Navigating China’s Corruption Storm

Written by Eric R. Carlson, Covington & Burling LLP

Near-daily headlines trumpet new corruption issues in China: the Chinese government targeting a multinational or local corporation, the US government investigating a multinational, a multinational conducting its own internal investigation related to its China operations, or the Chinese government prosecuting a government official for taking bribes from a company.

This article outlines key risks that makes compliance particularly difficult in China and provides suggestions for how companies can mitigate those risks through China-specific modifications to compliance programs and by preparing now for future investigations should a storm hit.

I.  Key Corruption Risks in China

The intersection of a significant level of corruption, massive amounts of foreign investment, and uneven local law regulatory regimes and enforcement combine to make China one of the locations with the most significant corruption risks for multinational companies. Outlined below are some of the key risk factors that make China particularly challenging:

A.  Heavy Government Influence in the Economy and Society

It is probably not surprising that China — and China’s economy — is heavily influenced by government and government regulation. “Traditional” government agencies (e.g., Ministry of Commerce, Ministry of Health, Ministry of Land and Resources) exercise a broad range of regulatory approvals at national, provincial, and local levels.

Laws outlining regulatory approval processes often are drafted broadly, giving agencies — and individual government officials — wide discretion in approving or rejecting regulatory applications, creating potential for companies to use improper influence to curry favor with officials.

China’s massive number of state-owned enterprises (“SOEs”) reach down to the national and provincial levels and occupy significant swathes of the economy, in many cases having monopoly, oligopoly, or similar power, in some sectors making them a company’s key customers. Because of opaque ownership structures and lack of public company information in some cases, it is often difficult to tease out exactly what entities are government-owned, government-affiliated, government-influenced, or purely private.

US enforcement authorities have viewed employees of these SOEs as “foreign officials” under the US Foreign Corrupt Practices Act (“FCPA”). Further, many other entities in China are designated under PRC law as quasi-public institutions (shiye danwei), including most hospitals and medical institutions, universities, research institutions, and many trade associations. In many cases, US enforcement officials are also likely to deem employees of these institutions as “foreign officials.”

B.  Use and Frequency of Third Parties

As in many countries, companies operating in China use a range of third parties — agents, consultants, travel agencies, meeting companies — to outsource tasks that the company does not have the capacity or interest to do in-house. A common approach in China is to also outsource corruption, and many times a third party is hired to get something done — a regulatory approval, a sale to a government-affiliated customer — while turning a blind eye to what the money is actually being used for. In many cases, this is viewed locally as being a perfectly acceptable — even preferred — way to outsource risk. This approach, of course, could violate the FCPA, Bribery Act, and PRC law.

C.  Travel and Travel Agencies

Paying for travel for government officials, customers at state-owned enterprises, or customers at private enterprises can present corruption risks in any country, including China. Using travel — particularly disguised as a “research trip” or a “study visit” — is a common way to curry favor with Chinese government officials and SOE customers, as evidenced by the 10 companies that have settled FCPA enforcement actions in the last six years related in part or in whole to providing allegedly improper travel benefits in China.

Travel agencies are used broadly in China not only to book air and train tickets and hotels, but also as meeting planners and event organizers. In some cases, company employees collude with travel agencies or their employees to submit inflated fapiaos (tax-valid receipts), where the amount on the fapiao is more than the actual expense, allowing the difference to be used for an improper payment (or simply pocketed). Similarly, travel agencies have been known to submit fapiaos for events that never actually occurred.

Travel agencies also can book transportation and provide a fapiao for an employee to seek reimbursement, then later cancel the ticket and refund the money to the employee, allowing the employee to be reimbursed for travel that never occurred. Further, travel agencies sometimes collude with employees to submit an “official” itinerary to be approved through the company’s official processes, and a “real” itinerary showing the actual itinerary, which might include significant sightseeing or stopovers.

D.  Gifts, Meals, and Entertainment

China is rightly known as a relationship- and hospitality-driven culture, where gifts, meals, and entertainment play a key role in facilitating business relationships and building guanxi. These practices sometimes command attention from the compliance department because of the perception that Chinese business culture is markedly “different” than other cultures, and because companies (and their local employees) sometimes (incorrectly) assume that what might be a common local practice in some cases — such as expensive gifts, lavish meals, or excessive entertainment — is unlikely to violate either local law or other laws related to transnational bribery.

