Receiving Bank

HKMA recently released a new SPM titled "New Share Subscription and Share Margin Financing", which consolidates all of its previous guidelines on IPO and SMF. This blog summarizes certain important issues relating to receiving banks.

Major Risks of IPO to Receiving Banks:

• Reputation risk - A poorly managed IPO may lead to disruption of the receiving bank's normal business and operations.
• Operational risk - Breach of T&C of the Receiving Bank Agreement or any operational error may be liable to fines, claims or damages.
• Credit risk - Owing to the role in recycling application monies, the receiving bank incurs credit risk to other counterparties (mainly other banks) and even liquidity risk from their defaults.

Handling of IPO Applications by Receiving Banks:

• A receiving bank should arrange suitably trained staff to answer enquiries about an IPO. Enquiries relating to dealing in and advising on securities must only be answered by "relevant individuals" registered with HKMA.
• No unsolicited calls should be made to invite non-existing clients to subscribe for an IPO.
• White application forms that are pre-stamped with the company chop of any stockbroker should not be distributed.
• Sufficient white forms and prospectuses should be made available for distribution.
• If a bank is to act as a receiving bank for more than one IPO at the same time, measures should be taken to minimize operational errors.
• A receiving bank is usually required to hold the application monies in a New Issue Account on trust for the applicants through its nominee company, and transfer the refund monies to a Refund Account after share allotment.
• Security measures should be taken to provent misappropriation of IPO refund cheques, including partial disclosure of ID / passport no. on the refund cheques and verification of such no. before encashment of those cheques.
• Electronic refund is only available to eIPO applications.

The banking and securities industries of HK have experienced so many hot IPO exercises in the past decade. This SPM is definitely a good summary of those lessons.

Financial Crime

Fighting against financial crime is one of the key agenda of financial regulatory bodies. SFC has also mentioned this objective in the SFO. But how many resources have they put on financial crime issues? What is the effectiveness? Investigation into financial crime requires the intelligence expertise, where regulators with only accounting or legal background may not be competent enough to discharge this duty.

Recently John Tiner, UK FSA's Chief Executive, spoke in a conference that FSA will set up a new Financial Crime and Intelligence Division. This creates a recognised centre of excellence to bring together intelligence expertise needed to meet the increased challenges ahead and maintain the integrity of UK's Financial Sector.

The major types of financial crime prevailing in the financial markets include:

• Fraud
• Market abuse
• Money laundering & terrorist financing

Fraudsters are mainly identity theives playing the hi-tech games such as fake websites, phishing emails, etc. The tricks are not only limited to stealing money but also misappropriating the client accounts for market abuse. For money laundering, the criminals will also "cross over" different financial sectors (e.g. both banking and securities industries).

In HK, financial crimes are handled in a fragmented approach. There is not a single body coordinating the efforts of different enforcement units. The HK government may consider the idea of setting up a body like the Financial Crime and Intelligence Division.

Fund Interactive Data Taxonomy

Investment Company Institute (ICI), the national association of the US investment company industry, recently released for public review the draft taxonomy that it has developed for "tagging" the data by using eXtensible Business Reporting Language (XBRL) in the risk/return summary that is at the front of every mutual fund prospectus.

This effort was undertaken with the strong encouragement of the SEC's Chairman, who has emphasized the potential of the internet and interactive technology as a means to better inform and educate investors.

ICI has developed an XBRL taxonomy that can be used to "tag" data in the risk/return summary that is included in the front of every mutual fund prospectus. The risk/return summary contains information that is important to an investment decision, including investment objectives and strategies, costs, risks, and historical performance information.

As indicated by ICI's research, fund buyers look primarily for information included in the risk/return summary before making a mutual fund purchase. XBRL tagging holds the potential to make risk/return summary data interactive by enabling investors or their advisers to easily search for, retrieve, and compare information on hundreds of mutual funds across multiple fund complexes.

In HK, there are also many funds available from a bank / adviser. The combined use of internet and XBRL tagging would make fund comparison and selection easier. SFC has set up in recent years the XBRL Preparatory Working Group. Has it included the fund interactive data taxonomy as one of its agenda?

