Doing Business in Asia
A series of devastating explosions ripped through the tropical paradise of Bali late last year, leaving more than two dozen people dead and more than 100 injured, most of them foreign tourists. At least three bombs went off in the incident, all in crowded markets and near sites where Westerners gather, including the Four Seasons Resort. The bombing, believed to have been carried out by a group sympathetic to al Qaeda, was just one in a series of attacks in Indonesia that have left hundreds dead and injured in the past five years.
Indonesia is not the only country in the region where terrorists attacks are a risk. There have been no fewer than 1,700 terrorist incidents in India, Pakistan, and the disputed region of Kashmir in the past six years, leading to nearly 3,000 fatalities and more than 6,000 injuries.
Security managers know that “there has always been a tendency for bad things to stir up quickly” in some parts of Asia, says Art Brown, senior vice president with Control Risks Group. That message is not lost on multinationals, like Marriott International. “[A]s we become more and more of a global company, we recognize how much more that puts you at risk for being targeted by terrorists,” says Chad Callaghan, CPP, vice president of enterprise loss prevention at Marriott. “That is a very big challenge for us,” he says.
Terrorism is just one of the issues confronting companies that want to do business in Asia. Managers of those companies must understand the unique cultures and the differing risk environments that exist in this vast region if their ventures are to succeed.
Cultural Considerations
When I stepped off the plane in Seoul, South Korea, on my first trip to Asia many years ago, I was stunned by the chaotic scene that greeted me. Soldiers marched three abreast through the terminal with machine guns on their shoulders. Masses of people swarmed the facility. A Western friend who had been living there smiled at the surprise on my face. “Now you know why it takes 17 hours to get here,” he said. “It’s truly the other side of the world.”
That sense of surprise greeted me many other times, in my travels to Thailand, Malaysia, Laos, China, and Japan, as well as a brief trip across the Burmese border. In some cases, it was the heavy and threatening presence of the military; in others it was a feeling that there was madness, but no method, in dealing with government bureaucracies. Often that tableau of overwhelming chaos was shrugged off by the locals as no big deal.
Each country has its own cultural imperatives, so I learned to keep two lessons in mind when working abroad: Be prepared for anything, and don’t expect it to be just like home.
The same lessons hold for security professionals who may be called on to help their companies conduct business in Asia. Anyone charged with protecting personnel, information, and facilities in Asian countries must first understand local customs, culture, and business issues. Only then can they put the risks and possible countermeasures into the context needed.
Doing Business
While you need to do your homework before working in Asia, no amount of study will make it possible or advisable for you or your company to go it alone. Doing business in Asia in most cases requires a local partner with expertise and knowledge of how business gets done.
In Southeast Asia, local partners—especially lawyers—are essential, says John Muller, a Bangkok, Thailand-based security expert and consultant with MPA Security Systems who set up a private security company in Cambodia more than a decade ago.
M. Anwar Khan, security manager of the Pakistan Tobacco Company (a part of British American Tobacco), says that in his country, a partner can help a newcomer get through the laborious procedures for obtaining business licenses.
In other countries, it’s not just a good idea; it’s the law, says Muller. “The government in Laos, for example, “will not grant majority-share ownership to foreign security firms.”
Due diligence. It’s essential that these local and prospective business partners be carefully vetted. Unfortunately, that’s not always done. “Too many companies make the mistake of not investing in doing this important homework,” Muller says. “If you ‘get into bed’ with the wrong partner from the start, it is costly and can damage your reputation.”
Brown says that Western businesspeople often hire local partners in ways they would never dream of doing elsewhere. “Unfortunately, what usually happens is that the [local] partner is a brokered introduction or someone they literally run into in the business lounge at the Hong Kong airport.”
Potential partners should go through a long and intensive vetting process, Brown says. “Your due diligence is going to be four or five times greater” than it would be for a line worker “and will involve talking to some of his former employers, competitors, both your own client base and your own sales staff to see what they know about this guy.”
