WWW.MAGSTONELAW.COM |
293 Eisenhower Livingston NJ 07039 | 415 S Murphy Ave Sunnyvale Ca 94086 | 1180 Avenue of the New York, NY 10036 | 1 Raffles Place - Singapore 048616 |
July 24, 2023
Division of Corporation Finance Office of Life Sciences
U.S. Securities and Exchange Commission
100 F Street, NE
Washington, DC 20549
Re: | TD Holdings, Inc. Form 10-K for the Fiscal Year Ended December 31, 2022 Filed March 10, 2023 SEC File No.: 001-36055 |
Dear Sir/Madam,
On behalf of TD Holdings, Inc. (the “Company”), we set forth below responses to the comment letter of the staff (the “Staff”) of the Securities and Exchange Commission (the “Commission”) with respect to the Form 10-K for the Fiscal Year ended December 31, 2022 (File No. 001-36055) filed on March 10, 2023 (the “2022 Form 10-K”). For your convenience, the Staff’s comments are repeated below in bold and italics, followed in each case by the responses of the Company. Page references are made to the 2022 Form 10-K to illustrate the approximate location of the disclosure with deletions shown as strike-through and additions underlined.
Form 10-K for Fiscal Year Ended December 31, 2022 Cover Page
1. | We note your definition of “China” does not include Hong Kong. In future filings, please revise the definition to clarify that the legal and operational risks associated with operating in China also apply to any operations in Hong Kong. We also note that you have some Hong Kong entities as part of your corporate structure; please discuss in future filings the applicable laws and regulations in Hong Kong as well as the related risks and consequences. Examples of applicable laws and regulations include, but are not limited to: |
● | Enforceability of civil liabilities in Hong Kong; |
● | China’s Enterprise Tax Law (“EIT Law”); |
● | Regulatory actions related to data security or anti-monopoly concerns in Hong Kong and their potential impact on your ability to conduct business, accept foreign investment or list on a U.S./foreign exchange; and |
● | Risk factor disclosure explaining whether there are laws/regulations in Hong Kong |
that result in oversight over data security, how this oversight impacts the company’s business, and to what extent the company believes that it is compliant with the regulations or policies that have been issued.
In response to the Staff’s comment on the definition of “China” in our 2022 Form 10-K, the Company plans to revise the definition as follows in its future Form 10-K filings:
Page i:
“PRC” or “China” refers to the People’s Republic of China,excluding, for and only in thepurposecontext of describing PRC laws, regulations, rules, regulatory authority and other legal or tax matters in this annual report, excludes Taiwan, Hong Kong, and Macau. “RMB” or “Renminbi” refers to the legal currency of China and “$,” “US$” or “U.S. Dollars” refers to the legal currency of the United States.
In response to the Staff’s comment on applicable laws and regulations in Hong Kong as well as the related risks and consequences, the Company notes that each of its Hong Kong subsidiaries is a holding company, and the Company primarily conducts its business in mainland China. The Company proposes to in its future Form 10-K filings as follows.
Page 17:
Cyber Security and Data Protection Laws in Hong Kong
Hong Kong’s legal framework concerning cyber security is multifaceted and comprehensive, aiming to protect individuals’ data and penalize illicit activities. The primary laws and regulations include the Personal Data (Privacy) Ordinance (PDPO), the Unsolicited Electronic Messages Ordinance, the Interception of Communications and Surveillance Ordinance, and the Official Secrets Ordinance. These laws govern the collection, use, and protection of personal data, the sending of unsolicited electronic messages, the interception of communications and use of surveillance devices by public officers, and the unauthorized obtaining or disclosure of official information, respectively. Regulatory actions can have significant implications for businesses, and may result in hefty fines, damage to reputation, and loss of business opportunities.
As holding vehicles, our Hong Kong subsidiaries do not engage in any business operations, nor do they handle any personal data.
Page 17:
Item 1A. RISK FACTORS
You should carefully consider the following material risk factors and other information in this annual report. All the operational risks associated with being based in and having operations in mainland China also apply to our operations in Hong Kong. With respect to the legal risks associated with being based in and having operations in China as discussed in relevant risk factors, the laws, regulations and the discretion of China governmental authorities discussed in this annual report are expected to apply to PRC entities and businesses, rather than entities or businesses in Hong Kong which operate under a different set of laws from mainland China. If any of the following risks actually occur, our business, financial condition, results of operations and prospects for growth could be seriously impacted. As a result, the trading price, if any, of our Common Stock could decline and you could lose part or all of your investment.
Page 22:
Certain judgments obtained against us by our shareholders may not be enforceable.
TD Holdings, Inc. is a Delaware holding company and substantially all of our assets are located outside of the United States. Substantially all of our current operations are conducted through our PRC subsidiaries in China. In addition of our current directors and officers are nationals and residents of countries other than the United States. Substantially all of the assets of these persons are located outside the United States. As a result, it may be difficult or impossible for you to bring an action against us or against these individuals in the United States in the event that you believe that your rights have been infringed under the U.S. federal securities laws or otherwise. Even if you are successful in bringing an action of this kind, the laws of China may render you unable to enforce a judgment against our assets or the assets of our directors and officers.
2
There is uncertainty as to whether the judgment of United States courts will be directly enforced in Hong Kong, as the United States and Hong Kong do not have a treaty or other arrangements providing for reciprocal recognition and enforcement of judgments of courts of the United States in civil and commercial matters. However, a foreign judgment may be enforced in Hong Kong at common law by bringing an action in a Hong Kong court since the judgment may be regarded as creating a debt between the parties to it, provided that the foreign judgment, among other things, is a final judgment conclusive upon the merits of the claim and is for a liquidated amount in a civil matter and not in respect of taxes, fines, penalties, or similar charges. Such a judgment may not, in any event, be so enforced in Hong Kong if (a) it was obtained by fraud; (b) the proceedings in which the judgment was obtained were opposed to natural justice; (c) its enforcement or recognition would be contrary to the public policy of Hong Kong; (d) the court of the United States was not jurisdictionally competent; or (e) the judgment was in conflict with a prior Hong Kong judgment.
