Supply & Distribution in MENA/SAARC: A Practical Playbook for Market Entry, Compliance & Contracts
By Tahmidur Remura Wahid (TRW) Law Firm — Cross-border trade, corporate structuring & disputes
Why this guide (and why now)
Supply and distribution across MENA (Middle East & North Africa) and SAARC (South Asia) can be extraordinarily rewarding—but only when your route-to-market, contract architecture, and compliance stack are engineered upfront. These regions combine high-growth demand with agency/distribution laws, VAT/customs regimes, sectoral authorizations, and evolving competition and consumer rules. The difference between a seamless launch and a costly standstill usually comes down to four design choices:
The right go-to-market model (distributor, agent, franchise, importer of record, branch, or free-zone hub).
Cash-flow protection (Incoterms, trade instruments, security, and enforcement planning).
This TRW playbook turns those choices into step-by-step actions tailored to MENA/SAARC realities.
Want a deeper legal/commercial lens on cross-border trade documentation and risk allocation? See TRW’s resource on International Trade.
Part A — Route-to-Market Models (and when to use each)
1) Exclusive/Non-exclusive Distributor (title to goods transfers)
Use when: You need local warehousing, after-sales, and commercial hustle without building your own entity. Strengths: Local tax footprint sits with distributor; faster scale; market knowledge. Watch-outs:
Agency-like results if law treats strong control/exclusivity as a de-facto commercial agency (some GCC regimes).
Termination compensation risks in agency-heavy systems if the deal is registered as an “agency.”
Price control/vertical restraints scrutiny (increasingly policed in multiple MENA and South Asian jurisdictions).
Drafting tips: Minimum purchase targets, rolling 12-month KPIs, stock rotation & buy-back, service-levels, marketing fund, data/reporting cadence, IP & brand use, audit rights, and spare-parts/service obligations.
2) Commercial Agent (no title transfer; introduces/negotiates)
Use when: You want a commission-based “door-opener” and intend to contract directly with customers. Strengths: Lower inventory risk; quick onboarding. Watch-outs:
Registration requirements in several GCC/North African systems; non-registered agents may face enforcement limits while registered agents often gain statutory protections (including termination compensation and exclusivity presumptions).
Local nationality/ownership requirements in a few countries for “commercial agent” status.
Drafting tips: Cap territory, customer classes, and authority; align commission triggers with cash receipts; strict use of company name rules; no power to bind the principal unless expressly granted; clear de-registration mechanics on exit.
3) Franchise (brand + know-how + control stack)
Use when: Replicating a system (F\&B, retail, services) with heavy brand and process control. Strengths: Scalable brand footprint; fee-based economics (entry, ongoing royalties, marketing). Watch-outs: Pre-contract disclosure in some states; consumer protection angles; localization (menu, halal, labeling, data). Drafting tips: Ops manual supremacy, training & QA, supply chain control, localization schedule, audit/inspection rights, IP policing, and step-in rights for quality failures.
4) Importer of Record (IoR) / Authorized Representative
Use when: Products require local registrations (medical devices, pharma, food/cosmetics, telecom/IFI). Strengths: Regulatory “front” and liability holder in-country; smoother customs/market surveillance. Watch-outs: Lock-in risk (registrations under partner’s name); exit requires transfer of market authorizations and packaging/artwork updates. Drafting tips: Clear ownership of registrations; escrow of technical files; transfer-on-termination covenants; adverse event reporting; recall & field action matrix.
5) Branch/Subsidiary (including free-zone hub)
Use when: Strategic scale, regulated sectors, direct control of brand/pricing/data, or you want to serve multiple countries from a hub (e.g., Dubai, Abu Dhabi, Jebel Ali, KEZAD, DMCC, Bahrain). Strengths: Bankability, consolidated governance, multi-jurisdiction logistics. Watch-outs:PE and VAT creation on mainland sales; payroll/WPS; audits. Drafting tips: Align hub contracts with regional Incoterms, customs corridors, and qualifying free-zone tax conditions where relevant.
Part B — Regional Reality Check (MENA vs SAARC)
GCC & wider MENA (practical signals)
Commercial agency regimes: Some GCC/North African systems grant statutory protection to registered agents (exclusivity, termination compensation, forum rules). Choose your label carefully (distributor vs agent) and avoid accidental registration.
VAT: Widespread in GCC (rates vary); registration thresholds and place-of-supply rules matter for B2B services and e-commerce.
Product compliance: Arabic labeling, halal certification for selected categories, energy efficiency, telecom conformity, and sector approvals (health, education, media).
SAARC (Bangladesh, India, Pakistan, Sri Lanka, Nepal, Bhutan, Maldives, Afghanistan)
Customs & FTAs: SAFTA preferences exist; ensure rules-of-origin are documented.
Standards & regulators: Think BSTI (BD), BIS (IN) and category regulators (drug devices, food safety, telecom).
Tax & indirects: VAT/GST regimes with place-of-supply logic for services; withholding on commission/fees in several states.
Agency/distribution: Fewer formal “registration” models than GCC, but competition and consumer oversight is active (e.g., foreclosure/tying, unfair terms).
Data & digital: E-commerce/marketplace rules and cross-border data questions evolving—contract for data residency contingencies.
Exclusivity: Make it earned, not given—tie to KPIs/market share slices; reserve carve-outs (strategics, key accounts, defense, government).
Performance & audit: Rolling targets, quarterly reviews, system access to sales-out data, audit of brand spend.
Price & discount governance: Net price bands, promo approvals, pass-through of tax changes, and no RPM where prohibited (convert to recommended pricing with compliance language).
Stock mechanics: Forecasting, minimum stock, shelf-life thresholds, returns, buy-back on termination, and obsolescence sharing.
Compliance stack (build once, use for all)
Product compliance: Who registers, who owns the registration, who pays for testing/marking; Arabic/Bengali/Hindi labeling where required; recipe/formula confidentiality.
Trade controls: Sanctions/export controls warranties; end-use certificates; routing limits (no transshipment via restricted ports; AIS on for vessels).
Anti-bribery: Local and extraterritorial (e.g., UKBA/FCPA-style clauses) with audit/termination triggers.
Data & privacy: Localization contingencies; DPA with cross-border transfer terms and required consents.
IP & brand: Trademark license, domain and social handles, brand policing, counterfeit takedowns, and post-term de-branding.
Termination & exit
For cause: compliance breach, KPI failure, insolvency, change of control.
For convenience: if permitted, usually with notice + buy-back formula.
Compensation: If the jurisdiction implies agency compensation, address caps/waivers to the extent permissible.
Hand-back: customer lists, market authorizations, tooling/molds, domain/handles, and unsold stock.
Non-compete & non-solicit: Reasonable duration/scope aligned with local rules.
Dispute resolution & enforcement
Arbitration (ICC/SIAC/LCIA/HKIAC/BIAC) with a seat that supports interim relief; carve-out for urgent local court measures (seizure of counterfeit, injunction against brand misuse).
Agency-specific forums: Where registered agency statutes mandate local forums, reflect that reality (and choose “distribution,” not “agency,” when that’s your intent).
Trade instruments: Standby LCs, performance bonds, and parent guarantees harden performance without litigation.
Part D — Taxes, Customs & Logistics (get paid faster)
Indirect tax map
GCC: VAT regimes; free-zones and designated zones can change VAT customs treatment for goods.
South Asia: VAT/GST; place-of-supply rules for services; possible withholding on commissions/technical fees.
Drafting tip: Price “exclusive of indirect taxes,” with tax change pass-through; specify fiscal representative where needed.
Customs & rules-of-origin
Preferential rates under GAFTA, GCC, SAFTA, and bilaterals depend on origin certificates and transformation tests.
Build a rules-of-origin memo per SKU; embed supplier declarations and audit rights.
Incoterms & risk transfer
Choose Incoterms® 2020 aligned to your logistics reality:
EXW/FCA for distributor-pickup;
DAP/DDP if you want control of door delivery (but expect VAT/PE considerations on DDP);
CIF/CFR for maritime bulk.
Pair with marine cargo and trade credit insurance where ticket sizes warrant.
Trade finance hygiene
LCs/standby LCs with clean presentation requirements; URDG for guarantees; no-injunction covenants where local practice allows.
Set-off mechanics and escrow for launch marketing funds or tooling.
Part E — Product-/Sector-Specific Checklists
Food & beverage
Halal certification (where applicable), shelf-life rules, Arabic/other labeling elements (ingredients, allergens, date formats), temperature-controlled chain.
Recalls: mock recall drill clause; lot traceability.
Pharma & medical devices
MAH/AR model (who holds the registration), PV (pharmacovigilance) duties, field safety corrective actions, adverse event timelines, and sample control.
Electronics/ICT
Spectrum/telecom approvals for devices; safety standards; e-waste take-back; software encryption red flags (export control angle).
Automotive/industrial
Homologation/conformity, spare-parts pricing, technical training, tooling ownership, and warranty administration.
Territory & channel: “Exclusive distributor for [Country/Channel]. Principal reserves Key Accounts [list] and E-commerce Flagship Store.”
Performance-for-exclusivity: “Exclusivity continues only if Distributor meets Rolling 12-month Targets set in Annex A; failing two consecutive quarters triggers downgrade to non-exclusive.”
