Viewpoint | Analysis of the construction of a comprehensive compliance system for enterprises

The concept of "corporate compliance" has gradually become a hot issue for enterprises since it was introduced into China. Since the beginning of the financial field, and then developed to the central state-owned enterprises, under the guidance of the administration, more and more enterprises have taken compliance construction as an indispensable part of corporate governance, and the construction of a comprehensive compliance system has gradually become an indispensable legal guarantee for the long-term and healthy development of enterprises. Based on the law firm's research on corporate compliance business and its experience in providing compliance services to enterprises, and taking into account the characteristics of different business management activities, the following is an analysis of the establishment of a comprehensive corporate compliance system for enterprises:

Basic Theory of Comprehensive Compliance System Construction of 1. Enterprises

(I) the concept of corporate compliance

As an imported product, "corporate compliance" first appeared and developed in the United States. From its literal meaning, it can be understood that enterprises should comply with the regulations. The "Guidelines for Compliance Management of Central Enterprises" (for trial implementation) issued by the State-owned Assets Management Commission of the State Council defines it as that the operation and management behaviors of enterprises and their employees comply with laws and regulations, regulatory regulations, and Industry standards and corporate charter, rules and regulations, as well as international treaties and rules. According to the definition of the guidelines, enterprise compliance includes three meanings: first, enterprises should abide by laws and regulations in the process of operation; second, enterprises should abide by their own rules and regulations; third, enterprises should abide by international business codes and norms in their foreign exchanges.

Elements for the Construction of Comprehensive Compliance System of (II) Enterprises

1. Support of business managers. Business operators should recognize the value of compliance, support compliance construction, and formulate a complete set of business conduct codes, including laws and regulations, business ethics and internal normative documents that should be observed in each field and operation link of the enterprise, so that the compliance system can be integrated into the corporate culture and become the competitiveness of the enterprise.

2, the establishment of compliance organizations. The establishment of a compliance organization has a strong flexibility, that is, it can set up a compliance committee under the board of directors, set up a corporate compliance department, select a chief compliance officer, or a dedicated department to perform corporate compliance functions. However, the staff responsible for communicating specific compliance matters, or compliance liaison, is an essential part of the compliance organization.

3, enterprise compliance risk assessment. Violation of laws and regulations, internal rules and regulations and business norms by an enterprise will result in the risk of legal liability, property damage and loss of reputation, and preventive measures for possible compliance risks are an effective assessment of compliance risks. Different companies are in different industries, operating businesses, sizes, and number of employees, and they face different compliance risks. Only targeted identification, analysis, and control of compliance risks can ensure the efficient operation of the compliance system. This is also the task of compliance risk assessment.

4, the combination of external communication and internal response. Many violations are caused by the actions of two or more parties, and you can require upstream suppliers and downstream distributors to take compliance measures, or add "compliance clauses" to procurement and sales contracts to incorporate third-party compliance as part of corporate compliance. Once there are violations of laws and regulations, conduct a comprehensive and effective real-time review and detection of the operation of the corporate compliance system, and quickly and effectively repair and improve the system loopholes and structural defects found.

5, the compliance work of the record. Compliance work should not be carried out orally or by email, and regulatory documents such as compliance guidelines and policy guidelines should be displayed in written form. Documenting the entire process of compliance work in writing helps to smoothly investigate violations and raise compliance defenses in regulatory agencies and litigation procedures to reduce or exonerate corporate responsibilities.

Risks that may result from (III) violations

The illegal operation of enterprises will lead to the reduction of enterprise value and the weakening of competitiveness. In extreme cases, it may also lead to the serious consequences of enterprise bankruptcy and withdrawal from the market. The consequences of illegal operations are mainly reflected in four aspects:

1. assume civil liability. It is mainly manifested in the two aspects of damage compensation and contract invalidity, which are most related to the commercial interests of the enterprise. Civil compensation is the compensation obligation that the enterprise violates the legal or agreed obligations and causes losses to the counterpart or the third party. The invalidity of the contract is due to the enterprise. The business activities violate the mandatory provisions of laws and administrative regulations, which makes the civil legal acts engaged in by the enterprise invalid, and ultimately leads to the inability to achieve commercial profit.

2. Take administrative responsibility. For production and business enterprises, the common administrative penalty is administrative fine, and other punishment measures stipulated by law include confiscation of illegal income, order to suspend production and business, revocation of business license, etc.

(3) Criminal responsibility. If an enterprise commits an act that endangers society and is defined by law as a unit crime, the enterprise, as the subject of the crime, shall bear criminal responsibility. Common unit crimes include unit bribery, unit bribery, illegal absorption of public deposits, false reporting of registered capital, production and sale of fake and inferior products, etc.

