Compliance legal services refer to the consulting services provided by lawyers to help enterprises prevent, identify, evaluate, report, and respond to compliance risks based on their understanding of relevant domestic and foreign laws and regulations, international organization rules, regulatory regulations, compliance requirements, business practices, and ethical norms in the industry and business field of the enterprise, as well as the articles of association and rules and regulations formulated by the enterprise in accordance with the law Special legal services and advisory services such as agency.

The types of compliance legal services are mainly divided into compliance regulatory response, compliance investigation, business partner compliance management, compliance training, compliance evaluation, compliance consultant, and compliance management system construction. The compliance team of the Firm continues to discuss how the lawyer's compliance team can provide "compliance management system construction" compliance legal services for film, television, cultural and entertainment enterprises.

1、 Definition of compliance management system construction

The construction of a compliance management system refers to the systematic and planned establishment of a management system that includes system development, risk identification, compliance review, risk response, accountability, assessment and evaluation, and compliance training based on the actual situation of the enterprise, with the purpose of effectively preventing and controlling compliance risks, and targeting the operation and management behaviors of the enterprise and employees.
"Compliance Management Systems - Requirements and Guidelines for Use" (ISO/FDIS 37301) developed by the International Organization for Standardization (ISO/FDIS 37301), "Compliance Management Systems - Requirements and Guidelines for Use" (draft for comments) issued by the State Administration of Market Supervision and Administration and the National Standardization Administration (ISO 37301:2011, IDT) The General Administration of Quality Supervision, Inspection, and Quarantine of the People's Republic of China and the National Standardization Administration of China jointly issued "Guidelines for Compliance Management Systems" (GB/T 35770-2017) and other documents, which are important reference documents for lawyers' compliance teams to build a compliance management system for enterprises.

2、 Workflow of compliance management system for film, television, cultural and entertainment enterprises

（1） Establish a delegation relationship

Sign a special legal service contract with customers to clarify the service content and scope. The lawyer's compliance team can prepare a "Proposal for Legal Service Scheme of Enterprise Compliance Management System", which will be confirmed by the customer and used as an attachment to the special legal service contract.
1. The proposal clearly stipulates the workflow for the construction of the compliance management system, which should be clear, clear, and enforceable.
The proposal should also specify the work results to be delivered to customers during the legal service process, and the work results should be clearly defined.
In the proposal, the service period for the construction of the compliance management system should be agreed upon. It is recommended that the legal service contract be signed for at least six months, and it is agreed that if the service period is extended due to objective reasons or customer requirements, additional service fees should be charged accordingly.

In the proposal, it is also possible to list the teams and relevant cases of corporate compliance legal services.

（2） Conduct due diligence work

Purpose of Due Diligence

The main purpose of due diligence work is to understand the basic situation, risk management, compliance awareness, and compliance culture of the enterprise, and initially grasp the advantages and disadvantages of building a compliance management system.

2. Ways of Due Diligence

The main purpose of conducting due diligence is to interface with the client's legal department (or compliance business department), issue a due diligence list to the interface department, and guide the interface department in preparing and providing due diligence materials.

At the same time, it is also necessary for the lawyer's compliance team to conduct interviews with key personnel from major business departments and distribute questionnaires, such as asking the responsible personnel from the General Manager's Office, the Finance Department, the Legal Department, the Copyright Department, and the Production Department to explain the compliance management situation of the enterprise.

Main understanding of due diligence work

(1) Evolution of the enterprise

Mainly refer to the establishment of the enterprise and the industrial and commercial registration files of previous changes, and briefly understand the establishment time, main business scope, senior management personnel, shareholders, articles of association, etc. of the enterprise.

(2) Corporate governance structure

Understanding the governance structure of an enterprise is mainly aimed at clarifying the responsibilities of directors, supervisors, and senior executives, and preparing for embedding the person in charge of compliance management. It may be considered that a general legal adviser (or legal director) should serve as the chief compliance officer and be included in the ranking of senior management personnel of the enterprise.

(3) Management structure

Understanding the management structure of an enterprise is mainly to provide the basis and manuscript for the establishment of a compliance management organization in the future. It also prepares for identifying key compliance links and key personnel. The key links of film and television cultural and entertainment enterprises mainly include artist performance brokerage, film and television project planning, film and television copyright authorization, film and television contract signing, publicity and distribution, and so on. Key personnel are not necessarily high-level personnel, but generally direct port personnel for each key link.