Registration ownership: “All regulatory approvals/market authorizations are held in the name of Principal; Distributor is AR/IoR solely as agent; on termination, Distributor shall execute transfer within 30 days.”
Sanctions/export: “Each party warrants no listed status/ownership; no diversion to restricted persons/places/end-uses; routing via approved ports/vessels only; AIS on; records kept 5 years.”
Competition-safe pricing: “Prices recommended, not mandatory, except where resale price maintenance is lawful or approved under applicable law.”
Termination buy-back: “Saleable stock (≥75% shelf-life) at landed cost minus [●]% handling; obsolete/aged stock at [●]%; tooling and marketing assets per Annex B.”
Dispute resolution: “Arbitration under [Rules] seated in [City]; English; interim relief from competent courts preserved. For mandatory agency claims, parties submit to [local forum] as required.”
Part H — Case-Style Illustrations (anonymised)
Arif Traders (BD) ↔ GulfTech FZE (UAE): Electronics distribution across GCC. TRW structured a non-exclusive start with earned exclusivity, hubbed out of Dubai free-zone with FCA terms; bank pack pre-cleared with two lenders. Year-1 expanded to Saudi with dedicated service SLAs.
Sana Foods (PK) ↔ Levant Retail (JO/LB): IoR/AR model for ambient and chilled foods. TRW put halal & Arabic labeling on a critical path, created a mock-recall policy, and designed a sell-out bonus to win modern trade space.
Rakesh Med Devices (IN) ↔ North Africa Care: Device registrations sat with distributor; exit stalled. TRW enforced transfer-on-termination covenants and escrowed technical files, enabling a smooth switch-over in 60 days.
(Names are generic for confidentiality.)
Summary Table — Supply & Distribution in MENA/SAARC
Pillar
What to decide
TRW tool
Business result
Route-to-market
Distributor vs Agent vs Franchise vs IoR vs Hub
Model picker + risk matrix
Speed + control balance
Territory/exclusivity
Earned exclusivity tied to KPIs
Performance & audit annex
Coverage without lock-in
Product compliance
Registrations, labeling, halal, sector approvals
Reg map + ownership of MAs
No border/market blocks
Trade controls
Sanctions/export, routing, end-use
Contract warranties + red-flag playbook
Ship without holds
Pricing/competition
RPM risk, discount governance
Competition-safe pricing kit
Growth without fines
Incoterms & finance
EXW/FCA vs DAP/DDP; LCs/URDG
Incoterms + bank pack templates
Faster cash conversion
IP & brand
TM license, counterfeit takedown
IP policing SOP
Brand integrity
Taxes & VAT
Registration, place-of-supply, WHT
Tax pass-through + PE guardrails
Predictable margins
Disputes
Seat/rules; local court carve-outs
Arbitration + emergency relief plan
Enforceable outcomes
Exit & hand-back
Buy-back, MA transfer, de-branding
Exit checklist + escrow
Painless switch-over
How TRW helps
Strategy: Model selection, zone/hub planning, and tax/VAT guardrails.
Contracts: Master distribution/agency/franchise with country annexes; IoR/AR frameworks; e-commerce marketplace terms.
If you share your product list and three target countries, we’ll return a two-page route-to-market memo with contract levers, compliance gates, and a 90-day launch plan tailored to your sector.
International Franchising: A Complete Legal & Operational Playbook
by Tahmidur Remura Wahid (TRW) Law Firm
For brand owners, master franchisees, developers, private equity sponsors, and in-house counsel who need a practical, end-to-end path to launch, scale, and protect franchise networks across borders—with deep focus on Bangladesh, the United Kingdom, and Dubai/UAE.
1) What “international franchising” really covers
At its core, franchising is a long-term IP-licensing and operating system: the franchisor grants brand and system rights; the franchisee invests capital and executes locally; both sides share economics through entry fees, royalties, and marketing contributions. Across borders, the model intersects with:
IP (trademarks, trade dress, copyrights, know-how, trade secrets).
Foreign exchange & remittances (royalties, service fees, marketing levies).
Corporate/agency law (commercial agency registration vs ordinary contracts).
Employment, real estate, HSE, consumer protection, data protection (e.g., GDPR).
Tax (withholding on royalties/services, VAT/GST, permanent establishment (PE) risk).
The right structure protects the brand, ensures economics flow offshore cleanly, and keeps you out of disputes and regulatory traps.
2) The franchising spectrum: choose the right vehicle
Single-Unit Franchise – one location; often a pilot to prove product-market fit.
Multi-Unit Franchise – a bundle of outlets for one franchisee within a geography and timeline.
Area Development – development schedule with minimum numbers and milestones; no right to sub-franchise.
Master Franchise – broad territory rights with sub-franchising power, robust training/QA obligations, and a revenue-share back to the franchisor.
Joint-Venture Franchise – the franchisor co-owns the operating company with a local investor, useful in markets with market-access rules or when control is paramount.
Conversion Franchise – existing independents rebrand to the network (common in hotels, services).
Picking the model: map (i) control needs, (ii) working capital capacity, (iii) speed to scale, (iv) market-access rules (e.g., agency registration in the UAE), and (v) enforcement practicality.
3) The deal economics: what goes where
A sustainable cross-border franchise usually includes:
Upfront fees: master fee/area development fee/single-unit fee.
Ongoing royalties: typically a % of net sales (not profit) with clear definitions and POS access rights.
Marketing fund: national/regional fund contributions plus local marketing spend requirements.
Supplier rebates & approved vendors: transparency and audit rights to avoid competition-law issues.
Training & launch packages: priced and scoped; refreshers scheduled.
Technology stack: POS, ordering, loyalty, brand portal; info-sec and data-transfer terms aligned with GDPR/UK-GDPR and local regimes.
4) The global law backbones you must respect
United Kingdom: There is no franchise-specific statute; franchising is governed by general contract law, IP, real estate, and competition law (notably the UK Vertical Agreements Block Exemption Order (VABEO) and CMA guidance). (ICLG International Business Reports, GOV.UK Assets)
European Union (context for UK/EU groups): Vertical rules under the VBER shape what franchise restraints are permissible (post-Brexit the UK has VABEO). (Greenberg Traurig, Bird & Bird)
UAE (incl. Dubai): No standalone “franchise law”, but if the parties register the relationship as a Commercial Agency, the UAE Commercial Agencies Law (Federal Law No. 3 of 2022) applies—bringing powerful protections and termination rules; unregistered franchises remain pure contracts. (uaelegislation.gov.ae, idiproject.com, Ministry of Economy)
Bangladesh: Franchising operates through contract, trade mark law (recordal of licence with the DPDT strongly recommended), and foreign-exchange controls. BIDA oversees approval of agreements for royalty/technical/franchise fees, which banks require to process remittances under Bangladesh Bank circulars. (BIDA, BB, Chambers Practice Guides)
5) Country playbooks (Bangladesh • UK • Dubai/UAE)
5.1 Bangladesh: market entry & ongoing compliance
Why Bangladesh: 170+ million consumers, rapid urban growth, rising middle income, modern malls and QSR formats, strong hospitality, fitness, education, and services opportunities. The gatekeepers are IP, foreign-exchange, and tax.
Key legal levers
IP first: file/record your trade marks with the DPDT; recordal of the licence/registered user improves enforceability against third parties. (Chambers Practice Guides)
Franchise/technology agreements: obtain BIDA approval where royalties, franchise fees, or technical fees will be remitted abroad; banks look for the BIDA-approved agreement and follow Bangladesh Bank instructions. (BIDA, BB)
Entity options: private limited company (common); branch/liaison for limited scopes; JV with a local partner when scale and local distribution are central.
Competition/consumer: ensure disclosures, warranties, and service standards; avoid hard resale price maintenance; structure vertical restraints to fit global practice.
Tax & FX: expect withholding on royalties/service fees and VAT exposures on local services; royalties/fees are only remittable through authorized dealer (AD) banks against BIDA/BB compliance. (BB)
Indicative Bangladesh timeline (first unit or master)
Weeks 1–4 – IP filing and watch; market diligence; entity or JV term sheet; draft franchise & ancillary agreements; BIDA prep.
Weeks 5–8 – Submit BIDA application and bank pack; finalize leases; vendor onboarding; architectural guidelines.
Go-Live – Soft opening, QA audit, grand opening. (BIDA approvals state a 15-day service standard subject to documentation and committee approval; plan buffer for clarifications.) (BIDA)
5.2 United Kingdom: the contract & competition law approach
Why the UK: transparent contract enforcement, deep retail/foodservice real estate market, sophisticated franchisee capital base, and predictable competition law.
Core features
No franchise-specific act; rely on a strong contract suite (franchise, IP licence, development schedule, supply, tech/DPAs, collateral warranties, personal guarantees). (ICLG International Business Reports)
Disclosure & ethics: While not mandated like the US FDD, UK best practice uses a pre-contract information pack and cooling-off—this reduces disputes and supports bankability.
Employment & HSE: franchised outlets remain independent employers; keep joint-employment risks low via training and audit, not day-to-day staffing control.
Indicative UK timeline
Weeks 1–2 – Territory & model selection (master/area/multi-unit); heads of terms.