Item 1. Description of Business, page 1
2. | In future filings, please disclose prominently in this section of the annual report that you are not a Chinese operating company but a Delaware holding company with operations conducted by your subsidiaries based in China and that this structure involves unique risks to investors. Your disclosure should acknowledge that Chinese regulatory authorities could disallow this structure, which would likely result in a material change in your operations and/or a material change in the value of the securities, including that it could cause the value of such securities to significantly decline or become worthless. Provide a cross-reference to your detailed discussion of risks facing the company and the offering as a result of this structure. |
In response to the Staff’s comment, the Company proposes to include the following disclosure in its future annual reports:
Page 1:
Item 1. Description of Business.
Overview and Corporate History
The Company is a Delaware holding company that conducts its operations and operates its business in China through its PRC subsidiaries. Such structure involves unique risks to our investors. The Chinese government may intervene in or influence the operation of PRC subsidiaries and exercise significant oversight and discretion over the conduct of our business or may exert more control over offerings conducted overseas by, and/or foreign investment in, China-based issuers, which could result in a material change in our operations and/or the value of our common stock. Furthermore, rules and regulations in China may change quickly with short advance notice, If the PRC imposes limitations on the ownership structure of the Company or disallows our current ownership structure all together in the future, or if the PRC government takes other future actions resulting in a material change in our operations, the value of our shares may depreciate significantly or become worthless. See “Risk Factors — Risks Relating to Our Corporate Structure” and “Risk Factors — Risks Related to Doing Business in China”.
3
3. | In future filings, provide prominent disclosure about the legal and operational risks associated with being based in or having the majority of the company’s operations in China. Your disclosure should make clear whether these risks could result in a material change in your operations and/or the value of your securities or could significantly limit or completely hinder your ability to offer securities to investors in the future and cause the value of such securities to significantly decline or be worthless. Your disclosure should address how recent statements and regulatory actions by China’s government, such as those related to the use of variable interest entities and data security or anti-monopoly concerns, have or may impact the company’s ability to conduct its business, accept foreign investments, or list on a U.S. or other foreign exchange. Please disclose the location of your auditor's headquarters and whether and how the Holding Foreign Companies Accountable Act, as amended by the Consolidated Appropriations Act, 2023, and related regulations will affect your company. |
In response to the Staff’s comment, the Company proposes to add the following disclosure in its future annual reports:
Page 1
Item 1. Description of Business.
Overview and Corporate History
***
There are significant legal and operational risks associated with being based in or having the substantial all of its operations in China, including those changes in the legal, political and economic policies of the Chinese government, the relations between China and the United States, or Chinese or U.S. regulations, all of which may materially and adversely affect our business, financial condition and results of operations. Any such changes could cause the value of our securities to significantly decline or become worthless. The PRC government has significant authority to exert influence on the ability of a company with substantive operations in China, such as us, to conduct its business, accept foreign investments or list on a U.S. or other foreign exchanges. For example, we face risks associated with regulatory approvals of offshore offerings, anti-monopoly regulatory actions, oversight on cybersecurity and data privacy. As of the date of this annual report, we do not believe that we are subject to (a) the cybersecurity review with the Cyberspace Administration of China, or CAC, as we do not qualify as a critical information infrastructure operator or possess a large amount of personal information in our business operations, and our business does not involve data possessing that affects or may affect national security, implicates cybersecurity, or involves any type of restricted industry; or (b) merger control review by China’s anti-monopoly enforcement agency due to the fact that we do not engage in monopolistic behaviors that are subject to these statements or regulatory actions. However, since these statements and regulatory actions are new, it is highly uncertain how soon legislative or administrative regulation making bodies will respond and what existing or new laws or regulations or detailed implementations and interpretations will be modified or promulgated, and, if any, the potential impact such modified or new laws and regulations will have on our daily business operation, ability to accept foreign investments and listing of our securities. In particular, as we are a holding company with substantive business operations in China, you should pay special attention to disclosures included in this annual report and risk factors included herein, including but not limited to risk factor such as “Risk Factors — Risks Relating to Our Corporate Structure” and “Risk Factors — Risks Related to Doing Business in China”.
4
The PRC government has significant oversight and discretion over the conduct of our business and may intervene with or influence our operations as the government deems appropriate to further regulatory, political and societal goals. The PRC government has recently published new policies that significantly affected certain industries, and we cannot rule out the possibility that it will in the future release regulations or policies regarding the industry where we operate, which could adversely affect our business, financial condition and results of operations. These risks could result in a material change in our operations and the value of our ordinary shares, or could significantly limit or completely hinder our ability to offer or continue to offer securities to investors and cause the value of such securities to significantly decline or become worthless. For more information on various risks related to doing business in China, see “Risk Factors — Risks Related to Doing Business in China”.
Pursuant to the Holding Foreign Companies Accountable Act, or the HFCAA, if the Public Company Accounting Oversight Board, or the PCAOB, is unable to inspect an issuer’s auditors for three consecutive years, the issuer’s securities are prohibited to trade on a U.S. stock exchange. The PCAOB issued a Determination Report on December 16, 2021 which found that the PCAOB is unable to inspect or investigate completely registered public accounting firms headquartered in: (1) mainland China of the People’s Republic of China because of a position taken by one or more authorities in mainland China; and (2) Hong Kong, a Special Administrative Region and dependency of the PRC, because of a position taken by one or more authorities in Hong Kong. Furthermore, the PCAOB’s report identified the specific registered public accounting firms which are subject to these determinations. On June 22, 2021, the U.S. Senate passed the Accelerating Holding Foreign Companies Accountable Act, and on December 29, 2022, legislation entitled “Consolidated Appropriations Act, 2023” (the “Consolidated Appropriations Act”) was signed into law by President Biden, which contained, among other things, an identical provision to the Accelerating Holding Foreign Companies Accountable Act and amended the HFCAA by requiring the SEC to prohibit an issuer’s securities from trading on any U.S stock exchanges if its auditor is not subject to PCAOB inspections for two consecutive years instead of three, thus reducing the time period for triggering the prohibition on trading. On August 26, 2022, the PCAOB announced that it had signed a Statement of Protocol (the “SOP”) with the China Securities Regulatory Commission, or the CSRC, and the Ministry of Finance of China. The SOP, together with two protocol agreements governing inspections and investigations (together, the “SOP Agreement”), establishes a specific, accountable framework to make possible complete inspections and investigations by the PCAOB of audit firms based in mainland China and Hong Kong, as required under U.S. law. On December 15, 2022, the PCAOB announced that it was able to secure complete access to inspect and investigate PCAOB-registered public accounting firms headquartered in mainland China and Hong Kong completely in 2022. The PCAOB Board vacated its previous 2021 determinations that the PCAOB was unable to inspect or investigate completely registered public accounting firms headquartered in mainland China and Hong Kong. However, whether the PCAOB will continue to be able to satisfactorily conduct inspections of PCAOB-registered public accounting firms headquartered in mainland China and Hong Kong is subject to uncertainties and depends on a number of factors out of our and our auditor’s control. The PCAOB continues to demand complete access in mainland China and Hong Kong moving forward and is making plans to resume regular inspections in early 2023 and beyond, as well as to continue pursuing ongoing investigations and initiate new investigations as needed. The PCAOB has also indicated that it will act immediately to consider the need to issue new determinations with the HFCAA if needed.
