HKMA reminds registered institutions of their Internal Investigation Disclosure Obligation

Authors: William Hallatt, Hannah Cassidy, Natalie Curtis, Tess Lumsdaine and Isabelle Lamberton

The Hong Kong Monetary Authority (HKMA) has issued a circular to registered institutions (RIs) in relation to the frequently-asked questions (FAQs) released by the Securities and Futures Commission (SFC) on 21 May 2019, which sought to clarify the SFC’s Internal Investigation Disclosure Obligation.

In the circular, the HKMA reminds RIs that they also must comply with the Internal Investigation Disclosure Obligation, when notifying the SFC that an individual has ceased to act as its executive officer (EO), reflecting the SFC’s guidance in Question 9 of the FAQs.

The Internal Investigation Disclosure Obligation

On 1 February 2019, the SFC announced significant changes to its licensing forms and processes. Included in these changes was the introduction of the compulsory Internal Investigation Disclosure Obligation through the new Form 5U, which came into effect on 11 April 2019.

The Internal Investigation Disclosure Obligation requires RIs to provide information to both the SFC and the HKMA regarding:

  • whether departing EOs were the subject of an internal investigation in the six months prior to their cessation; and
  • details of this investigation, if such details have not previously been provided to the regulators.

Firms are also required to notify the SFC and HKMA as soon as practicable if an internal investigation into that individual is commenced subsequent to making the initial notification of cessation (for more details, please see our February 2019 bulletin).

The FAQs

On 21 May 2019, the SFC released the FAQs to clarify various aspects of the Internal Investigation Disclosure Obligation, including:

1. The scope of reportable investigations

It is now clear that the scope of reportable investigations is very wide, given that:

  • firms are required to proactively disclose information about all “investigative actions” (no matter how they are described in internal policies), regardless of whether the subject matter covers regulated or unregulated activities; and
  • no materiality threshold will apply to exclude low-level investigations that are of minimal significance from the obligation.

2. The level of detail required for disclosures

When making an internal investigation disclosure, firms are required to provide information on:

  • factual matters, including a description of the matter, background, relevant dates, duration, the role played by the outgoing employee, and status of the investigation;
  • an assessment of the (potential) impact to the market and clients, and materiality; and
  • if the investigation is completed, the outcome of the investigation and the basis of its conclusion.

3. The confidentiality applied to any disclosures made

In the FAQs, the SFC reiterated its statutory obligation under section 378 of the Securities and Futures Ordinance, and confirmed that it will not disclose information obtained under the new obligation to any other persons, including the outgoing employee and his/her prospective employer, unless otherwise permitted by law.

Although the HKMA’s circular is silent on this point, it is likely that the HKMA will take a similar approach to the sharing of information obtained under the obligation. However, given the scope of the obligation and the sensitive nature of the disclosures, a positive statement from the HKMA would be welcomed.

Final Thoughts

The HKMA’s circular has made clear that the HKMA is supportive of the SFC’s intention to ensure that individuals will no longer be permitted to escape regulatory scrutiny by simply resigning during the course of an investigation.

However, the Internal Investigation Disclosure Obligation is a significant enhancement of the prior notification requirements. We anticipate that firms will face a number of key issues in complying with this requirement, including navigating potential litigation risk from former employees, and considering what constitutes an “investigative action”.

William Hallatt
William Hallatt
Asia Head of Financial Services Regulatory, Hong Kong
+852 2101 4036
Hannah Cassidy
Hannah Cassidy
Partner, Hong Kong
+852 2101 4133
Natalie Curtis
Natalie Curtis
Partner, Singapore
+65 6868 9805
Tess Lumsdaine
Tess Lumsdaine
Registered Foreign Lawyer (New South Wales, Australia), Hong Kong
+852 2101 4122

Isabelle Lamberton
Isabelle Lamberton
Registered Foreign Lawyer (New South Wales, Australia), Hong Kong
+852 2101 4218

Client facilitation – Key standards of conduct and internal controls identified and reiterated by Hong Kong SFC

Authors: William Hallatt, Hannah Cassidy and Jennifer Fong

On 14 May 2019, the Securities and Futures Commission (SFC) issued further guidance identifying and reiterating the key standards of conduct and internal controls relating to client facilitation expected of licensed corporations (LCs).

