The $1.8 trillion question: How to audit Chinese companies

DiDi is just the latest flashpoint in a long-running dispute between Chinese and American securities regulators over reviewing the work of auditors who scrutinize public-company financial statements.

The Hong Kong skyline

Hong Kong has long been a center of audit work for Greater China. American officials say they don't have access to audit firms' reports.

Photo: Thom Masat/Unsplash

DiDi's stumbling debut on the American stock markets highlights a long-running, transnational battle that hasn't drawn much attention outside the green-eyeshade set — but could prove critical for Chinese companies seeking to tap U.S. capital markets and American investors hoping to bet on the growth of China's tech sector.

For years, regulators have sought more and better financial data on Chinese companies. The Sarbanes-Oxley Act of 2002 requires the Public Company Accounting Oversight Board, a nonprofit overseen by the Securities and Exchange Commission, to review the work of firms auditing public companies. But China has not allowed this to happen, American officials say.

Much is at stake. Chinese companies that trade on U.S. exchanges via American depositary shares are worth nearly $1.8 trillion. Chinese firms have raised more than $76 billion over the last decade, and 37 companies have listed in the U.S. this year alone, raising $12.9 billion, according to Bloomberg data.

While Chinese companies listing in the U.S. have auditors, they are often based overseas. What standards do they meet? The PCAOB, whose budget and standards are set by the SEC, doesn't know, since it hasn't been able to inspect any auditor's work in China satisfactorily since 2007.

Concerns about the quality of audits aren't theoretical: Sound financial reporting undergirds the safety of American stock markets — the liquidity and high reputation Chinese companies have pursued by listing their shares abroad. Luckin Coffee, which listed its shares on the Nasdaq in May 2019, paid a $180 million fine to the SEC in December to settle charges it fabricated $300 million in revenue.

Many auditors in China lack strong incentives to provide accurate audits of companies, said Anne Stevenson-Yang, co-founder and research director at J Capital Research. "The auditors are paid by companies they audit," she said. "Of course they have a disincentive to say negative things."

American securities regulators have complained about the lack of access to Chinese audits going back a decade or more. But things came to a boil in December, when President Donald Trump signed the Holding Foreign Companies Accountable Act.

That law requires the SEC delist publicly-traded companies that hire accounting firms the PCAOB cannot oversee, after the accounting board has been unable to inspect the firms' work for three consecutive years. That would affect DiDi and a number of other Chinese companies, though not until 2024 at the earliest. DiDi warned investors in its prospectus about potential delisting under the act if the PCAOB can't inspect it.

The bill also requires additional disclosures in SEC filings, including any ownership by government entities and the presence of Chinese Communist Party officials on a company's board.

In March, the PCAOB revealed that it lacked access to audits of more than 200 companies based in China and Hong Kong.

But Beijing wants Chinese companies to tighten up disclosures of information to entities abroad. The new Data Security Law passed in June bans companies from sharing information to overseas law enforcement and regulators without approval. And following the DiDi debacle, Chinese securities regulators are considering a change that would allow them to block a Chinese company from listing overseas — even if it's technically incorporated outside of China using a structure known as a variable interest entity, or VIE. DiDi used a VIE called Xiaoju Kuaizhi to go public; Alibaba, the most valuable Chinese tech company traded in the U.S., listed shares using a VIE; and the structure's use by Chinese tech firms dates back to Sina Corp's listing on the Nasdaq in 2000.

Congress could go further in restricting Chinese listings. In May, Sens. Marco Rubio and Bob Casey introduced a bill to prohibit IPOs on U.S. exchanges for Chinese companies not complying with U.S. regulations, specifically citing lack of PCAOB access to audits as an issue that would block a listing and citing the Luckin fraud incident. In June, Rubio called for the SEC to block the IPO of DiDi because it did not have the same auditing oversight of U.S. companies.

This impasse has stretched on for years. In 2011, Chinese and American regulators met for a symposium on audit cooperation, and the next year, China agreed to "observational visits" by the PCAOB. In 2013, the PCAOB signed a memorandum of understanding with Chinese officials.

The board now says the 2013 MOU isn't helping. "Chinese cooperation has not been sufficient for the PCAOB to obtain timely access to relevant documents and testimony necessary to carry out our mission," it writes.

For its part, the China Securities Regulatory Commission said in August, in response to a U.S. government report, that it's been "showing full sincerity of cooperation."

"It should be noted that the Chinese side has never prohibited or prevented relevant accounting firms from providing audit working papers to overseas regulators," Chinese officials wrote. The agency said in December that the Holding Foreign Companies Accountable Act's disclosure provisions were "obviously discriminatory."

In January, the NYSE was caught in a crossfire from Trump administration officials over delisting three Chinese companies: China Telecom, China Mobile and China Unicom. While that debate was over purported connections to the Chinese military, it highlighted the growing geopolitical risks of cross-border listings.

Beijing wants to maintain as much control of Chinese companies as possible and deems audit records state secrets, said Stevenson-Yang of J Capital.

Initially, gaining lucrative access to capital markets appealed to Beijing, but when capital started to flow outwards in 2015, everything changed, she said. "As money became more demanding, Chinese authorities said, 'We can get money within China. Why don't we do that instead?'"