The goal is not simply to determine whether there is any criminal background, “but what are the reputational concerns, strengths and weaknesses, that he brings to the job,” Brown explains.
Something else to check is how long this partner stays with particular companies. “A lot of these guys are now becoming a very hot commodity,” Brown says, “and they are switching jobs on the average of 14 or 18 months, so loyalty to the multinational corporation is probably not the first thing on their mind.”
The vetting process for line workers is also important, says Johan Selle, watch operations manager with business-intelligence firm iJET. These workers gain intimate knowledge of your company’s proprietary information and operations in some cases, but they could be working for your competitor tomorrow, he warns.
Anjali Bhattacharjee, a regional analyst with iJET, adds that many Western companies outsource their business-processing units to India, putting financial information on American and British consumers at risk. “In northern India a couple of months ago, two people were convicted of selling bank information,” she says, adding that the number of perpetrators who don’t get caught—and the number of businesses that try to keep this kind of incident quiet—is likely very high.
Hotlines. Many local workers are happy to be employed with a large multinational company and take pride in it, says Brown. These honest employees are the first line of defense against a corrupt manager or employee. But workers need a way to communicate problems or suspicions to the company without risking their positions.
Brown recommends setting up a hotline that will enable local workers in, say, China to report a problem anonymously to a native Chinese speaker without having to dial an overseas telephone number. Workers must be assured that this hotline information does not come back to the corrupt manager; Brown says he’s seen this happen with poorly set-up hotlines, resulting in retribution.
Security staffing. Regional managers of multinational companies operating in Asia say that they face a host of problems in finding and keeping local security staffs. Part of the problem is that better jobs are plentiful at new factories that offer better hours plus “better pay, air-conditioned environments, free transport to and from home, subsidized lunches at the company canteen, and other benefits,” Muller says.
The problem of finding security staff is getting so bad in the region, Muller says, that some hotels and businesses “have gone to direct hiring of guards…because the guarding companies cannot deliver sufficient manpower.” He says this could lead to a host of problems, including a lack of standardized training and increased costs from high turnover and continual recruitment.
Electronic security. The growing need for security, and the scarcity of willing or qualified personnel, has led to increased interest in automated security systems in Asia. “The sector which will enjoy an increase is likely to be that of electronic security with the implementation of global access control, CCTV, and alarm systems by multinational companies,” says Jessie Ng, regional communications manager of Group 4 Securicor plc in Hong Kong. Muller agrees. He estimates that there has already been a 30 percent increase in the use of electronic security systems in Thailand alone in the past three years.
Augustus “Ace” Esmeralda, CPP, PSP, a hotel security professional in the Philippines, has seen the same change in his country. Esmeralda notes that there has been a “significant increase on investment spending on intrusion alarms and CCTV systems” for organizations in the Philippines.
A.K. Moorthy, CPP, a Singapore-based senior security consultant with Cisco, says that he saw greater implementation of physical security devices across the region after the 2002 Bali bombing.
“There was a surge of interest in turnstiles at lobbies, electronic access control systems, x-ray machines at entrance portals for package screening, ID badges, undercarriage inspection systems,” and so on. He adds that many building owners embarked on extensive retrofit projects to allay fears from “tenants who perceived themselves as being at risk of terrorist attacks. The alternative was to risk an exodus of their tenants to other premises that were perceived to be more secure.”
Threat Environment
In a region as vast as Asia, security risks can vary widely from region to region, and even within a particular country. But experts indicate that the most common threats include theft of intellectual property and counterfeiting (particularly in China); extortion and corruption in many countries throughout Asia; and terrorism risks in Indonesia and in South Asia (particularly India, Pakistan, and the Kashmir region).
IP theft. When a local senior market researcher of a European multinational company operating in China quit in 2004 for “health reasons,” it was the company that felt the pain. That’s because the researcher had absconded with the company’s valuable proprietary information, which he then took to a competitor.
