The threats of fraud and corruption are universal for businesses, detrimental to both economic benefits and corporate culture. Yet, many companies remain unprepared, without effective solutions. This article explores three central questions to provide a roadmap for delivering anti-fraud and anti-corruption initiatives.
Defining the scope
The first critical step in combating fraud and corruption is defining a clear and reasonable scope for action. As companies’ anti-fraud and anti-corruption efforts fall under labour employment, companies should assess whether a suspected act impacts the company’s legitimate interests or the employment relationship when determining the scope.
An excessively broad scope risks infringing on employees’ lawful rights and may face challenges in litigation proceedings. A highly restricted scope may hinder the company’s flexibility to address fraud and corruption, particularly when the act does not directly constitute an offence or crime.
Developing internal policies
Senior Partner
Hui Ye Law Firm
Tel: +86 21 5237 0950
E-mail:
tianhang.li@huiyelaw.com
Investigating internal fraud and corruption within a company presents unique challenges. On one hand, the process lacks public authority involvement. On the other, employee fraud and corruption harm the company’s legitimate interests and labour relations, in which case the company is entitled to take action within the realm of labour law.
To resolve this dilemma, companies are advised to establish comprehensive internal policies that clearly define the scope of investigative and disciplinary authority. This includes the company’s right to conduct investigations, employees’ obligations to co-operate with investigations, and disciplinary measures applicable to fraud and corruption. The following key policies should be put in place.
Personal information protocols. Investigating internal fraud and corruption inevitably involves the processing of personal information belonging to employees, their spouses and close relatives. For instance, verifying details about family members is essential in handling cases of conflicts of interest or embezzlement. The Personal Information Protection Law mandates companies to inform employees and obtain their consent before handling their personal information, while ensuring the legitimacy and necessity of such processing.
Companies should therefore establish clear protocols for handling employee personal information during internal investigations. These should specify the types of personal information involved, processing methods, protective measures, and data retention duration. For sensitive information, separate consent from employees must be obtained, along with a thorough impact assessment. If information about spouse and close relatives is needed, employees must be informed and their consent obtained.
Conflict of interest guidelines. As a key element of a company’s anti-fraud and anti-corruption framework, the guidelines should address the following aspects: (1) conflict scenarios, including but not limited to employment-related conflicts (e.g. close relatives or other conflicting relationships between supervisors and subordinates), and conflicts involving duties and loyalty (e.g. external employment, shareholding or financial ties with distributors or suppliers); (2) resolution mechanisms, establishing whether conflicts can be resolved through disclosure and approval processes; and (3) penalty rules, determining sanctions and whether specific consequences are required for enforcement.
Complaint and reporting procedures. Vital for uncovering internal fraud and corruption, the procedures cover the: (1) scope of acceptance, which should align with the defined scope of action but exclude issues related to employment contract execution such as salary, benefits, compensation and performance evaluations; (2) processing workflow, including acceptance criteria, handling processes (e.g. anonymous or real-name reporting) and guidelines for managing repeated or excessive complaints; and (3) additional provisions on investigation procedures, rights and obligations during investigations, communication of findings, whistleblower protection and reward mechanisms.
Additional policies. Key related policies typically outline the following: (1) electronic device and data management, regulating the allocation, configuration and use of electronic devices and information system accounts, along with proper record-keeping; (2) employee co-operation in investigations, detailed in employee handbooks or specific regulations; and (3) other oversight policies for procurement, sales, pricing, supplier screening and defining responsibilities for critical roles.
Finding solutions
Corporate anti-fraud and anti-corruption efforts are not solely aimed at pursuing criminal liability. Upon completing an internal investigation, companies adopt one of four resolution approaches.
- If no fraud or corruption is found, or suspicion is ruled out, the findings should be promptly communicated to the accused if they were involved in the investigation;
- If fraud or corruption is confirmed, disciplinary action should follow company policies. For misconduct not warranting dismissal, internal disciplinary measures apply; for cases meeting dismissal criteria, the employment contract may be terminated unilaterally;
- For cases involving criminal activity or administrative violations, legal complaints or reports can be filed with judicial or administrative authorities; and
- If fraud or corruption results in financial losses, the company may pursue legal claims for compensation.
In practice, even when employee misconduct meets disciplinary or criminal thresholds, companies opt for negotiated resolutions to avoid reputational damage, particularly for publicly listed firms. However, strong evidence supporting criminal charges can strengthen the company’s position in negotiations, leading to more favourable outcomes.
Corporate anti-fraud and anti-corruption initiatives are practical legal undertakings. Beyond the three aspects discussed, companies should also improve case-specific investigations and employee interviews, establishing robust mechanisms to combat fraud and corruption.
Li Tianhang is a senior partner at Hui Ye Law Firm. He can be contacted by phone at +86 21 5237 0950 and by email at tianhang.li@huiyelaw.com
