Upload
others
View
9
Download
0
Embed Size (px)
Citation preview
EY Greater China Consumer Products and Retail Sector Journal
May 2017
Eric Chia
PartnerGreater China Consumer Products Sector Co-Leader
Arnold Sun
Partner
Greater China Consumer Products Sector Co-Leader
Dear Friends,
Welcome to this year’s second edition of the EY Greater China Consumer Products and Retail Journal. We have
seen in the past weeks numerous high marks in both political and economic arenas around the world. Thanks to
the efficient and globalized information network, we have been informed almost simultaneously that a) a China-
based social network company is now among the largest market cap high-tech companies in the world, and b) an
e-business tycoon has become the richest person in China.
We have witnessed the successes of a few China-based e-business platforms and they have transitioned
themselves into the global benchmarks, leading not only in size and market share, but also in technologies and
know-hows. The Consumer Products and Retail (CPR) sectors have been heavily utilizing e-platform as a creative
form of channel to boost sales, yet the new channels can be compounded as companies are often reliant on third
parties – typically eCommerce solution providers or digital marketing vendors – to assist them in navigating
through the complexities. While they may be important to business success, such third parties can expose CPR
players to significant risks.
In their recent article, Third-party risk management for consumer products and retail entities, authors Diana
Shin and Crystal Li analyzed the causes of the risks and provided CPR companies with an approach framework, as
well as a health check list for a preliminary diagnosis.
Evidently, CPR companies in China are fighting for growth in an increasingly digital society that is being
transformed by macroeconomic megatrends, mobility of capital and growth in technology. The increased
complexity of the market has in part resulted in an emerging trend – CPR companies are more frequently than
ever to use stock incentive plans to retain and compensate key talent and management employees to grasp or
maintain competitive edges. Authors Freeman Bu, Crystal Zhang and Lucia Zheng have addressed in their article,
China Individual Income Tax: Key industry insights, the key observations to highlight the favorable tax
treatments available and steps companies need to take to comply with regulatory requirements.
Enjoy reading – and we look forward to your feedback
2EY Greater China Consumer Products and Retail Sector Journal |
Third-party risk
management for consumer
products and retail entities
Diana Shin
Partner, Fraud Investigation and Dispute Services
Crystal Li
Senior Manager, Fraud Investigation and Dispute Services
Overview
Despite a slowing economy, China's
consumer confidence has remained
surprisingly resilient over the past few years.
Rising upper-middle class, emerging
millennials, and fast growing e-commerce
provide strong growth potential for the
market. In the meantime, the competitive
landscape of consumer products and retail
(CPR) entities has been changing rapidly.
The CPR sector is being disrupted by new
technology, with faster, more agile
competitors entering the market. Consumer
behavior is changing just as rapidly, with
online buying channels rapidly shifting
control to the consumers and generating
increasingly complex routes to market.
4EY Greater China Consumer Products and Retail Sector Journal |
Many of our CPR clients have been embracing this trend by
expanding successfully into new channels ranging from
eCommerce to omni-channel retailing.
The commercial challenges of expanding and developing new
channels can be compounded as companies are often reliant
on third parties to assist them in navigating through the
complexities of this new arena, typical examples of these
third parties could be an eCommerce solution service
provider or a digital marketing service vendor. While they
can often be important to business success, these third
parties can expose our CPR clients to significant risks.
In our real life cases, not only companies in the pharma
sector but also in other sectors like CPR experienced fraud
cases involving use of third parties to facilitate bribery or
corruption.
Companies in the CPR sector have also the characteristics of
using a wide spectrum of third parties, which may include
service vendors, suppliers, distributors, agents or joint
venture partners.
This creates practical challenges in monitoring the
transactions with increasing complex third parties. Third-
party risk is a fundamental business risk that needs to be
considered and managed at the executive level.
Why third-party risks matter to CPR companies and what are the challenges to address third-party risks?
As we understand from a number of case examples,
misconduct by your vendors, suppliers, distributors, agents,
and joint venture partners will not only result in damage
from regulatory fines but could also create supply chain
issues and data breaches.
