The C-suite executives of ZTE participate in compliance planning, and decision-making, and suggesting for important regulations and major compliance matters according to the rules and procedures in the ZTE Corporation Constitution of the Committee of Compliance Management. A C-suite executive is directly responsible for the compliance of business under his or her supervision. When it comes to the promotion of compliance awareness and cultivation of compliance culture, the C-suite executives shall set an example by personally taking part in compliance training and communication conducted by his or her subordinate units. Moreover, the compliance management organization can also directly report any compliance matters to the C-suite executives, as smooth communication channels are offered in ZTE.
In terms of resource input, the C-suite executives clearly pointed out that ZTE does not set a ceiling on financial support for the compliance operation of every department, and it will be satisfied as needed. Under the strong support of the C-suite executives, ZTE has hugely increased the proportion of its full-time compliance personnel and the rate is 5.71‰ in 2020, which is being continuously optimized.
2. Effective Compliance Organization
Every employee is responsible for bribery risk identification, prevention, and response. All business units and functional departments are the first line of defense. Compliance organization is the second line of defense, and the Compliance Audit Dept. is the third line of defense.
ZTE follows the PDCA (Plan-Do-Check-Act) management process cycle when carrying out compliance work. ZTE transforms the PDCA cycle into a closed-loop management including reasonable rules, effective promotion, strong execution, and forceful audit, which forms a dual cycle of compliance operation and management.
3. Sufficient Resource Input
ZTE's anti-bribery compliance organization has been continually strengthened due to continuous resources input. At the Center of Expertise (COE) level, the Anti-Commercial Bribery Compliance Dept. has employed several experts experienced in risk management, due diligence, and supervision. At the BU Compliance Team level, ZTE has attracted many people with extensive business experience, and has integrated its legal team into the compliance organization and also arranged Compliance Point of Contact in the front lines of its business, which has built a solid talent foundation for its compliance system.
ZTE has introduced and continuously optimized the Legal & Compliance Management System (LCM), Business Partner Screening System (BPS), and other IT systems and tools, which greatly improve the scope, efficiency, and level of ZTE compliance management.
Besides, ZTE also works with several famous law firms, accounting firms, and other consulting institutions in a long term, in order to provide timely and accurately professional services for ZTE's compliance work.
4. Systematic Risk Assessment
The Anti-Commercial Bribery Compliance Dept. and BU Compliance Teams regularly conduct risk assessment in relevant regions or areas every year, so as to continuously refresh ZTE's compliance risk database, timely and accurately adjust compliance management strategies and measures based on actual business changes and risk changes, and resolutely implement risk-oriented compliance management principles.
During the process of risk assessment, we may use methods including but not limited to documentation review, data analysis, interviews, questionnaires, brainstorming, and comprehensively consider the business scale, business models, business location(s), transaction subjects, transaction types, the use of business associates, government relations, local customs, and other relevant factors, to assess the actual compliance risks as comprehensively and accurately as possible, then we will finally issue a risk assessment report. Risk assessment results identified in this report will be fully communicated with relevant business units, and specific policies, rules and processes will also be implemented corresponding to the actual situation of regions and areas.
5. Comprehensive Compliance Policy System
Based on the actual situation, ZTE has issued and regularly maintained a comprehensive anti-bribery compliance policies system according to the Anti-Bribery Management Systems ISO 37001 Standard - ZTE Anti-Bribery Compliance Policy, ZTE Anti-Bribery Compliance Manual, management regulations (on issues such as gifts and hospitality, business travels, business associates/partners, procurement transactions, commercial sponsorship, charitable donations, client training, mergers & acquisitions and joint ventures, and employment) and guidance.
6. Effective Process Control
Based the result of risk assessment, ZTE has set up the corresponding management processes, measures, and requirements in the Compliance Management Regulations. In the course of implementation, the compliance approval processes are set up through certain systems like LCM and TeamShare (TS), and the compliance approval processes are embedded in ZTE's sales, procurement, finance, employment and investment businesses and IT processes to ensure that compliance control is actually in all the main nodes throughout the business activity process as shown in Table 1. If failing to get compliance approval, relevant business shall not proceed unless the relevant prohibited compliance issues or risk signals/red flags are eliminated.
7. Extensive and Tailored Training and Communication
Training and communication are important parts of ZTE's ABMS. In order to promote anti-bribery compliance's awareness and abilities for all employees, ZTE conducts on-site anti-bribery compliance training on a regular basis, and provides other special training to new employees, management, Compliance Teams, and other important positions from marketing, finance, procurement and HR, and external business associates. At the same time, ZTE also provides employees with regular communication of relevant laws and regulations, cases and company policies through multiple channels such as internal mail, LCM and iCenter, and conducts online training and examination through the ZTE ilearning platform. In order to continuously improve the convenience and timeliness of compliance policies, regulations, and guidance.
In 2021, ZTE conducts anti-bribery awareness training covers more than 50,000 employees and 70 business partners.
The Letter of Commitment on Anti-Bribery Compliance was signed by ZTE employees , achieved a completion rate of 99.9%. There were 262 suppliers that newly signed the Supplier Commitment Letter of Transparent Cooperation and Anti-Bribery Compliance.
At the same time, ZTE also carries out special communication to employees at important points-in-time for matters such as internal and external environment changes, compliance policy updates, and business or regional important business activity development.
ZTE appeals to all employees and business associates to adopt a "zero-tolerance" attitude towards bribery; ZTE advocates business associates to work together to maintain adequate communication and share compliance knowledge, to create a credible, transparent and honest compliance ecosystem, and to share the value that compliance creates for the healthy operation and sustainable development of all companies.
8. Ongoing Monitoring & Review and Improvement
The Anti-Commercial Bribery Compliance Dept. and BU Compliance Teams shall continuously supervise the effectiveness of system design and implementation, and shall carry out self-rectification of defects and deficiencies. At the same time, the Compliance Audit Dept. shall regularly conduct compliance audit according to annual plans to identity defects and deficiencies of the system, and monitor the completion of rectification. For potential violations identified through reporting clues or audit findings, the Compliance Audit Dept. shall conduct investigation in accordance with the relevant procedures and requirements, and give advice on whether to take disciplinary actions based on the investigation findings.
In 2021, 8 employees were given different degrees of disciplinary action (including criticism within the Company or persuasion and admonishment) due to non-compliance with anti-corruption policy/regulations/process.