As a holding company (or parent company), its business is mainly operated by its subordinate enterprises. The company is mainly responsible for the control and management of its subordinate enterprises and its profits mainly come from its investment in them.
The management penetration risk faced by holding companies refers to the fact that, due to the unclear boundaries of rights and obligations between the parent company and the subordinate enterprise in internal control system management and an internal decision-making mechanism, when the subordinate enterprise is involved in disputes, the external third parties investigate the legal liability of the parent company by “piercing the corporate veil” and also other means.
Because the parent company or its subordinate enterprise violates regulatory requirements or other obligations, relevant regulatory authorities, judicial departments or external third parties require the parent company to assume legal liability.
This article mainly analyses the following two types of management penetration risks.
(1) The parent company’s control over its subordinate enterprises is based on its status as controlling shareholder, actual controller, trustee and participating shareholder. Under these modes, risks may arise because of improper management decisions, unclear management boundaries between superiors and subordinates, and unclear rights and obligations among different legal entities.
(2) If the parent company is involved in the heavily regulated industry, or if listed companies are involved, risks may arise due to investigation by the supervisory departments or judicial departments when the company exercises the supervisory and control functions over the subordinate operating entity.
Analysis of legal risks
The author takes a state-owned holding company with investments covering healthcare, real estate, finance, etc., and to which several listed companies are subordinated, as an example to preliminarily sort out the risk points based on the company’s qualifications, regulatory areas and industries (see table).
LAWS AND REGULATIONS INVOLVED
LEGAL RISK POINTS
LEGAL PERSONALITY AND NATURE
• The company’s actual controller disposes of the company’s property maliciously after the company’s dissolution.
• The company cancels its registration without liquidation, which makes it impossible for the company to liquidate. The creditors claim that the actual controller of the company shall be liable for the liquidation of the debts of the company.
• The shareholders of the company abuse the independent legal personality and limited liability of shareholders.
• The shareholders of the company make false capital contribution or withdraw capital contribution.
Governance Guidelines for Listed Companies and Measures for IPOs
• Listed companies are confused with their controlling shareholders and actual controllers in terms of personnel, assets and finance.
• Controlling shareholders and actual controllers of listed companies engage in the same or similar business as listed companies.
• The related party transactions between controlling shareholders and actual controllers of listed companies and listed companies are not standardized.
Regulations on healthcare, real estate and financial management
• The sponsors and shareholders of medical institutions shall have the obligation to supervise and guide the medical institutions.
• Real estate development enterprises are revoked of their business licences or real estate development qualification certificates due to illegal activities, resulting in shareholders being restricted from engaging in real estate development and operation or being unable to obtain new granted land use rights.
• Banking financial institutions violate prudent operating rules and their actions seriously endanger the sound operation of the institutions, and impair the legitimate rights and interests of depositors and other customers, resulting in the transfer of equity of controlling shareholders of the company or the shareholders’ rights being restricted.
The author believes that, in addition to the situations listed in the table, special attention should be paid to the management penetration risks that may be involved in the articles of association, internal management system and relevant agreements or arrangements. For example, will the controlling shareholders and actual controllers stipulated in the articles of association and internal management system seriously affect the principle of corporate independence of subordinate enterprises (such as the confusion of property, personnel or body, and fund occupation by large shareholders, etc.)? Are there any illegal and irregular activities in operation and management, such as de facto qualification affiliation and borrowing? All these may lead to the risk of holding companies being required by the relevant regulatory authorities, judicial departments or external third parties to bear legal liability.
Response to risk
The controlling company’s management penetration risk involves complex situations, numerous regulatory areas and industries, and is bi-directional. Once risks occur, both the parent company and the subordinate enterprises may cause unfavourable legal responsibilities or consequences due to violations or breach of contract by the other party, or both parties. In view of this, the author has the following suggestions.
First, engage lawyers to sort out and identify the risks that may involve the company, and quantitatively analyze the risks of a legal nature of the subordinate enterprises, the regulatory areas in which they are located, and the regulatory requirements of the industry.
Second, in view of the causes, levels and frequency of risks, formulate risk response strategies and measures accordingly, including, but not limited to, establishing an internal control management system and decision-making approval mechanism in accordance with the law, ensuring participation in the management and decision-making of subordinate enterprises in accordance with regulations in the form of shareholders’ meeting, board of directors, and appointing of senior management and supervisors, and strictly abiding by relevant regulatory provisions and requirements in their areas and industries.
Third, the company should carry out informationized and normalized risk management, such as forming a document of risk, sorting it and importing it into a corporate office administration system, and timely updating and improving it on an annual basis, establishing and improving a long-term mechanism of risk control and regular management.