Weeks 3–6 – Draft contracts; competition law checks; IP audits; landlord engagement.
5.3 Dubai / United Arab Emirates: agency registration or pure contract?
Why Dubai/UAE: high disposable income, tourism flows, modern retail infrastructure, and free-zone options (logistics and corporate efficiency).
Two regulatory paths
Unregistered franchise (pure contract) – common where parties want freedom to exit/renew and avoid agency protections; contract law + IP law + competition law govern.
Registered Commercial Agency – if you register at the Ministry of Economy, you trigger the Commercial Agencies Law (Federal Law No. 3 of 2022):
Registration requires a written, notarized agreement; only UAE nationals or UAE-owned companies (incl. certain PJSCs with national ownership thresholds) can be registered agents.
Registration brings statutory protections, including termination and dispute mechanisms (now reformed under the 2022 law; arbitration is permitted and termination rules evolved). (uaelegislation.gov.ae, Ministry of Economy, Al Tamimi & Company)
When to register: register only if you want the public-law protections (territorial exclusivity/enforcement against parallel imports) and you are comfortable with the termination regime; otherwise, stay as a contract franchise with strong IP and distribution controls.
Indicative UAE timeline
Weeks 1–3 – Select mainland vs free-zone for the franchisee/JV; pick contract vs agency path; reserve marks and file new classes if needed.
Weeks 4–8 – Draft & notarize; if registering as an agency, prepare MoE filings; otherwise finalize pure franchise suite; fit-out approvals and mall engagement.
Local law addenda (Bangladesh, UK, UAE-specific mandatory points).
High-value add-ons
Development Letter (milestones and cure periods).
Audit & Mystery Shopper Protocols (evidence for termination cause).
IP Escrow for mission-critical software (where appropriate).
Transfer & Exit Playbook (valuation, right of first refusal, change of control).
What causes disputes
Unclear royalty base definitions; no POS access; aggressive RPM; vague territory; missing data-security terms; lack of cure inside development schedules; opaque vendor rebates; and weak IP controls.
7) Competition/antitrust rules in real life
Territorial exclusivity is typically permitted with careful drafting.
RPM (resale price maintenance) is high-risk; use recommended or maximum prices, not fixed minimums.
Online sales: standards are fine; absolute bans on passive sales are high-risk.
Non-competes: keep them proportionate (duration/scope) and tethered to know-how protection.
In the UK, ensure alignment with VABEO and CMA guidance. (GOV.UK Assets)
8) Brand, data & tech: protect the crown jewels
Trade marks: file early; include local transliterations; record licence/registered user where advisable (notably in Bangladesh to strengthen enforcement). (Chambers Practice Guides)
Trade secrets: non-disclosure + limited access + audit; mark confidential materials; log returns on exit.
Data: if you or your franchisees process EU/UK data (loyalty, bookings), implement GDPR/UK-GDPR notices, lawful bases, and cross-border transfer tools; keep POS telemetry within declared purposes.
Cyber/security: minimum TOMs, incident SLAs, and breach notifications aligned with your global standard.
9) Money flows: FX, banking, and taxes (Bangladesh focus)
Bangladesh remittances of royalties/franchise fees require BIDA-approved agreements and processing via authorized dealer banks under Bangladesh Bank circulars; keep the approved fee schedules, net sales definitions, and reporting cadence consistent with the approval. (BB, BIDA)
Expect withholding tax and VAT effects; model cash flows net of taxes and bank charges; align invoice timing with month-end sales reports to avoid aging.
Maintain a remittance file: BIDA approval, bank forms, invoices, tax certificates, sales extracts, and auditor confirmations.
10) How TRW runs your cross-border launch (12-step method)
Phase A — Feasibility & Term Sheet
Market screening (unit economics, real estate, supply chain, regulatory gates).
IP & conflicts check (trade mark availability, transliterations, NOC strategy).
Structure selection (master/area/JV; agency vs contract in UAE; entity choices).
Phase B — Paper & Protections 4) Deal papering (franchise + licence + dev schedule + data/tech + guarantees). 5) Competition law vetting (VABEO/VBER mapping; RPM and online policy calibration). (GOV.UK Assets) 6) FX & tax rail (withholding, VAT, PE review, bank onboarding).
Phase C — Regulatory 7) Bangladesh:BIDA application for royalty/franchise fees; AD-bank coordination under BB circulars. (BIDA, BB) 8) UAE: choose contract vs Commercial Agency registration and, if registering, prepare MoE filings consistent with Federal Law No. 3 of 2022. (uaelegislation.gov.ae) 9) UK: disclosure pack and competition-law safe harbours; landlord and planning clearances where needed.
Phase D — Build & Open 10) Supply & vendor onboarding (QA standards; audit rights; rebate transparency). 11) Training & tech (POS, loyalty, security baseline; DPA onboarding). 12) Opening & scale (soft launch → full opening; development schedule; cure/remedy mechanics).
11) Indicative timelines (by structure)
Master or Area Development (new market)
Strategy & term sheet: 2–4 weeks
Papering & IP filings: 4–8 weeks
Bangladesh BIDA/BB rail or UAE agency filing (if chosen): 2–6+ weeks depending on completeness and committee cycles; BIDA’s indicated service time is 15 days subject to documents and approvals. (BIDA)
Real estate, vendors, training, and fit-out: 8–16 weeks
Total to first opening: ~16–28 weeks, depending on construction lead times.
Single-Unit or Multi-Unit (no agency registration)
Papering & training: 4–8 weeks
Fit-out: 6–12 weeks
Total: ~10–20 weeks
12) Risk controls that actually work
Royalty base clarity: define “net sales” (VAT, discounts, chargebacks) and give read-only POS/API access.
Audit & cure: audit rights, cure schedules, and graduated remedies before termination.
Term & exit: early-termination fees, step-in rights for customer protection, asset buy-back formulas.
Dispute forum: choose arbitration seat aligned with enforcement strategy; in UAE, note agency disputes may be steered to statutory venues if registered. (uaelegislation.gov.ae)
13) TRW’s selected (anonymised) work highlights
Bangladesh – QSR & Coffee (Master Franchise) We secured BIDA approvals for royalty and marketing-fund remittances, built the franchise/tech/IP stack, and aligned bank processes with Bangladesh Bank circulars. Outcome: on-time first store opening, clean monthly remittances, and defensible QA termination rights. (BB, BIDA)
United Kingdom – Health & Fitness (Multi-Unit) We re-papered the group’s UK suite for VABEO compliance (non-competes, online sales, MFNs), introduced transparent vendor rebates, and designed a disclosure pack to improve financing readiness. (GOV.UK Assets)
Dubai/UAE – Specialty Retail (Contract + Option to Register) We structured a contract franchise with an option to transition into registered Commercial Agency after KPI thresholds; we harmonized termination, arbitration, and IP controls to stay registration-ready while preserving flexibility at inception. (uaelegislation.gov.ae)
Do I need to register a franchise in Dubai? Not by default. But if you register as a Commercial Agency, the Commercial Agencies Law applies; registration gives protections but also stronger termination rules. (uaelegislation.gov.ae)
How do royalties get out of Bangladesh? Through authorized dealer banks against BIDA-approved agreements and Bangladesh Bank circular compliance. Keep a full remittance file. (BB, BIDA)
Should I choose master franchise or JV? Masters scale fastest; JVs give more control and cash returns. In sensitive markets or where brand integrity is paramount, a JV (or staged JV) can be superior.
What about data and loyalty programs? If EU/UK data is processed, implement GDPR/UK-GDPR notices, DPAs, and transfer tools; keep POS and loyalty use within declared purposes.
UAE: decide agency registration vs contract path; coordinate MoE formalities if registering. (uaelegislation.gov.ae)
UK: competition-law guardrails (VABEO) and disclosure pack. (GOV.UK Assets)
Days 46–90 – Build & Launch
Vendor & supply; QA schedules; training calendar.
Real estate & fit-out; opening marketing.
Royalty/marketing fund flows tested with banks; POS/API reporting live.
Related TRW reading: Technology Transfer — useful when franchising arrangements bundle recipes, manuals, software, and training content into cross-border IP licences.