4, damage to business reputation and enterprise value. Illegal operation negates the social value of honesty and credit, and damages the image of the enterprise. The occurrence of illegal behavior will inevitably lead to the reduction of enterprise profits and enterprise value, which is not conducive to the long-term sustainable development of enterprises.

2. How to Establish a Comprehensive Compliance System for Enterprises

There are two types of corporate compliance in practice: "big compliance" and "small compliance. "Small compliance" generally refers to the construction, revision, review, implementation and supervision of the specific compliance system of the enterprise, and the drafting, revision, review, implementation and supervision of the internal normative policies of the enterprise; "big compliance" generally refers to all behaviors related to the operation of the enterprise are included in the compliance management, specifically involving all business and management aspects such as production, marketing, financial management, human resource management, etc, as well as the general compliance of all employees with all applicable legal norms, regulations, industry standards, and practice ethics. The comprehensive corporate compliance system we intend to establish is a comprehensive and systematic project based on "big compliance", covering all aspects of corporate governance, system formulation, decision-making and operation.

Definition and requirements of (I) top-level design for enterprise compliance

On November 2, 2018, the State-owned Assets Supervision and Administration Commission of the State Council promulgated the "Guidelines for Compliance Management of Central Enterprises (Trial)", which has six chapters and 30 articles. The guidelines can be summarized as four principles, seven institutions, eight priorities, six operations, and six guarantees. Specific content can be summarized as follows:

(1) The four principles.

1) Full coverage. Adhere to the compliance requirements to cover all business areas, departments, sub-enterprises and branches at all levels, all employees, throughout the decision-making, implementation, supervision of the whole process.

(2) Increased responsibility. Strengthen compliance management as an important part of the main person in charge of the enterprise to perform the duties of the first person responsible for promoting the construction of the rule of law. Establish a full compliance responsibility system, clarify the compliance responsibilities of managers and employees at all positions and supervise their effective implementation.

(3) Collaborative linkage. Promote compliance management and legal risk prevention, supervision, audit, internal control, risk management and other work to ensure the effective operation of the compliance management system.

(4) objective independence. In strict accordance with laws and regulations and other provisions of the enterprise and employee behavior objective evaluation and treatment. The lead department of compliance management performs its duties independently without interference from other departments and personnel.

7 institutions.

(1) Board of Directors: Approve the strategic plan, basic system and annual report of corporate compliance management; Promote the improvement of the compliance management system; Decide on the appointment and removal of the person in charge of compliance management; Decide on the establishment and functions of the lead department for compliance management; Study and decide on major matters related to compliance management; Decide on matters related to violations in accordance with authority.

(2) The Supervisory Board: supervises the compliance of the decisions and processes of the Board of Directors; supervises the performance of the compliance management duties of directors and senior management; proposes the removal of directors and senior management who are primarily responsible for causing significant compliance risks; and proposes to the Board of Directors to replace the head of the Company's compliance management.

(3) Management level: establish and improve the organizational structure of compliance management according to the decision of the board of directors; Approve the specific regulations of compliance management; Approve the compliance management plan and take measures to ensure the effective implementation of the compliance system; Clarify the compliance management process and ensure that compliance requirements are integrated into the business field; Timely stop and correct non-compliant business behaviors, and hold the violators accountable or put forward handling suggestions according to their authority; Other matters authorized by the board of directors.

(4) Compliance Committee: organize the formulation of strategic plans for compliance management; participate in major decisions of the enterprise and put forward compliance opinions; lead the compliance management lead department to carry out its work; report to the board of directors and the general manager on major matters of compliance management; organize the drafting of annual reports on compliance management.

(5) Compliance management lead department: study and draft compliance management plans, basic systems and specific system regulations; Continue to pay attention to changes in laws and regulations and other rules, organize compliance risk identification and early warning, participate in compliance review and risk response of major issues of the enterprise; Organize compliance inspection and assessment, evaluate compliance of systems and processes, urge violation rectification and continuous improvement; Guide compliance management of subordinate units; accept reports of violations within the scope of responsibilities, organize or participate in the investigation of violations, and make recommendations for handling; organize or assist business departments and personnel departments to carry out compliance training.

(6) The person in charge of compliance management: organize the formulation of a strategic plan for compliance management; participate in major decisions of the enterprise and put forward compliance opinions; lead the compliance management lead department to carry out its work; report to the board of directors and the general manager on major matters of compliance management; organize the drafting of an annual report on compliance management.