E.  Employee and Third-Party Expense Fraud

Fraud is common in China in a variety of forms. Some of it is simply stealing money from the company for personal gain. In other cases, however, employee expense reports or third-party expense fraud is used to create a slush fund for improper payments.

The fapiao is a tax-valid receipt provided by the recipient to show that the payment actually occurred. In theory, the fapiao system is meant to reduce fraud and tax evasion. In practice, however, fake fapiaos are readily available, as anyone with a Chinese mobile phone will attest from the near-daily text messages offering such fapiaos. And while some fake fapiaos can be detected by checking online on the Tax Bureau website, not all fapiaos can be thus checked, and some vendors advertise “high-end” fake fapiaos that will pass muster even with the Tax Bureau.

F.  Industry-specific Risks

Nearly every industry in China has its “hidden rules” (潜规则 qian guize) — unwritten rules known by industry insiders regarding how things are actually done in the industry in China. For pharmaceutical and medical device companies, for instance, industry-specific risks include consulting arrangements, sponsorships of doctors to attend meetings, sponsorship of certain meetings, clinical trials, distributors, and donations.

The risk for multinationals doing business in China is that a newly hired local employee with significant industry experience might mistakenly assume that the company will tolerate — or even encourage — “playing by the local rules” in order to promote the company’s business interests.

G.  Uneven Regulatory Regimes and Enforcement of Local Law

In addition to enforcement risks posed by laws on transnational bribery such as the FCPA and the Bribery Act, local PRC law has also grabbed headlines, particularly of late. China does not have a unified anti-corruption law; instead, relevant anti-corruption provisions and restrictions are found in:

  • the PRC Criminal Law, which provides for criminal penalties for both public-sector and commercial bribery;
  • the PRC Anti-Unfair Competition Law and its implementing regulations, which detail administrative enforcement of commercial bribery; and
  • additional restrictions and prohibitions found in various agency policies and rules.

Three main agencies investigate and prosecute public-sector and commercial bribery in China. This table shows, in slightly simplified terms, how this authority is allocated.

Procuratorate (aka public prosecutor) (检察院)Public Security Bureau (PSB, aka police) (公安局)Administration for Industry and Commerce (工商局)
Criminal vs. administrative enforcement authority?Criminal onlyCriminal onlyCommercial bribery (administrative enforcement), but can refer charges to criminal authorities if evidence of a crime is committed
Power to investigate, inspect, and raid?Yes (particularly if bribery/corruption relates to public officials)YesYes
Power to bring charges against individuals and companies?YesNo (will refer case to Procuratorate for prosecution)Yes
Power to enforce/assess penalties?No (only courts have ability to determine criminal penalties)No (only courts have ability to determine criminal penalties)Yes (fines, confiscation of illegal income; commercial bribery violation may also result in blacklisting by other government agencies)
Other enforcement jurisdictionProsecute all crimesInvestigate crimes (other than those related to public officials); public order and other dutiesAntitrust (non-pricing aspects of anti-competitive agreements and abuse of dominance), advertising, consumer protection, business registration, trademark infringement


PRC laws related to bribery and corruption are unevenly but sometimes aggressively enforced. PRC government efforts historically focused more on demand-side enforcement — targeting corrupt government officials — than the supply-side companies and individuals providing those bribes. As recent cases show, there is significant evidence that that paradigm has shifted, putting companies and individuals squarely in the cross-hairs for enforcement for commercial bribery or criminal bribery violations.

Commercial bribery laws in particular are broadly worded and unevenly interpreted in different jurisdictions, giving local enforcers significant discretion in bringing charges and negotiating settlements, which in some cases relate to conduct that would be considered normal commercial behavior in other countries.

Further, in many provinces and industries, a company violating commercial bribery laws will be blacklisted from public tenders (or in some industries, such as the pharma and device industries, all sales in a particular province) for multiple years. In most cases, a multi-year blacklisting can have a much more significant effect on revenue that paying even a large fine or undertaking a significant internal or external investigation.

