On 13 September 2023, the Malaysia Competition Commission ("MyCC") issued its decision of 11 September 2023 relating to an abuse of dominance investigation into Delivery Hero (Malaysia) Sdn Bhd ("Foodpanda") and found that Foodpanda did not infringe section 10 of the Competition Act 2010. The alleged conduct of concern was the imposition of an exclusivity clause in the agreements between Foodpanda and its merchants in an arrangement known as the "preferred partnership category". MyCC took the view that such an arrangement could harm competition as such conduct could disincentivise merchants from partnering with other food delivery platforms, thereby causing distortion in the process of competition in Malaysia.
Based on the assessment of the evidence and facts, MyCC found that there was insufficient evidence to support a finding that Foodpanda is a dominant player in the relevant market (i.e. intermediary online platform markets that match customers, merchants and delivery partners for the provision of food ordering and delivery services in Malaysia). MyCC held that there was no abuse of dominance by Foodpanda.
In determining that Foodpanda is not dominant in the relevant market, MyCC considered various factors including market shares of the relevant enterprises in the relevant market. In addition to MyCC's assessment of Foodpanda's revenue and its identified competitors to determine market shares, MyCC also used Gross Merchandise Value (GMV) as a metric to estimate Foodpanda's market share in the relevant market. Specifically, MyCC compared the GMV of Foodpanda's platform against its closest competitor, GrabFood, during the period of 2020 and 2021. MyCC also assessed whether Foodpanda was conferred an advantage to create network effects in the relevant market, and considered the degree of countervailing buyer power that Foodpanda faced in the relevant market. In making its non-infringement finding, MyCC took a practical and more economics-based approach in its assessment of this matter.
Malaysia's Ministry of Economy recently launched the National Energy Transition Roadmap ("NETR") as the blueprint for Malaysia's transition to a clean energy, low-carbon economy.
The NETR highlights ten flagship catalyst projects and initiatives to be carried out. These are based on six energy transition levers: (i) energy efficiency (EE); (ii) renewable energy ("RE"); (iii) hydrogen; (iv) bioenergy; (v) green mobility; and (vi) carbon capture, utilisation and storage (CCUS). The NETR also elaborates on the five enablers to facilitate the energy transition, namely (i) financing and investment; (ii) policy and regulation; (iii) human capital and just transition; (iv) technology and infrastructure; and (v) governance and implementation.
The Government of Malaysia has also decided, amongst others, to:
- increase the country's installed RE capacity from 40% in 2035 to 70% by 2050;
- introduce the concept of a self-contained system to the RE development framework, according to the "willing buyer, willing seller" principle;
- increase the installation of solar systems on government buildings; and
- allow cross-border RE trade through the establishment of an electricity exchange system, complementing the Association of Southeast Asian Nations' (ASEAN) power grid initiative.
The NETR also provides that the Government intends to reform the power sector by establishing a third-party access ("TPA") framework – to supply fuel sources and broaden access to the grid infrastructure (possibly in the form of smart grid and/or TPA to the grid system) – and a retail market.
The NETR expounds on Malaysia's energy transition ambitions and identifies the ingredients necessary to achieve those goals. The next step is the formulation of clear and concrete policies and regulations to activate the key initiatives which have been identified in the NETR.
For more information, click here and here to read our Legal Updates regarding the NETR.
On 25 August 2023, Bank Negara Malaysia ("BNM") announced that Bank Indonesia, Bank of Thailand and BNM concluded the signing of three bilateral Memoranda of Understanding ("MOUs"), which relate to the Framework for Cooperation to Promote Bilateral Transactions in Local Currencies between the countries ("Framework"). The MOUs expand the scope of the Framework to include more eligible cross-border transactions beyond trade and direct investment. This will be implemented gradually.
The MOUs will fortify cross-border economic activities, improve regional financial market stability, and deepen local currency markets in the three countries. They will also synergise with cross-border payment initiatives for more accessible and efficient local currency settlements.
The MOUs supersede the MOUs on local currency settlement framework which were signed by the three central banks in August 2015 and December 2016.
On 24 August 2023, the Asian International Arbitration Centre's ("AIAC") Arbitration Rules 2023 ("2023 Rules") came into effect. This easy-to-digest set of Rules promotes certainty, and by extension, provides the end user with confidence when seeking to rely on these Rules.
This update highlights four key changes introduced in the 2023 Rules.
The first is that an arbitration is taken to have commenced when the AIAC receives the complete notice of arbitration and the accompanying documents. This change, reflected in Rule 2 of the 2023 Rules, places AIAC in the central position between parties and removes the potential uncertainty which may arise when the commencement of an arbitration is pegged to service on the respondent.
