An effective approach to anti-commercial bribery compliance

The compliance mechanisms of foreign-invested enterprises (FIEs) are usually designed for compliance with foreign anti-corruption laws, such as the United States’ (US’) Foreign Corrupt Practices Act (FCPA) or the United Kingdom (UK) Bribery Act, and ignore the more extensive requirements under Chinese anti-commercial bribery laws. 

Kevin Gao, Working Group Coordinator for the European Chamber, cautions against this approach and recommends that FIEs cover themselves fully by building up effective prevention and supervision systems with regard to anti-commercial bribery compliance under the new regulatory environment of China. The penalties for not doing are simply too great.

Feasible and effective anti-commercial bribery policies are the cornerstone of effective anti-commercial bribery systems, which can systematically guarantee the compliance of enterprises’ daily operations with the relevant laws, and prevent, supervise and punish non-compliance. Some enterprises merely lay down in the employee handbook requirements that forbid employees to accept bribes, without setting up any effective ‘prevention and control points’ or systematic precautions against ‘risk factors’. Such anti-commercial bribery policies are nothing more than slogans.

A set of systematic anti-commercial bribery policies generally include a general summary and specific sections. The summary provides for general compliance policies and the arrangement of ‘prevention and control points’, such as departments of approval, supervision and investigation. The specific sections detail rules and unambiguous precaution and supervision mechanisms. They also introduce the common types of red flags for various ‘risk factors’, and lay down, among others, approval procedures and relevant forms, compliance undertakings and contract templates applicable to enterprises generally.

Summary of policies

The summary usually includes details on the abstract of policies, legal rules, responsibilities and supervision, whistleblowing, investigation, training and policy promulgation rules. The abstract sets out the determination and stance of the enterprise to curb commercial bribery—the ‘tone from the top’—and the core framework of compliance policies. For example, a compliance statement issued by the CEO of a company may prohibit any employees or senior management personnel from engaging in, directly or indirectly, any corrupt behaviour with government officials or business partners for the purpose of obtaining improper benefits, and assert the company’s zero tolerance approach to any non-compliance. This section also explains that the policies are aimed at providing behavioural guidance to enterprise employees and representatives with regard to ‘risk factors’.

The section for legal rules briefly explains the legal framework that must be followed. Relevant laws and regulations under this framework include the Anti-unfair Competition Law and its implementation rules, and the Criminal Law and its judicial interpretations. It also includes other relevant anti-corruption and anti-commercial bribery regulations and policies in China, including industry rules and bidding regulations. US-listed companies or FIEs must also briefly introduce foreign anti-corruption laws that are applicable to them, such as the US’ FCPA and the UK Bribery Act. This section should also outline to employees the potential damage to the company and individuals that could be brought about by non-compliant behaviour – both the individual and the company deemed to have violated anti-bribery laws may be liable for punitive action, such as fines, criminal imprisonment and even the death penalty in extreme cases. It can also have a knock-on effect, for instance the company may be barred from participating in government procurement, or its import and export level might be downgraded.

The section for responsibilities must specify ‘prevention and control points’, the responsibilities of each department and the person whose duty it is to enforce compliance policies, as well as relevant policies to ensure the effective performance of such responsibilities. For example, a manager of a company, such as the CEO, has the responsibility to make sure that relevant compliance departments can effectively enforce compliance policies (i.e. the availability of manpower and resources); the compliance committee and audit committee are responsible for supervising the effective enforcement of anti-commercial bribery policies; the risk control committee is responsible for identifying compliance risks of the company in a regular and timely manner. The legal/compliance department is responsible for, among other things, ensuring the timely updating of compliance policies, effective training of employees, prompt responses to compliance-related inquiries, and effective supervision of compliance enforcement. The human resources (HR) department is responsible for, among other things, ensuring the provision of compliance training of employees when they join the company and, from time to time, the effective enforcement of policies regarding the hiring of children or other relatives of former or current government officials or of business partners, and the prompt punishment of non-compliant persons.

