Hong Kong is generally considered a hands-off location when it comes to regulation and laws in the corporate space. That doesn’t mean that companies can sit back and relax as long as they keep their basic business license in order and annual audit reports are filed. Standards set by stakeholders such as investors, customers, and banks also need to be considered. In particular, a high standard should be applied when it comes to screening partners, customers, and third parties.

What do you know about your customers, and what do you need to know? The answer is very different if you sell in the retail sector, or if you supply complex consulting solution to industrial actors. If you are in sector considered sensitive, such as crypto, pharma, or casinos, the landscape changes again.

The basic principle here is that every business should be able show a policy on who they will and will not do business with. This policy needs to be functional, and the business should be able to demonstrate how it’s executed. Most small businesses build this policy into their CRM (Customer Relationship Management) systems, whereas larger businesses employ entire compliance teams to handle KYC (Know Your Customer).

Demonstrating control over who funds your operation is a requirement from all major banks. It can also be a requirement from investors, and falling afoul of clauses relating to anti-money laundering (AML) can have a big impact on your business. Consider turning to your local accountant and your local corporate secretary for support. The Big Four accounting firms can all offer basic AML programs, as can risk management companies.

Politics in Hong Kong should be considered the same as politics in mainland China, in the sense that laws of mainland China also should be seen as the bar for companies in Hong Kong. This means that political sensitivities are also transferred to Hong Kong, and the topics considered politically sensitive in China should be viewed the same way in Hong Kong.

When doing business with mainland companies you need to make sure you know who the other party is. One reason for this is to determine if you are doing business with affiliates of the Chinese government, or with parties receiving funding from the government. That’s not to say one can’t or shouldn’t do business with governments, but it’s always best to be aware. One risk to look out for is sanctions for parties and products. The responsibility of complying with global sanctions falls squarely on the party doing business with the sanctioned party.

There are several ways of screening the shareholders of a Chinese entity. The starting point is always asking the questions, and ask for documentation to back up the answers you get. Request disclosures from your suppliers, but also consider having a third party available to handle more important screenings. 

Security from an operational perspective is about protecting assets. Assets entails physical property (such as machinery), intellectual property (drawings / designs), processes and people. The safety of so-called keymen (critical decision makers with top access to company accounts), should be considered extra carefully, and big firms often take care to not let key executives fly on the same flight, just in case there’s an accident. Here are some points all companies should consider in their day to day:

• Do we know what our mission critical assets are? Make a list with the other stakeholders in the business. Ask all top functions to prepare a list of what they consider critical assets.

• How are we protecting our assets? The answer will to a large extent depend on what these assets are. This should be clearly stated and easy to follow.

• How are we managing safety of employees and executives?

If your company has a global security function, having a discussion with them about these topics is strongly suggested. Locally, several specialized firms offer support within these areas.

Following the discussion about operational security, all companies sooner or later can come across a crisis. By the nature of a crisis, they’re hard to predict. There are however some steps that can be taken to mitigate even unknown factors.

The most important part of preparing for a crisis is thinking through assets and having a basic plan of action ready for the scenarios you are able to foresee. Your plan should be concise and practical and should include contact details of companies and people you may want to be able to reach quickly. Examples of useful contacts to add to your call list are the Consulate General, the local police, a security specialist and a law firm of choice.