TSFC's control guidelines have emphasized the importance of preventing unauthorized access to a licensed firm's key systems and documents. Could you imagine how serious the case may be if such unauthorized access is made by an outsider for a prolonged period?
Last week SFC reprimanded Emperor Securities Ltd and fined it $130,000 for the reason that it had insufficient systems and controls to monitor the use of its equipment, confidential information and client assets. SFC found that an unauthorized person, the girlfriend of one of Emperor's authorized representatives, had been accessing Emperor's premises, equipment, confidential information and client assets. She had also been dealing directly with clients accepting orders and handling settlement instructions for about three years.
Her unauthorized handling of settlement instructions caused Emperor's settlement department in Apr 2003 to redirect a deposit of $120,000 from a client into an account controlled by her. She repaid the $120,000 and has since been prosecuted by the police. In addition, though not mentioned by SFC, she might have conducted unlicensed dealing in breach of SFO.
As a good security control, a licensed firm should strictly enforce the policy of restricting entrance into the office premise by outsiders, even they are relatives / friends of staff members. In Emperor's case, I wonder how the company could turn a blind eye to the physical existence of this "mysterious employee" in its office for such a long period.
One may argue that the girlfriend is an employee of the firm by acting like an employee for a lengthy period.
ReplyDelete