By way of background, conflicts of interest may arise in a facilitation transaction where LCs assume a risk-taking principal position against clients as opposed to acting as an agent. Such conflicts of interest have long been identified by the SFC as a recurring regulatory concern, which they take very seriously.

Guidance issued to date on client facilitation

Back in 2014, the SFC organised a supervisory briefing session so as to draw the industry’s attention to common deficiencies and vulnerabilities associated with the provision of client facilitation services identified during its routine inspections.

Two years on, the SFC commenced a thematic review in 2016, which assessed the effectiveness and adequacy of management supervision and controls concerning client facilitation.

In 2018, the SFC published detailed observations from its thematic review, and set out guidance on the standards of conduct and internal controls expected of LCs providing client facilitation services. Four main areas of expected standards of conduct and internal controls relating to client facilitation were identified:

  1. controls, monitoring and management supervision;
  2. segregation of agency and facilitation activities;
  3. consent and disclosure; and
  4. indications of interests (IOIs).

Most recently, on 14 May 2019, the SFC issued a circular to LCs to:

  • outline its inspection findings relating to client facilitation in recent years; and
  • remind LCs of the expected standards of conduct and internal controls in respect of providing client facilitation services.

Back

Recent inspection findings

Since mid-2018, the SFC has reviewed the level of compliance with expected standards during the course of its inspections of selected brokers. In particular, the SFC found that certain traders:

  • misrepresented a house or client facilitation trade as an agency trade;
  • were silent or not transparent about whether facilitation would be involved in a trade; or
  • failed to obtain express consent from clients prior to effecting client facilitation trades;

The SFC also discovered that:

  • some IOIs were described as natural although they were not based on a genuine client intent to trade; and
  • some firms’ policies and procedures were not clear and failed to ensure compliance with the expected standards.

Back

Expected standards of conduct and internal controls – the key ones

The SFC identified in its 14 May 2019 circular the standards of conduct and internal controls relating to client facilitation expected of LCs it considered were key, all of which were covered in the 2018 observations and are not new:

  • controls, monitoring and management supervision: establishing policies and procedures which cover key client facilitation controls such as client consent and accuracy of IOIs;
  • segregation of agency and facilitation activities: recording and monitoring on a timely basis communications between agency traders and client facilitation traders;
  • consent and disclosure: disclosing to clients the nature of trades and obtaining clients’ prior explicit consent to each client facilitation trade to ensure that they are fully informed of the inherent conflicts of interest; and
  • IOIs: disseminating IOIs with accuracy and sufficient details only in cases of a genuine client or proprietary intent to trade.

Back

Way forward

Ensuring compliance with the SFC’s expected standards in relation to client facilitation, especially the key ones identified in the 14 May 2019 circular, is of utmost importance as it helps to protect clients who rely on LCs to act in their best interests and to maintain market integrity and confidence.

In doing so, licensed individuals should, when dealing with clients, always act honestly and fairly, disclose conflicts of interests and take all reasonable steps to ensure fair treatment of clients if such conflicts cannot be avoided.

In light of the SFC’s close scrutiny of non-compliance on the part of LCs and the increasing enforcement focus on individuals (including Managers-in-Charge), LCs are advised to critically review existing policies and procedures for client facilitation and implement all necessary measures to ensure full compliance with the SFC’s expected standards.

Back

William Hallatt
William Hallatt
Head of Financial Services Regulatory, Asia Hong Kong
+852 2101 4036
Hannah Cassidy
Hannah Cassidy
Partner, Hong Kong
+852 2101 4133
Jennifer Fong
Jennifer Fong
Associate, Hong Kong
+852 2101 4244

HKMA takes first step towards regulating the use of big data analytics and artificial intelligence in FinTech

Authors: Hannah Cassidy, Jeremy Birch, Sheena Loi and Peggy Chow

The Hong Kong Monetary Authority (HKMA) has issued a circular to encourage authorised institutions to adopt the “Ethical Accountability Framework” (EAF) for the collection and use of personal data issued by the Office of the Privacy Commissioner for Personal Data (PCPD). A report on the EAF was published by the PCPD in October 2018 (Report), which explored ethical and fair processing of data through (i) fostering a culture of ethical data governance and (ii) addressing the personal data privacy risks brought by emerging information and communication technologies such as big data analytics, artificial intelligence and machine learning.