16) Summary table — International franchising at a glance
Topic
Bangladesh
United Kingdom
Dubai / UAE
TRW Deliverables
Legal framework
Contract + DPDT for trade marks; BIDA approval for royalty/franchise/technical fees; BB circulars for remittance
Contract-driven; VABEO/CMA for competition; no franchise statute
Contract franchise orCommercial Agency registration under Federal Law No. 3/2022
Structure choice; contract suite; regulatory and bank packs
Registration
No franchise registry; record trade mark licence recommended
None (franchise-specific)
Optional: register as Commercial Agency with MoE
Filing/recordals; MoE/BIDA liaison
Competition law
General principles (avoid RPM; proportionate restraints)
Vertical rules under VABEO
General competition + agency regime if registered
Clause design for safe harbours
FX/remittances
BIDA approval + AD bank processing; BB circular compliance
Free flow (standard banking/tax)
Free flow; watch WPS payroll for employment (not royalties)
Royalty architecture; invoice/remit pack
Timeline (first unit)
~16–28 weeks incl. approvals & fit-out
~10–20 weeks
~10–20 weeks (contract) or + registration time if agency
90-day program; critical-path control
IP & brand
Early filings; licence recordal; anti-counterfeit plan
Strong trade mark portfolio; brand standards
Filings; customs & parallel-import strategy
IP filings; licence & enforcement pack
Disputes
Courts/arbitration per contract
Courts/arbitration; English seat common
Arbitration/courts; special rules if agency registered
Dispute playbook aligned to seat
Key sources for specific points in this table include CMA VABEO guidance (UK), the UAE Commercial Agencies Law 2022 and Ministry of Economy materials (UAE), and BIDA/BB materials (Bangladesh). (GOV.UK Assets, uaelegislation.gov.ae, Ministry of Economy, BB, BIDA)
17) Work with TRW
We’ve helped global brands and regional champions enter, scale, and protect their networks across Bangladesh, the UK, and Dubai/UAE. From IP filings and competition-law vetting to BIDA approvals, MoE registrations, and banked royalty flows—we build audit-ready, bankable programs with clear KPIs, cure mechanics, data/tech baselines, and exit options.
Tahmidur Remura Wahid (TRW) Law Firm Dhaka: House 410, Road 29, Mohakhali DOHS Dubai: Rolex Building, L-12 Sheikh Zayed Road.
Bangladesh: BIDA service scope and timelines for royalty/franchise fee approvals; Bangladesh Bank circular requirements; DPDT licence recordal practice. (BIDA, BB, Chambers Practice Guides)
GDPR & Global Data Protection: A Practical, End-to-End Guide for Business Leaders (by Tahmidur Remura Wahid (TRW) Law Firm)
For founders, GCs, CHROs, CTOs, DPOs, privacy engineers, and product managers who need a single, usable playbook to design, operate, and audit privacy programs that work across borders—with GDPR at the core and a clear Bangladesh + global perspective.
Related reading: TRW’s overview on Consumer Protection and market conduct—useful when privacy issues intersect with unfair practices, dark patterns, and deceptive disclosures.
Why this guide now
Privacy is no longer “legal paperwork” at the end of a release cycle. It’s an operating system for growth: influencing market access (EU users), distribution partnerships, M\&A due diligence, cloud choices, adtech, AI/ML, biometrics, and cross-border workforce mobility. The EU General Data Protection Regulation (GDPR) remains the global reference point other regimes benchmark against. Understanding GDPR—and how it maps to UK GDPR, California’s CPRA, India’s DPDP Act, Singapore PDPA, Brazil’s LGPD, China’s PIPL, and Middle-East frameworks (DIFC/ADGM/KSA)—is essential to build one privacy program you can scale.
TRW’s approach combines legal design, engineering hygiene, and governance—so your teams can ship fast without tripping over data risks, fines, or blocked data flows.
Part I — GDPR in one page (the executive cut)
What it is: A regulation harmonizing EU data protection and setting out rules for lawful processing, rights, governance, security, breach response, and cross-border transfers. Applies since 25 May 2018. (EUR-Lex)
Who it protects: Natural persons located in the EU/EEA in relation to their personal data (any information relating to an identified/identifiable person).
Who it binds (territorial scope):
Controllers/processors established in the EU/EEA; and
Non-EU organizations offering goods/services to, or monitoring behavior of, people in the EU (e.g., apps/websites targeting EU users). (EUR-Lex)
Data subject rights: Transparent notices and rights to access, rectification, erasure, restriction, portability, objection, and to not be subject to certain automated decisions (Arts. 12–22).
Governance & security: DPO (where required), DPIAs for high risk, records of processing (RoPA), security of processing (Art. 32), breach notification (Arts. 33–34).
International transfers: Adequacy, SCCs, BCRs, and limited derogations; EU-US Data Privacy Framework (DPF) is the current adequacy solution for self-certified U.S. organizations. (Data Privacy Framework, European Commission)
Enforcement: Independent supervisory authorities, “one-stop-shop” for cross-border cases, and material fines (up to the higher of 2%/€10m or 4%/€20m depending on infringement tier). (EUR-Lex)
Part II — What counts as “personal data” in real life
Obvious: Names, emails, ID numbers, phone, addresses.
Less obvious: Device IDs, cookies, IP addresses, advertising identifiers, precise geolocation, voiceprints, keystroke patterns, telemetry, inferred profiles.
Pseudonymized ≠ anonymous: Pseudonymization reduces risk but remains personal data if the person remains re-identifiable.
Anonymous data: True aggregation with re-identification controls—rare in practice. Log retention rules, join keys, and small-cell risks need active management.
Design tip: Maintain a Data Taxonomy with fields tagged by risk class (PII/Sensitive/Derived/Telemetry/Anonymous) and link them to lawful bases and retention rules in your RoPA.
Part III — Lawful bases and practical patterns
1) Consent (opt-in, granular, revocable)
Use for: marketing emails, certain cookies/trackers, precise geolocation, health/biometric processing. What good looks like: purpose-tied checkboxes, easy revocation, no pre-ticked boxes, no bundling with Ts\&Cs. Risk: Dark patterns invalidate consent—UX must be neutral, symmetrical, and logged.
2) Contract necessity
Use for: account creation, delivering a paid service the user requested, fraud checks essential to service. Guardrails: Avoid stretching “necessity” to secondary uses (e.g., targeted ads).
3) Legitimate interests (LI)
Use for: limited analytics, security logs, product safety, narrowly-scoped personalization. Must do: LI balancing test, document safeguards, offer opt-out where appropriate.
4) Legal obligation / Public task / Vital interests
Use for: tax/KYC/AML archives, safety recalls, life-or-death emergency contexts.
Rule of thumb: One primary basis per purpose; avoid “consent + LI” for the same use. Map bases to data categories and purposes in your RoPA.
Part IV — Special categories & children’s data
Special categories (Art. 9): require explicit consent or another narrow condition (employment law obligations, public health, substantial public interest, etc.).
Biometrics & health: Extra DPIA scrutiny, role-based access, strong encryption, and separate key management.
Children: Parental consent requirements at Member-State-set ages (generally 13–16). Use age-appropriate design, simplified notices, and tighter profiling limits.
Part V — Security, breaches, and resilience
Security of processing (Art. 32): Technical and organizational measures (TOMs) proportionate to risk—encryption, pseudonymization, least privilege, secure SDLC, vulnerability management, incident response playbooks. (EUR-Lex)
Breach notification:
72 hours to the authority after awareness, unless low risk.
Notify affected individuals without undue delay if high risk (e.g., credential compromise + no MFA).
Automated decision-making (ADM): If decisions produce legal/similar effects, ensure explainability, human review paths, and fairness tests.
Platform pattern: Route DSRs through a single privacy portal with SLAs (often 30 days), cross-system orchestration, and QA—then audit monthly.
Part VII — International data transfers (Chapter V)
You have three main highways:
Adequacy decisions: Transfers to jurisdictions the European Commission deems essentially equivalent (e.g., EU-US Data Privacy Framework for certified U.S. firms). Check scope and keep current. (Data Privacy Framework)
Standard Contractual Clauses (SCCs): The EU’s modernized 2021 clauses cover controller↔controller and controller/processor↔processor permutations, with modular add-ons and a transfer impact assessment (TIA) expectation. (European Commission)
Binding Corporate Rules (BCRs): Group-wide policies approved by authorities—powerful but time-intensive.
Derogations: For occasional, necessary transfers (e.g., explicit consent, contract performance) but not for routine, large-scale flows.
What to operate daily:
Maintain a transfer register listing tools used (SCC/BCR/DPF), destinations, services, encryption, and re-transfer rules.
Run TIAs addressing foreign surveillance/access and practical enforceability of rights.
Add supplementary measures where needed (E2EE, split processing, transparency to users).
Re-paper legacy contracts and keep SCCs in sync with vendor changes.
Part VIII — Governance that survives audits
DPO: Required for public bodies, large-scale monitoring of individuals, or large-scale processing of special categories. DPO reports to top management, no conflicts, and has resources.
Records of processing (RoPA): The living map: purposes, data types, lawful bases, retention, processors, transfers, TOMs.
DPIAs: Mandatory for high-risk activities (e.g., large-scale profiling, sensitive data, systematic monitoring). Keep a DPIA register and bake DPIA prompts into product discovery.
Training & culture: Role-based modules for engineering, marketing, sales, HR, and support; measure completions and run phishing/data-handling drills.
Part IX — Product & adtech realities
Cookies/trackers: Consent before non-essential trackers; provide a granular CMP; respect “reject all” symmetry; log signals.
Analytics: Consider server-side or privacy-enhanced modes; apply LI only if truly necessary and low-risk, else use consent.
Ads & profiling: Minimize identifiers; use contextual where viable; apply frequency capping via pseudonymous tokens; document fairness and opt-outs.
Dark patterns: Design reviews must check clarity, symmetry, and “no worse off if you say no.”
De-identification: Treat de-identification as a controlled process (risk assessments, reversibility tests, k-anonymity thresholds).
Part X — AI/ML & biometrics: the intersection with GDPR
Lawful basis & purpose compatibility: Training on personal data needs a purpose and a basis (often LI with strong safeguards, or consent for sensitive use).
