State-owned enterprises were the vanguard of the ‘going global’ wave, but their compliance was often poor. Frankie wang reports on a changing of the guard
ALTHOUGH STATE-OWNED ENTERPRISES (SOEs) are not a phenomenon solely restricted to China, Chinese SOEs have always been stuck with such negative labels as “inefficient”, and “slow in decision-making”.
However, the operating philosophy and methods of a significant number of SOEs have undergone a transformation. Su Yanan, who has worked in a law firm and joined China Life Capital as legal director a few years ago, says that the stereotypical image of “working from 9 to 5, and not being very efficient” is not at all an accurate description of the current state of development of SOEs.
“Particularly in large enterprises and financial institutions, the market orientation of their professional staff is extremely high, and they stress efficiency in the way they do things,” she says. “After I joined China Life, I also found that my superiors and colleagues were quick in their pace of work, and the team was very professional.”
The change in SOEs is also manifested in their attitude towards compliance work. In recent years, the managers of Chinese SOEs have regularly been spotted at large compliance forums inside and outside China. So, what has pushed SOEs to enhance their compliance awareness? And what is the state of compliance system development in SOEs now?
AGE OF ‘BIG COMPLIANCE’
The concept of compliance is expanding in China with changes in the market. At the end of 2018, the State-Owned Assets Supervision and Administration Commission (SASAC) of the State Council and the National Development and Reform Commission (NDRC) successively issued the Guidelines for the Compliance Management of Central State-owned Enterprises (for Trial Implementation), and the Guidelines for Compliance Management in the Overseas Operations of Enterprises.
They specify that the term “compliance” means that the operational and management acts of (Central State-owned) enterprises and their employees comply with the requirements of relevant laws and statutes, international treaties, regulations, industry standards, commercial practice, codes of ethics, rules and regulations formulated by the enterprise in accordance with the law, among others. From this it can be seen that the coverage of what is to be complied with is quite expansive, marking the arrival of the age of “big compliance”.
Gary Gao, a partner at Zhong Lun Law Firm in Shanghai, says the most common reasons for SOEs to be placed under investigation and penalized by foreign regulators are violations of anti-corruption and anti-money laundering regulations, or trade-related laws of the host countries. The EU’s General Data Protection Regulation (GDPR) is also a pitfall for SOEs in terms of overseas compliance.
Harry Liu, a partner at King & Wood Mallesons in Shanghai, says that against the background of US-China trade friction, SOEs are placing great stress on such issues as export control compliance (particularly US regulations on trade restrictions and prohibitions), integrity compliance of multilateral development banks, etc., in addition to such traditional matters as anti-bribery and anti-corruption. “Should an enterprise cross such a cross-border compliance red line, the sanctions it could face are extremely serious,” he warns.
The fate that has befallen China’s two telecom manufacturing giants, ZTE and Huawei, has rung the alarm for many enterprises to keep a close eye on global political and legal risks, and the establishment of a global compliance system is a key step in guarding against risks.
“On the one hand, compliance has become a pass for entry into international markets,” says Bi Liyan, deputy general manager of the legal division at China Minmetals Corporation. “On the other hand, with the new trends in compliance regulation, companies operating internationally, in particular, not only have to keep a close eye on their own operational compliance, but must also strengthen the compliance awareness of their global value chains.”
NEW RULES POINT THE WAY
The SASAC issued the Guidelines for the Compliance Management of Central State-owned Enterprises (for Trial Implementation), and the NDRC, together with six other authorities, jointly issued the Guidelines for Compliance Management in the Overseas Operations of Enterprises at the end of last year. With these, the compliance management work of enterprises under the central government has entered a new phase.
1. Stress on comprehensive compliance. As required by market and business development needs, there has consistently been an intrinsic need for compliant operation, mainly manifested in the past via certain compliance topics. Under the new requirements, comprehensive compliance management is increasingly prominent. Comprehensive compliance requirements are manifested both in terms of overseas compliance demand and domestic compliance requirements.
2. Stress on system compliance. Compliance management in Chinese enterprises is currently addressing bringing disparate pieces under a whole system, while also paying attention to specific items. Enterprise groups are required to strengthen compliance system development through integration of the points with the whole, and of the higher with the lower.
Internally, enterprise groups need to adopt a compliance philosophy that is commonly accepted, a step-by-step compliance plan, and organized compliance assessments, not only enhancing compliance management but also achieving the remaking of enterprise management procedures through the co-ordination and integration of the group head office, with its business lines and with compliance-related departments.