2007 Top 10 Resolutions on Compliance and Security

Time flies. This post is already the 100th one of this blog. Today I would like to share a free report "2007 Top Ten Resolutions on Compliance and Security for Banks and Financial Institutions" issued by a security service provider SecureTrust Corporation. Please treat it as a reminder of (at least some) key issues to address in 2007!

Resolution #1 – I will increase employee training.

• Establishment of compliance policies and regulations will not have any beneficial effect if they are not adhered to by the employees. Many institutions fail to sufficiently address closing the loop on employee training. Outlining various venues and events to reinforce employee education of compliance at the start of the year can have a big impact year round.

Resolution #2 – I will improve employee passwords.

• With the strict requirements that many IT departments place on the creation and maintenance of passwords (must be at least 8 characters, both letters and numbers, mixing in uppercases) as well as the frequency of changing them, some employees still go to old-fashioned lengths of writing down passwords on sticky pads or notes. Encourage employees to use simple strategies to create inherently strong passwords, e.g. taking the last four digits of home phone number (4386) and alternate between spelling it out and numbers (four3EIGHT6) to create a password.

Resolution #3 – I will appoint a security officer.

• If your financial firm or bank does not have a security officer, immediately begin the search for one, either internally or externally. If your firm already has a security officer, make sure that all employees know the name and contact information for him or her and let them know that they should inform this person of ANY and ALL security concerns.

Resolution #4 – I will increase oversight of service providers.

• Make sure your contracts with various service providers include customer safeguard provisions and that they have appropriate safeguards in place. Most financial firms have taken a lackadaisical approach to this and bank examiners are thus stricter than ever.

Resolution #5 – I will conduct internal and external vulnerability assessments.

• Hire a reputable third party institution to come in, conduct the assessments and make recommendations on both logical and physical security safeguards. Take the recommendations and develop a comprehensive plan to implement the recommendations in a planned process rather than simply working on short-term fixes and patches.

Resolution #6 – I will implement intrusion detection and prevention systems.

• An intrusion detection and prevention system may have been only recommended in the past, but the Federal Financial Institutions Examination Council (FFIEC) examiners now require them. Simply having a firewall is no longer considered sufficient. Although banks will need this implemented in 2007, many are daunted by the increased complexity that comes with intrusion detection and prevention systems which require constant care and maintenance, downloading signatures daily, updates, watching alerts and monitoring false positives. The result is that many banks choose to outsource this function because of the added time and security training required.

Resolution #7 – I will carefully select new and review existing security service providers.

• When choosing a third party security service provider for your firm, carefully check their credentials. Look for service providers that specifically cater to the financial industry as they will have greater understanding about the unique compliance issues that you deal with on a daily basis.

Resolution #8 – I will review my data security insurance coverage.

• Many insurance policies do not provide coverage for data security issues. Getting this type of coverage added to your policy can be costly. Alternatively, some service providers can have you added as an additional insurer on their policy which would provide you coverage in the event that the measures that they provide are found to be faulty and would eliminate the need to bring legal action against them separately should the need arise.

Resolution #9 – I will install an active network monitoring device.

• Active network monitoring system probes your devices and systems ports at all times. In the event that something on your network changes, you can be notified and have a means to investigate long before normal means would detect that there was a potential problem.

Resolution #10 – I will review my current practices for conflicts of interest.

• A conflict of interest can arise in several different ways. One example would be a bank that is doing its own internal security scanning as well as the remediation of potential problems. Another example would be if the same security service provider that conducts the vulnerability assessment who also does the field service and support. Ideally you would want two separate parties to assess and resolve. If your firm has the resources available internally, implement the fixes yourself and use an external service provider to test and retest. If not, make sure you select a different service provider to remediate the issues found by a competent security assessor.

SFC Stakeholder Survey

Last week SFC issued the Stakeholder Survey 2006, which was a typical PR activity to identify the public perceptions of SFC. Those stakeholders include licensed firms, banks, insurers, listed companies, HKEx, accounting & law firms, HKMA, financial medias, etc.