From our prior “Knowing your third party” survey, the
following depicts the types of third parties representing the
biggest compliance risks :
Recent high-profile enforcement cases have reinforced the
importance of knowing who your third parties are — and what
they are doing. But, in many cases, this is still not happening.
of respondents have no systems or processes in place to manage and monitor third-party relationships
Companies must take a proportionate and risk-based
approach in respect of entities that perform services on their
behalf.
The business implications to our clients are that :
1. For new and on-going business relationships, companies
need to put in place effective procedures and policies to
address third-party risk
► Local companies – what tools and technology are being
used?
► Multinational corporations – how their global policies and
procedures are localized according to the local cultures
and languages?
► Do the existing procedures and policies cover the anti-
bribery/anti-corruption framework, ethics and
compliance environment to retain and maintain third-
party relationships?
2. All new business relationships need to conduct due
diligence
► To what extend should due diligence be conducted?
► Risk profiles can be created to apply more rigorous
investigation for high risk companies?
3. For on-going monitoring of third parties, companies need
to invest resources and leverage business data
effectively
► Has technology been utilized (forensic data analytics) to
gather data across a company to provide intelligence?
► Is frequent compliance audit conducted to maintain full
and transparent information of all business dealings on
behalf of the company?
of respondents believe risks are morelikely to arise from third parties than from internal staff.
5EY Greater China Consumer Products and Retail Sector Journal |
A broad set of tools is at the disposal of companies to
prevent and detect third-party breaches. Third-party
integrity diligence, forensic data analytics, and frequent
compliance audits form part of a broad set of risk
management measures to monitor third parties and identify
where there are conflicts of interest.
How to address third-party risks?
We recommend our clients to take a three-pronged
approach :
1. Third-party integrity diligence
2. Use of forensic data analytics
3. Frequent compliance audits
1.Third-party integrity diligence
Companies will need to seek better understanding of the
cultural and business norms, prior incidents of fraud,
previous litigation and adverse press, other non-
performance contracts within the industry and geography,
or the experience of their peers. This information should be
used to develop risk profiles when companies undertake due
diligence on high risk profiled third parties.
Performing third-party due diligence is critical, as it
represents a systematic and consistent effort to vet business
relationships tiered by levels of inquiry based on a thorough
business inventory and risk assessment. It helps to not only
understand the third parties, with whom the company will be
contracting, but also the broader context in which they will
operate.
The EY Integrity Diligence (EY_ID) methodology offers a
tiered strategy for background diligence:
► Quick scan: Online watch-list and adverse media check.
► Level I: Quick scan plus more detailed online company
and executive background research. Performed both
from global diligence talent hubs as well as local
jurisdictions.
► Level II: Level I plus localized public records archive
search (such as local court filings).
► Level III: Level II plus field research such as site visits and
interviews.
Our web-based EY_ID technology platform is a globally
accessible program management tool that helps clients
centrally coordinate this complex diligence process. EY_ID
helps to manage third-party applications, background
diligence results, risk ratings, approvals, compliance
confirmations and contracts in a single repository. It also can
be customized to guide users through a standard decision
tree when evaluating risk factors in diligence. The result is
an interactive decision management tool which also serves
as a searchable archive of diligence activity.
Proper diligence and monitoring not only help reduce the risk
of corruption but related-party transactions and money
laundering. They help safeguard company assets and
reputation. Due diligence should go deep enough to include
the beneficial ownership of the third party and its reputation.
In addition, there must be complete transparency in the way
that the third party is remunerated; not just in its fees or
commissions, but also in its expenses. The leading practice
is that a company’s travel and entertainment expense
policy should be structured to appropriately apply to third
parties. By applying these policies, it may demonstrate to
the regulator that the company has taken efforts in
enforcing its compliance policies, which can potentially
minimize the severity of fines or penalties on the company.
6EY Greater China Consumer Products and Retail Sector Journal |
five commonly seen red flags from conducting third-party
due diligence
1. Omission of certain key personnel/shareholders
2. A lack of information or trading history
This factor alone would not rule out start-ups.
