Introduction
Current issues
Most pressing risks
What can be done to mitigate risks?
Risks are always heightened during times of significant change. Given the amount of disruption to business models, supply chains and working practices that the covid-19 pandemic has caused, it is critical for organisations to fully and proactively assess risks that may have built up over the past 18 months.
This is precisely the time when visibility of the key risk areas is most beneficial. However, with China maintaining strict quarantine requirements, this poses a unique set of challenges for organisations where key control functions are located outside China's borders.
Every organisation has risks that may need serious consideration. Pre-covid-19, an important part of the risk-mitigation toolkit was sending in control functions for onsite visits, be that internal audit teams looking at financial risks or auditing off-system processes, checks on suppliers, such as due diligence, quality checks or exercising audit rights. For instance, it has been repeatedly seen in China that an in-person supplier conference can be helpful in rooting out collusion and kickbacks, with the added benefit of visibly introducing competitive tension to the procurement process.
While some organisations have decentralised legal and finance functions, the reality is that for many multinational companies operating in China, there is a certain level of centralisation in critical control functions either in their head office or regional headquarters for functions such as:
- finance;
- legal;
- internal audit; or
- IT.
The inability of senior legal counsel or compliance teams to visit, conduct onsite investigations or simply be a visible presence creates additional pressure on personnel in China to exercise control and hold senior executives to account. This environment creates a heightened risk of stored-up problems.
This is compounded by greater sensitivity in relation to data transfers out of China. To ensure compliance with the new Data Security Law, many multinationals are moving to localise data in China. This may impact the ability of compliance teams or internal audits outside China to proactively review data for anomalies or reactively conduct internal investigations into potential incidents.
The following risks should be at the forefront of organisations' considerations:
- accounting or financial reporting fraud – this is usually considered a low-likelihood, high-impact risk. In times of increased uncertainty or financial distress, the pressure on financial results becomes a significant risk factor. Aggressive accounting issues can increase over several quarters into material issues that are highly damaging to the organisation and its investors; and
- procurement fraud – this is a perennial risk, particularly where collusion is involved. As with accounting fraud, the pressure on suppliers to keep contracts is heightened during difficult or uncertain times, particularly if the contract represents a material part of the supplier's business. Organisations can be reluctant to address procurement fraud due to the potential disruption to supply chains and operations. This needs to be weighed against the risk of selecting the wrong supplier. When suppliers are selected for unethical reasons, the effect on quality, safety and the ability to deliver the contract can be overlooked, as well as the financial impact involved.
What can be done to mitigate risks?
In the short term, timely messaging from senior management on the organisation's commitment to zero tolerance of unethical behaviour, coupled with direct communications on the control functions in higher-risk areas to prompt deeper consideration of key risk issues, will help to empower and assist with early identification of potential concerns before they escalate into significant financial, regulatory or reputational issues.
In the medium term, the trend towards hybrid or fully remote working and reduced business travel seems irreversible. This means that digital transformation is even more important. The shift is likely to bring certain advantages from a compliance perspective, with fewer off-system processes, better visibility and accountability as well as higher data quality to help detect issues proactively.
This contrasts with the other main trend, which is greater protection of data and the legal restrictions on transferring certain types of data out of China. Companies will need to proactively assess and monitor their digital infrastructure, controls and backup processes to ensure that in the process of digitalisation, they do not inadvertently trigger legal liabilities.
For further information on this topic please contact Edward Boyle at AlixPartners by telephone (+852 2236 3500) or email ([email protected]). The AlixPartners website can be accessed at www.alixpartners.com.