In the context of economic globalization, trade exchanges and cooperation among nations have become increasingly common. However, factors such as rising international trade tensions and the ongoing normalization of COVID-19防控 measures have highlighted the critical importance of corporate compliance—as a key indicator of a company’s commitment to rule-of-law-based governance—and are steadily gaining wider acceptance and recognition across more countries. That said, it’s essential to recognize that implementing corporate compliance requires significant time and financial investments. Despite China’s recent introduction of various guidelines for corporate compliance management over the past few years, many businesses still tend to adopt a more cost-conscious approach, often neglecting compliance issues altogether. This dismissive attitude toward compliance not only fuels a surge in corporate crime but also repeatedly exposes Chinese companies to barriers when they venture overseas. Moreover, even some domestic enterprises operating in foreign markets—where compliance systems are already well-established—are now facing severe penalties and substantial financial losses, forced into reactive compliance measures after being sanctioned themselves.

In 2020, with active promotion from the Supreme People's Procuratorate, grassroots procuratorial organs in Shenzhen, Zhejiang, Jiangsu, Shanghai, and other regions began actively exploring corporate criminal compliance initiatives. To encourage more businesses to undergo compliance reforms, a brand-new criminal litigation system—known as "non-prosecution for criminal compliance"—was swiftly rolled out nationwide. This approach involves identifying companies suspected of crimes that show potential for establishing compliance programs; these firms agree to plead guilty and cooperate by committing to implement robust compliance plans, ultimately leading to the decision not to prosecute. Looking ahead, this innovative criminal compliance model is highly likely to become the most effective and socially beneficial approach for handling minor corporate offenses, fostering both economic growth and societal development.

Chapter 1: What Is Criminal Compliance

Currently, criminal compliance—a topic hotly debated in the field of criminal law—is essentially a "compliance-based exemption system." This model first emerged in the United States. Beginning in the 1990s, U.S. federal prosecutors began applying the "Pre-Trial Diversion Agreement" system to corporate crime cases (which, in China, correspond to offenses committed by organizations). As a result, the U.S. established two key mechanisms: Deferred Prosecution Agreements and Non-Prosecution Agreements. At its core, this system represents a plea bargain between the company under investigation and the prosecution authorities. Companies suspected of criminal activities negotiate with prosecutors to reach an agreement, agreeing to pay substantial fines and actively work toward remedying any harm caused. In exchange, they commit to developing and implementing a robust compliance program within a specified observation period. Upon expiration of this agreed-upon period, the prosecution rigorously reviews whether the company has effectively carried out its compliance plan. If the program is found to be both credible and well-executed, the company can avoid criminal prosecution altogether, thereby sidestepping the severe financial and reputational damage that often accompanies criminal penalties. This innovative approach has encouraged numerous companies to proactively engage in corporate compliance reforms and diligently fulfill their compliance obligations. Since then, the compliance-based exemption model has gained widespread acceptance across the globe. Countries such as the UK, France, Canada, Australia, Singapore, and others have since adopted their own versions of the Deferred Prosecution Agreement system, further solidifying its role as a critical tool for balancing accountability with corporate responsibility.

China's practical exploration of the corporate compliance review and exemption system began around 2020. Under the guidance of the Supreme People's Procuratorate, procuratorates in several pilot regions started adopting a compliance review mechanism for corporate entities involved in minor offenses. Currently, China's compliance review system is implemented specifically for enterprises whose criminal activities are relatively minor, have admitted guilt and accepted punishment, and demonstrate a genuine commitment to compliance. For such companies, prosecutors set a specific review period and mandate them to appoint independent external supervisors to develop and enforce a comprehensive corporate compliance management plan. Once the review period concludes, if the enterprise successfully establishes a compliant governance structure—after undergoing scrutiny and verification by the procuratorate and holding a public hearing—the prosecutor's office may decide not to press charges. At the core of China's criminal compliance model lie four key components: first, the company must have committed a relatively minor corporate offense; second, the enterprise must admit guilt, accept punishment, and actively take steps to mitigate damages caused by its prior criminal conduct; third, with the approval of the procuratorate, the company is placed under compliance review and tasked with engaging an independent external supervisor to assist in completing the required compliance reforms within a specified timeframe; and finally, upon successful implementation of a robust compliance management system that passes the procuratorate’s rigorous evaluation and public hearing, the prosecutor's office can ultimately decide to drop the charges, thereby absolving the company of criminal liability.