H.  US Law Enforcement Related to China

Perhaps because of the risks outlined above, since 2008, 24 FCPA enforcement actions against companies, and 15 FCPA enforcement actions against individuals, related in part or in full to payments in China. An additional 24 companies have publicly announced internal investigations into the possibility that improper payments have been made in China. These statistics do not include more than a dozen companies that publicly announced China-related FCPA investigations that were subsequently closed without an enforcement action.

II.  Mitigating Risks

While risks can never be eliminated, they can be mitigated through tailoring compliance programs for Chinese-specific risks and by preparing in advance for internal or external investigations.

A.  Tailored Compliance Programs

Most thoughtful companies already have well-established compliance programs in place that address many of the risks outlined above. Listed below are several additional considerations for maximizing a compliance program’s effectiveness in China.

1.  Understand PRC law and tailor policies, procedures, and training accordingly.

Many companies’ policies, including contractual clauses and training modules, are modeled on the FCPA. Unlike the FCPA, PRC law covers both public-sector bribery and commercial bribery, so programs must include both for maximum effectiveness.

In my experience conducting dozens of trainings in Mandarin, local employees in China are significantly more likely to pay attention to the training when the presenter leads with a detailed explanation of PRC law — the requirements and risks of enforcement — and then follows with an overview of the FCPA and/or Bribery Act, explaining why the company’s policies and procedures protect both the employee and the company from risk under all of these laws.

2.  Ensure that policies, procedures, and training are in Chinese.

It can be challenging to convince an employee to read a detailed compliance policy even in their native language, and it can be even more difficult to make compliance material accessible to someone in their second language. Ensure that the translation of materials is accurate and readable. We are contacted every few months to re-do a translation of a compliance policy because headquarters has found that the original Chinese translation is either unintelligible to local employees or, worse, misleading about what is expected.

Similarly, ensure that live and online training is presented in Chinese. While many local employees have solid English skills, often the nuanced, factor-specific explanations of what makes a particular activity acceptable versus unacceptable are missed when training is presented in English rather than Chinese.

In my experience, the large majority of local employees want to do the right thing and will try their best to do so if they clearly understand expectations.

3.  Third Parties: Make Sure Due Diligence Makes Sense.

Risk-based due diligence is just that: different levels of diligence for different types of third parties. Mitigating risk related to third parties — agents, distributors, consultants, travel agencies, conference companies — depends on understanding the types of services a third party provides and then conducting appropriate due diligence.

Due to the limited availability of reliable online or public-source information, contracting with external due diligence providers may be advisable in some higher-risk situations, although the recent enforcement action against ChinaWhys suggests that such providers may also themselves be at risk of enforcement action, even for conducting normal business due diligence.

While robust contractual clauses related to anti-corruption are of course necessary, I have found that a candid training and/or conversation with a third party about the company’s expectations related to compliance (anti-corruption and in other aspects) can be very effective in talking through what types of activities are and are not acceptable, and removing the suggestion to the third party that the company’s compliance policies are a “paper tiger.” Those types of informal measures should, of course, be supplemented — at least in higher risk cases — with more formal, auditable due diligence controls.

4.  Take a Sensible Approach to Gifts, Meals, and Entertainment.

While gifts, meals, and entertainment can create risk if not controlled sensibly, it is important that scarce compliance resources be dedicated to the highest risk areas. Most companies find success in establishing reasonable limits and internal approval processes in this area. The approach that works best is the one that makes sense for the company and its unique risks based on the company’s need for regular interactions with customers and government.

5.  Consider a Compliance Audit for China.

Many companies have found success and comfort in conducting a “compliance audit” of their China affiliate. Sometimes termed a “risk assessment” or “compliance health check,” this is similar to doing M&A due diligence — but on your own affiliate. Different from a financial audit or an investigation, a compliance audit might include, with the assistance of internal or external resources, a review of local policies and procedures, targeted testing/sampling of books and records and compliance-related documentation (including third-party invoices and employee reimbursable expenditures), and interviews with local management and employees at different levels.