As of the date of this annual report, Audit Alliance LLP, our auditor, is not subject to the determinations as to inability to inspect or investigate completely as announced by the PCAOB on December 16, 2021. Audit Alliance, LLP is based in Singapore and is registered with PCAOB and subject to PCAOB inspection. See “Risk Factors — Risks Related to Doing Business in China — The Holding Foreign Companies Accountable Act, recent regulatory actions taken by the SEC and PCAOB, and proposed rule changes submitted by U.S. stock exchanges calling for additional and more stringent criteria to be applied to China-based public companies could add uncertainties to our capital raising activities and compliance costs.”
5
TD Holdings, Inc. is not an operating company based in the PRC, but a holding company incorporated in Delaware. Our operations are primarily conducted through (i) our subsidiaries incorporated in China, and (ii) contractual agreements with a variable interest entity (VIE) based in China. These contractual agreements between GLG, our subsidiaries, the VIE, and their nominee shareholders typically include exclusive business cooperation agreements, share pledge agreements, exclusive option agreements, power of attorney, and timely reporting agreements, as applicable. As a result of these contractual agreements, the shareholders of the VIE have effectively transferred all their voting rights associated with their equity interest in the VIE to the primary beneficiaries of these companies. This gives our company or its subsidiaries the power to direct the activities that most significantly impact the economic performance of the VIE. However, these contractual agreements may not be as effective as direct ownership in providing us with control over the VIE, and we may incur significant costs to enforce the terms of these agreements. If the VIE or the nominee shareholders fail to fulfill their respective obligations under these contractual agreements, our ability to enforce the contractual agreements that effectively transferred the voting rights in the VIE to us could be limited. As of the date of this annual report's filing, to the best knowledge of GLG, our directors, and management, the contractual agreements with the VIE have not been tested in a Chinese court of law. Moreover, if we cannot maintain such effective transfer, we would not be able to continue consolidating the financial results of these entities in our financial statements. See Item 1A. “Risk Factors — Risks Relating to Our Corporate Structure.”
4. | In future filings, provide a description of how cash is transferred through your organization. State whether any transfers, dividends, or distributions have been made to date between the holding company and its subsidiaries, or to investors, and quantify the amounts where applicable. Provide cross-references to the consolidated financial statements. |
In response to the Staff’s comment, the Company intends to add the following disclosure to its future Form 10-K filings:
Page 5:
TD Holdings, Inc., our holding company, or the Parent, may transfer cash to our offshore intermediary holding entities in the British Virgin Islands and Hong Kong. and their respective subsidiaries, through capital injections and intra-group loans. Our offshore intermediary holding entities, in turn, may transfer cash to our PRC subsidiaries through capital injections and intra-group loans. Similarly, our PRC subsidiaries may in turn transfer cash to their respective subsidiaries in the PRC through capital injections and intra-group loans. Cash may also be transferred through our organization by way of intra-group transactions. If our wholly owned subsidiaries in the PRC realize accumulated after-tax profits, they may, upon satisfaction of relevant statutory conditions and procedures, pay dividends or distribute earnings to our offshore intermediary holding entities, which, in turn, may transfer cash to the Parent through dividends or other distributions. With necessary funds, the Parent may pay dividends or make other distributions to U.S. investors and service any debt it may have incurred outside of the PRC. No assets other than cash were transferred between the Parent and a subsidiary, no subsidiaries paid dividends or made other distributions to the Parent, and no dividends or distributions were paid or made to U.S. investors. TD Holding Inc. and its subsidiaries currently do not have a cash management policy in place. In 2021 and 2022, the Parent transferred cash in the amount of US$6 million and US$2.3 million, respectively, to our PRC subsidiaries through our offshore intermediary holding entities by way of capital contribution to the PRC subsidiaries. In 2022, TD Holdings Inc. owed TD E-Commerce an unpaid amount of $38 million. See “Certain Relationships and Related Transactions, and Director Independence” on page 43.
Under PRC laws and regulations, we are subject to restrictions on foreign exchange and cross-border cash transfers, including to U.S. investors. Our ability to distribute earnings to the holding company and U.S. investors is also limited. We are a Delaware holding company and we may rely on dividends and other distributions on equity paid by our PRC subsidiaries for our cash and financing requirements, including the funds necessary to pay dividends and other cash distributions to our shareholders and service any debt we may incur. When any of our PRC subsidiaries incurs debt on its own behalf, the instruments governing the debt may restrict its ability to pay dividends or make other distributions to us. Under PRC laws and regulations, each of our PRC subsidiaries may pay dividends only out of its respective accumulated profits as determined in accordance with PRC accounting standards and regulations. In addition, a PRC enterprise is required to set aside at least 10% of its after-tax profits each year, if any, to fund a certain statutory reserve fund, until the aggregate amount of such fund reaches 50% of its registered capital. At its discretion, a PRC enterprise may allocate a portion of its after-tax profits based on PRC accounting standards to a staff welfare and bonus fund. These reserve fund and staff welfare and bonus fund cannot be distributed to us as dividends. In addition, our PRC subsidiaries generate their revenue primarily in Renminbi, which is not freely convertible into other currencies. As a result, any restriction on currency exchange may limit the ability of our PRC subsidiaries to pay dividends to us.
