SFC gets tough on senior management accountability in Hong Kong

Hong Kong’s Securities and Futures Commission (SFC) has introduced new measures to increase senior management accountability for SFC-licensed corporations, of which there are more than 2,000 in Hong Kong. Senior management, including directors, responsible officers (ROs) and managers-in-charge (MICs) of eight core functions, will need to submit their names, information and management organisational charts to the SFC. Managers-in-charge will need to hold an SFC licence if they conduct an activity regulated under the Securities and Futures Ordinance (SFO). Lawyers Asialaw spoke to note the strengthening of individual accountability rules for SFC-licensed corporations and warn that those in senior management positions should think carefully about their roles in the companies they work at and the potential liabilities if they are found to have breached the rules.

The eight core functions the SFC has set out are:

  • Overall management oversight
  • Key business line
  • Operational control and review
  • Risk management
  • Finance and accounting
  • Information technology
  • Compliance
  • Anti-money laundering and counter-terrorist financing

Starting on April 18, the SFC will accept the information from all licensed corporations and new corporate licence applicants. Licensed corporations will have until July 17 to submit the details. The SFC expects that by October 16, MICs of the overall management oversight and key business line functions will have applied to become ROs.

Identifying individuals in core functions

Jane McBride

The challenge for businesses is to identify the correct individual and submit the person’s name to the SFC. “Firms need to identify who the key people are for the activities listed by the SFC,” says Jane McBride, financial services partner at Deacons. “Everyone, anywhere in the world, responsible for supervising SFC regulated activity needs to be specifically approved by the SFC.”

“Matching current organisational and reporting structures to the MIC regime may be difficult if there are international, regional or matrix reporting structures,” says Jill Wong, financial services/corporate regulatory and compliance partner at Howse Williams Bowers. “Employment contracts and job descriptions of MICs should be reviewed so they are consistent with these new responsibilities. Is current insurance coverage sufficient?  What if decision-making, but not day-to-day management, is carried out by a committee, such as a risk committee, rather than by an individual, then who should be identified as the MIC?”

“Some people don’t want their names included and tend to point to someone upwards in a more senior role,” says McBride. “My advice is to not overthink and start with the obvious answer and get the person’s cooperation.”

“Those in senior management roles should always have been concerned about the compliance culture of the organisations they join,” says McBride. “Now they should be extra careful because if their companies are not operating in a compliant manner, they could be potentially held responsible.”

Narrow focus

Up to now, the SFC has tended to prosecute companies. The concern is that with the rolling out of the new regime, the SFC may be more inclined to take action under section 193 of the SFO, but the message the SFC wants to send to the market is that it is targeting management, not line officers.

“The SFC is careful about exercising its power,” says McBride. “It’s one thing to fine a firm, but once an individual is prosecuted, they can probably never work in the industry again so the SFC has to use its power in a way that doesn’t make people lose confidence.”

“The SFC is spending enforcement resources on high impact cases, including cases that cause significant loss to investors,” says McBride. “The SFC needs firms to be clear about how their operations are managed so that decisions are made in the best interest of investors and to ensure that firms think things through properly and don’t cut corners on issues such as compliance and cybersecurity.”

“There is and has always been the risk of criminal liability for anyone involved in the management of a regulated business, under section 194 of the SFO, so there are no changes to the law, but in reality, until now, there have not really been many enforcement actions against individuals except in cases of fraud and other such deliberate misconduct,” says McBride.

“Over the last few years, the amounts of the fines have been eyewatering,” says McBride. “Regulators fear that firms have almost accepted fines as the price of doing business and some firms probably factor these into their budgets. Regulators know that once the fines don’t matter, this can encourage bad behaviour and the only way to encourage good behaviour is to make the individual suffer.”

Tips for businesses

Businesses and senior management should prepare now for the SFC’s new measures and take precautions.

Jill Wong

“Firstly, always document key decisions and the execution of those decisions so that you can demonstrate that you applied careful thought to an issue and followed up on the proper and timely implementation of your key decisions,” says Wong. 

“Secondly, understand your role and responsibilities in relation to the roles and responsibilities of ROs and other senior managers.  Make sure your job description accurately reflects your role and responsibilities, and that you are given sufficient resources and internal support to carry out your responsibilities. 

"Thirdly, focus on control and compliance issues as well as business and commercial issues in management meetings. Consider control functions as adding value rather than adding costs. Finally, understand the risks that your specific business faces so you can manage them.”

As part of a global trend to hold individuals accountable for their actions, countries such as the UK have also introduced similar measures through the Senior Managers and Certification Regime. How the SFC acts on enforcement will be crucial to watch in the future.