Provision of False Client Documents and Information

On 30 Aug 2021, SFC announced that it suspended Mr Cheung Man Chit, a former licensed representative of Emperor Securities Limited and Emperor Futures Limited (collectively, Emperor), for two years. The facts are summarized below.

Submission of false client documents and information to Emperor

• Cheung received two sets of client agreements from Client L and H in around Aug 2013 for the opening of Client L's accounts at Emperor, but submitted to Emperor the one received from H. Further, he falsely certified and claimed to have witnessed Client L's signing of the submitted client agreement.
• In around Jan 2014, Cheung received three payment forms authorising fund transfer from Client L to H, one from Client L and two from H. He submitted to Emperor the two payment forms received from H and not signed by Client L, one of which resulted in the $300,000 Transfer which Client L alleged was not authorised by her.
• He handled and submitted to Emperor six other account documents of Client L which were not signed by her between Nov 2013 and Jun 2014.
• Cheung provided his own addresses, and an email address he created, to state as the residential addresses and email address of another client (Client Y) in her client agreement and a change of particulars form which he submitted to Emperor.

Transfer of funds for clients

• Between Jun 2014 and Jan 2017, the accounts of Client Y and another client (Client C) at Emperor recorded transfers totalling around $3.2 million to/from Cheung's bank account or the bank account of a company solely owned by him (Company U) on 15 occasions. Ten of the 15 transfers were made pursuant to third party deposit/payment request forms (Third Party Forms) of the clients signed by Cheung as the handling account executive.
• Cheung admitted that he helped the clients transfer money to/from the Mainland using his and Company U's bank accounts, and claimed that he did not receive any benefit for transferring money for the clients. He accepted that the money transferred from the Emperor accounts of the clients had been mingled with the money in his and Company U's bank accounts.
• To secure Emperor's approval of the third party fund transfer requests of the clients and get around the need to provide supporting documents required under the firms' then policy, he falsely stated in the clients' Third Party Forms that they were directors of Company U, he and Client C were business partners, and the reason for payment was capital recovery by Company U.

Using a client's password to place trade orders in her online trading account

• Client C opened an option account at Emperor in May 2014. Based on the records of internet service providers, 84 orders were placed in her option account via internet from IP addresses subscribed by Cheung or situated at the offices of Emperor and his new employers between Jun 2014 and Aug 2017.
• Cheung stated that he placed orders for Client C via internet as a friend and did not receive any personal benefit from her. Client C only paid commission to Emperor for the trades.

Failure to inform SFC and Emperor of directorship / proprietorship

• Cheung has been the sole proprietor of Company U and the director of another company since their incorporation in around 2010 and January 2018.
• He did not report to SFC his directorship and proprietorship of the two companies in his licence application and throughout the period when he was licensed with SFC.
• Cheung did not notify Emperor of his proprietorship of Company U during his accreditation with the firms pursuant to their internal policy.

My comments on this case:

• In terms of variety, severity and duration of Cheung's misconducts, licence suspension of two years seems too lenient.
• Emperor's account opening, trading and settlement procedures had been abused by Cheung. The relevant internal controls and monitoring should be strengthened.

Various Regulatory Breaches of UBS

A large-cap investment bank is supposed to have a more robust compliance mechanism than mid-cap/small-cap ones, but it is not immune from regulatory breaches.

On 3 Aug 2021, SFC announced it reprimanded and fined UBS AG and UBS Securities Asia Limited (UBSSAL) (collectively, UBS) $9.8 million and $1.75 million respectively over various regulatory breaches.

Disclosure of financial interests in research reports

• Between May 2004 and May 2018, UBS failed to make proper disclosure of its financial interests in some Hong Kong listed issuers covered in its research reports in breach of para. 16.5(a) of the Code of Conduct.
• The failure was caused by (i) multiple data feed logic errors in relation to a legacy data source used by UBS for tracking its shareholding positions; and (ii) UBS’s lack of proper systems and controls to test the accuracy of, and detect the logic errors in, the data feeds.
• Based on UBS's review, the failure affected 80 (6.43%) research reports issued by UBSSAL and 125 (14.59%) research reports issued by UBS AG during sample periods between Sep 2017 and May 2018.

