Author: Zou Jiaming, Director of Beijing Hechang Law Firm
Recently, a friend in the manufacturing industry told me that his company hired a lawyer team to do compliance last year, but he didn't think it was useful. Why?
His question actually involves three questions: first, what is compliance? Second, if it doesn't work, what's the reason? Third, what's the use of compliance?
1、 Compliance is a solution, not a problem
Compliance is a very broad concept, which can be divided into internal and external parts. Internally, the company requires employees to act in accordance with the employee handbook and rules and regulations. The most direct consequence of violations is to damage the company's interests, and the most typical is internal fraud and corruption.
Externally, compliance requires that the decisions of the company's managers conform to national laws and regulations and business ethics. For example, listed companies disclose information in violation of regulations, enterprises discharge sewage in violation of regulations, food additives exceed the standard, and so on. The direct consequences of such acts are to damage the rights and interests of consumers, destroy social order, etc., which may lead to the punishment of administrative organs, and even more seriously, they are suspected of committing crimes.
I feel that compliance is useless. To some extent, it is the effectiveness of compliance, which is not only a concern of entrepreneurs, but also a key issue for law enforcement agencies. For enterprises, compliance is to solve problems and avoid the risk of being punished. If it doesn't work, the money will be wasted.
For law enforcement agencies, the compliance non prosecution reform implemented by the Supreme People's Procuratorate takes the effectiveness evaluation of compliance as the basis for whether to prosecute. Because invalid compliance can't prevent reoffending, it's meaningless not to prosecute.
The reason why a friend asked why compliance was useless was that he first established a hypothesis: as long as compliance was done, all problems would be solved. However, this assumption is not tenable because compliance is only a solution and cannot directly solve the problem.
Whether the scheme is effective depends on whether it is symptomatic. This involves a lot of specific information, which we will not discuss in this article. Under the assumption that the compliance plan is symptomatic, whether compliance is useful depends on whether the plan can be implemented.
Just like losing weight, although there are many ways, in the final analysis, it is nothing more than eating less and doing more. However, it is human nature to be lazy, so few people succeed in losing weight. Compliance is essentially an internal error correction measure, and there are many difficulties in implementation.
2、 The effectiveness of compliance depends on the company's values
A common misconception is that a compliance management system has been established. Compliance is the work of functional departments or external professionals, and the company can "sit on its laurels". In fact, the obstacles in implementation mainly involve four aspects: human resources, finance, system and external decision-making:
money
It is a great investment to establish a complete compliance system. In addition to building a compliance organization in the early stage, continuous investment is still required in the business process.
For example, Geely Automobile Group, a leading automobile enterprise, has set up a compliance management department committee since 2014. With anti-corruption and compliance as the core, it has more than 500 compliance personnel from top to bottom, covering all corners of the enterprise, which is a huge expenditure.
At the same time, in a short period of time, anti-corruption compliance will inevitably lead to fewer orders. Process control and post constraints will also lead to lower efficiency, which are negative inputs.
Of course, the investment is also rewarding. It is reported that in more than ten years, Geely Group has investigated and dealt with hundreds of non-compliance cases, and saved hundreds of millions of yuan in economic losses. Most importantly, the compliance management system also helps Geely go abroad, which is an indispensable condition for the successful acquisition of Volvo.
The problem is that what we can see is the expenditure of real gold and silver, but what we can't see is the benefits brought by effective compliance.
people
The internal fraud and corruption of enterprises are all human problems. In addition to positive education and training, reverse supervision, investigation and punishment are very important and challenging.
(1) High level fraud:
High level fraud generally refers to the person who has certain resources within the company, either the "old minister" or the "capable minister" of the company. They not only have countless emotional ties with the company, but also often play an important role in the operation of the company.
If he (she) cheats, the punishment on them will not only directly affect the company's operation and business, but also may affect the company's image. This not only needs to weigh the pros and cons, but also to give up the feelings. Most of the time, it is a decision made by the top leaders.
(2) Basic level fraud:
The fraud at the grass-roots level often occurs in specific posts, such as warehouse keepers, financial personnel, operators, and purchasers. These posts have direct access to property or control resources. "It's inevitable to walk along the river without wet shoes."
For the dark part of human nature, the reverse punishment may be more important than the positive education and training, because only the punishment is implemented through action, can the authority of the system be established.
However, punishment is based on internal reporting and investigation. Although many large companies have reporting and internal investigation systems, they have little effect. Because this is all offensive, if there is no supporting system to protect the whistleblower, remove the obstacles of the investigation, publish the results of the investigation, and win the trust and support of employees, these systems are just decoration.
system
Modern people almost live in a big net woven by institutions. From law to rules, they are omnipresent and easy to become air like existence. Unless punished, we can recognize its existence and become the code of conduct.
An obvious example is traffic regulations. Without fines and scoring system, it is difficult for people to comply automatically. The same is true of compliance management, which is effective only when the authority of the system is established through punishment. This involves two aspects:
First, "if there is a requirement, there will be a penalty". For example, if the company prohibits employees from accepting a banquet from a supplier, it must stipulate the consequences of violating the system. Because systems are anti human, it is impossible to rely on human consciousness. Only when there is a system of punishment can teeth be born.