Minimization: Limit features; remove unnecessary identifiers; consider synthetic data or federated learning.
Explainability & bias: For significant ADM, capture model lineage, feature importance, and human-in-the-loop; log fairness tests.
Biometrics: Treat as special category; require explicit consent or a narrow legal condition; apply template protection and PAD/anti-spoofing.
Part XI — How GDPR maps to global regimes (a quick compass)
UK GDPR + Data Protection Act 2018 (UK): Largely mirroring GDPR; international transfers use UK addenda/IDTA; ICO guidance shapes practice.
California (CPRA): “Sensitive personal information,” opt-out for selling/sharing, global privacy control (GPC) signals; private-right-of-action for security breaches.
Colorado/Virginia/Connecticut/Utah (US state laws): Converging on rights, notices, and opt-outs; vendor contracts parallel GDPR Art. 28.
Brazil (LGPD): GDPR-like principles and rights; DPO recommended; ANPD is the regulator.
India (DPDP Act 2023): Consent-centric with “legitimate uses,” deemed consent constructs, and cross-border transfer rules via notified countries; significant compliance ramp-up for India-facing services.
Singapore (PDPA): Business-friendly; DPO required; data breach notification regime; “legitimate interests” exception under safeguards.
China (PIPL): Strict cross-border transfer rules (CAC security assessments/SCCs/certification); purpose limitation and data localization in sectors.
Middle East:
DIFC/ADGM (UAE) and QFC (Qatar): GDPR-inspired, independent regulators, SCC-style contracts.
KSA PDPL: Comprehensive law with evolving rules on cross-border transfers and consent.
Strategy: Build a GDPR-core program and extend with local “delta controls” (e.g., UK IDTA, China localization, California adtech signals, India cross-border whitelists) rather than running ten separate programs.
Part XII — Bangladesh perspective & cross-border readiness
Bangladesh does not yet enforce a single comprehensive GDPR-equivalent statute; compliance typically arises via sectoral rules, cybersecurity/telecom guidance, contractual commitments with EU/UK clients, and extraterritorial GDPR obligations when serving EU audiences. Practical implications:
If you target EU users (content, language, pricing in EUR, or ship to EU): GDPR applies—prepare for EU-grade notices, DSRs, cookies, and transfer tools. (EUR-Lex)
If you are a processor for EU controllers (e.g., IT/BPO/R\&D in Dhaka/Chittagong): adopt Art. 28-style DPAs, SCCs, TOMs, encryption at rest/in transit, SOC 2/ISO-type controls, and breach SLAs; prepare for on-site/virtual audits. (European Commission)
Zones and mobility: EPZ/SEZ environments often add physical-security and access-control requirements; harmonize with GDPR-aligned TOMs and vetted sub-processors.
Part XIII — Your operating blueprint (90-day rollout)
Phase 1 — Discovery & risk scoping (Weeks 1–3)
Data inventory & RoPA (systems, vendors, fields, purposes, bases, retention).
Transfer map (destinations, tools, encryption posture).
Gap analysis vs. GDPR core and your target markets (UK/US/India/Singapore/Middle-East).
Threat model + breach readiness check; DSR maturity; cookie/adtech review.
DPA/Art. 28 templates; SCCs (2021 modules) and TIAs with supplementary measures where needed. (European Commission)
Consent UX and cookie CMP implementation plan.
Phase 3 — Build & ship (Weeks 8–12)
Engineer data-minimization and retention in schemas; privacy toggles; audit logs; key management.
DSR portal; identity verification; export and deletion orchestration across systems.
Incident response run-books and tabletop exercises; regulator notification templates.
Training by role; KPI dashboard (DSR SLA, DPIA coverage, breach MTTR, vendor risk scores).
Part XIV — Vendor and cloud risk management
Before onboarding: Security questionnaire, penetration test summaries, SOC/ISO attestation, sub-processor list, data-flow diagram, transfer tools (SCC/BCR/DPF), and RTO/RPO commitments.
Contracts: Art. 28 clauses, breach windows (<72h), cooperation on DSRs/DPIAs, audit rights, data-return/delete on exit.
AI & Biometrics: Lawful-basis selection, dataset governance, model documentation, and ADM safeguards.
Privacy Engineering: Data minimization in schemas, retention automation, key management, and logging.
Audits & Disputes: Regulator engagement, complaint response, cooperation procedures, and expert support in litigation/arbitration.
Frequently asked questions (fast answers)
Q1: We’re outside the EU—does GDPR still apply? Yes, if you target EU users (pricing, language, shipping) or monitor their behavior (tracking/profiling). Build GDPR-grade notices, DSR handling, and transfer tools even if you have no EU office. (EUR-Lex)
Q2: Is consent always required for analytics and personalization? No. Some low-risk analytics may rely on legitimate interests with safeguards—but many cookie-based analytics/adtech uses will require consent. Document the basis and keep honest UX.
Q3: Are SCCs enough for international transfers? SCCs are the primary tool, but you must also run a Transfer Impact Assessment and add supplementary measures where needed (e.g., robust encryption, split-processing). (European Commission)
Q4: Can we rely on the EU-US Data Privacy Framework instead of SCCs? If your U.S. partner is DPF-certified for the relevant data flows, DPF can be your mechanism. Many organizations still use SCCs in parallel depending on vendor footprints. (Data Privacy Framework)
Q5: What’s the fastest path to “credible” compliance for M\&A or enterprise sales? Ship the GDPR Core Build (RoPA, notices, DPAs/SCCs, DPIAs, DSR portal, breach SOPs) and produce an evidence pack. Buyers and enterprise customers look for this.
Summary table — GDPR & global data protection at a glance
Topic
What it means for you
TRW action
Territorial scope
GDPR can apply to you even outside the EU if you target or monitor EU users. (EUR-Lex)
Scope analysis; market targeting review
Lawful bases & principles
Map every purpose to a lawful basis; minimize, secure, and be transparent.
RoPA build; basis mapping; consent & LI frameworks
Special categories & children
Explicit consent or narrow conditions; age-appropriate design and parental consent as needed.
DPIAs; access controls; child-safety UX
Security & breach
Risk-fit TOMs; notify authority in 72h if required; individuals if high risk. (EUR-Lex)
Incident playbooks; drills; regulator templates
Rights handling (DSRs)
Access, erase, port, object, restrict, and ADM safeguards with SLAs.
International Employment & Mobility: A Complete Guide for Global Businesses (by Tahmidur Remura Wahid (TRW) Law Firm)
Prepared for HR leaders, founders, general counsel, and cross-border executives who need a practical, end-to-end playbook for hiring, relocating, and managing talent across borders—with special focus on Bangladesh alongside US/UK/EU, the GCC, and Asia-Pacific.
Why international mobility matters now
Global growth today is talent-led. Whether you’re building a Bangladesh hub for manufacturing or engineering, moving executives to win new mandates in the GCC, or assembling a distributed R\&D team across Europe, employment and mobility decisions shape cost, speed, and risk. The right structure reduces immigration friction, payroll leakage, permanent-establishment (PE) risk, data-transfer headaches, and disputes. The wrong one quietly burns value for years.
At Tahmidur Remura Wahid (TRW) Law Firm, we help clients design mobility architectures—a coordinated mix of immigration, employment, tax, social security, data, FX, compensation, and IP protection—so your people can move fast and stay compliant. This guide distills what works, where companies stumble, and how to operationalize global mobility with Bangladesh as a key market.
Internal resource: For related cross-border commercial issues, see TRW’s article on International Trade.
The 12 building blocks of global mobility
Use these as your blueprint when planning an assignment, a new market entry, or a distributed team.
Immigration status & right to work Work permits, visa categories, in-country registrations, family/dependant rights, and zone-specific approvals (e.g., EPZ/SEZ).
Employment structure Local hire, secondment, intra-group transfer, professional employer organization (PEO/EOR), contractor, or hybrid models.
Employment contract terms Choice of law, mandatory local protections (wages, hours, leave, termination), IP assignment, confidentiality, and restrictive covenants.
Payroll model Home payroll with shadow payroll, host payroll, split payroll, or PEO payroll; payslip content and language rules.
Tax residency and PE Individual residency tests, employer withholding, PE triggers (fixed place, dependent agent, service PE), and treaty relief.
Social security & benefits Coverage, totalization/reciprocity (if any), private schemes, provident funds, WPPF, and repatriation benefits.
FX & banking Salary payment currency, in-country bank accounts, remittance rules, tax clearances, and wage-protection mechanics.
Data & privacy Cross-border HR data transfers, localization, DPIAs, and lawful bases for processing.
Health, safety & wellbeing Duty of care, travel risk, ergonomic and mental-health supports, and crisis response.
Post-assignment Repatriation, non-compete enforcement, IP/confidentiality continuity, and tax equalization wrap-up.
Governance & documentation Assignment letters, policies, A1/CoC certificates (where relevant), visa registers, and audit trails.
Bangladesh: employment & mobility in practice
Bangladesh attracts manufacturers, tech, energy, and services firms setting up shared services and commercial operations. Mobility planning typically engages three regulatory layers:
Investment/Zone approvals (BIDA/BEZA/BEPZA), which govern work permits for expatriates and localization expectations. Caps on expatriate headcount apply in many settings (industrial operations typically allow a low single-digit percentage; commercial roles often permit a higher percentage). Exact thresholds can vary by authority and project type—confirm against the latest circulars before hiring plans are finalized.
