|ICT Update | November 8, 2018
Authors: Kim Yaeger, Ella Duangkaew, Monica Chritton, Bryan Yeoh, Tra Nguyen
November 13, 2018: Singapore Roundtable with DAS James M. Sullivan
November 13, 2018: 2018 TELMIN Business Mission Planning Call 2
November 21, 2018: SME Workshop in Hai Phong, Vietnam
December 4: 2018 Business Mission to the 18th ASEAN Telecommunications and Information Technology Ministers Meeting
|THE COUNCIL'S TAKE|
Malaysia Introduces Digital Tax in FY 2019 Budget
Malaysia recently announced its 2019 Budget, and introduced a tax on imported online services. Foreign online service providers will have to register with the Royal Malaysian Customs Department and a service tax on imported online services will go into effect on January 1, 2020. Qualifying online services include software, music, videos and any digital advertising provided to Malaysians. According to the Finance Ministry, the tax is aimed at leveling the playing field between domestic and foreign online service providers and sparking greater competition in the e-commerce sector. The Ministry has yet to provide specifics of the taxes including proposed rates. Currently, certain digital transactions are imposed a 10 percent withholding tax (WHT). The WHT applies to Malaysian companies’ transactions with foreign service providers. The Malaysian public has reacted negatively to this announcement as they are concerned that service providers will have consumers absorb the tax by increasing prices. Members of Malaysia’s startup scene are also concerned that the digital tax will create negative sentiment from businesses towards the government, and may result in companies running their businesses from outside Malaysia. Pikom chairman Gamesh Kumar has urged the government to implement this measure in consultation with respective industries.
Other highlights of Budget 2019 on digital economy include the introduction of a Capital Market and Services Act to act as a regulator for digital currencies and token market trading activities, the introduction of property crowdfunding for first-time homeowners regulated by the Securities Commission of Malaysia and the introduction of a RM3 billion (US$721 million) industry digitalization transformation fund with a subsidized two percent interest rate.
This new digital tax follows a growing trend among ASEAN countries of taxing digital services and transactions, such as Thailand’s Value-Added Tax on e-Commerce, which was recently passed by the Cabinet, and Indonesia’s in-development tariffs on intangible goods. Each of these measures shares the goal of attempting to level the playing field between domestic and foreign online service providers, and generate increased revenue from the immense growth of foreign digital providers in their countries.
Thailand’s Draft Cybersecurity Bill Continues to Draw Industry Outcry, PM Orders Review
Thailand’s Draft Cybersecurity Bill has drawn criticism from several stakeholders, including state agencies, domestic business and foreign businesses operating in Thailand, who share concerns about the Bill’s potential to create opportunities for abuse of power and data privacy breaches. The Bill will proceed to the National Legislative Assembly following its expected approval by the Cabinet this month. In response to widespread outcry, Prime Minister Prayut Chan-o-cha has called for review of the Bill this week, according to the Bangkok Post.
Criticism of the Cybersecurity Bill includes questions of its potential to silence public opinion ahead of the upcoming elections, risks to confidential information and concerns that the Cyber Security Agency (CSA) created by the Cybersecurity Bill would have far-reaching powers. General Bunjerd Tientongdee, a member of the National Cybersecurity Committee, said that the Prime Minister and National Legislative Assembly must be informed that the current version of the Bill has serious flaws and that must be amended.
Notably, the CSA would be granted broad powers to seize and hold computers without due process and access an organization’s information and facilities in the event of an anticipated or actual cyber threat. The Cybersecurity Bill also introduced obligations for public and private organizations operating Critical Information Infrastructure in its current version. The Cybersecurity Bill would also allow the CSA to form a joint venture, which would allow it act as both a regulator and an operator, “which can create joint ventures and request financial loans for its operations,” according to the Bangkok Post (for more information, see our previous Update here).
As Thailand works to address emerging cybersecurity threats and bolster its technological capacity and infrastructure, it will be critical for these efforts to achieve the important goal of protecting citizens’ data without stifling innovation or jeopardizing data privacy and confidential information, such as trade secrets. The Cybersecurity Bill’s current punitive measures also impose heavy consequences to firms that cannot comply, which are prescribed in broad language. With concerns coming from various stakeholders, it may be likely that the Cybersecurity Bill’s more vague and heavy-handed language may be revised to strike an effective balance.
State Bank of Vietnam Issues Regulations on Cloud Computing Services
The State Bank of Vietnam (SBV) recently issued Circular No. 18/2018/TT-NHNN (Circular 18) which includes 3 chapters, 6 sections and 55 articles regulating information security in banking operations. Most notably, Circular 18 introduces new regulations on the use of cloud computing services in banking as well as regulations on outsourcing cloud computing services to third party service providers. Among other things, section 6 of Circular 18 sets out some critical steps financial institutions (FIs) must follow before they outsource cloud computing services. Risk assessment is an essential component throughout these steps. First and foremost, FIs must determine the class of information and the level of information system to be outsourced to third party providers. There are three classes of information and three levels of information systems based on level of complexity and confidentiality. Circular 18 provides clear instructions on the classification of these systems. If a third party is hired to perform all administration-related activities of information systems classified at level 2 or higher, FIs will be required to submit a risk assessment report to SVB, who reserves the right to examine the report on a case-by-case basis. In short, SVB employs a notification system which requires FIs to send a report rather than apply for approval. However, it is unclear how frequently and what factors SVB shall choose to review the risk assessment report. Section 6 also recommends several factors FIs should consider when selecting third party providers and specifies provisions an outsourcing contract must entail. Circular 18 also lists out minimum contents FIs must include in their own information security regulations. These regulations must be signed by the legal representative and implemented throughout the organization.