(4) Business of the enterprise

Understanding an enterprise's business is mainly to clarify its key business areas and main business models, and to determine key areas of compliance management. The key business areas of film and television cultural and entertainment enterprises vary depending on the specific type of enterprise. Some are mainly artists and acting brokers, some are mainly investing in film and television dramas, and some are operating film and television broadcasting platforms. The key compliance areas of film, television, cultural and entertainment enterprises mainly include qualification compliance, performance brokerage compliance, intellectual property compliance, advertising endorsement compliance, public opinion and crisis public relations compliance, financial and tax compliance, and so on.

(5) Key stakeholders in the enterprise's business

Understanding the key stakeholders in a company's business is to identify the main sources of compliance risk. The main stakeholders of film and television cultural and entertainment enterprises include corporate shareholders, corporate employees, and hired cast members, IP licensors, film and television copyright purchasers, and other film and television cultural and entertainment enterprises as competitors.

(6) Current situation of enterprise compliance management

Briefly understand the current situation of compliance management in the enterprise, and understand whether the enterprise has compliance policies, compliance systems, compliance operation mechanisms, compliance job responsibilities, and other content related to the compliance management system.

(7) Compliance awareness of various departments of the enterprise

Understand whether the customer has a certain concept of compliance culture, and whether the main responsible persons and key personnel have compliance awareness, in order to prepare for the future development of compliance training plans.

（3） Sort out compliance rules

Based on the characteristics and types of customers, summarize the compliance elements (compliance areas) involved in the customer, and sort out the relevant corporate compliance rules and basic legal provisions related to the customer's industry, business, and country.

Taking film and television entertainment enterprises as an example, the following compliance rules can be summarized

Lawyer compliance team principles:

2. It is possible to conduct hierarchical management of compliance areas, distinguishing high-risk compliance areas, medium risk compliance areas, and low risk compliance areas based on the industry characteristics of customers and the specific circumstances of their compliance work. For high-risk compliance areas, the requirements of the compliance management body should be fully implemented; For medium risk compliance areas, reinforcement measures for compliance rules should be taken; For low risk compliance areas, analyze and improve missing items in risk management and control.

3. Preliminary summary of compliance obligations based on various compliance rules sorted out. Search for domestic legal regulations, international legal rules, industry regulatory regulations, business practices, and ethical norms, analyze the prohibitive, obligatory, and effective norms therein, and form a list of norms. Convert the expression of compliance obligations into major compliance obligations, and create a list of compliance obligations.

（4） Prepare a Compliance Risk Report

Based on the findings of due diligence, benchmarking documents such as the "Compliance Management System Requirements and Guidelines for Use" and policies, regulations, and standards such as the "Central Enterprise Compliance Management Guidelines (for Trial Implementation)" can help enterprises understand the current level of compliance management, comprehensively grasp the status of enterprise compliance management work, identify gaps with standard standards, summarize compliance risks, and prepare a "Compliance Risk Report.".

1. Conduct risk analysis on business processes

The production business process analysis table takes the film and television production business as an example, and the main business flow chart is:

Film and television project planning

Obtain authorization for film and television adaptation rights

Writing a script

Preparation for the production team

Film and TV drama shooting

Post production of film and television dramas

Film and television copyright authorization

Publicity and distribution of film and television dramas

Film and TV series broadcast

Film and television business development or derivative development

Payment settlement

Contracts may be involved in each of the business processes in the above business process diagram. At this point, a comprehensive analysis of contracts should be conducted, including the pre contract process, the contract conclusion process, the contract performance process, the contract termination process, and the post contract process.

2. Conduct risk analysis on business departments and positions

Analyze and describe the compliance risks that may arise from various departments and positions. Risk control methods for business department positions mainly include adding compliance responsibilities to job responsibilities, summarizing business processes, and adding compliance analysis and self inspection links, as well as adding compliance requirements to department management.

3. Conduct risk analysis on compliance assurance departments and positions

The Compliance Assurance Department includes the Legal Department, the Compliance Department, the Finance Department, the Audit Department, the Discipline Inspection and Supervision Department, the Strategy and Planning Department, and the Personnel and Training Department.

