legal-compliance

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Legal & Compliance Expert

法律与合规专家

Comprehensive legal frameworks for governance, contracts, regulatory compliance, and risk management.

提供涵盖公司治理、合同管理、合规监管及风险管理的全面法律框架。

Corporate Governance

公司治理

Board Structure & Responsibilities

董事会结构与职责

BOARD COMPOSITION:
- Independent directors (majority required for NYSE/NASDAQ)
- Lead independent director
- Committee structure
- Board diversity requirements
- Skills matrix

KEY COMMITTEES:
1. Audit Committee (all independent)
2. Compensation Committee (all independent)
3. Nominating/Governance Committee (all independent)
4. Risk Committee (financial institutions)

BOARD COMPOSITION:
- 独立董事（纽交所/纳斯达克要求占多数）
- 首席独立董事
- 委员会架构
- 董事会多元化要求
- 技能矩阵

KEY COMMITTEES:
1. 审计委员会（全部由独立董事组成）
2. 薪酬委员会（全部由独立董事组成）
3. 提名/治理委员会（全部由独立董事组成）
4. 风险委员会（适用于金融机构）

Fiduciary Duties

信义义务

Duty	Definition	Key Considerations
Duty of Care	Act with reasonable prudence	Informed decisions, due diligence
Duty of Loyalty	Act in corporation's best interest	Avoid conflicts, corporate opportunity
Duty of Good Faith	Act honestly and fairly	No intentional harm, follow law
Duty of Disclosure	Full and fair disclosure	Material information, no omissions

职责	定义	核心考量
注意义务	以合理谨慎态度行事	决策需基于充分信息，尽到勤勉义务
忠实义务	以公司最佳利益为行动准则	避免利益冲突，不得侵占公司机会
善意义务	诚实公正行事	不得故意损害公司利益，遵守法律
披露义务	全面公正地披露信息	重大信息需披露，不得遗漏

Business Judgment Rule

商业判断规则

PROTECTION REQUIREMENTS:
1. Decision made in good faith
2. No personal interest in outcome
3. Reasonably informed decision
4. Rational belief action is in company's best interest

ENHANCED SCRUTINY (Revlon Duties):
- Triggered in change of control
- Duty to maximize shareholder value
- Active market check required

PROTECTION REQUIREMENTS:
1. 决策需基于善意作出
2. 决策结果与个人无利益关联
3. 决策需基于合理充分的信息
4. 理性相信该行动符合公司最佳利益

ENHANCED SCRUTINY (Revlon Duties):
- 控制权变更时触发
- 有义务最大化股东价值
- 需进行主动市场核查

Regulatory Compliance

合规监管

Sarbanes-Oxley (SOX) Compliance

Sarbanes-Oxley (SOX) 合规

KEY SECTIONS:

Section 302: CEO/CFO Certifications
- Certify financial statements
- Certify disclosure controls
- Report control deficiencies

Section 404: Internal Control Assessment
- Management assessment required
- External auditor attestation (accelerated filers)
- Material weakness disclosure

Section 906: Criminal Penalties
- Criminal certification of financial reports
- Up to $5M fine / 20 years imprisonment

COMPLIANCE FRAMEWORK:
- COSO Internal Control Framework
- Documentation of key controls
- Testing program (design + operating effectiveness)
- Deficiency evaluation process
- Remediation tracking

KEY SECTIONS:

Section 302: CEO/CFO认证
- 对财务报表进行认证
- 对披露控制进行认证
- 报告控制缺陷

Section 404: 内部控制评估
- 要求管理层进行评估
- 外部审计师需出具鉴证报告（适用于加速申报公司）
- 披露重大缺陷

Section 906: 刑事处罚
- 对财务报告进行刑事认证
- 最高可处500万美元罚款或20年监禁

COMPLIANCE FRAMEWORK:
- COSO内部控制框架
- 关键控制文档记录
- 测试计划（设计有效性+运行有效性）
- 缺陷评估流程
- 整改跟踪

GDPR Compliance

GDPR合规

Requirement	Description	Penalties
Lawful Basis	Consent, contract, legitimate interest	Up to 4% global revenue
Data Subject Rights	Access, rectification, erasure, portability	Up to 4% global revenue
Data Protection Officer	Required for large-scale processing	Administrative fines
Breach Notification	72 hours to authority, without undue delay to subjects	Up to 4% global revenue
Privacy by Design	Built-in privacy controls	Up to 4% global revenue
Data Processing Agreements	Required with all processors	Up to 2% global revenue

