LiabilityLiability of undertakings
What are the risk and compliance management obligations of members of governing bodies and senior management of undertakings?
For board of directors, their main compliance management responsibilities include:
- approving the strategic planning, basic system and annual report of corporate compliance management;
- promoting the improvement of the compliance management system;
- deciding on the appointment and dismissal of the person in charge of compliance management;
- deciding on the setup and functions of the compliance management department;
- studying and deciding on the major issues related to compliance management; and
- determining the handling of violations according to the authority.
For senior management, the main compliance management responsibilities include:
- establishing and improving the organisational structure of compliance management according to the decision of the board of directors;
- approving the specific system requirements for compliance management;
- approving the compliance management plan and taking measures to ensure the effective implementation of the compliance system;
- identifying compliance management processes to ensure that compliance requirements are integrated into the business area;
- promptly stopping and correcting non-compliance with business operations, and conducting accountability or proposing suggestions for handling violations according to the authority; and
- other matters authorised by the board of directors.
Do undertakings face civil liability for risk and compliance management deficiencies?
Deficiencies in risk and compliance management will not necessarily occasion civil liability to undertakings. Nevertheless, if such deficiencies lead to any conduct that infringes the legitimate rights and interests of other parties, undertakings may face civil liability for such infringement.
For instance, due to inadequate compliance management, if a company commits commercial bribery to obtain an improper advantage against its competitors, those competitors may bring civil actions against the company for the unfair competition, seeking for compensation.
From an internal perspective, if any deficiency infringes the rights of its own employees, such as leaking the personal information of the employees, those employees may also sue the company and claim for damages.
Do undertakings face administrative or regulatory consequences for risk and compliance management deficiencies?
Deficiencies in risk and compliance management will occasion administrative or regulatory consequences if such deficiencies directly or indirectly lead to any administrative violations committed by undertakings.
For instance, in 2020, one Chinese local bank was fined for more than 10 times for administrative violations related to loaning mismanagement, violation of the prudent operation rules and other types of non-compliant business operation. Particularly for prudent operation rules, pursuant to the Law on Banking Regulation, they shall include risk management, internal control, capital adequacy ratio, quality of assets, reserves for losses, risk concentration, affiliated transactions or liquidity of assets. And violation of the prudent operation rules, including deficiencies in risk management and internal control, would be subject to fine, suspension of business and revocation of business licence (under serious circumstances).
Do undertakings face criminal liability for risk and compliance management deficiencies?
Among the 469 crimes prescribed by the Criminal Law, there are approximately 150 unit crimes for which a company could be qualified as the perpetrator, and for these unit crimes, a company will be held criminally liable if:
- a collective decision has been made by the management of the company, or an individual decision by the relevant responsible personnel on behalf of the company, such as the legal representative; and
- the crime is committed in the name of the company and the illegal proceeds go to the company.
Deficiencies in risk and compliance management will occasion criminal liability if such deficiencies directly or indirectly lead to any criminal violations committed by undertakings. Conversely, if a company is subject to criminal liability, it is likely that there are deficiencies in risk and compliance management for the company’s business operation.Liability of governing bodies and senior management
Do members of governing bodies and senior management face civil liability for breach of risk and compliance management obligations?
If breach of risk and compliance management obligations leads to any conduct that infringes the legitimate rights and interests of other parties, undertakings may face civil liability for such infringement. Under these circumstances, a director, supervisor or senior management may be held liable for compensate the loss to the company if he or she violates laws, administrative regulations or the company’s articles of association during the performance of duties in accordance with the Company Law.
Do members of governing bodies and senior management face administrative or regulatory consequences for breach of risk and compliance management obligations?
Breach of risk and compliance management obligations may occasion administrative or regulatory consequences to directors and senior management if such breach leads to any administrative violations.
For instance, in 2020, some senior management in banking industry were fined, given warnings and prohibited from engaging in banking due to those banks’ non-compliance with the prudent operation rules (which includes risk management) as prescribed by the Law on Banking Regulation. Another example is for data compliance, person directly in charge may be subject to fine and administrative custody if a company fails to fulfil those mandatory data compliance obligations imposed by the Cybersecurity Law.
Do members of governing bodies and senior management face criminal liability for breach of risk and compliance management obligations?
The Criminal Law adopts a dual punishment system for unit crime, which means both the company and the responsible persons are subject to the criminal liabilities with only a few exceptions otherwise prescribed in the Criminal Law. Therefore, breach of risk and compliance management obligations may occasion criminal liability to directors and senior management if such breach leads to any crimes committed by the company, and the following elements need to be satisfied simultaneously:
- the crime is expressly stipulated in the Criminal Law that ‘the persons who are directly in charge and the other persons who are directly responsible for the crime’ shall be penalised, such as production and sale of fake or substandard goods, tax evasion, bribery and illegal business operation;
- the crime is committed in the name and under the control of the will of the company; and
- directors and senior management act as the persons who are directly in charge or who are directly responsible for the crime, playing the role of determining, approving, inspiring, conniving or directing in the crime committed by the company.
Law stated dateCorrect on
Give the date on which the information above is accurate.
10 March 2021.