That unfortunate episode, related in a report by iJET, is alarmingly common, experts say. “It is no exaggeration to say that China is the world’s leader in terms of IP loss, counterfeiting, and economic espionage,” says Shanghai, China-based Dane Chamorro, deputy country manager with Control Risk.
As this case illustrates, the theft of proprietary information is a major concern for multinational companies doing business in Asia. A survey by global management consulting and technology services company Accenture of executives in the chemicals industry revealed that 59 percent of North American executives in this sector said that intellectual property theft was their biggest challenge with regard to investing in China.
Some companies are beginning to take the threat seriously. But many companies are simply going in blind. “[A]ll too frequently we see companies rushing into China without taking proper precautions to safeguard their proprietary knowledge,” says Chamorro.
Some of the precautions that they should be taking, such as the vetting of partners and workers and the operation of a hotline, have already been noted.
Other measures that can be taken to reduce the risk of IP theft include the implementation of information-classification systems, access and destruction protocols, and employment contracts that include separate information-protection clauses (such as noncompete and nondisclosure agreements), according to Chamorro.
Other crimes. Apart from IP theft, in many parts of Asia there exists the general threat of crime. Some are crimes of opportunity. Brown notes, for example, that Japanese businessmen working in other Asian countries are often targeted as “walking ATMs,” because they tend to carry lots of cash with them.
Thailand faces some serious crime issues, says Muller. “Last year crime in Bangkok increased by 12 percent” according to local police officials, he says. “Drugs are still a problem, and workplace violence has increased,” he adds.
Organized crime. Organized crime is a serious threat in the region and one that is not easy for companies to defend against, says Daniel T. Hsu, CPP, who works in Taiwan with American Express International as a manager of security services for the North East Asia region. Threats from organized gangs can take the form of robberies that target the transportation sector, he says.
Chamorro says that organized crime in China is usually very localized except in the southern province of Guangdong, “where the influence of Hong Kong’s triads and Taiwanese criminal gangs is not uncommon.”
These criminal groups typically focus on local citizens but can nevertheless present a threat to Western businesses. “In other areas of China, we note that the last several years have seen the emergence of new threats to affluent Chinese, including kidnap for ransom, extortion, contract killings,” and so on, Chamorro says, driven by the large gap between rich and poor.
“This is often overlooked by foreign companies because China is considered a relatively safe place,” Chamorro explains. While that’s true for foreigners, companies must be mindful that their senior managers “could easily become targets of such violence,” he says.
Extortion. Extortion is a major problem throughout the Asian continent. For example, gangsters sometimes “boycott for ransom,” says Hsu. In that scenario, they disrupt construction projects using fraudulent excuses until money is paid. This practice is common in China, as well as Taiwan, he notes.
Extortion can take some other novel forms. For example, when I worked in Japan, organized crime members (known as sôkaiya) would buy shares of stock in a company so that they would have the right to attend shareholder meetings, which these criminals would then threaten to disrupt if not paid to stay away or keep quiet.
Knowing that any sort of public humiliation would hurt the bottom line, some companies did pay gangsters not to attend. The company I worked for ordered its employees to come early and fill seats as a way of preventing the criminals from getting a foothold.
Corruption. Brown says that companies should talk to local authorities before investing and hash out “how is it that we’re going to cooperate, as I bring in this large investment that will employ X amount of your unemployed work force, to protect interests of intellectual property involved as well as other general security-writlarge kind of threats.”
Waiting until a problem, such as the illegal counterfeiting of your product, arises and then talking to the local official “is going to put you in the waiting room,” Brown says.
In China, Brown explains, local authorities are concerned with stability issues that could exacerbate unemployment and reduce the revenue that the official needs to send to Beijing—not with your company’s profit margin. “A lot of counterfeiters pay taxes, so for him to shut down a counterfeit operation is going to cause him to lose some tax revenue as well as make his unemployment problem worse,” he explains.