要求	说明	处罚
合法依据	同意、合同、合法利益	最高可达全球年收入的4%
数据主体权利	访问权、更正权、删除权、可携带权	最高可达全球年收入的4%
数据保护官	大规模数据处理场景下需设置	行政罚款
数据泄露通知	需在72小时内告知监管机构，无不当延迟地告知数据主体	最高可达全球年收入的4%
隐私设计	内置隐私控制措施	最高可达全球年收入的4%
数据处理协议	需与所有处理方签订	最高可达全球年收入的2%

HIPAA Compliance

HIPAA合规

PRIVACY RULE:
- Protected Health Information (PHI) protections
- Minimum necessary standard
- Patient rights (access, amendment)
- Business Associate Agreements

SECURITY RULE:
- Administrative safeguards
- Physical safeguards
- Technical safeguards
- Risk assessment requirement

BREACH NOTIFICATION:
- Individual notice within 60 days
- HHS notification (>500 individuals: immediate)
- Media notification if >500 in state

PENALTIES:
Tier 1: Unaware - $100-$50,000/violation
Tier 2: Reasonable cause - $1,000-$50,000/violation
Tier 3: Willful neglect (corrected) - $10,000-$50,000/violation
Tier 4: Willful neglect (uncorrected) - $50,000/violation

PRIVACY RULE:
- 受保护健康信息（PHI）保护
- 最小必要标准
- 患者权利（访问、修改）
- 业务伙伴协议

SECURITY RULE:
- 行政保障措施
- 物理保障措施
- 技术保障措施
- 风险评估要求

BREACH NOTIFICATION:
- 需在60天内通知个人
- 涉及500人以上时需立即通知HHS
- 涉及某州500人以上时需通知媒体

PENALTIES:
Tier 1: 无主观故意 - 每项违规100-50,000美元
Tier 2: 合理原因 - 每项违规1,000-50,000美元
Tier 3: 故意疏忽（已整改） - 每项违规10,000-50,000美元
Tier 4: 故意疏忽（未整改） - 每项违规50,000美元

Anti-Corruption (FCPA/UK Bribery Act)

反腐败（FCPA/英国贿赂法）

FCPA ELEMENTS:
Anti-Bribery:
- No payments to foreign officials
- For purpose of obtaining business
- Includes third-party payments

Books & Records:
- Accurate books and records
- Internal controls over assets
- Applies to all issuers

UK BRIBERY ACT:
- Broader than FCPA
- Includes commercial bribery
- Facilitation payments prohibited
- Adequate procedures defense

COMPLIANCE PROGRAM:
- Risk assessment by geography/business
- Third-party due diligence
- Training program
- Gift and hospitality policy
- M&A due diligence
- Reporting mechanism
- Audit and monitoring

FCPA要素:
反贿赂:
- 不得向外国官员支付款项
- 不得为获取商业利益而行贿
- 涵盖第三方付款

账簿与记录:
- 账簿和记录需准确
- 对资产的内部控制
- 适用于所有发行人

英国贿赂法:
- 范围比FCPA更广
- 涵盖商业贿赂
- 禁止便利付款
- 有充分程序抗辩权

合规计划:
- 按地域/业务进行风险评估
- 第三方尽职调查
- 培训计划
- 礼品与招待政策
- 并购尽职调查
- 举报机制
- 审计与监控

Contract Management

合同管理

Contract Review Checklist

合同审核清单

ESSENTIAL TERMS:
- [ ] Parties correctly identified
- [ ] Scope clearly defined
- [ ] Price/payment terms
- [ ] Term and termination rights
- [ ] Representations and warranties
- [ ] Limitation of liability
- [ ] Indemnification
- [ ] Insurance requirements
- [ ] Confidentiality
- [ ] IP ownership/license
- [ ] Governing law
- [ ] Dispute resolution
- [ ] Assignment restrictions
- [ ] Force majeure
- [ ] Notice provisions
- [ ] Entire agreement clause

