This is the fourth and final installment in this series
White collar criminal law experts who regularly represent or advise Chinese companies all agree that the arrest of Huawei CFO Meng Wanzhou was a “wake-up call” for all Chinese companies with global operations. Compliance management is now one of the hottest topics for senior executives in major Chinese companies who want to avoid a similar fate. However, as we have seen from the problems faced by HSBC, this is not a problem only for Chinese companies. All companies and business executives around the world need to be more pro-active about identifying and managing such risks.
The Huawei/Meng Wanzhou case provides a helpful backdrop to highlight some of the key issues to which Chinese and other non-U.S. companies should pay closer attention.
Understanding the Reach of U.S. Extraterritorial Jurisdiction
The first threshold issue is to understand the risks of being subject to U.S. extraterritorial jurisdiction for conduct occurring outside of the U.S., as in the case here, where the liability exposure of Huawei and Ms. Meng arose from a PowerPoint presentation made by Ms. Meng, a Chinese national, on behalf of Huawei, a Chinese company, to representatives of HSBC, a global bank registered in the U.K., in a private room at a restaurant in Hong Kong, relating to business activities in Iran.
The risk of being subject to extraterritorial jurisdiction arises principally in respect of the application of U.S. laws. While some other countries are starting to assert extraterritorial jurisdiction in some limited cases, the U.S. is clearly the outlier in this regard. The reason is simple – the U.S. extends the reach of its jurisdiction because it can. It leverages the global dominance of the U.S. dollar[i] internationally – the U.S. dollar accounts for more than 60% of known central bank foreign exchange reserves, a significant proportion of global commodities are priced in U.S. dollars, and in 2019 the U.S. dollar is on one side of 88% of all foreign exchange trades. Consequently, many financial institutions, enterprises and individuals commonly select to transact business in U.S. dollars even when both parties are not based in the United States.
In the vast majority of cases where payments in transactions outside of the U.S. are made in U.S. dollars, the U.S. dollars are routed through correspondent banks in the U.S. Such use of the U.S. banking system is deemed to be sufficient to allow U.S. authorities to assert U.S. jurisdiction over the transaction and the parties, even if all of the parties are otherwise outside the U.S. This aggressive extension of U.S. jurisdiction is amply demonstrated in the Huawei-HSBC case, where the triggering element of U.S. jurisdiction was the use the of the U.S. banking system to clear payments from Iran-based entities.
Moreover, even the transmission of emails, from one non-U.S. person to another non-U.S. person, can be sufficient to allow U.S. regulators and prosecutors to assert jurisdiction if the emails are routed through U.S.-based servers. No other country in the world is as aggressive in the application of its laws abroad as the U.S. because no other country is in such a dominant position to establish a tenable local nexus to so many global transactions.
The Role of Banks in Extending U.S. Extraterritorial Jurisdiction
For Chinese and non-U.S. companies, it is impossible to do business globally without working with one or more global banks, all of which will have banking operations in the U.S. This provides the nexus to the U.S. in respect of the parties for certain purposes, and, as noted above, U.S. dollar payments will, in the majority of cases, be routed through the U.S. in any event, providing a nexus directly to the transaction.
This can extend even beyond the direct relationship bank to the correspondent bank in the U.S. In a transaction between two non-U.S. entities denominated in U.S. dollars, the Party A bank in Country A will typically remit the U.S. dollar funds to its correspondent bank in the U.S., which makes the remittance through the U.S. banking system to the counterparty’s U.S.-based correspondent bank, for final onward remittance to the Party B bank in Country B.
Any bank which so utilizes the U.S. payment system will be subject to U.S. laws requiring the screening and reporting of prohibited transactions, so non-U.S. entities conducting U.S. dollar transactions should assume that their relationship bank or its correspondent bank will be subject to such reporting obligations.
It is possible for non-U.S. banks to conduct U.S. dollar transactions without going through the normal routing through correspondent banks in the U.S. As Ms. Meng’s lawyers have noted in their filings with the Canadian court hearing the extradition case for Ms. Meng, non-U.S. banks could utilize the Clearing House Automated Transfer System (CHATS) in Hong Kong which would avoid the U.S. financial system altogether. Non-U.S. banks are free to remit U.S. dollars in their possession to other non-U.S. parties without running afoul of U.S. sanctions, although the default position taken by U.S. prosecutors will typically assume that U.S. dollar payments provide a basis for the assertion of U.S. jurisdiction unless that presumption is effectively rebutted.