3. Business address in a non-commercial zone or at service
office suites
4. Low capitalized company
Supplier companies with a small capital base could be acting
merely as middlemen for undisclosed suppliers, which pose a
further risk.
5. Tampering or irregularities with the tendering process
Acceptance of late bids, bids being accepted despite failings
in technical specifications or scoring, or bids at or very close
to set budgets are examples of this type of red flag.
Case study: Third-party risks - Distributor
Group ABC is a manufacturer of spirits, and it leverages
distributors to facilitate its sales. Group ABC provides sales
rebates to tier-one distributors based on the fulfillment rate
of sales target, and tier-one distributors allocate those
rebates to lower-tier distributors afterwards.
Distributor XYZ successfully became Group ABC’s tier-one
distributor, after going through a simplified due diligence
(“DD”) - which did not include the research on the company’s
shareholders or senior managements. Distributors XYZ
received rebates from Group ABC and embezzled part of
them, which significantly damaged the interests of lower-tier
distributors.
Lower-tier distributors submitted a compliant letter to Group
ABC, and an investigation was carried out. Based on the
company information of Distributor XYZ from public domain,
its sole shareholder shares the same name with the wife of
Group ABC’s Sales Director – which was soon confirmed by
the Group ABC HR.
2. Use of forensic data analytics (“FDA”)
FDA refers to the ability to collect and use data, both
structured (e.g., general ledger or transaction data) and
unstructured (e.g., email, voice or free-text fields in a
database), to prevent, detect, monitor or investigate
potentially improper transactions, events or patterns of
behavior related to misconduct, fraud and noncompliance
issues.
► FDA uses 100% of the available and relevant data to
obtain meaningful insights for investigative, legal,
regulatory, anti-fraud or risk management matters.
► It transforms large volumes of transactional data into
valuable actionable business intelligence within a short
period of time
► FDA assists internal audit and compliance teams to
focus on potentially anomalous transactions across
business functions and enhance their focus of reviews in
times where compliance budgets are being heavily
scrutinized.
7EY Greater China Consumer Products and Retail Sector Journal |
Three red flags commonly detected by FDA
1. Multiple suppliers with same address
Shared or similar addresses, contact details or bank
accounts are potential red flags, as are overly close
relationships within a small group of local vendors.
2. Multiple payments just below authorized level
Evidence of unusual data trends could be:
► Split payments to bypass approval thresholds
► Large numbers of one-time vendor payments to
bypass supplier due diligence procedures
► Duplicate payments
► Lack of proper supporting documentation around
vendor set-up, diligence or payments
► Multiple duplication in vendor master files
3. Generic description of expense reimbursement claims of
vendors/distributors
Text mining within databases to identify “concepts” or
generic descriptions can further focus on high risk
transactions.
On the upside, advanced data analytics tools are becoming
mainstream. New technologies and surveillance monitoring
techniques are being developed to help companies manage
current and emerging fraud risks, and there is growing
awareness of FDA's benefits at the executive and board
levels.
When asked about the main benefits of using FDA, 79% of
our respondents in the Global FDA 2016 Survey indicate the
ability to detect fraud that they could not detect before, and
78% indicate earlier fraud detection; however, only 42%
indicate reduced costs of their anti-fraud programs.
What does good like?
Our Global FDA 2016 Survey found those organizations
receiving positive results from FDA have a number of
elements in common. They are more likely to:
A maturing FDA landscape
FDA has evolved considerably over the past two years. In our
2014 Global FDA Survey, we found that, although companies
were deploying some forms of FDA, many were missing
opportunities to leverage emerging advanced tools that
would enable them to greatly strengthen and improve their
risk management and investigative response programs.