The EAF is expressly stated to be non-binding guidance, intended as a first step towards a privacy regime better equipped to address modern challenges. However, the HKMA’s circular arguably elevates the legal status of the EAF for authorised institutions. The HKMA is likely to incorporate the EAF into its broader supervision and inspection of authorised institutions. In particular, in construing the principles based elements of the Supervisory Policy Manual as it applies to FinTech, the EAF will undoubtedly have an influence going forward.

Tension between the value of data-processing technology and public trust

Big data has no inherent value in its raw form. Its value lies in the ability to convert that data into useful information for organisations, which can then generate knowledge or insight relating to clients or the market as a whole through data analytics or artificial intelligence. Ultimately, this insight results in competitive advantage. However, a tension exists between (i) developing data-processing technology to gain a competitive advantage; and (ii) addressing public distrust arising from the data-intensive nature of such technology.

As the Report highlights, the existing regulatory regime in Hong Kong does not adequately address the privacy and data protection risks that arise from advanced data processing. Big data analytics and artificial intelligence in particular pose challenges to the existing notification and consent based privacy legal framework. These challenges are not limited to the legal framework in Hong Kong. The privacy and data protection legislations on an international level are also ill-equipped to anticipate advances in data-intensive technology.

Back

Data stewardship accountability

The PCPD sees the need to provide guidance on how institutions could act ethically in relation to advanced data-processing to foster public trust. It reminds institutions to be effective data stewards, not merely data custodians. Data stewards take into account the interests of all parties and consider whether the outcomes of their advanced data processing are not just legal, but also fair and just.

The PCPD also encourages data stewardship accountability, which calls for institutions to define and translate stewardship values into organisational policies, using an “ethics by design” approach. This approach requires institutions to have data protection in mind at every step and to apply the principles of privacy by default and privacy by design. Privacy by default means that once a product or service has been released to the public, the strictest privacy settings should apply by default. Privacy by design, on the other hand, requires organisations to ensure privacy is built into a system during the entire life cycle of the system. Ultimately, data stewardship should be driven by policies, culture and conduct on an organisational level, instead of technological controls.

Both the privacy by design and the privacy by default principles are mandatory requirements under the EU General Data Protection Regulation (GDPR). The legal development trend is for Asian-based privacy regulators to, whether by means of enacting new laws (e.g. India) or issuing non-mandatory best practice guidance to encourage data users to meet the higher standards under GDPR.

Back

Data stewardship values

The PCPD encourages institutions to adopt the three “Hong Kong Values”, whilst providing the option to modify each value to better reflect their respective cultures. The three Hong Kong Values listed below are in line with the various Data Protection Principles of the Personal Data (Privacy) Ordinance (Cap. 486):

(i)   The “Respectful” value requires institutions to:

  • be accountable for conducting advanced data processing activities;
  • take into consideration all parties that have interests in the data;
  • consider the expectations of individuals that are impacted by the data use;
  • make decisions in a reasonable and transparent manner; and
  • allow individuals to make inquiries, obtain explanations and appeal decisions in relation to the advanced data processing activities.

(ii)   The “Beneficial” value specifies that:

  • where advanced data-processing activities have a potential impact on individuals, organisations should define the benefits, identify and assess the level of potential risks;
  • where the activities do not have a potential impact on individuals, organisations should identify the risks and assess the materiality of such risks;
  • once the organisation has identified all potential risks, it should implement appropriate ways to mitigate such risks.

(iii)   The “Fair” value specifies that organisations should:

  • avoid actions that are inappropriate, offensive or might constitute unfair treatment or illegal discrimination;
  • regularly review and evaluate algorithms and models used in decision-making for any bias and illegal discrimination;
  • minimise any data-intensive activities; and
  • ensure that the advanced data-processing activities are consistent with the ethical values of the organisation.

The PCPD also encourages institutions to conduct Ethical Data Impact Assessments (EDIAs), allowing them to consider the rights and interests of all parties impacted by the collection, use and disclosure of data. A process oversight model should be in place to ensure the effectiveness of the EDIA. While this oversight could be performed by internal audit, it could also be accomplished by way of an assessment conducted externally.