How I decided to leave the US and pursue a tech career in Europe

Melissa Di Donato moved to Europe to broaden her technology experience with a different market perspective. She planned to stay two years. Seventeen years later, she remains in London as CEO of Suse.

“It was a hard go for me in the beginning. I was entering inside of a company that had been very traditional in a sense.”

Photo: Suse

Click banner image for more How I decided seriesA native New Yorker, Melissa Di Donato made a life-changing decision back in 2005 when she packed up for Europe to further her career in technology. Then with IBM, she made London her new home base.

Today, Di Donato is CEO of Germany’s Suse, now a 30-year-old, open-source enterprise software company that specializes in Linux operating systems, container management, storage, and edge computing. As the company’s first female leader, she has led Suse through the coronavirus pandemic, a 2021 IPO on the Frankfurt Stock Exchange, and the acquisitions of Kubernetes management startup Rancher Labs and container security company NeuVector.

Keep Reading Show less
Donna Goodison

Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.

Sponsored Content

Great products are built on strong patents

Experts say robust intellectual property protection is essential to ensure the long-term R&D required to innovate and maintain America's technology leadership.

Every great tech product that you rely on each day, from the smartphone in your pocket to your music streaming service and navigational system in the car, shares one important thing: part of its innovative design is protected by intellectual property (IP) laws.

From 5G to artificial intelligence, IP protection offers a powerful incentive for researchers to create ground-breaking products, and governmental leaders say its protection is an essential part of maintaining US technology leadership. To quote Secretary of Commerce Gina Raimondo: "intellectual property protection is vital for American innovation and entrepreneurship.”

Keep Reading Show less
James Daly
James Daly has a deep knowledge of creating brand voice identity, including understanding various audiences and targeting messaging accordingly. He enjoys commissioning, editing, writing, and business development, particularly in launching new ventures and building passionate audiences. Daly has led teams large and small to multiple awards and quantifiable success through a strategy built on teamwork, passion, fact-checking, intelligence, analytics, and audience growth while meeting budget goals and production deadlines in fast-paced environments. Daly is the Editorial Director of 2030 Media and a contributor at Wired.

UiPath had a rocky few years. Rob Enslin wants to turn it around.

Protocol caught up with Enslin, named earlier this year as UiPath’s co-CEO, to discuss why he left Google Cloud, the untapped potential of robotic-process automation, and how he plans to lead alongside founder Daniel Dines.

Rob Enslin, UiPath's co-CEO, chats with Protocol about the company's future.

Photo: UiPath

UiPath has had a shaky history.

The company, which helps companies automate business processes, went public in 2021 at a valuation of more than $30 billion, but now the company’s market capitalization is only around $7 billion. To add insult to injury, UiPath laid off 5% of its staff in June and then lowered its full-year guidance for fiscal year 2023 just months later, tanking its stock by 15%.

Keep Reading Show less
Aisha Counts

Aisha Counts (@aishacounts) is a reporter at Protocol covering enterprise software. Formerly, she was a management consultant for EY. She's based in Los Angeles and can be reached at


Figma CPO: We can do more with Adobe

Yuhki Yamashita thinks Figma might tackle video or 3D objects someday.

Figman CPO Yuhki Yamashita told Protocol about Adobe's acquisition of the company.

Photo: Figma

Figma CPO Yuhki Yamashita’s first design gig was at The Harvard Crimson, waiting for writers to file their stories so he could lay them out in Adobe InDesign. Given his interest in computer science, pursuing UX design became the clear move. He worked on Outlook at Microsoft, YouTube at Google, and user experience at Uber, where he was a very early user of Figma. In 2019, he became a VP of product at Figma; this past June, he became CPO.

“Design has been really near and dear to my heart, which is why when this opportunity came along to join Figma and rethink design, it was such an obvious opportunity,” Yamashita said.

Keep Reading Show less
Lizzy Lawrence

Lizzy Lawrence ( @LizzyLaw_) is a reporter at Protocol, covering tools and productivity in the workplace. She's a recent graduate of the University of Michigan, where she studied sociology and international studies. She served as editor in chief of The Michigan Daily, her school's independent newspaper. She's based in D.C., and can be reached at


Microsoft lays out its climate advocacy goals

The tech giant has staked out exactly what kind of policies it will support to decarbonize the world and clean up the grid.

Microsoft published two briefs explaining what new climate policies it will advocate for.

Photo by Jeremy Bezanger on Unsplash

The tech industry has no shortage of climate goals, but they’ll be very hard to achieve without the help of sound public policy.

Microsoft published two new briefs on Sept. 22 explaining what policies it will advocate for in the realm of reducing carbon and cleaning up the grid. With policymakers in the U.S. and around the world beginning to weigh more stringent climate policies (or in the U.S.’s case, any serious climate policies at all), the briefs will offer a measuring stick for whether Microsoft is living up to its ideals.

Keep Reading Show less
Brian Kahn

Brian ( @blkahn) is Protocol's climate editor. Previously, he was the managing editor and founding senior writer at Earther, Gizmodo's climate site, where he covered everything from the weather to Big Oil's influence on politics. He also reported for Climate Central and the Wall Street Journal. In the even more distant past, he led sleigh rides to visit a herd of 7,000 elk and boat tours on the deepest lake in the U.S.

Latest Stories