Focus on major FDA deployments is growing compared to
our 2014 Global FDA Survey results, with higher levels of
spending on advanced tools and proactive surveillance
monitoring of larger volumes of data from a wider variety of
sources. To get the most out of these sophisticated tools,
organizations are increasing their in-house capabilities as
indicated by a 22% increase in the number of in-house
deployments as compared to the 2014 survey. In response
to this trend, we also see leading technology companies
introducing ant-fraud, surveillance monitoring and insider
threat product offerings designed to address wide varieties
of fraud and litigation risks across the enterprise.
Despite improving maturity overall, many organizations lack
an understanding of the wide spectrum of value that FDA
can deliver — and few are fully realizing the potential of their
FDA deployments, particularly around the cost savings and
efficiencies gained from the use of FDA.
► Use advanced technology
In almost every circumstance, those companies using
more sophisticated analytics, beyond basic spreadsheet-
type, rules-driven tests, report better fraud detection in
less time. These successful FDA deployments are
harnessing sophisticated analytics tools, including social
media and web monitoring, voice searching and analysis,
and visualization and reporting tools.
► Analyze more data
We have observed a positive correlation between the use
of large data volumes (over 10 million records) and
achieving positive results of FDA implementation. The
same is relevant to data variety, with those reporting
positive results also applying a much broader array of
both structured and unstructured data sources.
► Invest more of their total compliance and anti-fraud
spend in FDA
8EY Greater China Consumer Products and Retail Sector Journal |
Our survey found those reporting positive results invest one-
third of their total anti-fraud program budget on FDA.
Around the world, many leading organizations are
harnessing the full benefits of FDA, but others are struggling
to do so.
Boards and senior-level management who see FDA's
potential, but have yet to come to terms with the investment
required, need to understand the broad range of value that
sophisticated analytics can deliver. Once this is appreciated,
the business case for FDA becomes clear
Case study: Third-party risks – Vendor
Supplier ABC mainly provided maintenance services of
counters in department stores to a cosmetics and beauty
group. EY conducted FDA during the annual supplier audit,
and observed that purchase orders (“POs”) were placed
highly frequently but in relatively low PO value. Besides,
several groups of POs were identified as potential split POs.
Based on preliminary review on PO supporting
documentations, certain pricings appeared to be
inconsistent and unreasonable. EY then thoroughly
reviewed all the POs placed with this supplier, and confirmed
the observations noted through FDA – several groups of POs
were split to avoid high level approvals. Additional red-flags
were also identified, such as non-compliant labor
employment and potential overcharges on certain items.
Disciplinary action was carried out to Supplier ABC, and the
relationship was terminated afterwards.
3. Frequent compliance audit
It is crucial not only to conduct due diligence when entering
into new business relationships but also to have a robust
compliance auditing system to monitor activities. A robust
performance contract needs to be in place that requires the
third party to:
► Comply with the relevant national and local laws and
regulations
► Comply with the company's ethical policies
► Agree to regular audits or reviews
Having audit provisions in the contract is not enough,
companies must conduct on-site compliance audits in a
timely manner.
These measures demonstrate to third parties the importance
of ethical business conduct. Third parties should be aware
that they need to maintain full and transparent information
of all business dealings (including expenses incurred) on
behalf of the company, making them available for review
when required.
Our prior experience indicated that when conducting on-site
compliance audits, the challenges may include the following
and our suggestions are:
► challenges may include the following and our suggestions
are:
► The existence and extent of the right to audit clause in
the contract: The clause should be comprehensive
enough to include the extent of the compliance audit that
will be undertaken (e.g., not purely a financial review, but
also an understanding of the compliance framework).
► Sophistication of the third party’s financial systems : It is
very common for a third party to have only one financial
system and lack of segregation between its records
relating to its different customers. As a result, reliance
on the information provided by the third party would be
limited as it cannot be verified independently. One way
companies can get around this is by putting a clause in
contracts requiring the third party to segregate its books
and records relating to the specific company.
► Frequently, third parties raise confidentiality concerns
around providing documentation as they also work with
other business parties. As a result, these reviews are
usually conducted by a team of external consultants with
experience in this field.
