Five tips for managing corruption risks

China contributes around one quarter of the world's economic growth. With a population of 1.4 billion people and a rapidly-growing middle class, it is little wonder that the country exerts an irresistible attraction on foreign organisations seeking new markets and growth opportunities. Impressive as these statistics are, the Chinese market also presents a number of challenges, including the risk of corruption. The Chinese government is making a determined, and very public, effort to tackle this issue with a growing number of high profile investigations and prosecutions. Local Chinese regulators and enforcement agencies are also increasingly active in enforcing commercial bribery laws in the private sector. As a result, foreign organisations operating in China are faced with a dynamic environment where anti-corruption compliance must be a core component of their business model.

The PRC Criminal Law (中华人民共和国刑法) and the PRC Anti-Unfair Competition Law (中华人民共和国反不正当竞争法) are the primary pieces of anti-corruption legislation applicable to organisations doing business in mainland China. These organisations must also take into account the potential international reach of legislation in their home country or in the jurisdictions where their securities are traded. Statutes such as the US Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act, for example, have the potential to apply to a multinational organisation and regulate the conduct of its employees in China. An organisation should develop a comprehensive strategy to ensure that it is adequately protected from the risks of both civil and criminal prosecution arising from any improper conduct in China.

1. Identify and assess the risks

Managing corruption risk requires a robust and proactive approach to assessing how and why corruption-related issues can arise in China. All too often, the first indication that there is a problem is when a whistleblower makes a report or a Chinese regulator or enforcement agency announces an investigation. The directors and executives back at corporate headquarters are often left wondering how the organisation failed to identify the risk.



When investing or contracting in China, it is particularly important to tailor these strategies to ensure that cultural differences and language barriers are adequately addressed. This requires a detailed and sensitive understanding of Chinese business culture and the inherent legal risks that can result. Failure to appreciate the differences between the Chinese and Western approaches to doing business as well as the potential impact of local practices on a Western business operating in China almost guarantees that a risk assessment exercise will be unsuccessful before it has even begun.

Guanxi, or relationship building, is the traditional basis of building and doing business in China, where the concept of legally enforceable contracts remains a relatively recent innovation. Guanxi is based on developing relationships, often by exchanging favours, including gifts and entertainment. This Chinese custom of gift giving in a business context frequently strikes many Westerners as unusual and, in some cases, at odds with applicable rules and regulations. Indeed, from a risk management perspective, guanxi can magnify the compliance challenges facing an organisation, especially when coupled with other issues, such as different practices for maintaining books, records and high employee turnovers.

A factor that further increases the compliance challenges faced by organisations in China is the prevalence of state-owned entities (SOEs) in the Chinese market. As a result, a significant percentage of China's workforce will be treated as foreign government officials – prohibited bribe recipients under the FCPA, the Bribery Act and other foreign bribery laws in many organisations' home jurisdictions. The Chinese government owns approximately 70% of the country's productive capacity, and is the majority shareholder in more than 30% of China's publicly listed companies. SOEs also dominate key sectors of the economy including banking, energy and healthcare. The challenging matrix of domestic regulations and the need for regulatory approvals, which increases the need for and frequency of governmental interaction, also lead to difficulties.

While SOEs play an important role in the Chinese economy, there are also a large number of private organisations. In 2013, the State Administration for Industry and Commerce estimated there were over 40.6 million individually-owned businesses and private enterprises in the mainland. Many of these organisations are still developing their own systems and controls and, as a result, there is frequently a limited (or non-existent) separation between company and personal assets. This can sometimes lead to the creation of separate sets of accounts for off the books dealings and related party transactions – all of which present further risks for the inexperienced investor.

2. Conduct comprehensive due diligence

Conducting and documenting the due diligence process is essential to protecting an organisation operating in China. It is particularly important to address third party risk, which continues to be the most challenging issue facing foreign organisations. Third party agents are frequently used in China and pose significant risk management issues for organisations hoping to enter the market. Engaging corrupt third party agents or investing in a venture or deal that is already tainted by corrupt practices is one of the most common causes of anti-corruption enforcement actions against organisations.

It is crucial to know and understand the business practices of third party partners and agents. To do this and to fully protect themselves, organisations must conduct comprehensive due diligence. Typical due diligence will include gathering background information about a prospective third party agent, partner or target. Key issues to assess can include identifying the third party's beneficial ownership structure, its qualifications, reputation and any connections or dealings it may have with prohibited bribe recipients.

