Operation of House and Client Bank Accounts

On 28 Jun 2021, SFC issued a circular about operation of bank accounts.  This 7-page circular is quite clumsy and repetitive.  Its essentials can be summarized as follows:

• Authorised signers for effecting payments out of a LC's client bank accounts should only be RO, MIC or his / her delegate.
• Authorised signers for effecting payments out of a LC's house bank accounts should be:
• RO, MIC or his delegate; or
• Any other person, provided that such person can only effect payments jointly with RO, MIC or his delegate.

The "delegate" should be accountable to the RO or MIC, e.g. staff of the LC, staff of the LC's group companies, or a payment processing agent.

SFC issued this circular because it has noted cases of LC's unsatisfactory practices.  For example, a LC's house or client bank accounts were operated solely by a shareholder, a director or a nominee of a shareholder or director, and these were not RO, MIC or their delegates.  The authorised signers were not subject to appropriate oversight in relation to the operation of the LC's bank accounts and were not accountable to any RO or MIC.

SFC requires LC to critically review their existing policies and procedures to ensure full compliance with this circular.  To account for the time of making necessary changes, SFC leniently allows LC to implement the expected standards by 3 Jan 2022.  I wish no LC collapse during the transitional period due to lax operational controls over bank accounts.

Suspected Ramp and Dump Scams

This year SFC has put substantial efforts to combat ramp and dump scams involving market manipulation of Hong Kong listed shares.  Today it issued a circular to remind intermediaries of their existing obligations under para. 12.5(f) of the Code of Conduct to report suspected market misconduct suspected of their clients to SFC timely manner.

Most importantly, this circular provides a non-exhaustive illustrative list of red flags may indicate a potential ramp and dump scam:

• Clients whose transaction amounts are generally incommensurate with their reported profiles. For example, a client, who is unemployed with no significant previous trading experience and has limited reported assets, conducts a large volume of trading in a stock in a short period of time;
• Clients who regularly acquire shares through bought and sold notes or on a free-of-payment basis or who receive large third-party deposits in their accounts;
• Clients who bought shares on a delayed settlement basis, following which the share price rose substantially during the delayed settlement period, and then gave instructions before the payment date to sell these shares;
• Clients who bought shares in a particular stock towards the end of the trading day in a way that had the effect of substantially raising the closing price on a number of days, particularly when the company is a thinly-traded, small-cap stock with a highly concentrated shareholding and it has experienced a sustained price increase which cannot be explained by any corporate or sector-specific news;
• Clients who sold a large volume of shares in a particular company shortly before a collapse of the share price which cannot be explained by any corporate or sector specific news.  It would be particularly suspicious if clients seek to receive the funds immediately following the selling instruction and before the completion of the normal T+2 settlement period;
• A group of clients, some of whom are identified from the trading behavior set out above, traded in the same stock in the same direction, at more or less the same price or at the same time, and exhibit any of the following characteristics:
• they have authorised the same third party to operate their accounts;
• they have effected fund transfers amongst themselves;
• they opened accounts on or around the same day, were served by the same account executive or referred to the intermediary by the same person at account opening; or
• they share the same personal particulars such as telephone numbers or email addresses.

In my compliance practice, I had witnessed most of the above red flags and taken necessary actions against those suspicious clients.  This circular is in fact a summary of good industry practices.

Incorrect Client Statements

On 24 Jun 2021, SFC announced that it reprimanded Deutsche Securities Asia Limited (DSAL) and fined it $2.45 million for issuing incorrect statements to its prime brokerage (PB) clients and delaying reporting its failures to SFC.

Since 2006, DSAL has booked information regarding corporate actions (CA) (including issuance of bonus shares) by listed companies which its PB clients hold shares in to its front office system (FO System).  The FO System would transfer these CA details to another system responsible for the generation of periodic statements issued to the PB clients (Statements).

However, due to a design defect in the FO System, it did not distinguish between ex-entitlement dates (Ex-Dates) and settlement dates (Pay Dates) of bonus share events.  The FO System only extracted the Ex-Dates when transferring the relevant data to the other system for generation of the Statements.

As a result, where there was an interval between the Ex-Dates and the Pay Dates, the transaction records and shareholding positions displayed in the Statements showed the bonus shares as settled and tradable as of the ExDates, when in fact these shares had not become unconditional for long sale until the Pay Dates (Error).  Disposing of such bonus shares during the interval without borrowing the requisite shares could constitute naked short selling.

One of DSAL’s PB clients (Client) appeared to have relied on the Statements containing the Error (Impacted Statements) and oversold bonus shares issued by three Hong Kong-listed companies in Jul 2018, between the respective Ex-Dates and Pay Dates of the relevant bonus issuances.

DSAL had likely issued Impacted Statements to some of its PB clients since the FO System was implemented in 2006, until the Error was remedied in Nov 2018:

• 34 PB clients received Impacted Statements from DSAL between Jan and Oct 2018;
• 75 PB clients likely received Impacted Statements between 2011 and 2017; and
• DSAL was unable to identify the number of PB clients who may have received Impacted Statements before 2011 since the data is no longer available.