Compliance with the Client Securities Rules ("CSR") and Contract Notes Rules ("CNR")

• Between Nov 2012 and Feb 2019, UBS AG failed to diligently supervise its client advisors and implement sufficient controls to ensure that only professional investor ("PI") clients were subscribed to the securities pooled lending ("SPL") service. As a result, 2,263 non-PI clients were subscribed to the SPL service, out of which 91 clients entered into 913 SPL transactions with UBS AG.
• As UBS AG had wrongly assumed that these clients were PIs, it failed to obtain valid standing authorities from and issue contract notes to them in respect of the SPL transactions, in breach of sections 4 and 7 of the CSR and section 5 of the CNR.

Compliance with the telephone recording requirement

• Between Aug 2017 and Jun 2019, UBS AG had failed to record client order instructions received through the telephone in breach of paragraph 3.9 of the Code of Conduct:
• Between Aug 2017 and Dec 2017, the order instructions placed through 8 overflow lines for 2,006 transactions executed for 364 clients were not recorded. This was caused by an omission in the voice recording setting during the migration of UBS AG’s telephone system to a new system. Due to the wrong assumption held by the project team responsible for the migration that overflow lines of UBS AG’s wealth management department would be automatically recorded after migrating to the new telephone system, it failed to enable the recording function of such phone lines during and after the migration.
• Between Nov 2018 and Jan 2019, the order instructions placed. through a telephone line for 20 transactions executed for 5 clients were not recorded. This was caused by an omission to re-activate the voice recording function when the telephone line was transferred from a former client adviser to a newly joined client adviser.
• Between 13 and 17 Jun 2019, the order instructions placed through 26 telephone lines for 96 transactions executed for 51 clients were not recorded. This was caused by human error in the course of transitioning UBS AG's telephony system from Skype for Business soft phones to Cisco desk phone which led to a break in the voice recording system.

Assessment of clients' derivatives knowledge

• Prior to 2018, UBS AG required its staff to obtain trading evidence (such as bank statements) from clients who declared that they had conducted five or more derivative trades in the past 3 years. UBS AG discontinued this practice in 2018 due to its misinterpretation of another FAQ issued by SFC.
• As a result, between 2 Jan 2018 and 17 Jun 2020, UBS AG failed to follow applicable regulatory guidelines relating to the assessment of clients' derivative knowledge by failing to obtain trading evidence from 858 clients who declared that they had conducted 5 or more derivative trades in the past 3 years, in breach of paragraph 5.1A of the Code of Conduct. Out of these 858 clients, 380 of them have subsequently traded derivative products with UBS AG.

Disclosure of product risk

• UBS AG had failed to disclose to its clients the "stop loss event" feature of a structured note issued by an issuer (Notes) before trade execution. The failure affected 15 client accounts involving the sale of 12 Notes between Oct 2017 and Feb 2020 for a total notional amount of about US$12 million.
• UBS AG's disclosure failure was caused by an omission of the stop loss event feature in the additional product sheet prepared by UBS AG's Structured Product Sales Team in Singapore (SP Team). The SP Team member who prepared the additional product sheet was not aware of the stop loss event feature. When another SP Team member reviewed the draft additional product sheet, he noted that the stop loss event feature was not included but he did not raise any issues as he considered the stop loss event feature to be insignificant as compared to the issuer default risk. UBS AG discovered the failure when handling a client complaint in Apr 2020.

Other investment banks may take this comprehensive case as a good reference when reviewing their own internal controls.

Operation of House and Client Bank Accounts

On 28 Jun 2021, SFC issued a circular about operation of bank accounts.  This 7-page circular is quite clumsy and repetitive.  Its essentials can be summarized as follows:

• Authorised signers for effecting payments out of a LC's client bank accounts should only be RO, MIC or his / her delegate.
• Authorised signers for effecting payments out of a LC's house bank accounts should be:
• RO, MIC or his delegate; or
• Any other person, provided that such person can only effect payments jointly with RO, MIC or his delegate.

The "delegate" should be accountable to the RO or MIC, e.g. staff of the LC, staff of the LC's group companies, or a payment processing agent.

SFC issued this circular because it has noted cases of LC's unsatisfactory practices.  For example, a LC's house or client bank accounts were operated solely by a shareholder, a director or a nominee of a shareholder or director, and these were not RO, MIC or their delegates.  The authorised signers were not subject to appropriate oversight in relation to the operation of the LC's bank accounts and were not accountable to any RO or MIC.

SFC requires LC to critically review their existing policies and procedures to ensure full compliance with this circular.  To account for the time of making necessary changes, SFC leniently allows LC to implement the expected standards by 3 Jan 2022.  I wish no LC collapse during the transitional period due to lax operational controls over bank accounts.