That’s just one example of how the local officials may lack the motivation to enforce rules or may have reason to look the other way. Selle says that in parts of China, for example, corruption is simply an expected and longstanding part of the business process, and Western companies for whom bribery is illegal need to realize that they’re simply not going to be able to advance their interests as quickly as they’d like.
Apart from corruption, businesses that need to operate in some of the world’s riskier locations face unique situations, and they may have to make tough choices about how much to tolerate. For example, iJET’s Bhattacharjee says that one of her company’s clients has a factory in Nepal, where Maoist rebels rule much of the countryside. The rebels “come in and for a day they’ll take workers and carry out indoctrination training, and they’ll send them back again the next day,” she says. The company could refuse to let its workers go, but could then face retribution. In this case, the company lets the workers go, having decided that it’s not worth fighting the practice.
Terrorism
Recently, I drove a friend visiting from Japan past the Pentagon and pointed out the location where, on 9-11, the hijacked plane had crashed into the building. My Japanese friend thought for a moment and then said, “Oh yes, I remember reading about that in the newspaper.”
It was a stark reminder that while the tragic events of that day changed the perception and status of security in the United States, other countries did not necessarily identify with the threat.
“I don’t feel that there was much of a perceptible change after 9-11 except that in Hong Kong a number of financial firms—especially American ones—took a second look at their security and business continuity procedures,” notes Chamorro. “My personal view is that this was because the event seemed very remote and tied to what many believed to be America-specific issues vis-à-vis the Muslim world,” he says.
Bali bombing. But that all changed a year later. On October 12, 2002, a car bomb exploded in a popular tourist quarter in Bali, killing more than 200 people.
“Bali…had more of an impact since it was closer to home, in a spot where regional expatriates often holiday or own homes,” Chamorro says.
Another 13 people were killed by a car bomb that went off outside the lobby of Jakarta’s J. W. Marriott Hotel on August 5, 2003. Both of these bombings were carried out by the international Islamic-militant group Jemaah Islamiya (JI).
The dates of these bombings are significant, says Brown. “They’ve had four bombings there on the anniversary, give or take a month, from 9-11,” he says. In fact, seven of the 17 attacks in Indonesia mentioned previously occurred in August, September, or October.
“They’ll have another one [this] year; it’s going to happen,” predicts Brown. It’s the one place in Asia where I have real concerns about terrorism.”
That message is not lost on multinationals who have facilities there. “Companies in Indonesia have truly got religion on that,” Brown says.
“Before these regional incidents, as in the U.S. before 9-11, physical security measures in Asian countries other than Indonesia were historically aimed at loss prevention and were, therefore, focused internally,” says Craig Foster, Singapore-based senior vice president of asset protection and enterprise security with Hill & Associates Risk Consulting. After the Bali bombing, many organizations changed their focus to becoming harder targets, he says.
Muller concurs, noting that before the Bali bombing, “I can state that American companies in Thailand took very little interest in security. For years most of the American major corporations left security decisions to local management, human resources, or, worse yet, financial controllers” who had no security expertise. Now security is taken more seriously throughout the organization.
Since the Bali bombing, security experts have seen other changes in security management practices. Hsu says that in his region, he’s seeing more attention toward crisis management and response, in particular around bomb-threat countermeasures that were once considered only for extreme situations.
Collateral damage. Brown says that apart from those large attacks in Indonesia, disaffected local Muslims in Thailand or the Philippines have engaged in acts of violence aimed against local governments, rather than Western businesses. However, even if violent acts aren’t targeting foreigners, there is still a risk to employees. “If you’re in the wrong place at the wrong time, you can get into a collateral-damage situation,” Brown says.
Andrew A. Choong, head of security at Shell Refining in Port Dickson, Malaysia, says that after the Bali bombing, he reviewed existing security practices “to reflect the new threats of terrorism which were until then thought to be targeted towards Western targets in locations outside Southeast Asia.”
