Introduction
2021 saw a continued build-up of compliance risks in China following disruption to business models, supply chains and working practices as a result of the pandemic (for further details please see "While the cat's away: assessing risk in dynamic environments"). In particular, tight travel restrictions placed limits on the effectiveness of business control measures, such as internal audit looking at financial risks or off-system processes and checks on suppliers such as due diligence, quality checks or exercising audit rights.
The recent COVID-19 outbreaks in China and the accompanying lockdowns have compounded the risks highlighted previously and increased compliance risks. Previously, the issue was a lack of access from overseas control functions, which remains, while now the issue is that many organisations must carry out compliance monitoring from home working environments, which may impact the ability for compliance teams or internal audit to effectively monitor or investigate compliance.
Risks
Accounting or financial reporting fraud
Accounting or financial reporting fraud is usually considered a low likelihood, high impact risk. In times of increased uncertainty or financial distress, the pressure on financial results becomes a significant risk factor. Aggressive accounting issues can snowball over several quarters into material issues that are highly damaging to the organisation and its investors.
The impact of the lockdowns has and will continue to be wide-ranging. Consumer activity has clearly suffered extensive disruption with regard to demand. With tight controls extending to delivery services, even pivoting online channels has been restricted. In terms of supply, disruption includes production shutdowns and logistical disruption, such as container ships clustered around the Port of Shanghai. While economic indicators are already slowing down, it may take several months for the full impact on financial performance to materalise. This will heighten pressure on financial performance and increase the risk of financial reporting issues in the future.
Compliance with sanctions
Sanctions continues to be an area of significant compliance risk. In the past few months compliance with international sanctions regimes has become a higher risk issue for companies operating in China in particular. Following Russia's invasion of Ukraine, the list of entities in Russia sanctioned by overseas governments and institutions has expanded. In turn, there has been a focus on China's response. The latest economic data has shown a marked slowdown in China's exports to Russia, possibly driven by secondary sanctions concerns.
Equally, any measures taken to reduce exposure to international sanctions regimes runs the risk of violating China's Anti-Foreign Sanctions Law.
Compliance programmes will need to be agile to respond to the risk of direct sanctions exposure, regardless of where the sanctions enforcement originates from. This means working proactively to understand the background and profile of both direct and indirect suppliers, as well as the full distribution channel. Thorough diligence on the complete lifecycle of a product from raw materials to end customer can be a daunting task, resources should be allocated on a risk-weighted basis and lower risk areas should be managed with other control measures.
Procurement fraud
Procurement fraud involving collusion is a perennial risk. As with accounting fraud, the pressure on suppliers to keep contracts is heightened during difficult or uncertain times, particularly if the contract represents a material part of the supplier's business. Organisations can be reluctant to address procurement fraud due to the potential disruption to supply chains and operations. This needs to be weighed against the risk of selecting the wrong supplier. When suppliers are selected for unethical reasons, the impact on quality, safety and ability to deliver on the contract can be overlooked, as well as the financial leakage involved.
Comment
In the short term, timely messaging from senior management on the organisational commitment to zero tolerance of unethical behaviour, coupled with direct communication to control functions in higher risk areas to prompt deeper consideration of key risk issues, will help empower and assist with early identification of potential concerns before they escalate into significant financial, regulatory or reputational issues.
The trend towards hybrid or fully remote working and reduced business travel seems irreversible. This means an even greater onus on digital transformation in the compliance sector. The shift is likely to bring certain advantages, with fewer off-system processes, better visibility and accountability, and higher data quality to help detect issues proactively.
This contrasts with the need for greater protection of data and the legal restrictions on transferring certain types of data outside of China. Companies will need to proactively assess and monitor their digital infrastructure, controls and backup processes to ensure that, in the process of digitalisation, they do not inadvertently trigger legal liabilities.
This article was originally published in the White Collar Crime Newsletter of the International Law Office - www.lexology.com/commentary