6
5. | We note your disclosure listing the PRC regulations you comply with. In future filings, please also disclose each permission or approval that you or your subsidiaries are required to obtain from Chinese authorities to operate your business and to maintain your registered securities program. State whether you or your subsidiaries are covered by permissions requirements from the China Securities Regulatory Commission (CSRC), Cyberspace Administration of China (CAC) or any other governmental agency that is required to your operations, and state affirmatively whether you have received all requisite permissions or approvals and whether any permissions or approvals have been denied. Please also describe the consequences to you and your investors if you or your subsidiaries: (i) do not receive or maintain such permissions or approvals, (ii) inadvertently conclude that such permissions or approvals are not required, or (iii) applicable laws, regulations, or interpretations change and you are required to obtain such permissions or approvals in the future. In addition, if you rely upon an opinion of counsel with respect to your conclusions that you do not need any permissions and approvals to operate your business, please state as much or explain why such an opinion was not obtained if applicable. |
The Company acknowledges the Staff’s comment and proposes to include the following disclosure in its future Form 10-K filings:
Page 17
PRC Licenses and Permits
The following table lists all of the licenses and permits that the Company and its subsidiaries are required to have in order to operate business and maintain its securities program from Chinese authorities:
Name of Company | License/Permit | Issuing Authority | Validity | |||
Tongdow Internet Technology | Internet Content Provider License | Guangdong Communications Administration | October 8, 2026 | |||
Hainan Jianchi Import and Export Co., Ltd. | Hazardous Chemicals Business Permit | Yangpu Economic Development Zone Emergency Management Bureau | February 6, 2024 |
There have been no instances where the Company or its subsidiaries have had their applications for such permissions or approvals rejected. If the Company or its subsidiaries fail to obtain or maintain such permissions or approvals, or incorrectly determine that such permissions or approvals are not necessary, our business could suffer. In cases where a company is denied such permissions, such company would either refrain from engaging in that particular business area, or partner with entities that can secure such permissions. The legal system in the PRC is continually evolving, and the applicable laws, regulations, or interpretations are subject to significant uncertainties. If the relevant regulations change abruptly, we may need to secure such permissions or approvals, which could be expensive, and may disrupt our business operations, negatively impacting our revenue and the value of our securities.
CAC Review
On December 28, 2021, the Cyberspace Administration of China, CAC, jointly with the relevant authorities formally published Measures for Cybersecurity Review (2021) which took effect on February 15, 2022 and replace the former Measures for Cybersecurity Review (2020). Measures for Cybersecurity Review (2021) stipulates that operators of critical information infrastructure purchasing network products and services, and online platform operator (together with the operators of critical information infrastructure, the “Operators”) carrying out data processing activities that affect or may affect national security, shall conduct a cybersecurity review, any operator who controls more than one million users’ personal information must go through a cybersecurity review by the cybersecurity review office if it seeks to be listed in a foreign country. Since we are not an Operator, nor do we control more than one million users’ personal information, we would not be required to apply for a cybersecurity review under the Measures for Cybersecurity Review (2021). Our legal adviser, Tahota Law Firm (Beijing) has confirmed that we currently are not subject to the cybersecurity review process.
7
CSRC Filing Requirements
On December 24, 2021, the China Securities Regulatory Commission, or the CSRC, introduced draft regulations concerning the overseas issuance and listing of securities by domestic companies. These draft regulations were superseded by the Trial Administrative Measures of Overseas Securities Offering and Listing by Domestic Companies (the “Trial Measures”), which came into effect on March 31, 2023. Pursuant to the Trial Measures, domestic companies that seek to offer or list securities overseas, both directly and indirectly, should fulfill the filing procedure and report relevant information to the CSRC. Since these statements and regulatory actions by the PRC government are newly published, their interpretation, application and enforcement of unclear and there also remains significant uncertainty as to the enactment, interpretation and implementation of other regulatory requirements related to overseas securities offerings and other capital markets activities,; our ability to offer, or continue to offer, securities to investors would be potentially hindered and the value of our securities might significantly decline or be worthless, by existing or future laws and regulations relating to its business or industry or by intervene or interruption by PRC governmental authorities, if we or our subsidiaries (i) do not receive or maintain such filings, permissions or approvals required by the PRC government, (ii) inadvertently conclude that such filings, permissions or approvals are not required, (iii) applicable laws, regulations, or interpretations change and we are required to obtain such filings, permissions or approvals in the future, or (iv) any intervention or interruption by PRC governmental with little advance notice.
According to the Notice on the Administrative Arrangements for the Filing of the Overseas Securities Offering and Listing by Domestic Companies from the CSRC, or “the CSRC Notice,” the domestic companies that have already been listed overseas before the effective date of the Trial Measures (namely, March 31, 2023) shall be deemed as existing issuers (the “Existing Issuers”). Existing Issuers are not required to complete the filing procedures immediately, and they shall be required to file with the CSRC for any subsequent offerings.
On February 24, 2023, the CSRC, together with the Ministry of Finance, National Administration of State Secrets Protection and National Archives Administration of China, revised the Provisions on Strengthening Confidentiality and Archives Administration for Overseas Securities Offering and Listing, which were issued by the CSRC and National Administration of State Secrets Protection and National Archives Administration of China in 2009, or the “Provisions.” The revised Provisions were issued under the title the “Provisions on Strengthening Confidentiality and Archives Administration of Overseas Securities Offering and Listing by Domestic Companies,” and will come into effect on March 31, 2023 together with the Trial Measures. One of the major revisions to the revised Provisions is expanding their application to cover indirect overseas offering and listing, as is consistent with the Trial Measures. The revised Provisions require that, among other things, (a) a domestic company that plans to, either directly or indirectly through its overseas listed entity, publicly disclose or provide to relevant individuals or entities, including securities companies, securities service providers, and overseas regulators, any documents and materials that contain state secrets or working secrets of government agencies, shall first obtain approval from competent authorities according to law, and file with the secrecy administrative department at the same level; and (b) a domestic company that plans to, either directly or indirectly through its overseas listed entity, publicly disclose or provide to relevant individuals and entities, including securities companies, securities service providers, and overseas regulators, any other documents and materials that, if leaked, will be detrimental to national security or public interest, shall strictly fulfill relevant procedures stipulated by applicable national regulations. On or after March 31, 2023, any failure or perceived failure by our Company and our subsidiaries, to comply with the above confidentiality and archives administration requirements under the revised Provisions and other PRC laws and regulations may result in the relevant entities being held legally liable by competent authorities, and referred to the judicial organ to be investigated for criminal liability if suspected of committing a crime.
