FCPA compliance in China

By Mark Jenkins, CFE; Sunny Chu, CFE, CPA; and Christopher Meadors, J.D., CPA

corruption-in-chinaThough foreign investors have begun to shy away from China, the country still holds huge appeal. Those companies need to pay close attention to stay on the right side of local and international anti-bribery laws.

As you sip your frothy Cappuccino while basking in the glow of your most recent quarterly report, which shows a dramatic increase in sales in your China division, your assistant busts into your office with a letter from …. the Department of Justice! Hmmm. What could they want??

While foreign direct investment (FDI) in China has lost some momentum — it decreased from $116 billion to $111.7 billion from 2011 to 2012 — China still remains one of the most preferred locations for corporate investment. Of course, great opportunities can often precede large frauds. Some multinational companies, such as the British pharmaceutical giant GlaxoSmithKline (GSK), are finding themselves in the headlines faced with allegations of violations of the U.S. Foreign Corrupt Practices Act (FCPA) and Chinese anti-bribery laws. 

When multinationals decide to enter China through FDI, several underlying forces could be a problem: 

  • Corruption that has long been the norm in China.
  • The Securities and Exchange Commission (SEC) and the Department of Justice (DOJ) is now vigorously enforcing the FCPA.
  • The existence of state-owned entities (SOE) that appear to be private entities.


Although China is attractive for FDI, multi-nationals must know with whom they do business and be aware of the inherent risks of corruption. Transparency International’s 2013 Corruption Perceptions Index (CPI) ranks China a relatively poor 40th. (According to Transparency International, zero means highly corrupt, and 100 means limited corruption. To provide points of reference, Afghanistan and Somalia are 8 on the CPI, and Denmark and Finland are 90. Although China isn’t the highest in corruption, it remains a high-risk country.)

What corruption risk could a multinational expect when doing business in China? In the GSK case, Chinese authorities are investigating the company for colluding with a travel agency to funnel money to government doctors using fraudulent invoices. (See “ GlaxoSmithKline Accused of Corruption by China,” by David Barboza, The New York Times, July 11, 2013.) In 2012, Eli Lilly had similar issues when its sales force employees were submitting expense reimbursements for cash, bathhouse visits and meals they were giving to Chinese government doctors in return for the doctors purchases of Eli Lilly products.

The pharmaceutical industry is not alone in struggling with corruption in China. In 2012, Morgan Stanley’s real estate and fund advisory managing director, Garth Peterson, colluded with a former chairman of a Chinese state-owned enterprise, Yongye Enterprise Group. Peterson paid the Chinese official and himself “finder’s fees” of $1.8 million that Morgan Stanley owed to third parties. In exchange for the fees and personal interest in Morgan Stanley’s investments, the Chinese official brought business to Morgan Stanley. (See the SEC release, “ SEC Charges Former Morgan Stanley Executive with FCPA Violations and Investment Adviser Fraud.”)


The condensed explanation of the FCPA is the prohibition of paying a foreign official anything of value to obtain business. The SEC and DOJ have interpreted the FCPA broadly in its definition of a “foreign official” and the giving of “anything of value.” These interpretations are even more significant pertaining to transactions in China. [See the PDF, § 78dd-1, Section 30A of the Securities & Exchange Act of 1934, (a) Prohibition.] 

Although the FCPA has been a federal statute since 1977, the last 10 years has shown a dramatic increase in enforcement by both the SEC and the DOJ for both publicly traded entities on the U.S. stock exchanges and U.S. “Domestic Concerns,” (as defined by the FCPA), which are privately held entities. (See the chart under “2012 FCPA ENFORCEMENT STATISTICS” in the “ 2012 Year-End FCPA Update” by Gibson Dunn," Jan. 2. 2013.)

Despite the most recent decrease from 2011 to 2012, the DOJ has released an FCPA Guideline to demonstrate its focus of continued rigorous enforcement. The DOJ and SEC continue to bring cases against companies for bribery in China.


Before China began changing its economy in 1978, its system was similar to the pre-1990’s Soviet economy: State-owned entities, which the central government commanded and controlled, dominated the major industries. Although China’s reforms have decreased the state-owned entities’ share of total economic output (80 percent pre-1978 and 15 percent post-millennium), they still are major contributors to the oil and gas, steel, telecom, banking and transportation industries. (See the PDF, “ China Under the Foreign Corrupt Practices Act,” by Daniel Chow, pp. 580-581.)