核心条款:
- [ ] 各方主体识别正确
- [ ] 范围定义清晰
- [ ] 价格/付款条款
- [ ] 期限与终止权利
- [ ] 陈述与保证
- [ ] 责任限制
- [ ] 赔偿条款
- [ ] 保险要求
- [ ] 保密条款
- [ ] 知识产权所有权/许可
- [ ] 管辖法律
- [ ] 争议解决
- [ ] 转让限制
- [ ] 不可抗力
- [ ] 通知条款
- [ ] 完整协议条款

Key Contract Provisions

关键合同条款

Provision	Purpose	Negotiation Points
Limitation of Liability	Cap damages exposure	Direct vs. consequential, cap amount
Indemnification	Allocate third-party risk	Scope, procedure, caps
IP Ownership	Define ownership	Work product, background IP, licenses
Confidentiality	Protect information	Definition, term, exceptions
Termination	Exit rights	For cause vs. convenience, notice period
Warranties	Quality assurance	Scope, disclaimers, remedies

条款	目的	谈判要点
责任限制	限制赔偿暴露	直接损失与间接损失，赔偿上限
赔偿条款	分配第三方风险	范围、流程、上限
知识产权所有权	定义所有权归属	工作成果、背景知识产权、许可
保密条款	保护信息	定义、期限、例外情况
终止条款	退出权利	因违约终止与因便利终止，通知期限
保证条款	质量保证	范围、免责声明、救济措施

Contract Risk Matrix

合同风险矩阵

Risk Level	Contract Value	Approval Level
Low	< $100K	Department manager
Medium	$100K - $1M	Director/VP
High	$1M - $10M	SVP/EVP
Critical	> $10M	C-Suite/Board

风险等级	合同金额	审批层级
低	< 10万美元	部门经理
中	10万 - 100万美元	总监/副总裁
高	100万 - 1000万美元	高级副总裁/执行副总裁
关键	> 1000万美元	高管层/董事会

Intellectual Property

知识产权

IP Portfolio Management

知识产权组合管理

PATENT STRATEGY:
- Freedom to operate analysis
- Competitive patent landscape
- Filing strategy (utility, design, provisional)
- Geographic coverage
- Prosecution management
- Licensing opportunities
- Enforcement program

TRADEMARK STRATEGY:
- Brand clearance searches
- Registration program
- Monitoring and enforcement
- Domain name portfolio
- Social media handles

TRADE SECRET PROGRAM:
- Identification and classification
- Protection measures (physical, technical, contractual)
- Need-to-know access
- Exit interview protocols

专利策略:
- 自由实施分析
- 竞争专利格局
- 申请策略（实用专利、外观设计专利、临时申请）
- 地域覆盖
- 申请流程管理
- 许可机会
- 维权计划

商标策略:
- 品牌检索 clearance
- 注册计划
- 监控与维权
- 域名组合
- 社交媒体账号

商业秘密保护计划:
- 识别与分类
- 保护措施（物理、技术、合同）
- 按需访问
- 离职面谈流程

IP Due Diligence (M&A)

知识产权尽职调查（并购）

Area	Review Items
Patents	Ownership, encumbrances, validity, infringement claims
Trademarks	Registrations, common law rights, oppositions
Copyrights	Work for hire, assignments, licenses
Trade Secrets	Protection measures, potential misappropriation
Licenses	Inbound/outbound, change of control provisions
Litigation	Pending/threatened, settlements

领域	审核事项
专利	所有权、权利负担、有效性、侵权主张
商标	注册、普通法权利、异议
著作权	职务作品、转让、许可
商业秘密	保护措施、潜在侵权
许可协议	inbound/outbound许可，控制权变更条款
诉讼	待决/潜在诉讼、和解协议

Litigation Management

诉讼管理

Litigation Hold Process

诉讼保留流程

TRIGGER EVENTS:
- Receipt of complaint or demand letter
- Reasonable anticipation of litigation
- Government investigation notice
- Internal investigation findings

HOLD PROCESS:
1. Issue litigation hold notice
2. Identify custodians and data sources
3. Suspend routine destruction
4. Interview key custodians
5. Collect and preserve documents
6. Monitor compliance
7. Update as needed
8. Release when appropriate

触发事件:
- 收到起诉状或索赔函
- 合理预期会发生诉讼
- 政府调查通知
- 内部调查结果

保留流程:
1. 发出诉讼保留通知
2. 识别责任人与数据源
3. 暂停常规销毁流程
4. 约谈关键责任人
5. 收集与保存文档
6. 监控合规情况
7. 按需更新
8. 适时解除保留

