The Hong Kong Securities and Futures Commission (SFC) has released its long awaited FAQs regarding its 31 October 2019 circular on the use of external electronic data storage providers (EDSP Circular). While there are some aspects of the FAQs which we anticipate will create practical challenges and will require some careful analysis to implement, we generally consider the FAQs to be a significant step forward and to provide much needed flexibility for the industry. Continue reading
The Hong Kong Securities and Futures Commission (SFC) has extended its deadline for licensed corporations to confirm compliance with its new data storage regulations, due to the COVID-19 outbreak.
On 31 March 2020, the SFC granted a six-month extension to the implementation deadline for aspects of its 31 October 2019 circular on the use of external electronic data storage providers (EDSPs) by licensed corporations for the storage of regulatory records (EDSP Circular).
On 20 January 2020, the Constitutional and Mainland Affairs Bureau (CMAB) together with the Privacy Commissioner for Personal Data (Privacy Commissioner), published a consultation paper raising important data protection issues and proposing possible amendments to the Personal Data (Privacy) Ordinance (Cap. 486) (PDPO), after having reviewed the existing data protection regime in Hong Kong. These include possibly introducing a mandatory data breach notification mechanism, requiring data users to specify a retention period for personal data collected, raising the sanctioning powers of the Privacy Commissioner as well as potentially making data processors more accountable.
The Hong Kong Monetary Authority (HKMA)’s executive director for banking conduct, Mr Alan Au, recently delivered a speech on bank culture at the 1LoD Summit in Hong Kong.
To briefly recap:
- In March 2017, the HKMA launched its bank culture reform with a view to fostering the right culture and values in banks, focusing on three pillars – (1) governance, (2) incentive systems and (3) assessment and feedback mechanisms.
- Following that, the HKMA announced three supervisory measures for bank culture in December 2018 – (1) self-assessment by banks, (2) focus reviews and (3) culture dialogues – with a view to gauging the progress of bank culture reform in Hong Kong (see our bulletin of December 2018 for further details).
- The first phase of the self-assessment exercise was launched in early 2019, requiring 30 authorised institutions (AIs) (including major retail banks in Hong Kong and selected foreign bank branches with substantive operations in Hong Kong) to submit their self-assessment outcomes within six months.
Although the HKMA is still in the process of reviewing the self-assessments submitted by the 30 AIs, Mr Au took the opportunity of the 1LoD Summit to provide the HKMA’s initial observations on how the AIs have approached culture reform, and highlight some good practices and common issues of concern observed.
AIs (whether or not they are among the 30 AIs who have submitted their self-assessments) should take note of the observations and guidance provided by Mr Au and enhance their culture initiatives as appropriate.
Going forward, the HKMA plans to further progress its culture supervisory measures, including:
- sharing more observations from its review of AIs’ self-assessments;
- commencing focused reviews to dive deeply into certain key areas of banking culture, such as incentive systems of front offices in specific business streams of retail banks;
- continuing its culture dialogues with Als, which it commenced in 2019 (during which it had in-depth discussions with the leadership at a few AIs’ on the effectiveness of their culture enhancement efforts and provided its supervisory feedback on conduct and culture).
Common emerging themes from initial review of self-assessments
Mr Au noted that it is encouraging to see that AIs generally agree with the need to foster sound culture, and have been implementing a range of culture enhancement initiatives.
The HKMA has identified some common themes from the self-assessments which it expects AIs to take note of:
- There is limited information on how global or regional headquarters are taking into account local circumstances or are providing support to local offices in implementing culture enhancement initiatives, whether the Hong Kong office is the regional headquarters or the downstream entity.
- There is limited information on incentive systems designed to promote sound culture and prevent incidents of misconduct.
- Most AIs have only shared case facts with employees when discussing misconduct cases overseas or in other banks, without going deeper to understand the underlying root causes of those incidents in order to prevent the same from happening within the organisation.
- Most AIs have incorporated backward-looking but not forward-looking indicators in their dashboards for assessing culture.
- A few AIs only relied on a single source of data (such as results of employee surveys) to assess culture (it is preferable to combine quantitative and qualitative data from multiple sources to allow for the different culture indicators to be triangulated).
Further details of HKMA’s observations and examples of good practices
Pillar 1: Governance
The HKMA is pleased to see that all 30 AIs invited to the self-assessment exercise have a framework for board supervision of culture. All locally incorporated banks have a board-level committee chaired by an independent non-executive director to oversee culture-related matters, and overseas incorporated banks have board-level oversight at either a global or regional level on such matters.
It is important that AIs’ leadership cascades the “tone from the top” through effective and continual communication and training. Mr Au gave examples of the ways in which two of the AIs communicated their culture expectations in a language that can be easily understood by staff:
- A series of videos covering conduct-related themes were broadcasted to all staff at an AI that creatively intermingled fung shui elements. The videos had a different conduct-related focus every month, and featured a local fung shui master or celebrity together with a member of the AI’s senior management team.
- An AI tailor-made summary sheets of its culture and behavioural standards for various business functions. These were designed in a way that made culture issues resonate with the day-to-day work at each of the business functions.
Pillar 2: Incentive systems
The HKMA encourages AIs to provide incentives (both monetary and non-monetary) for desired behaviour as well as disincentives for undesirable behaviour.
Mr Au gave examples of the systems two AIs used:
- An AI established an online platform that provided peer recognition systems for employees to recognise each other for positive behaviours under a set of criteria, such as “speaking up” and “doing the right thing”, and gave out monetary rewards to employees who have accumulated a certain number of recognition points.
- An AI put in place a “red flag” mechanism as a core part of its consequence management framework, setting out various types of breaches and their corresponding “red flag scores” for the purposes of tracking employees’ undesirable behaviours. When an employee exceeded a pre-specified threshold for the “red flag score”, his or her performance rating and compensation may be adjusted downwards.
Pillar 3: Assessment and feedback mechanisms
Many AIs have just set up their culture dashboards and are still at an early stage in determining the right indicators. One AI was noted to have developed a dashboard which incorporated multiple data sources, including feedback from their employee survey (in which the employees would rate perceptions of themselves as well as other colleagues) and other quantitative data which allowed for the different data sources to be triangulated.
While all AIs involved in the self-assessment had certain whistleblowing mechanisms in place, it is important that they also provide adequate protection to employees who speak up.
- One of the AIs operated a 24/7 dedicated hotline with live operators who can connect to translators in multiple languages to make it convenient and comfortable for staff to raise concerns or report promptly, both during and outside office hours.
- Another AI expressly set out in its policy that retaliation against whistle-blowers may give rise to disciplinary action that could entail termination of employment.