Immigration (visa and security clearances, mission endorsements).
Labour & tax (Bangladesh Labour Act/Rules and the Income Tax Act 2023 framework for withholding and residency).
Common Bangladesh visa/work pathways
Employment (E) visa & work permit: For foreign nationals employed by a Bangladesh entity. Usually involves: (i) employer registration with the relevant authority; (ii) advertisement/justification of non-availability of suitably skilled locals; (iii) security clearance; (iv) work permit recommendation/issuance; (v) E-visa from the Bangladesh mission; (vi) post-arrival police/authority registrations as applicable.
Investor (PI) visa: For foreign shareholders/board-level sponsors in Bangladeshi entities (often with longer validity and multiple entry).
Business (B) visa: For short-term business activity (meetings, negotiations, site visits), not execution of productive work.
In Export Processing Zones (BEPZA) and Economic Zones (BEZA), the procedures, caps, and documentation are zone-specific; approvals and renewals are handled by the zone authority.
Employment law essentials for expatriates in Bangladesh
Contracts: Offer letter + local employment agreement (English & Bangla versions are common).
Wages & hours: Statutory floors apply; managerial exemptions exist for some overtime rules but should be documented carefully.
Leave: Annual, sick, festival/holiday leave; maternity protections are significant and mandatory.
Separation: Notice periods, cause/termination processes, redundancy formalities, and final settlement components must follow the Labour Act/Rules.
Benefits: Provident fund (where established), gratuity (if applicable by policy or practice), and Workers’ Profit Participation Fund (WPPF) applicability based on thresholds.
Dispute resolution: Labour courts and statutory conciliation/Arbitration pathways are available; internal grievance procedures reduce risk.
Payroll, tax & FX in Bangladesh
Individual tax: Residency tests typically consider presence days (e.g., 182-day tests and composite tests across years). Withholding is required; equalization policies are common for assignees.
Social security: No comprehensive state social-security regime comparable to EU/US; employers rely on private benefits, provident funds, and statutory schemes applicable to the industry.
FX & remittance: Expatriates can generally remit savings/salary subject to Bangladesh Bank guidelines and tax clearances. Design payroll to capture proof of tax compliance and support remittance needs.
Shadow payroll: Where the home entity maintains pay, a Bangladesh shadow ensures local withholding, reporting, and end-of-year slips.
Global routes & comparators
To architect repeatable playbooks, benchmark Bangladesh decisions against leading mobility channels:
United Kingdom
Skilled Worker & Global Business Mobility (GBM) routes (Senior/Specialist Worker; Graduate Trainee; UK Expansion Worker).
Sponsorship regime, Immigration Skills Charge, and salary thresholds are crucial.
Right-to-work checks and IHS surcharge materially affect cost models.
TUPE & mandatory protections can override agreed contract choices; non-competes must be tailored.
European Union
EU Blue Card (high-skilled), Intra-Corporate Transferee (ICT) Directive, national work permits, and A1 certificates for social security coverage.
GDPR governs HR data; cross-border transfers need SCCs or other valid mechanisms.
Collective agreements may impose wage and hour floors regardless of contract law chosen.
I-9 verification and LCA (for H-1B) compliance are audit hot-spots.
PE risk can arise via dependent agents or services performed in the US; early tax coordination is vital.
GCC (UAE, KSA, Qatar, etc.)
Employer-sponsored residency is standard; free-zone options (e.g., DIFC, ADGM, QFC) have separate rules and court systems.
Wage protection (WPS) requires timely salary transfers through approved channels.
Long-residency pathways (e.g., UAE Golden Visa) support leadership continuity.
Singapore & Hong Kong
Employment Pass (EP) / S Pass (Singapore) with points-based evaluation; EP renewals require proactive planning.
Hong Kong: General Employment Policy, Quality Migrant schemes, and robust IP/confidentiality enforcement via well-drafted contracts.
Digital-nomad & remote-work paths
A number of jurisdictions offer remote-work visas allowing location-independent professionals to reside and work for foreign employers. These programs vary widely (minimum income, insurance, taxation, local work prohibition). Bangladesh does not currently offer a formal digital-nomad visa; companies often combine business visitor frameworks with offshore employment and strict no-local-work controls during scouting phases.
Choosing the right legal structure
1) Local hire (direct employment by the host entity)
Use when: Long-term role, local market integration, benefits parity required. Pros: Clear compliance, easier banking/FX, cultural integration. Watch-outs: Full host-country labor law exposure; benefit harmonization costs.
2) Secondment (home employer “lends” employee to host)
Use when: Temporary assignment with home-country benefits retained. Pros: Continuity of service and equity plans; controls PE with careful drafting. Watch-outs: Dual control risks; ensure direction & control sits with host to avoid misclassification and PE leakage.
3) Intra-company transfer (ICT / GBM / L-1 style)
Use when: Moving specialists or managers within the group. Pros: Tailored visa channels; recognized globally. Watch-outs: Salary seniority thresholds; documentary intensity; return-to-home requirements.
4) PEO/EOR (employer-of-record)
Use when: Testing markets or lacking an entity; speed is critical. Pros: Fast onboarding, lower fixed costs. Watch-outs:Substance & PE risk if EOR is a façade; IP and confidentiality require robust tri-partite drafting; exit and migration to your entity must be pre-planned.
5) Independent contractor
Use when: Project-based services with genuine independence. Pros: Flexibility; cost control. Watch-outs: Misclassification risk; local agencies treat quasi-employees as workers; ensure IP assignment and non-solicit survive local tests.
Contracts that actually work across borders
Governing law & jurisdiction
Choose a law familiar to your legal team but acknowledge mandatory local protections (wage floors, working time, holidays, dismissal procedures). Include escalation clauses (internal → mediation → arbitration/litigation) and a seat convenient for enforcement.
IP & confidentiality
Ensure present-assignment wording (“hereby assigns”) and moral-rights waivers where allowed.
Capture inventions created abroad and clarify work-for-hire equivalents.
Post-termination confidentiality must survive indefinitely for trade secrets.
Restrictive covenants
Tailor non-compete duration (often 6–12 months), scope, and consideration (garden leave, pay in lieu) to local enforceability.
For Bangladesh, India, and similar common-law jurisdictions, non-solicit and non-dealing provisions often fare better than blanket non-competes.
Data & monitoring
Disclose lawful bases for processing HR data; obtain consent only where appropriate.
For the EU, implement SCCs for transfers; for the UK, use IDTA or SCCs per UK-GDPR.
Limit monitoring to proportionate, disclosed practices; document DPIAs.
Compensation, equity & payroll design
Compensation mix
Base + allowances (housing, transport, education), hardship, and COLA where justified.
Define assignment premiums and repatriation benefits; deploy clawbacks for early termination.
Equity
Track grant, vest, tax point, and source.
Shadow payroll often captures equity income that is host-taxable even if paid offshore.
For mobile executives, consider tranche-based vesting and tax equalization.
Payroll choices
Host payroll: Cleanest compliance for long stays.
Home + shadow: Good for short/medium assignments.
Split payroll: Use sparingly; adds complexity and audit scrutiny.
PEO payroll: Validate payslip format, statutory filings, and onboarding documents.
Tax, social security & PE—de-risking the invisible costs
Individual residency: Map day-count tests early; track travel days with tooling.
Withholding: Align to host-country tables; reconcile at year-end and at departure.
PE risk: Avoid dependent agent behavior (contract negotiation/conclusion), service PE thresholds, and fixed-place footprints (home offices can count).
Social security: Where no totalization treaty exists (common for Bangladesh with many partners), mitigate double contributions by using private benefits or careful assignment lengths.
Fringe benefits: Housing, transport, stock, and allowances can be taxable; model cash vs. in-kind trade-offs.
Special topics: EPZ/SEZ, project sites, and short-term business visitors
EPZ/SEZ: Zone authorities (BEPZA/BEZA) impose self-contained rules on registrations, expatriate caps, and vendor access.
Project sites: Construction and services often trigger service PE or site PE after day/percentage thresholds—stage staffing and rotate specialists to control exposure.
Short-term business visitors (STBVs): ■ Keep visits strictly to permitted activities (meetings, audits, training). ■ Maintain a business-visitor register, invite letters, and itineraries. ■ If work becomes productive or remunerated locally, re-paper to a work visa immediately.
Remote work & “work-from-anywhere” (WFA)
WFA is attractive to talent, but the risk stack is real:
Silent PE (sales/contracting from a bedroom office).
Unregistered payroll and benefit plan leakage.
Export controls/data risks for engineers handling restricted tech abroad.
Safety & insurance gaps.
Policy answer: ■ Define eligible roles and countries; maintain a country matrix (immigration, tax, data, H\&S). ■ Cap durations (e.g., ≤30/60/90 days) and require pre-clearance. ■ Use no-local-work clauses and equipment checklists. ■ Route sensitive projects through approved jurisdictions only.
