Candy Lau

Special Counsel
Norton Rose Fulbright Australia

T:+61 2 9330 8114
T:+61 2 9330 8114
Candy Lau

Candy Lau



Candy Lau is an experienced lawyer based in Sydney with expertise in financial services regulatory, corporate governance and privacy. 

She advises Australia's major financial institutions and multinational corporations on a diverse range of complex matters relating to regulatory compliance and investigations, corporate governance, privacy, operational risk management and dispute resolution.  In recent months, she has been advising major energy/infrastructure clients and global financial services institutions on the intricate implications of the Security of Critical Infrastructure regime on their complex operations. Another focus of her recent engagements has been advising on compliance with the Australian privacy regime and the upcoming privacy reforms.

Candy's regulatory practice includes advising global financial institutions on the recent regulatory reforms relating to the design and distribution obligations and the reportable situations regime. She has also provided extensive support to major financial institutions on the design and implementation of complex review and remediation programs. In her most recent engagement, she played an instrumental role in leading a diverse team of a substantial size in successfully achieving project milestones.

She has completed multiple secondments at leading financial institutions in the retail and business banking space. Most recently, she was seconded into a risk and compliance role within a global electronics and electrical equipment manufacturing corporation headquartered in Japan. Leveraging on her in-house experience, Candy is attuned to the risks faced by businesses in light of the evolving regulatory landscape and advises on strategies that mitigate legal/compliance, conduct, operational as well as reputational risks.

Candy was first admitted as a solicitor in Hong Kong where she practised as a litigation and dispute resolution lawyer. She brings to her current role extensive litigation experience in conducting civil proceedings in both English and Chinese.


Professional experience

Expand all Collapse all
  • High Court of Hong Kong 2009
  • Supreme Court of New South Wales 2015

Security of Critical Infrastructure (SOCI) 

  • Major energy/infrastructure clients – on statutory obligations under the SOCI regime, including requirements relating to risk management programs, management of supply chain and personnel risks, cyber security obligations, protected information/data governance practices, and annual reporting.
  • Global financial institution – conducted SOCI impact analysis on its superannuation and insurance businesses.

Privacy & Corporate Governance 

  • Overseas-listed multinational energy group – audited various third party systems to evaluate compliance with the Australian privacy regime and recommended uplifts. 
  • Multinational corporation headquartered in Japan – on a wide range of complex issues with respect to corporate governance and compliance, including export controls, modern slavery, whistleblowing, and information governance and privacy.
  • International corporate group – on obligations relating to the Notifiable Data Breaches scheme.
  • ASX-listed company – on various retail checkout processes for compliance with the Australian privacy regime.
  • Global financial institution – on compliance with obligations under the Australian whistleblower framework. 

Financial Services Regulatory 

  • Global financial institutions – on various regulatory issues and strategies relating to the design and distribution of financial products, the reportable situations regime, and the Banking Executive Accountability Regime. 
  • Major Australian Bank – on methodology and execution in relation to the institution's remediation program on 'fee for no service'. 
  • Major Australian Bank – as part of Australia's largest review and remediation program within the institution's financial planning business, advised on the execution and strategy in the assessment and remediation of inappropriate financial advice. 
  • Major Australian Banks – completed secondments in retail banking, business banking and as part of a large-scale remediation program. Advised on a variety of legal, regulatory, risk and compliance issues relating to business and retail banking products, customer privacy/data protection, third party suppliers, design and distribution obligations regime, advertising of financial products and services (including greenwashing), and remediation projects.

Regulatory investigations

  • NSW Independent Liquor and Gaming Authority – as joint Solicitor assisting the public Commission of Inquiry under section 143 of the Casino Control Act 1992 (NSW), conducted by the Honourable P A Bergin SC and established by the NSW Independent Liquor and Gaming Authority. 



  • Best Lawyers in Australia 2023: Ones to Watch (Insolvency and Reorganisation Law) 
  • INSOL International, "MSMEs – Practical challenges and risk mitigation post COVID-19" (December 2022)
  • Governance Institute of Australia, "ASIC releases practical field guide on consumer-centred remediation programs" (March 2021)
  • Tracing Assets in Asia Pacific: A Comparative Analysis of the Availability of Norwich Pharmacal Orders in Australia, Hong Kong and Singapore, International Corporate Rescue, Vol 15, Issue 3, 2018
  • June 2022 – Asian Australian Lawyers Association (Foreign Qualified Lawyers Subcommittee) – Panelist for 'Rising with Resilience'.
  • Australian Restructuring Insolvency and Turnaround Association (ARITA)
  • The Law Society of New South Wales
  • The Law Society of Hong Kong
  • Cantonese
  • English
  • Mandarin Chinese
  • Japanese