-
⼤大成 Salans FMC SNR Denton McKenna Long
Henry Chen Vice Chairman of International Risk and Compliance
Association
Senior partner of Dentons Shanghai Office Former AP Compliance
Director of Ford Motor Company
Licensed to practice law in China and New York
Risk Assessment and Due Diligence
-
Lawful means “safe”, “legitimate”, but could be less
“effective”. Case study: Peter Humphrey jailed for unlawful
investigations Key issues: how to be ”effective” while
“lawful”.
On-going means non-stop monitor and being alerted always. Case
study: it is no good for a DD report in Day 1 covers many years
after Key issues: how to be “on-going”?
Hand-made means a DD report needs brain storm not
one-size-fits-all templates. Key issues: human judgments are
indispensable.
In local language means translation could impair accuracy and
even bring errors. The report should be bilingual or with working
papers at least in Chinese. Case study: a senior manager is fired,
but his ghost supplier remains unchanged in the English database of
the headquarters.
Four cardinal principles:
-
Risk-based DD scope
• Compliance risk (e.g., environmental protection, outbound
bribery, price-cartel or monopoly, privacy or infringement on
citizen personal info, data safety & integrity, cyber security,
EHS, etc.)
Case study: A polluting supplier forced to shut down results in
inability to supply
• Fraud risk (e.g., conflict of interest, “ghost” suppliers or
dealers, inbound bribery, etc.)
Case study: Two lovers working in the same company broke up and
were fighting. He threatened to publicize her nude pictures. Lawyer
proposed her to file a criminal case including in-bound bribery.
She refused as she did the same thing.
• Risk of under-credible or under-capable (e.g., not as capable
as advertised in supplying or incapacitated due to EHS incidents
)
• Bankruptcy risk
• Contingent unusual risk
Case study: a supplier of auto laser radar that collects mapping
data is suddenly investigated for violation of Chinese law on
geographic survey and infringement upon state secrets
-
Case Study: How to Identify and Assess Risks
Risk IdentificationRisk
Verification
Prohibitive Obligations Obligors
Control Obligations Obligors Risk Evaluation
Risk Code Risk
Risk sourc
e
Risk source
Case / case source
Compliance obligation / source 1
st 2ndCompliance obligation /
source1st 2nd 3rd
Frequency of risk taking
place
Seriousness of the risk
Likelihood of
occurrence
Risk value
01 Giving bribes a SalesWhat law? What corporate code? Sales
VP on sales
What corporate code? Finance
Compliance Direct
or
Audit Direct
or3 6
4
72
2018/12/24
For each dimension: low risk 1-2; medium risk 3-4; high risk 5-6
For risk value: low risk 1-8; medium risk 9-64; high risk
65-216
4
-
Stage-wised investigations
• Revaluation of the target • Consultation with industrial
experts • Check upon and/or with the target’s suppliers, dealers,
clients, and even
competitors
• In-depth FinTech and RegTech check upon the consent of the
target • Interviews of the personnel and reviews of the documents
of the target
• Possible field investigations • Commercial DD platforms
(one-time and/or on-going risk alerts) • Desktop research of
materials publicly available
Escalated
Notes:High-levelled\Mid-levelled\Preliminary
-
Risk-based assessmentLevel of Risk Criteria for Judgment
HighGenerally occurs where violations result in high severity of
consequences and there is high likelihood of occurrence. The target
should be disconnected unless a robust compliance system is
established.
Medium
Generally occurs where:(1) Violations result in high severity of
consequences and there is low likelihood of occurrence; or (2)
Violations result in low severity of consequences and there is high
likelihood of occurrence.A concern identified as medium risk
generally requires greater explanation and improvement actions
should be strongly considered.
Low
Generally occurs where violations result in low severity of
consequences and there is low likelihood of occurrence.Any concern
identified as low risk may be monitored in the future for changes.
Improvement action may be considered, but is not required.
Severity means the overall magnitude or seriousness of potential
consequences for violation based upon potential for
legal/regulatory harm (violation of law, imprisonment), financial
harm (e.g., damages, settlements, fines), operational harm (e.g.,
interference with business, loss/prohibition of sales), and/or
reputational harm (e.g., embarrassment to the Company, negative
media attention).Likelihood of occurrence means the probability a
violation may occur considering the nature of the Company’s
business (e.g., common business situation, new/different business
operations with greater/lesser exposure) as well as the Company’s
abilities to avoid/prevent the risk (e.g., strong/weak training and
education, monitoring and detection, internal control or systems
that prevent).
-
Example: Integrity DD for YOUR COMPANY to set up JV with TARGET
(1)
2. TARGET Group
Highlights: There are at least a dozen of high-profiled
corruption and bribery cases in relation to TARGET’s biggest
shareholder TARGET Group or its affiliated companies. For example,
the former Chairman and executives of TARGET Group were found
guilty of and imprisoned for taking bribes and/or embezzling
corporate assets, so were some executives of TARGET Group’s
affiliated companies.