Back

International Direction of Travel

The approach outlined above is not unique to Hong Kong. In fact, at the time the EAF was announced by the PCPD in October 2018, the 40th International Conference of Data Protection and Privacy Commissioners released a Declaration on Ethics and Protection in Artificial Intelligence (Declaration) which proposes a high level framework for the regulation of artificial intelligence, privacy and data protection. The Declaration endorsed six guiding principles as “core values” to preserve human rights in the development of artificial intelligence and called for common governance principles on artificial intelligence to be established at an international level.

It is clear that there is a global trend toward ethical and fair processing of data in the application of advanced data analytics. For instance, the Monetary Authority of Singapore has formulated similar ethical principles in the use of artificial intelligence and data analytics in the financial sector, announced in November 2018. Another example is the EU’s GDPR’s specific safeguards related to the automated processing of personal data that has, or is likely to have, a significant impact on the data subject, to which the data subject has a right to object. Specifically, a data protection impact assessment assessing the impact of the envisaged processing operations must be carried out before such processing is adopted, if such processing uses new technologies and is likely to result in a high risk to the rights and freedoms of natural persons after taking into account the nature, scope, context and purposes of the processing.

Although this may appear to be a relatively minor development in Hong Kong, we see this as a step in a broader movement toward the regulation of AI and a sea change in the approach to data protection and privacy. The HKMA circular and the EAF are in line with the global data protection law developments, which are largely being led by the EU.

Back

Hannah Cassidy
Hannah Cassidy
Partner, Hong Kong
+852 2101 4133
Jeremy Birch
Jeremy Birch
Partner, Hong Kong
+852 2101 4195
Sheena Loi
Sheena Loi
Senior Consultant, Hong Kong
+852 2101 4146
Peggy Chow
Peggy Chow
Senior Associate TMT/Data Protection, Singapore
+65 6868 8054

Disclosure of internal investigations – the Hong Kong SFC’s FAQs fail to relieve industry concerns

The Hong Kong Securities and Futures Commission (SFC) has released frequently-asked questions (FAQs) to clarify its Internal Investigation Disclosure Obligation – a measure introduced in February 2019 to stop the “roll” of “bad apples” within the financial industry.

The Obligation requires licensed corporations (LCs) and registered institutions (RIs) to provide the SFC with extra information about the circumstances of any licensed employee’s departure. This includes whether the individual was subject to an internal investigation in the six months prior to their departure.

The FAQs cover:

  • what must be reported under the Obligation;
  • the level of detail required for an Internal Investigation Disclosure; and
  • how the SFC will treat the confidentiality of information reported under the Obligation.

While the aims of the Obligation and the clarity provided by the new FAQs are generally welcomed by the industry, serious concerns remain about the practicalities of implementation by firms and the usefulness of the disclosed information to the SFC.

We have been following the developments of the Obligation since its introduction in February and have been part of the industry discussion on this new requirement led by the Asia Securities Industry & Financial Markets Association (ASIFMA). Herbert Smith Freehills and ASIFMA are holding a joint briefing in Hong Kong to explain how the new Obligation and the FAQs will impact LCs and RIs in Hong Kong, and you are welcome to attend.

EVENING SEMINAR IN HONG KONG – 28 May 2019

Date:Tuesday, 28 May 2019
Time:6pm – Registration

6.30-7.30pm – Seminar

7.30-9pm – Cocktail reception

Venue:Eaton Club, 5/F Champion Tower

Three Garden Road, Central, Hong Kong

Please click here to view a map

If you are interested in attending the joint briefing, please email our Events Team for registration.

BACKGROUND

On 20 April 2018, the Financial Stability Board (FSB) released its regulatory toolkit for misconduct risk. Amongst its aims, the FSB encouraged regulators to do more to prevent individuals who engage in misconduct moving between financial institutions without their misconduct being disclosed to their new employer (for further details, please see our April 2018 bulletin).

On 1 February 2019, the SFC announced significant changes to its licensing forms and processes. Included in these changes was the introduction of the new compulsory Internal Investigation Disclosure Obligation through the new Form 5U, which came into effect on 11 April 2019.

