What are the most significant cases or transactions that your legal team has recently been involved in?

In 2025, Noventiq’s APAC Legal & Governance (“APAC LGC”) embarked on a regional transformation through the “Compliance in Business & Compliance for Business” initiative, repositioning legal governance as a business enabler rather than a cost centre. The initiative focuses on building customer trust across APAC, particularly among highly regulated customers, by embedding compliance, risk and governance considerations early in commercial decision-making.

Following this initiative, APAC LGC has supported more effective and outcome-driven negotiations with regulated customers, including banks and financial institutions, hospitality groups, hospitals and medical science organisations, as well as government-linked entities. By proactively addressing regulatory requirements upfront, transactions have progressed more efficiently, with reduced friction, clearer risk allocation and stronger long-term strategic outcomes.

This approach has strengthened internal alignment between legal, compliance, finance and commercial teams, establishing a consistent framework for evaluating risk while enabling faster and more confident business decisions across APAC.

APAC LGC also played a central role in supporting ISO 27001 certification in Vietnam and Malaysia, working closely with information security, audit, operations and senior management. Governance frameworks, policies and internal controls were implemented to support engagements with regulated and security-sensitive customers, with further APAC jurisdictions identified for phased ISO 27001 certification in FY2027. In parallel, APAC LGC led regional regulatory initiatives to obtain cybersecurity service provider recognition for Noventiq Singapore and Noventiq Malaysia, resulting in certification by CSRO (Singapore) and NACSA (Malaysia). These initiatives strengthened customer confidence, reduced regulatory barriers to entry and enabled the expansion of Noventiq’s cybersecurity service offerings across APAC.

APAC LGC also led the in-house design and implementation of an AI-enabled contract management system (“CMS”) to improve contract review efficiency, risk identification and execution discipline. By integrating enhanced due diligence processes for customers, vendors and partners within the AI-enabled CMS, APAC LGC enabled early detections of commercial and regulatory risks.

Regionally aligned template contracts and contract playbooks were also developed, providing commercial teams with clear guidance on fallback positions, escalation thresholds and red-flag issues. This standardisation reduced turnaround times, improved consistency and allowed Legal to focus on complex and strategic transactions.

Through these initiatives, APAC LGC now operates as a trusted business partner, working alongside the business from the outset to enable informed risk-taking, accelerate execution and support sustainable growth, rather than functioning solely as a control or review function.

What do you see as an opportunity or risk over the next six months?

Over the next six months, I expect the operating environment to remain challenging across APAC. Global geopolitical uncertainty and ongoing economic pressure continue to affect purchasing power, currency movement and client confidence. In a highly competitive IT market, this places pressure on pricing and margins and increases the risk of commercial decisions being made at speed.

Geopolitics is also driving greater regulatory complexity. Sanctions, export controls and sporadic data privacy requirements are becoming harder to manage consistently across jurisdictions. As regulatory risks are no longer confined to any single jurisdiction, it is crucial to navigate overlapping and, at times, conflicting requirements without slowing the business down. Nevertheless, these challenges present an opportunity for in-house legal practice to establish strong, centralised legal and compliance frameworks, a key enabler for businesses to move faster and more confidently than competitors.

Despite the developing regulations and potentially more segmented regulations to be introduced in the coming months, Artificial Intelligence (“AI”) will likely be an area of opportunity for in-house legal practice as it allows modern in-house legal practice to move beyond reactive compliance by supporting continuous monitoring and early detection of risks across different jurisdictions.

In contract review, AI improves speed and consistency by identifying risk-heavy clauses, deviations from standard positions and potential liability exposure, allowing lawyers to focus on strategic negotiation and value protection.

Premised on this, I foresee better AI features and more robust adoptions within in-house legal practice in the next six months

What regulatory or policy developments in Malaysia have had the most significant impact on your organisation in the past year?

The most significant regulatory developments impacting the organisation in the past year were the amendments to the Personal Data Protection Act 2010 made in late 2024 and the introduction of the Cybersecurity Act 2024. Together, these developments materially increased regulatory expectations around accountability, transparency and organisational preparedness in relation to data protection and cybersecurity.

These changes required more than incremental policy updates. From a governance perspective, the legal team led a comprehensive review of data protection and cybersecurity policies, breach response procedures and incident management frameworks to ensure the organisation could demonstrate accountability and effective regulatory response. The focus shifted towards clearer ownership, cross-functional coordination and documented decision-making across legal, IT, information security and operations.

Critically, the impact was not limited to regulatory compliance. Customers—particularly regulated, multinational and government-linked entities—now expect demonstrable evidence of data protection and cybersecurity compliance as a condition of doing business. This includes expectations around incident readiness, governance oversight and auditability. Inadequate compliance increasingly presents direct commercial risk through delayed transactions or loss of business opportunities.

In response, the legal function repositioned data protection and cybersecurity as an organisation-wide responsibility rather than a purely legal issue, embedding compliance considerations into operational processes, customer engagements and contractual discussions. This approach has strengthened regulatory resilience while supporting customer confidence and commercial continuity.

Looking back, which experience has most shaped your approach as an in-house lawyer?

Looking back, the experience that has most shaped my approach as an in-house lawyer is my early grounding in litigation, combined with subsequent exposure to C-suite decision-making and multinational operations.

My litigation experience developed a disciplined approach to strategic risk assessment, high-stakes communication and negotiation, but more importantly, it fundamentally changed how I view legal risk. Seeing disputes unfold reinforced that litigation is often the consequence of earlier commercial decisions, unclear contractual positioning or unmanaged expectations. This perspective now informs how I draft contracts, structure risk allocation, and advise the business with a focus on prevention rather than cure.

Working closely with C-suite leaders further shaped my approach by deepening my understanding of how legal advice fits within broader business strategy. It taught me that effective in-house counsel must go beyond identifying legal risk, and instead translate legal, governance and regulatory considerations into practical options aligned with commercial objectives, timing and risk appetite. This has enabled me to participate in strategic decision-making rather than operating as a purely technical advisor.

Finally, my experience in multinational organisations sharpened my appreciation of cross-border complexity, cultural nuance and differing regulatory expectations. It reinforced that legal solutions must be context-sensitive, adaptable and commercially realistic, particularly when leading regional initiatives or managing multi-jurisdictional risk.

These experiences have shaped my pragmatic and prevention-focused approach.