A series of tectonic shifts in the international and domestic legal landscape has stressed the urgency for corporate counsel to reshape their approach to legal compliance. Kevin Cheng reports
FORESIGHT IS NOT ABOUT PREDICTING the future, it’s about minimising surprise,” observed Karl Schroeder, a Canadian science-fiction author and futurist.
Whether or not they have ever read his words, legal practitioners in China have by and large been adopting a similar philosophy. In the first year of enforcement of the new Civil Code, they are also experiencing a global tightening of data privacy control, cross-border complications due to geopolitical influences, an overwhelming amount of new and amended laws and regulations, and new investment models with their own sets of challenges.
As a result, in-house counsel are reforming their compliance approaches, their roles in the corporate structure and their philosophy for nurturing talent, with an emphasis now on researching, understanding and anticipating regulatory changes instead of constantly playing catch-up.
“How to pre-emptively ensure safe and effective business operation has been one of the biggest challenges this year,” says Thomas Zhao, legal and compliance director of SKF China, the Chinese branch of the Swedish bearing and seal manufacturer.
BEYOND THE BORDER
Some say globalisation has led to a slow but steady decline of national borders, and few may feel this more keenly than companies operating with assets, businesses, personnel or data that answer to the laws and regulations of various jurisdictions, along with the corporate counsel shepherding them through the intricacies of extraterritorial compliance.
Extraterritoriality refers to the assertion of legal authority by one jurisdiction over the conduct occurring outside its territory. (See our Lexicon article in this issue for an in-depth analysis of the concept and its application.)
Legal counsel of mainland Chinese companies must be vigilant on laws and regulatory policies at home, but also in the Hong Kong Special Administrative Region, the US and other jurisdictions, lest these laws and regulations should apply to them regardless of their company’s actual location or business coverage.
The area in which extraterritorial compliance is the most tangibly felt is perhaps data regulation. The EU’s General Data Protection Regulation (GDPR), effective since May 2018, applies to all data controllers and processors worldwide handling the personal data of EU residents, or offering them goods or services. There was a global scramble ahead of its implementation to update corporate data protection, data security, and terms and conditions in order to comply with the higher bar set by the GDPR, and avoid its steep fines.
“In recent years, the global privacy regulatory landscape has been changing in an unprecedented manner,” says Natalie Li, legal counsel at Ping An Group in Hong Kong. “A number of new privacy laws around the world are following new international standards set by the GDPR.”
The GDPR was merely the beginning of a larger movement. A number of countries and regions have launched similar data privacy laws modelled on the GDPR, the latest being the passing of China’s own Personal Information Protection Law (PIPL) on 20 August 2021, scheduled to take effect in November. China has a reputation of being cautious with data import and export, which is unlikely to be dented by the PIPL, heralded as one of the strictest of such laws.
While exerting a similar extraterritorial effect, the PIPL regulates outbound data transfer of domestic companies with a differentiated approach, classifying all transferrers into two groups – critical information infrastructure operators (CIIOs) and regular data processors – with stricter controls imposed on CIIOs.
One foreign law that has kept some Chinese entities on their toes with compliance is the US Foreign Account Tax Compliance Act (FATCA), a federal law requiring non-US financial institutions to search their records for customers with birth or prior residency in the country and report their identities and assets to the US Department of the Treasury.
While sound extraterritorial compliance has become all but indispensable for major players with extensive databanks and global financial portfolios, others are faced with a different set of challenges. Entertainment is one such industry where the nationality of a product often stands at the forefront of its identity. Unfortunately for the pandemic-stricken film industry, the prospect for international collaboration has been adversely affected by factors entirely out of the operators’ control.
“When evaluating foreign partners in major co-productions this year, we’ve had to take into account geopolitical factors, which have never been a standout like this,” says Li Jingjue, legal director at Huayi Brothers, a multinational media corporation.
“Changes in diplomatic relations have rapidly and severely affected the import of major films from relevant countries or regions. For this type of risk there’s no remedy, only forewarnings if a thorough risk control system is in place,” she says.
The financial and political tensions between China and the US also loom over microchip and other tech industries, and US-listed Chinese fintech companies are facing crackdowns from both sides.
“Cross-border M&As are facing numerous uncertainties from the decline of Sino-US relations, increased risks facing China concept stocks listed overseas, and enhanced cross-border data regulation and anti-monopoly efforts,” says Zhou Feng, head of compliance and legal department at Taikang Asset Management in Beijing.
Lin Liang, chief director of the risk management department at Qianhai Ark Asset Management in Shenzhen, points out that for many prospective listing companies, moving their IPOs to Hong Kong may be an optimal solution in the near future. “Due to the change of market, some in-progress or intended listing plans had to go back to the drawing board, causing massive delays,” he notes.