What strategies do you employ to ensure the successful digital transformation of a legal department while maintaining compliance with your country’s data protection laws?

Digital transformation has become essential, particularly following the implementation of Thailand’s Electronic Transactions Act and, more significantly, in the aftermath of the COVID-19 pandemic. During this period, the demand for digital execution processes increased both internally within organisations and externally among customers. My legal team and I consider the business needs alongside the legal framework and internal policies before implementation. This is done in consultation with legal peers within Citi, as well as professionals in the wider legal market. Examples include the use of electronic signatures and other available digital platforms.

When Thailand’s data protection laws came into full effect, their implementation became an integral part of local regulatory compliance. These laws require adherence to various standards, including internal security protocols, Citi’s privacy policy, and the legal review of documentation in relation to digital execution and data protection. These considerations are often reflected in the relevant provisions within contracts and agreements. Standard clauses addressing data protection have been introduced across a range of agreements.

Once new regulations are introduced, Citi’s internal protocols are updated accordingly. From a legal perspective, it is crucial to develop strategies that facilitate an understanding of these newly enacted laws, sub-regulations, and industry guidelines. We undertake legal assessments and gap analyses to identify and address potential issues. Collaboration with stakeholders across the organisation is also essential to ensure alignment with applicable laws and to mitigate any risk arising from non-compliance or regulatory gaps. Ultimately, our strategy involves setting clear organisational goals, aligning legal policies and protocols with these goals, and ensuring clear communication to support legal compliance and meet regulatory expectations.

Based on your experiences in the past year, are there any trends in the legal or business world that you are keeping an eye on that you think other in-house lawyers should be mindful of?

To provide accurate and relevant legal advice, in-house lawyers — or any proactive legal professionals — should closely monitor legal developments, regulations, and market trends, both within their industry and internationally. This includes participating in industry forums, whether organised by regulators, trade associations, or professional bodies, in order to stay informed about emerging issues.

The trend in both the legal and business sectors is increasingly moving towards digitalisation and global transactions facilitated through integrated platforms. These developments aim to simplify cross-border processes and offer customers a one-stop solution that is both efficient and timely. Tools such as digital signing and digital platforms offer promising solutions for streamlining services and removing unnecessary steps.

Legal solutions must evolve in tandem with the needs of the business, stakeholders, and specific products. Although tools like AI offer significant advantages in delivering faster solutions, the banking sector still requires a high level of legal precision. This includes maintaining internal legal standards, performing accurate assessments, and ensuring proper legal documentation. As such, full replacement of in-house legal work by AI in banking remains a challenge. In addition, the legal team must take the lead in addressing the legal implications of advanced technologies and processing methods. It is also vital for legal professionals to understand the technical aspects of these tools and receive appropriate training.

Legal risks can also arise from changes in legislation. In-house legal counsel should therefore remain focused on the implementation of new laws and regulations, as well as relevant regulatory guidance or sector-specific policies, especially in banking. For instance, the introduction of new technological solutions can give rise to new forms of crime. This, in turn, necessitates new government policies and legislation.

At the same time, ongoing guidelines from the Electronic Transactions Development Agency (ETDA) under the Electronic Transactions Act and the Personal Data Protection Committee (PDPC) under the Personal Data Protection Act continue to be monitored and enforced.