China’s State Secret Laws: Avoiding Liability in Cross Border Litigation and Investigations

by Dechert LLP

When complying with discovery obligations in cross border litigation or responding to document production requests from overseas regulators, multi-nationals operating in China have to comply with China’s state secret laws that prohibit the unauthorized export of China’s state secrets. Recent cases in the United States and Hong Kong have shown that companies faced with document production requests will not be able to successfully refuse production on the grounds of potential exposure under China’s state secret laws. Rather, as this OnPoint explains, multi-nationals facing such obligations have to proactively review the relevant documents for state secret information and exclude only the documents that contain state secret information from production.

China’s State Secret Laws

The difficulty in assessing whether documents include state secret information arises from the broad and ambiguous definition in the applicable laws. The Guarding State Secrets Law (State Secrets Law) defines state secrets as “matters which have a vital bearing on state security and national interests and which are entrusted to a limited number of people for a given period of time” and prohibits acts such as illegal acquisitions, unsecure transfers through the internet or exports of state secrets out of China. In addition to the broad definition referred to above, the State Secrets Law also includes a catch-all provision that defines state secrets as “[o]ther matters that are classified as state secrets by the National Administration for Protection of State Secrets.” The State Secrets Law creates criminal responsibility (including imprisonment on conviction) for individuals involved in the prohibited acts.

Recent Cases Involving Document Production Request by Overseas Regulators

In 2011 and 2012, the Securities Exchange Commission (SEC) requested audit work papers and related documents from several accounting firms in connection with securities fraud investigations commenced by the SEC against ten U.S. issuers whose operations were principally based in China. The accounting firms concerned refused production citing, inter alia, China’s applicable state secret laws as grounds for the refusal. The SEC responded by commencing administrative proceedings against the accounting firms in 2012.

In May 2013, the Public Company Accounting Oversight Board (PCAOB) in the United States, the China Security Regulatory Commission (CSRC) and the Ministry of Finance of China signed a Memorandum of Understanding (MOU) that provides for a mechanism by which the PCAOB or the CSRC can request audit work papers and other relevant documents from each other during the course of their respective investigations. Under the MOU, the government agencies agreed to provide timely support for document requests with only a limited scope to refuse such requests (e.g. based on ground of public interest or essential national interests). Documents obtained through document requests under the MOU can be shared with the relevant government agencies (e.g. the Department of Justice and the SEC in the United States) for investigative purposes.

Shortly after the MOU was signed, the CSRC notified the accounting firms of a new procedure, approved by China’s State Council, which would apply to the screening of audit work papers for state secrets (and other sensitive information). The accounting firms must adhere to this procedure once the CSRC receives a request for documents under the MOU. The procedure requires inter alia the following steps:

  • accounting firms must screen the relevant documents and redact or remove all state secrets or any other sensitive information;
  • accounting firms must engage external law firms (qualified in China) to certify that the screening was done correctly; and
  • accounting firms must ask their clients to certify that the accounting firms’ work is proper.

After screening the requested documents in accordance with the procedure set out above, the accounting firms have to produce the documents to the CSRC, which in turn would hand them on to the regulator in the United States.

Notwithstanding the MOU and the procedures outlined above, it is evident from two recent cases that the SEC is taking the view that the accounting firms remain ultimately responsible for making the requested documents available whether directly to the SEC or indirectly through the CSRC. In both cases, the SEC continued actions it commenced against the accounting firms even though steps had been undertaken to obtain the requested documents via the CSRC. As one of the cases demonstrates, the SEC will only discontinue its actions after it obtains the relevant documents and assurances that the involved accounting firms will cooperate fully with the CSRC in future production requests.

In the administrative proceedings against the accounting firms referred to above, the SEC continued its action despite the CSRC having become involved in facilitating the production of documents requested under the MOU. The action resulted in an SEC administrative law judge censuring four Chinese subsidiaries of the accounting firms for failing to produce the relevant documents, and denying them the privilege of practicing and appearing before the SEC for six months. This means that the four subsidiaries are effectively barred from auditing companies listed in the United States for a six-month period. The accounting firms have petitioned for a review of the 22 January 2014 decision and filed a motion to adduce further evidence in support of their arguments that the production of documents by the CSRC under the MOU is an alternative means of production that satisfies the accounting firms’ production obligation. Recent filings reveal that the SEC and the accounting firms are currently in settlement discussions.

