protecting the interests of clients and their assets and ensuring proper management of risk, through which management of the intermediary accepts primary responsibility for these matters.
Description Management and supervision
SFC’s Code of Conduct, ICG and other guidance provide a detailed framework for systems of internal controls and risk management for LCs supervised by the SFC and RIs supervised by the HKMA.
management and organisational structure which ensures that the operations of the business are conducted in a sound, efficient and effective manner be established, documented and maintained. These provisions require:
a. management to take full responsibility for the firm’s operations including the development, implementation and on-going effectiveness of the firm’s internal controls and compliance with them by its directors and employees;
b. regular and effective communication so that management is fully aware of the firm’s operations, financial position, risks and compliance with regulatory requirements ; c. reporting lines to be clearly identified with supervisory and reporting responsibilities
assigned to appropriate staff member(s);
d. detailed policies and procedures established relating to authorizations and approvals, including that the authority of key positions are clearly defined and communicated to and followed by staff.
e. management to ensure that management and supervisory functions are performed by qualified and experienced individuals.
In the context of the ICG “management” is used as a generic collective term that may include a firm and its board of directors, chief executive officer, managing director and/or other senior operating management personnel. Therefore according to the ICG, while the management structure and personnel to whom the internal audit and compliance functions (described below) should report vary from firm to firm depending on the firm’s particular structure, business operation and needs, the reporting line should be in such a way as to ensure independence, objectiveness and effectiveness of the internal audit and compliance function. Internal controls
The Code of Conduct requires an intermediary to have internal control procedures and financial and operational capabilities that can be reasonably expected to protect its
operations, its clients and other licensed or registered persons from financial loss arising from theft, fraud, and other dishonest acts, professional misconduct or omissions (Paragraph 4.3). It requires senior management to properly manage the risks associated with the business of the intermediary, including by performing periodic evaluation of risk management processes (Paragraph 14.1).
The ICG prescribes detailed control guidelines for: a. management and supervision (Part I); b. segregation of duties and functions (Part II); c. personnel and training (Part III);
d. information management (Part IV); e. compliance (Part V);
f. audit (Part VI);
g. operational controls (Part VII); and h. risk management (Part VIII). Management information
Part IV of the ICG requires an intermediary to establish policies and procedures to ensure the integrity, security, availability, reliability and thoroughness of all information, including
documentation and electronically stored data, relevant to the firm’s business operations. It specifies in some detail the content of these policies and procedures.
Evaluation of internal controls and risk management
Part VI of the ICG requires an audit policy and related review function to be established and maintained which objectively examines, evaluates and reports on the adequacy, effectiveness and efficiency of the firm’s management, operations and internal controls. Where practicable, management should establish an independent and objective internal audit function which is free of operating responsibilities. This function should have a direct line of communication to management or audit committee as applicable.
Paragraph 22 of the Appendix to the ICG on risk management requires that a firm’s risk policies and measurements and reporting methodologies be subject to regular review, particularly prior to the commencement of the firm’s provision of new services or products, or when there are significant changes to the products, services, or relevant legislation, rules or regulations that might impact the firm’s risk exposure.
Organizational requirements Compliance function
Part V of the ICG requires policies and procedures to be established and maintained to ensure the firm’s compliance with all applicable legal and regulatory requirements as well as with the firm’s own internal policies and procedures. It requires management to establish and maintain an appropriate and effective compliance function within the firm which, subject to constraint of size, is independent of all operational and business functions, and which reports directly to management. It provides detailed requirements for the function, including that compliance staff promptly report to management all occurrences of material non-compliance by the firm or its staff with legal and regulatory requirements, as well as the firm’s own policies and procedures.
Systems of client protection, risk management and internal and operational controls Paragraph VII of the ICG requires an intermediary to establish, maintain and comply with effective policies and operational procedures and controls in relation to the firm’s day-to-day business operations. The effectiveness of these is to be evaluated in the light of whether they serve to ensure, among other things, the integrity of the firm’s dealing practices, including the treatment of all clients in a fair, honest and professional manner.