-
Example: Integrity DD for YOUR COMPANY to set up JV with TARGET
(2)
Lawyer’s Comments and Suggestions: TARGET Group and its
affiliated companies failed in managing bribery risks and
establishing the culture of integrity.
The mass involvement of the top leaders and executives of TARGET
Group and some of its affiliated companies in corruption and
bribing means that TARGET Group and the affiliated companies failed
in compliance management.
We would not draw a conclusion that Your Company shall stop its
joint venturing with TARGET. However, we suggest that YOUR COMPANY
shall take following measures to mitigate any possible compliance
risks in the establishment and running of the joint venture:
• Escalate the integrity due diligence on TARGET and especially
the individuals that TARGET (or its affiliated companies) appoints
to work in the joint venture as leaders;
• Request TARGET to provide integrity undertakings and
commitments in the joint venture contract;
• Establish a robust compliance management system and build up
the culture of integrity for the joint venture when the joint
venture is established.
-
What is DueDiligence.Asia?
-
Due diligence targets are categorized as “⾼高” (High), "中”
(Medium), and “低” (Low) in risk exposure to manage risks
proportionately and cost effectively.
Snapshot 1: Risk Categorization
-
Snapshot 2: On-going Risk Monitoring
A single repository records all activities related to the
processing of third party risks. All records are accessible on
line.
-
Snapshot 3: Better Risk Profiles
We achieve high quality risk profiles by leveraging RegTech
available in the market.
-
Welcome to contact [email protected]
132019/9/26
Please also review Henry Chen’s articles: -- What compliance
obligations to meet to transfer data from within China
http://www.compliancereviews.cn/Arc-v.Asp?ID=1031
-- Data must stay within China to gain tiered protection under
China Cybersecurity Law
http://www.compliancereviews.cn/Arc-v.asp?id=1033
-- Intelligent and digital infrastructures are scheduled to
accompany automatic vehicles in China
http://www.compliancereviews.cn/Arc-v.Asp?ID=1038
mailto:[email protected]://www.compliancereviews.cn/Arc-v.Asp?ID=1031http://www.compliancereviews.cn/Arc-v.Asp?ID=1031http://www.compliancereviews.cn/Arc-v.asp?id=1033http://www.compliancereviews.cn/Arc-v.asp?id=1033http://www.compliancereviews.cn/Arc-v.Asp?ID=1038
-
Many thanks
2019/9/26 14
⼤大成是世界上第⼀一家全球多中⼼心的律律师事务所,坚持超越⾃自我,以客户需求为中⼼心,始终如⼀一地提供专业、全⾯面、及时、⾼高效的服务,荣膺“Acritas
2015全球顶尖20家精英品牌律律所”称号。
我们知道,深谙本地⽂文化对于达成交易易、解决纠纷以及化解商业⻛风险都⾄至关重要,这促使我们深⼊入客户业务所在的各个地区,让客户保持竞争优势。⼤大成--全球最⼤大的律律师事务所--全球服务团队现在更更加灵活,在遍及全球50多个国家超过125个地区,为个⼈人及公共客户提供量量身定制的解决⽅方案,满⾜足客户在本地、本国及全球的法律律服务需要。
© 2015年年⼤大成
。⼤大成是⼀一家全球性律律师事务所,通过其成员律律所及关联机构服务全球客户。本⽂文件并⾮非意在提供法律律或其他意⻅见,阁下不不得基于本⽂文件内容采取或不不采取任何⾏行行动。我们基于阁下愿意保守保密协议⽽而发送此⽂文件给您,如果您给我们发送机密⽂文件但未做申明,我们有可能会作为他⽤用。
法律律声明请浏览 dentons.com.
© 2015 Dentons. Dentons is a global legal practice providing
client services worldwide through its member firms and affiliates.
This document is not designed to provide legal or other advice and
you should not take, or refrain from taking, action based on its
content. We are providing information to you on the basis you agree
to keep it confidential. If you give us confidential information
but do not instruct or retain us, we may act for another client on
any matter to which that confidential information may be relevant.
Please see dentons.com for Legal Notices.
Dentons is the world's first polycentric global law firm. A top
20 firm on the Acritas 2015 Global Elite Brand Index, the Firm is
committed to challenging the status quo in delivering consistent
and uncompromising quality and value in new and inventive
ways.
Driven to provide clients a competitive edge, and connected
to the communities where its clients want to do business, Dentons
knows that understanding local cultures is crucial to successfully
completing a deal, resolving a dispute or solving a business
challenge. Now the world's largest law firm, Dentons' global team
builds agile, tailored solutions to meet the local, national and
global needs of private and public clients of any size in more than
125 locations serving 50-plus countries.
www.dentons.com.
Dentons Shanghai Office 15th/16th Floor, Shanghai Tower 501
Yincheng Road (M), Pudong New Area Shanghai 200120, China