Tips for building a corporate compliance system

By Zhu Nandi, Blossom & Credit
Copy link

In recent years, the demand for compliance in businesses has increased significantly, however many enterprises still perceive corporate compliance management as a brand new concept. To establish a comprehensive compliance system, at least three challenges and four key points need to be carefully considered.


(1) Wide range of factors. Establishing a corporate compliance management system requires a thorough understanding of both internal and external factors affecting the enterprise.

External factors include the political, social, technological and legal environment of the country or region where the company is located. By understanding the external environment, companies can assess whether they are suitable for operating in that area, identify potential risks and develop conventional risk mitigation strategies.

Internal factors refer to the company’s organisational structure, business objectives, management philosophy, core competencies, available resources and management attitudes. Only by fully understanding the internal and external environment can companies build a solid foundation for a compliance system tailored to their specific needs.

(2) Conflicts and challenges with existing systems. The establishment of a compliance system within a company leads to the most immediate result of developing or altering the company’s existing rules and regulations.

While it may seem simple to require all levels of the company to adhere to the new regulations, the change can disrupt the company’s long-established operational procedures, leading to a potential decrease in employee efficiency, a drop in work motivation, and even the possibility of relinquishing some expected benefits.

Due to these predictable negative consequences, some companies – despite initially actively promoting compliance management and system construction, even formulating compliance guidelines – later failed to prioritise the value of compliance and the long-term benefits it can bring to the company.

building a corporate compliance system
Zhu Nandi
Blossom & Credit

Gradually, they began to neglect compliance management, resulting in compliance in name only, and compliance policies being shelved.

(3) Dynamic development. Belief that completing construction of a compliance system constitutes the entirety of a company’s compliance efforts neglects compliance management’s dynamic development.

Overall, compliance management in a company follows a cycle of “identifying problems, solving problems, summarising experience and managing operations”. Additionally, the definition of compliance within a company constantly evolves alongside the company’s development.

Only by continually summarising problems from a compliance perspective can a company avoid repeating mistakes, save on operational costs and reduce losses, thereby achieving long-term benefits of compliance management.

This also means that compliance management cannot be a one-time effort. It requires personnel at all levels and departments within the company to maintain compliance awareness and adhere to compliance management regulations in their daily activities while actively participating in the construction of the compliance system.


Interpreting the Measures on Compliance Management of Central Enterprises, which came into effect on 1 October 2022, there are four key points for the construction of a corporate compliance system.

(1) Clarifying organisational structure. The organisational structure for compliance management in a company is like the steel and concrete structure of a skyscraper. It is the foundation for establishing and operating compliance in a company. Each company should reasonably arrange the responsibilities and requirements of the management, governance and execution levels, as well as the operating structure for work connection and co-operation between departments.

The “three lines of defence” basic framework for compliance management of business and functional departments, compliance management departments and supervision departments has been constructed through relevant regulations in the above-mentioned measures. The leadership role of management is also emphasised.

In addition to adhering to the “three lines of defence”, the second chapter of the measures also clearly proposes the establishment of a compliance committee and a chief compliance officer, and specifies the compliance roles and corresponding responsibilities of the board of directors, management, business and functional departments, compliance management department, and central enterprise disciplinary and supervisory organisations, as well as the supervisory responsibilities of audit, inspection, supervision and accountability departments.

(2) Improving compliance systems. Compliance management in enterprises requires the development of compliance management systems or standards at different levels. Companies need to consider the legal requirements, regulatory requirements, social norms and operational needs of the country or region in which they operate to develop these systems.

Therefore, when improving compliance management systems, it is necessary to meet the following requirements: different levels of systems should have unified standards, be simple and clear, and within a manageable quantity; ensure system implementation; and timely refinement.

According to chapter 3 of the measures, central enterprises need to establish a hierarchical and classified compliance management system based on the scope of application and the level of effectiveness. Companies also need to revise and improve regulations and systems in a timely manner based on changes in laws, regulations and regulatory policies, and conduct inspections to ensure compliance with the regulations.

(3) Establishing management mechanisms. The mechanisms for compliance management in an enterprise refer to the operational mode for identifying, preventing, responding to, controlling, holding accountable and evaluating compliance risks. When establishing or implementing such mechanisms, enterprises need to focus on compliance risks in key areas, key processes and key personnel.

Chapter 4 of the measures sets out the operational mechanisms for compliance management in central enterprises, which have strong reference value for the development of large enterprises.

(4) Cultivating a compliance culture. An enterprise’s compliance management culture stems from its daily implementation of compliance, supplemented by specific activities. Compliance management is carried out from top to bottom, and the formation of an enterprise culture naturally requires leaders to set an example and take the lead.

Article 29 of the measures stipulates that central enterprises should incorporate compliance management into the study of the party committee on the rule of law, and promote the strengthening of compliance awareness among enterprise leaders, taking the lead in carrying out management activities by the law and regulations.

Based on this, compliance culture can also be promoted through publicity, compliance training, and organising compliance activities to form distinctive cultures of compliance management in each enterprise.

The benefits of compliance do not depend on short-term norms, but rather on enabling enterprises to actively respond to competition, adapt to benign cycles and sustain long-term operations.

Zhu Nandi is an associate at Blossom & Credit

Blossom & Credit

Blossom & Credit
12/F, 15/F, Tower A, Xinzhongguan Building
No.19, Zhongguancun Street,

Haidian District
Beijing 100086, China

Tel: +86 10 8287 0263
Fax: +86 10 8287 0299
电子信箱 :

Copy link