Paragraph 4.3 of the Code of Conduct requires intermediaries to have internal control procedures and financial and operational capabilities which can be reasonably expected to protect its operations, its clients and other licensed or registered persons from financial loss arising from theft, fraud, and other dishonest acts, professional misconduct or omissions. Segregation of duties
be appropriately segregated, particularly those duties and functions which when performed by the same individual may result in undetected errors or may be susceptible to abuses which may expose the firm or its clients to inappropriate risks.
Senior management responsibility
General Principle 9 and paragraph 14.1 of the Code of Conduct require senior management of an intermediary:
a. to take primary responsibility for ensuring the maintenance of appropriate standards of conduct and adherence to proper procedures by the firm; and
b. to understand the nature of the business of the intermediary, its internal control procedures and its policies on the assumption of risk. They should clearly understand the extent of their own authority and responsibilities.
Direct Electronic Access
The Appendix to the ICG contains a number of provisions that, although of general
application to intermediaries, apply especially to an intermediary providing Direct Electronic Access. These include:
a. a requirement that firms establish and maintain an effective credit rating system to evaluate client and counterparty creditworthiness (paragraph 23); and
b. a requirement, prior to executing a client order, that a detailed check is made by designated staff on information relating to the client, including on account limits;, the sufficiency of available funds or available credit in the relevant account; the availability of securities to meet settlement obligations; and the authority and applicable
limitations of the person placing the order (paragraph 7(b)).
A licensed person engaged in leveraged foreign exchange trading is required by the Code of Conduct to set limits on the size of the positions which each client may establish in the light of the financial position, investment objectives, and strategy of the client (paragraph 50 of Schedule 6 to the Code of Conduct).
The SFC has recently consulted on proposed amendments to the Code of Conduct relating to electronic trading. With respect to supervisory controls for direct market access services, it was concluded that in providing direct market access services, an intermediary must ensure that all client orders are transmitted to the infrastructure used by the intermediary and are subject to appropriate automated pre-trade risk management controls reasonably designed to prevent the entry of any orders that would result in exceeding appropriate trading and credit
thresholds prescribed for each client or proprietary account. This requirement will come into effect on 1 January 2014.
Protection of clients
The Code of Conduct has a range of provisions dealing with the way clients of intermediaries are to be treated. These include:
a. accurate representations to clients (paragraph 2.1 of the Code of Conduct); b. prompt execution of client orders (paragraph 3.1);
d. prompt and fair allocation of trades to client accounts (paragraph 3.3);
e. advice provided to clients should be done diligently and carefully, and suitable for the client in all the circumstances (paragraphs 3.4 and 5.2);
f. various information to be provided to clients to ensure fair dealing including risk disclosure statements, timely and accurate reporting such as prompt confirmation of executed trades, etc (See paragraphs 6.2 and 8.1 to 8.5);
g. priority for client orders in respect to order handling, recording and allocation (paragraphs 9.1 and 9.2);
h. conflicts of interest disclosure and fair treatment (paragraph 10.1);
i. acting honestly, fairly and with due skill, care and diligence when conducting business activities, in the best interests of clients and the integrity of the market (paragraphs 2.1 to 2.4 and 3.1 to 3.10).
Client funds and assets
All intermediaries are required to ensure that client assets and positions are promptly and properly accounted for and adequately safeguarded (see General Principle 8 and paragraph 11.1 of the Code of Conduct). Appropriate and effective procedures must be established and followed when handling movements of the intermediary’s and clients’ assets to protect the intermediary’s and its clients’ assets from theft, fraud and other acts of misappropriation (paragraph 9 in Part VII and paragraph 13 of Appendix to ICG).
The Client Securities Rules require segregation of client securities received or held in Hong Kong from the intermediaries' own assets. The Client Money Rules require segregation of client money received or held in Hong Kong from the LCs' money.
