Legal Updates for April 2023

Regional Competition Bites Q1 2023

This Rajah & Tann Regional Competition Bites provides an overview of the key competition updates in South-east Asia during the period of January to March 2023.

A key macro trend across the region is the introduction of new merger regimes or enhancing existing regimes so as to capture a wider range of mergers. Cambodia has now introduced merger filing thresholds and mergers will have to be filed with the regulator come September 2023. Vietnam and Thailand have been reviewing an increasing number of mergers, with Vietnam seeking to review even foreign-to-foreign mergers. Indonesia has bucked the trend a little, providing a breather to businesses by shifting from a single nexus to a double nexus requirement, while Philippines has raised its notification thresholds. What these developments spell for businesses is that Southeast Asia is a region that can no longer be ignored from a merger control review perspective. Even in Singapore, which has a voluntary regime, the regulator takes the position that if thresholds are crossed, a notification is necessary.

Separately, fighting inflation and cost of living issues continue to be a focus area. Regulators in Indonesia, Thailand and Philippines have opened cartel investigations products involving daily essentials such as onions and chicken eggs, while the Malaysian regulator is working closely to support the Ministry of Domestic Trade and Cost of Living in tackling these issues.

Another key area where focus continues is in all things data, digital, and e-commerce. Several of the regulators have reiterated that this is an area of priority, and with some opening investigations in the area. Tech is also important for the regulators as they look to enhance their internal capabilities to handle more complex mergers and investigations.

On regulators, the Vietnam Competition Commission ("VCC") has finally been properly constituted and empowered to take enforcement action. VCC is now responsible for all competition matters, ranging from investigations to enforcement and merger control. We expect stronger competition law enforcement and quicker review of merger cases in Vietnam moving forward.

Developments in the region remain dynamic and the Rajah & Tann Asia Team is very much in the thick of many of the developments and on-going matters. Please reach out to us if you wish to further discuss these developments. 

New KPPU Case Handling Procedure May Allow Dismissal of Anti-Competition Investigation Based on Change of Behaviour

Starting from April 2023, businesses must follow the new case handling procedure regulation under the Indonesia Competition Commission (“KPPU”) Regulation No. 2 of 2023 on Case Handling Procedure (“New Regulation”). The New Regulation became effective on 31 March 2023, even though it only became available to the public on 6 April 2023.

The New Regulation replaces the entire case handling procedure regulation in KPPU. Among others, a notable new feature under the New Regulation is the allowance for reported parties to propose a change of behaviour to the KPPU during the investigation stage instead of going through the preliminary examination hearing without admitting guilt and regardless of other reported parties doing the same. This is significant because if the KPPU accepts the proposed change of behaviour and the reported parties fully implement such change, the KPPU will dismiss the investigation altogether and the reported parties will not be subject to any sanction.

New Regulations Relax Criteria for Foreign-To-Foreign Merger and Charge Filing Fees for Merger Notification

The Indonesia Competition Commission or KPPU has issued a new merger control regulation, namely KPPU Regulation No. 3 of 2023 on the Assessment of Merger, Consolidation, or Acquisition of Shares and/or Asset that could Result in Monopolistic and/or Unfair Business Competition Practices (“New Merger Regulation”). Although this New Merger Regulation was only made available on 6 April 2023, it became effective from 31 March 2023.

Under the New Merger Regulation, a notification of foreign-to-foreign merger transaction only needs to be filed with the KPPU if both parties have assets and/or generate sales/turnover in Indonesia. This is a major departure from the previous KPPU Regulation No. 3 of 2019, which mandated filing even if only one party to the transaction had a nexus to the Indonesian market (click here for the notification criteria in the previous regulation). In addition, the threshold analysis for asset calculation reverts to the Indonesian basis from the worldwide basis.

Several days after publication of the New Merger Regulation, the government introduced a filing fee for merger notification through Government Regulation No 20 of 2023 on Types and Tariffs of Non-Tax State Revenue Applicable to the Commission for the Supervision of Business Competition (“GR No. 20/2023”). GR No. 20/2023 was enacted on 5 April 2023, but will become effective 30 days from the enactment date (i.e., 5 May 2023)

OJK Sets New Cyber Security Best Practices for the Banking Industry

Last year, the Financial Services Authority ("OJK") issued OJK Regulation No. 11/POJK.03/2022 on the Implementation of Information Technology by Commercial Banks. This regulation was part of the revolution by OJK of regulations on data, technology, risk management, collaboration, and institutional setting, all of which is designed to boost the acceleration of Indonesia's digital banking transformation. To follow up the regulation, OJK issued OJK Circular Letter No. 29/SEOJK.03/2022 on Cyber Security and Resilience for Commercial Banks ("Circular") as one of the implementing regulations to safeguard this digital banking transformation.

In the Circular, the OJK puts the onus on commercial banks (which include conventional and shariah banks) ("banks") to identify their cyber security risk by going through a series of assessments and processes on an annual basis. Once banks completed the self-assessment, they must report their self-assessed rating to OJK. In addition, banks must also report any cyber incident to OJK and set up a new cyber security structure.