8
The Trial Measures, the revised Provisions and any related implementing rules to be enacted may subject us to additional compliance requirements in the future.
6. | In future filings, please include disclosure about the Holding Foreign Companies Accountable Act. Please expand your risk factors to disclose that the Holding Foreign Companies Accountable Act, as amended by the Consolidated Appropriations Act, 2023, decreases the number of consecutive “non-inspection years” from three years to two years, and thus reduces the time before the securities of a non-compliant issuer may be prohibited from trading or delisted. Update your disclosure to describe the potential consequences to you if the PRC adopts positions at any time in the future that would prevent the PCAOB from continuing to inspect or investigate completely accounting firms headquartered in mainland China or Hong Kong. |
In response to the Staff’s comment, in addition to the proposed disclosure set forth on page 5 of this letter, the Company intends to add the following disclosure to its future Form 10-K filings.
Page 26
Risks Related to Doing Business in China
…
The Holding Foreign Companies Accountable Act, recent regulatory actions taken by the SEC and PCAOB, and proposed rule changes submitted by U.S. stock exchanges calling for additional and more stringent criteria to be applied to China-based public companies could add uncertainties to our capital raising activities and compliance costs.
Pursuant to the Holding Foreign Companies Accountable Act, or the HFCAA, if the Public Company Accounting Oversight Board, or the PCAOB, is unable to inspect an issuer’s auditors for three consecutive years, the issuer’s securities are prohibited to trade on a U.S. stock exchange. The PCAOB issued a Determination Report on December 16, 2021 which found that the PCAOB is unable to inspect or investigate completely registered public accounting firms headquartered in: (1) mainland China of the People’s Republic of China because of a position taken by one or more authorities in mainland China; and (2) Hong Kong, a Special Administrative Region and dependency of the PRC, because of a position taken by one or more authorities in Hong Kong. Furthermore, the PCAOB’s report identified the specific registered public accounting firms which are subject to these determinations. On June 22, 2021, the U.S. Senate passed the Accelerating Holding Foreign Companies Accountable Act, and on December 29, 2022, legislation entitled “Consolidated Appropriations Act, 2023” (the “Consolidated Appropriations Act”) was signed into law by President Biden, which contained, among other things, an identical provision to the Accelerating Holding Foreign Companies Accountable Act and amended the HFCAA by requiring the SEC to prohibit an issuer’s securities from trading on any U.S stock exchanges if its auditor is not subject to PCAOB inspections for two consecutive years instead of three, thus reducing the time period for triggering the prohibition on trading. On August 26, 2022, the PCAOB announced that it had signed a Statement of Protocol (the “SOP”) with the China Securities Regulatory Commission and the Ministry of Finance of China. The SOP, together with two protocol agreements governing inspections and investigations (together, the “SOP Agreement”), establishes a specific, accountable framework to make possible complete inspections and investigations by the PCAOB of audit firms based in mainland China and Hong Kong, as required under U.S. law. On December 15, 2022, the PCAOB announced that it was able to secure complete access to inspect and investigate PCAOB-registered public accounting firms headquartered in mainland China and Hong Kong completely in 2022. The PCAOB Board vacated its previous 2021 determinations that the PCAOB was unable to inspect or investigate completely registered public accounting firms headquartered in mainland China and Hong Kong. However, whether the PCAOB will continue to be able to satisfactorily conduct inspections of PCAOB-registered public accounting firms headquartered in mainland China and Hong Kong is subject to uncertainties and depends on a number of factors out of our and our auditor’s control. The PCAOB continues to demand complete access in mainland China and Hong Kong moving forward and is making plans to resume regular inspections in early 2023 and beyond, as well as to continue pursuing ongoing investigations and initiate new investigations as needed. The PCAOB has also indicated that it will act immediately to consider the need to issue new determinations with the HFCAA if needed.
9
Audit Alliance LLP is based in Singapore and is registered with PCAOB and subject to PCAOB inspection. As of the date of this annual report, Audit Alliance LLP, our auditor, is based not subject to the determinations as to inability to inspect or investigate completely as announced by the PCAOB on December 16, 2021. However, we cannot assure you whether Nasdaq or regulatory authorities would not apply additional and more stringent criteria to us after considering the effectiveness of our auditor’s audit procedures and quality control procedures, adequacy of personnel and training, or sufficiency of resources, geographic reach or experience as it relates to the audit of our financial statements.
7. | Given the Chinese government’s significant oversight and discretion over the conduct of your business, please revise your disclosure in future filings to highlight separately the risk that the Chinese government may intervene or influence your operations at any time, which could result in a material change in your operations and/or the value of your securities. Also, given recent statements by the Chinese government indicating an intent to exert more oversight and control over offerings that are conducted overseas and/or foreign investment in China-based issuers, acknowledge the risk that any such action could significantly limit or completely hinder your ability to continue to offer securities to investors and cause the value of such securities to significantly decline or be worthless. |
In response to the Staff’s comment, in addition to the proposed disclosure set forth on pages 4, 5, 7 and 8, of this letter, the Company intends to add the following disclosure to its future From 10-K filings.
Page 25
Risks Related to Doing Business in China
…
The PRC government’s significant oversight and discretion over our business operation could result in a material adverse change in our operations and the value of our common stock.
