China’s ongoing drive to clean up corruption continues to grab headlines, and companies operating in China are now more aware than ever that they need to comply with the law. Although the respective risks are not the same, both SMEs and MNCs need to prioritise putting internal control frameworks in place, says Claire Worledge, Expert Continuous Controls Monitoring at Aufinia Consulting Shanghai. The alternatives are unthinkable.

Everybody in China is talking about corruption these days following the recent USD 490 million fine given to GSK in September and the three-year prison sentence handed down to ex-CEO Mark Reilly. Foreign companies have become more wary of the possibility of the National Audit Office spotlight shining on their door; but perhaps more unnerving is the prospect of disgruntled ex-employees using China’s easily accessible national whistleblowing hotline.

Is there really a risk, though? After all, everybody is doing ‘deals’ to get business done in what is an increasingly competitive market. If all companies in your sector suddenly started abiding by China’s newly updated anti-corruption law, then perhaps you should too – but if you’re the first to come in line, you might risk putting yourself out of business.

Furthermore, who is it at risk? Surely only the employee that is directly linked to the event reported? It may surprise you to learn that all ‘company officers’ are actually at risk of imprisonment, if the cases of corruption are shown to be standard business practice. It is therefore highly recommended that C-level employees ensure that they implement an internal control framework in order to clearly set out the rules for employee behaviour and business transactions.

If you are running an SME, you might not have an internal control framework in place. The first steps for you will be to: (i) write-down corporate rules; (ii) include a mention of them in employee contracts; and (iii) conduct training.

Once the internal control framework is in place you can go to step (iv), which is the monitoring of these controls. However, you may not have the independent resources necessary to monitor your controls. In fact, you don’t need them. It is more cost-effective to monitor compliance automatically using data analysis. Furthermore, data analysis not only enables you to have a high level of transparency throughout your business, it also helps you to pick up on all types of fraud, not just corruption, thus helping you to save money in the process.

A recent study by PwC (February 2014) showed that one in two survey respondents declared they were subject to fraud. The number of identified frauds between 2009 and 2014 has nearly doubled, and the study shows that more than 60 per cent of cases are committed from within an organisation, i.e. by its own staff. Although these figures indicate an increase in attention to this issue, the phenomenon is still not fully understood by corporate managers – both in its nature and as to the risks it implies. Fighting fraud should become a priority for at least two reasons: to be compliant with laws, and also to promote the proper way to manage a profitable and sustainable business.

While definitions of fraud may vary according to different legal systems, it is broadly acknowledged to be a major threat to the financial health of a company, not only damaging profit and loss but also image and reputation.

According to the Association of Certified Fraud Examiners (ACFE), the world’s largest anti-fraud organisation, “Occupational frauds are those in which an employee, manager, officer, or owner of an organisation commits fraud to the detriment of that organisation”. The three major types of occupational fraud are corruption, asset misappropriation and fraudulent statements.

Like some other countries that have enacted specific laws on the subject, China has also incorporated new tools into its legal system to fight fraud, especially into the PRC Criminal Law. One of the key aspects is that corporates can be held liable for the acts of their employees, directors and officers under criminal, administrative and civil regulations. Any entity may be an offender and be held criminally liable accordingly. It is important to understand that directors and officers are also at risk of incurring personal liability for bribery offences or fraudulent activities committed by the companies in which they serve.

If ignorance of the law is no defence for anybody, all companies are not equal when it comes to compliance. Fraud scenarios in SMEs and MNCs are of a various nature; the amounts at stake are different (proportionally, a small embezzled amount may have a huge impact on a small company); SMEs may lack experienced (or even simply dedicated) staff to implement internal controls; and fraud schemes might be far more sophisticated in larger corporations, thus quite difficult to discover.

For a large corporation, fraud risk relating to corruption is especially important, not only because of the personal liability of the company officers, but also because cases that come to light in China may highlight issues to be prosecuted under the UK Bribery Act or the Foreign Corrupt Practices Act.

So don’t fall off the edge, take action and get your internal control framework set up and monitored as soon as you can in order to ensure that you don’t end up battling it out in an unheated, drafty courtroom.

Aufinia was created in 2010, in order to meet the needs of its clients that are currently reviewing different opportunities for the automation of internal audit tests and internal controls. Through collaboration with different software providers, Aufinia supports clients in the choice of tools and strategy concerning the automation of controls. Short-term solutions can be deployed that prepare the way for future fully integrated ERP solutions.