Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Eric Carlson: Take the headaches out of China investigations (Part 2)

Yesterday’s post on minimizing headaches during China investigations discussed company policies and mitigating risk under PRC privacy and state secrets laws.

We look today at IT assessments, other PRC laws, and local resources, continuing our list of steps companies can take now to minimize headaches when an investigation in China arises.

*     *     *

4. Conduct an assessment of China-based IT architecture and access. In our experience, the key early days of a fast-moving investigation are often spent tracking down IT-related questions such as:

  • where email servers are located that serve emails for China-based custodians
  • what shared or network drives are accessible to certain China employees
  • whether China-based employees have company-issued phones, or have company email access from their personal devices
  • what remote access to laptops can be obtained from headquarters versus locally in China
  • what kind of images can be made by company IT systems
  • whether instant messaging software is used in China, and whether those messages are preserved and accessible
  • whether disaster recovery systems (e.g., back-up tapes) are in place
  • what accounting systems are used in China, and what transaction data and details are accessible locally and remotely

Most of these questions can be assessed in advance and updated periodically (e.g., in an IT system map), rather than losing precious time after an allegation arrives.

5. Institute or update a dawn raid protocol. Particularly for companies in sectors likely to be visited by PRC regulatory authorities, consider implementing a protocol on best practices to respond to such visits. Companies are increasingly training both reception staff and local or regional legal personnel on how to appropriately handle such visits, such as assigning a designated liaison, documenting requests and interviews, and monitoring documents or other items copied or taken by authorities.

6. Understand PRC laws on bribery and corruption, particularly commercial bribery. At a conceptual level, the contours of PRC laws on bribery and corruption significantly overlap that of other corruption statutes, such as the FCPA and UK Bribery Act. But some differences exist — PRC law, for instance, has no exception for facilitating payments and very few (and different) affirmative defenses or exceptions.

More broadly, PRC law provides for both administrative and criminal penalties for commercial bribery.  Local enforcement authorities have significant enforcement discretion, so it may not be in a company’s best interest to assume that because an improper payment was to a purely private individual, it not need be investigated or does not pose significant legal risk (setting aside if there are books and records or internal control issues that may create liability under the FCPA).

7. Realize that US-style legal privileges and immunities do not exist in China. The attorney-client privilege and the work product doctrine do not exist under PRC law. China-based attorneys (both in-house and sometimes external counsel) may not be aware of the importance of these privileges and immunities and the need to structure and execute investigations in a way to maximize the protections of these privileges and immunities outside of China, even if they do not apply inside of China. For this reason, we recently drafted an article in English and Chinese (available from the authors upon request) about how to preserve privilege when conducting an internal investigation in China.

8. Understand PRC laws related to whistleblowers and whistleblower protection.  While many allegations in China come from anonymous sources, where the source is known, ensure that allegations are handled in a way to avoid missteps that could be construed as retaliation.

9. Understand PRC laws on discipline and termination and associated requirements and evidentiary standards.  PRC laws related to employee discipline and termination are somewhat different than in other countries, particularly the United States. Labor tribunals that hear employment complaints and suits are widely perceived to be pro-employee, and written evidence carries far more weight than oral testimony. Companies should collect sufficient evidence — and in a forensically sound way — during an investigation to mitigate the risk that an employee terminated for conduct identified during an investigation later has strong grounds for a wrongful termination suit.

10. Identify local resources. Many investigations will require local assistance — internal and external.  Internal resources may include IT managers to assist with preservation efforts or  accounting managers to identify transactions of interest, in addition to local legal, compliance, audit, and management staff. External resources may involve forensic accounting firms, forensic technology firms, law firms, private investigative firms, and translation vendors. Having a short list of recommended or preferred vendors in these areas that have significant experience handling investigations in China can save valuable time in the early days of an fast-moving investigation.


Eric Carlson, a contributing editor of the FCPA Blog, is a Shanghai-based partner at Covington & Burling LLP specializing in anti-corruption investigations and compliance, with a particular focus on China. He speaks fluent Mandarin and Cantonese and can be contacted here. He’ll be a speaker at the FCPA Blog NYC Conference 2016.

Share this post


Comments are closed for this article!