What Tech Companies Operating in Asia Need to Know

November 2017


Download PDF Version

Tech’s Top Compliance Risks in China: A Q&A with Pei-Li Wong, BDO’s Asia Forensic Desk Leader

Tech is more concerned with complying with anti-corruption laws this year than ever before, according to the 2017 BDO Technology RiskFactor Report.

Nearly three-fourths (74 percent) of the largest 100 publicly traded U.S. technology companies cite compliance with the Foreign Corrupt Practices Act (FCPA), aimed at combating the bribery of foreign government officials for business gains, in the risk factor sections of their annual 10-K filings. That’s significantly up from 58 percent in 2016 and 29 percent in 2013, the first year of the study.

Heightened FCPA risk lies with organizations that have China-based subsidiaries. In fact, 27 companies paid close to $2.5 billion to resolve FCPA cases in 2016, 55 percent of which involved activities in China.

I recently sat down with Pei-Li Wong, leader of BDO’s Asia Forensic Desk, to talk about the top compliance risks facing tech companies in China and the broader Asian market today.

What are the greatest challenges when it comes to doing business in Asia?

One of the greatest hurdles companies encounter when considering whether to expand or launch operations in Asia is getting beyond the view of “business in Asia” as an umbrella term. Oftentimes when we talk about Asia, we make the mistake of homogenizing the region; however, the individual markets are distinct. The Asia region is comprised of many countries with varying languages, governing bodies, regulations and cultures—all of which come with a unique set of challenges. Acquiring the knowledge and skillsets needed to succeed in Asia is often the first step to expanding or launching operations, but ensuring compliance with laws of both the home country and overseas ups the ante.

A major challenge many companies face is having the resources needed to identify the compliance gaps and where they may occur. Then, they must be able to implement a compliance program based on this gap analysis. Finally, it is important that companies continually monitor their transactions and assess the effectiveness of their compliance program thereafter. Without reassessing their program on a regular basis, organizations risk missing red flags that may be indicators of potential corrupt activity.

What regulatory issues should foreign tech companies looking to break into or already conducting business in China be aware of?

President Xi Jinping’s national crackdown on corruption has led to a hardened regulatory environment under which no industry nor company—foreign or domestic—is immune to potential government scrutiny. From late 2012 to early January 2017, more than 7,900 officials have been punished for wrongdoing, according to the U.S. Department of State’s citation of China’s Central Commission for Discipline Inspection (CCDI) figures. This number continues to grow, as the country finds ways to further regulate the way business is conducted under its jurisdictions.

In November 2015, the Ninth Amendment to the Criminal Law of the People’s Republic of China (PRC), which introduced a new bribery offense and revised the antibribery and anti-corruption (ABAC) provisions of the law, went into effect. Those standards were later updated in April 2016 to clarify sentencing criteria for government officials and commercial bribery offenses. As China increasingly looks to further tighten its campaign domestically and overseas, companies can expect additional measures and changes to the CCDI and/or current anti-corruption regulatory bodies to be implemented.

Has there been a shift in how businesses operate in China due to the national crackdown on corruption?

With the steps China has taken, foreign businesses, including tech companies, now have to face an increasingly intricate regulatory environment, which may make conducting business in the country more difficult. In January 2015, for example, the government adopted regulations that required all companies selling computer equipment to Chinese banks to turn over their secret source code, submit to invasive audits and build back doors into their hardware and software. While the government said the regulation was put in place to bolster cybersecurity, U.S. tech companies expressed concern that such regulations are anti-competitive and meant to favor local firms. More recently, however, China reached an agreement with G20 leaders to advance fugitive repatriation and asset recovery in the country, signifying greater inclination to cooperate with international regulators.

Companies with more experience managing compliance with international laws and regulations have reacted to more stringent policies by putting in place measures to comply with them. However, they have also called for greater government transparency, as public details on several high-profile investigations have been vague, leaving company stakeholders in the dark. As the anti-corruption campaign continues, tech companies will need to stay abreast of accompanying regulatory changes.

What other compliance risks do tech companies often overlook when they’re operating in Asia?

Tech companies operating in multiple jurisdictions in Asia often run the risk of not paying sufficient attention to the varying tax laws unique to each jurisdiction. Tax regulators in different countries will often require differing levels of documentation. Under the FCPA’s books and records provision, for example, entities are required to accurately and fairly depict their transactions, and to design and maintain internal accounting controls to help maintain this accuracy.

Meanwhile, China relies on the fapiao system as a tool to enforce tax regulations. The fapiao is a legal, formal tax receipt regulated by the state. The description on a fapiao is usually broad and generic and often does not provide the level of detail required to accurately record the transaction in a company’s books and records. Yet, a fapiao is usually deemed adequate documentation by local businesses, thereby creating a disconnect between the documentation required for local tax compliance purposes and the documentation expected of foreign companies in their home jurisdictions under various international regulations. One of the new requirements for the fapiao requiring issuers to ensure that correct transaction information (goods and services provided) is printed on the fapiao came into effect on July 1 of this year. While this closes some loopholes, it may not entirely solve the disconnect.

Foreign companies unfamiliar with the Chinese system, and local consultants unfamiliar with the FCPA and other global tax laws, can easily find these differing systems confusing. Thus, it is important that tech companies looking to operate in China take the time to familiarize themselves with local policies and regulations, in addition to those required under U.S. law.

What should tech companies do to mitigate these risks?

Foreign tech companies operating in China today must ensure they maintain compliance with both China and their home country’s regulations. They must have a sound understanding of their sales distribution and supply chains and be aware of all external touchpoints and the business reasons for these interactions. Finally, they must also closely monitor the activities of their foreign partners—especially any third-party intermediaries—which can introduce significant bribery risk.

A best practice is to ensure that the company’s policies prohibit all forms of corruption with any party—whether it’s a government official or entity, an individual, a private enterprise, a third-party vendor or the like—so that no ambiguity in expectations exists. Employees must clearly understand that any type of corruption is unacceptable and will not be taken lightly.

A diverse team comprised of individuals from different functions and with unique skillsets should be responsible for putting in place a preemptive investigatory mechanism to strengthen internal controls overseas. This team should include personnel from both headquarters and global (local) entities to mitigate potential conflicts of interest between local entities and intermediaries or employees. It is important that tech companies employ this strategic approach to regulatory compliance and risk management while operating in other countries.

Read more about navigating compliance risks in China here.

Aftab Jamil, partner and leader of BDO’s Global Technology practice, has over 20 years of experience in public accounting. He has served public and private companies ranging from start-up, development stage enterprises to established multinational companies, and can be reached at ajamil@bdo.com.

Pei-Li Wong, managing director and leader of BDO’s Asia Forensic Desk, has substantial experience conducting forensic investigations, due diligence and compliance reviews throughout Asia and elsewhere involving Asian businesses. She can be reached at pwong@bdo.com.