Specifically, under the new Form 5U, firms need to:

  • identify whether departing licensed representatives, responsible officers and executive officers (outgoing employees) were the subject of an internal investigation in the six months prior to their departure;
  • provide details of this investigation if such details have not previously been provided to the SFC; and
  • notify the SFC as soon as practicable if an internal investigation into that individual is commenced after making the initial notification of cessation.

Back

SUMMARY OF THE SFC’S FAQS

Apart from providing an introduction and explaining the purpose of the new Obligation, the SFC has clarified various key aspects of this new requirement, including:

  • the scope of reportable investigations;
  • the level of detail required for disclosures; and
  • the confidentiality applied to any disclosures made.

Scope of reportable investigations

The SFC acknowledges that firms may adopt different terms, such as checking, inquiry, enquiry, review, examination, inspection or investigation, in respect of their investigative actions. However, the SFC has made it clear that it expects firms to proactively disclose information about all “investigative actions” (no matter how they are described), regardless of whether the subject matter covers regulated or unregulated activities.

The SFC has further provided a non-exhaustive list of examples of investigations involving an outgoing employee that should be reported:

  • investigations about suspected or actual breaches of applicable laws, rules and regulations;
  • investigations about suspected or actual breaches of a firm’s internal policies or procedures;
  • investigations about misconduct that is likely to give rise to concerns about the fitness and properness of an outgoing employee;
  • investigations about any matter that may have an adverse market or client impact; and
  • investigations about any matter potentially involving fraud, dishonesty and misfeasance.

In addition, the SFC has clarified that, even where a firm has completed its investigation and made no negative findings against an outgoing employee, the firm will still be required to notify the SFC of the investigation. However, in such situations, only a brief description of the nature of the matter and an explanation about the basis of conclusion will be required.

Whilst it was understood that a firm had to disclose any investigations that began after the departure of its outgoing employee as soon as practicable, the SFC has further clarified that such investigations must be disclosed regardless of the length of time that has elapsed since the outgoing employee left the firm, i.e. there is no time limit on the on-going requirement.

Level of detail required for disclosures

Broadly speaking, firms should disclose information that they can lawfully disclose to the SFC for its thorough understanding of the subject matter of an investigation.

Generally, firms should include in their disclosures:

  • the nature and background of the matter;
  • the date(s) when the matter occurred;
  • the duration of the matter;
  • the role played by the outgoing employee in the matter;
  • the actual and/or potential impact to the market and client(s) and assessment of materiality;
  • the status of the investigation; and
  • the outcome of the investigation and basis of its conclusion (if the investigation is complete).

Where there are any developments such as new information or updates on the status of an investigation that has already been disclosed to the SFC, firms should provide such information to the SFC as soon as practicable, irrespective of whether the investigation had previously been concluded.

Confidentiality applied to any disclosures made

The SFC has reiterated its statutory obligation under section 378 of the Securities and Futures Ordinance (SFO) to preserve secrecy in respect of information obtained during the performance of its regulatory functions including disclosures made to the SFC under the new Obligation and will treat such information as confidential.

In particular, the SFC will not disclose information obtained under the new Obligation to any other persons, including the outgoing employee and his/her prospective employer unless otherwise permitted by law.

Back

CHALLENGES

Won’t this be a heavy administrative and logistical burden on firms?

The SFC has made clear that no materiality threshold will apply to exclude investigations that are of minimal significance and/or impact to the market and client(s) from the Obligation.

The scope of reportable investigations is therefore very wide given that any and all potentially wrongful acts committed by an outgoing employee could trigger the Obligation regardless of the eventual outcome of investigations.

The administrative and logistical burden therefore imposed on firms raises issues as to the practicality of implementing the requirement properly, especially for smaller firms in Hong Kong with limited resources.

How should firms navigate the potential pitfalls as to conflicts with other laws and regulations?

Whilst the SFC has clarified that disclosures need only be made where the same would be lawful, no further guidance has been published on how this would work in practice.

As such, firms will likely have to consider each reportable investigation on a case-by-case basis and decide whether a disclosure may breach any laws or regulations, e.g. relating to personal privacy, data privacy or employment, in turn increasing the burden on firms to ensure compliance.