These rules clearly apply to the banks, but what does that mean for Chinese and other non-U.S. companies which initiate the transaction by instructing their bank to make the remittance? In the case of Ms. Meng and her communications with HSBC representatives, U.S. prosecutors are alleging that she committed bank fraud by misleading HSBC as to the nature of the relationship between Huawei and Iran-based-Skycom, which purportedly exposed HSBC to potential fines and penalties for Iran sanctions violations. In addition, because HSBC had an obligation to report the Iran payments, U.S. prosecutors were apprised of Huawei’s direct and indirect activities in Iran which are alleged to be a direct violation of the U.S. sanctions against Iran, constituting a charge which is separate and independent from the bank fraud charge. In other words, the bank’s reporting obligation flagged the potential sanctions violation on the part of Huawei to U.S. authorities.
Such potential U.S. criminal liability exposure can be avoided by structuring the transaction to avoid use of the U.S. banking system or other contacts with the U.S., but as previously noted it is not typical for the bank customer to direct the bank as to the precise manner to clear the U.S. dollar funds. Moreover, in some cases such an instruction may suggest a consciousness of the sensitivity and possible illegality of the transaction, which may work against the company if it or the transaction has another nexus to the U.S. which might trigger U.S. jurisdiction.
The best way to avoid such liability, according to Gary Gao, a partner with Red Circle Chinese law firm Zhong Lun, who advises Chinese and foreign clients on cross-border criminal matters, is not to do anything to violate U.S. laws. “If you can’t do Iran business without violating U.S. sanctions, then you shouldn’t do the business,” Mr. Gao advises.
Of course, the current dominance of the U.S. dollar in international transactions is not set in stone and could diminish[ii] over time, creating payment channels which circumvent the U.S. banking system, thereby diluting the ability of U.S. officials to extend the reach of U.S. laws outside of its borders. However, so long as the U.S. dollar retains its pre-eminent position as the dominant global currency, Chinese and other non-U.S. companies must be alert to the risks of exposure to liability under U.S. sanctions laws arising from the use of U.S. dollars as the transaction currency.
Individual vs. Corporate Criminal Liability
Under U.S. law, a corporation can be criminally liable under the doctrine of respondeat superior for conduct of employees or agents so long as to conduct occurred within the scope of employment and the acts were motivated at least in part by an intent to benefit the corporation. A corporation may be able to limit its liability for acts of a “rogue” employee, but only if it can demonstrate that it has a sufficiently robust compliance management program in place (more on that below).
Moreover, in mergers and acquisitions, the acquiror or successor company may assume liability for criminal acts by the target company. Even where only assets are acquired, liability can sometimes follow if the intent is to fraudulently structure the transaction to avoid liability, where the acquiring company’s business is deemed to constitute a “mere continuation” of the seller’s business, or where the asset acquisition amounts to a de facto merger.
In this case study, the admitted criminal acts on the part of HSBC and ZTE and the alleged criminal acts on the part of Huawei all derive from the actions of their employees, but in the vast majority of cases, it is the company which faces criminal liability, not the executives of the company in their individual capacities. Case in point: In the HSBC and ZTE cases, massive fines were assessed, government-appointed compliance monitors were put in place, and executives were fired and had their compensation docked, but no one went to jail.
So why was Meng Wanzhou charged and arrested in this case, and does this portend a higher level of personal criminal liability exposure for executives in other Chinese and non-U.S. companies? This is a matter of prosecutorial discretion, and depends on the overall facts and circumstances of the case. In charging Ms. Meng, the U.S. Department of Justice (DOJ) specifically noted that she was being charged “based on her own personal conduct and not because of actions or misconduct by other Huawei employees,” presumably referring to her senior status within the company and her direct role in the alleged bank fraud by virtue of her personal presentation of the PowerPoint that forms the crux of the bank fraud charges.
U.S. prosecutors may also in certain cases, where the facts support the charges, charge and arrest an individual executive in order to gain additional leverage over the company. Self-policing, self-reporting and full and transparent disclosure and cooperation can play an important role in reducing the criminal liability exposure of both the company and its executives.
Work-arounds Don’t Work
As can be seen from the ZTE case, where the company made repeated attempts to utilize intermediary “isolation companies” to conduct transactions that the company could not undertake directly, trying to structure around the legal restrictions is fraught with peril, and in fact can be evidence of a consciousness of the illegality of the barred transactions, which will only increase the penalties.
For his part, Mr. Gao of Zhong Lun, declines to design such work-around structures, and uniformly advises his clients not to do so on their own. “Authorities almost always can see through these structures,” he reported. U.S. laws are typically drafted broadly enough capture all such efforts to circumvent the rules.
Cooperation and Transparency are Key
Both HSBC and ZTE were guilty of serious violations of criminal laws, had fines in excess of US$1 billion imposed, and senior management were fired and replaced, but HSBC was able to sign a deferred prosecution agreement (DPA) while ZTE was required to plead guilty. Since HSBC complied with the terms of the DPA, at the end of the five-year term, the charges were dismissed, while ZTE’s conviction is permanent and may engender other consequences, such as permanent debarment from government contracts, inability to secure insurance on favorable terms, reputational damage leading to lost opportunities, etc.
