Criminal exposure is the risk companies can least afford. A business that looks solid can unravel overnight because of a single flawed decision, a failed internal control or a lapse in one role. The consequences range from reputational collapse to executives facing custody, and years of value wiped out.
China’s Supreme People’s Procuratorate (SPP) underscores the trend. Its White Paper on Criminal Prosecution Work (2024) shows that, compared with 2020, the number of people reviewed for prosecution in 2024 for crimes disrupting the socialist market economic order rose by 9.6%. Within that category, “market order disruption” offences number only 14, yet prosecutions increased by 21.4%.
Executive Director, Senior Partner
Bohe & Hansen
Prosecutions for duty-related crimes rose by 32.7%, and prosecutions in corporate-related duty offences, such as occupational embezzlement and misappropriation of funds, rose by 25%.
Practice is equally telling: Most companies do not drift into criminal cases by deliberately crossing red lines, but by mistaking business custom for legality, management habit for compliance, and herd instinct for a safe harbour. By the time reality bites, the best window for prevention has already closed.
Today’s rising corporate criminal risk is being driven by two largely irreversible shifts.
(1) China is shifting from treating criminal law as a last resort to a more proactive approach, widening the net for corporate-related offences and stepping up enforcement. From Criminal Law Amendment (VIII) to (XII), 45 new offences were added, most of them tied to business activity. Existing offences have also been broadened through wider eligible offenders, lower thresholds for criminalisation, and more covered conduct.
Amendment (XII), for example, expanded enforcement for offences such as illegal operation of the same business, illegally profiting for relatives or friends, and abuse of power in discounted share conversion or the sale of company or enterprise assets, bringing certain forms of internal fraud in private companies more clearly within the reach of criminal law. Yet few businesses can keep pace with the full body of rules, let alone their frequent updates, a recipe for “unknown unknowns”.
(2) “New quality productive forces” are rapidly reshaping business models, changing the nature of assets, the structure of transactions and operating scenarios, and creating wider grey areas in how traditional offences apply. Virtual assets, cross-border trading and platform-based operations are proliferating, reshaping the nature of assets, the structure of transactions and operating scenarios. This, in turn, creates wider grey zones in assessing the elements of traditional offences, gives courts and prosecutors more room for interpretation, and increases corporate criminal risk, meaning that companies pursuing innovation can drift into criminal territory without realising it, and pay a heavy price.
From a criminal-law perspective, the systemic risks facing modern businesses go well beyond offences that have already occurred. The greater danger lies in risks embedded in day-to-day operations that have not yet erupted. Prevention therefore requires breaking with a “fix it after it happens” mindset, and making two core shifts so that compliance and growth reinforce each other.
Shift 1: From after-the-fact rescue to up-front prevention. As the saying goes, the best doctor treats disease before it appears. Many companies still rely on after-the-fact responses; they call counsel only when problems surface, and mobilise a defence only when criminal suspicion arises. But criminal cases trigger cascading and often irreversible consequences that remediation rarely fully repairs. Effective control starts earlier, embedding criminal-risk management across the compliance lifecycle.
(1) Build compliance into the rulebook. State the compliance principle in the articles of association, business rules, codes of conduct and disciplinary standards, and translate the duty to prevent crime into the risk-control system, reducing exposure for both the company and senior management at source.
(2) Create end-to-end controls and accountability. Run criminal risk controls through decision making and execution, define departmental and role-based responsibilities, set duty checklists for key positions, and provide regular criminal law training focused on frequent risk scenarios and their legal consequences, leaving no accountability gaps.
(3) Meet compliance duties early to reduce liability exposure. Corporate crime is increasingly assessed through the lens of organisational responsibility. A robust prevention system is not only good governance, it is also part of the organisation’s supervisory duty. Proactive oversight and an explicit stance against wrongdoing can help reduce the risk for the company, and management being faulted for negligence, even if an employee commits an offence.
Shift 2: From passive reaction to active risk identification. Another recurring pitfall is purely reactive management. If a company only deals with criminal risk once it has erupted and neglects screening for latent vulnerabilities, it ends up trapped in a cycle of recurring issues and constant firefighting. The goal is to move from “handling incidents” to “identify, anticipate, respond”, pushing control forward.
(1) Institutionalise screening and maintain a risk register. Map high-risk scenarios based on industry and business model, build a risk list, grade risks, and run periodic criminal risk reviews to make latent risks visible and manageable.
(2) Strengthen incident handling to stop escalation. For employee misconduct, identify warning signs early and initiate internal investigations, corrective interviews, notices and disciplinary action, signalling management’s clear opposition and containing spillover risk.
(3) Track legal and policy developments and adjust fast. Monitor legislative, judicial and regulatory changes, anticipate the risks created by policy shifts, and update business strategies and controls accordingly. For example, as Criminal Law Amendment (XII) expands criminal law scrutiny of conduct seen in private company settings, including issues related to non-compete and asset disposal by senior executives, companies should tighten approval and oversight processes for executive duties and sensitive transactions to avoid crossing red lines.
Wang Siwei is an executive director and senior partner at Bohe & Hansen. He can be reached by phone at +86 137 6102 0669 and by mail at wangsiwei@bhslaw.cn