Chapter 2: How to Understand Criminal Compliance

After clarifying the operational model of the criminal compliance system, it is also essential to gain a basic understanding of the theoretical foundations upon which this system is built. Criminal compliance primarily addresses criminal cases involving corporate offenses. Given that China is currently still in the exploratory phase of implementing this system, distinguishing between different types of corporate crimes and grasping the principles underlying the criminal compliance non-prosecution mechanism can, to some extent, help better identify which categories of cases may qualify for exemption from prosecution through the criminal compliance framework as the system matures.

1. Classification of Corporate (Organizational) Crimes

Professor Chen Ruihua offers a more nuanced distinction of the concept of corporate crime, categorizing it into systemic and non-systemic forms. In essence, systemic corporate crime refers to situations where an enterprise—treated as a legally recognized entity with its own independent "personality"—engages in socially harmful activities that result from either collective decisions made within the company or direct instructions given by its senior executives. These criminal actions, therefore, serve as the tangible manifestation of this "collective decision."

This systematic corporate crime fundamentally reflects the will of the company’s leadership—whether as an organized entity or individual. Specifically, these scenarios manifest in two main ways: first, criminal activities carried out through collective decision-making within the company (e.g., when the board of directors or shareholders’ meeting collectively decides to engage in smuggling, produce counterfeit goods, or manufacture substandard products); and second, when company executives authorize or instruct specific departments, subsidiaries, employees, or even third parties to commit crimes (e.g., when a company chairman directs subordinates to illegally discharge pollutants). What sets this type of corporate crime apart is its often clear subjective intent—or, in some cases, the very purpose for which the company was established: to generate profits by engaging in illegal or unethical activities.

Another concept is non-systemic corporate crime, which contrasts with systemic corporate crime. Non-systemic corporate crime refers to criminal activities carried out in the name of the company—typically by its internal employees, subsidiaries, or affiliated entities—without direct involvement from top-level corporate leadership or explicit authorization by company executives. These actions are aimed at advancing the company’s interests, yet the organization remains aware of them and adopts a laissez-faire attitude, failing to promptly address or rectify such misconduct. Because these specific criminal acts are directly tied to the pursuit of corporate gains, any instances of wrongdoing by related parties are often viewed as a failure by the company to fulfill its essential oversight responsibilities, ultimately constituting a form of dereliction-of-duty crime.

It's important to note that in most current employment relationships, it is relatively uncommon for employees to resort to criminal activities themselves in the name of corporate growth. More often, employees engage in certain illegal behaviors—such as pursuing personal gains like performance targets, commissions, or business opportunities—while ostensibly acting "on behalf of the company." However, it must be acknowledged that these criminal actions by employees can inadvertently benefit the organization as well. This is precisely why some companies turn a blind eye to such misconduct, allowing these crimes to persist and even thrive. Therefore, in legal assessments across various jurisdictions, "acting in the interest of the company" does not necessarily imply that employees or other related parties must exhibit selfless, altruistic dedication to the enterprise. Instead, as long as there is evidence demonstrating that senior executives, regular employees, subsidiaries, or third-party individuals have exploited their positions within the company’s management structure—and if their actions were clearly aimed at enhancing the firm’s competitive edge, expanding its business opportunities, or boosting its overall performance—it is sufficient to establish the legal fact of "acting in the company’s name" or "for the benefit of the enterprise." In cases where the company fails to implement preventive, deterrent, or corrective measures, it will automatically be presumed liable for criminal responsibility.