The risk control of the compliance assurance department requires sorting out the responsibilities and positions of the compliance department of each compliance assurance department, and adding compliance review responsibilities to the department responsibilities. For example, when receiving legal advice, the legal department should include compliance factors in addition to risk control to evaluate compliance issues. If the financial department finds that the payment requirements of the contract are not met, it should add the content of compliance review to determine the compliance payment time and terms.

4. Create a compliance risk library

Create a compliance risk database based on the business process analysis table, and create a compliance risk database sub database under each business process. Example of a compliance risk library.

Compliance field, compliance obligations, compliance risks, processes involved, positions, business departments, control measures, safeguard departments, control measures

（5） Draft the "Compliance Management System Construction Plan"

Develop a compliance management system construction plan that conforms to documents such as the "Compliance Management System Requirements and Use Guidelines", legal regulations, and actual requirements of the corporate governance structure based on the corporate compliance management needs, and assist the enterprise in implementing it after obtaining the approval of the enterprise.

The construction plan should include suggestions for improving the corporate governance structure, the compliance responsibilities of the board of directors, the establishment of the compliance management organizational structure, the responsibilities of the compliance management department, the establishment of compliance posts, the compliance responsibilities of the compliance posts, the construction of the compliance management system, the construction of specific compliance specifications, the design of the compliance operation mechanism, and suggestions for the content of compliance training.

1. Establishment of compliance management organizational structure (including the responsibilities of the compliance management department, the setting of compliance posts, and the compliance responsibilities of compliance posts)

Respectively arrange corresponding compliance responsibilities at the top, middle, and grassroots levels of the enterprise, and clarify the leading department and relevant departments for enterprise compliance management.

For example, a compliance management committee can be established under the board of directors to undertake the organization and overall coordination of compliance management; The Chief Legal Adviser (Chief Legal Officer) serves as the compliance management principal (Chief Compliance Officer), responsible for reporting major issues of compliance management to the Board of Directors, and supervising the compliance performance of the management level. If conditions permit, the Compliance Officer may be a member of the Board of Directors; Set up a separate compliance management department or establish a compliance working group in the Legal Department to provide compliance support to business departments or other departments; Business departments and management departments set up compliance officers to be responsible for daily compliance management in their respective fields, improve and implement business management systems and processes in accordance with compliance requirements, report violations, and convey the opinions of the compliance management department.

For each position, it is also necessary to add or optimize its compliance responsibilities, modify the job description, and have employees sign a compliance commitment letter.

Preparation of compliance management system

Compiling a compliance management system is the central task of building a compliance system. Generally speaking, a compliance management system should include chapters such as general principles, definitions, compliance management principles, compliance management organizational structure and responsibilities, compliance management priorities, compliance management operating mechanism, compliance management guarantee mechanism, compliance culture, supervision and inspection, accountability, and supplementary provisions.

3. Construction of compliance specifications

Compliance specifications are specifications written for specific key compliance areas. Generally speaking, enterprises have established management systems in these fields, such as contract management systems, employee manuals, etc., which can be called compliance management norms in essence. When constructing compliance management systems, it is necessary to carry out regulatory revisions to these management systems, including the protection of the rights and interests of stakeholders, and reflecting compliance content.

There are also some compliance management specifications that customers do not have, such as anti unfair competition, business partner compliance management, data security and protection, and they need to be rewritten.

4. Design of compliance operation mechanism

Enterprises should establish various compliance management operation mechanisms and compliance assurance mechanisms. The compliance operation mechanism includes, but is not limited to, a compliance joint meeting mechanism, a compliance review mechanism, a compliance mandatory consultation mechanism, a compliance risk trigger and early warning mechanism, a compliance risk hidden danger tracking mechanism, a compliance risk reporting mechanism, a compliance post performance monitoring mechanism, a compliance third-party due diligence mechanism, and a compliance accountability mechanism.
Compliance assurance mechanisms include universal compliance assurance mechanisms, compliance assessment mechanisms, information construction, training mechanisms, reporting and complaint mechanisms, and so on.

5. Compliance training content

The curriculum of compliance training is very important, and different training content needs to be set for different objects. The main courses include compliance concept introduction training, compliance laws and regulations lecture, compliance management system construction and operation, interpretation of compliance management documents, interpretation of compliance elements (fields), and so on.