Client securities must be registered in the name of the client or deposited in safe custody in a segregated account with an AI, another institution approved by the SFC (presently the HKSCC), or another intermediary licensed for dealing in securities (section 5 of the Client Securities Rules).
For client monies, a LC must establish and maintain with an AI one or more segregated accounts designated as a trust account or client account into which it shall pay:
a. all amounts that are received from or on behalf of its clients (less brokerage and other proper charges and other amounts as specified in section 4(3) of the Client Money Rules) in Hong Kong within one business day after receipt of the amounts; and b. all interest derived from the retention of client money in a segregated account. (See sections 4 and 6 of the Client Money Rules).
The segregation of client funds required under these provisions for both securities and futures dealings does not require that each client's funds be held separately in an individual
segregated account (such as an individual trust account). Segregated client funds can be held in an omnibus client account, while the ledgers of the intermediary would have the
information at an individual client level.
Section 148(3) of the SFO further provides that client securities and collateral held by an intermediary are not liable to be taken in execution against the intermediary or its associated entity under the order or process of a court. Similarly, section 149(3) of the SFO provides that
client money of a LC is not liable to be taken in execution against the LC or its associated entity under the order or process of a court.
Under section 12 of Client Securities Rules and section 11 of Client Money Rules, an LC is required to notify the SFC in writing within one business day upon becoming aware that it does not comply with specified provisions in the Client Securities Rules and/or Client Money Rules.
Investor complaints
Paragraph 12.3 of the Code of Conduct requires an intermediary to ensure that: a. complaints from clients relating to its business are handled in a timely and
appropriate manner;
b. steps are taken to investigate and respond promptly to the complaints;
c. where a complaint is not remedied promptly, the client is advised of any further steps which may be available to the client under the regulatory system including the right to refer a dispute to the FDRC; and
d. where a complaint has been received, the subject matter of the complaint is properly reviewed. If the subject matter of the complaint relates to other clients, or raises issues of broader concern, an intermediary should take steps to investigate and remedy such issues, notwithstanding that the other clients may not have filed complaints with the intermediary and/or the FDRC.
The FDRC administers an independent and impartial Financial Dispute Resolution Scheme (FDRS). The Scheme assists individual customers and financial institutions to resolve monetary disputes with a maximum claimable amount of HK$500,000 by way of “mediation first, arbitration next”. The FDRC is funded by the Hong Kong Government, SFC and HKMA for its set-up costs and operating costs in the first three years (from 2012 to 2014), and will be funded by the financial industry and to a lesser extent by the claimants from the fourth year (i.e. 2015) onwards. It has representatives from SFC, HKMA, FSTB and the banking and securities industries on its board. All financial institutions authorized by the HKMA and /or licensed by the SFC, except those which provide credit rating services only, are members of FDRS.
Client information, know your client and suitability rules Client identity
An intermediary is required to take all reasonable steps to establish the true and full identity of each of its clients, and of each client’s financial situation, investment experience, and investment objectives (paragraph 5.1 of the Code of Conduct). The ICG requires an
intermediary to establish and maintain processes to obtain and confirm information regarding every client in relation to establishing the true identity of the client; the beneficial owner(s) and person(s) authorized to give instructions; and the client’s financial position, and
investment experience and objectives prior to the establishment of an account (paragraph 1 under Part VII of the ICG).
detailed customer due diligence measures the SFC expects from licensed persons for identification of customers as part of their anti-money laundering program.
Know your customer
General Principle 4, paragraphs 5.1 and 5.2 of the Code of Conduct require an intermediary to establish each client’s financial situation, investment experience, and investment objectives in order to provide suitable recommendations or solicitations for that client in all the
circumstances.
