How SOEs carry out effective compliance management evaluation

The effectiveness evaluation of compliance management systems in state-owned enterprises (SOEs) urges them to fulfil compliance obligations and to inspect and judge the actual utility of identifying, analysing and preventing compliance risks.

The Central SOEs Compliance Management Measures, which took effect in late 2022, strengthened requirements for the effectiveness evaluation of compliance management, becoming the highest-ranked normative document in the field of SOE compliance management system construction.

Current shortcomings

Single evaluation standard
The current effectiveness evaluation of SOEs’ compliance management focuses more on meeting standards, typically using a vertical compliance structure for assessment. The evaluation indicators are relatively principled. Except for the Securities Companies Compliance Management Effectiveness Evaluation Guide, issued by the China Securities Regulatory Commission, no documents describe standards, methods and evaluation indicators.

Insufficient depth of review
Related work is usually based on onsite written reviews. Experts spend short times on onsite reviews, and evaluators often have more subjective judgement power during the process, lacking in-depth investigations of compliance management execution and practical effects.

Need for richer technical means
Compared to abroad, domestic evaluations are limited by the level of informatisation, lacking effective compliance risk timely monitoring and control means. It is more difficult to technically process information data and resources, thus harder to form effective support for compliance risk management.

Key focus points

In August 2023, the State Council’s State-owned Assets Supervision and Administration Commission organised the first batch of 20 central SOEs into four working groups for onsite evaluations, requiring enterprises to start with self-evaluation and explore their own mechanisms for evaluating the effectiveness of compliance management.

It is believed that to conduct an in-depth effectiveness evaluation of SOE compliance management, it is necessary to tailor strategies according to the time, location and specific enterprise.

Establish evaluation subjects and scope
Since most SOEs adopt a group structure with multi-level organisational structures, these SOEs should focus on two types of enterprises when selecting evaluation subjects: significant affiliated institutions; and institutions that have had compliance risk events and been found to have problems through audit supervision and compliance reports.

Scientifically set the evaluation indicator system
First, focus on six primary indicators:

1. Human aspect, i.e. whether the high-level management clearly and reasonably assigns specific compliance management responsibilities;
2. System aspect, whether the compliance management system is graded and categorised with operability;
3. Mechanism aspect, focusing on the appropriateness of compliance risk management mechanism settings, the coverage of compliance requirements, and the effectiveness and continuous applicability of the compliance management system;
4. Cultural aspect, focusing on whether a top-down, endogenously spontaneous compliance atmosphere is formed;
5. Informatisation construction, focusing on the role of the compliance management information system; and
6. Violation punishment, namely punishment situations of enterprises and employees due to compliance risk events.

Next, assign scientific weights. Based on the six aspects as foundational indicators, focus on the effective operation of the compliance risk management mechanism, and refine it to mechanisms such as risk assessment and analysis warning, compliance review, supervision, reporting and assessment. Also, consider violation punishment to form a rigorous and orderly rule system.

Finally, clarify and refine the specific standards for compliance management evaluation. When refining indicators for construction, operation and management results, evaluate the scope of evaluation subjects according to the “six aspects, 44 major items” guideline, optimising standards with a focus on prevention and implementation.

Standardise evaluation methods and procedures
The effectiveness evaluation of compliance management is somewhat similar to traditional Chinese medicine’s “look, listen, ask and feel” systemic diagnosis.

• Look: Understand the compliance management situation through questionnaires, document reviews and off-site methods.
• Listen: Ensure collected information accurately reflects the execution of compliance risk management through personal interviews, company visits and other methods.
• Ask: Continue to cross-verify through interviews, sample analysis, etc., with a results-oriented approach to accurately evaluate compliance.
• Feel: Provide feasible rectification suggestions through analysis of the completeness of system settings, integrity of system construction, appropriateness of mechanism arrangements, and effectiveness of operations.

Rectification suggestions

Leverage information technology tools to optimise evaluation means. In recent years, the state has emphasised advancing digital transformation work through multiple measures. SOEs should facilitate the construction of compliance management data systems, applying information technology techniques to the construction, implementation and evaluation of the compliance risk management system as much as possible.

Adapt to dynamic development requirements, regularly conduct evaluations. An evaluation should be conducted annually to adapt to changes in compliance obligations, updating compliance management goals and improving compliance risk control measures.

Use evaluation to strengthen compliance management team building. SOEs can entrust external institutions to help evaluate the effectiveness of compliance management. This can be an opportunity to continually solidify the company’s compliance management talent pool. For example, by involving the company’s internal compliance management personnel in onsite evaluation work, use the method of training through evaluation to broaden training channels for compliance management personnel.

Pay attention to the application of compliance management effectiveness evaluation results. Just as the goal of traditional Chinese medicine’s diagnostic methods is to “treat diseases before they occur”, the effectiveness evaluation of SOEs’ compliance management should be a basis for guiding establishment of a long-term mechanism for compliance risk prevention and control. It consolidates compliance management responsibilities, effectively combining theoretical knowledge of compliance management with practical experience, and enhancing the level of SOE compliance risk management.

Liang Zheng is a partner and Wu Yijie is an associate at AllBright Law Offices