Carl Li, Senior Partner, AllBright Law Office, makes recommendations for meeting the compliance requirements of the social credit system, which is scheduled to become fully operational in the Mainland by the end of 2020.
Corporate compliance is becoming increasingly important in the Mainland, especially with the expected nationwide full implementation of the social credit system (SCS) by the end of 2020. SCS assigns social credit scores to each entity (including businesses and other organisations, government officials and individuals) based on the data collected. The scores correspond to various rewards and punishments. The main purpose of SCS, when it relates to businesses, is to create a fair, transparent and predictable business environment.
The SCS includes different rating mechanisms, many of which are operational already. The official launch of the nationwide SCS will weave together all mechanisms into a comprehensive, intricate and interdependent network. It means that enterprises will face stricter compliance requirements and higher risks if they do not follow laws and other rules. This article aims to provide businesses with suggestions on how to face the new challenges imposed by the full adoption of SCS.
The government first outlined its vision for the SCS in 2014, in a State Council guideline, aiming for its full launch by the end of 2020. The SCS has been expanding and evolving since then, with many mechanisms being created and applied to enterprises. With the original deadline approaching, government authorities are accelerating their construction of the SCS according to the guiding opinions published by the general office of the State Council in July 2019.
Sources of data
The government collects data from three main sources. First, the majority of data is submitted by businesses through self-reporting. Second, the government collects data through inspection. While on-site inspections remain the norm, web-based, digital inspection is becoming more prevalent, such as real-time emission monitoring. Third, data collected by private companies, such as Alibaba, will play an increasingly prominent role.
Ratings and requirements
Depending on their size and scope, businesses need to prepare for a varying number of ratings. A core set of key ratings, such as tax, applies to all companies. Multiple concrete rating requirements constitute a specific rating. Those requirements are written in the respective regulations that companies are already legally required to comply with. While most ratings reflect standard regulatory and compliance criteria, the SCS features three unconventional requirements.
First, businesses now need to take responsibility for their business partners. Even if a company meets all its legal requirements, it can still receive penalties if one of its suppliers is on a blacklist. Second, individual and corporate credit systems interact. As such, a business registered in the name of an individual with a poor rating will automatically have a poor rating. Third, some rating requirements explicitly incorporate ratings by other government authorities, thus creating a ripple effect through which a negative rating in one area also affects a company’s other ratings. For example, any negative rating in a field other than customs would lead to a downgrading of the customs rating, and the respective company would lose, or would not be able to receive, AEO (authorised economic operator) certification.
Rewards and punishments
High scores can mean a range of different things for companies, from lower tax rates, better credit conditions, easier market access and fast-tracked approvals to more public procurement opportunities and lower inspection rates or targeted audits.
Punishments come in various forms. Other than fines, court orders, high inspection rates and targeted audits, restricted issuance of government approvals, exclusion from preferential policies, restrictions from public procurement, as well as public shaming and naming, the SCS also employs blacklisting and joint sanctions. Businesses can fall on a blacklist either from a poor rating or a particular violation, and they will be classified as ‘heavily distrusted entities’, which are flagged within the National Enterprise Credit Information Publicity System and published via www.CreditChina.gov.cn.
Blacklisting will lead to joint sanctions, meaning that government authorities will not only levy sanctions based on the rating they are directly responsible for, but also in response to negative ratings in all rated fields. For example, a rating as a distrusted taxpaying company will impact a company’s licence approvals, among others, beyond the imposition of tax-specific sanctions. In other words, a government authority may impose sanctions on a distrusted company even if that company is not blacklisted for reasons within that government authority’s jurisdiction.
The author suggests that enterprises prepare for the full implementation of the SCS by taking the following three steps.
Enterprises should conduct an internal audit to assess where they stand regarding the requirements. To do so, enterprises should first identify and understand all the laws and regulations they need to comply with. The compliance requirements may be dispersed across a large amount of government documents, so enterprises must conduct the necessary analysis thoroughly. Then, enterprises must assess where gaps exist between the requirements and reality. The last step of an internal audit is to design and implement adjustments based on the gap analysis, and to continue monitoring the changes in the SCS to keep abreast of the latest compliance requirements.
Businesses should undertake a supply chain audit and conduct due diligence on business partners, given that partners’ trustworthiness is included in the SCS assessments. Enterprises may already have a systematic supplier screening mechanism in place for various purposes, and now they have an extra reason to monitor their suppliers even more carefully, because their own ratings will be affected by the suppliers’ behaviours.
Enterprises may need to decide the scope of disclosure of its business operations. Since the SCS requires the collection of massive amounts of data through the enterprises’ self-reporting, enterprises need to transfer data to government authorities, most of which are neither sensitive nor problematic in isolation, but when combined, may create a more complete disclosure of the enterprises’ profiles. Therefore, enterprises may want to engage with respective government authorities should they hope to modify or exclude certain data transfer requirements to prevent excessive disclosure.
Enterprises are recommended to prepare for the full launch of the SCS from now on by following the above-mentioned three steps before full launch of the SCS in a year’s time.
Carl Li, Senior Partner
AllBright Law Offices
This article was first published by Vantage Asia in the March 2020 issue of China Business Law Journal.