Second, "punishment is equal to behavior". If employees are required to accept the supplier's banquet and then be dismissed, such punishment is too harsh, either it can not be implemented at all, or the implementation effect is not good, and ultimately it will be ended. Such an outcome may be more terrible than no punishment, because the signal it releases is that there is nothing wrong with doing wrong, and the system is just talk.
Therefore, the system is not a matter of making decisions. It can only be made into a code of conduct through full investigation and demonstration before formulation and strict implementation after formulation.
External decision-making
When making external decisions, enterprises must coordinate their own interests with those of the state, the public and other third parties. If the interests of others or the country are damaged, it is the source of risk.
At the current stage of development of Chinese companies, for most enterprises, decision-making is a trade-off between benefits and risks, and violations to some extent are the cost of pursuing benefits. Under this formula, external decision-making involves two issues:
First, how to view interests? In short, there are two kinds of interests: short-term interests and long-term interests. For example, in May 2022, BYD was again involved in the waste gas emission storm. In the case of market shortage during the epidemic, BYD opened up full production capacity to meet market demand, and the benefits obtained were readily available, which was short-term benefits.
However, if BYD wants to develop in Changsha for a long time, it must obtain support from surrounding communities and local governments. This requires coordination between the health of surrounding residents, local environmental protection and the interests of enterprises. Then, in consideration of long-term interests, it should restrain production capacity and discharge legally and legally.
Second, how to view risks? The benefits are often visible, but the risk of violation is accidental. Just as tax evasion must lead to less tax payment, the risk of being punished is probability.
On the one hand, this probability lies in the severity and fairness of law enforcement, which we will not discuss here. On the other hand, it is the cognition of decision makers. In modern commercial society, lawbreaking and crime are not only the killing and bribery that we are familiar with, but also the intricate network compiled by various laws and regulations. The resulting crimes are all called administrative criminals. They are not a kind of evil that we naturally know in social life, but are generated by the formulation of laws, with strong professionalism. The real risk is not knowing where the risk lies.
This requires enterprises to obtain sufficient and professional legal advice before making decisions. It is very important to have professional compliance personnel, and the compliance opinions can be independently presented to the decision-making level. This requires support from the organization and authority setting. For example, the company gives the compliance department a higher management level, implements a vertical assessment mechanism, avoids being held back by other departments, and the compliance department should report directly to the directors. This is the most important principle of independence in compliance management.
Of course, compliance will also encounter obstacles of insider control in Chinese companies. However, compliance targets the risks of administrative supervision and criminal crimes, and behind these risks lies the state power. The company controller can ignore the corporate governance rules because the control power is in hand. However, it is impossible to ignore compliance risks, because no one can fight against national power. In this regard, compliance management has more coercive power than corporate governance to restrain the abuse of power.
However, compliance is still useless for decision-makers who do not consider long-term interests and risk. For a company, where the money is spent, who is left behind, and how to balance social responsibility, the interests of the third party and their own benefits in external decision-making ultimately depend on who, what, and what interests are in line with the values of the company's top management. Therefore, in the final analysis, the company's values determine whether compliance is effective.
3、 Compliance, risk cannot be absolutely avoided
Why is compliance useless? Let's see what is the use of compliance? Many enterprises do compliance in order to avoid punishment caused by violations, which is understandable. However, the effectiveness of compliance still has a relationship between means and results.
For example, for shooters, concentration is a kind of self-control and the core ability to hit the target. To acquire this ability, athletes need to receive long-term training. However, concentration does not mean that you can hit the target every time, because the results are affected by many factors on the scene.
The same is true of compliance, which is a means to improve the internal control of enterprises. However, the enterprise has internal control, which cannot guarantee that it will reach the goal of hedging every time. It is only a necessary and insufficient condition to reach the goal. The final result is affected by various external factors.
1. Multiple risk sources
Take the "Laotan Pickled Cabbage" incident as an example, Master Kang was dragged down by upstream suppliers.
In addition to the company's internal control, the complete compliance system should also radiate to the third-party companies associated with the company, such as suppliers, agents, distributors, intermediaries, etc. Because risks can be transmitted, this is third-party compliance.
The case with wider risk impact is that LeTV's financial fraud was investigated, involving multiple sponsors, Beijing Jindu Law Firm, which was investigated together, and other IPO or fixed increase plans employed were suspended from review. This is why one client served by King&Wood Law Firm is involved in another client, not "involved", but "involved".
In addition to the involvement of upstream suppliers, there is also the risk of downstream agents. This is more obvious in the pharmaceutical industry. In order to strengthen the anti bribery of medicine, the state has tied the distribution enterprises and distribution enterprises that have a principal-agent relationship with the manufacturing enterprises together. The latter two bribery is regarded as the bribery of the manufacturing enterprises, which directly affects the credit evaluation of the manufacturing enterprises in bidding.
In view of the above regulatory measures, there is a special third-party control in the compliance of pharmaceutical enterprises to control the upstream and downstream risks through due diligence, regular risk assessment and other methods. However, this kind of control is limited after all, as we analyze the pot that Master Kang carried for "old pickles" afterwards, it is always a little wise after the fact. It is even more difficult for enterprises to plug all loopholes in advance.