In addition, there must be an incentivization of compliance
or a threat of disengagement for non-compliance. Standards
must be applied vigorously to these third parties because of
their importance to the company’s performance, and not just
for fear that non-compliance could cause issues for the
company. Accountability is an important aspect of any
business relationship.
9EY Greater China Consumer Products and Retail Sector Journal |
How prepared are you?
1. Does your company have a rigorous third-party integrity
diligence procedure to assess new business relationships?
► Meeting local and international regulations
► Requiring third parties to comply with your anti-bribery
and anti-corruption (ABAC) policies and authorized to
conduct regular audit and review
► Having complete transparency in the way that the third
party is remunerated; not just fees or commissions, but
also expenses
2. Are you conducting integrity diligence for all third-party
relationships?
► Developing risk profiles to assure high-risk third parties
are more rigorously reviewed
10EY Greater China Consumer Products and Retail Sector Journal |
3. Does your company have an on-going monitoring
framework for all third-party relationships?
► Using FDA to access 100% of the available and relevant
data to assess performance and detect misconducts
4. Are compliance audits conducted on a regular basis and
in a timely manner?
► Auditing all relevant business dealings conducted by the
third party, as well as the beneficial ownership of the
third party and its reputation
China Individual Income
Tax: Key industry insights
Freeman Bu
Partner, People Advisory Services
Crystal Zhang
Director, People Advisory Services
Lucia Zheng
Manager, People Advisory Services
In the past few years, stock incentive plans
have become a popular tool for companies
to retain talent and compensate employees
in the long-run. Plans of stock options,
restricted stocks, stock appreciation rights,
are commonly adopted by Consumer
Products and Retail (CPR) companies.
From China Individual Income Tax (IIT)
perspective, favorable tax policies for stock
incentive plans have been issued and they
have started to attract considerable
attention from the business community to
further encourage entrepreneurship and
innovations.
12EY Greater China Consumer Products and Retail Sector Journal |
In the meantime, relevant guidelines have been issued by the
State Administration of Foreign Exchange (SAFE) to solve
the foreign exchange issue of stock incentive plans
implemented by overseas listed companies that cover
Chinese employees of Chinese subsidiaries.
CPR companies in China are fighting for growth in an
increasingly digital society that is being transformed by
macroeconomic megatrends, mobility of capital and growth
in technology. Based on our observation, CPR companies in
China are increasingly using stock incentive plans to retain
and compensate key talent and management employees. In
this article, we would like to highlight the favorable tax
treatments available and steps companies need to take to
comply with regulatory requirements.
1. Favorable tax treatments for stock incentive plans of listed companies
Normally stock incentive income is taxed as regular
employment income at the marginal rates ranging from 3%
to 45%. Such income derived from the stock inventive
awards will be aggregated with regular monthly
employment income and subject to the above marginal IIT
rates.
However, a favorable IIT calculation method can be applied
to the gain arising from exercise of stock options/stock
appreciation rights or vesting of restricted stocks provided
that the following conditions described in Tax Circulars 35,
461 and 27 are satisfied.
a) The individuals are employees of publicly listed companies
(including branches) and their subsidiaries.
b) Equity-based award is derived from plans that are
implemented by the listed companies.
c) The subsidiaries should be at least 30% owned by the
listed companies.
d) A tax registration for the stock incentive plans is
completed by the companies with local tax authorities.
Under the favorable IIT calculation method, the gain (or
income) can be divided by the relevant vesting months
(capped at 12), and each quotient will be taxed as a monthly
salary. Obviously this method will normally result in a lower
applicable tax rate and will lower the tax liability on the total
gain.
In addition, for any new grant, exercise of options/stock
appreciation rights or vests of restricted stock under the
plans, relevant information should be submitted to the local
tax authorities for records.