Suspected Ramp and Dump Scams

This year SFC has put substantial efforts to combat ramp and dump scams involving market manipulation of Hong Kong listed shares.  Today it issued a circular to remind intermediaries of their existing obligations under para. 12.5(f) of the Code of Conduct to report suspected market misconduct suspected of their clients to SFC timely manner.

Most importantly, this circular provides a non-exhaustive illustrative list of red flags may indicate a potential ramp and dump scam:

• Clients whose transaction amounts are generally incommensurate with their reported profiles. For example, a client, who is unemployed with no significant previous trading experience and has limited reported assets, conducts a large volume of trading in a stock in a short period of time;
• Clients who regularly acquire shares through bought and sold notes or on a free-of-payment basis or who receive large third-party deposits in their accounts;
• Clients who bought shares on a delayed settlement basis, following which the share price rose substantially during the delayed settlement period, and then gave instructions before the payment date to sell these shares;
• Clients who bought shares in a particular stock towards the end of the trading day in a way that had the effect of substantially raising the closing price on a number of days, particularly when the company is a thinly-traded, small-cap stock with a highly concentrated shareholding and it has experienced a sustained price increase which cannot be explained by any corporate or sector-specific news;
• Clients who sold a large volume of shares in a particular company shortly before a collapse of the share price which cannot be explained by any corporate or sector specific news.  It would be particularly suspicious if clients seek to receive the funds immediately following the selling instruction and before the completion of the normal T+2 settlement period;
• A group of clients, some of whom are identified from the trading behavior set out above, traded in the same stock in the same direction, at more or less the same price or at the same time, and exhibit any of the following characteristics:
• they have authorised the same third party to operate their accounts;
• they have effected fund transfers amongst themselves;
• they opened accounts on or around the same day, were served by the same account executive or referred to the intermediary by the same person at account opening; or
• they share the same personal particulars such as telephone numbers or email addresses.

In my compliance practice, I had witnessed most of the above red flags and taken necessary actions against those suspicious clients.  This circular is in fact a summary of good industry practices.

Incorrect Client Statements

On 24 Jun 2021, SFC announced that it reprimanded Deutsche Securities Asia Limited (DSAL) and fined it $2.45 million for issuing incorrect statements to its prime brokerage (PB) clients and delaying reporting its failures to SFC.

Since 2006, DSAL has booked information regarding corporate actions (CA) (including issuance of bonus shares) by listed companies which its PB clients hold shares in to its front office system (FO System).  The FO System would transfer these CA details to another system responsible for the generation of periodic statements issued to the PB clients (Statements).

However, due to a design defect in the FO System, it did not distinguish between ex-entitlement dates (Ex-Dates) and settlement dates (Pay Dates) of bonus share events.  The FO System only extracted the Ex-Dates when transferring the relevant data to the other system for generation of the Statements.

As a result, where there was an interval between the Ex-Dates and the Pay Dates, the transaction records and shareholding positions displayed in the Statements showed the bonus shares as settled and tradable as of the ExDates, when in fact these shares had not become unconditional for long sale until the Pay Dates (Error).  Disposing of such bonus shares during the interval without borrowing the requisite shares could constitute naked short selling.

One of DSAL’s PB clients (Client) appeared to have relied on the Statements containing the Error (Impacted Statements) and oversold bonus shares issued by three Hong Kong-listed companies in Jul 2018, between the respective Ex-Dates and Pay Dates of the relevant bonus issuances.

DSAL had likely issued Impacted Statements to some of its PB clients since the FO System was implemented in 2006, until the Error was remedied in Nov 2018:

• 34 PB clients received Impacted Statements from DSAL between Jan and Oct 2018;
• 75 PB clients likely received Impacted Statements between 2011 and 2017; and
• DSAL was unable to identify the number of PB clients who may have received Impacted Statements before 2011 since the data is no longer available.

Although DSAL first discovered in Jul 2018 that Impacted Statements had been issued to the Client and became aware in the following month that the Error was attributable to a design defect in the FO System, it delayed reporting its failures to SFC for over 6 months until Feb 2019 when it completed its internal investigation.

In this case, only one client was misled to conduct naked short selling.  Does DSAL deserve such a high penalty (though you may say $2.45 million is not much for it)?  But SFC might have considered the facts that:

• The system design defect had not been discovered over a long period (10+ years).
• DSAL failed to immediately report such material non-compliance to SFC (it should not wait until the completion of internal investigation).