Multinational companies — when they enter into FDI in China via joint ventures, acquisitions or other business arrangements — may not know that many seemingly private companies in China may be state-owned entities, and its owners and employees may have government ties or be political officials. Again, the DOJ and SEC broadly interpret “state-owned entities” and “foreign officials.” In United States vs Carson, the DOJ charged Carson with paying bribes to foreign officials in China including the China National Offshore Oil Company, Dongfang Electric Corporation and Petrochina. Carson claimed that a state-owned entity isn’t an instrumentality of the government and therefore its employees can’t be foreign officials. The court set forth several factors to determine whether a company is an instrumentality of the government, overruled Carson’s motion to dismiss and decided that the state- owned entities in question were instrumentalities of the government. (See the PDF, “ China Under the Foreign Corrupt Practices Act,” by Daniel Chow p. 579.)


The definition of a “foreign official” in China can be more problematic than in other countries. The DOJ and SEC broadly interpret it to include all Communist Party of China (CPC) members — a large population. The CPC runs parallel to the People’s Republic of China (PRC) in structure and membership. The two entities are difficult to separate and appear to be indistinguishable. (See the PDF, “ China Under the Foreign Corrupt Practices Act,” by Daniel Chow p. 587.) CPC members may have businesses in the private sector, and if a multinational does business with or acquires a CPC-owned company or CPC employee, that CPC member may use political connections/favors to obtain business. 


Multinational companies’ due diligence to avoid FCPA issues in China is becoming increasingly difficult. As of January 2013, the Chinese government halted the free accessibility of corporate records from the Administration of Industry and Commerce (AIC), which is a regulating body that keeps financial and ownership information on all companies in China. The Chinese government is restricting this corporate information because several media and investment informational companies published articles about fraudulent Chinese companies and political figures. (See “ Exploring the impact of China’s clampdown on public records,” by Peter Humphrey, CFE , May 2013, “The Fraud Examiner.”) [Humphrey was arrested, along with his wife, in August 2013 in connection with bribery allegations against GlaxoSmithKine, a former client of ChinaWhys, in a case that has alarmed anti-corruption professionals. See “ China's Chilling Crackdown on Due-Diligence Companies,” by Ana Swanson, Oct. 23, 2013, The Atlantic.] This restriction will create serious difficulties in investigating the following:

  • Determining the ownership interest of potential joint ventures, vendors, clients to identify possible state-owned entities, foreign officials and politically exposed persons (PEP lists).
  • Proactive fraud detection/data analytics – matching addresses and telephone numbers of vendors, clients and employees to identify shell companies.
  • Potential investors that want to conduct due diligence on Chinese companies.


It should be apparent to any company considering or participating in FDI in China that the cost of compliance should be greater than zero. Top-down, corporate-level compliance programs are unlikely to be effective in addressing these risks. While a robust global anti-corruption program is important, dealing with high-risk countries such as China requires that organizations must implement and oversee their compliance programs at the local level. This will require them to tailor programs to the particular risks and culture of that specification location, as well as having compliance personnel in country. 

At the very minimum, a robust and effective compliance program in China should include the following:

1. Training for high-risk employees

  • Employees such as sales or purchasing personnel who are working and/or living in China must have a thorough understanding of FCPA and local country anti-bribery laws.
  • Training should include case studies and possibly simulations of how bribe solicitors might approach employees.
  • It’s vital to educate employees on what constitutes bribery and the company’s and offending employees’ penalties, fines and punishment. Reporting the violations to the appropriate law enforcement agency will also be a strong deterrent. Employees will be more likely to obey the rules if they know that they can lose their jobs and livelihoods if they’re charged and convicted and not just because it’s illegal in the U.S.
  • Train employees must to report violations and how to do that.
  • Update ongoing training based on new examples of possible bribery situations.
  • Tailor training to local language, culture and country-specific fraud/corruption issues. See the PDF, “ China Under the Foreign Corrupt Practices Act,” by Daniel Chow, p. 603.

2. Incorporate into other related compliance programs

  • Where possible, build FCPA compliance activities into overall anti-fraud and regulatory compliance programs, such as international trade compliance, ITAR International Traffic in Arms Regulations and general fraud (e.g. fraud, embezzlement and theft of trade secrets). (ITAR deals with military technology that could entail the sale of that technology directly to foreign governments or through local brokers, which inherently would include foreign officials. This is an FCPA red flag in the making!) From a legal perspective, issues associated with FCPA are distinct from other regulatory areas such as ITAR and EAR Export Administration Regulations; in practice, they share many parallel issues, compliance activities and penalties. Integrating similar compliance activities is logical, more cost effective and more likely to be successful than multiple, independent and stand-alone activities.

3. Communicate anti-fraud programs

  • Communicate locally, preferably facility by facility, that the company has zero tolerance for violations of anti-fraud policy. Make clear that each employee is expected to comply — specifically how to report potential wrongdoing and the consequences for failing to live up to those expectations via local training and regular written policies to employees and distributed to company partners, vendors and clients. 