Compliance calendar—what to do and when
Pre-assignment (T-90 to T-30)
■ Role scoping; choose structure (local hire/secondment/ICT/PEO). ■ Immigration route, document checklist, and dependants’ planning. ■ Draft assignment letter, local contract, and IP/confidentiality pack. ■ Tax modelling (equalization/protection), pay design, and benefits mapping. ■ Data transfer basis and DPIA; H\&S risk assessment. ■ Zone/authority pre-approvals (BIDA/BEZA/BEPZA as relevant).
Arrival & first 30 days
■ Police/authority registration (if required), bank account, sim/banking KYC. ■ Shadow/host payroll activation; benefit enrollment. ■ Workplace induction; safety briefings; device hardening and data minimization.
Contract ≠ compliance A perfect contract can still violate mandatory local rules. Solution: pair every master agreement with a local addendum validated by counsel.
Unmanaged business visitors Executives “pop in and help” until a tax inspector asks about day counts. Solution: traveler registry + automated flags at 30/60/90 days.
PE by accident Sales leaders negotiate/close in host countries without registration. Solution: clear playbook on who may negotiate, where signing occurs, and what emails say.
Equity blind spots RSUs vest during a posting, but payroll doesn’t withhold locally. Solution: equity calendar + shadow payroll + broker integration.
Data transfer gaps HR ships files to a non-adequate jurisdiction with no SCCs/IDTA. Solution: standardize transfer addenda and DPIAs in onboarding.
End-of-assignment chaos Late tax clearances block remittances and exits. Solution: exit checklist with tax, FX, and equipment returns pre-scheduled.
TRW’s integrated service model
We bring a single-program view across legal domains and geographies:
Payroll & FX: Host/shadow/split payroll design; remittances and Bangladesh Bank compliance.
Data & IP: GDPR/UK-GDPR/PDPA strategies; IP assignment and secrecy protection for mobile engineers and executives.
Zones & Projects: EPZ/SEZ approvals, vendor access, and site compliance.
Disputes: Labour claims, injunctions on confidentiality/non-solicit, cross-border enforcement and arbitration.
Case-style illustrations (generic)
Tech scale-up HQ in Singapore; Bangladesh delivery center We set a secondment-to-local-hire pathway: start on GBM/ICT-style visas for knowledge transfer, shift to Bangladesh local employment over 12–18 months, and embed a shadow payroll for equity events. Result: no PE surprises in intermediary jurisdictions, clean FX remittances for expatriates, and on-time approvals.
GCC infrastructure sponsor Using a free-zone structure for corporate HQ and mainland project visas, we created a WPS-compliant payroll with Bangladesh feeder recruitment and zone-specific approvals. Supply-chain engineers moved on controlled business-visitor itineraries with strict no-work guardrails.
US SaaS enterprise opening EU sales We avoided agent PE by restricting local reps from concluding contracts; executed via home-law contracts plus local addenda; routed HR data using SCCs. Equity events were synchronized with EU shadow payroll.
Q1: Can we pay an assignee fully offshore? Possible, but expect host-country withholding and reporting. Use shadow payroll or host payroll to stay compliant.
Q2: Are non-competes enforceable everywhere? No. Many jurisdictions restrict them; non-solicit and confidentiality often provide better, enforceable protection.
Q3: How do we avoid PE with sales teams? Separate marketing/lead generation from contract conclusion; keep signing authority and final price approvals in the home entity; set email and meeting scripts.
Q4: Can expatriates in Bangladesh remit earnings abroad? Yes—subject to Bangladesh Bank rules and tax compliance evidence. Build remittance into onboarding to avoid surprises.
Q5: Do we need dual contracts? Often yes: a home master for continuity and a local addendum for mandatory rules. Keep terms harmonized.
Summary table: International employment & mobility at a glance
Topic
Bangladesh Focus
Global Comparator
TRW Support
Immigration & Work Permits
E/PI/B visas; BIDA/BEZA/BEPZA oversight; caps on expatriate ratios vary by sector/authority
UK Skilled Worker/GBM; EU Blue Card/ICT; US H-1B/L-1; GCC employer-sponsored
One playbook, many countries: We standardize documents, approvals, and calendars across Bangladesh, the UK/EU, US, GCC, and APAC.
Audit-ready operations: Visa registers, payroll files, equity tax logs, and traveler day-count evidence are inspection-ready.
Speed with safety: Where speed matters (PEO/EOR or pilot teams), we install exit ramps and IP protections from day one.
Founder-to-CHRO support: Board-level structuring for headcount plans; workshops for HR/Finance; helplines for mobile leaders.
Let’s tailor your mobility architecture
Whether you’re moving one executive or opening a 300-person hub, the first step is a mobility risk & readiness review. We map immigration routes, entity and payroll options, PE exposure, equity treatment, data transfers, and FX pathways—then implement a 90-day launch plan with documentation, filings, and governance baked in.
Contact TRW
Tahmidur Remura Wahid (TRW) Law Firm Dhaka: House 410, Road 29, Mohakhali DOHS Dubai: Rolex Building, L-12 Sheikh Zayed Road.
This guide provides general information only and is not a substitute for legal advice. For a tailored assessment, contact TRW’s international employment & mobility team.
Transfer Pricing Advisory in Bangladesh (2025): A Deep, Practical Guide by TRW
Transfer pricing (TP) isn’t just a technical tax niche anymore—it’s a board-level risk in Bangladesh. The National Board of Revenue (NBR) expects multinational enterprises (MNEs) and Bangladesh-resident groups with cross-border related-party dealings to demonstrate that their prices, margins, and funding terms are at arm’s length. If they can’t, adjustments, penalties, and prolonged audits follow.
This guide is the playbook TRW uses with clients operating in (or into) Bangladesh. It translates the black-letter law into practical steps your finance, tax, and legal teams can execute—without drowning in jargon.
1) The Legal Backbone—What Actually Applies in 2025
Bangladesh’s transfer pricing regime is embedded in the Income Tax Act 2023, which replaced most prior provisions of the 1984 Ordinance. The Act houses a self-contained TP chapter that defines key terms, prescribes arm’s length pricing, empowers NBR’s Transfer Pricing Officer (TPO), and imposes documentation and filing obligations.
For day-to-day compliance, businesses rely on two pillars in practice:
The primary law (Income Tax Act 2023), including sections on:
Definitions and scope of international transactions (with associated enterprises),
Determination of income at arm’s length price (ALP),
Computation methods,
Reference to the Transfer Pricing Officer,
Documentation/record-keeping,
The Statement of International Transactions (SIT) filing,
The independent accountant’s report.
Administrative interpretation and market guidance summarising thresholds, range concepts, and filing mechanics. (PwC Tax Summaries)
Key compliance thresholds and mechanisms (high level):
SIT is filed with the annual income tax return for anyone entering into international related-party transactions during the year. (PwC Tax Summaries)
BDT 30 million aggregate threshold (per income year) triggers documentation and accountant’s report requirements. (PwC Tax Summaries)
Penalties apply for missing documents, failing to file the SIT, or not furnishing the accountant’s report when required (details in Section 7). (ICMAB)
2) Scope—What Counts as an “International Transaction”?
Under Bangladesh rules, international transactions cover any cross-border dealings between associated enterprises (AEs), including the allocation or apportionment of costs/benefits. This extends beyond obvious “sales/purchases” into services, intangibles, financial arrangements, and cost sharing. (PwC Tax Summaries)
Common Bangladesh-relevant categories:
Goods: components/raw materials, finished goods flows to or from group companies.
Cost sharing: shared service centers, regional hubs, group platforms.
Restructurings: toll-manufacturing shifts, distribution model changes, IP migrations.
If your related-party deal crosses a border and affects your Bangladesh entity’s profits, put it in the TP bucket.
3) The Arm’s Length Principle—How Bangladesh Tests Your Prices
3.1 The accepted methods
Bangladesh follows globally recognized ALP methods. In practice, the “most appropriate method” depends on functions, assets, and risks (FAR), data availability, and transaction nature. (ICMAB)
Comparable Uncontrolled Price (CUP): direct price-to-price comparison (ideal for commodities/license rates when data exists).
Resale Price Method (RPM): tests gross margins for distributors who mainly resell.
Cost Plus Method (CPM): tests gross mark-up for contract/toll manufacturers or captive service providers.
Transactional Net Margin Method (TNMM): benchmarks operating margins (common for routine distributors/contract services when CUP data is scarce).
Profit Split Method (PSM): allocates combined profit for highly integrated or unique intangibles.
3.2 Bangladesh “range” and multi-year data
Bangladesh adopts a percentile-based range approach when sufficient comparables exist (generally at least six) and the method is CUP/RPM/CPM/TNMM; otherwise, arithmetic mean applies. Multi-year data is allowed to smooth out anomalies. (PwC Tax Summaries)
Practical tip: Build a comparator set with local/regional peers first, then broaden. Document screening choices (industry codes, filters, loss filters, RPT filters) to defend your selection.
4) Who Must File What—and When
4.1 Statement of International Transactions (SIT)
Who: Any taxpayer with international related-party transactions during the year.
Financial reconciliation (tested party P\&L to audited financials).
Intercompany agreements (signed, current, consistent with conduct).
