Source Code: Your daily look at what matters in tech.

fintechfintechauthorTomio GeronNoneAre you keeping up with the latest fintech developments? Get Tomio Geron and Ben Pimental's newsletter every Tuesday and Friday.f6ea366a38

Get access to Protocol

Your information will be used in accordance with our Privacy Policy

I’m already a subscriber

The $1.8 trillion question: How to audit Chinese companies

DiDi is just the latest flashpoint in a long-running dispute between Chinese and American securities regulators over reviewing the work of auditors who scrutinize public-company financial statements.

The Hong Kong skyline

Hong Kong has long been a center of audit work for Greater China. American officials say they don't have access to audit firms' reports.

Photo: Thom Masat/Unsplash

DiDi's stumbling debut on the American stock markets highlights a long-running, transnational battle that hasn't drawn much attention outside the green-eyeshade set — but could prove critical for Chinese companies seeking to tap U.S. capital markets and American investors hoping to bet on the growth of China's tech sector.

For years, regulators have sought more and better financial data on Chinese companies. The Sarbanes-Oxley Act of 2002 requires the Public Company Accounting Oversight Board, a nonprofit overseen by the Securities and Exchange Commission, to review the work of firms auditing public companies. But China has not allowed this to happen, American officials say.

Much is at stake. Chinese companies that trade on U.S. exchanges via American depositary shares are worth nearly $1.8 trillion. Chinese firms have raised more than $76 billion over the last decade, and 37 companies have listed in the U.S. this year alone, raising $12.9 billion, according to Bloomberg data.

While Chinese companies listing in the U.S. have auditors, they are often based overseas. What standards do they meet? The PCAOB, whose budget and standards are set by the SEC, doesn't know, since it hasn't been able to inspect any auditor's work in China satisfactorily since 2007.

Concerns about the quality of audits aren't theoretical: Sound financial reporting undergirds the safety of American stock markets — the liquidity and high reputation Chinese companies have pursued by listing their shares abroad. Luckin Coffee, which listed its shares on the Nasdaq in May 2019, paid a $180 million fine to the SEC in December to settle charges it fabricated $300 million in revenue.

Many auditors in China lack strong incentives to provide accurate audits of companies, said Anne Stevenson-Yang, co-founder and research director at J Capital Research. "The auditors are paid by companies they audit," she said. "Of course they have a disincentive to say negative things."

American securities regulators have complained about the lack of access to Chinese audits going back a decade or more. But things came to a boil in December, when President Donald Trump signed the Holding Foreign Companies Accountable Act.

That law requires the SEC delist publicly-traded companies that hire accounting firms the PCAOB cannot oversee, after the accounting board has been unable to inspect the firms' work for three consecutive years. That would affect DiDi and a number of other Chinese companies, though not until 2024 at the earliest. DiDi warned investors in its prospectus about potential delisting under the act if the PCAOB can't inspect it.

The bill also requires additional disclosures in SEC filings, including any ownership by government entities and the presence of Chinese Communist Party officials on a company's board.

In March, the PCAOB revealed that it lacked access to audits of more than 200 companies based in China and Hong Kong.

But Beijing wants Chinese companies to tighten up disclosures of information to entities abroad. The new Data Security Law passed in June bans companies from sharing information to overseas law enforcement and regulators without approval. And following the DiDi debacle, Chinese securities regulators are considering a change that would allow them to block a Chinese company from listing overseas — even if it's technically incorporated outside of China using a structure known as a variable interest entity, or VIE. DiDi used a VIE called Xiaoju Kuaizhi to go public; Alibaba, the most valuable Chinese tech company traded in the U.S., listed shares using a VIE; and the structure's use by Chinese tech firms dates back to Sina Corp's listing on the Nasdaq in 2000.

Congress could go further in restricting Chinese listings. In May, Sens. Marco Rubio and Bob Casey introduced a bill to prohibit IPOs on U.S. exchanges for Chinese companies not complying with U.S. regulations, specifically citing lack of PCAOB access to audits as an issue that would block a listing and citing the Luckin fraud incident. In June, Rubio called for the SEC to block the IPO of DiDi because it did not have the same auditing oversight of U.S. companies.

This impasse has stretched on for years. In 2011, Chinese and American regulators met for a symposium on audit cooperation, and the next year, China agreed to "observational visits" by the PCAOB. In 2013, the PCAOB signed a memorandum of understanding with Chinese officials.

The board now says the 2013 MOU isn't helping. "Chinese cooperation has not been sufficient for the PCAOB to obtain timely access to relevant documents and testimony necessary to carry out our mission," it writes.

For its part, the China Securities Regulatory Commission said in August, in response to a U.S. government report, that it's been "showing full sincerity of cooperation."

"It should be noted that the Chinese side has never prohibited or prevented relevant accounting firms from providing audit working papers to overseas regulators," Chinese officials wrote. The agency said in December that the Holding Foreign Companies Accountable Act's disclosure provisions were "obviously discriminatory."

In January, the NYSE was caught in a crossfire from Trump administration officials over delisting three Chinese companies: China Telecom, China Mobile and China Unicom. While that debate was over purported connections to the Chinese military, it highlighted the growing geopolitical risks of cross-border listings.

Beijing wants to maintain as much control of Chinese companies as possible and deems audit records state secrets, said Stevenson-Yang of J Capital.

Initially, gaining lucrative access to capital markets appealed to Beijing, but when capital started to flow outwards in 2015, everything changed, she said. "As money became more demanding, Chinese authorities said, 'We can get money within China. Why don't we do that instead?'"