New CPT Regime 2022

On 18 Jun 2021, SFC issued the Consultation Conclusions on Proposed Enhancements to the Competency Framework for Intermediaries and Individual Practitioners.  The revised Competence Guidelines, CPT Guidelines and Fit and Proper Guidelines will become effective on 1 Jan 2022.

As a compliance trainer, I am more keen on discussing the revised CPT requirements first.

Specifying 10 CPT hours per calendar year as the minimum requirement for LR, with two additional hours on regulatory compliance for RO

• This is a fundamental change of the CPT regime.  In the past, if you're licensed for multiple RA competence groups, your CPT obligation may amount to 15 or even 20 hours.  But of course, many SFC licensees have been smart enough to take CPT on topics relevant to different RA competence groups (for multiple counting).  So I think most of them have taken only 5 CPT hours every year.

• While RA competence group basis is no longer used, SFC straightly increases the minimum CPT requirement (per individual basis) to 10 hours (for LR) or 12 hours (for RO) per year.  This change would probably affect a lot of licensees as most of them should have "enjoyed" 5 hours over the past years.  But when comparing with the CPD regime of other regulated industries (e.g. insurance, lawyers, etc.), 10 or 12 hours is actually not excessive.
• Requiring RO to take 2 extra hours on regulatory compliance is also fair.  There are too many RO who are ignorant of regulatory requirements and over-relying on compliance officers to handle regulatory compliance.  SFC has also clarified that "regulatory compliance" is only a subset of "compliance".  When fulfilling this 2-hour requirement, RO should choose topics about SFC's rules and regulations.  Topics about compliance with internal company policies are not eligible (unless those policies are primarily originated from SFC's regulations).

Requiring each individual practitioner to attend at least five CPT hours on topics directly relevant to the RAs in which he or she engages

• In other words, a LR can feel free to attend 5 hours on topics which are relevant to CPT but not necessarily relevant to his licensed RA.  This seems to be SFC's response to a long-term problem encountered by licensees: too difficult to identify adequate trainings relevant to their licensed RA.
• SFC emphasizes that such CPT hours should be allocated to cover an individual's practice areas in proportion to the time and effort that he spends in each area.  The allocation is not an easy matter to administer.  For example, a LR is licensed for both RA1 and RA2, assuming he allocates 60% of his time to RA1 and 40% to RA2.  It follows that out of the 5 CPT hours on "directly relevant to RA" topics, 3 hours should cover RA1 and 2 hours should cover RA2.  The problem is...WHO (the LR himself, his supervisor, HR...?) is responsible for formally defining the LR's allocation of time and effort among different RA?  Even SFC has admitted that it doesn't intend to require any precise calculation of the time and effort an individual spends during the year on different RA.  My practical suggestion is...trying to identify CPT on topics covering as many RA as possible.

Requiring each individual practitioner to complete no less than two CPT hours on topics relating to ethics or compliance per calendar year

• This is reasonable.  Spending 20% of the 10 CPT hours on ethics or compliance topics (even they are not directly relevant to RA one is licensed for) is good for fostering compliance culture.

Requiring each individual practitioner who first joins the industry in Hong Kong to complete two CPT hours on ethics within 12 months

• From 2022 onwards, first time SFC licensee must take 2 CPT hours on ethics for "brainwashing" purpose.  In subsequent years he will be required to take 2 CPT hours on either ethics or compliance (see above).  That means, SFC considers that ethics precedes compliance.
• However, ethics training is not widely available in the market due to lack of commercial value.  Thus SFC suggests organizing in-house trainings or using the free training service offered by ICAC's Community Relations Department.

Other issues

• SFC has clarified in the revised CPT Guidelines that CPT in both face-to-face and virtual formats are acceptable.  In fact, due to the pandemic, many CPT courses are now delivered via online platform.  But I still think webinar is not eligible for CPT purpose because usually the host is unable to provide the attendance record.
• The revised CPT Guidelines has also widened the scope of relevant CPT topics to include: market developments, Fintech, ESG, cybersecurity and IT (which is actually replacing "computer knowledge").  These topics are suitable for fulfilling the "non-core" CPT hours (i.e. not directly relevant to RA one is licensed for).

Ad time: I am going to launch the SFC Compliance Series 2021 by collaborating with KORNERSTONE.  In these new CPT sessions, I would share my practical experience in handling the following compliance topics:

• Module 1 – Licensing Issues, Complaint Handling and Dealing with SFC
• Module 2 – AML and Combating Financial Crimes and Frauds