chapter works with the Federation of Industrial Security Organizations of the Philippines (FISOP), which he calls “the mother of all security and safety organizations in the country.” In addition, security professionals in the hospitality industry across Asia are more amenable to sharing information informally because this line of business “is quickly affected by any negative security issues.”
“In some countries like Singapore, there are briefings by police from time to time” on issues of concern to the business community, says Moorthy. “Nonsensitive information on lessons learned from incidents such as the Bali bombing is disseminated to relevant businesses” as well.
In my travels through Asia, I found that it’s not uncommon for people to assume that Western countries are exactly as they are portrayed in television shows and movies. Likewise, many Westerners have a mistaken image of Asia based on what they’ve seen in movies.
Companies, of course, cannot afford to go on assumptions or stereotypes. There are real rewards to doing business in Asia, but these can only be reaped with a proper understanding of the culture and then a careful countering of the risks. Security professionals who take the time do their homework will be making an important contribution to their companies’ efforts in the region.