Part VII of the ICG requires an intermediary to establish the client’s financial position, investment experience and investment objectives prior to the establishment of an account, and to adopt measures and procedures to ensure that investment recommendations or advice are based on thorough analysis, taking into account available alternatives and that such recommendations and advice are appropriate for the relevant client. The intermediary is obliged to document and retain the reasons for the recommendations and advice given. The SFC has published a Q&A on suitability obligations. This clarifies the requirements in paragraph 5.2 of the Code of Conduct and states that investment advisers should collect from each client information that includes their investment knowledge, investment horizon, risk tolerance (including risk of loss of capital) and capacity to make regular contributions and meet extra collateral requirements, where appropriate. Each client’s information should be fully documented and where appropriate, updated on a continuous basis.
Records
Section 3 of the KRR requires an intermediary to keep such accounting, trading and other records as are sufficient to, among other things:
a. account for all clients assets that it receives or holds;
b. enable all movements of such client assets to be traced through its accounting and stock holding systems; and
c. records that show particulars of all orders or instructions concerning securities, futures contracts or leveraged foreign exchange contracts that it receives or initiates,
including particulars of each transaction to implement any such order or instruction, identifying with whom or for whose account it has entered into such transaction. Section 10 of the KRR requires such records to be kept for a period of not less than 7 years except for order and instruction records which are to be kept for not less than 2 years. Disclosure to clients
Intermediaries are obliged to made adequate disclosure of relevant material information in their dealings with their clients (General Principle 5 of the Code of Conduct). Where complex products are involved, intermediaries must provide risk disclosure information in addition to the minimum content requirements set out in the Code of Conduct.
Where an intermediary distributes an investment product to a client, it must deliver the following information to the client prior to or at the point of sale:
a. the capacity (principal or agent) in which an intermediary is acting; b. affiliation of the intermediary with the product issuer;
c. disclosure of monetary and non-monetary benefits; and
d. the generic terms and conditions under which client may receive a discount of fees and charges from an intermediary. (See 8.3A of the Code of Conduct.)
The Q&A on suitability obligations provides additional guidance on assisting clients to make informed investment decisions. It includes requirements that an adviser give clients: relevant product disclosure documents; proper explanations of why recommended investment products are suitable for them; and the nature and extent of risks the investment products bear. Investment advisers must always present balanced views and use simple and plain language.
Paragraph 6.2 of the Code of Conduct provides that, when opening an account for conducting certain types of transactions or dealing for the first time in those transactions, intermediaries must provide the relevant risk disclosure statements to the client. Risk disclosure statements that comply with Schedule 1 of the Code of Conduct should be given to clients in respect of the following products and services:
a. Securities trading;
b. Trading futures and options; c. Trading GEM stocks;
d. Providing an authority to lend or deposit clients’ securities with third parties; e. Providing an authority to hold mail or to direct mail to third parties;
f. Margin trading; and
g. Trading NASDAQ-AMEX securities on SEHK Reports to clients
An intermediary must provide a monthly statement of account to clients who have money, securities, collateral or open positions with the intermediary, or who have been provided with a contract note during the relevant month (section 11 of the Contract Note Rules). The intermediary must also provide a statement if a client requests it (section 12).
Customer access to terms and conditions of services
All intermediaries must enter into a written agreement with each client before services are provided (paragraph 6.1 of Code of Conduct). The minimum required content of the client agreement is detailed in paragraph 6.2 of the Code of Conduct. The client agreement should not operate to remove, exclude or restrict any rights of a client or obligations of the
intermediary under the law, and should properly reflect the services to be provided. (paragraphs 6.3 and 6.4 of the Code of Conduct).
Information about remuneration
The client agreement must contain a description of any remuneration (and the basis for payment) that is to be paid by the client to the intermediary, such as commission, brokerage, and any other fees and charges (paragraph 6.2 of the Code of Conduct).
Paragraph 8.3 of the Code of Conduct further details the requirement for an intermediary to make pre-sale disclosure of both monetary and non-monetary benefits that are receivable by it under specified circumstances.
Conflicts of interests Conflicts of interest
The general requirements for dealing with conflicts of interest are set out in General Principle 6 and paragraph 10.1 of the Code of Conduct. They require an intermediary to try to avoid