SFC Regulatory Newsletter 2023 Vol.4

Don't miss your email and connect your friends with TalkKing!

With almost of the Covid-19 restrictions has been lifted, we would like to have glorious sunshine during the long-awaited holidays, yet the continuous rain will be set in these days.

“Good rain is coming to our delight. Its early-spring timing is perfectly right. With wind it drifts in all through the night. Silently it’s drenching everything in sight.” Du Fu praised the spring rain with a heart full of joy. “April” is derived from the Latin word “aperire”, meaning “to open”, which may refer to the starting of plant growth in spring. Therefore, April is the most beautiful time of the seasons.

Easter commemorates the resurrection of Jesus from the dead, and it represents love, giving and sacrifice. The joy of this holiday is not just about celebrating and entertainment, it is the deepest joy in life, one that is no longer lonely.

May you enjoy love and hope during the Easter holiday, amidst the spring rain when the trees and flowers are blooming.

Circular to Intermediaries
Arrangements for the Launch of the Hong Kong Investor Identification Regime

2 March 2023

Reference is made to the Circulars dated 12 December 2022 and 31 January 2023 regarding the Hong Kong Investor Identification Regime (HKIDR).

HKIDR Implementation

Relevant Regulated Intermediaries (RRIs) are reminded that the HKIDR was launched on 20 March 2023 (Monday). Upon the launch of the HKIDR, RRIs should comply with all applicable requirements under the SFC’s Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission (Code of Conduct) and the Rules of the Exchange of The Stock Exchange of Hong Kong Limited (SEHK), including obtaining express consent from each individual client, collecting/updating their respective client identification data (CID), assigning to them each a Broker-to-Client Assigned Number (BCAN), submitting the BCAN-CID Mapping Files to SEHK, and tagging BCANs to on-exchange orders as well as off-exchange trades reportable to SEHK.

RRIs are strongly advised to submit the BCAN-CID Mapping File as soon as practicable. If RRIs have not done so upon the launch of the HKIDR, their clients may not be allowed to place buy orders on the day they wish to trade.

During the stabilization period from 20 March 2023 to 31 March 2023 (both dates inclusive), RRIs should closely monitor whether there is any failure in tagging BCAN to an order or any rejection of orders due to wrong BCAN format. In the event that an RRI faces unexpected technical difficulties in tagging BCANs, it should contact SEHK on 2840-3626 or the SFC via hkidr_faq@sfc.hk immediately.

Post Release Test (PRT)

SEHK arranged a PRT for the upgraded Orion Trading Platform – Securities Market (OTP-C) and the Orion Central Gateway – Securities Market (OCG-C) from 9:00am to 12:10pm on 18 March 2023 (Saturday) for RRIs who are Exchange Participants (EPs) to verify their system readiness for BCAN tagging before the launch of the HKIDR on the following Monday. EPs can also involve their non-EP RRI clients in order to test the passing of the orders with BCANs during the PRT.

Circular to Licensed Corporations
Updated Frequently Asked Questions (FAQs) on OTC Derivatives Clearing Requirement

3 March 2023

The Securities and Futures Commission (SFC) and the Hong Kong Monetary Authority (HKMA) updated the FAQs for the Securities and Futures (OTC Derivative Transactions – Clearing and Record Keeping Obligations and Designation of Central Counterparties) Rules to reflect the addition of eight new Calculation Periods under the said rules.

The revised FAQs document is accessible at the SFC’s website: https://www.sfc.hk/en/faqs/OTC-derivatives

Circular to Licensed Corporations and Associated Entities - Anti-Money Laundering / Counter-Financing of Terrorism
(1) FATF Statement on High-Risk Jurisdictions subject to a Call for Action
(2) FATF Statement on Jurisdictions under Increased Monitoring
(3) Outcomes from the FATF Plenary, 22-24 February 2023

10 March 2023

(1) FATF Statement on High-Risk Jurisdictions subject to a Call for Action
Further to the circular issued by the SFC on 2 November 2022, the Financial Action Task Force (FATF) issued a statement on High-Risk Jurisdictions subject to a Call for Action on 24 February 2023, which can be found at https://www.fatf-gafi.org/en/publications/High-risk-and-other-monitored-jurisdictions/Call-for-action-February-2023.html.

For all countries identified as high-risk, the FATF calls on all members and urges all jurisdictions to apply enhanced due diligence, and, in the most serious cases, apply countermeasures to protect the international financial system from the money laundering, terrorist financing, and proliferation financing risks emanating from those countries.