Litigation Budget Management

诉讼预算管理

Phase	Activities	Cost Factors
Pre-litigation	Investigation, demand letters	Limited
Pleadings	Complaint, answer, motions	Moderate
Discovery	Document production, depositions	Highest
Pre-trial	Expert reports, motions	High
Trial	Preparation, testimony	Very High
Appeal	Briefing, oral argument	Moderate

阶段	活动	成本因素
诉前	调查、索赔函	有限
诉答程序	起诉状、答辩状、动议	中等
证据开示	文档提交、证词	最高
庭审前	专家报告、动议	高
庭审	准备、证词	极高
上诉	书面答辩、口头辩论	中等

Settlement Analysis

和解分析

SETTLEMENT VALUE FORMULA:
Expected Value = P(win) × Expected Recovery - Legal Costs

CONSIDERATIONS:
- Probability of liability
- Range of potential damages
- Litigation costs (both sides)
- Management distraction
- Reputational impact
- Precedent setting
- Insurance coverage
- Business relationship preservation

和解价值公式:
预期价值 = 胜诉概率 × 预期赔偿额 - 法律成本

考量因素:
- 责任概率
- 潜在赔偿范围
- 双方诉讼成本
- 管理层精力分散
- 声誉影响
- 先例设定
- 保险覆盖
- 业务关系维护

Risk Assessment Framework

风险评估框架

Legal Risk Categories

法律风险类别

Category	Examples	Impact
Regulatory	Enforcement, fines, license revocation	High
Contractual	Breach, termination, damages	Medium-High
Litigation	Class actions, IP disputes, employment	High
Compliance	SOX, FCPA, data privacy	Very High
Transactional	M&A, JV, financing	Medium
Reputational	Public relations, brand damage	High

类别	示例	影响
监管风险	执法行动、罚款、执照吊销	高
合同风险	违约、终止、赔偿	中-高
诉讼风险	集体诉讼、知识产权纠纷、雇佣纠纷	高
合规风险	SOX、FCPA、数据隐私	极高
交易风险	并购、合资、融资	中
声誉风险	公共关系、品牌损害	高

Risk Assessment Matrix

风险评估矩阵

PROBABILITY × IMPACT = RISK SCORE

         Impact
         Low   Medium   High
Prob
High     3      6        9
Medium   2      4        6
Low      1      2        3

RISK RESPONSE:
9: Immediate mitigation required
6: Active management plan
3-4: Monitor and review
1-2: Accept risk

概率 × 影响 = 风险得分

         影响
         低   中   高
概率
高     3      6        9
中     2      4        6
低     1      2        3

风险应对:
9: 需立即采取缓解措施
6: 需制定主动管理计划
3-4: 监控与审查
1-2: 接受风险

Compliance Program Framework

合规计划框架

Effective Compliance Program Elements (DOJ)

