Team size: 16

What are the most significant cases, projects and transactions that you and your legal team have recently been involved in?

It’s been a rollercoaster year, we formed a consortium with a Hong Kong financial institution and made an application for a Virtual Bank license, being one of five consortia to be considered for licensing as a virtual bank in Thailand. The process was one that required effort from multiple teams within a five-month period to manage over 130 policy and procedures submissions. At the same time, the Lightnet group has been making its application in Europe under the new Markets in Crypto Assets Regulations (MICA). Should we be successful, we will be the first Thai company to have received this license. In addition, the licensing efforts in Singapore continue with expansions of our existing license to include Merchant Aquisition, Domestic Remittance, Electronic Money and Digital Payment Token authorisation. We have also seen multiple labor complaints against our subsidiaries in Thailand, most of which have been successfully defended off by the team.

How do you approach managing legal aspects during periods of instability or crisis to ensure the organisation’s resilience?

In the field of fintechs and digital assets, you learn to always expect periods of instability, uncertainty or crisis – the thing that has always worked for me is to first stay calm. Address the critical issues and assign priority to each matter. If things cannot be solved immediately or a fire put out immediately, assess how to mitigate some of the risk and damage.

What strategies do you employ to ensure the successful digital transformation of a legal department while maintaining compliance with your country’s data protection laws?

I am a big supporter of digital transformations occurring in legal departments. Whether it is automating your work-flow intake, automating document creation, or utilising digital signature platforms. Using technology effectively is a great way of ensuring that my team and I have additional hours in the day to focus on matters that really create value.

We utilise a new workflow automation process under a centralised system called “Lark” – this ensures that task management can be effectively done, and we avoid overloading team-members as I am able to see at any given time the number of tasks assigned to members of my team based on priority. We are also developing new templates that can populate through dynamic fields which remove the grunt work from filling out party details across multiple documents used in the customer onboarding process. It’s an exciting project and given that the system does not expose data outside, we ensure the highest level of compliance with data protection standards.

As a fintech company, maintaining the integrity and security of customer data is imperative and ensuring that access controls are put in place to monitor who has access to what data is also an important internal control that me and my team have developed.

What do you think are the most important attributes for modern in-house counsel to possess?

I have said much about the need for in-house counsel to understand the risks that affect their business. Particularly, in my industry, the risks arising from hacks, data breaches, and cybersecurity are increasing. The thing that will set modern in-house counsel apart will definitely be their ability to foresee emerging risks that are beyond the ability to recognise contractual or statutory risks. Once these risks have been identified, then being able to effectively address those risks in all contracts, policies and procedures is another skillset that will really set modern in-house counsel apart.

What is a cause, business or otherwise, that you are passionate about? Why is this?

I come from a background of banking and finance legal expertise – in recent times I have seen an explosion of financial institutions being licensed by various central banks all around the world. While this has certainly had positive effects on the underbanked / non-banked populations of the world, mass licensing also creates instability in the existing financial framework. Having too many licensed entities exist in the market creates an increased risk of loss of funds and assets, increased fraud, increased money laundering and more.

I am thus very passionate about the processes that goes into the licensing of financial institutions. Regulators around the world have focused heavily on knowledge of AML / CFT laws but have historically paid less attention to whether organisations technological systems being utilised are essentially “fit and proper” to protect against hacks and cybersecurity risk. The greatest vulnerability to financial institutions in addition to safeguarding of funds is from the cybersecurity perspective. Systems are often not developed in-house, and lawyers and CEOs will not know the vulnerabilities of these systems and will rely on “experts” in the field of IT or cybersecurity to confirm whether they are up to standard.

I think we will see in the next few years, a shift from regulators requiring companies to prove their system capabilities and defences and perhaps hiring qualified cybersecurity personnel to protect these systems. This is an area of law that has not been the focus for lawyers and with AI systems in the limelight i.e. how do we ensure that standards are being applied on a mandatory basis to licensees to ensure customer protection of not just their personal data but their assets. With the advent of the DORA regulations in Europe this year, this can be seen as the first step in the right direction to increase cyber-resilience.