The different treatment for HSBC and ZTE in this regard can be attributed to the fact that, once confronted with the charges, HSBC adopted a policy of transparency and cooperation, which are a condition precedent to qualifying for a DPA and for the eventual dismissal of the charges. On the other hand, evidence showed that ZTE had engaged in extensive efforts to engineer a cover up and provided certifications of compliance to U.S. authorities that proved to be false (see related facts in part three). This was a critical error. “Companies have to be able to stand behind what they certify,” indicated Chen Zhu, a white collar criminal law expert in the Hong Kong office of the U.S.-based global law firm Morrison & Foerster.
It is also worth noting that ZTE’s outside counsel, in coordination with the company, were the ones to report to U.S. authorities once they discovered that the certification provided by the company was inaccurate. The lawyers were required to do so to protect themselves from potential liability, to comply with their professional ethical obligations and to protect their own reputations. Even so, companies should not see their outside lawyers as having conflicting interests requiring that they be cut out of the loop, but instead should see them as key advisors to guide them through the potential pitfalls so the company can avoid unnecessary liability.
Zhong Lun’s Mr. Gao reports that the top Chinese companies now routinely seek advice from highly qualified outside counsel when the company is engaging in business activities in highly-regulated industries in major industrial countries. Most observers note, however, that the next tier down of Chinese companies may be more relaxed about compliance issues in other countries where they may consider they may enjoy more flexibility in terms of regulatory matters. This has proven to be a mistaken notion that has given rise to a wide range of negative outcomes for these Chinese companies.
In the end, it is an issue of recognizing and managing the risks. Sam Williamson, a former U.S. federal prosecutor, now a partner in the leading global litigation firm, Quinn Emanuel Urquhart & Sullivan, notes that the biggest clients for the top law firms on the civil and criminal litigation side are all the biggest and best-known companies in the world. According to Mr. Williamson, who is fluent in Chinese and was formerly resident in the firm’s Shanghai office, for these companies defending both civil and criminal litigation is primarily a management issue. “Criminal investigations involving big U.S. companies are common,” Mr. Williamson advised, and since criminal penalties for corporations are generally limited to monetary damages, which is also true for civil cases, these cases often require similar levels of attention and management.
Taking Advantage of the Full Range of Defenses Available Under Law
As noted in part three of this series, the principles of rule of law exposes domestic and foreign companies to criminal liability exposure in the U.S, but these same principles also afford significant protections and defenses to the accused. This is well illustrated in the Meng Wanzhou extradition case. She has engaged a phalanx of top lawyers who are raising every possible defense. Should she ultimately lose the extradition fight in Canada and be required to face charges in a U.S. court, we can expect she will do the same in that forum as well. The same will undoubtedly be the case with Huawei in defense of the charges against it.
Chinese companies (and presumably other non-U.S. companies with limited experience with civil and criminal litigation in the U.S.) are not always as well-equipped to prepare and present a proper defense in either civil or criminal cases in the U.S. and other jurisdictions with more developed legal systems. Some observers have noted that one key challenge for many Chinese defendants includes document preservation and production. This is because the document discovery and evidentiary rules and practices of the U.S. system are fundamentally different from those in the Chinese system.
Another challenge, according to experts who have worked with Chinese companies in U.S. litigation matters, is the opaque and slow decision-making process. Defense counsel may get only one shot to provide a recommended course of action, with no opportunity to present and discuss other options. In-house counsel in Chinese companies may be in a better position to engage more effectively with outside defense counsel, but may not have sufficient access or influence to persuade senior management as to the best course of action. This same dynamic also comes into play in connection with commercial contract negotiations, giving rise to similar issues, although in a different context.
The Central Role of Compliance Management Systems
When prosecutors charge a company with crimes based on the acts of its employees, the company will commonly claim that the employee went “rogue” and was acting outside the scope his or her authority. However, in the typical case the company can shift the blame to a “rogue” employee only if it can show that it had a robust compliance system in place to prevent such malfeasance.
Under applicable U.S. guidelines[iii], for a compliance program to be deemed effective for these purposes, the company must (1) have standards and procedures in place that are generally effective in detecting and preventing criminal conduct; (2) ensure that senior management oversees and guarantees the effectiveness of the compliance program, including appointment of specific individuals to be responsible for its implementation, (3) use reasonable efforts to ensure that anyone who has been implicated in misconduct or illegal activities is not placed in a leadership position in the company, (4) regularly communicate the compliance standards to employees and provide effective training, and (5) implement a robust monitoring system to ensure adherence to the compliance program, including conducting regular audits and establishing channels for employees to report potential or actual misconduct without fear of retribution.
