Covid restrictions taught organizations some valuable lessons about working in a “remote new normal.” One of them is how to adapt their internal audits, investigations and compliance functions to reflect situations in which they may have little or no physical access to their Chinese subsidiaries.
During the pandemic, many multinational companies adopted more remote methods of conducting audits, compliance reviews and internal investigations, including online interviews, digital document reviews and virtual process walkthroughs. Although Covid restrictions have been lifted, remote workflows are often seen as time and cost effective and many therefore remain in place. The regulatory landscape in China is evolving, however, and this poses notable challenges to internal investigations and compliance reviews involving cross-border data transfers.
China has introduced a number of major regulations recently, including the Personal Information Protection Law (PIPL) and Data Security Law (DSL) in 2021. PIPL mandates that companies use specific data transfer mechanisms if they want to move personal information to a location outside China. The DSL refers to “implementing categorized and graded protection according to the data’s degree of importance in economic and social development.” Data classified in the Data Security Law as “core” and “important” require restricted handling for reasons of data security. In addition, both data-regulation laws mention that any provision of data to foreign justice or law enforcement agencies requires approval by the relevant Chinese authorities.
In 2022, CAC introduced measures for assessing the security of data exports. Under the measures, a security assessment of certain amounts and types of personal data, as well as “important” data, must be completed with CAC prior to cross-border transfer through cyber space. Further, in April 2023 China updated its Counterespionage Law, broadening the scope of what is considered espionage. As the law states: “No individual or organization may unlawfully obtain or possess any documents, data, materials or items that are state secrets.” Since it does not provide further details on the various categories, the law could therefore be applicable to diverse types of data.
These complex and evolving regulatory demands must be given proper attention by the professionals who examine China-related activities and ensure compliance with the relevant laws as part of internal cross-border investigations. The following steps could prove useful for monitoring a company’s China business and identifying as quickly as possible any potential issues related to controls, compliance or fraud:
Paul Tan
Paul Tan is partner in PwC’s Forensic Services practice in China. He has been assisting corporate clients in managing their business risks in China since 2004. He has extensive experience in conducting internal investigations into accounting fraud, misappropriation of assets, and bribery and corruption. His areas of expertise include advising on compliance programs, fraud risk assessments, anti-bribery compliance reviews and compliance monitoring. He is a Fellow of the Association of Chartered Certified Accountants and is based in Shanghai.
Tel: + 86 21 2323 2405
Email
Marina Dorn
Marina Dorn is director at PwC (Advisory) in Frankfurt. She has over 12 years of cross-industry experience in various reputational due diligence projects, ranging from business partner due diligence to country risk assessments and sanctions monitoring. Prior to joining PwC, she built and led a team focusing on background research, including in-depth investigative research at another Big4 consulting firm. Prior to that she worked as a journalist. Marina holds an MBA from the European School of Management and Technology ESMT in Berlin.
Tel: +49 151 55997203
Email
Chinese laws to consider while planning an internal investigation or review
The above links are for informational purposes only and do not represent legally binding translations.
This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, legal or other professional advice. Please refer to your advisors for specific advice.
Make sure you get the latest information and subscribe. As a subscriber to the digital edition, you will receive an information update three times a year.
You will discover how to take advantage of current opportunities and safely circumnavigate the risks of doing business in China.
Partner, PwC China Business Group Leader & Chairman PwC European China Business Group, PwC China
Tel: +86 10 6533-8882