As local companies increase their participation in the global economy, so too will the need to comply with the laws and obligations that apply to them and their business partners. The relevant laws and obligations depend on several factors. First, local companies need to know the laws that apply to activities conducted in the countries where they and their business partners operate. They need to know the obligations that apply to dealings and transactions with sanctioned parties, countries, and activities. They also need to understand how dealings and transactions with publicly traded companies, government officials and entities, and participation in specific industries can subject them to greater regulatory scrutiny. This article discusses the factors that determine what laws and obligations apply to companies and their business partners.
Where you operate and how you are organized
Where you operate and how you are organized is relevant because many anti-bribery and corruption, sanction, and personal data privacy laws apply to where the regulated activity occurs. For example, the US Foreign Corrupt Practices Act (FCPA) and UK Bribery Act apply to all activities performed in the US or UK regardless of the nationality of the individuals or entities involved. The US FCPA also applies to foreign companies with shares or depository receipts listed on a US exchange or quoted in the over-the-counter market in the US. As for personal data privacy, the EU General Data Protection Regulation (GDPR) and Saudi Arabian Personal Data Protection interim regulations (Interim Regulations) regulate Data Processors registered to do business in the EU and Saudi Arabia and who operate from within the EU and Saudi Arabia.
Where you operate also includes the countries where you acquire personnel, goods, services, and other assets. Sanction and Personal Data privacy laws regulate assets that are collected, created, or transferred from their country of origin. For example, US and EU sanction laws apply to the access and use of US and EU persons, items, and technology. Similarly, the GDPR and Interim Regulations apply to personal data collected or processed from data subjects in the EU and Saudi Arabia. Both sanctions and personal data privacy laws also regulate the transfer of assets from their country of origin to another. For example, the GDPR and the Interim Regulations regulate the transfer of personal data from EU member states and Saudi Arabia to other countries, and US and EU vendors must obtain a license to export sensitive Items and technology to other countries.
Who you do business with and what you do
Who you do business with can affect compliance obligations and requirements. Transactions and dealings with publicly traded companies and government officials and entities are subject to greater regulatory scrutiny than dealings with private companies. Publicly traded companies are subject to regulations that often require them to ensure that their business partners have adequate compliance programs. Similarly, business partners often place additional compliance measures and obligations on companies that transact with government officials or government-owned entities.
Understanding what your company does is also relevant. Do your operations require government licenses or approvals? Do you require personal data to manage employees or interact with customers and business partners? Do you need access to US or EU origin items, technology, software, or services? Engaging in these activities exposes your company to compliance obligations related to anti-bribery and corruption, personal data privacy, and export control laws.
Understanding the industries you operate in can help identify laws and regulations that might apply. Some industries are subject to greater scrutiny in particular regulatory areas. Others can be subject to scrutiny in multiple regulatory areas. Industries that are subject to greater scrutiny under Anti-bribery and corruption laws include:
· Energy & Natural Resources
· Construction
· Manufacturing
· Transportation
· Information Technology
· Telecommunications
Industries that are subject to greater scrutiny under data privacy laws include:
· Banking & Finance
· Healthcare
· Transportation
· Information Technology
· Telecommunications
Industries that are subject to greater scrutiny under export control and sanctions laws include:
· Banking & Finance
· Defense & Security
· Energy & Natural Resources
· Information Technology
Conclusion
To meet the compliance obligations and expectations imposed by business partners and growing regulatory regimes, companies need to know the compliance obligations that can apply to their business and its operations. Even purely domestic operations need to know more than their own countries' laws; they also need to know the regulatory obligations that apply to the companies, suppliers, and agents they do business with. Knowing what laws and obligations apply is the first step towards developing the compliance programs necessary to participate in the global economy. We invite you to take our free self-assessment to identify laws and regulatory risks that might apply to your company and its operations.
EMME Advisory Services
EMME Advisory Services (EMME) was established to help companies in the Middle East and emerging markets identify and build the programs necessary to comply with relevant regulatory compliance risks, obligations, and expectations. Before establishing EMME, Granville Collins was responsible for building the Saudi Aramco programs necessary to comply with multinational regulatory compliance obligations, business partner requirements and expectations, and the Kingdom’s developing regulatory regime. With the access, observations, and knowledge that comes from twenty years of working for Saudi Aramco in Saudi Arabia, EMME has developed a deep understanding of the operational needs for compliance in the Middle East. For more information contactus@emme-advisory.com or visit www.emme-advisory.com.