Protocol | Fintech

Amazon wants a crypto play. Its history in payments is not encouraging.

It missed chances to be PayPal, Square and Stripe — so is this its chance to miss being Coinbase, too?

Amazon wants to be a crypto player.

Image: NurPhoto/Getty Images

The news that Amazon was hiring a lead for a new digital currency and blockchain initiative sent the price of bitcoin soaring. But there's another way to look at the news that's less bullish on bitcoin and bearish on Amazon: 13 years after Satoshi Nakamoto's whitepaper appeared on the internet, Amazon is just discovering cryptocurrency?

That may be a bit unkind, but the truth is sometimes unkind. And the reality is that Amazon has a long history of stumbles and missed opportunities in payments, which goes back more than two decades to the company's purchase of internet payments startup

Keep Reading Show less
Owen Thomas

Owen Thomas is a senior editor at Protocol overseeing venture capital and financial technology coverage. He was previously business editor at the San Francisco Chronicle and before that editor-in-chief at ReadWrite, a technology news site. You're probably going to remind him that he was managing editor at Valleywag, Gawker Media's Silicon Valley gossip rag. He lives in San Francisco with his husband and Ramona the Love Terrier, whom you should follow on Instagram.

Over the last year, financial institutions have experienced unprecedented demand from their customers for exposure to cryptocurrency, and we've seen an inflow of institutional dollars driving bitcoin and other cryptocurrencies to record prices. Some banks have already launched cryptocurrency programs, but many more are evaluating the market.

That's why we've created the Crypto Maturity Model: an iterative roadmap for cryptocurrency product rollout, enabling financial institutions to evaluate market opportunities while addressing compliance requirements.

Keep Reading Show less
Caitlin Barnett, Chainanalysis
Caitlin’s legal and compliance experience encompasses both cryptocurrency and traditional finance. As Director of Regulation and Compliance at Chainalysis, she helps leading financial institutions strategize and build compliance programs in order to adopt cryptocurrencies and offer new products to their customers. In addition, Caitlin helps facilitate dialogue with regulators and the industry on key policy issues within the cryptocurrency industry.
Protocol | Enterprise

How Google Cloud plans to kill its ‘Killed By Google’ reputation

Under the new Google Enterprise APIs policy, the company is making a promise that its services will remain available and stable far into the future.

Google Cloud CEO Thomas Kurian has promised to make the company more customer-friendly.

Photo: Michael Short/Bloomberg via Getty Images 2019

Google Cloud issued a promise Monday to current and potential customers that it's safe to build a business around its core technologies, another step in its transformation from an engineering playground to a true enterprise tech vendor.

Starting Monday, Google will designate a subset of APIs across the company as Google Enterprise APIs, including APIs from Google Cloud, Google Workspace and Google Maps. APIs selected for this category — which will include "a majority" of Google Cloud APIs according to Kripa Krishnan, vice president at Google Cloud — will be subject to strict guidelines regarding any changes that could affect customer software built around those APIs.

Keep Reading Show less
Tom Krazit

Tom Krazit ( @tomkrazit) is Protocol's enterprise editor, covering cloud computing and enterprise technology out of the Pacific Northwest. He has written and edited stories about the technology industry for almost two decades for publications such as IDG, CNET, paidContent, and GeekWire, and served as executive editor of Gigaom and Structure.

Amazon job opening points to plan to accept crypto payments

The news sparked a rally in the values of bitcoin and other cryptocurrencies.

Amazon may be planning to let customers pay for orders with cryptocurrencies.

Photo: David Ryder/Getty Images

Amazon is looking to hire a digital currency and blockchain expert suggesting a plan to let customers accept cryptocurrencies as payments.

The tech giant's job opening says Amazon is looking for "an experienced product leader" to help develop the company's "digital currency and blockchain strategy and roadmap" Amazon is looking for product leader with expertise in blockchain, distributed ledger, central bank digital currencies and cryptocurrency.

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at or via Signal at (510)731-8429.

Protocol | Policy

Big Tech tried to redefine terrorism online. It got messy fast.

The Global Internet Forum to Counter Terrorism announced a series of narrow steps it's taking that underscore just how fraught the job of classifying terror online really is.

Erin Saltman is GIFCT's director of programming.

Photo: Paul Morigi/Flickr

A little over a month after the Jan. 6 riot, the tech industry's leading anti-terrorism alliance — a group founded by Facebook, YouTube, Microsoft and Twitter — announced it was seeking ideas for how it could expand its definition of terrorism, which had for years been more or less synonymous with Islamic terrorism. The group, called the Global Internet Forum to Counter Terrorism or GIFCT, had been considering such a shift for at least a year, but the rising threat of domestic extremism, punctuated by the Capitol uprising, made it all the more clear something needed to change.

But after months of interviewing member companies, months of considering academic proposals and months spent mulling the impact of tech platforms on this and other violent events around the world, the group's policies have barely budged. On Monday, in a 177-page report, GIFCT released the first details of its plan, and, well, a radical rethinking of online extremism it is not. Instead, the report lays out a series of narrow steps that underscore just how fraught the job of classifying terror online really is.

Keep Reading Show less
Issie Lapowsky

Issie Lapowsky ( @issielapowsky) is Protocol's chief correspondent, covering the intersection of technology, politics, and national affairs. She also oversees Protocol's fellowship program. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University's Center for Publishing on how tech giants have affected publishing.

Latest Stories