3. Stress on long-term compliance. Compliance management is a long-term task that requires long-term planning, continuous improvement, and, in light of the enterprise’s own business development and changes in external situations, moves and acts in response to situations. (The above are all personal opinions.)
Gao, from Zhong Lun, says there has been a marked rise in the number of SOEs subject to investigation or assessed with penalties by foreign regulators in recent years. “In the age of trade wars, each country will strike out with precision at other countries’ systemically important enterprises that threaten its economy and industry,” he says, “and compliance is one of the sharpest weapons in their arsenal.”
Shaun Wu, a partner and chief representative of Kobre & Kim’s Shanghai office, agrees that increased risks tied to bilateral tensions with the US have put China’s biggest companies in the spotlight. “2019 has marked a year where companies need to be abnormally sensitive to risks associated with national security, whether it is tied to trade sanctions violations, or evolving cyber security regulations from overseas jurisdictions,” says Wu.
From documents issued by the central government, it can be seen that as early as 2013, the SASAC issued the Guiding Opinions on Strengthening the Prevention by Central State-owned Enterprises of Legal Risks in Their International Operations. It was also the year in which the Belt and Road Initiative officially became a state strategy.
Gao notes that the compliance awareness of the management of numerous SOEs has markedly increased, and that many SOEs have independently established compliance departments and commenced the systematic development of compliance rules.
“In reality, many compliance-related rules have long existed in SOEs, it’s just that they have never come together as a system,” Gao says. “After the ZTE incident, many SOEs began the systematization of their compliance rules. Furthermore, due to the nature of SOEs themselves, the provisions in certain rules are stricter and flexibility is more limited.”
Gao also notes that many SOEs that “have gone global” now attach a great deal of importance to studying regulations and policies, as well as the business environment of the host countries and, at certain forums and symposiums on foreign regulatory regulations, one will often catch a glimpse of the compliance management personnel of certain SOEs.
Wu, from Kobre & Kim, says these executives and legal teams are not just attending conferences and summits, but have also indicated a willingness to learn from experts abroad. He says in-house compliance in the past fell under the jurisdiction of the Central Commission for Discipline Inspection (CCDI), but that typically focuses on violations of party discipline rather than adherence to international legal and regulatory norms.
Within the past two to three years, however, in-house legal teams have evolved. Wu says one of the trends is carrying out stress testing. “SOEs have recognized the value of stress tests and other assessments of their compliance programmes,” he says. “[Stress tests] may involve having an independent examiner or monitor carry out a test of the systems in place by reviewing internal policies and interviewing business managers or employees for adherence to the compliance programme, and identifying any irregularities or areas of weaknesses.”
The above-mentioned trend has been substantiated by in-house counsel. China Life Capital’s Su says that, with a view to guarding against and mitigating financial risks, the company’s internal control, compliance and risk management have all moved in a more stringent direction in the past two years; in the first eight months of 2019, the SOE has conducted nine self-examination and appraisal exercises.
Optimization of rules implementation. Xiao Aihua, a partner at Tian Yuan Law Firm in Beijing, mentions that, notwithstanding the fact that development of compliance rules in SOEs has started to take shape, there remain problems in implementation including:(1) previously formulated compliance rules no longer satisfy current requirements; (2) when the rules are formulated, less than full consideration is given to the enterprise’s own situation, making the rules relatively difficult to implement; and (3) internal training is lacking or insufficient, for example, the compliance awareness of management is increased, but is not necessarily rooted in the awareness of lower-level employees”.
Gao, from Zhong Lun, recommends that while improving its compliance rules, an SOE should gradually establish its compliance culture through such means as regular employee training so that compliance rules receive effective implementation.
Liu, from King & Wood Mallesons, says enterprises under the central government and SOEs do not place the same emphasis on compliance matters as multinational corporations, and they trail behind multinational competitors in terms of implementation, assessment, monitoring and improvement of compliance policies.
“In the great majority of circumstances, [SOEs] are unable to perform as multinationals do, carrying out thorough investigations of, and dealing with, the compliance violations of their employees, even those of their management,” says Liu. “In the cases that we have handled, the attitude of management in pushing the investigation of issues reported from either outside the company or within is insufficiently active or resolute.”