What is the utility of collecting so much information and won’t this cause undue delays in the licensing process?

The information collected through the disclosures could potentially assist the SFC in considering whether an individual is a fit and proper person to remain licensed under the SFO.

However, the catch-all nature of the Obligation raises questions as to the utility of this information if the SFC is flooded with disclosure reports that are not relevant for these purposes. It also raises concerns as to the length of time required by the SFC to complete the licensing process in circumstances where a disclosure has been made on Form 5U.

Back

CONCLUSION

The new Internal Investigation Disclosure Obligation is a significant enhancement of the prior notification requirements. It is clearly the intention of the SFC to ensure that individuals will no longer be permitted to escape regulatory scrutiny by simply resigning during the course of an investigation.

Whilst the enhanced Obligation, which forms part of a broader focus by the SFC on individuals’ fitness and properness, is generally welcomed by industry participants, serious concerns remain about the practicalities and challenges of implementation, as well as the scale and usefulness of the information to be disclosed to the SFC.

Back

William Hallatt
William Hallatt
Head of Financial Services Regulatory, Asia Hong Kong
+852 2101 4036
Hannah Cassidy
Hannah Cassidy
Partner, Hong Kong
+852 2101 4133
Natalie Curtis
Natalie Curtis
Partner, Singapore
+65 6868 9805
Tess Lumsdaine
Tess Lumsdaine
Registered Foreign Lawyer (New South Wales, Australia), Hong Kong
+852 2101 4122

Jennifer Fong
Jennifer Fong
Associate, Hong Kong
+852 2101 4244

FATF Releases Fourth Round Mutual Evaluation Report of China

Authors: Kyle Wombolt, Jeremy Birch, Karen Ip and Mark Chu

On 17 April 2019, the Financial Action Task Force (FATF) released its fourth round mutual evaluation report (Report) on the effectiveness of China’s measures on anti-money laundering (AML) and combating terrorist financing (CTF). The FATF is an intergovernmental organization which, in addition to developing AML and CTF policies, conducts periodic evaluations of member countries in order to evaluate the effectiveness of their AML and CTF policies.

What changes can institutions anticipate based upon the FATF’s recommendations?

Based on the FATF’s recommendations and recent developments within China, financial institutions and others falling within the AML Law’s ambit are likely to see increased regulatory scrutiny of their compliance with AML and CTF obligations. From a practical perspective, this is likely to result in an increased frequency of regulatory inspections, higher levels of enforcement activity and elevated penalties being sought.

What are the FATF’s findings in the Report?

Some key findings include the following:

  • The effectiveness of China’s financial intelligence unit (FIU) is hampered by the incomplete sharing of information, inconsistent reporting practices for suspicious transaction reports (STR), and a lack of information regarding beneficial ownership (BO).
  • The effectiveness of China’s Financial Institutions’ (FIs) preventative measures is limited by the market’s current level of understanding of ML/TF risks, a lack of implementation of requirements related to BO and ongoing due diligence, and gaps relating to the reporting of STRs.
  • Designated Non-Financial Businesses and Professions’ (DNFBPs) (such as lawyers, real estate agents, and dealers in precious metals) implementation of preventative measures to address ML and TF is very limited.

What are the FATF’s recommendations in the Report?

The FATF has made several recommendations in the Report, including the following:

First, the FATF recommends that the People’s Bank of China (PBOC) increase onsite inspections in the banking sector, ensure adequate supervision of the DNFBP sectors, and extend the Anti-Money Laundering Law (AML Law) to the online lending sector. With regards to supervision of the DNFBP sectors, the PBOC issued a notice in July 2018 (link in Chinese) that would apply the AML Law’s AML and CTF obligations to DNFBPs. In October 2018, China’s top financial regulators – the PBOC, the China Banking and Insurance Regulatory Commission and the China Securities Regulatory Commission – also issued joint guidelines (link in Chinese) to expand AML and CTF oversight to internet financial service providers, including those conducting online payment and lending services.