(7) Business department: be responsible for the daily compliance management in this field, improve the business management system and process according to the compliance requirements, actively carry out compliance risk identification and hidden danger investigation, issue compliance warning, organize compliance review, timely inform the lead department of compliance management of risk matters, properly deal with compliance risk events, and do a good job in compliance training and compliance investigation of business partners in this field, organize or cooperate in the investigation of violations and timely rectification.

3, eight key points.

(1) Market transactions: improve the transaction management system, strictly implement the decision-making approval procedures, establish and improve the self-discipline integrity system, highlight anti-commercial bribery, anti-monopoly, anti-unfair competition, and regulate asset transactions, bidding and other activities.

(2) Safety and environmental protection: strictly implement national laws and regulations on production safety and environmental protection, improve enterprise production standards and safety and environmental protection systems, strengthen supervision and inspection, and promptly discover and rectify violations.

(3) Product quality: improve the quality system, strengthen process control, strictly control the quality of each link, and provide high-quality products and services.

(4) Labor employment: strictly abide by labor laws and regulations, improve and improve the labor contract management system, standardize the signing, performance, modification and termination of labor contracts, and effectively safeguard the legitimate rights and interests of workers.

(5) Financial taxation: Improve and improve the financial internal control system, strictly implement the operation and approval process of financial matters, strictly observe financial discipline, strengthen the awareness of paying taxes in accordance with the law, and strictly abide by tax laws and policies.

(6) Intellectual property rights: timely apply for registration of intellectual property achievements, standardize the implementation of licensing and transfer, strengthen the protection of trade secrets and trademarks, regulate the use of other people's intellectual property rights in accordance with the law, and prevent infringement.

(7) Business partners: Conduct compliance investigations of key business partners and promote compliance by signing compliance agreements and requiring compliance commitments.

(8) Other areas that need to be focused on.

4, six kinds of operation.

(1) Establish and improve the compliance management system, formulate compliance codes of conduct that are generally observed by all employees, formulate special compliance management systems for key areas, and promptly translate relevant external compliance requirements into internal rules and regulations in accordance with changes in laws and regulations and regulatory developments.

(2) Establish a compliance risk identification and early warning mechanism, comprehensively and systematically sort out the compliance risks existing in business management activities, systematically analyze the possibility, degree of impact and potential consequences of risks, and issue early warnings in a timely manner for risks that are typical, universal and may have more serious consequences.

(3) Strengthen compliance risk response, formulate plans for the risks identified, and take effective measures to deal with them in a timely manner. For major compliance risk events, the Compliance Committee coordinates the leadership, the head of compliance management takes the lead, and the relevant departments work together to minimize risks and reduce losses.

(4) Establish and improve the compliance review mechanism, regard compliance review as a necessary procedure for the formulation of rules and regulations, decision-making on major matters, the signing of important contracts, the operation of major projects and other business management behaviors, and promptly propose amendments to the contents of non-compliance, which shall not be implemented without compliance review.

(5) Strengthen accountability for violations, improve the punishment mechanism for violations, clarify the scope of responsibility for violations, and refine the punishment standards. Smooth reporting channels, in view of the problems and clues reflected, timely investigation, serious investigation of violations of the responsibility.

(6) Carry out compliance management assessments, regularly analyze the effectiveness of the compliance management system, find out the root causes of major or recurring compliance risks and violations, improve relevant systems, plug management loopholes, strengthen process control, and continuously improve.

5, six guarantees.

(1) Strengthen compliance assessment and evaluation, incorporate compliance management into the annual comprehensive assessment of the heads of various departments and affiliated enterprises, and refine evaluation indicators. Evaluate the performance of compliance duties of subordinate units and employees, and use the results as an important basis for employee assessment, cadre appointment, evaluation and selection.

(2) Strengthen the information construction of compliance management, optimize the management process through information means, and record and save relevant information. Use big data and other tools to strengthen real-time online monitoring and risk analysis of business management compliance with laws and regulations, and realize information integration and sharing.

(3) Establish a professional and high-quality compliance management team, allocate compliance management personnel according to business scale, compliance risk level and other factors, continuously strengthen business training, and improve the team's ability level. Important areas and key projects of overseas operations shall specify compliance management institutions or allocate full-time personnel to effectively prevent compliance risks.

(4) Attach importance to compliance training, establish an institutionalized and normalized training mechanism in combination with publicity and education on the rule of law, and ensure that employees understand and follow the compliance objectives and requirements of the enterprise.

