The Environment

Entities operating in China have long dealt with China’s tradition and culture of gift giving and favor exchange. Coupled with a reputation that entities operating in China face governmental and commercial corruption and increasing anti-bribery regulations globally, managing bribery risk has become more important than ever.
In recent news, a large British pharmaceutical company allegedly had used travel agencies for six years as intermediaries for bribes given to Chinese officials and doctors to illegally boost sales and raise the price of its medicines in China. In 2010, a large car manufacturer was accused of paying bribes over a long period to secure deals in China and other foreign countries.
In the case of the pharmaceutical maker, the Chinese government investigated and uncovered the alleged bribery and fraudulent practices. In the case of the auto manufacturer, US regulators conducted the investigations over the alleged bribes. Scandals of this nature could have other serious consequences for an entity, affecting its ability to do business and sign deals, its ability to borrow money, or even the ability to remain a public company on a listing board. These types of scandals carry potentially adverse legal, regulatory, and reputational consequences.
The UK Bribery Act (2010) came into force in July of 2011 and carries potential penalties including fines, imprisonment and property confiscation. One new offense which comes as a consequence of the Act is if an entity fails to prevent bribery. The Act does allow a defense for entities which can demonstrate they have implemented what it terms as adequate procedures for preventing bribery and other prohibited activities.

Managing Risk with Adequate Procedures

Guidance issued by the UK Ministry of Justice in 2012 notes that adequate procedures are those which identify risks and also prevent deliberate and unethical conduct. The Guidance noted six key principles for adequate procedures, proportionality of procedures in place to the risks faced by the entity, commitment by the top levels of management of the entity, appropriate risk assessment procedures, adequate due diligence, communication and training, and finally, monitoring and review procedures.
A comprehensive compliance program will incorporate all of these principles, including a thorough annual risk assessment. An annual risk assessment, as part of an entity’s annual compliance procedures, is one way an entity can understand the extent to which potential events might impact the company’s objectives, including those objectives related to the China regulations or UK Bribery Act or the US Foreign Corrupt Practice Act (FCPA) compliance. A risk assessment is different to an annual statutory audit, which focuses on the accuracy of the accounts and compliance with accounting and tax regulations. Whilst auditors may carry out some basic internal control checking and some reasonableness testing on certain expense lines, it is does not look business risk.
This risk assessment assesses likelihood and impact of risk occurring while doing business in China. The assessment identifies and evaluates possible responses to risk.
In that process, management evaluates options in relation to entity’s risk appetite, cost vs. benefit of potential risk responses, and degree to which a response will reduce impact and/or likelihood. Responses are selected and executed based on evaluation of the portfolio of risks and responses.
Control activities are the policies and procedures that help ensure that the risk responses, as well as other entity directives, are carried out. They occur throughout the organization, at all levels and in all functions.
In 2011, a global retailer voluntarily announced an internal investigation over permitting, licensing, and inspections in their China operations, and whether those were in compliance with the US FCPA. This investigation resulted from their annual compliance procedures and highlights how effective annual monitoring can identify potential areas of remediation and allows an entity to control risk.
Improving governance and internal controls practices to avoid risk can also help an entity maintain healthy relationships with its stockholders, lenders, vendors, and customers. It’s one way to ensure what an entity’s competitors and investors think about its competence, integrity, economic health.