We conduct our business primarily through our PRC subsidiaries. Our operations in China are governed by PRC laws and regulations. The PRC government has significant oversight and discretion over the conduct of our business, and it may influence our operations, which could result in a material adverse change in our operation, and our shares of stock may decline in value or become worthless. Also, the PRC government has recently indicated an intent to exert more oversight and control over offerings that are conducted overseas and foreign investment in China-based issuers. Any such action could significantly limit or completely hinder our ability to offer or continue to offer securities to investors. In addition, implementation of industry-wide regulations directly targeting our industry or our operations could cause the value of our securities to significantly decline. Therefore, investors of our company and our business face PRC regulatory uncertainty that may materially and adversely affect our business and operations and the value of our shares.
The PRC government has the ability to exert substantial control over any offering or listing of securities conducted overseas and/or foreign investment in China-based issuers, and, as a result, may limit or completely hinder our ability to offer or continue to offer securities to investors, and may cause the value of such securities to significantly decline or be worthless.
10
The PRC government recently initiated a series of regulatory actions and statements to regulate business operations in China, including cracking down on illegal activities in the securities market, enhancing supervision over China-based companies listed overseas using the variable interest entity structure, adopting new measures to extend the scope of cybersecurity reviews, and expanding the efforts in anti-monopoly enforcement.
On February 17, 2023, the CSRC released the Trial Administrative Measures for Administration of Overseas Securities Offerings and Listings by Domestic Companies (the “Trial Measures”) and five supporting guidelines, which came into effect on March 31, 2023. Pursuant to the Trial Measures, subsequent securities offerings of an issuer in the same overseas market where it has previously offered and listed securities shall be filed with the CSRC within three (3) working days after the offering is completed, which may subject us to additional compliance requirements in the future, and we cannot assure you that we will be able to get the clearance of filing procedures under the Trial Measures on a timely basis, or at all. If a domestic company fails to complete the filing procedures or conceals any material fact or falsifies any major content in its filing documents, such domestic company may be subject to administrative penalties by the CSRC, such as order to rectify, warnings, fines, and its controlling shareholders, actual controllers, the person directly in charge and other directly liable persons may also be subject to administrative penalties, such as warnings and fines.
As of the date of this report, none of the Company, our PRC subsidiaries, have received any filing or compliance requirements from CSRC for the listing at Nasdaq and all of its overseas offerings. As the Trial Measures were only enacted recently, there remains uncertainty as to the interpretation and implementation of the Trial Measures and the supporting guidelines, including but not limited to the interpretation of the concept “substance over form”, as well as other PRC regulatory requirements related to overseas securities offerings and other capital markets activities; thus, we cannot assure you that the relevant Chinese regulatory authorities, including the CSRC, would reach the same conclusion as us.
On February 24, 2023, the CSRC and other PRC governmental authorities jointly issued the revised Provisions on Strengthening Confidentiality and Archives Administration of Overseas Securities Offering and Listing by Domestic Companies (the “Revised Confidentiality Provisions”), which will come into effect on March 31, 2023. According to the Revised Confidentiality Provisions, Chinese companies that directly or indirectly conduct overseas offerings and listings, shall strictly abide by the laws and regulations on confidentiality when providing or publicly disclosing, either directly or through their overseas listed entities, materials to securities services providers. In the event such materials contain state secrets or working secrets of government agencies, the Chinese companies shall first obtain approval from authorities, and file with the secrecy administrative department at the same level with the approving authority; in the event that such materials, if divulged, will jeopardize national security or public interest, the Chinese companies shall comply with procedures stipulated by national regulations. The Chinese companies shall also provide a written statement of the specific sensitive information provided when providing materials to securities service providers, and such written statements shall be retained for inspection. As the Revised Confidentiality Provisions were recently promulgated and have not taken effect, their interpretation and implementation remain substantially uncertain.
If the CSRC or other PRC governmental authorities later promulgate new rules or interpretations requiring that we obtain their approval for future offerings or listings outside of mainland China or for foreign investments in our securities, we may be unable to obtain such approvals in a timely manner, or at all. Any such circumstance could significantly or completely limit our ability to raise capital through securities offerings, hinder our ability to execute strategic plans in a timely manner or at all, and could cause the value of our securities to significantly decline.
11
8. | In light of recent events indicating greater oversight by the CAC over data security, particularly for companies listed on a foreign exchange, please revise your disclosure in future filings to explain how this oversight impacts your business and to what extent you believe that you are compliant with the regulations or policies that have been issued by the CAC to date. In addition, if you rely upon an opinion of counsel with respect to your conclusions that you do not need any permissions and approvals from the CAC to operate your business, please state as much or explain why such an opinion was not obtained if applicable. |
In response to the Staff’s comment, the Company intends to add the disclosure set forth in Schedule 1 hereto:
9. | We note that one or more of your officers are located in the PRC/Hong Kong. In future filings, please disclose (i) that is the case and identify the relevant individuals, and (ii) include a separate “Enforceability” section and a risk factor addressing the challenges of bringing actions and enforcing judgments/liabilities against such individuals. |
The Company acknowledges the Staff’s comment and proposes to include the following disclosure under the heading “Item 1. Business—Information about our Executive Officers” of future annual reports
Our executive officers, including our Chief Executive Officer and Chief Financial Officer, and all of our directors reside within mainland China and/or Hong Kong or spend significant amounts of time in mainland China and/or Hong Kong. As a result, it may not be possible to effect service of process upon these persons, to obtain information from such persons necessary for investigations or lawsuits, or to bring lawsuits or enforcement actions or enforce judgments against such persons. For more information, see “Item 1A. Risk Factors—Risks Related to Doing Business in China— Certain judgments obtained against us by our shareholders may not be enforceable.”
*****
12
Thank you for your consideration in reviewing the above responses. We note that all proposed future disclosures remain subject to further revision in response to business and regulatory developments that may affect the Company between now and the filing of its next annual report. If you have any questions or wish to discuss any aspect of the 2022 Form 10-K, please contact the undersigned by phone at 347.989.6327 or by e-mail at markli@magstonelaw.com.
Very truly yours, | |
/s/ Yue (Mark) Li | |
Yue (Mark) Li |
Schedule 1
We are subject to a variety of laws and regulations regarding cybersecurity and data protection, and any failure to comply with applicable laws and regulations, including improper use or appropriation of personal information provided directly or indirectly by our customers or end users, could have a material adverse effect on our business, financial condition and results of operations.