有效合规计划要素（美国司法部）

1. STANDARDS AND PROCEDURES
   - Code of conduct
   - Policies for risk areas
   - Clear and accessible

2. COMPLIANCE LEADERSHIP
   - Board oversight
   - Senior management commitment
   - Adequate resources

3. TRAINING AND COMMUNICATION
   - Risk-based training
   - Regular updates
   - Accessible channels

4. REPORTING MECHANISMS
   - Hotline/helpline
   - Non-retaliation policy
   - Investigation procedures

5. RISK ASSESSMENT
   - Regular assessment
   - Emerging risks
   - Control mapping

6. MONITORING AND AUDITING
   - Testing program
   - Third-party audits
   - Data analytics

7. INCENTIVES AND DISCIPLINE
   - Performance integration
   - Consistent enforcement
   - Root cause analysis

8. THIRD-PARTY MANAGEMENT
   - Due diligence
   - Contractual protections
   - Ongoing monitoring

9. CONTINUOUS IMPROVEMENT
   - Root cause analysis
   - Lessons learned
   - Program updates

1. 标准与流程
   - 行为准则
   - 风险领域政策
   - 清晰易懂且易于获取

2. 合规领导力
   - 董事会监督
   - 高管层承诺
   - 充足资源

3. 培训与沟通
   - 基于风险的培训
   - 定期更新
   - 便捷沟通渠道

4. 举报机制
   - 热线/求助热线
   - 反报复政策
   - 调查流程

5. 风险评估
   - 定期评估
   - 新兴风险
   - 控制映射

6. 监控与审计
   - 测试计划
   - 第三方审计
   - 数据分析

7. 激励与惩戒
   - 与绩效挂钩
   - 一致执行
   - 根本原因分析

8. 第三方管理
   - 尽职调查
   - 合同保护
   - 持续监控

9. 持续改进
   - 根本原因分析
   - 经验总结
   - 计划更新

Whistleblower Programs

举报人计划

SEC WHISTLEBLOWER PROGRAM:
- 10-30% of sanctions > $1M
- Anti-retaliation protections
- Confidentiality protections

DODD-FRANK PROTECTIONS:
- Broad retaliation prohibition
- Reinstatement, back pay, attorney's fees
- Two-year statute of limitations

INTERNAL REPORTING:
- Anonymous reporting option
- Clear escalation path
- Timely investigation
- Communication of outcomes

SEC举报人计划:
- 罚款金额超过100万美元时，可获10-30%的奖励
- 反报复保护
- 保密保护

多德-弗兰克法案保护:
- 广泛的反报复禁令
- 复职、欠薪、律师费
- 两年诉讼时效

内部举报:
- 匿名举报选项
- 清晰的升级路径
- 及时调查
- 结果沟通

Data Privacy Framework

数据隐私框架

Privacy Program Components

隐私计划组件

Component	Description
Governance	Privacy officer, steering committee, policies
Data Inventory	What data, where, purpose, retention
Legal Basis	Consent management, legitimate interest
Rights Management	DSR process, verification, response
Vendor Management	DPAs, assessments, monitoring
Security	Technical measures, breach response
Training	Role-based, regular updates
Auditing	Compliance testing, gap remediation

组件	说明
治理	隐私官、指导委员会、政策
数据清单	数据类型、存储位置、用途、保留期限
合法依据	同意管理、合法利益
权利管理	数据主体请求流程、验证、响应
供应商管理	数据处理协议（DPA）、评估、监控
安全	技术措施、泄露响应
培训	基于角色的培训、定期更新
审计	合规测试、差距整改

Data Classification

数据分类

Level	Definition	Handling
Public	Approved for public release	Standard controls
Internal	General business information	Access controls
Confidential	Sensitive business data	Encryption, access limits
Restricted	Highly sensitive (PII, PHI, etc.)	Strict controls, audit

级别	定义	处理方式
公开	获准公开发布	标准控制
内部	一般业务信息	访问控制
保密	敏感业务数据	加密、访问限制
受限	高度敏感（个人可识别信息、受保护健康信息等）	严格控制、审计

另请参阅

Fortune 50 Risk Management
Fortune 50 Security
Fortune 50 Business Strategy

财富500强风险管理
财富500强安全
财富500强商业策略

legal-compliance

Original

Translation

Legal & Compliance Expert

法律与合规专家

Corporate Governance

公司治理

Board Structure & Responsibilities

董事会结构与职责

Fiduciary Duties

信义义务

Business Judgment Rule

商业判断规则

Regulatory Compliance

合规监管

Sarbanes-Oxley (SOX) Compliance

Sarbanes-Oxley (SOX) 合规

GDPR Compliance

GDPR合规

HIPAA Compliance

HIPAA合规

Anti-Corruption (FCPA/UK Bribery Act)

反腐败（FCPA/英国贿赂法）

Contract Management

合同管理

Contract Review Checklist

合同审核清单

Key Contract Provisions

关键合同条款

Contract Risk Matrix

合同风险矩阵

Intellectual Property

知识产权

IP Portfolio Management

知识产权组合管理

IP Due Diligence (M&A)

知识产权尽职调查（并购）

Litigation Management

诉讼管理

Litigation Hold Process

诉讼保留流程

Litigation Budget Management

诉讼预算管理

Settlement Analysis

和解分析

Risk Assessment Framework

风险评估框架

Legal Risk Categories

法律风险类别

Risk Assessment Matrix

风险评估矩阵

Compliance Program Framework

合规计划框架

Effective Compliance Program Elements (DOJ)

有效合规计划要素（美国司法部）

Whistleblower Programs

举报人计划

Data Privacy Framework

数据隐私框架

Privacy Program Components

隐私计划组件

Data Classification

数据分类

See Also

另请参阅