Y2K in Thailand: A Legal Perspective

by
Jonathan Leeds
Chaninat and Leeds Co., Ltd., Thailand Attorneys

The Government of Thailand has been responsive in attempting to solve the Y2K bug problem, but many issues still remain unresolved. This article focuses on the government's response to the Y2K issue, an analysis of the Thai laws that are involved regarding both Y2K compliance and the litigation that will stem from Y2K failures and suggestions for limiting exposure and liability caused by Y2K failures.

Y2K Preparedness in Thailand Current status of Government Efforts

The Director of Thailand's National Science and Technology Development Agency (NSTDA), Dr. Pairash Thajchayapong, has stated that the National Electronics and Computer Technology Network (NECTEC) will be auditing public organizations beginning at the end of June with the cooperation of the Auditor General's Office and a Y2K consultant. According to Deputy Prime Minister Suvit Khunkitti, speaking on behalf of the Y2K Committee Chairman, reports concerning Y2K preparedness have already been received by all governmental ministries. Those ministries who functions have been classified as falling within the "super-critical sector" are expected to be Y2K compliant by the end of June. Mr. Suvit further noted that Thailand was classified by the World Bank as a country that was "alert to the Y2K problem." In November of last year, Thailand was classified by the World Bank as being in the fourth level of Y2K preparedness, but Thailand has recently been upgraded to the second level as of April, 1999. The second level is defined as those countries in which 15-33% of systems are at risk, whereas the fourth level indicates that more than 50% of the systems are at risk. Dr. Kanchit Malaivong, the Y2K Centre Director has stated that additional plans to make Thailand Y2K ready include: nationwide seminars for governors to encourage agencies to finish their Y2K plans, coordination with the Ministry of University Affairs in arranging seminars, publishing manuals and endorsing court regulations regarding Y2K issues. Governmental Measures

The Role of NECTEC: A Retrospective Analysis

On April 28, 1998 the Cabinet passed a resolution that every governmental ministry must establish a Y2K committee to assess, provide assistance and establish estimated budgets to be allocated in solving the problem. The Cabinet further resolved that NECTEC be appointed as the Coordinating Center to assist in carrying out these tasks. In addition, a resolution was passed to establish the National Y2K Coordination Committee.

NECTEC has tracked the progress of the Y2K renovation in each government ministry and agency, and has facilitated the inspection of computer equipment and non-IT devices, such as embedded systems. In July of 1998, at the first meeting of the national Y2K Coordination Committee, it was decided that governmental efforts should concentrate on critical systems such as those used in public utilities including electricity, water, telecommunication, energy, banking, safety, security, transportation, custom, business transaction and commercial systems. Preliminary inventories were sent out from the Ministries, and a budget assessment indicated that 2,000 million baht would be needed to solve the rectify the Y2K problem. In late 1998 NECTEC approximately 319 mission critical systems were identified within government agencies.

Possibility of New Legislation

Dr. Pairash, the Director of the NSTDA has stated that a new set of legal regulations, drafted in cooperation with the Faculty of Law, Thammasat University and NECTEC, will be submitted to the Cabinet by the end of June. One of the objectives of these regulations is to encourage agencies to be candid about their Y2K preparedness, thus assisting the public in choosing services. This appears to be similar to the global trend of providing legal protection for organizations that provide full disclosure. According to Professor Prasit Eckabutra, of the Thammasat University Faculty of Law, the main content of any decree should include legal protection for accurate Y2K information and readiness disclosures, and address the government's duty to provide assistance to the private sector and issues of criminal, civil and commercial penalties.

Existing Laws and Legislation that Apply to the Y2K Problem

Existing legislation specifically addressed to the Y2K problem has been limited to resolutions designating NECTEC as the Coordinating Center for Y2K issues and establishing the Y2K Coordination Committee along with other administrative matters. The Y2K Committee currently has authority within the public sector to monitor and assist compliance by government organizations. The Y2K coordination committee has no authority, however, regarding non-governmental entities such as private businesses. Nevertheless, many enterprises fall within the government's control because they are state enterprises.

Although no specific laws directly relating to enforcing Y2K compliance have been passed in Thailand, there are a number of existing laws through which the government exercises control.

Government control

Laws Concerning Compliance

Governmental control concerning Y2K compliance is exercised through the enforcement of pre-existing legislative Acts, which are enforced through the oversight of governmental Ministries. Governmental control is not exercised directly by the Y2K

For instance, the Ministry of Industries is responsible for the implementation of the Factory Act, and the Stock Exchange of Thailand is governed by the provisions of the Investment Act. Accordingly, there are applicable regulations regarding the Y2K problem that would relate to the Stock Exchange of Thailand, the Banking Industry as well as the Hospital, Transportation and Utilities sectors. This is because all of these industries fall within the jurisdiction of specific governmental ministries and have operations that have been labeled as either "mission critical" or "super mission critical."

Bank of Thailand Y2K Measures

Supervisory Measures: As the Nation's central bank, the Bank of Thailand (BOT) is responsible for supervising all Thai-incorporated banks. The BOT maintains a policy that the Board of Management of each financial institution be fully involved with its year 2000 project and the BOT attempts to enforce compliance along the guidelines as set out in the United States General Accounting Office (USGAO). Each financial institution must submit a monthly progress report to its Board and to the Bank of Thailand. A certified public accountant or a computer specialist has to be employed to review the project and subsequently report to the BOT.

The BOT has established a Working Committee for supervision and monitoring of financial institutions plans and preparations to solve the Y2K problem. The Committee is chaired by the Assistant Governor for Examination and Supervision.