Although DSAL first discovered in Jul 2018 that Impacted Statements had been issued to the Client and became aware in the following month that the Error was attributable to a design defect in the FO System, it delayed reporting its failures to SFC for over 6 months until Feb 2019 when it completed its internal investigation.

In this case, only one client was misled to conduct naked short selling.  Does DSAL deserve such a high penalty (though you may say $2.45 million is not much for it)?  But SFC might have considered the facts that:

• The system design defect had not been discovered over a long period (10+ years).
• DSAL failed to immediately report such material non-compliance to SFC (it should not wait until the completion of internal investigation).

New CPT Regime 2022

On 18 Jun 2021, SFC issued the Consultation Conclusions on Proposed Enhancements to the Competency Framework for Intermediaries and Individual Practitioners.  The revised Competence Guidelines, CPT Guidelines and Fit and Proper Guidelines will become effective on 1 Jan 2022.

As a compliance trainer, I am more keen on discussing the revised CPT requirements first.

Specifying 10 CPT hours per calendar year as the minimum requirement for LR, with two additional hours on regulatory compliance for RO

• This is a fundamental change of the CPT regime.  In the past, if you're licensed for multiple RA competence groups, your CPT obligation may amount to 15 or even 20 hours.  But of course, many SFC licensees have been smart enough to take CPT on topics relevant to different RA competence groups (for multiple counting).  So I think most of them have taken only 5 CPT hours every year.

• While RA competence group basis is no longer used, SFC straightly increases the minimum CPT requirement (per individual basis) to 10 hours (for LR) or 12 hours (for RO) per year.  This change would probably affect a lot of licensees as most of them should have "enjoyed" 5 hours over the past years.  But when comparing with the CPD regime of other regulated industries (e.g. insurance, lawyers, etc.), 10 or 12 hours is actually not excessive.
• Requiring RO to take 2 extra hours on regulatory compliance is also fair.  There are too many RO who are ignorant of regulatory requirements and over-relying on compliance officers to handle regulatory compliance.  SFC has also clarified that "regulatory compliance" is only a subset of "compliance".  When fulfilling this 2-hour requirement, RO should choose topics about SFC's rules and regulations.  Topics about compliance with internal company policies are not eligible (unless those policies are primarily originated from SFC's regulations).

Requiring each individual practitioner to attend at least five CPT hours on topics directly relevant to the RAs in which he or she engages

• In other words, a LR can feel free to attend 5 hours on topics which are relevant to CPT but not necessarily relevant to his licensed RA.  This seems to be SFC's response to a long-term problem encountered by licensees: too difficult to identify adequate trainings relevant to their licensed RA.
• SFC emphasizes that such CPT hours should be allocated to cover an individual's practice areas in proportion to the time and effort that he spends in each area.  The allocation is not an easy matter to administer.  For example, a LR is licensed for both RA1 and RA2, assuming he allocates 60% of his time to RA1 and 40% to RA2.  It follows that out of the 5 CPT hours on "directly relevant to RA" topics, 3 hours should cover RA1 and 2 hours should cover RA2.  The problem is...WHO (the LR himself, his supervisor, HR...?) is responsible for formally defining the LR's allocation of time and effort among different RA?  Even SFC has admitted that it doesn't intend to require any precise calculation of the time and effort an individual spends during the year on different RA.  My practical suggestion is...trying to identify CPT on topics covering as many RA as possible.

Requiring each individual practitioner to complete no less than two CPT hours on topics relating to ethics or compliance per calendar year

• This is reasonable.  Spending 20% of the 10 CPT hours on ethics or compliance topics (even they are not directly relevant to RA one is licensed for) is good for fostering compliance culture.

Requiring each individual practitioner who first joins the industry in Hong Kong to complete two CPT hours on ethics within 12 months

• From 2022 onwards, first time SFC licensee must take 2 CPT hours on ethics for "brainwashing" purpose.  In subsequent years he will be required to take 2 CPT hours on either ethics or compliance (see above).  That means, SFC considers that ethics precedes compliance.
• However, ethics training is not widely available in the market due to lack of commercial value.  Thus SFC suggests organizing in-house trainings or using the free training service offered by ICAC's Community Relations Department.

Other issues

• SFC has clarified in the revised CPT Guidelines that CPT in both face-to-face and virtual formats are acceptable.  In fact, due to the pandemic, many CPT courses are now delivered via online platform.  But I still think webinar is not eligible for CPT purpose because usually the host is unable to provide the attendance record.
• The revised CPT Guidelines has also widened the scope of relevant CPT topics to include: market developments, Fintech, ESG, cybersecurity and IT (which is actually replacing "computer knowledge").  These topics are suitable for fulfilling the "non-core" CPT hours (i.e. not directly relevant to RA one is licensed for).

Ad time: I am going to launch the SFC Compliance Series 2021 by collaborating with KORNERSTONE.  In these new CPT sessions, I would share my practical experience in handling the following compliance topics:

• Module 1 – Licensing Issues, Complaint Handling and Dealing with SFC
• Module 2 – AML and Combating Financial Crimes and Frauds