However, after a few years some banks have not yet fully equipped themselves to cope with this regulatory burden. They may have employed unqualified compliance officers (internally transferred from other functions) or under-trained HR staff to handle the registration matters. Either of them are not knowledgable about the fit & proper requirements and then they have made a lot of mistaken judgments.
Following the unlicensed dealing incidents in Wing Lung and DBS, last week HKMA issued a circular to highlight some internal control measures about fit & proper assessment. I have the following observations or comments:
Regular internal audit of the controls is required.
- This seems to cast a vote of distrust to the compliance function.
A suitably qualified designated unit is assigned to perform the assessment before registration. The assessment is approved by an independent reviewer at a reasonable level of seniority.
- The assessment should first be done in the recruitment process. That's why in some banks HR is responsible for this task.
- I had witnessed those independent reviewers (at a manager level) who were still ignorant and negligent in discharging their duties.
Banks should establish due diligence steps to verify the individuals' relevant industry experience with previous employers to the extent practicable instead of solely relying on their CV or self-declaration.
- But some banks (as previous employers) are not quite cooperative in providing the information for verification of relevant industry experience.
Banks should de-register the staff who have failed to pass the local regularoy framework paper upon expiry of the six-month grace period.
- Some staff registered by using the grace period concession would "forget" about the exam if they are not regularly reminded.
Banks should seek the potential employees' specific confirmation on whether his employment has ever been terminated by any previous employer.
- An individual who is being investigated by SFC when working in a licensed corporation may be fired and then get a job in a bank.
Registration of bank staff based on the internal assessment could shorten the processing time, but the banks is facing a higher risk of mis-registration. This is a two-edge sword.
I believe the fit and proper assessment be best done at the recruitment stage by HR. Yet, almost all HR people say that they do not know the rules, they do not know the requirements of SFC or MA, they do not.... simply to avoid the responsibility. I confronted one HR personnel (in a friendly way) that if she worked in the HR of Hospital Authority, she would have the knowledge of what MRCP, FRCS etc were and what type of specialist they needed eg a brain surgeon or a brain physican? what type of specialist they needed?
ReplyDeleteWithout this specialised HR knowledge and experience, how can HR recruit suitable staff to make money for the company?
HR people just like others, see compliance issues are property of the CO and refuse to take up the responsiblity to make the company compliant but using every excuse to say it is the CO's job.
At the end of the day, it is the Compliance Dept to take up the responsiblity to do the assessment and/or to approve.
ReplyDeleteThe MA is used to saying that something is to be done by for instance "an independent unit" or "an suitable unit"... without indicating their real intention.
The Compliance Department will be audited on how well it discharges its duties regarding registration.
This reconciles what I put previously, MA sees Compliance Dept an independent operational unit (taking up audit work as well: MA names this "on-going monitoring"). The compliance dept will then be audited by the IA.
I have put previously that this creat a conflict: the auditor will simply classify everything as compliance issue and then comment on how well the CO to make the company in compliant.
Instead of confronting the powerful business units, it is more easy to bully the more civilized CO people.