- Starting in 2022, all Chinese central state-owned enterprises (CSEs) are required to set up the post of Chief Compliance Officer (CCO), a position held concurrently by the General Counsel.
- CSEs are asked to embed the compliance review into the operation and management process as a mandatory procedure.
- Almost all CSEs are establishing compliance management systems and the post of CCO, and many of them are on the way to certification of compliance management systems under ISO 37301:2011 and GB/T35770-2022.
- This practice is also being extended from CSEs to local state-owned enterprises.
The regulatory authority of China’s state-owned enterprises (SOEs) requires that all central SOEs set up the post of Chief Compliance Officer (CCO).
In August 2022, the State-owned Assets Supervision and Administration Commission of the State Council (SASAC) promulgated the “Measures for the Compliance Management of Central State-owned Enterprises (CSEs)” (中央企业合规管理办法, hereinafter the “2022 Measures”), requiring CSEs to, in light of the actual situation, set up the post of CCO, which will be held concurrently by the General Counsel.
The CCO reports to the persons in charge of the enterprise, leads the compliance management department to carry out compliance management, and guides the subordinate enterprises and departments to carry out compliance management.
Central state-owned enterprises, short for “centrally managed state-owned enterprises”, refer to wholly state-owned or state-holding enterprises managed by the central government.
Subordinate to the State Council, SASAC is vested with the authority to supervise some CSEs and is an investor in these CSEs.
I. Role of the CCO
SASAC requires that CSEs should embed the compliance review into the operation and management process as a mandatory procedure.
The CCO shall issue compliance review opinions in major decision-making matters and give clear-cut opinions on the compliance of matters to be decided.
If a CSE, due to its violations, is subject to major legal disputes, major administrative penalties, criminal cases, or major compliance risks such as sanctions by international organizations, which results in or may result in significant asset losses or serious adverse impacts, the CCO shall take the lead in organizing the compliance management department to take response measures.
The compliance management department led by the CCO has the following functions and powers:
- to organize the drafting of compliance management rules, annual plans, work reports, etc.;
- to conduct a compliance review of rules and regulations, business contracts, and major decisions;
- to identify, warn and deal with compliance risks;
- to evaluate the effectiveness of the compliance management system as authorized by the Board of Directors;
- to accept reports of violations, propose classified handling opinions, and organize or participate in the investigation of violations;
- to organize or assist other departments of the company in carrying out compliance training;
- to accept compliance consulting from other departments of the company; and
- to promote the informatization of compliance management.
II. SASAC’s promotion of CSEs’ corporate compliance
SASAC has been promoting corporate compliance among CSEs since 2018. In the same year, SASAC promulgated the “Guidelines on Compliance Management of Central State-owned Enterprises (for Trial Implementation)” (中央企业合规管理指引(试行), hereinafter the “2018 Guidelines”), requiring CSEs to strengthen compliance management.
According to the 2018 Guidelines, “compliance management” refers to organized and/or planned management activities such as rule formulation, risk identification, compliance review, risk response, accountability, assessment and evaluation, and compliance training, aiming to effectively prevent and control compliance risks, and with the business management behavior of enterprises and employees as the target.
Since then, SASAC has further confirmed 2022 as the year of strengthening compliance management for CSEs. On this basis, SASAC further promulgated the 2022 Measures, replacing the 2018 Guidelines.
The 2022 Measures requires CSEs to establish and improve the compliance management system. Prior to this, some CSEs are already on the way to the construction of the compliance management system in accordance with the Compliance Management Systems—Requirements with Guidance for Use (ISO 37301:2011) issued by the International Organization for Standardization in 2021.
According to ISO 37301:2011, an enterprise should designate a person to be responsible for and take charge of the operation of the compliance management system. Therefore, CSEs that comply with ISO 37301:2011 have also set up the post of CCO to meet the requirements.
Drawing on the experience of these CSEs, SASAC formally requires all CSEs to establish the post of CCO in the 2022 Measures.
On 12 Oct. 2022, China promulgated its own Compliance Management Systems—Requirements with Guidance for Use (GB/T35770-2022) (合规管理体系要求及使用指南), which is basically equivalent to ISO 37301:2011.
This means that CSEs that comply with GB/T35770-2022 also need to set up the post of CCO.
At present, almost all CSEs are establishing compliance management systems and the post of CCO, and many of them are on the way to certification of compliance management systems under ISO 37301:2011 and GB/T35770-2022.
This practice is also being extended from CSEs to local state-owned enterprises. For example, Guangdong Province requires that state-owned enterprises under its jurisdiction must also accept certification under ISO 37301:2011. This means that these enterprises will also set up the post of CCO.
III. Our comments
According to the 2022 Measures, the CCO shall be assumed by the General Counsel concurrently. This means that the person holding this position is responsible for both legal management and compliance management. However, there is a potential conflict of interest between these two responsibilities.
On the one hand, the General Counsel, who concurrently serves as the CCO, can directly report to the person in charge of the enterprise without going through the managerial level in compliance work; on the other hand, the General Counsel has to participate in the work of the managerial level in legal management.
This means that the CCO will oversee the work they have been previously involved in. In other words, the CCO may not have an independent neutral status.
We will keep observing how SASAC and CSEs resolve this conflict.