BOT Enforcement Powers: The BOT's enforcement powers derives from the Commercial banking Act which provides for the following sanctions for non-compliance with the BOT's supervisory and monitoring activities:

- A fine not exceeding Baht 300,000 and a further fine of not exceeding Baht 2,000 per day until the offender modifies its projects;

- Imposition of Restrictions on Loan Windows or Repurchase Markets;

- Suspension of certain activities that are considered to seriously impact the public such as deposit, transfer and repayment;

- Imposition of discipline on the responsible Directors of commercial banks whose progress has not been satisfactory.

The Stock Exchange of Thailand (SET)

The legislation controlling the SET also provides for mechanisms for imposing fines for Y2K non-compliance. An auditor has been empowered to monitor and enforce compliance. Registered Thailand Companies listed on the SET are required to publicly announce the status of their Y2K compliance, which would include announcing their Y2K budgets and their Y2k diligence programs.

Laws Applicable to Litigation

Laws currently in place that relate to Y2K litigation and are expected be used as arguments for liability in the event of damages and losses resulting from the Y2K problem are found primarily in Thailand's Civil and Commercial Code (CCC).

Liability for Defect: CCC Section 472 provides that, "In the case of any defect in the property sold which impairs either its value or fitness for ordinary purposes of the contract, the seller is liable. The foregoing applies whether or not the seller knew or did not know of the defect." However, CCC Section 473 states in part that, " The seller is not liable in the following case (1) if the buyer knew or would have known if he had exercised such care as expected from a person of ordinary prudence." Therefore, although clause 472 may make the Seller presumptively liable for any defect, whether he knew of such defect or not, in light of the widespread media attention given the Y2K issue, sellers and suppliers are likely to argue that "the care as expected from a person of ordinary prudence" would require purchasers to inquire regarding the Y2K compliance status of goods, supplies and services purchased.

Liability for Fraud: Pursuant to Section 159 of the CCC a declaration of intention procured by fraud is voidable. Further, pursuant to Section 162, an intentional silence of one of the parties to a bilateral juristic act in respect to a quality of which the other party is ignorant, is deemed to be fraud, if proved that without it, the act would not have been made. Pursuant to CCC 483 , a party may insert a non-liability clause in a contract, however, a non-liability clause cannot exempt the seller from the consequences of his own acts or of facts which he knew and concealed.

Taken together, these provisions will likely be argued on behalf of purchasers who claim to have entered into transactions based on some form of intentional misrepresentation by the seller or supplier.

Director Responsibilities: Pursuant to Section 1166 of the CCC, a Director of a company is charged with the due diligence of a careful businessman for any acts that are not approved by the shareholders. He may also be liable to the company for injuries that he has caused pursuant to not acting in accordance with CCC Section 1169. Therefore, based on these sections, a company director should be advised to have carefully implemented a due diligence program with regard to his company's Y2K compliance along with the gaining adequate representations from related parties in the companies transactional chain.

Force Majeure: The force majeure provision is standard in most contracts and also is codified in the Civil and Commercial Code. Since this clause makes a party non-liable for damages caused by acts outside of that party's control, it is not likely to be successfully argued on behalf of entities that caused a loss or damages through their own fault in failing to take actions to ensure Y2K compliance. In other words, the force majeure clause is not likely to protect a company that has caused a loss or damage as a result of failing to correct an internal Y2K problem.

However, with regard to external risks, i.e., risks cause by computer systems or other operations outside the control of the company or entity, for example a supplier or a public utility that has caused a breakage in the transactional chain, or other form of loss or damage, as a result of a Y2K failure, force majeure is likely to be advanced as a potential defense. This is because even though a company or other legal entity may be internally Y2K compliant, it may still be forced to rely on outside services, utilities or other events, over which it has no control, in carrying out its duties and obligations.

The Due Diligence Plan

The following actions should be considered prudent for any organization or business entity in preparing for Y2K damage reduction in Thailand. These criteria may also be useful in formulating a due diligence plan and reducing the potential legal and financial exposure of a company as a result of Y2K litigation:

- Inventory all software, hardware and embedded systems for Y2K compliance. Examine all related agreements and warranties.

- Consult with Y2K specialists to identify all non-compliant computerized systems.

- Consult with suppliers, manufacturers, seller, licensors and service providers to determine the compliance level of their products

- Review all contracts and warranties to determine any available, remedies, upgrades and repairs available.

- Send due diligence questionnaires to all entities involved in the distribution or transactional chain to determine their level of Y2K preparedness and attempt to receive assurance with regard to the Y2K problem and their continuity of service.

- Ensure that all future purchases are Y2K compliant and attempt to attain certificates and warranties in this regard.

- Attempt to insert disclaimers for Y2K problems in all contracts that the entity may have with other parties.

- Review insurance policies to determine whether Y2K damages are covered. Determine of an extension of existing coverage be obtained.

- Keep accurate and detailed records of all actions taken to minimize the harm caused by the Y2K millennium bug.

Conclusion:

Thailand has been moderately responsive to the Y2K problem. Certain legislative acts have been passed which have established committees specifically assigned to tackle the Y2K problem in Thailand. No new enforcement legislation regarding Y2K compliance has been passed so far in Thailand. However, there are existing laws that can be applied to government controlled organizations in order to enforce their compliance. The Civil and Commercial Code has several provisions that may become applicable when Y2K litigation begins. A due diligence plan is advised for all legal entities attempting to avoid or minimize their Y2K liability.

© 1999 Thailand Law Forum, email: thailand@justicemail.com