(i) Jurisdictions subject to a FATF call for applying countermeasures
The statement continues to refer its members to the list of high-risk jurisdictions subject to the FATF’s call for countermeasures adopted in February 2020. Since February 2020, in light of the COVID-19 pandemic, the FATF has paused the review process for jurisdictions in the list of High-Risk Jurisdictions subject to a Call for Action. While the February 2020 statement may not necessarily reflect the most recent status of Iran and the Democratic People’s Republic of Korea’s anti-money laundering and counter-financing of terrorism (AML/CFT) regimes, the FATF’s call to apply countermeasures on these high-risk jurisdictions remains in effect.

(ii) Jurisdiction subject to a FATF call for applying enhanced due diligence measures proportionate to the risks arising from the jurisdiction
Given the continued lack of progress and the majority of the action items in relation to Myanmar’s strategic deficiencies still not addressed after a year beyond the action plan’s deadline, the FATF has called on its members and other jurisdictions to apply enhanced due diligence measures proportionate to the risk arising from Myanmar since October 2022. Myanmar will remain on the list of countries subject to a call for action until its full action plan is completed.

(2) FATF Statement on Jurisdictions under Increased Monitoring
The FATF issued an updated statement on Jurisdictions under Increased Monitoring with the addition of Nigeria and South Africa, and removal of Cambodia and Morocco from the list. The statement can be found at https://www.fatf-gafi.org/en/publications/High-risk-and-other-monitored-jurisdictions/Increased-monitoring-february-2023.html.

The FATF will closely monitor and continue to assess the progress made by these jurisdictions in addressing the identified strategic deficiencies in their AML/CFT regimes and encourages its members and all jurisdictions to take into account the information presented in the statement in their risk analysis. Licensed corporations (LCs) and associated entities (AEs) are reminded to browse the website of the FATF for the relevant information, including any updated statements issued by the FATF from time to time.

(3) Outcomes from the FATF Plenary, 22-24 February 2023
The FATF also published various outcomes of its recent Plenary which may be of interest to LCs and AEs. They include:

(a) the finalisation of a guidance document which will help countries implement the revised requirements of Recommendation 24, and also include assessing and mitigating the money laundering and terrorist financing risks associated with foreign companies. The guidance will be published in March 2023;

(b) the agreement on the enhancements to Recommendation 25 on legal arrangements to bring its requirements broadly in line with those for Recommendation 24 on legal persons to ensure a balanced and coherent set of FATF standards on beneficial ownership. The FATF will start working on a guidance document in relation to the implementation of the revised requirements of Recommendation 25;

(c) the completion of a research that analyses the methods that criminals use to carry out their ransomware attacks and how they launder ransom payments in view of the significant increase in scale and number of ransomware attacks in recent years. A report, which includes a list of risk indicators that can help identify suspicious activities related to ransomware, will be published in March 2023; and

(d) the agreement on a roadmap to strengthen the implementation of FATF Standards on virtual assets and virtual asset service providers, which will include a stocktake of current levels of implementation across the global network. In the first half of 2024, the FATF will report on the steps FATF members and the FATF-style regional body countries with materially important virtual asset activity have taken to regulate and supervise virtual asset service providers.

Further information on the FATF Plenary’s outcomes can be found at https://www.fatf-gafi.org/content/fatf-gafi/en/publications/Fatfgeneral/outcomes-fatf-plenary-february-2023.html.

Circular to Intermediaries, Responsible Officers and Licensed Representatives
Waiver of Annual Licensing Fees

27 March 2023

The Securities and Futures Commission (SFC) will waive the annual licensing fees of all intermediaries and licensed individuals incurred during the period from 1 April 2023 to 31 March 2024.

The SFC will not issue the usual demands for payment for annual licensing fees which would ordinarily become payable during this one-year period. Payments of all other fees, including for license applications and transfers, will not be affected.

Circular to Licensed Corporations
Management of Operational and Remote Booking Risks of Trading Activities

30 March 2023

The circular highlights the standards of risk governance, controls and monitoring the SFC expects of LCs in their management of operational and remote booking risks arising from trading activities.

The SFC published a report today on its recent thematic review focusing on these risks. The report provides an overview of the industry landscape and current market practices as well as detailed guidance to facilitate LCs’ ongoing refinement of their risk management processes.

(1) Operational Risk Management for Trading Activities In the context of this circular, operational risk refers to the risk of losses arising from trading activities, resulting from inadequate or failed internal processes, people and systems. Based on the SFC’s survey, LCs rated such risk as the top area of operational risk in terms of severity.

(i) Operational Risk GovernanceAdequate risk governance is necessary for the effective identification and mitigation of operational risks. A robust management structure and supervision mechanism can enable senior management to respond to operational risks in a timely manner and redress operational loopholes or disproportionate risk-taking at an early stage.