After we have assisted in such audits, our clients often comment on some or all of the benefits:

  • Provides a more nuanced approach to risk, allowing the company to more effectively deploy resources
  • Permits discovery of problems or potential problems before they become the subject of an investigation or the subject of a whistleblower complaint (internal or external)
  • Allows informed modifications (sometimes tightening, sometimes loosening) to policies and procedures to account for local laws and circumstances
  • Effectively signals to local employees the importance of compliance: employees at the affiliate almost always pay much closer attention to compliance after they have been interviewed as part of an assessment
  • Improves confidence at headquarters in what is “actually going on in China”

6.  Invest Appropriate Resources in China.

While many things in China are cheaper than at headquarters, qualified China-based compliance officers are not always one of them. As the number of companies operating in China have expanded and the compliance risks have increased, finding sophisticated compliance officers — particularly those significant experience — has turned into a talent war. Companies can reduce turnover by ensuring that local compliance officers are properly recruited, compensated, and supported.

7.  Look for Opportunities for Collective Action.

Most companies in a particular industry face similar corruption risks and exposure. Working through an industry association, chamber of commerce, or other external organization can help to develop a China-specific industry code of conduct so that a company is not disadvantaged vis-à-vis its competitors for having a robust compliance program. Collective action may also be useful to engage the government to clarify policies and issue guidance regarding regulatory procedures that can lessen the scope for government officials seeking improper payments.

B.  Peacetime Preparations for Investigations

An internal investigation — and especially an external investigation by a government regulator — can be an harrowing experience, particularly in China, where local laws and local regulators can seem especially unfamiliar. Companies can prepare in advance during “peacetime” to maximize effectiveness and response when an investigation arises.

1.  Train Employees on “Dos and Don’ts” of Interacting with Government Investigators.

Some companies have developed a short list of “dos and don’ts” of interacting with government investigators. Such a list can help employees remember what to do during a “dawn raid” by local officials and ensure that the legal and compliance department is kept informed as the inspection progresses, and that the investigation response is conducted consistent with local regulatory requirements.

2.  Develop a Rapid Response/Triage Plan.

When an adverse story in the Chinese media hits, a regulator schedules an announced visit, or a whistleblower in China sends an email with explosive allegations, senior company executives usually want basic answers fast: how big is the problem, and what can we do to find out as much as possible as soon as possible? It is useful to have a template plan ready to do an initial, triaged investigation to determine the size of the potential problem and decide how aggressive the response needs to be. That plan should identify local internal and external resources available to assist in data preservation, interviews, review of hard copy and electronic documents, and advising on local law implications of investigation steps.

3.  Understand in Advance China’s Data Privacy and State Secrets Laws.

China’s data privacy laws have evolved considerably in the last two years. Knowing in advance of an investigation what can and cannot be done with respect to collecting, reviewing, and exporting employee data can save valuable time. A clear and current policy governing employee use of company IT assets, drafted in Chinese, can help to further mitigate risk of inadvertently violating PRC data privacy laws.

Separately, China’s State Secrets Law can, in some cases, provide investigative challenges in obtaining and exporting certain types of data held by the China affiliate or its employees, so it is useful to understand well in advance whether it is likely that the China affiliate’s data might be subject to those restrictions.

4.  Understand the China Affiliate’s IT Architecture and Accessibility of Information.

Some of our clients have realized through hard experience that their IT system in China is not configured the same way as at headquarters, so tasks such as remotely or covertly collecting email or network data from China either is impossible or takes significantly longer than anticipated. Understanding in advance what data collection is and is not possible in China and what level of local IT personnel involvement is necessary can save valuable time when an investigation arises.

5.  Update and Tailor Crisis Management, Media Responses, and Government Relations Strategies.

Some companies have started to tailor their global crisis management plan to be specific to China, particularly with regard to differences in media, social media, and government interactions in China. For bribery and corruption issues, it may be useful to draft, in Chinese and English, a template stand-by statement and key questions and answers covering situations such as a whistleblower report made to the press, a government investigation, or the arrest of an employee related to improper conduct.

China’s corruption crackdown shows no signs of abating, but companies that prepare now can minimize risk and brace themselves if trouble does come through specific modifications to compliance programs and by preparing now for future investigations.

 Expert Biography

Eric R. Carlson is a Beijing-based partner at Covington & Burling LLP. He specializes in anti-corruption compliance and internal investigations, with a particular focus on China and other regions of Asia. He speaks fluent Mandarin and Cantonese.