In addition to insufficient effort in implementation, Liu says that because large enterprises under the central government and SOEs are subject to the existing regime, the internal compliance system is often complex, byzantine and chaotic. “In a typical situation, each of the disciplinary, auditing, legal and compliance departments will be doing its own thing, but when a compliance issue is really encountered, which department specifically has responsibility, and which duties each has, are unclear,” he says.
Kate Yin, a partner at Fangda Partners in Beijing, says that the business of large SOEs usually develops along multiple lines, involving numerous industries and covering several countries or regions, and they face severe difficulties in establishing and implementing a compliance system. Accordingly, she recommends that the “client has to comprehensively consider the risks in all of the enterprise’s business lines, at the risk identification and assessment stage, and at the implementation stage it can select a representative enterprise in each of its business lines to serve as a pilot unit, and progressively expand the same from the pilots to its other units.”
Lessons can be drawn from certain experiences of multinational corporations. “Before issuing rules, foreign enterprises will evaluate and discuss them in detail, and ensure that they can be implemented before issuing them,” says Yin. “Once rules have been issued, not only will they fully disseminate them through training, but they will also do a follow-up check after they have been implemented for a period of time, to see if they have truly taken root. When necessary they will also consider ensuring their implementation through computer-mediated means, for example, by adding a compliance approval stage in the online approval system.”
Attention to the issue of anti-corruption. In recent years, China has been striking hard against corruption. But as Liu from King and Wood Mallesons observes, in the past two years the problems of bribery and corruption still exist in SOEs. “Particularly for management of central SOEs, and SOEs that hold dominant positions in their markets, as they hold significant management and decision-making authority, the problem of bribe solicitation and acceptance still exists,” he says.
“The reason that the problem of bribe solicitation and acceptance in multinational corporations is not as marked can mainly be attributed to their reliance on powerful internal compliance systems; in [domestic] private enterprises, it is usually the problem of offering bribes that frequently rears its head, with the taking of bribes much rarer.”
Clarification of compliance department’s role. Gao, from Zhong Lun, says that the compliance department, as the key line of defence in examining whether the enterprise’s acts are compliant, should have a certain degree of independence. In addition to having one dedicated senior executive position to manage the compliance department, such a department needs to establish its own independent management system and work procedures, have an official and independent status, and be able to objectively and independently express its compliance opinions and offer compliance recommendations, free from being affected by performance evaluations by another department or conflicts of interest with other departments.
Xiao, from Tian Yuan, notes that many SOEs have an audit compliance department or legal compliance department, but few have established a compliance department specially. “As compared to whether the compliance department is independent, perhaps having an organ that is sound and strengthening the implementation of systems is more important,” she says.
SOEs and central SOEs have often had many years of practice in enterprise governance in accordance with the law, and risk management and control. Yin, from Fangda, says there is no contradiction between the establishment of a compliance management system and an existing legal risk management system, internal control system, or risk control system of a company; in fact, they are mutually reinforcing.
“The purpose of the compliance management system should be to guard against major legal liability and avoid the enterprise incurring material losses due to non-compliant acts, not keeping a close eye on all potential legal risks,” she says. “When considering how to establish a compliance management system, the tailoring and design of the system should be based on the enterprise’s actual business and current state of its management. For example, such high-risk areas as anti-corruption, anti-monopoly, trade sanctions and export controls should be designated as key areas subject to compliance management and control.”
Gao also stresses that the coverage of compliance management work needs to be comprehensive, but the compliance department should not become directly involved in the various aspects of business operations, and should instead be expressing opinions on the prevention and control of compliance risks.
“For certain compliance tasks for which direct management by the compliance department produces good results, or which require a certain degree of concentration – e.g., the formulation of anti-corruption, anti-embezzlement and anti-monopoly review guidelines, as well as such matters as the internal reporting of compliance violations – the same should be directly managed and controlled by the compliance department,” he says, “whereas, for other tasks, the responsibilities should be clearly demarcated and the compliance department should only be offering the relevant departments such support as co-operation, supervision, training, etc.”
Enhancing position of the compliance officer. Liu, from King & Wood Mallesons, says that where disciplinary, auditing, legal and compliance departments are all present, the position of the compliance department and the chief compliance officer, as an employee of a new department in an SOE, is not very high.
“Central SOEs and SOEs generally implement a chairman of the board or general manager responsibility system, which means that the compliance officer reports to the chairman of the board or the general manager of the company,” he says. “This easily results in a situation where the authority of the compliance officer is insufficiently independent and adequate, with his or her authority to speak usually subject to the company’s commercial decision-making.”
