Corporate compliance is a cutting-edge topic that spans multiple legal disciplines. Typically, corporate compliance and artificial intelligence (AI) are jointly regarded as the two major frontiers of legal research in the 21st century. Corporate compliance involves at least corporate governance, administrative regulation, criminal law, criminal procedure law, and international economic law, while also drawing on research areas from diverse fields such as legal ethics, procedural law, and evidence law. It has gradually evolved into a comprehensive corporate governance system centered on compliance risk prevention and control.
To encourage enterprises to proactively establish compliance management systems, Tongfang’s corporate compliance team is focusing on promoting three key incentive mechanisms: First, a lenient administrative handling mechanism adopted by regulatory authorities based on compliance efforts; second, a lenient criminal handling mechanism implemented by criminal law enforcement agencies in recognition of compliance initiatives; and third, a sanctions-reduction mechanism adopted by international organizations based on compliance.
Building a Compliance Program
1. For state-owned enterprises, private enterprises, and foreign-invested enterprises, there should be tailored compliance program development plans that reflect their unique characteristics. Moreover, for compliance risks frequently encountered by these enterprises—such as anti-commercial bribery, export controls, personal data protection, and anti-money laundering—it is essential to establish targeted mechanisms for preventing, monitoring, and responding to such risks.
Compliance Due Diligence
2. Also known as “diligent and responsible due diligence,” this refers to the specialized investigative activities conducted by enterprises when making investments, pursuing mergers and acquisitions, developing clients, and seeking third-party partners. The purpose of these investigations is to gain a comprehensive understanding of the background, operational status, business nature, corporate size, history of legal violations and non-compliance, and any penalties received by clients, investees, acquirers, and partners—thereby reducing and controlling potential legal risks.
Compliance Internal Investigation
3. It is a crisis-response mechanism that, following the occurrence of a violation, requires the enterprise to conduct a targeted investigation into the nature of the violation, the identity of those responsible for the violation, and any vulnerabilities in the compliance system. This investigation aims to uncover the violation, identify the individuals accountable for it, and address gaps and weaknesses in the company’s internal control mechanisms by enhancing its compliance framework.
Responding to Law Enforcement Investigations
4. Primarily includes responding to mandatory compliance requirements, raising a defense of non-liability based on corporate compliance, actively facilitating administrative settlements, and responding to administrative enforcement investigations.
Mitigating Corporate Criminal Risks
5. First, cases involving the prevention of criminal risks through the transformation of business models; second, diagnosing legal risks; third, transforming business models. By helping enterprises transform their business models or alter their operational or transactional practices, we can eliminate the specific elements constituting certain crimes.
Serve as a compliance supervisor
6. This is a compliance practice for future lawyers. First, lawyers should possess the professional competencies required to serve as compliance supervisors. Second, when lawyers act as compliance supervisors, they should establish a principal-agent relationship with the company involved in the case and thereby acquire the legal status of compliance advisors. Furthermore, when serving as compliance supervisors, lawyers must maintain basic independence and avoid conflicts of interest with the company involved in the case.
