Foreign direct investment in Southeast Asia reached around US$230 billion in 2023, a record high, even as global FDI fell. ASEAN now attracts close to one in six dollars of global investment and has been the leading FDI destination among developing regions for several years in a row.
The momentum continues. UNCTAD’s latest analysis shows that developing Asia attracted hundreds of billions of dollars in FDI in 2024, making up about 40% of global inflows, with Southeast Asia remaining a key destination.
For compliance teams, this increase is a double-edged sword. More cross-border deals, suppliers, and intermediaries mean more counterparties to assess, often in markets where data is fragmented, ownership is unclear, and enforcement varies.
Most due diligence frameworks in use today were designed for slower, more standardised markets. They assumed consistent disclosure rules, digitised records, and predictable regulators. Southeast Asia doesn’t fit that mould, which is why the same box-ticking processes that worked a decade ago now leave significant blind spots.
Before considering how to modify the model, it is helpful to understand the reasons for the region’s rapid investment growth.
Why is investment in Southeast Asia increasing?
Global supply chain shifts
Southeast Asia has become a crucial hub in global supply chains as companies diversify their production away from reliance on a single country, especially China. “China-plus-one” strategies are encouraging more high-value projects – from electronics to EV components – into ASEAN. OECD research on the region’s supply chains and UNCTAD’s global FDI analysis both emphasise this shift.
For you, this means more manufacturers, logistics providers, and subcontractors entering your third-party network, often through local structures that were not considered when your due diligence policy was written.
Regulatory environment and due diligence needs
Regulators across Southeast Asia are updating rules on financial services, data, payments and ESG as highlighted in successive ASEAN Investment Reports and regional policy papers. The region is positioning itself as an integrated, rules-based investment destination, even as governance standards remain uneven.
For global firms, localisation and risk-sensitive due diligence are no longer optional. To keep up with licensing, reporting, and enforcement expectations across multiple jurisdictions, you need a much clearer understanding of who you are dealing with.
Client and market demands
International businesses are also expanding into newer ASEAN markets such as Indonesia, Vietnam, and the Philippines to pursue long-term growth and benefit from a rapidly growing digital economy. ASEAN as a bloc is expected to rise further in the global rankings over the next two decades.
That expansion includes more local partners, distributors, and intermediaries. Internal stakeholders will ask to “add one more market” or “onboard one more partner,” but each new relationship has its own ownership, sanctions, and reputational considerations.
Technology and automation
Finally, the volume and complexity of counterparties are prompting organisations to revisit their approach to verification. FDI is increasingly centred on digital infrastructure and green technologies, where transactions occur swiftly and across borders.
Consequently, there is increasing demand for automated, data-driven tools that can support faster onboarding, ongoing monitoring, and better risk decision-making in this region.
The question is whether your current due diligence framework is prepared for that reality.
Where traditional due diligence breaks down
Fragmented data and inconsistent disclosure
Across ASEAN, transparency and data access remain inconsistent. Singapore and Malaysia maintain relatively structured corporate registers, but in markets like Vietnam and Indonesia, records can be incomplete, non-standardised or still not fully digitised.
The outcome? Two entities can seem equally legitimate on paper, yet one might be a front for politically exposed individuals or sanctioned entities. A basic check simply verifies what is recorded, not what is truly happening behind the scenes.
A heavy reliance on self-reported information
Many firms still depend on suppliers’ and distributors’ self-declarations or questionnaires. However, across Southeast Asia, local intermediaries often operate through informal agents, family networks, or nominee shareholders.
UNODC’s work on bribery in business in the region highlights that corruption in private-sector dealings often runs through intermediaries – agents, consultants, and local “fixers” who sit between the foreign investor and the local environment.
If your process mainly repeats what counterparties tell you, you rely on the party with the strongest incentive to minimise or conceal risk.
Weak corporate governance and corruption exposure
The latest Corruption Perceptions Index from Transparency International paints a stark picture. Singapore sits near the top of the global rankings, with a score of 84/100, while countries such as Myanmar are at the very bottom, with a score of 16/100. Globally, more than two-thirds of countries still score below 50/100.
In this environment, “desktop due diligence” usually means a few registry extracts, a company profile, and some open-source checks . Those steps often confirm the formal story while overlook the informal influence, off-book payments, and opaque ownership structures behind it.