2. Regulation is dynamic
The responsibility of supervision is to find problems, and also to constantly upgrade supervision measures in solving problems, so supervision is dynamic. Especially in industries with strong supervision, such as finance, medicine APP, etc., it is very important to follow up the pace of supervision.
Taking the national governance of APP as an example, it is mainly aimed at the protection of personal information. As a new right, the understanding of personal information by law and the protection of it by supervision are all based on the experience of summing up, legislation and law enforcement.
In recent years, the content of supervision has covered more and more areas, from illegal collection and use of personal information, to compulsory authorization, stealing and recording, to pop-up ads, automatic renewal, and so on.
The regulatory authorities not only released a series of documents, but also launched a continuous "clearing action". If the enterprise fails to follow up the policy or regulatory trend in time, it may hit the gun. It is reported that in 2021, the National Cyberspace Office will deploy and carry out 15 "clear" series of special actions, with more than 2160 applications and applets off the shelves and more than 3200 websites closed, all of which are ongoing regulatory risks.
Risks change with the development of enterprises
The company faces different problems and risks at different stages of development.
In the initial stage, the ownership structure is the most important, which not only determines the power structure of the company, but also is the biggest risk source hidden inside the company. The biggest reason for the dissolution of the company is shareholders' infighting.
In the mature period, the external concern is the financing risk. Financing may be timely help, or it may lead "wolves" into the house; Internally, there may be more room for fraud due to the solidification of management and asymmetric information.
If it comes to the stage of listing, the focus of supervision is on finance, information disclosure, illegal guarantee, capital occupation and other issues. The focus of compliance is to prevent controlling shareholders and actual controllers from abusing their power and tunneling listed companies.
Therefore, there is no set of compliance scheme that can solve all problems once and for all. Compliance is always improved in the development. Identifying risks, monitoring risks and continuous improvement are the necessary processes for effective compliance.
4、 Internal control, the core competence of the enterprise for long-term healthy development
Although compliance cannot directly avoid risks, it improves the enterprise's ability to control risks through a set of mechanisms, such as risk identification, monitoring, response and continuous improvement. This internal control itself is the core ability of the enterprise's long-term healthy development crime.
1. A small company has a future only when it has established rules
There are different compliance reasons and schemes for companies of different sizes.
The company size here does not mean scale, but brand. The biggest difference between them is that small companies are like "poor people" in enterprises, and the most important thing is to survive with limited loss. Therefore, it is more economical and feasible to spend money on cutting edge, arrange special personnel or external professionals to make special compliance for high-risk points in the industry.
It is necessary to emphasize that if there is "ambition" to make the enterprise bigger and stronger, the earlier the compliance, the better. If the enterprise fails to comply with external regulations, it may die halfway. Internal compliance is like parents setting rules for their children. It is much easier to form good habits when they are young than to correct bad habits when they grow up.
In practice, the long-term fraud of many people found in large companies is due to the failure to solve small problems in a timely manner, and some departments or links are out of control, which has become chronic diseases over the years. In 2018, Dajiang announced that internal fraud caused Dajiang to lose more than one billion yuan, which was a shocking figure. This is the cost of solving problems when the company develops greatly.
2. Big companies make no mistakes, they develop
Big companies are like "rich people" in enterprises. They are not only "envied" by others, but also lose a lot.
In the event of "Laotan Pickled Cabbage", although Hunan flag cutting vegetable industry is the supplier of many food production enterprises, the public and the media mainly focus on two major brands - Master Kang and Tongyi Instant Noodles. More lawyers and consumers directly appeal to the court for compensation, which is the disaster caused by the brand.
It is said that Master Kang's instant noodles were affected by the "earthen pickles" incident, not only the products were taken off the shelves of supermarkets, but the stock price lost 4.3 billion yuan in half a day on March 16. It will take longer for consumers to regain their confidence in pickled vegetable products.
More importantly, according to the law of entropy increase, after the company has developed to a certain stage, it is easy to fall into a chaos caused by the consolidation of stratum and the superposition of systems. The most direct consequences are internal fraud and corruption.
In order to combat this entropy increase, there are more and more departments, more and more complex systems, and more and more lengthy processes in large companies. However, if people do not strictly implement the system and process, it seems that many people are responsible, but no one is actually responsible, they will fall into a typical state of "three monks have no water to drink", and the system is ineffective.
The crux of this problem is that violations have no cost, or the system has no authority. Compliance management is actually a self correction mechanism, which establishes compliance authority and forms a compliance culture in the process of correcting non compliant behaviors. The culture is right. Only in the soil of compliance can the fruit of compliance be produced.
Therefore, the larger the company is, the greater the compliance risk and the compliance income are. For large companies, no mistakes are sustainable development.
Finally, back to the final question, what's the use of compliance? Compliance helps to achieve the goal of avoiding legal risks by improving the internal control of enterprises. However, the final actual effect depends on the implementation. Whether it is implemented depends on the values pursued by entrepreneurs. Seeking benevolence and benevolence, and achieving compliance!