The SFC’s review found a number of practices which might detract from the soundness of LCs’ operational risk governance. In one case, an LC solely followed its parent group’s operational risk management framework without sufficiently accounting for local circumstances. Some other LCs failed to clearly set out the requirements for escalating risk incidents or to conduct sufficient assessments of the parameters used in their risk monitoring tools. All these weaknesses could undermine senior management’s ability to promptly identify and manage operational risks.

Expected Standards

clear definition of the roles, responsibilities and accountability of senior management and relevant functions, to ensure proper implementation of the operational risk management framework (including escalation protocols) and foster a sound risk culture within the LC; and
a mechanism to regularly review the adequacy and effectiveness of the operational risk management framework with respect to the LCs’ business nature, size, complexity of operations and risk profile.

(ii) Operational Controls and MonitoringOperational controls and monitoring encompass those LCs implement to detect and prevent errors, omissions or misconduct in trading activities. These measures are typically implemented at pre-trade and post-trade levels by LCs to ensure adherence to its risk appetite, trading and client mandates and regulatory requirements.

The SFC observed a number of areas for improvement in LCs’ implementation of these controls. For example, some LCs did not conduct regular reviews to ensure trade controls comprehensively covered all relevant trading activities nor did they utilise accurate, reliable data sources in their real-time monitoring of unusual trading activities. Such deficiencies can expose LCs to the risks of trading losses or even regulatory breaches.

An LC did not take appropriate follow-up action on frequent and repeated breaches of its trade controls, such as by assessing the conduct of trading staff and enhancing preventive controls. Such deficiencies undermine the effectiveness of trade controls and possibly enable non-compliant practices to continue.

Expected Standards
LCs should establish appropriate operational controls and monitoring practices to detect and prevent errors, omissions or misconduct in their trading activities. They should ensure:

pre-trade and post-trade controls and monitoring are properly implemented and regularly reviewed and calibrated so that their trading activities comply with regulatory requirements and are in line with their risk profiles; and
trade exceptions identified from the operational controls and monitoring processes are properly assessed and followed up so that appropriate action could be taken at an early stage to mitigate any operational loopholes or misconduct in trading activities.

(2) Remote Booking Risk Management for Trading Activities Remote booking is integral to the operations of many global financial groups. As a trade originating or executing entity, LCs may transfer the trading risks (e.g., market or credit risk) to an offshore risk-booking affiliate through a group-wide remote booking arrangement. This arrangement may include a transfer pricing arrangement where cost-sharing or profit or loss allocation takes place amongst the group affiliates.

The SFC’s review focused on the underlying risks typically faced by LCs originating or executing trades in Hong Kong. These risks may include losses from booking failures (e.g., when the group affiliates reject trades which exceed pre-defined risk limits) or unexpectedly large losses being allocated to Hong Kong LCs under the group-wide transfer pricing arrangements.

(i) Remote booking risk governance
Remote booking arrangements often involve multiple group affiliates and processes across different jurisdictions. It is important that LCs appreciate their financial connections with group affiliates and properly evaluate the potential risks of remote booking. Adequate risk governance, encompassing a robust management structure and proper group-wide coordination, is vital to effectively manage the risks underlying remote booking arrangements.

The SFC’s review noted a number of practices which might detract from the soundness of LCs’ risk governance for remote booking. These practices included overreliance on group-level policies which did not sufficiently account for local circumstances, the absence of protocols and timeframes for escalating material trade booking incidents and inadequate senior management engagement to coordinate remote booking matters at the group level.

Expected Standards
LCs should have a sound risk governance framework for remote booking arrangements. The framework should cover the following areas, amongst others:

clear definition of the responsibilities and accountability of senior management for managing the underlying risks of remote booking arrangements; and
a mechanism to coordinate with group affiliates the development of risk management policies and the assessment of potential risks associated with remote booking arrangements (e.g., build-up of risk exposure or booking failures).

(ii) Remote booking controls and monitoring
Remote booking controls and monitoring include an LC’s practices to ensure the proper booking of positions to group affiliates and the proper management of loss allocation under transfer pricing arrangements.

The SFC observed a number of areas for improvement in LCs’ controls and monitoring for remote booking. For example, some LCs did not implement adequate controls and monitoring for booking positions to their group affiliates, e.g., trading mandates, system access controls and risk limits. Such deficiencies can expose the LCs to trade booking failures and potential losses.

An LC did not properly evaluate the financial implications of its transfer pricing arrangements or take sufficient measures to avoid exceptionally large losses being allocated to it. This would put its financial position at risk.