(5) Actively cultivate a compliance culture, strengthen the awareness of safety, quality, integrity and integrity of all employees by formulating and issuing compliance manuals and signing compliance commitments, establish the values of compliance and integrity in accordance with the law, and build a solid ideological foundation for compliance management.

(6) Establish a compliance reporting system, and in the event of a major compliance risk event, the lead compliance management department and relevant departments shall promptly report to the person in charge of compliance management and the leaders in charge. Major compliance risk events shall be reported to SASAC and relevant departments. The compliance management lead department comprehensively summarizes the compliance management work at the end of each year, drafts an annual report, and submits it to the SASAC in a timely manner after the Board of Directors has reviewed and approved it.

The supplementary provisions of the guidelines point out that the central enterprises shall formulate the implementation rules of compliance management in accordance with the guidelines and in combination with the actual situation. Local state-owned assets supervision and administration institutions may refer to these Guidelines to actively promote the compliance management of the funded enterprises. In accordance with the requirements of the guidelines, the State-owned Assets Supervision and Administration Commission of the People's Government of Shandong Province issued the Guidelines for Compliance Management of Provincial Enterprises on December 13, 2019. The formulation of the above guidelines provides a basis and guarantee for central enterprises and provincial enterprises to establish a comprehensive compliance system and formulate specific compliance management plans for their own enterprises.

The specific content of the comprehensive compliance system of (II) enterprises.

The enterprise's comprehensive compliance system includes civil compliance, administrative compliance and criminal compliance, covering all areas of enterprise management and running through all the processes of enterprise business.

The contents of civil compliance mainly include: providing oral and written legal advice, timely providing advice in the form of telephone, fax, e-mail, appointment, meeting, etc. for all kinds of legal problems encountered in the daily work and operation and management of the enterprise; reviewing, revising and formulating contract standard texts and procurement documents, reviewing and providing revision opinions on all kinds of contract texts and procurement documents signed by the enterprise, assist in the production of standard texts, timely draft, review and modify various legal documents in the daily work of various departments of the enterprise, pay attention to the follow-up performance, review and modify the rules and regulations of the enterprise and other legal documents, put forward amendments and legal basis, assist the enterprise in the construction of the company's rules and regulations, assist the enterprise in the prevention and control of legal risks, and assist the enterprise in the construction of a legal risk prevention and control system, issue legal opinions, certificates, lawyer letters, due diligence reports on civil compliance, participate in all kinds of negotiations and decision-making argumentation of enterprises, do a good job in the coordination and interpretation of disputes between enterprises and third parties, assist in labor and personnel management, and improve labor employment rules and regulations, labor contracts.

The Civil Compliance Legal Service is an upgraded version of the daily legal counsel service. Traditional legal advisory services are case-by-case, not directional. In addition to the traditional daily legal advisory services, civil compliance legal services also undertake the collection of comprehensive compliance management system information sources, is a purposeful daily legal advisory services, is the basis of administrative compliance, criminal compliance legal services.

The contents of administrative compliance mainly include: assisting enterprises to handle the establishment registration procedures and relevant legal affairs, sorting out the administrative supervision risks in the process of enterprise operation and designing the system in combination with high and frequent risks, issuing legal opinions on invisible administrative supervision risks for prevention and response in advance, appointing professional lawyers to make statements, defense and reconsideration for administrative risk events, participating in judicial response measures for administrative litigation cases, and conducting regular training, carry out irregular risk training in key business areas and administrative supervision risk training to help all departments and employees of the enterprise establish compliance awareness and assist in the smooth development of compliance business.

For units with administrative supervision responsibilities, administrative compliance legal services are to help units and employees perform their duties in accordance with the law; for administrative supervised units, administrative compliance legal services are to help units and employees comply with administrative regulations in the process of business development. Requirements to avoid administrative penalties.

The main contents of criminal compliance mainly include: sorting out possible criminal risks such as state-owned assets supervision, environmental protection, land supervision, land construction, safe production, labor and employment, public health, intellectual property rights and information security, summarizing the areas with high incidence and frequent occurrence of criminal risks and designing the system, and formulating key measures for criminal risk prevention for important links, key posts and key personnel in the company's business process, review the high-incidence crimes and hidden criminal risks that may be suspected in the main business of the company, conduct special assessments with relevant departments and issue legal opinions, appoint professional lawyers to participate in the entire process of criminal cases, and prevent individual crimes from being recognized as unit crimes, Prevent the legal property of enterprises from being illegally seized, and help enterprises deal with the property involved in the case in accordance with the law.