（6） Assist enterprises in establishing a compliance management system framework and internal operating processes

Assist enterprises in establishing a compliance management system, formulating compliance management policies, and improving internal compliance operational processes in accordance with documents such as the "Compliance Management System Requirements and Guidelines for Use".

1. Compliance Management System

This figure is excerpted from the newly published book "Corporate Compliance and Lawyer Services" by Lawyer Jiang Xianliang

The compliance management system needs not only to be self-contained, but also to cover all business areas and departments of the enterprise, running through the entire business process. It is necessary to fully permeate the institutional requirements of compliance management into the leading bodies, management teams, business departments, business positions, and all employees of the enterprise, and jointly identify, monitor, and eliminate compliance risks in a timely and accurate manner. This is the function that an effective compliance management system should play.

2. Compliance internal operation process

Through business process sorting and organizational structure optimization, the compliance management responsibility system is clarified and the compliance management requirements, compliance performance, and responsibilities of each business process link are sorted out. At the same time, the compliance management process framework should be supplemented and improved, including compliance risk assessment and prevention processes, violation investigation processes, supervision processes, complaints and reporting processes, etc.

（7） Compliance obligation collection and risk assessment

Assist enterprises in sorting out applicable laws, regulations, standards, and other compliance requirements in each link, and prepare a "List of Important Compliance Obligations" and a compliance checklist based on the compliance risk database in the Compliance Risk Report.

Assist enterprises in establishing a compliance obligation identification mechanism, comprehensively and systematically sort out compliance risks existing in business management activities, identify, analyze, and evaluate their business compliance risks, as well as compliance risks in key areas, positions, and personnel, using flow charts or flow charts, expert methods, historical event methods, and deductive methods, and develop risk control measures.

Identify compliance risks throughout the entire life cycle of the enterprise, and guide the establishment of Typical Compliance Risk Analysis and Control Measures Planning.

（8） System document planning and preparation guidance

On the basis of preliminary work, plan the document structure of the compliance management system, guide enterprises in sorting out relevant elements and process documents of compliance management at various stages, and convert them into enterprise management documents, including compliance management policies, compliance management measures, special compliance management systems, compliance management specifications, and operational guidelines for key compliance areas.
For specific content, please refer to the introduction in Part (V) of this article, "Developing a Compliance Management System Construction Plan.".

（9） Compliance training

Organize enterprises to carry out compliance culture promotion and initial training for enterprise members, introduce compliance concepts, create a compliance atmosphere, and cultivate a compliance culture.

First, different training courses should be set up for different objects. Before training, contact the customer to determine the content of the training courseware in advance. During the training, the audience's questions should be recorded and answered. After the training, a questionnaire (or examination paper) should also be distributed to understand the training effect.

（10） Operation and testing of the compliance management system

Assist enterprises in establishing and operating compliance management departments, issuing and implementing compliance management documents in accordance with the corporate compliance management system construction plan.

Organize and inspect the system operation of internal control at the overall level of the enterprise, each department, and each business process; Develop and operate a "Test Report"; Assist enterprises in regularly analyzing the effectiveness of the compliance management system; Identify significant or recurring compliance risks and non-compliance issues, and investigate the root causes in depth; Improve relevant systems, plug management loopholes, and strengthen process control.

（11） Archives management

In accordance with the requirements of documents such as the Compliance Management System Requirements and Guidelines for Use, and from the perspective of responding to regulatory investigations, assist enterprises in improving the archiving process, list of documents to be archived, and templates for important archived documents.

It can also assist qualified enterprises to carry out compliance management informatization construction, utilize big data, cloud computing, and other technologies to carry out real-time dynamic detection of key areas and nodes of compliance, achieve real-time early warning of compliance risks, and actively stop noncompliance.

（12） Achievement acceptance and after-sales service

After the construction of the compliance management system is completed, the enterprise is requested to conduct acceptance of the construction of the compliance management system. After passing the acceptance, the lawyer's compliance team can sign a subsequent compliance consulting contract with the client, track the operation of the client's compliance management system, and provide follow-up implementation, evaluation, improvement, maintenance, and other services for areas that need to be updated or issues encountered during the implementation of other compliance management systems.

Our compliance team will continue to explore relevant legal issues such as "how lawyers provide compliance legal services" in key areas of the film, television, cultural and entertainment industry. We welcome your continued attention.