Second, the FATF recommends that China should review the effectiveness of its financial sanctions for AML and consider substantially increasing the size of penalties for violations of the AML Law. There are already indications that China is moving in this direction. In particular, supporters of a motion to amend to the AML Law (link in Chinese) have proposed expanding the scope of the crime of money laundering beyond the current seven categories of predicate crimes. The supporters of the motion have also proposed ensuring that obligations under the AML law reach DNFBPs such as real estate agents, precious metals exchanges and law firms. Finally, they have proposed increasing the monetary penalties available under the AML Law which are currently capped at 5 million yuan (or approximately US$742,170).

Third, the FATF recommends that guidance and training should be provided to FIs and DNFBPs to enhance their understanding of the concept of beneficial ownership. The Report highlighted that institutions sometimes had varying, incomplete understandings of the concept of beneficial ownership. The FATF also states that whilst China’s National Enterprise Credit Information Publicity System can serve as a starting point to obtain BO information, it does not indicate whether the registered legal owner or the shareholders is the BO.

Updated DOJ Guidance Steers Effective Compliance and Remediation Programmes

Authors: Kyle Wombolt, Jeremy Birch and Charlotte Benton

The US Department of Justice Criminal Division (DOJ) has issued updated guidance on the Evaluation of Corporate Compliance Programs (guidance). Under the guidance, DOJ prosecutors evaluate the effectiveness of a company’s compliance programme when conducting an investigation, determining whether to bring charges or negotiating plea or other arrangements.

“Whether in the US, Asia Pacific or elsewhere, the guidance sets out useful prompts for a best practice compliance framework” observes Hong Kong corporate crime and investigations partner, Jeremy Birch. “Given the propensity of regulators to borrow from each other’s procedures and practices, it will also be of interest to companies subject to regulatory scrutiny, investigation or enforcement outside the US, as a benchmark for appropriate remediation and resolution.”

The guidance covers many of the same areas as the previous version, providing additional context to the multifactor analysis of a compliance programme.

Continue reading

HKMA and SFC issue joint circular following co-ordinated inspections which reveal risky financial arrangements and deficient lending practices

Authors: William Hallatt, Hannah Cassidy and Valerie Tao

On 24 April 2019, the Hong Kong Monetary Authority (HKMA) and the Securities and Futures Commission (SFC) issued a joint circular on their recent co-ordinated inspections of a bank and an SFC licensed corporation (LC) within a Mainland-based group.

The inspections identified two key areas of concern:

  • The group had adopted complex structures and opaque financing arrangements, which may have concealed financial risks and made it difficult to conduct rigorous risk assessment.
  • There were deficiencies in the lending practices of the bank within the group.

The regulators have indicated that this is not a one-off case and encourage institutions with similar structures and arrangements to conduct a review urgently and take action to mitigate risks.

This is not the first time the HKMA and the SFC have undertaken co-ordinated inspections, but is a relatively new collaborative approach. The SFC has recently stated that, as part of its front-loaded regulation, it will be conducting more joint supervisory exercises with the HKMA.

The regulators have indicated in the circular that they have also been coordinating with Mainland regulators to share information and observations derived from their supervisory work.

Continue reading

New podcast on conducting internal investigations in Asia

Robert Hunt, a partner in the firm’s corporate crime and investigations practice, has recorded a podcast for the Corporate Compliance and Ethics Blog on trends in internal investigations in Asia.

Whilst investigations used to be largely corruption-related, Rob is seeing an increasing number of investigations into sales and revenue fraud, money laundering and sanctions. Robert discusses these as well as the rise of data privacy and privilege issues and the role played by language and culture in investigations.

Continue reading

AML/CFT compliance in Hong Kong: Recent record fine and reminder of latest guidance

Authors: William Hallatt, Hannah Cassidy, Natalie Curtis, Valerie Tao and Jennifer Fong.

The Hong Kong Securities and Futures Commission (SFC) has recently reprimanded and fined Guosen Securities (HK) Brokerage Company (Guosen) HK$15.2 million for failures in complying with anti-money laundering and counter-terrorist financing (AML/CFT) regulatory requirements when handling third party fund deposits.

This is the largest fine imposed under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO) to date.

In this e-bulletin, we provide an overview of the Guosen case and other recent cases, the regulators’ approach to AML/CFT enforcement, as well as a reminder of the recent AML/CFT regulatory guidance.

Continue reading