Criminal compliance legal services start with training employees' ability to identify criminal risks and improve compliance response measures, integrate compliance management and business processes at the employee operational level, and continuously identify and comply with job and business risk points, making it possible to eliminate criminal offences.

(III) the relationship between civil compliance, administrative compliance and criminal compliance

The enterprise's comprehensive compliance legal service system is built from the bottom up by civil compliance legal services, administrative compliance legal services and criminal compliance legal services. Civil compliance legal service is the basis of the enterprise's comprehensive compliance legal service system, and its investigation scope provides information and basis for administrative compliance and criminal compliance. As an intermediate link, administrative compliance plays a connecting role. If administrative compliance is done well, we can understand the focus of civil compliance. Understanding the possible criminal compliance risks in the process of administrative compliance can better prevent the occurrence of criminal compliance risks. That is to say, the risk of criminal compliance is more or less, and administrative compliance is closely related. The three compliance contents are hierarchical and focused. In particular, the prevention of criminal risk should be the top priority, and the bottom line is to strictly prevent the occurrence of criminal compliance risk, so that the other two compliance around criminal compliance, so as to ensure the normal operation of enterprises.

The Value and Significance of the Construction of Comprehensive Compliance System for 3. Enterprises

(I) the Value of Establishing a Comprehensive Compliance System for Enterprises

1, as a way of corporate governance to prevent corporate legal risks. In order to achieve good corporate governance, enterprises need to issue compliance articles of association, establish a series of policies and codes of conduct, urge employees, subsidiaries, third parties and even merged enterprises to abide by laws and regulations, and take necessary management measures in the prevention and control, identification and response of legal risks, so as to achieve the positive effect of self-governance.

2, through the establishment of corporate compliance concept to establish corporate compliance culture. The establishment of a comprehensive compliance system for enterprises may make enterprises sacrifice some commercial interests and trading opportunities in a short period of time, but it will change the business philosophy of enterprises to varying degrees, so that enterprises can establish a good social image while pursuing commercial interests. This sense of prompting companies to comply with ethical norms and assume social responsibility is the intrinsic value that a comprehensive corporate compliance system seeks to achieve.

3, gradually achieve the goal of "compliance can create value. The establishment of a comprehensive compliance system for enterprises should regard compliance as the cornerstone of sustainable development of enterprises and as a guarantee for the realization of good governance principles. The introduction of compliance mechanisms can enable companies to avoid being punished by criminal or administrative penalties, which is equivalent to directly creating commercial value. In addition, an enterprise that establishes an effective compliance plan can obtain fair competition and long-term healthy development. In addition, in the process of receiving administrative law enforcement investigation and criminal investigation, the compliance mechanism established by the enterprise can effectively cut the enterprise responsibility from the customer responsibility and the third party responsibility, effectively avoid the "inheritance responsibility" of the merged enterprise, and then realize the effective stop loss.

4, to help the government's supervision departments and law enforcement agencies to implement effective supervision of enterprises. Under the supervision of the government supervision department, establish a compliance system, comprehensively evaluate the compliance legal risks of the company, and improve the compliance management system from multiple perspectives such as first prevention, in-process monitoring, and after-the-fact response. This is to cooperate with the government supervision and investigation. Signs can also effectively avoid the occurrence of company violations of laws and regulations, save the cost of government supervision departments, and transform external supervision into incentives and rewards for enterprise self-supervision, stimulate the vitality of self-supervision, self-reporting and self-rectification.

(II) the significance of establishing a comprehensive compliance system for enterprises

The implementation of a comprehensive compliance legal service program can establish a bottom-up comprehensive compliance system for enterprises. This process starts with the help of external lawyers and can gradually be completed automatically by business managers and employees with their daily work. No matter what changes take place in external regulatory measures and relevant laws and regulations, as enterprises and employees are constantly carrying out compliance operations, the compliance system is also constantly growing and evolving, and his vitality will always adapt to the external environment. and finally integrate with the company's management system.

On the way forward, there is no achievement that is not achieved by hard work. Lawyers engaged in corporate compliance business should work with enterprises and employees to face all kinds of difficulties, obstacles and risks on the way forward. at the end of last year, for the first time in the party's history, the central committee held a work conference on comprehensively administering the country according to law. At the beginning of this year, the first special plan for the construction of China under the rule of law since the founding of New China was issued, and the construction of China under the rule of law opened a new chapter. The rule of law is the basic way to govern the country and the enterprise, and it is an important support for the corporate governance system and governance ability. Let us work together to create a comprehensive corporate compliance system, escort the healthy operation of enterprises, and provide the rule of law for the sound and rapid development of the economy and society.