With recent developments in Hong Kong and an escalating trade war between the U.S. and China, boardrooms and CEOs need to take a close look at the risks of doing business in and with China. This article identifies five key areas of concern: supply chains, sales, exposure to legal changes, collaboration with Chinese companies, and digital security. Boards need to ask about these areas to properly understand how vulnerable they are to changes in U.S.-China relations.
U.S.-China relations have not been so tense since before President Jimmy Carter and Chinese leader Deng Xiaoping agreed to exchange ambassadors in 1979. Attitudes have hardened especially in the last two months, in part because of the Covid-19 pandemic, and in part because of the troubling developments in Hong Kong. Some voices in the Washington establishment are even advocating a “decoupling” of the deep, complex business connections between the two countries that have been built up over decades.
Because many U.S. companies give their China operations a large measure of autonomy, top management and boards often do not have a good grasp of the risks they face. Based on a review of 75 confidential board assessments conducted over the past 15 years, we can report that almost no board possesses a complete picture of its company’s operations in Greater China, including Hong Kong. Management may make presentations about international sales in general, but very few details about China surface at the board level.
When business was prospering in China, boards could afford to turn a blind eye to the details. But that’s a mistake now, given the impending storm clouds. Disruptions in their access to the Chinese market or in their supply chains and procurement channels would spell disaster for many companies, including household names such as General Motors, Apple, and Intel.
To understand their China risks, U.S. executives and boards need to start a discussion. As we see it, the agenda should include the following five questions:
Are we too dependent on Chinese supply chains?
There has been a great deal of talk about reducing U.S. dependence on China That’s why some companies have moved some of their production to Vietnam or Mexico. But these have been relatively small in scale and significant moves to “re-shore” manufacturing from China to the United States would be expensive and difficult, partly because of a shortage of skilled manufacturing workers in the United States. Any such move also would risk backlash from Chinese authorities.
What’s more, China has cornered the market in many critical components. As New York Gov. Andrew Cuomo found in seeking to respond to the Covid-19 pandemic, crucial reagents for testing kits come from only one place: China. Certain kinds of masks and protective gear come from only one place: China. Nearly every computer and smart phone in use in the United States comes from China or at least has some component in it that is manufactured in China.
Perhaps even more seriously, China dominates production of many of the critical raw materials that go into the products of the new economy – from smartphones to wind turbines. These include critical “rare earth minerals” like yttrium (used for charging electronic devices like smartphones), cerium and lanthanum (used for touch screens), and neodymium (used in electric car batteries).
Are we too dependent on sales to China?
If a company has a significant percentage of its sales in China, say 10–20%, it obviously is going to fight, on all levels, to maintain those sales. In many cases that will mean the company cannot maintain critical distance from the Chinese government.
But closeness to the Chinese government could create problems elsewhere, including the domestic U.S. market. “Do CEOs and boards really want to help the Chinese smother Hong Kong, erase Xinjiang and Tibet and sink all the non-Chinese fishermen in the South China Sea?” asks Clyde Prestowitz, author of the forthcoming book, The World Turned Upside Down: China, America and the Struggle for Global Leadership. “At some point, it seems to me, that kind of acquiescence is bound to look pretty bad.”
The risk is especially serious for companies like American semiconductor manufacturer Nvidia, which provides products used in facial recognition technology that could be used by the Chinese government to enable human rights violations.
What is our exposure to legal changes in Hong Kong?
China is signaling that it intends to introduce its own version of justice in the former British colony, which hosts the Asian regional headquarters for many American companies. Tens of thousands of Americans live there. Hong Kong is critically important for many U.S. companies because of their partnerships and relationships with Hong Kong Chinese players, who help them navigate their way in China itself. Some companies have located IP and other sensitive financial and legal functions in Hong Kong, in large part because Hong Kong law affords businesses stronger legal protection and property rights, which could be compromised.
If the legal system in Hong Kong deteriorates, as seems inevitable, a financial analyst working in Hong Kong for a Wall Street firm might come under pressure from mainland authorities for writing a negative research report about a Chinese state-owned enterprise. International companies could be also be pressured to make management changes, of the sort already imposed on some Hong Kong corporations; last year the Chinese government forced the ouster of two senior executives of Cathay Pacific airlines for issues related to support of the pro-democracy by Cathay employees.