In contrast, the compliance officer of a similar multinational corporation is accountable only to the officer at the next higher level of his or her department, not to the management of his or her company. “For example, the compliance officer of the China region reports to the compliance officer of the Asia-Pacific region, and the compliance officer of the Asia-Pacific region reports to the global chief compliance officer,” says Liu.
Liu says he has also heard that the remuneration of corporate compliance people in central SOEs, SOEs and even private enterprises tends to be on the low side. “If the remuneration is not attractive, not only does it make it impossible to recruit suitable talent to fill compliance positions, but it also gives the impression that the company attaches insufficient importance to the compliance department, and the internal resources made available to the entire department are also insufficient,” he says. “This results in a situation where the skills of the compliance department are insufficient when it is required to thoroughly implement the compliance policies in the enterprise.”
To prevent such a circumstance from arising, Liu says a multinational corporation will allow a compliance officer to concurrently serve as a vice president of the company, paying him or her remuneration equivalent to that of management in order to highlight the value of his or her position within the enterprise.
“From the perspective of internal status, the compliance officer should have the same rank as the company’s general counsel,” he says. “Under ideal circumstances, he or she should have the opportunity to attend board meetings in a non-voting capacity, thereby preventing a situation where he or she is accountable only to the general manager or chairman of the board, and allowing him to report on his or her work to the board.”
Familiarity with international regulatory frameworks. Wu, from Kobre & Kim, says the World Bank Group has its own set of Integrity Compliance Guidelines, as well as Procurement Regulations that outline standards required to prevent corruption, fraud, collusion, coercion and obstructive practices. “The more familiar SOEs are with these international regulatory standards, the easier it would be for them to engage with us as external experts in this area,” he says.
Status quo of compliance management in Chinese enterprises
The compliance risks faced by Chinese enterprises mainly include credibility crisis, commercial bribery, monopoly, antitrust violation, environmental protection, anti-money laundering, tendering and contract management, project delivery, donation and sponsorship, and third-party associated compliance risks. For those Chinese enterprises with overseas operations, not only they would need to comply with China’s laws and regulations, institutional norms, industry practice, and professional ethics, but they would also need to satisfy the compliance requirements of the countries or regions where the Chinese enterprises operate.
In respect of establishing the compliance management programs, the following circumstances often stand out in Chinese enterprises when comparing with foreign-invested enterprises:
1. The compliance awareness fostered within Chinese enterprises requires further strengthening, with insufficient incentives to manage compliance functions. In contrast, foreign-invested enterprises have long been operated under a comparatively mature regulatory system. Consequently the compliance management system and compliance awareness are at a relatively mature state.
2. Compliance, internal review, disciplinary inspection and other functions under the accountability system usually co-exist within Chinese enterprises, which may create ambiguity around segregation of functions or gaps within the management system.
3. Chinese enterprises are often well positioned in their respective industries, involving a large number of customers, vendors and other business partners. The establishment of a successful compliance system in Chinese enterprises will set examples for the other enterprises within the ecosystem to follow.
For Chinese enterprises that are still at the initial stage of setting up their compliance management systems, we have the following recommendations for enhancing them:
1. Under a top-down approach, establish a compliance committee and designate qualified personnel to run, organize and participate in training activities, thereby enhancing the corporate compliance awareness in Chinese enterprises.
2. Based upon the industry and operational circumstances, as well as the various compliance guidance published by the governments, perform a comprehensive analysis on the spectrum of compliance risks faced by the Chinese enterprises, and establish a compliance management framework. The enterprise can conduct a comprehensive evaluation about the established compliance management framework, including the setting of compliance management objectives, the job duties of professional personnel, the setup and operation of existing processes or control points, continuous communication and improvement, training and reporting. The enterprise can further improve its compliance management assessment based on the results of comprehensive self-evaluation.
3. Conduct timely testing on the established compliance management framework, analyze the reasons for the identified gaps and make improvement accordingly. Continue to monitor internal and external enterprise risks, and make adjustments to the existing compliance management framework according to the changes of risks. Led by the compliance committee or qualified compliance personnel, with the support from senior management, implement the compliance gaps identified by the government supervision units and the corresponding recommendations for improvement.
4. Consider seeking advice from professional consultants in addressing issues around the establishment, implementation and optimization of compliance framework.
(The views reflected in this article are the author’s and do not necessarily reflect the views of the global Ernst & Young organization or its member firms.)