4. Due diligence on potential business relationships in China

  • Due diligence has become more difficult with the recent limitations on obtaining basic company records in China. Nonetheless, it’s still required as a basic element of an effective compliance program.
  • Conduct due diligence locally using reputable companies. The cost of local due diligence can be high, so we recommend prioritizing based on the type of FDI in China.
  • Be wary of firms offering to “certify” business partners as being FCPA compliant. These certifications are typically the result of a partner’s “self-reporting” to the certifying organization and offer little meaningful insight and no guarantee of compliance. Instead, use firms specializing in due diligence, which will use trained investigators and independent data to validate assertions.
  • All contracts, agreements, policies and other documents (e.g. code of conduct) must explicitly require compliance with all applicable laws and regulations. Contracts and agreements must always include a right to audit and indemnity clauses.

5. Proactive fraud detection testing: 

  • In broad terms, proactive fraud detection refers to a set of programs, tools and tests designed to surface high-risk transactions rather than waiting for them to be discovered through other means. The topic is broad and beyond the scope of this article. However, these are some illustrative examples in the FCPA context:
    • Proactive testing includes data analytics and standard fraud testing. The key is to leverage local data sets and accounting records in the high-risk areas and tailor the testing to frauds commonly encountered in those areas. For example:
      1. The Eli Lilly case mentioned at the beginning of this article involved sales employees submitting fraudulent expense reimbursements to disguise cash payments to doctors. A company concerned about such activity could analyze trends in expense categories prone to manipulation (e.g., miscellaneous, cash advances, entertainment, meals, gift cards) and/or benchmarking against similar industries to identify high-risk transactions.
      2. GSK’s investigation involved use of a third-party vendor to disguise illegal payments. Companies might address this issue by analyzing accounts payable vendor master files to identify either large or frequently recurring payments in historically high-risk services such as consulting, travel, legal and professional fees. Compare any suspicious transactions to documentary evidence and investigated further.
      3. When companies source vendors by competitive bid, use data analysis of the vendor master file to identify suspicious trends in vendor success rates or high rates of change orders/cost overruns — both potential indicators of bid rigging.
        Companies can establish almost unlimited automated tests tailored to flag unusual transactions for further review. Large commission payments, payment records with certain key words and payments made in non-local currency or sent to different location are just some of the areas companies analyze with proactive fraud detection. 


Companies that recognize the risks and invest in realistic, practical and robust compliance programs will realize significant financial benefits, including:

  • Reducing direct expenses associated with corruption or fraud (e.g. elimination of illegal payments) by educating and deterring employees from engaging in such activities.
  • Reducing the costs of investigations by deterring or identifying fraud/corruption early.
  • Reduce the cost of potential fines (or even imprisonment) by identifying and self-reporting. (In determining fines and penalties, the DOJ and SEC will consider the entity’s compliance program, whether they self-reported and the sufficiency of the company’s investigation.) 

China is certain to continue to be a huge opportunity for FDI. To be successful in this market, multi-national companies must understand that significant investment in FCPA and anti-fraud compliance is an essential part of their overall strategy. U.S. and local regulators recognize that companies operating in China and other high-risk locations are fertile ground for fines and penalties. Enforcement of FCPA and local anti-bribery laws continues to increase. 


It’s worth reviewing the Morgan Stanley FCPA case. Morgan Stanley completely cooperated and investigated vigorously. Its compliance program had identified Yongye Enterprise Group as a state-owned enterprise and notified Peterson some 35 times. Peterson ultimately ignored the warnings and disregarded the company’s policies. He now has been charged criminally for his violations of the FCPA and the Invest Act. However, regulators didn’t charge Morgan Stanley because it had an effective compliance program in place, conducted a thorough investigation when the matter was discovered and fully cooperated with authorities. Morgan Stanley, because of its proactive practices, has saved many millions of dollars in investigation costs, legal fees, and potential fines and disgorgements. (In contrast, Wal-Mart disclosed that its FCPA investigation costs had reached $230 million as of March of 2013, equating to approximately $600,000 per day in professional fees, and continues to grow. The U.S. government hasn’t yet assessed Wal-Mart penalties or fees.)

The DOJ and SEC will continue to probe into the companies that are investing heavily in the high-risk countries like China where ease of business is high. If you don’t want to be that manager who just received the DOJ letter, compliance is the key. 
Mark Jenkins, CFE, is a managing member at Fidelity Forensics Group LLC.  

Sunny Chu, CPA, CFE, is consultant at Fidelity Forensics Group LLC.  

Christopher Meadors, J.D., CPA, is managing member at Fidelity Forensics Group LLC. 

Read more insight and discuss this article in the ACFE's LinkedIn group

The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.Fraud-Magazine.com or www.ACFE.com. ACFE follows a policy of exclusive publication. Permission of the publisher is required before an article can be copied or reproduced. Requests for reprinting an article in any form must be emailed to FraudMagazine@ACFE.com