Expected Standards
LCs should ensure that appropriate controls and monitoring are implemented to manage the risks arising from remote booking arrangements with their group affiliates. The controls and monitoring should cover the following areas, amongst others.

Controls and monitoring for booking positions to group affiliates

Trading mandates – LCs should establish trading mandates to clearly set out the responsibilities and authority of trading staff, including the trading and booking activities to be conducted under remote booking arrangements. Appropriate controls and monitoring should be implemented to ensure their staff’s adherence to trading mandates.
System access controls – LCs should implement appropriate system access controls to ensure that only authorised personnel conduct remote booking activities.
Risk limits – LCs should ensure risk limits are in place to control and manage the trading risks they undertake. Appropriate controls and monitoring should be implemented to ensure their staff’s adherence to risk limits.

Loss allocation controls and monitoring for transfer pricing arrangements – LCs should implement adequate controls to monitor the size of any losses to be allocated to them under transfer pricing arrangements and take appropriate measures to prevent material loss allocation which may impair their financial capability.

Click here to download the full report.

Circular to Licensed Corporations
Data Risk Management

30 March 2023

Data risk is drawing mounting attention around the globe in light of the burgeoning volume of data collected and used in business operations. In the context of this circular, data risk refers to the risk of operational disruptions and reputational or financial losses due to LCs’ inadequacy in managing the data lifecycle, which includes the collection, classification, usage, retention, transfer and disposal of data. Significant data risk incidents have occurred, including inadvertent disclosures of material non-public information and leakage of client data from scrapped hardware or third-party service providers.

Data risk management was a focus of a recent thematic review conducted by the SFC. The report on this review, published on 30 March 2023, provides an overview of the industry landscape and current market practices as well as detailed guidance to facilitate LCs’ ongoing refinement of their risk management processes.

Click here to download the full report.

SFC banned Wong Kwun Shing for life

1 March 2023

The SFC banned Mr Wong Kwun Shing, a former licensed representative of Convoy Asset Management Limited (CAML), from re-entering the industry for life.

The disciplinary action followed an SFC investigation which found that Wong took part in a stock manipulation scheme involving a company listed on the Growth Enterprise Market of The Stock Exchange of Hong Kong Limited.

The SFC also found that Wong had breached the SFO by knowingly giving false or misleading answers in a material particular to conceal his involvement in the scheme when he attended an interview with the SFC in 2018.

The SFC considered that Wong is not a fit and proper person to be licensed, as his conduct casts serious doubts on his character, reliability and ability to carry on regulated activities competently, honestly and fairly.

In determining the sanction against Wong, the SFC took into account all relevant circumstances, including:

Wong’s misconduct was deliberate, serious and blatantly dishonest and led to significant losses for X’s clients;
his attempt to conceal his misconduct and mislead the SFC had impeded the SFC’s investigation;
a strong deterrent message to the industry that the SFC will not tolerate such misconduct; and
his otherwise clean disciplinary record.

SFC banned Citigroup Global Markets Asia Limited’s former responsible officer Philip John Shaw for 10 years

6 March 2023

The SFC banned Mr Philip John Shaw, a former responsible officer (RO), board member and Head of Pan-Asia Execution Services of Citigroup Global Markets Asia Limited (CGMAL), from re-entering the industry for 10 years from 4 March 2023 to 3 March 2033.

The disciplinary action followed the SFC’s earlier sanctions against CGMAL for serious regulatory breaches and internal control failures in allowing various trading desks under its Cash Equities business to disseminate mislabelled Indications of Interest (IOIs) and make misrepresentations to institutional clients when executing facilitation trades from 2008 to 2018.

The SFC is of the view that CGMAL’s breaches and failings were attributable to Shaw’s failure to discharge his duties as an RO and a member of CGMAL’s senior management.

In deciding the disciplinary sanction, the SFC took into account all relevant circumstances, including:

Shaw’s misconduct was intentional, dishonest and contrary to a licensed person’s overarching duty to act in clients’ best interests;
CGMAL’s serious internal control failures and regulatory breaches could not have prevailed for over 10 years had he properly discharged his management and supervisory responsibilities;
notwithstanding his experience and seniority, he denied any wrongdoing and attempted to shift all the blame to other management personnel and the compliance function of CGMAL, which reflected a lack of understanding of his duties as an RO and a member of the senior management as well as a lack of remorse;
it is necessary to send a clear and strong message to the industry that the SFC will not tolerate misconduct such as his; and
his otherwise clean disciplinary record.

