The Chinese government is implementing a nationwide social credit rating system for all corporations that will use real-time surveillance to detect misconduct and non-compliance with local law.
Scheduled for full implementation by the end of next year, this highly controversial initiative will have wide-reaching effects on the daily operations of all businesses in China, especially large multinationals with significant operations in the country.
Earlier this autumn, the National Development and Reform Commission (NDRC), the state planning agency of the Chinese government, announced that it would be expanding the country’s social credit system to cover corporations operating in China and their senior managers. First announced in 2014, the social credit system has been run in selected regions of China on individual citizens. The system is meant to rank participants on their “trustworthiness” and provide the government with oversight of social behavior. Similar to credit scores used by financial institutions, an individual’s social credit score can move up or down.
The NDRC has indicated that it intends to expand the social credit system nationwide by 2020, with mandatory participation by all 1.4 billion citizens and all companies in China, including multinationals. To date, the Chinese government has published 350 regulations, laws and policies to outline the details of a corporate social credit system that will apply to businesses. More guidance is expected to follow.
The overarching objective of the corporate social credit system is to promote corporate social responsibility and deter misconduct such as fraud. In a recently published paper, the European Union Chamber of Commerce in China studied how companies will be rated and outlined some of the regulatory compliance risks at play.
The overarching objective of the corporate social credit system is to promote corporate social responsibility and deter misconduct such as fraud.
The methodology for scoring companies goes beyond just looking at a company’s tax records, financials or history of regulatory enforcement action. Businesses will be rated on a two-part system: scale rating and compliance records. Scale ratings, where a company’s conduct is rated on numerical or alphabetical scales, will be broken down into topic-specific ratings spanning all areas of a company’s operations such as tax, production, data transfers, product quality, public relations and environmental protection. Companies will be rated based on their ability to complete a list of requirements for each topic.
Companies will also be rated on records of compliance with government regulations. Negative scale ratings or non-compliance records could result in a company being blacklisted or labelled as a “distrusted enterprise”. Blacklisted entities could be subject to sanctions such as higher tax rates, or be restricted from accessing financial services and capital markets.
The personal social credit scores of senior managers could also be affected and they could also be subject to individual sanctions including restrictions on travel and access to banking services.
Data protection concerns for multinationals
The corporate social credit system raises many significant and complex risk considerations, spanning from data privacy to operations to senior liability. On data privacy and protection, companies could be exposed to an array of data-related regulatory risks. The Chinese government has said it intends to use advanced technology such as Big Data and artificial intelligence to monitor compliance and facilitate timely, even immediate, detection of non-compliance.
Given the aggressive pace at which the Chinese government has undertaken to develop surveillance technology in recent years, widespread use of advanced technology to administer the corporate social credit system is an imminent probability for which multinationals need to prepare.
Companies could be asked to transfer company data to government authorities as a part of their obligations to comply with the corporate social credit system. Presently, businesses are routinely asked to self-report and comply with data requests from the Chinese government. The nature of these requests and the depth of data required is likely to become more complicated as regulators incorporate more advanced technology. These requests could give rise to compliance issues with other data privacy regulations such as restricted data transfers under the EU General Data Protection Regulation (GDPR).
Another scenario worth considering for multinationals: requests from the Chinese government for company data that is not located in China and is subject to the data transfer laws of another jurisdiction. Companies could find themselves in a situation where they are asked to choose between protecting their corporate social credit score at the risk of violating data protection laws in another jurisdiction. In the case of the GDPR, violations could prove to be financially costly. In addition to dealing with data requests from government entities, companies may also be asked to transfer data to private enterprises contracted by the Chinese government to collect data.
Companies could be asked to transfer company data to government authorities as a part of their obligations to comply with the corporate social credit system.
Technology companies in the private sector such as Ant Financial, a subsidiary of Alibaba, have been contracted to run smaller-scale social credit score trials that involve the collection, storage and use of company and personal data. Other private sector businesses such as Huawei Technologies and Tencent, are also involved in developing and implementing the corporate social credit system.
Additional compliance concerns
The corporate social credit system aims to monitor and detect misconduct, undesirable business practices and non-compliance records on a continuous, near real-time scale. As a result, companies will face the formidable challenge of implementing compliance controls that can proactively track and collate changes in their scale ratings and compliance records throughout all of their operations in China.
This task is likely to be extremely challenging for businesses of all sizes, especially large multinationals with multiple operations in China and which are subject to oversight by industry-specific, provincial and national regulators. In addition to tracking changes in myriad topic-specific rating scales and compliance records with individual regulators, companies will also need to determine why their score was negatively affected and what actions are needed to restore their rating.
Businesses that could be subject to China’s corporate social credit system are advised to start preparing for nationwide implementation of the program as soon as possible. Formulating a strategic approach may require senior managers to address complicated questions and to consider the costs implicit in maintaining a good corporate social credit rating.
Helen Chan is a regulatory intelligence expert for Thomson Reuters Regulatory Intelligence, based in Hong Kong.