Legal update: Manager In Charge Regime – ComplianceAsia12Jan2017
In January 2017, the SFC released a circular on clarifications to its current regime on senior management, expectations as to Board obligations of licensed firms and setting out new requirements in relation to licensing of senior management. The circular effectively introduces a Hong Kong manager in charge regime.
Initially all firms will need to provide the SFC with information on their organizational structure and managers from 18th April 2017 to 17th July 2017. By 16th October 2017 any MICs who are not already ROs and are required to be under the new rules must have applied for approval.
Who is Senior Management
Senior management of a licensed corporation includes, among others:
- directors of the corporation,
- ROs of the corporation, and
- individuals whom we call the Managers-In-Charge of Core Functions (MICs),
Director is defined in Schedule 1 to the SFO to include a shadow director and any person occupying the position of director by whatever name called. A person could be a director, RO and MIC of a licensed corporation.
During its soft consultation period, the SFC drew the industry’s attention to s194 of the SFO. Under Part IX of the SFO, the SFC may exercise its disciplinary powers to sanction a regulated person if the person is, or was at any time, guilty of misconduct or is considered not fit and proper to be or to remain the same type of regulated person. The term “regulated person” means a person who is or at the relevant time was any of the following types of person:-
- a licensed person;
- an RO of a licensed corporation; or
- a person involved in the management of the business of a licensed corporation (regardless of whether he or she is licensed).
The SFC added that there was need to delineate who are senior management of a licensed corporation as they are a subset of such regulated person.
“Among others” is important as the SFC clearly intends to reserve the ability to determine that other people may also be considered as senior managers.
Responsibilities of Senior Management
The existing responsibilities and liabilities of senior management are set out in a number of places in various Codes but the key ones are:-
• General Principle 9 of the Code of Conduct states that senior management should bear primary responsibility for ensuring the maintenance of appropriate standards of conduct and adherence to proper procedures by the corporation.
• Paragraph 14.1 of the Code of Conduct specifies that senior management should properly manage the risks associated with the business of the corporation, including performing periodic evaluation of its risk management processes; understand the nature of the business of the corporation, its internal control procedures and its policies on the assumption of risk and understand the extent of their own authority and responsibilities.
• The Internal Control Guidelines state that senior management, including directors, chief executive officer, managing director or other senior operating management personnel (as the case may be), are ultimately responsible for the adequacy and effectiveness of the corporation’s internal control systems. The Internal Control Guidelines also contain specific control guidelines for certain important areas, including information management, compliance, audit or related reviews, operational controls and risk management.
• The Guideline on Anti-Money Laundering and Counter-Terrorist Financing sets out detailed expectations regarding compliance and control functions that will be particularly relevant to MICs responsible for managing the Anti-Money Laundering and Counter-Terrorist Financing function.
Liabilities of Senior Management
Under s193(2) of the SFO, where a licensed corporation is guilty of misconduct as a result of any conduct occurring with the consent or connivance of, or attributable to any neglect on the part of, a person involved in the management of the business of the licensed corporation, then that person is also guilty of misconduct.
“Misconduct” includes an act or omission relating to the carrying on of any regulated activity for which a person is licensed or registered which, in the opinion of the SFC, is or is likely to be prejudicial to the interest of the investing public or to the public interest. Before forming any opinion for this purpose, the SFC shall have regard to its various codes and guidelines – s193(3) of the SFO.
When determining where responsibility lies, and the degree of responsibility of a particular member of senior management for the purposes of an enforcement action, the SFC will take into account the individual’s apparent or actual authority in relation to the particular business and operations, his or her level of responsibility within the licensed corporation concerned, any supervisory duties he or she may perform, and the level of control or knowledge he or she may have concerning any failure by the corporation or persons under his or her supervision to follow the Code of Conduct.
The disciplinary sanctions which the SFC may impose on a regulated person under Part IX of the SFO (licence revocation or suspension, pecuniary fine and reprimand) are civil rather than criminal in nature.
Senior management should also be aware of potential criminal liability. When a company has been found guilty of an offence under the SFO, under s390(1) of the SFO, where the offence is proved to have been aided, abetted, counselled, procured or induced by, or committed with the consent or connivance of, or attributable to any recklessness of, any officer of the corporation, then that officer is also guilty of the offence.
What is the Role of the Board of a Licensed Corporation
According to the SFC, the Board of a licensed corporation has the ultimate responsibility for the conduct, operations and financial soundness of the corporation. The Board works with senior management (to achieve the objective of a soundly and efficiently run corporation, and senior management is accountable to the Board.