Cloud technology has evolved and matured considerably, disrupting all sectors including banking. Governments have now recognized that it is vital to all institutions’ operations and have taken different stances on the use of cloud technology. The regulations vary by country in the region. In general, FIs are mandated to perform the necessary due diligence and apply good governance and risk management practices to protect sensitive customer data. Singapore requires FIs to adopt a risk-based approach to assure that the level of oversight and controls are commensurate with the materiality of the risks posed by cloud services. However, the Monetary Authority of Singapore (MAS) no longer expects FIs to pre-notify MAS of any outsourcing agreements since 2016. In contrast, Bank Negara Malaysia (BNM) is proposing a system which requires the Bank’s approval for several outsourcing arrangements including arrangement on cloud computing services. BNM also expects that FIs maintain control over third party service providers and their subcontractors. Vietnam’s utilization of a notification system reflects the government’s intention to create a business-friendly environment while retaining some control in conservative sectors.
Circular 18 will become effective on January 1, 2019 replacing Circular No. 31/2015/TT-NHNN. It applies to all credit institutions (except for people’s credit funds and microfinance institutions), foreign bank branches and organizations providing intermediary payment services
|IN THIS UPDATE|
Integrating IT for better public service Borneo Bulletin Online 8th Nov 2018
Sultan calls for wise use of technology Borneo Bulletin Online 6th Nov 2018
Online harassment a rising concern Khmer Times 8th Nov 2018
Prep for digital revolution must start now, ADB official says Khmer Times 4th Nov 2018
Transport Ministry to address potholes via app Khmer Times 2nd Nov 2018
Information Ministry combats fake news Khmer Times 26th Oct 2018
Indonesia to launch startup database as reference for digital industry development Yahoo! News 7th Nov 2018
Jokowi wants more unicorns to emerge The Jakarta Post 28th Oct 2018
Inside the government-run war room fighting Indonesian fake news South China Morning Post 25th Oct 2018
Govt to determine mechanism to confirm owners of social media accounts The Star Online 5th Nov 2018
Digital tax triggers generally negative public reaction The Star Online 3rd Nov 2018
Gobind: Five years a realistic target for rural broadband The Star Online 3rd Nov 2018
Regulatory framework for ICOs and digital asset exchange in Q1 2019 : SC The Sun Daily 2nd Nov 2018
Malaysia counts on tech to boost manufacturing The Straits Times 1st Nov 2018
Myanmar eyes e-commerce for jobs, trade and economic growth Mizzima Myanmar News and Insight 5th Nov 2018
Internet freedom rating drops in Myanmar: FEM Mizzima Myanmar News and Insight 1st Nov 2018
Consortium of Davao’s Dennis Uy, China Telecom declared 3rd telco BusinessMirror 8th Nov 2018
Converge ICT backs out of third telco bid ABS-CBN News 7th Nov 2018
Honasan is next DICT chief; appointment paper out soon Inquirer 5th Nov 2018
PH’s second microsatellite launched into space today Manila Bulletin News 29th Oct 2018
Philippines gets voting seat in international privacy body BusinessMirror 26th Oct 2018
Singapore announces formation of world's first commercial cyber pool Asia Insurance Review 5th Nov 2018
COI on cyber attack: More will be done to deepen cyber-security awareness of SingHealth employees The Straits Times 5th Nov 2018
Singapore well-placed to be e-commerce hub, with its tech-readiness, infrastructure: Economist survey The Straits Times 5th Nov 2018
SingHealth cyber attack COI: Senior manager reluctant to report attack because he did not want to deal with pressure The Straits Times 31st Oct 2018
AI businesses on the rise in Asean Bangkok Post 29th Oct 2018
Singapore sets up world's first commercial cyber risk pool Channel NewsAsia 29th Oct 2018
First ICO portal en route Bangkok Post 8th Nov 2018
Panel OKs draft on spectrum recall, including compensation Bangkok Post 8th Nov 2018
900MHz licence purchased by DTAC Bangkok Post 29th Oct 2018
Blockchain tech seen as a tool to curb corruption The Nation 28th Oct 2018
SEC issues warning on renegade ICOs Bangkok Post 27th Oct 2018
Vietnam rolls out web monitor to control 'false information' Channel NewsAsia 1st Nov 2018
Vietnam cyber law will guard against fake news, terrorism - security ministry The Star Online 31st Oct 2018
Firms urged to embrace mobile marketing Vietnam Net Bridge 29th Oct 2018
Ministry of Information and Communications moves closer to establishing ICT Industry Department Vietnam Net Bridge 29th Oct 2018
VN completes modernisation of banking sector Vietnam Net Bridge 29th Oct 2018
IT application makes easier for tax payers Vietnam Net Bridge 29th Oct 2018
Biotechnology to be made a focus in science and technology development scheme: conference Vietnam News 27th Oct 2018