GIR Live Hong Kong: How to respond to a cybersecurity crisis

30 October 2015

Verifying a cyber threat’s credibility and limiting potential fallout are among the first steps to take once a suspected cyber breach comes to light, but another question to ask is when to consider getting law enforcement involved.

GIR Live Hong Kong: the private equity dilemma - who do you turn to?

27 October 2015

When a foreign private equity firm discovers one of its Chinese investments has corruption issues, its first port of call in the search for answers might not be that company’s chairman, says Deutsche Bank’s deputy general counsel for Asia-Pacific.


Martin Rogers

Davis Polk & Wardwell

Martin Rogers is a partner in Davis Polk’s litigation department, based in Hong Kong. He is regarded as one of the market’s leading litigation and financial services regulatory lawyers with over 20 years’ experience in Asia, advising on complex litigation, arbitration, regulatory and white collar crime matters, with extensive experience advising leading corporates, the financial services industry and government bodies.

Kyle Wombolt

Herbert Smith Freehills

Kyle Wombolt is the global head of Herbert Smith Freehills' corporate crime and investigations practice. Based in Hong Kong, he has over 15 years' experience in Asia and has led investigations and compliance projects in more than 40 countries around the world. Kyle focuses on multi-jurisdictional anti-corruption, regulatory, fraud and accounting investigations, as well as trade and sanctions issues involving multinational and major regional corporates. 

Keynote Speaker

Anthony Neoh QC, SC

Barrister, Chambers of Anthony Neoh


Steve Bassi

Narf Industries

Albert Hui

Global Security Architect, IBM

Mark Johnson

Debevoise & Plimpton

Gavin Lewis


Benjamin Miao

Fangda Partners

Lief Thassim

Deputy General Counsel, Asia Pacific, Deutsche Bank AG

Kenneth Yeo


Rimsky Yuen

Former Hong Kong Secretary for Justice


8.30: Welcome coffee and registration

9.00: Chairs' welcome

Martin Rogers, Davis Polk & Wardwell
Kyle Wombolt, Herbert Smith Freehills

9.10: Morning keynote speech

Anthony Neoh QC, SC, Barrister, Chambers of Anthony Neoh

9.40: Session one: Investigations in China (GIR Live case study)

More and more foreign regulators and enforcers are focusing on conduct that occurred inside China. But for the companies they’re targeting, investigating such matters and then responding to the foreign enforcers is far from simple.

Indeed, when it comes to the “how” of running an internal investigation, it’s clear that “there’s China – and then there’s the rest of the world”, to quote one esteemed US source.

With that in mind, a panel of leading names will provide their collective wisdom on how to investigate a matter effectively within the very different legal landscape of China.

Topics the panel is expected to discuss:

  • Navigating laws on state secrets and data privacy
  • Legal professional privilege
  • Other China-specific ‘constraints’ on usual investigating practice

Questions the case study will raise include:

  • Should you voluntarily disclose in China?
  • Can one ever obtain dependable advice on Chinese law?
  • Will Chinese authorities ‘pile in’ if cases are opened elsewhere?
  • Should one prepare local subsidiaries for audits and inspections by Chinese officials?
  • Are Chinese authorities now targeting international businesses and non-PRC nationals?

Martin Rogers, Davis Polk & Wardwell

Benjamin Miao, Fangda Partners
Anthony Neoh QC, SC, Barrister, Chambers of Anthony Neoh
Lief Thassim, Deputy General Counsel, Asia Pacific, Deutsche Bank AG
Kenneth Yeo, BDO

11.00: Coffee break

11.30: Session two: Investigating a serious cyber attack – a new set of skills?

Here’s the set up: a Hong Kong listed company with global operations is about to announce a big merger - when it gets an email. The email announces it has been hacked: all of its customer data, and all of its strategic information, including the plans for the merger and details of the negotiations, will be released on to the Dark Web. Unless the hackers demands are met.

Panic ensues.

What should the company do? What can it do?

In this session a panel of leading names from the worlds of law, IT security, and public affairs will discuss how to get your arms around the chaos that inevitably follows a real cyber attack. In the process they’ll discuss:

  • Who should be on the response team?
  • The challenge of investigating and responding in parallel
  • Legal privilege
  • What are the possible legal consequences?
  • Are there immediate regulatory obligations? Is a report required to the Hong Kong Privacy Commissioner?
  • Dealing with media, shareholders and law enforcers
  • How does the breach affect the merger?
  • What could the company have done to avoid this breach in the first place? Who should lead the security system checks?

Kyle Wombolt, Herbert Smith Freehills

Steve Bassi, Narf Industries 
Albert Hui, Global Security Architect, IBM
Mark Johnson, Debevoise & Plimpton
Gavin Lewis, Linklaters

13.00: Networking lunch

14.00: Close of conference


Hong Kong International Arbitration Centre, 38th Floor, Two Exchange Square, 8 Connaught Place, Hong Kong