In a subpoena enforcement action commenced by the SEC against an accounting firm in the U.S. District Court for the District of Columbia that contains similar facts to the SEC’s case against the accounting firms referred to above, a joint motion to dismiss the action was only filed on 27 January 2014 after the SEC received most of the documents requested through the CSRC via the procedure set up under the MOU and obtained an assurance from the accounting firm of its continued cooperation with the CSRC in relation to future production requests in that matter.

The U.S. regulators are not alone in pushing back on refusals to disclose documents on grounds of potential exposure under China’s state secret laws. On 23 May 2014, the Hong Kong Court of First Instance ordered an accounting firm to comply with a request from Hong Kong’s Securities and Futures Commission for the audit work papers and other documents of one of the accounting firm’s Chinese clients on grounds that it had no reasonable excuse (the applicable test) to withhold the requested documents. The court rejected the accounting firm’s arguments that the requested documents could contain state secrets and would put the accounting firm at risk of violating China’s state secret laws. In doing so, the court held that whether the audit work papers at issue constituted state secrets within the definition in China’s applicable laws was a factual question that was entirely dependent on the contents of the audit work papers. As neither the Court nor the expert witnesses in the case had been shown the audit work papers, the accounting firm was unable to establish that the audit work papers contained state secrets that precluded their transmission to Hong Kong.

The U.S. and Hong Kong cases illustrate that accounting firms cannot successfully resist production requests for audit work papers of their Chinese subsidiaries by pointing to their potential exposure under China’s state secret laws. Instead, the accounting firms must proactively undertake steps to review the audit work papers and any other information requested by an overseas regulator and identify any state secret information within such documents. Additionally, even if overseas regulators like the SEC request audit work papers through official channels (e.g. under the MOU), the accounting firms will still be responsible under the protocol set up by the CSRC for screening the relevant documents and identifying and redacting state secret information before turning the relevant documents over to the CSRC.

Avoiding Liability in Cross Border Litigation and Investigations

While the cases cited above are specifically targeted at the audit work papers of accounting firms operating in China, similar challenges could arise when multi-national companies face discovery obligations in cross-border litigation and/or document production requests from foreign regulators in regulatory investigations.

In order to avoid the dilemma of either facing liability under the applicable state secret laws or being subject to enforcement actions by overseas regulators and adverse findings in courts for failing to produce documents, multi-nationals have to proactively manage their data in China, particularly whenever they are faced with a potential export of such data from China. For that purpose, it is important for multi-nationals to “know” their data, identifying those that contain state secret information and those that do not. Multi-nationals that interact frequently with the government during the course of their business operations in China or that do business with state-owned enterprises (SOEs) face a higher risk under China’s state secret laws as they may have come into possession of state secret information during the course of these interactions. Information on strategic industries such as natural resources, energy, military or defense is also in the higher risk category of information. For example, a database of onshore oil and gas wells in China has been found to contain state secret information. Any commercially sensitive information obtained from domestic enterprises, and particularly SOEs, could potentially be regarded as state secret information (e.g. information on pricing strategies of a particular industry).

When faced with a discovery obligation or a request for production of data located in China, we recommend the following steps:

  • Where an overseas regulator has issued the request for production, inform the regulator at the outset of the potential state secret risks and the steps that will be taken to comply with the production request and China’s state secret laws.
  • Review the relevant data in China as early as possible to identify whether they include potentially state secret information.
  • Where potentially state secret information is identified, retain legal counsel to verify and confirm such findings. If necessary, involve the relevant Chinese government authorities (e.g. the CSRC) in the verification process.
  • If the findings are confirmed, exclude the data from production or redact the data as necessary. Communicate the exclusion or redaction to the requesting party as early as possible.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Dechert LLP | Attorney Advertising

Written by:

Dechert LLP

Dechert LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.