SFC reprimanded and fines City International Futures (Hong Kong) Limited $100,000 for regulatory breaches

9 March 2023

The SFC reprimanded and fined City International Futures (Hong Kong) Limited (CIFHKL), now known as VERCAP Financial Services Limited, $100,000 for failures in complying with anti-money laundering and counter-terrorist financing (AML/CFT) and other regulatory requirements between March 2016 and October 2018.

The SFC’s investigation found that CIFHKL did not conduct any due diligence on the customer supplied systems (CSSs) used by 16 clients for placing orders. As a result, CIFHKL was not in a position to properly assess and manage the money laundering and terrorist financing (ML/TF) and other risks associated with the use of such CSSs by its clients.

In addition, the SFC identified that the amounts of deposits made into two client accounts were incommensurate with their declared financial profiles. Although CIFHKL claimed that it conducted daily monitoring on client accounts’ fund movements and was aware of the substantial deposits in the two client accounts, it failed to demonstrate that it had conducted proper enquiries on the deposits and satisfactorily addressed the associated ML/TF risks.

The SFC further found that CIFHKL failed to put in place an effective ongoing monitoring system to detect suspicious trading patterns in client accounts as there were frequent, and large number of, trades in the two client accounts, and in many instances buy and sell orders for the same futures contracts were placed by the same client in the same second at the same price.

The SFC is of the view that CIFHKL’s systems and controls were inadequate and ineffective, and failed to ensure compliance with the AML Guideline and the Code of Conduct.

SFAT affirmed SFC decision to reprimand and fine I-Access Investors Limited $600,000 over breach of the Code of Conduct

14 March 2023

The SFC reprimanded and fined I-Access Investors Limited (I-Access) $600,000 for breach of the Code of Conduct after the Securities and Futures Appeals Tribunal (SFAT) upheld the SFC’s disciplinary action against it.

The SFC’s disciplinary action arose from I-Access’s response to an internal system test conducted by Hong Kong Exchanges and Clearing Limited (HKEX) on 6 April 2015. The system test resulted in test data in the form of simulated orders, trade and securities prices being transmitted to clients of HKEX’s market data system, including I-Access.

The SFC found that I-Access in turn disseminated such data in its own system when they should have been disregarded.

This resulted in the incorrect triggering of 27 stop loss sell orders by 12 clients and their executions on the following trading day.

I-Access, however, did not take the initiative to promptly notify the affected clients of the incident and make appropriate compensation offers to them.

The SFC is of the view that I-Access was in breach of the Code of Conduct by failing to act with due skill, care and diligence, and in the best interests of its clients.

In deciding the disciplinary sanction, the SFC took into account that:

this appears to be an isolated incident;
I-Access has changed the programme design of its system since the incident to avoid recurrence of similar incident; and
I-Access has an otherwise clean disciplinary record.

Five more arrested in SFC and ICAC joint operation against sophisticated ramp-and-dump syndicate

15 March 2023

Five key members of an active ramp-and-dump syndicate were arrested in a follow-up joint operation of the Securities and Futures Commission (SFC) and the Independent Commission Against Corruption (ICAC) mounted in the past two days (14 and 15 March). The sophisticated syndicate is suspected of operating ramp-and-dump market manipulation involving illicit gains of $191 million through a complex shareholding network of Hong Kong-listed companies by corrupt means. Eight other members of the syndicate were earlier arrested in another joint operation of the SFC and the ICAC.

The five arrestees are key members of the syndicate, including qualified accountants and senior executives of a number of Hong Kong-listed companies. The joint operation of the SFC and the ICAC involved searches of various premises, including the offices and the residences of the arrestees.

Another eight people – including a suspected ringleader and other key members of the syndicate – were arrested on suspicion of corruption in an earlier joint operation mounted in November last year.

Intensive investigations by the SFC and the ICAC also revealed other criminal offences, including perverting the course of public justice and obstructing the SFC’s investigations.

No further comment will be made at this stage as investigations are ongoing.

Court reaffirmed SFC’s power of issuing restriction notices

22 March 2023

The Court of First Instance dismissed a judicial review application against the SFC relating to restriction notices issued in an ongoing investigation into a suspected “ramp-and-dump” scheme.

The judicial review application, brought by Mr Chen Wencan and Ms Su Jiaqi, sought to challenge the restriction notices issued on 9 February 2021 by the SFC under sections 204(1)(a) and 205(1) of the Securities and Futures Ordinance (SFO) to freeze their assets in various trading accounts held with certain licensed corporations.

The applicants contended that sections 204(1)(a) and 205(1) exercised on the basis of section 207(e) of the SFO was, amongst other things, not prescribed by law and a disproportionate interference with their property rights and was therefore unconstitutional. The arguments were previously dismissed by the Court in another similar judicial review application relating to another suspected “ramp-and-dump” scheme.