Drugdu.com expert's response:

I. Standards for Compliance Review

The standards for compliance review serve as benchmarks to ensure that the actions of enterprises or organizations are lawful and compliant, primarily covering the following three aspects:

Legal and Regulatory Requirements

National Laws and Regulations: These include the Constitution, laws, administrative regulations, departmental rules, and local regulations, such as the Company Law, Labor Law, and Cybersecurity Law.

International Treaties and Regulatory Provisions: For foreign-involved enterprises, compliance with the laws and regulations of the host country where investments are made, international conventions (e.g., GDPR), and bilateral treaty agreements is required.

Industry Regulatory Requirements: Examples include capital adequacy ratios and risk management regulations in the financial sector, as well as medical device approval processes in the healthcare industry.

Industry Standards and Best Practices

Industry Codes: Examples include the Basel Accords in the financial sector and ISO 13485, the quality management system standard for medical devices.

Social Responsibility Requirements: Enterprises are required to fulfill societal responsibilities, such as adhering to environmental standards and protecting consumer rights.

Commercial Practices: These include the fairness of contract terms and the authenticity of advertising claims.

Internal Rules and Regulations of Enterprises

Corporate Charters and Rules: These encompass financial approval processes, personnel management systems, and information security policies.

Internal Codes of Conduct: These are ethical and operational guidelines formulated by enterprises based on their specific circumstances, such as anti-bribery policies and conflict-of-interest avoidance regulations.

Market Commitments: These include public statements and commitments made by enterprises, such as product quality guarantees and after-sales service commitments.

II. Process for Compliance Review

The compliance review process is systematic and standardized, typically involving the following stages:

Preparation Stage

Form a Review Team: Composed of compliance officers, legal personnel, and representatives from business departments, with clearly defined roles and responsibilities.

Define Review Objectives and Scope: Determine the specific objects of review (e.g., contracts, projects, systems) and the scope (e.g., finance, procurement, sales).

Review Laws, Regulations, and Internal Systems: Collect relevant laws, regulations, industry standards, and internal rules and regulations pertaining to the objects of review.

Develop a Review Plan: Clearly outline review principles, methods, procedures, and timelines, and prepare a review schedule.

Collect Data and Gain Preliminary Understanding: Provide a data checklist to the objects of review and gain a preliminary understanding of their business operations.

Implementation Stage

Review Procedures and Content:

Check whether the procedures of the objects of review are lawful and compliant, such as whether decision-making processes adhere to the corporate charter.

Examine whether the content violates laws, regulations, industry standards, or internal systems, such as whether contract terms are fair and advertising claims are truthful.

Risk Assessment and Classification:

Identify compliance risks, such as employee behavior risks, business process risks, and management system risks.

Classify risks based on their probability of occurrence and impact, categorizing them as high, medium, or low risk.

Data Organization and Analysis:

Organize the collected data to ensure its authenticity, completeness, and validity.

If data is found to be incomplete or contradictory, conduct supplementary reviews or on-site verifications.

Expert Review and Consultation:

For objects of review involving sensitive areas or significant matters, organize expert reviews or consult relevant departments for opinions.

Reporting Stage

Formulate a Review Report:

Provide compliance review opinions and clarify whether the objects of review are compliant.

Offer improvement suggestions for compliance risk items, such as revising systems or optimizing processes.

Approval and Submission of the Report:

The review report must be approved by the Chief Compliance Officer and stamped with the corporate seal.

Promptly submit the report to the superior compliance authority or regulatory agency.

Rectification and Supervision Stage

Issue Rectification Notices:

For objects of review with issues, issue compliance review handling opinions and a Compliance Review Rectification Notice.

Clearly outline rectification requirements, deadlines, and responsible persons.

Rectification Implementation and Feedback:

The objects of review must complete rectifications within the specified timeframe and submit a rectification report.

If there are objections to the rectification opinions, a written review application may be submitted within seven days.

Regular Follow-Up and Review:

The compliance authority must regularly follow up on rectification progress to ensure effective resolution of issues.

For units or departments that fail to rectify adequately, take further measures, such as issuing notices of criticism or deducting performance bonuses.

III. Key Practices for Compliance Review

Maintain Impartiality and Objectivity: The review team must avoid subjective biases and conflicts of interest to ensure the authenticity and reliability of review results.

Ensure Comprehensive Coverage: The review scope should encompass all business areas and processes of the enterprise or organization to avoid blind spots.

Timeliness and Dynamism: Compliance reviews must be conducted promptly to adapt to changes in laws, regulations, and business environments. The review process should also possess dynamic adjustment capabilities to address newly emerging compliance risks.

Strengthen Communication and Collaboration: During the review process, maintain sufficient communication with relevant departments and personnel to ensure the accuracy and completeness of information. Additionally, enhance cross-departmental collaboration to jointly resolve compliance issues.

Emphasize Evidence Collection: During the review process, focus on collecting and preserving evidence to ensure that review conclusions are well-founded.

Continuous Improvement and Optimization: Based on review results and feedback, continuously optimize review processes and standards to enhance the efficiency and effectiveness of compliance reviews.