The Hong Kong Securities and Futures Commission (SFC) has released its long awaited FAQs regarding its 31 October 2019 circular on the use of external electronic data storage providers (EDSP Circular). While there are some aspects of the FAQs which we anticipate will create practical challenges and will require some careful analysis to implement, we generally consider the FAQs to be a significant step forward and to provide much needed flexibility for the industry. Continue reading
Tag: Hong Kong
The Hong Kong Monetary Authority (HKMA) has recently published its White Paper on Green and Sustainable Banking, as well as a circular to share a range of practices adopted by major authorised institutions (AIs) for managing climate risks (7 July Circular). These form part of a series of initiatives by the HKMA that are intended to help shape a greener and more climate-resilient banking system. Continue reading
Having initially delayed its planned consultation exercise to allow the financial services sector to focus on responding to Covid-19, the International Organization of Securities Commissions (IOSCO) subsequently found the pandemic a catalyst to proceed. Therefore, at the end of May, IOSCO launched its consultation on proposed updates to the 2005 Outsourcing Principles for Market Intermediaries and the 2009 Outsourcing Principles for Markets; feedback on the proposed new Outsourcing Principles (OPs) is requested on or before 1 October 2020. The decision to proceed reflects the acknowledgement that outsourcing is a key element for consideration when assessing operational resilience across the sector.
This post gives a high level summary of the consultation, with a link to our briefing that focuses in more detail on: the scope of application; IOSCO’s definition of outsourcing; intragroup arrangements; concentration risk; and access and audit rights. To provide additional context to IOSCO’s proposals, the associated briefing also catalogues relevant proposals and initiatives which are running concurrent to the consultation exercise.
On 20 January 2020, the Constitutional and Mainland Affairs Bureau (CMAB) together with the Privacy Commissioner for Personal Data (Privacy Commissioner), published a consultation paper raising important data protection issues and proposing possible amendments to the Personal Data (Privacy) Ordinance (Cap. 486) (PDPO), after having reviewed the existing data protection regime in Hong Kong. These include possibly introducing a mandatory data breach notification mechanism, requiring data users to specify a retention period for personal data collected, raising the sanctioning powers of the Privacy Commissioner as well as potentially making data processors more accountable.
The Hong Kong Monetary Authority (HKMA)’s executive director for banking conduct, Mr Alan Au, recently delivered a speech on bank culture at the 1LoD Summit in Hong Kong.
To briefly recap:
- In March 2017, the HKMA launched its bank culture reform with a view to fostering the right culture and values in banks, focusing on three pillars – (1) governance, (2) incentive systems and (3) assessment and feedback mechanisms.
- Following that, the HKMA announced three supervisory measures for bank culture in December 2018 – (1) self-assessment by banks, (2) focus reviews and (3) culture dialogues – with a view to gauging the progress of bank culture reform in Hong Kong (see our bulletin of December 2018 for further details).
- The first phase of the self-assessment exercise was launched in early 2019, requiring 30 authorised institutions (AIs) (including major retail banks in Hong Kong and selected foreign bank branches with substantive operations in Hong Kong) to submit their self-assessment outcomes within six months.
Although the HKMA is still in the process of reviewing the self-assessments submitted by the 30 AIs, Mr Au took the opportunity of the 1LoD Summit to provide the HKMA’s initial observations on how the AIs have approached culture reform, and highlight some good practices and common issues of concern observed.
AIs (whether or not they are among the 30 AIs who have submitted their self-assessments) should take note of the observations and guidance provided by Mr Au and enhance their culture initiatives as appropriate.
Going forward, the HKMA plans to further progress its culture supervisory measures, including:
- sharing more observations from its review of AIs’ self-assessments;
- commencing focused reviews to dive deeply into certain key areas of banking culture, such as incentive systems of front offices in specific business streams of retail banks;
- continuing its culture dialogues with Als, which it commenced in 2019 (during which it had in-depth discussions with the leadership at a few AIs’ on the effectiveness of their culture enhancement efforts and provided its supervisory feedback on conduct and culture).
Common emerging themes from initial review of self-assessments
Mr Au noted that it is encouraging to see that AIs generally agree with the need to foster sound culture, and have been implementing a range of culture enhancement initiatives.
The HKMA has identified some common themes from the self-assessments which it expects AIs to take note of:
- There is limited information on how global or regional headquarters are taking into account local circumstances or are providing support to local offices in implementing culture enhancement initiatives, whether the Hong Kong office is the regional headquarters or the downstream entity.
