º¬Ðß²ÝÉçÇø

In corporate tendering and bidding, bid rigging ¨C or collusive bidding ¨C is a key risk. Even if an employee acts on his/her own authority, the company may still be held legally responsible. This article examines why employee misconduct can create legal exposure and draws on relevant cases to offer practical reference points for building a compliance framework to prevent the risk.

Source of risks

As a legal entity, a company can only act through natural persons. As a result, employees¡¯ conduct in tendering and bidding is often treated as acting in the course of their duties, meaning the company may be held responsible.

Appearance of the conduct and its link to the role. When deciding whether employees¡¯ actions are ¡°in the course of employment¡±, it is not enough to ask whether they acted in the company¡¯s name. Courts place more weight on whether what they did is inherently connected to their job duties.

In a Jiangsu case involving company W, the first instance court held that although Chen, the person responsible for bidding, submitted a bid in W¡¯s name (which looked like an on-duty act), what he did using his position was not intrinsically linked to his duties, not done to benefit the company, and the company was not seriously at fault in its management. The court therefore treated Chen¡¯s conduct as personal.

But the appellate court took a different view, finding that Chen¡¯s conduct had the hallmarks of an on-duty act, noting that other W employees in different roles were involved in the bid submission and bid opening, so the company should be treated as having participated in the tender.

As company W could not show that it had carried out main risk controls at the authorisation stage, the court ultimately held that W should bear corresponding administrative liability for Chen¡¯s actions.

¡°Dual penalty¡± rule for corporate crimes. In corporate criminal cases, the company may be fined, and directly responsible managers and individuals may also face liability.

Under the Tendering and Bidding Law, ¡°tenderers¡± and ¡°bidders¡± are in principle defined as legal persons or other organisations. In practice, however, criminal liability can also involve the tendering/bidding entity and its responsible personnel, tendering agents and their staff, and members of bid evaluation committees.

If an employee¡¯s conduct is found to be carried out in the company¡¯s name ¨C with illegal gains going to the company and reflecting the company¡¯s overall intention ¨C the business may then be treated as the criminal offender.

Presumptions and burden of proof. The Implementing Regulations of the Tendering and Bidding Law list scenarios of bid rigging between bidders, and between tenderer and bidder.

Presumption deemed bid rigging reduces what the enforcement authority must prove, and increases the company¡¯s burden to defend itself. A company generally needs to produce evidence to overturn the authority¡¯s finding.

In a Zhejiang case, the electronic bid files submitted by companies A and B showed the same device/machine code. The bid evaluation committee considered this to be an unusual similarity, with later investigation confirming that both bid files had been prepared by a single B employee.

Although both companies denied bid rigging, arguing it was only an individual employee¡¯s conduct, the enforcement authority still imposed administrative penalties on both companies and their directly responsible personnel. In the previously mentioned Company W case, W argued that Chen¡¯s acts, such as forging seals, were personal conduct.

The court nonetheless held the company should bear administrative liability, citing factors such as: Chen held the company¡¯s digital encryption certificate with the company¡¯s consent; key steps in the tender were carried out via encrypted electronic communications; and Chen had some authorised discretion to make decisions on his own.

This suggests that if a business cannot produce strong counter-evidence to rebut a finding that it failed to put adequate risk controls in place, it may still be held liable.

Risk escalation and control

If an employee engages in bid rigging, the company may still face administrative penalties. Conduct meeting relevant thresholds ¨C such as amount involved, seriousness or repeat offences ¨C may also trigger criminal exposure.

Employees involved in bid rigging may also commit other offences to make the scheme work, cover it up, or increase illegal gains such as bribery (offering or taking) and unlawful handling of citizens¡¯ personal data.

The Supreme People¡¯s Court has noted that bid rigging is not legally ¡°connected¡± to such conduct under the Criminal Law, and offences should be punished separately. So, if an employee commits further wrongdoing in the course of bid rigging, the company¡¯s exposure can increase significantly. To manage this, companies need a multi-layer prevention framework.

Preemptive controls: solid rules and clearly split authority.
(1) Strengthen internal procedures. Clarify approval authority at each stage; prohibit employees from handling digital certificates or paying bid bonds on their own; standardise bid document preparation with review, audit trails and record keeping.

(2) Build compliance awareness. Run regular tendering/bidding legal training; have employees sign a compliance undertaking setting out who is responsible for breaches.

(3) Tighten oversight of third-party partners. Carry out basic checks on agents and intermediaries; prevent them from serving competitors at the same time; avoid conflicts of interest and blurred roles.

In-process controls: technical monitoring and transparent workflows.
(1) Electronic management. Use technical measures to restrict who can edit tender/bid documents, and enable IP tracking and version control so the document creation process is traceable.

(2) Closed-loop funds control. Bid bonds and similar payments must be made from corporate accounts; ban cash payments and use of employees¡¯ personal accounts.

(3) Segregation of duties. Separate roles for preparing, encrypting and uploading bid documents, with different staff responsible for different steps to reduce single-person control risk.

Post-incident response: preserving evidence and seeking legal remedies.
(1) Set up a rapid response process. Once unauthorised bidding by an employee is discovered, immediately suspend their access, preserve electronic data and communications records, and prevent loss of evidence.

(2) Get professional support. Promptly instruct lawyers with experience in matters involving both criminal and civil exposure, to assess risk and plan the response.

(3) Manage the administrative-criminal interface. If an administrative investigation has started, proactively provide evidence showing the company exercised reasonable supervision and seek to avoid escalation to a criminal case.

Yang Qichen is a partner at Starrise Law Firm