Preface

In August 2018, Chinese President Xi Jinping emphasized at the symposium marking the 5th anniversary of the Belt and Road Initiative that enterprises must standardize their investment and business practices, operating strictly in accordance with laws and regulations. Following this, state-owned asset supervision and administration commissions across provinces and cities began drafting and formulating local guidelines for compliance management in state-owned enterprises. Meanwhile, major central enterprises launched various forms of compliance training, seminars, and pilot programs. Meanwhile, several local state-owned enterprises and private firms have already started preparing to conduct research and establish comprehensive corporate compliance management systems. On March 8, 2021, Zhang Jun, Procurator-General of the Supreme People’s Procurate, explicitly highlighted the corporate compliance non-prosecution system as a key priority for the procuratorial organs’ work plan in 2021, placing the development of corporate compliance frameworks firmly on the agenda within the criminal justice sector. Under this overarching trend, compliance is no longer just a tool for corporate governance—it has become a matter of survival for businesses themselves.

On April 13, 2021, the international standard ISO 37301:2021, "Compliance Management Systems — Requirements with Guidance for Use" (hereafter referred to as "ISO 37301"), was officially published and came into effect. This new standard serves as an updated and replacement version following the 2014 implementation of ISO 19600, the "Guidance on Compliance Management Systems." As the most widely recognized international standard, ISO 37301 provides crucial guidance for companies seeking to establish robust compliance management systems. Additionally, as a Type A certification-eligible standard, ISO 37301 helps certified organizations unlock greater business opportunities in competitive markets.

I. Introduction to ISO and ISO 37301

(1) The Validity of ISO and Documents Issued by ISO

The ISO (International Organization for Standardization) is an independent, non-governmental international organization and currently the world's largest comprehensive international standards-setting body. ISO publishes several types of documents, including International Standards, Technical Specifications, Technical Reports, Publicly Available Specifications, International Symposium Proceedings, and Guidelines. Among these, International Standards encompass various categories such as test method standards, practice guideline standards, guidance standards, and management system standards. Unlike China’s national standards, which are divided into mandatory standards (GB) and recommended standards (GB/T), ISO’s International Standards are not legally binding or enforceable.

One of the most widely recognized and adopted international standards published by ISO is the Management System Standards (referred to as "MSS" below). ISO 37301, in particular, is a certified international MSS standard.

According to ISO Guide 72:2001, "Guidelines for the justification and development of management system standards," MSS can be categorized into three types:

(II) The Impact of ISO Standards on China and Chinese Enterprises

Although ISO documents are not legally binding, as ISO is the world's largest comprehensive international standards organization, its internationally recognized standards have been widely adopted by countries around the globe—or even incorporated into national standards for practical application in production. This has given ISO de facto influence in the standards arena. Standards have become a critical component of the rules governing global trade, especially now as China promotes high-level opening-up, advances the Belt and Road Initiative, and encourages Chinese enterprises to "go global" more rapidly. As a result, ISO standards are increasingly vital—not only for China as a nation, but also for Chinese companies striving to gain a competitive edge in the global marketplace. To stay ahead in international competition, Chinese businesses must proactively embrace both international standards and cutting-edge foreign benchmarks.

(III) The Background and Updates of ISO 37301

In an increasingly complex international environment, compliance has become a critical prerequisite for the safe and sustainable growth of businesses and other organizations. As global markets demand robust compliance management practices, international bodies are actively collaborating to foster a culture of compliance. Over the past two years, countries and regions around the world have established closer interconnectedness, enabling businesses and organizations to play a pivotal role in international trade, exchanges, and collaborative partnerships. To align with the evolving realities of compliance amid globalization and to guide organizations in strengthening their compliance efforts, ensuring the healthy progression of international engagements, the ISO organization initiated a revision of ISO 19600 at the end of 2018. After two-and-a-half years of meticulous work, ISO 37301 was finally released.

To help readers easily grasp the revised content, we’ve carefully outlined below the key differences between ISO 37301 and ISO 19600. Please click "Read More" at the bottom of this article to explore further.

II. The Significance of ISO 37301 for Chinese Enterprises

In the field of corporate compliance, ISO 19600 is classified as a Category B management system standard, offering guidance specifically on corporate compliance but not intended for certification purposes related to compliance. In contrast, the newly released ISO 37301 is a Category A management system standard, serving as a basis for organizations to self-declare compliance, enabling certification bodies to conduct assessments, supporting government agencies in regulatory oversight, and even acting as a reference for judicial authorities when determining penalties and overseeing compliance for non-compliant companies. Therefore, compared to the previously used ISO 19600, obtaining ISO 37301 certification can significantly help companies gain the following advantages:

First, enhancing enterprise management levels helps companies maintain stable production and business operations. By establishing a compliance management system in accordance with the ISO 37301 standard, enterprises can systematically conduct self-assessments and make continuous adjustments throughout the implementation process. This not only strengthens their internal self-inspection and self-correction capabilities but also elevates overall management standards. At the same time, by fully leveraging the company’s inherent vitality and creativity, organizations can seamlessly integrate compliance requirements into their daily practices—directly supporting the steady continuation of production and business activities.

Second, it strengthens enterprises' ability to compete in the market while enhancing their reputation and credibility. One of the key objectives behind the release of ISO 37301 is to provide a universal set of guidelines for certifying corporate compliance management systems worldwide. Organizations across various industries can demonstrate that they have robust compliance frameworks by either declaring adherence to ISO 37301 or obtaining certification based on this standard. This not only reflects a company’s strong business integrity but also serves as a crucial indicator for improving its credit rating. Ultimately, it helps enterprises gain a competitive edge in bidding processes and unlock more lucrative business opportunities.

Third, it reduces the risk of administrative and criminal penalties for businesses and their employees. Companies inevitably face compliance risks—large or small—during their operations and production activities. However, a compliance management system built according to ISO 37301 can significantly help organizations mitigate these risks. Since this standard can serve as a basis for government regulatory oversight as well as for judicial authorities when determining sentencing and conducting compliance audits of non-compliant companies, the effectiveness of a company’s compliance management system will increasingly influence regulators and courts in deciding whether to impose penalties—and even in determining the severity of those penalties. As a result, implementing a compliance management system aligned with ISO 37301 can assist businesses facing compliance challenges in reaching favorable administrative settlements or benefiting from prosecutorial policies that lead to criminal non-prosecution.

III. How Companies Can Achieve ISO 37301 Certification

Since ISO 37301 is the most recently released standard, there are currently no established certification case studies available for reference, and the specific certification process remains unclear. Drawing on our past experience and insights gained from consulting with leading domestic certification bodies, we have carefully outlined the general ISO certification process for businesses to consider:

Tomorrow, the next installment of this article series will be updated: "The Next-Generation Tool for Corporate Bidding—How Companies Can Build a Compliance Management System." Stay tuned!

Note:

1. See Wang Yanlin and Li Mengya, "On the Charter and Nature of ISO," *Quality Exploration*, No. 2, 2020, pp. 34-35.

Special thanks to Song Zeyi and Xu Binzhe, interns at Xinglai Compliance Legal Service Center, for their significant contributions to this article.