Thrilled to be one of ALB’s Fast 30 - Asia’s Fastest Growing Law Firms 2021.
Many thanks to our clients and ardent supporters, and of course, Asian Legal Business.
Companies transferring data across borders need to navigate the diverse approaches to data in ASEAN’s various jurisdictions. The ASEAN Data Management Framework (“ASEAN DMF”) provides step-by-step guidance to companies regarding data governance structures and safeguards, and the Model Contractual Clauses for Cross Border Data Flows (“ASEAN MCCs”) offer template terms to govern the rights and obligations of parties transferring data across borders.
The ASEAN DMF provides a step-by-step guide, including for data governance structures and safeguards. For example, an ecommerce business can develop clear guidelines to manage the data that it possesses or receives as part of its operations. Names, telephone numbers and addresses as well as invoice amounts and delivery times should be categorised into personal data, business data or other categories as management deems appropriate. Thereafter, management should assess the risk and impact of any breach, and assign appropriate safeguards such as data backups, password protection and/or access control, depending on the sensitivity of the data. Safeguards should strike a balance between achieving a suitable level of protection, and over-protection which may hinder use for business purposes.
The ASEAN MCCs, which were approved in January 2021 by the Association of Southeast Asian Nations Digital Ministers’ Meeting (“ADGMIN”), are template terms for businesses transferring personal data across borders.
There are two types of MCCs: ‘Controller-to-Processor’ (“C2P MCC”) and ‘Controller-to-Controller’ (“C2C MCC”).
A C2P MCC is used when a “Data Importer” (a party receiving data from a party in another jurisdiction) is contracted solely to process data, or to provide a related service using the data. Under the C2P MCC, the “Data Importer” is obliged to, inter alia, (i) process data solely in accordance with the “Data Exporter’s” instructions and for specific purposes (ii) limit further disclose or transfer data to third parties; and (iii) if disclosure to third parties is required, obtain the consent of the “Data Exporter”.
A C2C MCC is used when a “Data Importer” will process the transferred data for its own purposes and will assume authority, control and responsibility for the imported data. Under the C2C MCC, the “Data Importer” and “Data Exporter” must determine the potential risk of data breaches, undertake to implement suitable security measures, and administer controls and security safeguards relating to the storage and processing of transferred data.
Singapore’s Personal Data Protection Commission (“PDPC”) has provided additional guidance regarding the use and modification of MCCs. For example, as Singapore’s Personal Data Protection Act (“PDPA”) covers data regarding both living and deceased persons, the PDPC recommends that the definition of “data subject” in an MCC include deceased persons.
Nicholas Lee contributed this update.
The Singapore COVID19 (Temporary Measures) Act 2020 has been passed on 7 April 2020. The law will address issues from the coronavirus outbreak:
1. For obligations to be performed after 1 Feb, under contracts signed before 25 Mar (effective for 1 year):
A party (Party A) who cannot perform a qualifying contract due to Covid19 can issue a relief notification to its counterparty (Party B). Party B will be prohibited from court or insolvency proceedings, enforcing security, terminating contracts, etc. Disputes will be finally decided by govt-appointed assessors.
Qualifying contracts: non-residential leases, construction & supply, events, tourism, secured SME loans & certain hirepurchase agreements. Businesses must have revenue <S$100M & be at least 30% owned by Singapore citizens/ PRs.
2. New insolvency rules (effective for 1 year) - higher thresholds, longer time periods for statutory demands, & relief from personal liability for directors in certain circumstances.
3. Meetings (eg AGMs) may be convened by videoconferencing notwithstanding laws and constitutions.
4. Court proceedings may involve remote communication tech.
5. Property tax refunds/relief must be passed on to tenants.
As stock markets around the world tumble, many issuers are looking at the silver lining – a golden opportunity to undertake share buybacks, which offer multiple benefits, including: presenting the market a confident outlook as the company takes the lead on signalling “buy”, bulking up the company’s treasury shares reserve for quick capitalisation on future upturns, and improved EPS numbers.
Issuers interested in share buybacks must have a mandate from shareholders.
Some tips to stay on SGX’s right side when executing share buybacks:
1. Maximum number of shares that can be repurchased: 10% of issued shares as at date buyback approval was obtained (often the share capital as at the last AGM)
2. Do not pay more than 105% of average closing market price over the last 5 consecutive active trading days for on-market purchases
3. Do not undertake share buybacks when there is unannounced material information – the issuer itself may get in hot water for insider trading
4. Best practice, according to SGX, is not to undertake share buybacks 2 weeks before quarterly financials are released & 4 weeks before full year financials are released
5. Be aware that certain methods of repurchasing shares have been flagged by SGX as problematic and may be viewed as misconduct, including:
a. Purchasing a few shares near or at market close, resulting in the impression that the share price is on a rising trend
b. Purchasing shares despite increasingly higher prices, which may be viewed as being meant to influence closing prices
c. Purchasing “excessively” e.g. share buybacks constituting more than 30% of the daily on-market traded volume, which may be viewed as artificial inflation of trading volume and price
Dividend announcements
An issuer must not announce dividends for 1Q or 3Q without the quarterly financial statements unless:
the issuer has a committed dividend policy to announce dividends on a quarterly basis which has been communicated to shareholders;
the issuer confirms for a 1Q or 3Q dividend that it has sufficient financial resources to fulfill its liabilities as and when they fall due, after paying the dividend; and
an issuer which is a corporation confirms for a 1Q or 3Q dividend that it complies with Section 403 of the Companies Act (i.e. dividends may only be paid out of profits) or equivalent requirements in its place of incorporation.
Blackout periods for bonus issues, rights issues, records date (fka books closure date) & capital returns
Two categories of issuers & blackout periods:
Issuers announcing financials on half year and full year bases – blackout periods start from end of half year/ full year until financial statements announced
Issuers announcing financials on quarterly basis – blackout periods start from end of each quarter until financial statements announced
Reference materials:
SGX Practice Note 7.7 (Announcement of dividends and other corporation actions)
SGX Catalist Practice Note 7G (Announcement of dividends and other corporate actions)