New laws and policies are keeping general counsel and compliance officers in China up at night as their companies may be at gunpoint due to regulatory restrictions of the U.S. and other jurisdictions where they operate.
Over last year, a series of new laws have been released in China, adding to the myriad of compliance risks multinational companies face against the backdrop of evolving trade tensions and political uncertainties around the globe. The newly promulgated Data Security Law and the upcoming Personal Information Protection Law will supplement the Cybersecurity Law, enhancing the framework governing the operation, management, and protection of data and privacy. Other significant changes include a Chinese version of blocking statute that is taking shape, and a pilot non-prosecution scheme which puts compliance programs in the limelight once again.
On July 15, 2021, over a hundred in-house legal and compliance professionals gathered in Shanghai for an insightful and inspiring session held by YuandaWinston to discuss these conundrums. While there is no "one-size-fits-all" solution, the group examined what worked and what didn't in recent cases, and explored some pragmatic approaches to addressing the challenges and questions, including:
- whether a foreign company needs a data server in China to keep local data within the Chinese borders;
- what to do if China-based evidence and documents are required in a patent litigation, or an SEC investigation, in the U.S.;
- whether providing information to a government or regulator outside China in corporate transactions, such as CFIUS, is allowed;
- additional considerations when conducting internal investigations in China; and
- how these requirements in China affect a company's compliance framework globally.
While no one doubted the urgency of re-assessing and updating the compliance programs to incorporate procedures and protocols to ensure adequate data protection, sanctions, export controls, and supply-chain governance were also flagged as priorities for compliance departments in China for the second half of 2021.
The discussions were chaired by Leon Liu, Carol Sun, and Jacob Clark at Yuanda China Law Offices, Winston's alliance partner in China. In addition to issues relating to the new laws, the group exchanged insights into best practices of running the China-based compliance function of a multinational company. As agreed by most GCs in the room, the role of China-based legal and compliance teams has never been more important. Proactive communication with headquarters and effective presentation of solutions to address challenges in China with a global perspective are keys to success.
Our recent briefing discussing cross-border data transfers under the new data laws in China can be viewed here.
Originally published July 22, 2021
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.