Esmeralda says that local security professionals must keep a close eye on how their countries deal with terrorist groups for clues on whether violence will occur; for example, how Malaysian, Indonesian, and the Philippine governments deal with Jemaah Islamiya threats or how the Philippine government handles ongoing peace talks with the Muslim and Communist rebels could indicate whether attacks are forthcoming. “Terror can be used as leverage at the negotiation stage,” he says, so that’s when security managers need to be on the alert.
South Asia. Countries in the South Asian region have a high risk of terrorism. Indeed, says Pakistan’s Anwar Khan, “Terrorism from across the border in Afghanistan and from within is the most pressing concern in Pakistan.”
Many of the attacks around the region don’t get much fanfare overseas, unless they are large attacks tied to a Western target. But international terror tactics are being adopted by local groups, which could endanger more businesses operating in the region.
For example, Bhattacharjee explains that many foreign textile companies have operations in Bangladesh, which has “a history of civil unrest.” She says that domestic groups fighting the government are beginning to emulate more sophisticated terrorist organizations such as al Qaeda and the Jagrata Muslim Janata Bangladesh, which has carried out bomb attacks against “anti-Muslim” targets such as movie theaters.
They learned their lessons well. On August 17, 2005, a local terrorist group detonated a series of small bombs—the National Memorial Institute for the Prevention of Terrorism estimates that there may have been as many as 350 separate explosions across Bangladesh. The attacks injured 115 people and resulted in one death. The most frightening thing about the incident, Bhattacharjee says, is that many of the bombs exploded simultaneously. That indicates a sophisticated and highly organized attack.
Information Sharing
Despite the increased importance of sharing information on threats, experts in the region say they’ve seen only a slightly greater willingness of businesses to share such information with each other.
To the extent that sharing does take place, it seems to happen “more between foreign multinationals in these countries and not so much between Asian-held companies,” Bhattacharjee explains. “The overall impression is that Asian companies remain wary of sharing to the extent seen in the U.S.”
“There is still a great deal of reticence to sharing information,” agrees Ng. “Although some notable examples exist in the multinational corporations, banking, and hospitality sectors, these are limited and the public-private sector information exchange is minimal.”
Chamorro says that formalized sharing of information happens primarily through the Overseas Security Advisory Council (OSAC), a cooperative effort between American business interests at home and abroad and the Department of State. Its Country Councils provide a way for American businesses overseas to communicate with the local U.S. embassy. “Between businesses this tends to occur through personal relationships between security managers,” he says.
Muller says that he’s seen some progress. For example, he cites greater attendance at local American Chamber of Commerce meetings about security. He notes that American embassy Regional Security Offices (RSOs) in Thailand, Cambodia, and Laos “are reporting more corporate business and citizen registrations, and getting asked more questions about security issues.” He adds that the major international schools have organized security networking meetings where each quarter they share information with RSOs as well.
Esmeralda notes that the local ASIS chapter works with the Federation of Industrial Security Organizations of the Philippines (FISOP), which he calls “the mother of all security and safety organizations in the country.” In addition, security professionals in the hospitality industry across Asia are more amenable to sharing information informally because this line of business “is quickly affected by any negative security issues.”
“In some countries like Singapore, there are briefings by police from time to time” on issues of concern to the business community, says Moorthy. “Nonsensitive information on lessons learned from incidents such as the Bali bombing is disseminated to relevant businesses” as well.
In my travels through Asia, I found that it’s not uncommon for people to assume that Western countries are exactly as they are portrayed in television shows and movies. Likewise, many Westerners have a mistaken image of Asia based on what they’ve seen in movies.
Companies, of course, cannot afford to go on assumptions or stereotypes. There are real rewards to doing business in Asia, but these can only be reaped with a proper understanding of the culture and then a careful countering of the risks. Security professionals who take the time do their homework will be making an important contribution to their companies’ efforts in the region.
Peter Piazza is an associate editor at Security Management. He has lived and worked in Japan, South Korea, and Thailand.