In China, regulatory authorities have implemented and may implement further legislative and regulatory proposals concerning cybersecurity, information security, privacy, and data protection. New laws and regulations may be introduced, or existing ones may be interpreted or applied in ways that are uncertain or change over time. Non-compliance with these regulations could result in penalties or significant legal liabilities. On November 7, 2016, the Standing Committee of the National People’s Congress of the PRC issued the Cyber Security Law of the PRC, or Cyber Security Law, which became effective on June 1, 2017. Pursuant to the Cyber Security Law, network operators must not collect users’ personal information without their consent and may only collect users’ personal information necessary to the provision of services. Providers are also obliged to provide security maintenance for their products and services and shall comply with provisions regarding the protection of personal information as stipulated under the relevant laws and regulations. The Civil Code of the PRC (issued by the National People’s Congress of the PRC on May 28, 2020 and effective from January 1, 2021) provides the main legal basis for privacy and personal information infringement claims under PRC civil law.
PRC regulators, including the Cyberspace Administration of China, or the CAC, the Ministry of Industry and Information Technology, and the Ministry of Public Security, have been increasingly focused on regulation in areas of data security and data protection. The PRC regulatory requirements regarding cybersecurity are constantly evolving. For instance, various PRC regulatory bodies, including the CAC, the Ministry of Public Security and the State Administration for Market Regulation, or the SAMR, have enforced data privacy and protection laws and regulations with varying and evolving standards and interpretations. In addition, certain internet platforms in mainland China have reportedly been subject to heightened regulatory scrutiny in relation to cybersecurity matters.
In April 2020, the PRC government promulgated the Cybersecurity Review Measures (the “2020 Cybersecurity Review Measures”), which came into effect on June 1, 2020. In July 2021, the CAC and other related authorities released a draft amendment to the 2020 Cybersecurity Review Measures for public comments. On December 28, 2021, the PRC government promulgated amended Cybersecurity Review Measures (the “2022 Cybersecurity Review Measures”), which came into effect and replaced the 2020 Cybersecurity Review Measures on February 15, 2022. Compared with the 2020 Cybersecurity Review Measures, the 2022 Cybersecurity Review Measures contain the following key changes: (i) internet platform operators who are engaged in data processing are also subject to the regulatory scope; (ii) the CSRC is included as one of the regulatory authorities for purposes of jointly establishing the state cybersecurity review mechanism; (iii) internet platform operators holding personal information of more than one million users and seeking to have their securities list on a stock exchange in a foreign country shall file for cybersecurity review with the Cybersecurity Review Office; (iv) the risks of core data, material data or large amounts of personal information being stolen, leaked, destroyed, damaged, illegally used or illegally transmitted to overseas parties and the risks of critical information infrastructure, core data, material data or large amounts of personal information being influenced, controlled or used maliciously by foreign governments and any cybersecurity risk after a company’s listing on a stock exchange shall be collectively taken into consideration during the cybersecurity review process; and (v) critical information infrastructure operators and internet platform operators covered by the 2022 Cybersecurity Review Measures shall take measures to prevent and mitigate cybersecurity risks in accordance with the requirements therein. According to the 2022 Cybersecurity Review Measures, (i) critical information infrastructure operators that purchase network products and services and internet platform operators that conduct data processing activities shall be subject to cybersecurity review in accordance with the 2022 Cybersecurity Review Measures if such activities affect or may affect national security; and (ii) internet platform operators holding personal information of more than one million users and seeking to have their securities list on a stock exchange in a foreign country shall file for cybersecurity review with the Cybersecurity Review Office. Under the Regulation on Protecting the Security of Critical Information Infrastructure promulgated by the State Council on July 30, 2021, effective September 1, 2021, “critical information infrastructure” is defined as important network facilities and information systems in important industries and fields, such as public telecommunication and information services, energy, transportation, water conservancy, finance, public services, e-government and national defense, science, technology and industry, as well as other important network facilities and information systems that, in case of destruction, loss of function or leak of data, may severely damage national security, the national economy and the people’s livelihood and public interests. And the PRC competent authorities shall be responsible for organizing the determination of critical information infrastructure in the industry and field concerned according to the determination rules, and inform the critical information infrastructure operators of the determination results in a timely manner and notify the public security department under the State Council of the same. As of the date of this report, neither we nor any of our PRC subsidiaries has been informed by any PRC governmental authority that we or any of our PRC subsidiaries is a “critical information infrastructure operator.” Based on the opinion of our PRC legal adviser, Tahota Law Firm (Beijing), according to its interpretation of the currently in-effect PRC laws and regulations, we believe that neither we nor any of our PRC subsidiaries qualify as a critical information infrastructure operator. As of the date of this report, we have not conducted any data processing activities that affected or may affect national security, nor do we hold personal information of more than one million users.
S-1
On November 14, 2021, the CAC released the draft Administrative Regulation on Network Data Security for public comments through December 13, 2021 (the “Draft Regulation on Network Data Security”). Under the Draft Regulation on Network Data Security, (i) data processors, i.e., individuals and organizations who can decide on the purpose and method of their data processing activities at their own discretion, that process personal information of more than one million individuals shall apply for cybersecurity review before listing in a foreign country; (ii) foreign-listed data processors shall carry out annual data security evaluation and submit the evaluation report to the municipal cyberspace administration authority; and (iii) where the data processor undergoes merger, reorganization and subdivision that involves important data and personal information of more than one million individuals, the recipient of the data shall report the transaction to the in-charge authority at the municipal level.
