In-House Insights: Marriott International in China

We provide legal support to all our business units across APAC, including support for lodging operations and corporate business services. We also work on restructuring, asset management, labour employment, and legal compliance across APAC, which is a broad geographic area ranging from North Asia to Australia to the Pacific Islands.

More than 50% of my time is spent on China because more than 50% of our APAC business is derived from Greater China

Marriott has a team of eight executives managing the entire $12 billion APAC business. I sit in various committees in which I provide strategic business and legal input to the senior executive team on a very broad range of issues including development of our corporate strategy, social engagement, cultural and talent development, and our long-term business plan. I'm an integral part of the executive team that manages the business.

How much of your work is devoted to China specifically?

More than 50% of my time is spent on China because more than 50% of our APAC business is derived from Greater China. We have close to 400 operating hotels in China, and we are opening three hotels each month there. We have been at that pace for quite some time.

What aspects of Chinese laws require most of your attention?

There are some regulatory changes in China that we monitor very closely, for example the cybersecurity and data privacy laws. China's Cybersecurity Law (网络安全法) is different from the European Union's General Data Protection Regulation (GDPR) in that it has a significant cybersecurity focus in addition to data privacy protection.

We have spent lots of time figuring out how to conduct cross-border transfers of data. As a multinational company, we have lots of guest and employee data that are transferred across the border all the time. So we must meet the regulations today and also, in anticipation of new laws coming out, build our business to meet any future requirements. Anti-trust law is another area that we look at closely, as well as the anti-corruption law. Those are generally the laws that impact all industries no matter which sector you are in.

With respect to the more difficult requirements of the law such as data localization, which is really driven by concerns over cross-border data transfer, these are still at the guideline stage and we are monitoring them very closely

In addition to these general regulatory changes, as a hotel business in China, we are subject to many other legal requirements, for example life and safety requirements, which are a major concern of ours both from a regulatory perspective as well as from our concern for our guests' safety. Food safety related laws are another area that we pay a lot of attention to, as well as some new regulations released earlier this year regarding competition law, which affects our room rates and food and beverage pricing.

Marriott has had issues in the past with cybersecurity. What steps have you taken to ensure compliance with China's Cybersecurity Law passed in 2016?

Since China passed the law, the authorities have issued rules and regulations to interpret it. Some of these have become effective, while some are still at the guideline stage. We have done a lot to comply with the Cybersecurity Law overall. With respect to the more difficult requirements of the law such as data localization, which is really driven by concerns over cross-border data transfer, these are still at the guideline stage and we are monitoring them very closely.

That being said, we are looking at our data infrastructure in China and, this year, we have been making modifications and building our technology infrastructure in anticipation of more of the law becoming effective, so that we can comply with it as quickly as possible.

How do you make sure your Chinese business partners share the same standards and values?

When it comes to making sure our external partners have the same standards, there are a number of measures that we take. We have supplier conduct guidelines that we share with our existing vendors and suppliers, and we remind them that incorporating these guidelines into how they do business is a key criteria for us when selecting our third-party business partners and maintaining those relationships.

When we enter into a relationship, we embed our major compliance requirements and standards in the partnership agreement – a key element of our compliance program

We also do business and legal due diligence on our business partners. We want to make sure they share a similar outlook on how business should be conducted. When we enter into a relationship, we embed our major compliance requirements and standards in the partnership agreement – a key element of our compliance program. We audit our partnership arrangements, investigate all non-compliance matters if there are any issues, and carry out necessary actions to remediate issues that we find.

One of your high-profile partners in China is the e-commerce giant Alibaba who you have entered into a joint venture with to leverage their massive consumer database to increase Marriott's appeal to Chinese consumers online. What were the regulatory challenges that you faced in making this deal happen?

As a U.S.-listed public company, Alibaba operates in a similar regulatory environment to us and have similar compliance requirements that they have to satisfy. Data privacy in terms of how we protect our consumers' information and safeguard it from a cybersecurity perspective is a very important topic for both companies, and we spent weeks discussing it. The good thing is that both companies pride ourselves on having high standards in these areas. It was just a matter of how we introduced oversight in the system that we built together in order to satisfy both companies.

Overall, we had a lot of discussion about these issues, not because one party had a lower standard, but because we both share the same philosophy even though we have different internal processes and policies. We just needed to make sure we married them together in a practical way.

There have been many reports about the business environment in China becoming increasingly hostile to large multinational companies, especially those from the U.S. What are the main risks that you and your team are most worried about today when it comes to operating in China?

As a U.S. company, we are closely monitoring the effects of the U.S.-China trade war on the business environment. The U.S. Commerce Department has issued trade sanctions through its Entity List against Huawei and other Chinese tech companies. We are concerned about talk of the Chinese government retaliating and developing its own "Unreliable Entity List": who are the companies that will be on the list, and what will it mean for them?

When I first joined Marriott, we did not have any hotels in China; we have close to 400 operating hotels today

We have been operating in China for more than 20 years. We employ many staff in China and have contributed to the overall growth of the travel industry in China. We have been very active in terms of promoting various educational projects, such as educating people in the travel and service industries. Overall, we have been a good corporate citizen in China.

That being said, geopolitical risk is there for everyone. We just do not know how this will play out. We are hopeful things will turn out all right, but I would not be honest if I say that we are not concerned about the direction things are heading in.

We have seen numerous examples of geopolitics intruding in the business environment in China in recent years. In 2018, Marriott saw its online booking services suspended for a week in China because of issues to do with territorial sovereignty. What have you done since then to make sure similar mistakes are not repeated?

That incident was really unfortunate. We used a third party software, which was the cause of the mistake (a drop-down list that had Tibet and Taiwan listed as countries). We shut down the website and cleaned up all the errors. Fortunately, there is software available that can detect these types of issues, which we have since deployed. We have also taken other actions as required by the Chinese government to localize our cybersecurity resources in China to prevent these types of issues from happening again.

You have worked for Marriott for over 20 years. Is there anything uniquely interesting about working for a hotel business in China?

China has changed dramatically over the past 20 years. For Marriott, China has been a major success story. When I first joined Marriott, we did not have any hotels in China; we have close to 400 operating hotels today. Overall, the regulatory regime has changed a lot. When we first came to China, the travel industry and the legal system looked very different. The legal system has developed at an amazing pace.

Leisure travel has also really taken off and technology has played a great part in this in terms of payment systems and how people book their travels with their mobile devices and online services

What is interesting in the travel space is how people have started to travel internally in China in addition to outbound travel. That has brought a lot of opportunities. For example, our focus in the past was more towards business travelers from outside China. Today, the majority of business travelers in China are from Chinese businesses.

Leisure travel has also really taken off and technology has played a great part in this in terms of payment systems and how people book their travels with their mobile devices and online services. These are what make the Chinese market really dynamic and a leader in this space in APAC. We are very excited about our growth in China.