2. Institutional Principles of Criminal Compliance

Starting from this foundational theory, corporate crime can broadly be categorized into systemic and non-systemic forms—two types that exhibit markedly different patterns of behavior. As Professor Li Yuhua pointed out: "In recent years, the state has introduced policies aimed at protecting private enterprises. However, such protection cannot be granted without clear principles; otherwise, it would lack legitimacy." Thus, once the distinctions between these two types of corporate crime are clearly defined, it becomes easier to understand which categories of offenses might qualify for a compliance review system. Systemic corporate crimes typically involve decisions made by the company as a whole—or by its de facto controllers—that reflect the organization's collective will. In some cases, these enterprises were even established from the outset with the explicit purpose of engaging in illegal, profit-driven criminal activities. Consequently, the subjective culpability in such cases tends to be relatively high, often amounting to either direct intent or premeditated wrongdoing—akin to what we see in individual criminal acts. As a result, systemic corporate crimes are less likely to benefit from the compliance review system. For instance, the Liaoning Provincial Procuratorate explicitly stated in its "Opinions on Establishing a Compliance Review System for Enterprises Involved in Crimes" that "enterprises whose primary source of income and profit comes directly from criminal proceeds shall not be eligible for the compliance review system." Similarly, other pilot regions' compliance frameworks also include comparable provisions, explicitly excluding cases involving severe consequences—such as those resulting in casualties or causing significant negative societal impact—from being subject to the compliance review process.

In contrast, in cases of non-systemic corporate crime, while companies may still be held criminally liable for failing to fulfill their active and effective supervisory duties, it would clearly be unreasonable to hold them accountable if the company already has a robust compliance management system in place—and if its internal compliance officers have duly discharged their reasonable oversight obligations. After all, such actions alone are sufficient to demonstrate that the company lacked the subjective intent to commit socially harmful acts, effectively severing its responsibility from that of individuals directly involved in the criminal behavior. As a result, the company should no longer face criminal liability.

When a company lacks a comprehensive compliance management system—or even if such a system exists only in name but isn’t actually implemented—criminal conduct by employees, subsidiaries, or affiliated third parties can still be deemed as corporate negligence. However, unlike systemic corporate crime, this type of corporate offense more closely resembles negligent offenses typically associated with individual wrongdoing. In these cases, the company’s subjective culpability remains significantly lighter compared to systemic corporate crimes. Consequently, this category of non-systemic corporate misconduct becomes a key focus of the corporate compliance review mechanism. Under this framework, if a company fails to establish and implement an effective compliance program within the deadline set by the procuratorate, the presumed corporate negligence will be officially recognized as criminal liability. On the other hand, if the company successfully establishes a robust compliance system within the prescribed timeframe and actively fulfills its duty to supervise and manage related personnel, it not only faces consequences for the wrongdoing but also learns valuable lessons, strengthening its preventive measures to avoid future violations. As a result, the need for imposing criminal penalties on the company is greatly diminished, allowing it to maintain normal economic order while demonstrating accountability and commitment to compliance.

Chapter 3: Forecasting the Criminal Compliance Landscape

Around the year 2000, China gradually introduced several regulations concerning corporate crime. Then, starting in 2020, the Supreme People's Procuratorate issued the "Pilot Work Plan for Promoting Corporate Compliance Reform," officially launching the legal community's exploration of compliance assessment systems. Yet, in fact, over the preceding two decades, there have already been numerous judicial precedents demonstrating efforts to separate the responsibility of companies equipped with robust compliance frameworks from that of employees who engaged in illegal activities.

A particularly representative case occurred in 2017, when the Lanzhou Intermediate People's Court ruled that several Nestlé employees had violated citizens' personal information rights—but Nestlé itself was not held criminally liable because the company had already established a robust compliance system. (Lanzhou Chengguan District People's Court Criminal Judgment No. 605 of 2016, Gansu 102 Criminal Initial Case.) The defendants initially appealed, arguing that their actions were merely part of executing tasks assigned by the company. However, after reviewing the case, the Lanzhou Intermediate Court concluded that "corporate crime is defined as conduct carried out with the explicit purpose of securing illegal benefits for the organization, and it must involve behavior collectively decided upon—or authorized by—company leadership." The court further noted that Nestlé’s internal manuals and employee guidelines clearly prohibited employees from engaging in any unlawful activities that infringed upon citizens' personal information. Ultimately, the court determined that the defendants’ actions—which violated these company policies and were motivated solely by their desire to boost individual performance—constituted purely personal misconduct rather than corporate wrongdoing. Based on this reasoning, the Lanzhou Intermediate Court dismissed the appeals and upheld the original verdict. This landmark case has since been hailed by legal professionals as "the first instance of a corporate criminal compliance defense."