- There is limited information on incentive systems designed to promote sound culture and prevent incidents of misconduct.
- Most AIs have only shared case facts with employees when discussing misconduct cases overseas or in other banks, without going deeper to understand the underlying root causes of those incidents in order to prevent the same from happening within the organisation.
- Most AIs have incorporated backward-looking but not forward-looking indicators in their dashboards for assessing culture.
- A few AIs only relied on a single source of data (such as results of employee surveys) to assess culture (it is preferable to combine quantitative and qualitative data from multiple sources to allow for the different culture indicators to be triangulated).
Further details of HKMA’s observations and examples of good practices
Pillar 1: Governance
The HKMA is pleased to see that all 30 AIs invited to the self-assessment exercise have a framework for board supervision of culture. All locally incorporated banks have a board-level committee chaired by an independent non-executive director to oversee culture-related matters, and overseas incorporated banks have board-level oversight at either a global or regional level on such matters.
It is important that AIs’ leadership cascades the “tone from the top” through effective and continual communication and training. Mr Au gave examples of the ways in which two of the AIs communicated their culture expectations in a language that can be easily understood by staff:
- A series of videos covering conduct-related themes were broadcasted to all staff at an AI that creatively intermingled fung shui elements. The videos had a different conduct-related focus every month, and featured a local fung shui master or celebrity together with a member of the AI’s senior management team.
- An AI tailor-made summary sheets of its culture and behavioural standards for various business functions. These were designed in a way that made culture issues resonate with the day-to-day work at each of the business functions.
Pillar 2: Incentive systems
The HKMA encourages AIs to provide incentives (both monetary and non-monetary) for desired behaviour as well as disincentives for undesirable behaviour.
Mr Au gave examples of the systems two AIs used:
- An AI established an online platform that provided peer recognition systems for employees to recognise each other for positive behaviours under a set of criteria, such as “speaking up” and “doing the right thing”, and gave out monetary rewards to employees who have accumulated a certain number of recognition points.
- An AI put in place a “red flag” mechanism as a core part of its consequence management framework, setting out various types of breaches and their corresponding “red flag scores” for the purposes of tracking employees’ undesirable behaviours. When an employee exceeded a pre-specified threshold for the “red flag score”, his or her performance rating and compensation may be adjusted downwards.
Pillar 3: Assessment and feedback mechanisms
Many AIs have just set up their culture dashboards and are still at an early stage in determining the right indicators. One AI was noted to have developed a dashboard which incorporated multiple data sources, including feedback from their employee survey (in which the employees would rate perceptions of themselves as well as other colleagues) and other quantitative data which allowed for the different data sources to be triangulated.
While all AIs involved in the self-assessment had certain whistleblowing mechanisms in place, it is important that they also provide adequate protection to employees who speak up.
- One of the AIs operated a 24/7 dedicated hotline with live operators who can connect to translators in multiple languages to make it convenient and comfortable for staff to raise concerns or report promptly, both during and outside office hours.
- Another AI expressly set out in its policy that retaliation against whistle-blowers may give rise to disciplinary action that could entail termination of employment.
On 7 January 2020, the Securities and Futures Commission (SFC) issued two circulars to clarify aspects of the licensing obligations applicable to private equity (PE) firms and family offices which conduct business in Hong Kong.
The circulars have been issued in response to enquiries from industry participants and their professional advisers.
An overview of the key aspects covered by the circulars is set out below. New entrant PE firms and family offices should take note of the circulars when determining whether an application for a licence should be made to the SFC. Existing PE firms and family offices should also review the circulars to ensure that they comply with the relevant licensing requirements.
As 2019 draws to a close, the Monetary Authority of Singapore (MAS) has been busy putting the finishing touches on its new regulatory framework for payment services. The Payment Services Act 2019 (PS Act) will commence on 28 January 2020, changing the payment services landscape in Singapore.
In particular, payment service providers will only need one licence to conduct specified payment services, and MAS’ regulatory ambit will be extended to also cover digital payment token (DPT) services (“dealing in DPT”, i.e. buying or selling DPT such as Bitcoin, and/or “facilitating the exchange of DPT”, i.e. establishing or operating a DPT exchange) and merchant acquisition services.
Our latest update on the new payment services regulatory framework is set out below.
Welcome to the December 2019 edition of our corporate crime update – our round up of developments in relation to corruption, money laundering, fraud, sanctions and related matters.