Vaughan Marks, Partner at Fusion Systems explains that China-based IT managers should make it their responsibility to address Sarbanes-Oxley compliance.

In today’s business climate, it is never too early for an entrepreneur to be thinking about exit. For many, this equates to a public listing in some suitable jurisdiction (Hong Kong, Shanghai and Nasdaq), or private sale to another organization, typically a listed company.
Image

As Fortune 500 companies scramble to enter and establish themselves in the Chinese market an increasing number of potential acquirers are subject to The Public Company Account Reform and Investor Protection Act – better known as Sarbanes-Oxley (SOX). Depending on the industry sector, the acquirer may subject to additional regulatory bodies. Financial services firms in the United States, for example, are subject to regulation by the SEC and NASD.

Sarbanes-Oxley and SEC Rule 17a-4

Signed into law in July 2002, the Sarbanes-Oxley Act represents a major milestone in the development of corporate governance in the United States. Following on the heels of successive waves of corporate scandals, fraudulent financial reporting and misuse of company funds by U.S. companies, the Sarbanes-Oxley Act sought to restore confidence in the financial reporting process and calm increasingly nervous capital markets. Obligations on managers are onerous and associated costs significant.

SEC rule 17a-4 requires that all electronic communications, including email, instant messages and attachments be recorded
for a certain period of time (typically years) and made available upon request by regulators. Additional regulations require the prevention of inappropriate communication between investment bankers and broker/dealers, and the appointment of “compliance officers” to review a certain percentage of all communications made by subordinates.

The IT Perspective

IT infrastructure is critical to any compliance effort. Controls need to be automated, and systems put in place to support both managerial decision-making and the review process. For a company seeking SOX compliance, spreadsheets and “QuickBooks” won’t cut it. Industrial strength ERP systems such as SAP, QAD or Oracle Financials are needed to win a compliant opinion from auditors. Such systems are expensive and difficult to implement correctly. Many IT vendors claim to be capable of managing implementations, but the business world is littered with examples of such implementations gone bad.

SEC rule 17a-4 is a major hurdle to organizations in the financial services industry. I recently worked on a compliance project for a major financial institution in the United States that generated upwards of 25,000,000 email messages and 40Gb of email attachments every day. Achieving compliance on this scale requires scalable IT infrastructure and careful planning.

The Local Perspective

Why should managers in China care? Local regulators don’t impose controls like SOX or SEC Rule 17a-4. The answer is that a lack of accounting standards and control will prevent many otherwise attractive M&A deals from going through. Businesses operating in financial markets seeking outside investment would do well to implement SEC rule 17a-4 pro-actively. By assuming the worst-case scenario from a compliance perspective and implementing IT infrastructure ahead of time, firms in China can maximize their appeal to outside investors.

China is not short of regulatory bodies. Staying with the financial industry theme, we have the CBRC, CSRC, CFETS, SAFE, CIRC
and BOC (China Banking Regulatory Committee, China Securities Regulatory Committee, China Foreign Exchange Trade System, State Administration of Foreign Exchange, China Insurance Regulatory Commission and Peoples’ Bank of China respectively)..

One trend is clear: although the government is playing catch-up, it is playing smart and has proven itself open-minded. In February, the CFETS signed an LOI with Italy-based MTS to cooperate in the development of a transparent, liquid and efficient domestic fixed-income market for China. The Shanghai Stock Exchange (SSE) and Shanghai Future Exchange (SFE) have a well-established history of seeking advice and opinion from the world’s leading stock exchanges in an effort to develop best practice solutions.

It seems reasonable to assume a similar process will also occur in the regulatory sphere. Although regulation will have a local flavor, it will likely follow the doctrine of SOX and SEC rule 17a-4. When this happens, firms will be scrambling to bridge the gap between current and best-practice compliance.

Firms that have implemented appropriate IT systems ahead of time will enjoy “compliant opinions” from auditors more quickly than their counterparts. And, when that happens, certified compliant businesses in China – already front and center on the world stage – will look extremely attractive to foreign investors.

Vaughan Marks is a Partner with Fusion Systems Shanghai, an IT solutions company and systems integrator headquartered in Shanghai.
He can be reached at vmarks@fusionsystems.org