The overall result according to the market research is of course positive, though the overall effectiveness score of SFC is only 6.7 (on a 0 to 10 scale). I am more interested in those areas with "room for improvement".

The following negative perceptions are remarkable:

High Turnover of Middle & Junior Level Staff

• As licensed firms are mainly dealing with SFC's middle & junior level staff, high turnover could significantly affect the continuity of service. I know SFC's top management often argue that their staff are just hunted by the market with a higher pay. Have they ever considered the problem of "job satisfaction" and "humanistic management"?

Clarity of Rules, Speed of Response and Consistency of Decisions

• While SFC's speed of response has improved in recent years, clarity of rules remains a major problem. Whenever we ask SFC staff to clarify their policies, "please seek your own legal advice" is the default reply. Without clarity, how could market practitioners have a consistent understanding of SFC's policies and decisions?

Unnecessary Documentation

• SFC should find additional ways to reduce the red tape. Electronic submission of applications and notifications to SFC should be more widely accepted.

In the part of quatitative survey (done by telephone interviews), I noted that only 10% of interviewees are compliance officers. This percentage sounds too low given that compliance officers have more front-line and frequent contacts with SFC. They should be able to reveal "more truth"!

Stock Segregated Account with Statement Service

Given the unpopularity of Investor Participant (IP) Account, HKEx has instead enhanced the Stock Segregagted Account (SSA) with Statement Service. I think this is a right direction. Investors may not want handle stock settlement directly, but at least they know the stock movement in their accounts on a timely basis.

Under the enhanced service, brokers & custodians can open and maintain an SSA for their clients online through CCASS terminals, where the user ID and password are generated. Afterwards investors can check share movements and the balance in the account electronically through the CCASS Phone System and CCASS Internet System. They may also request CCASS to alert them via SMS or email when there is share movement in the SSA.

Further service enhancement in the following areas will be introduced in the middle of 2007:

• Investors will enjoy an electronic voting service through the CCASS Phone System and CCASS Internet System.
• Investors will be able to demand affirmation of share movements initiated by their brokers or custodians.
• Investors will be able to use the CCASS money settlement service.
• HKEx will increase the maximum no. of SSAs it allows each broker or custodian to maintain.

With more advanced technology, stock investing would further become a self-service.

Shareholder Activism

Shareholder activism is an important way to address the principal-agency problems of listed companies. Unfortunately, minority shareholders (most of them are retail investors) are not so "active" in questioning the corporate governance matters. They would rather sell their shares upon disappointment with the company performance.

As institutional investors, fund managers are more qualified to vote for/against listed companies' major decisions. However, many of them are still inactive. The primary reason is that they don't want to jeopardize existing or potential client relationships with those listed companies (which may become their institutional clients). The situation is even worse if the fund managers are part of a financial group with investment banking business.

So how can fund investors resume control over listed companies which they benefically own via their funds? I've recently read an article published in CFA Institute's journal, which mentions an interesting idea: proxy exchange. That means, fund investors are assigned by their fund managers to vote the listed shares held by the funds. If the fund investors don't want to vote, they can transfer their voting rights to others via a website operating as an online proxy exchange.

Under this system, those "stock market heros" (like David Webb) can launch a campaign to collect the proxy rights from dissented shareholders to vote against a listed company.

The idea of proxy exchange sounds fantastic but I doubt of the feasibility. People buying funds typically do not want to bother about individual stocks. Would they have any interest to participate in the proxy exchange activities?

Insider Dealing

Though SFO has been implemented since Apr 2003, those insider dealing cases happened before that date were still heard by the Insider Dealing Tribunal (IDT) under the old regime. Yesterday IDT announced the conclusion of inquiry into suspected insider dealings of Tingyi (322) listed on SEHK.