The possibility also looms that Hong Kong Chinese, Chinese, or even Chinese Americans working for U.S. companies in Hong Kong could be detained or arrested. “The people of Hong Kong should prepare to cope with the varieties of arbitrary detention that have been inflicted on compatriots elsewhere in China,” Jerome Cohen, director of the U.S.-Asia Law Institute at New York University, recently wrote.
Finally, if the Trump administration concludes, as the president has announced, that Hong Kong no longer has a high degree of autonomy from China, then the U.S. Congress may withdraw the island’s current special status as a privileged trading partner. This would mean, amongst many other things, that tech exports from the United States, which now flow freely to Hong Kong, would be subjected to the same export controls as on goods shipped to China and the Hong Kong dollar would no longer be pegged to the U.S. dollar. Depending on the details of what Congress and the Administration enact, U.S. travelers to Hong Kong might also require visas, which they currently do not.
How much should we collaborate with Chinese companies?
In the open international research environment that American scientists cherish, U.S.-based researchers often collaborate remotely with Chinese counterparts. That could prove problematic, because the findings and insights they share may go further than their research partners in view of the Chinese government’s civil-military “fusion.”
“Should American researchers be working with Chinese researchers on such technologies as facial recognition technology in low-light environments?” Samm Sacks, a senior fellow at Yale Law School’s Paul Tsai China Center and a cybersecurity policy fellow at New America, asked on a recent Zoom call sponsored by the U.S.-Asia Law Institute. “I think probably not … How do you know that your technology is not being used, even indirectly, to incarcerate hundreds of thousands of Uighurs?”
China also has a track record of research espionage: the Ministry of State Security is known to have targeted Chinese and Chinese-American employees at U.S. companies to obtain access to their technology or to penetrate their companies’ decision-making process. American law obviously prevents companies from discriminating against people on the basis of their ethnicity, but there are policies and procedures that can be put in place to better safeguard IP and key decisions. One practical but costly step would be asking all employees to disclose international travel, disclose other sources of income and reveal contacts with foreign governments.
How secure are our company’s IT systems?
It’s not just approaches to their people that companies have to watch for. In 2018, Bloomberg Businessweek published an article revealing that China’s People’s Liberation Army had covertly installed microchips in components that had been sourced from China for use in IT products used by many companies internally, including Apple, which vehemently disputed the report.
China’s software hacking capabilities are also highly sophisticated, as evidenced by the work of the state-sponsored APT10 group in Tianjin (APT stands for Advanced Persistent Threat), which was able to penetrate American cloud computing systems and remain inside them for four years, as disclosed by the Department of Justice in December 2018.
APT10, which federal officials said was acting in concert with the Chinese government, was able to penetrate the systems of dozens of companies and government agencies in at least 12 countries, as documented in a book recently published by one us (Holstein), The New Art of War: China’s Deep Strategy Inside the United States. Other recent disclosures suggest that government-affiliated groups in China have developed malware that can be attached to Microsoft Word documents and is virtually undetectable.
Our confidential soundings suggest that some chief executive officers and their chief information officers have either chosen not to discover Chinese bugs or hackers or have been willing to accept the possibility that their systems have been compromised. The reason is that proofing their IT systems against intruders would cost millions of dollars and detract from short-term earnings. And if any breaches were to be disclosed publicly, that might irritate the Chinese government and call into question a company’s continued access to the Chinese market.
Responding to these issues will require sustained, structured discussions between entire boards and top managements. No single board committee can carry the full load. The issues extend beyond the ability of an audit committee, whose job is to focus on the numbers, which is only one part of the overall challenge. Human resource committees also need to be part of the equation to respond to the espionage risk. Compensation committees need to find creative ways of retaining top managers if quarterly and annual earnings begin to suffer. The discussions will also need to be held under the tightest security. Zoom calls are not a good idea. The goal should be to identify and manage issues before they explode into the public domain.