In this case study we can see that Huawei had a well-designed compliance program in place as described in the PowerPoint presentation delivered to HSBC. HSBC similarly had set up a compliance system, and presumable ZTE did as well. In each case, the mere existence of a corporate compliance program was not sufficient to prevent the alleged illegal conduct or to shield the companies from criminal liability exposure. The key is for the compliance program to be robust and effective.
Historically, many Chinese companies had put in place compliance programs that may appropriately be referred to as “paper programs” drafted by their outside counsel or other compliance advisors but not fully incorporated into the operational management systems of the company to a meaningful degree. In order to be effective, the compliance program must be comprised of rigorous standards that are rigorously monitored and enforced. A culture of compliance must be embedded into the company’s DNA, as it were.
The arrest of Meng Wanzhou was a turning point for many major Chinese companies. While most already had compliance systems in place, efforts to improve the actual effectiveness of these programs were redoubled. Mr. Zhu of MoFo notes that over the last couple of years he has observed that the Chinese companies he has dealt with, including the Chinese global banks and Chinese companies listed on U.S. stock exchanges, now have much stronger compliance programs.
Having effective compliance programs in place can mitigate corporate criminal liability exposure. If violations are identified, proper measures must be taken to impose discipline. This was not the case with ZTE. In fact, rather than reprimanding the implicated employees, ZTE paid them bonuses. This increased ZTE’s exposure. On the other hand, once HSBC was aware of the investigation into its sanctions violations, it voluntarily undertook enhancements to its compliance program, increasing staffing and budgets by nearly ten-fold. This remedial effort on the part of HSBC was considered to be an important mitigating factor. However, in both cases, an independent monitor was put in place to ensure that proper measures were taken to avoid repeat violations, demonstrating the central role of compliance programs in addressing related criminal liability exposure.
Comparing the Track Records of Chinese Companies and Other Non-U.S. Companies
In light of the string of high-profile aggressive enforcement actions taken by U.S. authorities against Huawei and ZTE and the executive orders issued by President Trump in 2020 banning certain transactions involving TikTok and WeChat, many Chinese companies feel that they are being unfairly targeted. Certainly, in respect of national security and CFIUS reviews, Chinese companies’ activities and investments are receiving higher levels of scrutiny, and some of this may reflect a sense among officials in the U.S. and other first-tier countries that China is not playing the game by the same set of rules, engendering higher levels of suspicion and distrust.
However, according to Mr. Williamson of Quinn Emanuel, the overall liability exposure of Chinese companies in the U.S. is “probably commensurate with the size of the Chinese economy,” and in fact, by way of example, in respect of liability under the Foreign Corrupt Practices Act (FCPA), Chinese companies “are probably not over-represented” even though so many Chinese companies that are listed on U.S. stock exchanges, and thus subject to potential liability exposure under the FCPA, are doing business in high risk jurisdictions in developing countries where bribery is much more prevalent.
Statistics bear this out. According to the U.S. Securities and Exchange Commission (SEC), at the end of 2019 there were more than 150 Chinese companies that had securities listed on U.S. stock exchanges, but only one[iv] of these Chinese companies had been charged for FCPA violations. By contrast, more than 60 non-Chinese companies had been named in FCPA enforcement actions relating to improper payments in connection with their operations in China. Experts disagree as to the reason for this discrepancy. Some point to problems accessing evidence and enforcing foreign court judgments in China. Others think it may be a matter of priorities and focus on the part of U.S. officials.
No matter the reason, the fact remains that in terms of the extraterritorial enforcement of U.S. laws specifically, or in terms of corporate liability for criminal and administrative penalties generally around the world, Chinese companies do not make the list of leading offenders. Instead, it is E.U. and U.S. companies that have the dubious distinction of being the primary targets. The list of companies who have paid out fines in excess of US$1 billion includes such blue-chip companies as British Petroleum, Glaxo-Smith-Kline, Time Warner, Pfizer, Johnson & Johnson, Siemens, A.I.G., Enron, Abbott Labs, Intel, Credit Suisse, Goldman Sachs, Kerr-McGee, Citigroup, BNP Paribas, JP Morgan Chase, Volkswagen, and Bank of America, to name a few.
So while the liability exposure of Chinese companies for administrative and corporate penalties abroad does not appear to be out of line with China’s status as the world’s second-largest economy, Chinese companies are generally less familiar than their counterparts from other major industrialized countries with how the game is played, and so may be less prepared to address these issues as they arise. However, we can expect that the case of Huawei CFO Meng Wanzhou will be seen as a turning point in this maturation process, and that the lessons to be learned from this case will be instructive to other non-U.S. companies as well.
[iii] https://fas.org/sgp/crs/misc/R43293.pdf, pp. 28-29