The section dealing with supervision must specify the personnel and team responsible for policy supervision and should lay down reasonable and effective supervision policies. Detailed policies regarding expenditure in relation to high-risk factors should also be set out. The compliance department or internal audit department must conduct selective examinations of marketing and sponsored events to ensure the authenticity and compliance of expenses being charged. The company must also conduct periodic internal audits to scrutinise procedures for anti-commercial bribery compliance, selective examination, and training and supervision of third parties.

There should also be a section that clearly defines whistleblowing procedures and complaint rules, as well as an ‘anti-retaliation’ policy. The whistleblowing policy encourages current or former employees, outsiders and business partners to blow the whistle or complain about any non-compliant conduct of employees and business partners, and ensures the anonymity and confidentiality of such individuals, for instance, by setting up a separate hotline or mailbox for whistleblowing. The personnel responsible for managing whistleblowing and complaints should be independent of business departments. The ‘anti-retaliation’ policy ensures that the company does not allow any retaliation against whistle-blowers. In the case of any retaliatory conduct, the company must protect the whistle-blower and severely punish the retaliator.

The section on investigation sets down principles and basic mechanisms regarding investigation, for instance, which department is responsible for handling compliance issues identified through compliance whistleblowing, government investigation or otherwise. Employees are required to cooperate with the company during investigations, and relevant departments should conduct investigations in a timely manner, keep in contact with whistle-blowers and notify whistle-blowers of final decisions. This section should also include, among other things, the punishments that may be imposed by the company, along with employees’ consent to the company’s dismissal of any employee by reason of his or her violation of anti-commercial bribery policies.

There should also be a section that deals with training and promulgation of policies and undertakings of employees relevant to anti-commercial bribery policies. Employees should sign letters to confirm that they will comply with relevant policies. The HR or compliance department should keep the records of attendance for training, training materials, training appraisal results, confirmation letters and other relevant information.

‘Risk factor’ policy

The content of the specific sections can vary depending on the circumstances of different companies, but generally covers prevention and control systems regarding the following risk factors: gifts, entertainment and sponsored trips, marketing and promotional activities; charitable donations; sponsorship events; the retention and management of third parties; the hiring of children and other relatives of former or current government officials or of business partners; expense application and reimbursement; anti-corruption compliance due diligence for investment, merger and acquisition projects and post-merger supervision; and the free delivery and supply of products.

‘Risk factor’ policies usually contain basic principles, approval procedures and authority regarding the prevention and supervision of ‘risk factors’, ‘risk signals’, standard forms, compliance undertakings and contract terms. For example, with regard to the retention and management of third parties, there are usually three types of third parties: downstream suppliers, customer-end distributors or agents and special service suppliers such as law firms, consulting firms, and travel agencies. The management of third parties can be divided into three phases, namely the early-, mid- and late-stages.

Early-stage management refers to a series of procedures to examine and verify a third party before retaining it. For example, a company should specify selection standards and approval procedures for third parties, which should be done in cooperation with business departments. Anti-corruption due diligence on third parties should be conducted. Third parties are required to sign anti-commercial bribery undertakings, and relevant anti-commercial bribery provisions should be contained in contracts. Anti-commercial bribery training should also be provided to third parties.

Mid-stage management refers to the mechanisms of supervision and examination for third parties during the period from the execution of the retaining agreement until the termination of the business relationship, for instance, the establishment of a supervision system, whether it be periodical supervision or random inspection.  A rating system also needs to be established whereby third parties are rated according to their performance in the supply of products and services, especially their performance in enforcing anti-commercial bribery provisions. Investigation against a third party should be initiated after the company receives any whistleblowing against such third party, or it is found to be suspected of any violations.

Late-stage management refers to the mechanisms of punishment and treatment for third parties after the verification of their violations. For example, terminating cooperation with the third party, consulting with the third party, imposing punishment on relevant persons, giving a warning to the third party or making a claim for indemnification, in which case consultations with the third party are also required, and it would be better if relevant provisions are set out in agreements with the third party.