The second is in respect of the Tribunal’s power to make Summary Determinations (previously introduced in the AIAC's Arbitration Rules 2021 ("2021 Rules")). The new Rule 11 maintains this power but the earlier procedural and time limitations have been removed altogether. This provides greater flexibility about when such an application may be made, and how the Tribunal deals with such applications.
Third, the new Rule 12 requires parties to an arbitration to disclose the existence of any third party funding and the identity of the funder. This Rule conforms with the international standard and duty of disclosure.
Finally, the addition of Rule 14 creates a dynamic role for the arbitrator. As the arbitrator is in the best position to weigh the evidence led by both parties to the arbitration, this Rule empowers the arbitrator to guide the parties to a potentially favourable outcome without compromising the progress of the arbitration. The Rule is drafted widely so as to provide the arbitrator with the freedom and discretion to facilitate the settlement as befits the specific facts of each arbitration.
All in all, the 2023 Rules remove the bells and whistles which previously adorned the 2021 Rules, and leave a clear and core set of arbitration rules designed to encourage rather than clutter the arbitration process.
The Malaysian Government has recently reaffirmed its commitment to present a draft Cybersecurity Bill ("Bill") – to address existing gaps in Malaysia's cybersecurity legal framework – to Parliament by 2024.
The key components that will be addressed by the Cybersecurity Bill include:
- the establishment of the National Cyber Security Agency ("NACSA") as the national cybersecurity regulator entrusted with the necessary enforcement powers to oversee cybersecurity matters in the country;
- the designation of Critical National Infrastructure Information ("CNII") sectors, together with CNII sector leads to act as intermediaries between NACSA and CNII owners;
- the identification of computers and computer systems that will be designated as CNIIs;
- the issuance of specific directions or codes of practice to define minimum cybersecurity standards for CNII owners;
- the introduction of baseline audit and risk assessment requirements for CNII owners, wherein CNII owners will be required to conduct audits and risk assessments and submit reports to NACSA;
- the introduction of mandatory cybersecurity incident notification requirements; and
- the introduction of licensing requirements for service providers offering certain cybersecurity services identified in the Bill.
Once the Bill is enacted, it will introduce new compliance obligations for CNII owners and cybersecurity service providers. Additionally, organisations providing services or engaging with CNII owners may also be indirectly impacted by the requirements outlined by the Bill.
While there has been no official confirmation by the Government regarding the types of organisations that will be designated as CNII owners under the Bill, it is likely that the Bill will align with the 11 CNII sectors currently identified in the Malaysia Cyber Security Strategy 2020-2024 policy document, which include companies operating within the sectors of banking and finance, information and communication, energy, transportation, water, health services, emergency services, agriculture and plantation, etc.
As such, all organisations must update themselves on the status and developments of the Bill, and in the interim implement measures to ensure compliance with the possible obligations to be imposed by the Government once the Bill is passed by Parliament.
In August 2023, the Securities Commission Malaysia ("SC") issued the Guidelines on Technology Risk Management ("TRM Guidelines") to enhance the management of technology risks by capital market entities ("CMEs"), in response to the growing adoption of technology among CMEs in recent years.
The TRM Guidelines are applicable to all CMEs licensed or registered under the Capital Market Services Act 2007. The guidelines are expected to come into effect by the third quarter of 2024, subject to further announcements from SC on the effective date of the TRM Guidelines.
Once the TRM Guidelines take effect, it will supersede existing requirements under SC's Guidelines on Management of Cyber Risk.
The TRM Guidelines introduce more detailed and enhanced requirements, including the requirements for CMEs to:
- ensure that their workforce undergoes annual cybersecurity awareness training;
- establish a technology audit plan and a comprehensive Technology Risk Management Framework that addresses specific areas identified in the TRM Guidelines;
- comply with the minimum requirements outlined in the TRM Guidelines about technology operations management, which encompass elements such as network and operational resilience, system security requirements, change management and patch management;
- conduct due diligence before selecting third-party service providers, and ensure that the Service Level Agreements executed with these providers contain the mandatory provisions outlined in the TRM Guidelines;
- implement a comprehensive cybersecurity framework with cybersecurity controls that align with their risk profile and business needs;
- notify SC upon detecting either (i) technology incidents that may potentially affect their business operations or clients; or (ii) cyber incidents that fall within the parameters defined in the TRM Guidelines, on the day of the occurrence of the incident through SC's Vault Portal; and
- be guided by the guiding principles relating to the adoption of artificial intelligence (AI) and machine learning prescribed by the TRM Guidelines when adopting such technologies.
CMEs are encouraged to proactively establish the necessary controls, policies and procedures to comply with the TRM Guidelines, pending the effective date or coming into legal effect of the TRM Guidelines.