Following the issuance of the Supreme People’s Procuratorate’s "Pilot Work Plan on Promoting Corporate Compliance Reform," integrating corporate compliance with the lawful application of non-prosecution measures is set to become a key priority in judicial practice. Under the impact of the pandemic, many small and medium-sized private enterprises have faced significant challenges. Therefore, guided by the principles of "Six Stabilities" and "Six Guarantees," fostering the healthy and stable development of market economy entities will remain a critical consideration in handling corporate crime cases. With the exception of corporate crimes where criminal proceeds serve as the primary revenue source or when such offenses result in casualties or substantial economic losses to the nation, the overarching approach of "fewer arrests, cautious detention, and prudent prosecution"—aligned with the philosophy of "avoiding unnecessary arrests, refraining from prosecution whenever possible, and recommending suspended sentences instead of harsh penalties"—is expected to persist. This policy environment will naturally create more flexible conditions for applying corporate compliance-based exemption mechanisms. For instance, the Nanshan District Prosecutor’s Office in Shenzhen, one of the pilot units, recently handled a case involving an employee of a tech company accused of bribing a non-state official. In addition to issuing a decision of relative non-prosecution, the prosecutors actively encouraged the company to strengthen its compliance framework by establishing a robust anti-bribery system. As a result, the company was able to resume its IPO filing process—a clear demonstration of how corporate compliance initiatives can lead to tangible benefits while supporting business recovery.

From the perspective of specific criminal compliance requirements, the compliance system that companies need to establish should encompass at least three key layers: a prevention mechanism, an identification mechanism, and an response mechanism. Specifically, before any criminal risks arise, companies must implement preventive measures such as compliance training and initiatives to promote a culture of compliance. When early signs of criminal risk emerge, businesses must possess the ability to accurately identify and address potential threats. Finally, once compliance risks have materialized, companies are required to report violations to law enforcement authorities—even if no formal criminal case has yet been established. Additionally, internal investigations, accountability processes, and disciplinary actions must be promptly carried out. If necessary, civil lawsuits may even be filed against those who violated company policies. By addressing risks comprehensively across these three critical stages—before, during, and after—they can effectively safeguard their organizations from the possibility of criminal misconduct.

Notably, establishing an enterprise compliance system is by no means something that can be hastily accomplished with a static list of regulatory guidelines. Nor can a company simply sidestep responsibility for employees or affiliates who commit crimes outright—especially if the compliance rules outlined in the employee handbook are largely ineffective or merely symbolic. Instead, the dynamic nature of compliance will inevitably become an essential requirement as companies continue to advance their compliance efforts.

The U.S. Department of Justice and the courts do not encourage companies to adopt a one-size-fits-all approach to compliance. In fact, using compliance checklists as a rigid tool to assess the effectiveness of ethical programs could backfire. Both the courts and the DOJ also recognize that compliance measures are inherently "dynamic," evolving alongside changes in business operations and market conditions. Given shifts in their business models, industries, or cultural contexts, companies must regularly reassess the risks of potential misconduct. Such heightened compliance standards will undoubtedly become an essential milestone in the evolution of our nation’s criminal compliance framework.

Certainly, given the human and material resources required for corporate compliance—and considering China's current market environment—it’s unlikely that all companies will be mandated to adopt a uniform, standardized compliance framework anytime soon. However, fostering a strong compliance mindset by enhancing internal regulatory practices and proactively mitigating crime-related risks is something every business should strive to embrace and learn from. More likely, companies will be encouraged to tailor their compliance systems to their specific circumstances, establishing frameworks of varying levels of rigor. For instance, state-owned enterprises (SOEs) and central enterprises are expected to maintain the highest standards—such as requiring the establishment of robust compliance systems, setting up dedicated compliance management structures, conducting regular compliance training, promoting a culture of compliance, identifying, assessing, and addressing compliance risks, launching thorough internal investigations into violations, holding accountable and disciplining those responsible, and continuously refining and updating their compliance programs based on periodic reviews of past experiences. Meanwhile, larger private enterprises would follow suit with slightly less stringent requirements, while smaller and medium-sized private firms could aim for a more universally applicable, albeit still effective, compliance standard.

Exploring the positive implications of promoting corporate compliance also lies in its introduction of the concept and objectives of compliance, which will greatly encourage the entire societal system to become more standardized.

Authors: Yu Xingquan, Ma Shengkun

Source: Dacheng Defense Counsel