According to IDT's report, in 1998 & 1999 Tingyi recorded net losses but in 3 Aug 2000 it announced a net profit for the first half of that year. On 11 Jul 2000, Tingyi's Investment Relations Manager Debbie Ho met with Jim Lam, a research analysts of Deutsche Bank, in a company visit. During the meeting Debbie Ho provided Jim Lam the following information:

• Total sales growth for Tingyi products for the first 5 months of 2000
• Profit margins for some of Tingyi’s more important products
• The year on year decline in operating costs (which may have been a “target” rather than an actual figure)
• Cash on hand and debts at the end of the first half of 2000
• Information concerning the restructuring of Tingyi’s distribution system
• Information concerning increasing consumer demand on the Mainland
• Information that Tingyi’s major competitor had ceased a price war in the mainland market

After the meeting Jim Lam contacted Anna Ho (a fund manager of Royal Skandia) and told her the information received from Debbie Ho. Subsequently Jim Lam published research reports to recommend Tingyi as a "Buy", and Anna Ho purchased Tingyi's shares for her funds, both before the interim result announcement. After the announcement on 3 Aug 2000, Tingyi's share price and turnover soared.

The regulatory concern of this case was whether Debbie Ho, Jim Lam and Anna Ho had engaged in insider dealing (including "tipping off"). A bit surprisingly, IDT concluded by unanimous decision that the information provided to Jim Lam and Anna Ho by Debbie Ho was not "relevant information", thus there was no insider dealing in Tingyi's shares.

But unfortunately the report did not explain IDT's viewpoints for reference by market practitioners (esp. research analysts & fund managers).

Short Selling

Under SFO, "uncovered" short selling of SEHK listed securities is illegal, which means that at the time of sale the seller does not have a "presently exercisable and unconditional right to vest the securities in the purchaser", or does not have a "reasonable belief" of having such right. Typically a short seller can cover its short sale by arranging stock borrowing in advance or holding a physically settled derivative of the underlying stock.

While it is an intermediary's duty to check if its clients have adequate securities to sell, error trades resulting in short positions do occur from time to time. Though SFC has stated its policy for not penalizing genuine mistakes, in certain cases SFC disciplined some brokers who failed to prevent short sales arising from operational errors.

In US, short selling penalty is even extended to non-public offering of securities issued by listed companies, i.e. Private Investment in a Public Equity (PIPE). PIPE is a private offering in which accredited investors agree to purchase restricted, unregistered securities of public companies. PIPE shares can only be offered to "accredited" investors - investors with assets of US$1m or more. Only after the PIPE shares registration is approved by the SEC are investors free to sell them on the open market.

Last month Friedman, Billings, Ramsey & Co., Inc. (FBR), an investment banking and brokerage firm agreed to pay more than US$7.7m to NASD and SEC to resolve charges arising from FBR's improper trading in shares of Compudyne Corporation, in a PIPE deal it structured and managed for the Maryland-based security firm.

in Sep 2001, Compudyne Corporation and FBR, its placement agent, offered accredited investors - on a confidential basis - a PIPE deal proposing to sell 2.45 million shares of common stock, which raised more than US$29m. The restricted stock was offered at the below-market price of US$12 per share. FBR failed to maintain an information barrier to prevent trading by FBR personnel who were aware of this information.

As part of efforts to make a market in Compudyne, supply liquidity, and advertise FBR's capabilities, FBR's head trader, who was aware of material, nonpublic information about the PIPE, engaged in trading in Compudyne before the PIPE was announced to the public. By the time the PIPE was announced on 9 Oct 2001, FBR had a net short position of approximately 179,495 shares. FBR eventually covered its short position by buying shares of Compudyne after the shares that had been purchased in the private placement were registered and became tradable in the market. FBR made a profit of approximately $343,773 on the short sales of Compudyne that were executed before the public announcement of the PIPE.

FBR also failed to enforce its written supervisory procedures designed to protect confidential information, failed properly to locate stock to borrow in order to sell Compudyne shares short, and misinformed NASD about the departure from the firm of a broker involved in selling the Compudyne PIPE.

In HK, while the Hang Seng Index has continually recorded a new high, more people are expected to engage in intentional short selling, resulting in more SFC investigations.