2. Favorable tax treatments for stock incentive plans by private companies
In late 2016, the Ministry of Finance (MOF) and the State
Administration of Taxation (SAT) jointly issued Caishui
[2016] No.101 (Circular 101), which provided favorable tax
treatments to stock incentive plans implemented by private
companies. Under Circular 101, an employee can defer IIT
payment until the stock is transferred while in the past IIT
should be paid when gain is “realized”. For example, when
stock options are exercised by an employee, the employee
buys stocks at a discount and owns the stocks, he or she
should pay IIT on the gain (discount) even he or she has not
yet sold or transferred the stocks. In addition, instead of
being treated as “salary” and taxed at IIT rates up to 45%
previously, the gain will now be treated as "income from
transfer of property" and taxed at a flat rate of 20%. This is
very preferential especially when the gain is significant.
The following criteria must be met for employees to be
eligible for the favorable tax treatment and IIT deferral
based on Circular 101:
► The equity incentive plan is implemented by a domestic
resident enterprise and the underlying equity should be
the equity of a domestic resident enterprise.
► The equity incentive plan is approved by the board of
directors or the shareholders' meeting.
► For technology contributions, the underlying equity can
be the equity acquired from investment with technologies
into other domestic resident enterprises.
► The equity incentives should only be granted to senior
management and core technical staff as decided by the
board or shareholders meeting and the total number of
participants shall not exceed 30% of the average number
of the existing employees of the company in the last six
months.
► Stock options, should be held for at least three years
from grant to exercise and for at least one year from
exercise to transfer;
► Restricted stocks should be held for at least three years
from grant to vest and for at least one year from vest to
transfer;
► Equity awards should be held for at least three years
from grant to transfer.
► For stock options, the period from grant date to exercise
date shall not exceed 10 years.
Again, to enjoy the favorable tax treatment, the tax
registration for the plans should be completed.
13EY Greater China Consumer Products and Retail Sector Journal |
3. SAFE requirements for stock incentive plans implemented by foreign listed companies
When a multinational company listed outside of China
implements a stock incentive plan and the plan also covers
local Chinese employees of a Chinese subsidiary of the
multinational company, a SAFE registration should be
performed by the Chinese subsidiary. The Chinese
subsidiary can then legally open a special bank account
through which Chinese employees can remit funds outside
China to purchase shares and receive funds from overseas
arising from sale of stocks, under the stock incentive plan.
Under the current Chinese regulations, Chinese citizens are
restricted from investing in shares of foreign companies.
The Chinese subsidiary should provide details of transactions
in this bank account to the local SAFE office for review and
records.
4. Areas CPR companies should be aware of
In order to comply with Chinese regulations and enjoy
relevant favorable tax treatments, CPR companies listed in
China should review whether they meet the conditions for
the favorable tax treatments and whether they have
completed the tax registration for the stock incentive plans.
Non-listed CPR companies should also review whether they
meet the criteria for the favorable tax treatments and
whether they have performed the tax registration. When
they have not but intend to implement stock incentive plans,
they should carefully design the plans so that the criteria can
be met and the favorable tax treatments will be available to
employees.
For Chinese subsidiaries of multinational companies whose
Chinese employees are covered by stock incentive plans of
overseas listed companies, they should review whether the
SAFE registration has been performed properly.
Where necessary, CPR companies should seek professional
advice on the above tax and SAFE matters. To discuss how
we can support your business, please contact your EY
advisor.
The views reflected in this article are the views of the author
and do not necessarily reflect the views of the global EY
organization or its member firms.
14EY Greater China Consumer Products and Retail Sector Journal |
EY | Assurance | Tax | Transactions | Advisory
About EY
EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.
EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.
© 2017 Ernst & Young (China) Advisory LimitedAll Rights Reserved.
APAC no. 03004780ED None.
This material has been prepared for general informational purposes only
and is not intended to be relied upon as accounting, tax, or other
professional advice. Please refer to your advisors for specific advice.
ey.com/china
Follow us on WeChatScan the QR code and stay up to date with the latest EY news.
Contact us
Eric Chia
Partner
Advisory Services
+ 86 21 2228 3388
Alfred Yin
Partner
Assurance Services
+ 86 21 2228 2152
Arnold Sun
Partner
Transaction Services
+ 86 21 2228 5235
Audrie Xia
Partner
Tax Services
+ 86 21 2228 2886