That being said, undertaking a due diligence exercise in the Chinese market often presents its own unique challenges. Legal and financial information is often incomplete or non-existent and the quality of public records varies significantly from one province to another. This situation can be further complicated by language barriers and differences in business culture.

Data privacy is another complex area that comes into play when conducting due diligence. There are a multitude of laws and regulations designed to protect the personal information of Chinese citizens. Unfortunately, none are simple or straightforward. There is currently no single piece of legislation which provides a comprehensive framework covering all aspects of data privacy. Rather, there is an assortment of rules and regulations addressing various matters related to the gathering, use and dissemination of information that has been collated. As a result, considerable caution must be exercised in how this information is used.

In seeking to overcome these constraints, many organisations engage a third party provider to assist with due diligence enquiries. In doing so, organisations must ensure that these third party providers do not themselves engage in corrupt practices in the course of the information gathering exercise. Irrespective of whether background checks and other on-the-ground enquiries are undertaken directly or indirectly, organisations must remember that Chinese laws apply; the investigation and information gathering processes have to be fully compliant with all local laws. Serious consequences can arise if Chinese authorities suspect that local laws have been infringed in the context of the due diligence process.

3. Establish contractual protections

Ensuring that contracts contain adequate protections is important to mitigate against corruption risk. These protections can take a number of different forms, including reinforcing due diligence enquiries, outlining detailed standards of conduct or providing rights and options in the event that improper conduct is suspected or occurs. Regulators in the home countries of many organisations have made it clear that they expect contracts to incorporate these types of clauses and to ensure that all business partners agree to comply with their requirements.

It is also important to appreciate that Chinese parties may not confer the same level of significance to a written contract as their Western counterparts. In China, a written contract is often viewed as one component of a business relationship. For example, if economic circumstances change, a Chinese counterparty may expect to renegotiate the terms of a contract. Contractual enforcement in Chinese courts can also be challenging. Against this backdrop, ensuring contracts contain anti-corruption clauses is clearly important, but is not an adequate means of protecting an organisation against risks of corruption, investigation or prosecution.

4. Develop monitoring procedures

In China, where relationships play such a fundamental role in business, establishing monitoring procedures is critical, particularly when investing in a joint venture or engaging third parties.

For joint ventures, effective monitoring will require investors to review whether a joint venture already has in place the appropriate anti-corruption polices and processes before deciding to proceed with an investment. Without these policies and processes, effective monitoring becomes an impossible task. Throughout the life of the joint venture, regular health checks should also be conducted to ensure policies and processes remain adequate, enforced and consistent with the investor's current approach to anti-corruption compliance. Internal audit, financial controllers, company lawyers and compliance teams are critical in ensuring that any corrupt, or potentially corrupt, behaviour is identified and addressed at the earliest possible moment.

Potential investors can take a number of steps to ensure third parties are effectively monitored. Employees responsible for managing these third parties must be trained to recognise warning signals, including pro forma requests for reimbursement of costs and expenses, abnormally high commissions, discounts or rebates or unusual payment arrangements. Third parties operating in high risk areas, particularly where they have any dealings with government bodies and officials, should be regularly audited at the transaction level. Expectations regarding appropriate standards of conduct must be reinforced through regular anti-corruption training and internal communications.

More broadly, monitoring and audit procedures should include proactive reviews of any high value and high risk transactions. Ad hoc inspections, together with regular compliance audits, are also important and useful tools in reinforcing the organisation's commitment to a compliance culture.

Organisations are well-advised to fully document all the steps they have taken to monitor compliance. Detailed records of all training activities should be maintained together with the results of compliance audits and reviews, and, in particular, the steps that have been taken to address any breach of the organisation's compliance policies.

5. Design and implement a thorough compliance system

Organisations seeking to manage corruption risks need to integrate risk assessment processes, due diligence, contractual protections and comprehensive, ongoing monitoring procedures into a thorough and holistic anti-corruption compliance system.



Exposure to corruption risk is a reality of doing business in many places around the world and China is certainly not alone in posing challenges for organisations. Like many other countries, there are language barriers coupled with significant business and cultural differences and limited access to public source information. There is no one-size-fits all compliance solution for foreign organisations that are either already doing business in China or considering their first investment. Organisations must develop a detailed compliance system based on a full analysis of their business and the risks they face. Increased vigilance has to be their guiding principle.


Kyle Wombolt, Hong Kong, and Jacqueline Wootton, Melbourne, Herbert Smith Freehills


More from CLP:
Interview: Changing the game - Michael Cheng (ACGA)
GSK: A case study
How to deal with the corruption crackdown
How to create an anti-corruption compliance programme
Preparing for an FCPA investigation