As of the date of this report, neither we nor any of our PRC subsidiaries has been required by any PRC governmental authority to apply for cybersecurity review, nor have we or any of our PRC subsidiaries received any inquiry, notice, warning, sanction in such respect or been denied permission from any PRC regulatory authority to list on U.S. exchanges. Based on the opinion of our PRC legal adviser, Tahota Law Firm (Beijing), according to its interpretation of the currently in-effect PRC laws and regulations, we believe that neither we nor any of our PRC subsidiaries are subject to the cybersecurity review, by the CAC under the 2022 Cybersecurity Review Measures with respect to the offering of our securities or the business operations of our PRC subsidiaries, because neither we nor any of our PRC subsidiaries qualifies as a critical information infrastructure operator or has conducted any data processing activities that affect or may affect national security or holds personal information of more than one million users. However, as PRC governmental authorities have significant discretion in interpreting and implementing statutory provisions and there remains significant uncertainty in the interpretation and enforcement of relevant PRC cybersecurity laws and regulations if the PRC regulatory authorities take a position contrary to ours, we cannot assure you that we or any of our PRC subsidiaries will not be deemed to be subject to PRC cybersecurity review requirements under the 2022 Cybersecurity Review Measures or the Draft Administrative Regulations (if enacted) as a critical information infrastructure operator or an internet platform operator that is engaged in data processing activities that affect or may affect national security or holds personal information of more than one million users, nor can we assure you that we or our PRC subsidiaries would be able to pass such review. If we or any of our PRC subsidiaries fails to receive any requisite permission or approval from the CAC for the business operations of our PRC subsidiaries, or the waiver for such permission or approval, in a timely manner, or at all, or inadvertently concludes that such permission or approval is not required, or if applicable laws, regulations or interpretations change and obligate us to obtain such permission or approvals in the future, we or our PRC subsidiaries may be subject to fines, suspension of business, website closure, revocation of business licenses or other penalties, as well as reputational damage or legal proceedings or actions against us, which may have a material adverse effect on our business, financial condition or results of operations. In addition, we could become subject to enhanced cybersecurity review or investigations launched by PRC regulators in the future pursuant to new laws, regulations or policies. Any failure or delay in the completion of the cybersecurity review procedures or any other non-compliance with applicable laws and regulations may result in fines, suspension of business, website closure, revocation of business licenses or other penalties, as well as reputational damage or legal proceedings or actions against us, which may have a material adverse effect on our business, financial condition or results of operations.
On June 10, 2021, the Standing Committee of the National People’s Congress of the PRC, promulgated the PRC Data Security Law, which became effective in September 2021. The PRC Data Security Law imposes data security and privacy obligations on entities and individuals carrying out data activities, and introduces a data classification and hierarchical protection system based on the importance of data in economic and social development and the degree of harm it will cause to national security, public interests or the rights and interests of individuals or organizations when such data is tampered with, destroyed, leaked or illegally acquired or used. The PRC Data Security Law also provides for a national security review procedure for data activities that may affect national security and imposes export restrictions on certain data and information. On August 20, 2021, the Standing Committee of the National People’s Congress promulgated the Personal Information Protection Law, effective November 1, 2021. The Personal Information Protection Law clarifies the definition of personal information, which excludes information that has been anonymized, and the required procedures for personal information processing, the obligations of personal information processors, and individuals’ personal information rights and interests. The Personal Information Protection Law provides that, among other things, (i) the processing of personal information is only permissible under certain circumstances, such as prior consent from the subject individual, fulfillment of contractual and legal obligations, furtherance of public interests or other circumstances prescribed by laws and regulations; (ii) the collection of personal information should be conducted in a disciplined manner with as little impact on individuals’ rights and interests as possible; and (iii) excessive collection of personal information is prohibited. In particular, the Personal Information Protection Law provides that personal information processors should ensure the transparency and fairness of automated decision-making based on personal information, refrain from offering unreasonably differentiated transaction terms to different individuals and, when sending commercial promotions or information updates to individuals selected through automated decision-making, simultaneously offer such individuals an option not based on such individuals’ specific characteristics or a more convenient way for such individuals to turn off such promotions.
S-2
On July 7, 2022, the CAC promulgated the Measures for the Security Assessment of Outbound Data Transfer, or the Data Transfer Measures, which became effective on September 1, 2022, pursuant to which, to provide data abroad under any of the following circumstances, a data processor shall apply to the national cyberspace administration for the security assessment of the outbound data transfer through the local provincial cyberspace administration: (i) the data processor provides important data abroad; (ii) the critical information infrastructure operator or the data processor that has processed the personal information of over one million people provides personal information abroad; (iii) the data processor that has provided the personal information of over 100,000 people or the sensitive personal information of over 10,000 people cumulatively since January 1 of the previous year provides personal information abroad; and (iv) any other circumstance where an application for the security assessment of outbound data transfer is required by the national cyberspace administration. As of the date of this report, the data collected and generated in our business does not have a bearing on national security, economic operation, social stability, public health and security, among others, and thus may not be classified as important data by the authorities, and, neither we nor any of our PRC subsidiaries have ever provided any personal information collected and generated in the operations within the territory of the PRC to overseas recipients. Given the abovementioned facts and as advised by our PRC legal counsel, Tahota Law Firm (Beijing), according to its interpretation of the currently in-effect PRC laws and regulations, we do not believe that we or any of our PRC subsidiaries is engaged in any activity that is subject to security assessment as outlined in the Data Transfer Measures. However, as PRC governmental authorities have significant discretion in interpreting and implementing statutory provisions and there remains significant uncertainty in the interpretation and enforcement of relevant PRC data security laws and regulations if the PRC regulatory authorities take a position contrary to ours, we cannot assure you that the activities we or any of our PRC subsidiaries engaging in will not be deemed to be subject to PRC security assessment as stipulated in the Data Transfer Measures in the future, nor can we assure you that we or our PRC subsidiaries would be able to pass such assessment. The promulgation of the above-mentioned laws and regulations indicates heightened regulatory scrutiny from PRC regulatory authorities in areas such as data security and personal information protection.
As uncertainties remain regarding the interpretation and implementation of these laws and regulations, we cannot assure you that we or our PRC subsidiaries will be able to comply with such regulations in all respects, and we or our PRC subsidiaries may be ordered to rectify or terminate any actions that are deemed illegal by regulatory authorities. In addition, while our PRC subsidiaries take various measures to comply with all applicable data privacy and protection laws and regulations, there is no guarantee that our current security measures, operation and those of our third-party service providers may always be adequate for the protection of our users, employee or company data against security breaches, cyberattacks or other unauthorized access, which could result in loss or misuse of such data, interruptions to our service system, diminished user experience, loss of user confidence and trust and impairment of our technology infrastructure and harm our reputation and business, resulting in fines, penalties and potential lawsuits.
S-3