Significance and Difficulties of Conducting FCPA Investigations in China[1]

Yun Ling, MJIL Managing Editor

Conducting a cross-border FCPA investigation is like walking in a maze comprising corporate code of conduct, local business customs, local laws and FCPA requirements. Because many documents and data are located in the local office, counsel in the US needs to navigate foreign data privacy laws, follow local procedures to either review the documents on-site, or legally transfer the documents to the parent company in the US. Counsel is also likely to run into issues with local language and culture.[2] Even with the combined effort from the local counsel and the corporate in-house counsel, it still requires great caution to avoid possible violation of local data privacy protection laws,[3] which may subject the corporation to criminal liabilities under local law.[4]

Companies doing business in China worry about doing FCPA investigations there as they face higher risk of running into FCPA violations in China due to China’s vast amount of state-owned enterprises (“SOEs”)[5] and its gift-giving business culture. MNCs conducting FCPA investigations in China need to carefully steer away hurdles, from China’s complex and still evolving data privacy laws and regulations.[6] These hurdles arise from the following aspects: 1) lack of a uniform data privacy law; 2) state secrecy restriction; 3) the ambiguous role of private investigators.

First, China has too many laws that address the data privacy issue.[7] In fact, to make this matter more confusing, any law in China that touches upon the issue of personal information “may include restrictions regarding the use and safekeeping of personal data.”[8] China’s such piecemeal legislation approach to addressing data privacy thus pose great challenges to MNCs’ counsel to comply with all relevant data privacy laws in conducting FCPA investigation in China. On top of the complexity of the system, China’s data privacy law is still evolving,[9] which makes it even harder for MNCs to grasp it.

Additionally, China has state secrets law that impedes MNCs from transferring documents outside of China.[10] Chinese government tends to define “state secrets” extremely broad[11], “and it is possible for information to be categorized as a state secret retroactively.”[12] Violating China’s state secrets law bears serious consequences including stiff penalties and potential criminal sanctions.[13]

Lastly, the perplexing and undefined China data privacy laws and state secrets law, along with harsh penalties, lead counsel and MNCs in the US to turn to local investigators in China for help.[14] These private investigators or investigation firms often are engaged in the business of conducting FCPA due diligence and providing investment advice for US companies.[15] They do so under general business licenses, and thus “are not required to satisfy professional standards, experience, and insurance coverage requirements.”[16] Hence, they do not necessarily adhere to the same business code of conduct and produce equally quality work. This problem may go overlooked when these firms act within legal limits when collecting information for purpose of FCPA investigation.[17] However, given the ambiguous role of private investigators in China (still in the gray area[18]) and close monitoring by the Chinese government, once they break the law or act outside of the permissible legal or administrative tolerance, they are likely to draw attentions from Chinese authorities[19] and thus subject themselves and US companies to risks of local investigation and sanctions.


[1] FCPA(“Foreign Corrupt Practice Act”) investigation is self-conducted by the company in response to an alleged FCPA violation from within the company or from the DOJ. See Richard Cassin, Avon: A pound of Cure, FCPA Blog (May 3, 2010 at 8:28 AM),

[2] Richard M. Strassberg, Foreign Corrupt Practices Act Investigations-Challenges and Strategies for White Collar Lawyers and Their Clients, 2010 WL 5312202.

[3] “Data privacy issues often loom in the background of an FCPA investigation.” Severin Ian Wirz, Survey by FTI Consulting Technology LLC, The Experts Weigh in: E-discovery Strategies for International Anti-bribery Investigations 5 (2012), available at

[4] Id.

[5] For purpose of the FCPA, employees of state-owned business organizations are considered “foreign official.” US companies are prohibited from paying bribery to them to facilitate business. Martin & Daniel Biegelman, Foreign Corrupt Practices Act Compliance Guidebook: Protecting Your Organization from Bribery and Corruption 24 (John Wiley & Sons, Inc. 2009).

[6] MNCs need to investigate Chinese principals and the entity itself without violating the country’s data privacy laws. Dennis Haist, Weining Zou & Caroline Lee, Legally Obtainable Data in China, STEELE CIS (2014), available at

[7] “The following laws and regulations directly or indirectly address the protection of personal information: Protection of Computer Information System Security; The Law of The People’s Republic of China on Resident Identity Cards; The People’s Court Disciplinary Measures; Prosecutors Disciplinary Regulations; Consumer Rights and Interests Protection Law; Practicing Physicians Law; Medical Institution Medical Records Management Regulation; Commercial Banking Law; Postal Law; Regulations on the Real Name of Individual Deposit Account; Law of Advocate; The Archives Law.” Dennis Haist, Weining Zou & Caroline Lee, Legally Obtainable Data in China, STEELE CIS (2014), available at

[8] Id.

[9] On March 15, 2014, the amended Consumer Rights and Interests Protection Law of the People’s Republic of China took effective, which adds a new requirement to ensure information security and prevent inadvertent disclosure. See more on Haist, Zou & Lee, supra note 7.

[10] Marcus Christian, Navigating the Minefield: Special Risks in FCPA Cross-border Internal Investigations, Inside Counsel (Apr. 16, 2014),

[11] See Dennis Haist, China Privacy Regulations Create FCPA Compliance Challenges, Ethics & Compliance Officer Association Blog (Aug. 27, 2014, 2:42 PM),

[12] Id.

[13] Marcus Christian, Navigating the Minefield: Special Risks in FCPA Cross-border Internal Investigations, Inside Counsel (Apr. 16, 2014),

[14]  Haist, supra note 11.

[15] Hanfeilong’an Ling Ren Guanzhu Zhongguo Jinzhi Diaocha Hangye(韩飞龙案令人关注中国尽职调查行业), FT Chinese (FT中文网)(Aug.12, 2014, 6:36 AM),

[16] Haist, Zou & Lee, supra note 7.

[17] Id.

[18] See Haist, supra note 11.

[19] Haist, Zou & Lee, supra note 7.