When Ownership Hides in Plain Sight
A 2024 investigation by Transparency International Indonesia into the nickel mining industry revealed the widespread use of nominee ownership structures to conceal the actual controllers of companies holding licences. These proxies were often linked to politically exposed persons, but layers of shell entities and informal shareholdings obscured their connections.
One multinational buyer relying solely on standard questionnaires overlooked the fact that a subcontractor’s ultimate owner was connected to a regional political figure. When the exposure emerged, the company faced public scrutiny and lost a major government contract.
The real risk rarely sits in public records; it hides in ownership chains and connections that routine checks don’t uncover.
What steps to take instead: building due diligence that works in Asia
1) Map regional and sector-specific risk
Begin with context, not just forms.
Examine corruption indices, regulatory frameworks, and enforcement trends by country, then add sector risk. A fintech in Singapore and a mining subcontractor in Indonesia should not be handled the same way.
A single, global checklist will never work effectively across Singapore, Indonesia, and Vietnam. Your policy should clearly specify where you require greater scrutiny and what “good” looks like in each context.
2) Go beyond first-tier checks
Many of the most serious risks sit beyond your immediate counterparty.
Ownership and control can transfer through related parties, joint ventures, local distributors, and subcontractors several layers down the chain. Instead of stopping at “who owns this company today,” expand your perspective to include connected entities and downstream relationships.
For higher-risk engagements, ask yourself:
- Who else benefits if this contract goes ahead?
- If this relationship appears in the news tomorrow, which names will be mentioned alongside ours?
3) Use local-language and non-standard data sources
Most red flags in Southeast Asia do not usually surface first in English, if at all. They tend to appear in local-language media, domestic court records, regulatory announcements, and industry forums.
If your due diligence solely depends on English-language searches and a limited set of global databases, you are working with a clear blind spot. Incorporating local-language data and the ability to match names accurately across scripts and transliterations is crucial for gaining a realistic view of counterparties in the region.
4) Adopt event-driven monitoring
Regulators such as MAS, HKMA, and AUSTRAC increasingly expect dynamic, risk-based monitoring instead of static annual reviews.
In practice, that means setting clear triggers and acting on them:
- significant changes in ownership, directorship, or control
- major news events or negative media
- new sanctions, regulatory actions or legal proceedings
When those triggers occur, you should not wait for the next calendar review. High-risk relationships must be regarded as ongoing exposures, not files to be reopened just once a year.
5) Integrate findings into governance
Due diligence only adds value if someone acts on the findings.
Ensure due diligence findings feed directly into how you govern third parties:
- Escalate serious issues to your risk or compliance committee.
- Adjust contracts, pricing or approval thresholds where the risk justifies it.
- Apply a clear decision matrix, so similar findings lead to consistent outcomes.
Organisations such as the Basel Institute on Governance have long stressed that sustainable business integrity in Asia relies on better information and genuine follow-up. Due diligence must be more than just a folder of PDFs.
Evidence that the model must change
Recent research from across the region indicates the same: current practices are not keeping pace with real risk.
- Reviews of banks financing agriculture in ASEAN revealed that none of the assessed institutions incorporated basic criteria, such as living wages or maximum working hours, into their due diligence, despite the clear human rights implications.
- UNODC studies emphasise that most private-sector bribery in Southeast Asia flows through intermediaries, underscoring that single-layer due diligence focused on the immediate counterparty is no longer sufficient.
- Transparency International’s CPI 2024 analysis warns that uneven anti-corruption enforcement across Asia-Pacific creates “safe zones” where opaque networks can thrive due to weak oversight.
Put simply, standard due diligence hasn’t failed because firms are complacent; it’s failing because Southeast Asia has changed faster than the frameworks designed to control risk.
What Modern Due Diligence Looks Like
In practical terms, modern due diligence in Southeast Asia should be:
- Dynamic — driven by clear triggers and ongoing monitoring, not just annual reviews.
- Data-driven — combining official records with local-language data, adverse media, litigation and regulatory findings.
- Cross-border — able to map ownership and control across multiple jurisdictions, including those with incomplete or inconsistent records.
- Integrated — feeding directly into governance, risk and compliance systems, rather than sitting in isolated reports or spreadsheets.
Firms that act in this way are better positioned not only to meet regulators’ expectations but also to avoid the reputational and commercial damage that results from discovering a problem only once it makes headlines.
Want to see how your own partners stack up?
Request a demo, and we will guide you through real-time verification and risk insights, using your actual counterparties as examples and tailoring the session to your current due diligence process.
