By Control Risks
Even in the best of times, visits from the compliance department have rarely been causes for celebration. As one of our clients, the head of global compliance for a major multinational, said, “I feel like I’m their mother, telling them ‘No’, ‘Don’t do that’ and ‘Put on a sweater, I’m cold!’” Although certainly not justified, this view of compliance as a barrier to business getting done, rather than as a business enabler, is quite prevalent.
But in China today, this cannot continue in the midst of what President Xi Jinping is calling thenew normal: a perfect storm of economic restructuring, a sharp focus on the rule of law, and the increasingly aggressive enforcement of those laws. In stressful times where compliance is critical, the tendency for aggressive parenting from the compliance department makes sense; however, instead it is a perfect time to re-think compliance at an even deeper level: how companies can operate legally under a changing set of norms and how their compliance function can support and lead that effort.
Stuck in the middle
China’s new normal started in early 2013 when Xi let it be known that his administration was not going to be business as usual. In a relatively short period of time, we have seen a series of sector investigations—in electronic consumer goods, dairy products, pharmaceuticals, automotive, and computer software—and deep-dive probes into the party to identify “disciplinary issues.”
High-profile trials have ensued, resulting in massive fines and lengthy jail sentences. Xi and others throughout the administration have consistently indicated this is the “new normal” and that everyone needs to get used to some of its challenging new features:
- The economic slowdown is very real and multinational corporations (MNCs) need to assume they will not be able to grow as fast in China as they used to. Market share gains will be made more by taking from competitors—many of them newly emerging Chinese players—rather than exploiting “blue ocean” opportunities.
- Chinese laws—particularly anti-bribery and anti-monopoly laws—are still quite vague and open to broad interpretation and, in some cases, politicisation. There is no Chinese equivalent to the Foreign Corrupt Practices Act; rather, there is a collection of statutes (some still in draft form) that authorities may select from to prosecute violations. We are also starting to see more aggressive enforcement of environmental and food safety laws in China.
- Chinese regulators—particularly the Administration for Industry and Commerce (AIC) and the National Development and Reform Commission (NDRC)—are increasingly aggressive in their enforcement and almost seem to have “quotas” to fulfill. MNCs are facing increasing inquiries and investigations at local and national levels.
Compliance is more than what we are required to do
This new normal is putting MNCs in a very difficult position: we know we need to comply—in fact, we want to comply—but what are we supposed to comply with? Under vague rules, we do not know the exact requirements; and when we do not know the requirements, how are we supposed to comply with them?
Control Risks believes this confusion, while challenging for businesses, provides an opportunity for the compliance function to add value to an operation in ways rarely before seen. Rather than being seen merely as internal police, compliance must step up and become a strategic adviser to senior executives as they make critical decisions regarding their China operations. We recommend three areas that compliance professionals need to newly own (or at least co-own) in their operations:
- Risk assessment To effectively manage compliance, companies need to have a deep understanding of the risks along their value chain. Where are the primary sources of threat? What are the mechanics of the risks (for example, how do bribes work in your industry)? What are your own vulnerabilities? Typically, risk assessments are owned by a company’s security or legal functions, but in the new normal environment, we believe compliance needs to at least co-own this to identify where protection and mitigation strategies should be implemented. This is not about completing a once-a-year risk exercise for the board; it is about knowing every inch of your value chain, and where and how corrupt or monopolistic behaviour can occur.
- Stakeholder mapping and management The reality of the regulatory environment in China these days—including aggressive enforcement of often vague laws—is that problems are more political in nature than they are legal, and companies need to have a deep understanding of the players in regulatory enforcement and industrial reform for their specific sector. The traditional map of stakeholders is changing all across China—there are more interested parties and they are ever more fragmented. The compliance function needs to work with government affairs and others in their company to identify who has interests in your business and how you can work with them to find mutually beneficial solutions.
- Strategy Too often compliance is (wrongly) conceived only in terms of policies and procedures—how to prevent something bad from happening. But good risk mitigation starts long before policy is set; it starts at the level of strategy. China operations can no longer be just about growth; they must be about sustainable growth. Companies need to ask themselves “How can the growth we realise in the short term continue into the longer term?” This means the definition of your addressable market needs to include operational risk. Are there market segments where you know bribes and kickbacks are more common? If so, these may not be considered “addressable.” The compliance function should participate in identifying opportunities and deciding if and how to exploit them.
From parent to partner
The new normal in China is requiring the compliance function to move beyond the role of the stern parent and into something truly strategic, advising senior leadership on decisions to lower risk and improve business performance. Only then will we truly be able to say that rather than just a safety mechanism, compliance can be a competitive advantage.
About the author: Control Risks is an independent, global risk consultancy specialising in political, integrity, and security risk. They help some of the most influential organisations in the world to understand and manage the risks and opportunities of operating in complex or hostile environments. For questions or further information, please contact [email protected] or [email protected].