4.3 Accountant’s Report
If the BDT 30 million threshold is crossed, obtain an independent accountant’s report for the year’s international transactions and furnish it as required. (PwC Tax Summaries)
TRW tip: Align your accountant’s report evidence pack to your Local File—same comparables, identical tested party, and reconciled figures.
5) How NBR Audits Transfer Pricing—and How to Prepare
5.1 Role of the Transfer Pricing Officer (TPO)
A TPO can call for information, review your method and comparables, and propose adjustments if the pricing is not arm’s length. The law provides a formal reference mechanism to the TPO and empowers the authorities to determine ALP. Keep a ready-to-share pack that mirrors your Local File. (ICMAB)
What the TPO typically scrutinizes:
Substance vs contracts: are “limited risk” statements backed by reality (inventory risk, market risk, warranties)?
Royalty/fee nexus: is there evidence of services rendered/benefits received? Management fees without decks/timesheets are high-risk.
Benchmark integrity: are comparables functionally comparable? Were loss-makers excluded without rationale? Is RPT filtering robust?
Financing terms: are interest rates, maturities, collateral, and covenants market-standard?
DEMPE for intangibles: who develops, enhances, maintains, protects, exploits the IP—and where?
5.2 TRW’s audit-readiness drill (quarterly)
Quarterly walk-throughs with finance and business leads to confirm how deals are executed vs what’s in the agreements.
Variance testing: actual margins vs target arm’s length range. If drifting, consider in-year true-ups (with documentation).
Service evidence: collect timesheets, deliverables, meeting notes, project trackers for all head-office/SSC charges.
Benchmark refresh: at least annually for material flows; tri-annual full rebuilds.
Board minutes & approvals: keep them consistent with your TP narratives.
Value unique intangibles contributed to the pool; document valuation method.
7) Penalties, Adjustments, and How to Avoid Them
Bangladesh law prescribes specific penalties linked to TP non-compliance. In practice:
Failure to maintain/keep TP information and documents: penalty up to 1% of the value of each international transaction.
Failure to file the SIT (TP return): penalty 2% of the value of the international transaction.
Failure to furnish the independent accountant’s report, when required: fine up to BDT 300,000. (ICMAB)
Adjustment mechanics: If NBR/TPO substitutes an arm’s length price, tax and interest follow. Use contemporaneous documentation to establish a reasonable basis—this is your best defense.
Confirm tested party and methods for material flows.
During the year
Quarterly margin and evidence checks (see Section 5.2).
Keep invoices consistent with agreements (descriptions and cost bases matter).
Pre-year-end
Forecast full-year margins; plan true-ups if drifting from target range.
Validate royalty base and financing calculations.
At return time
Prepare/lock Local File equivalent and supporting evidence.
File SIT with the return; arrange the accountant’s report if over BDT 30 million. (PwC Tax Summaries)
Post-filing
Maintain a “TP audit pack”: the exact bundle you’d hand to a TPO on short notice.
9) Documentation Craftsmanship—What Great Looks Like
Narrative precision Tell a consistent story. If you call the Bangladesh entity a limited-risk distributor, show evidence: who sets price, who funds marketing, who bears inventory, who signs with key customers.
Comparable integrity
Use industry, function, and geographic screens that you can defend.
Explain exclusions (persistent losses, high related-party sales, different functional profiles).
Range method: if you have ≥6 comparables under CUP/RPM/CPM/TNMM, Bangladesh uses a percentile band (e.g., 30th–70th); otherwise, arithmetic mean applies. (PwC Tax Summaries)
Financial reconciliation Bridge tested margins to your audited numbers; label non-operating items; show any working-capital/capacity adjustments transparently.
Evidence of services and DEMPE For services/royalties, keep deliverables, timesheets, project trackers, meeting minutes, and IP governance docs (who approves budgets, who controls roadmaps, who owns risks).
10) Bangladesh-Specific Friction Points We See Most
Royalty rates imported from other countries without Bangladesh DEMPE analysis
Fix: Describe Bangladesh’s roles; if Bangladesh builds local marketing intangibles, consider a lower royalty or a profit-split element.
Distributors funding heavy marketing but called “limited-risk”
Fix: Either re-characterize to full-risk distributor (with an arm’s length return) or rebalance obligations and compensation.
Thin intercompany loan pricing
Fix: Build a borrower rating and a market-based margin; align tenor, covenants, and collateral with reality.
Missing accountant’s report over BDT 30 million
Fix: Calendarize the requirement and integrate it into year-end close. (PwC Tax Summaries)
Late or incomplete SIT
Fix: Treat the SIT like a statutory information return, not an afterthought; link it to your Local File data model. (PwC Tax Summaries)
11) Dispute Lifecycle—From Query to Resolution
Stage 1: Information request
TPO asks for docs (Local File, agreements, workings, comparables).
Respond within timelines; request reasonable extensions if needed; keep tone cooperative.
Stage 2: Technical debate
Focus on method selection, tested party, comparable set, and adjustments.
Use alternative calculations to show you remain within the Bangladesh range.
Stage 3: Proposed adjustment
Analyze tax, interest, and collateral impacts (withholding tax, VAT interaction if any, customs valuation echoes).
Explore partial concessions where defensible; propose prospective fixes to mitigate repeat issues.
Stage 4: Administrative appeal
If unresolved, pursue the domestic appeal route (Commissioner (Appeals), Appellate Tribunal, etc.). Keep your file “trial-ready” from day one.
12) Pillar Two, Public CbCR, and the Bangladesh TP Interface (What to Watch)
Even when Bangladesh’s local TP regime is your primary anchor, global reporting and transparency (e.g., Pillar Two, public CbCR in the EU, group-level CbCR elsewhere) can surface Bangladesh margins to tax authorities worldwide. That increases the importance of coherent narratives: what Bangladesh does, why it earns what it earns, and how that aligns with group value creation. Use your Local File as the source of truth.
13) TRW’s Bangladesh Transfer Pricing Toolkit (What We Deliver)
Diagnostic & heat-map: Rapid assessment of your intercompany flows, documentation gaps, and penalty exposure.
Training: Workshops for finance, tax, and commercial teams on “what to evidence and when”.
14) Quick Reference—Executive Checklist
Before the year starts
[ ] Update intercompany contracts to reflect real conduct.
[ ] Confirm tested party, TP method(s), and target range(s).
[ ] Calendar SIT and accountant’s report tasks.
During the year
[ ] Quarterly margin tracking, with true-up strategy.
[ ] Collect service deliverables and DEMPE evidence.
[ ] Monitor financing terms and covenant compliance.
At year-end
[ ] Lock the Local File and evidence pack by the return due date.
[ ] File the SIT with the return.
[ ] If BDT 30m+, obtain and furnish the accountant’s report. (PwC Tax Summaries)
On audit
[ ] Respond on time; keep a cooperative tone.
[ ] Defend method and comparables; offer alternatives where helpful.
[ ] Document every meeting and submission.
15) Frequently Asked Questions (Bangladesh Focus)
Q1. Does TP apply to domestic related-party transactions? Bangladesh’s operative framework focuses on international transactions with AEs. Your SIT and Local File-style documentation center on cross-border related-party dealings. (PwC Tax Summaries)
Q2. What exactly triggers the accountant’s report? If the aggregate value of international transactions exceeds BDT 30 million in an income year, obtain and furnish the independent accountant’s report in line with the law and administrative practice. (PwC Tax Summaries)
Q3. How strict are the penalties? They are formulaic and can be material: 1% (no documentation), 2% (no SIT), and up to BDT 300,000 (no accountant’s report when required). Good contemporaneous documentation sharply reduces risk. (ICMAB)
Q4. What if I don’t have six comparables? Bangladesh uses percentile ranges (e.g., 30th–70th) if there are enough comparables under the accepted methods; otherwise, arithmetic mean applies. Explain the data constraints and why your method remains most appropriate. (PwC Tax Summaries)
Q5. Do I need to re-benchmark every year? Best practice: refresh annually for material flows, and do a full rebuild at least every three years—or sooner if business models or markets shift.
16) The TRW Way—Make Compliance a Business Asset
Well-designed transfer pricing isn’t just about avoiding adjustments; it’s operating discipline:
Clarity on who does what (governance and accountability),
Predictable margins and budgets,
Faster close and smoother statutory audits,
Cleaner arguments if you’re challenged.
TRW’s blended tax-legal-economics team in Dhaka and abroad can co-own the process with you—from transaction mapping to audit defense—so leadership can focus on growth.
References
Income Tax Act 2023 (official, NBR)—primary legal basis for Bangladesh’s TP chapter (including ALP determination, TPO, documentation and filing provisions).
PwC Worldwide Tax Summaries – Bangladesh (Group taxation)—practical summary of Bangladesh TP compliance: SIT with return, BDT 30m thresholds for documentation and accountant’s report, range concept. Last reviewed 14 July 2025. (PwC Tax Summaries)
ICMAB TP Handout (Apr 2024)—Bangladesh-specific notes citing Income Tax Act 2023 sections on ALP/methods and penalty illustrations (1%/2%/BDT 300k). (ICMAB)
This material is for information only and does not constitute legal or tax advice. For tailored guidance, TRW can review your intercompany profile, draft or refresh documentation, and stand with you throughout any NBR engagement.