Any member of the Board (regardless of whether he or she has an executive or non – executive role) has a duty to exercise independent judgement in relation to the exercise and delegation of the Board’s powers.
The Board retains responsibility for delegated decisions and is required to have systems and controls in place to supervise those who act under the delegated authority.
The Internal Control Guidelines state that a licensed corporation should establish, document and maintain an effective management and organisational structure.
The SFC expects that a licensed corporation should adopt a formal document, approved by the Board, clearly setting out the management structure of the corporation, including the roles, responsibilities, accountability and reporting lines of its senior management personnel.
Where a licensed corporation designates more than one individual to be the MICs of a particular Core Function, the Board should ensure that the document contains sufficient details regarding the specific responsibilities of each MIC concerned.
The SFC may request a licensed corporation to provide the document for its review.
The management structure of a licensed corporation (including its appointment of MICs) should be approved by the Board of the corporation. Furthermore, the Board should ensure that each of the corporation’s MICs has acknowledged his or her appointment as MIC and the particular Core Function(s) for which he or she is principally responsible.
These requirements have often not been followed in Hong Kong and many firms have such governance arrangements only at the head company or major operating company level. This requirement requires firms to give quite detailed consideration to how their Boards in Hong Kong will operate, what decision making will be made in Hong Kong and whether overseas based decision makers need to be appointed to the Hong Kong board to ensure that the Hong Kong entity can demonstrate satisfactory compliance.
What are the Core Functions?
Manager-In-Charge of Core Function means a person individual appointed to be principally responsible, either alone or with others, for managing any of the following Core Functions:
- Overall Management Oversight
- Key Business Line
- Operational Control and Review
- Risk Management
- Finance and Accounting
- Information Technology
- Anti-Money Laundering and Counter-Terrorist Financing
Overall Management Oversight
A function responsible for directing and overseeing the effective management of the overall operations of the corporation on a day-to-day basis.
Key responsibilities may include:
• Developing the corporation’s business model and associated objectives, strategies, organisational structure, controls and policies;
• Developing and promoting sound corporate governance practices, culture and ethics;
• Executing and monitoring the implementation of Board-approved business objectives, strategies and plans, and the effectiveness of the organisational structure and controls.
Example: Chief Executive Officer, President
Key Business Line
A function responsible for directing and overseeing a line of business which comprises one or more types of regulated activities.
Example: Chief Investment Officer, Head of Equity, Head of Corporate Finance, Chief Rating Analyst, Head of Fund Marketing
Operational Control and Review
A function responsible for:-
- Establishing and maintaining adequate and effective systems of controls over the corporation’s operations;
- Reviewing the adherence to, and the adequacy and effectiveness of, the corporation’s internal control systems.
Example: Chief Operating Officer, Head of Operations, Head of Internal Audit
A function responsible for the identification, assessment, monitoring and reporting of risks arising from the corporation’s operations.
Example: Chief Risk Officer, Head of Risk Management
Finance and Accounting
A function responsible for ensuring the timely and accurate financial reporting and analyses of the operational results and financial positions of the corporation
Example: Chief Finance Officer, Financial Controller, Finance Director
A function responsible for the design, development, operation and maintenance of the computer systems of the corporation
Example: Chief Information Officer, Head of Information Technology
A function responsible for:
- Setting the policies and procedures for adherence to legal and regulatory requirements in the jurisdiction(s) where the corporation operates;
- Monitoring the corporation’s compliance with the established policies and procedures;
- Reporting on compliance matters to the Board and senior management
Example: Chief Compliance Officer, Head of Legal and Compliance,
Anti Money Laundering and Counter-Terrorism Financing
A function responsible for establishing and maintaining internal control procedures to safeguard the corporation against involvement in money laundering activities or terrorist financing
Example: Head of Financial Crime Prevention, Head of Compliance
Who Should be Managers in Charge of Core Functions?
For each Core Function of a licensed corporation, appointed by the corporation as its MIC responsible for there should be at least one person managing that function.
However, licensed corporations may adopt different organisational and governance structures based on their commercial and operational needs. Therefore, a licensed corporation may appoint one individual to act as the MIC for several Core Functions where appropriate considering its scale of operations and control measures or appoint two or more individuals as MICs to jointly manage a particular Core Function.
To decide if a person is an MIC of a particular Core Function, the firm should take into account the apparent or actual authority of that individual in relation to that Core Function. A person may be in charge of a Core Function if he or she:
• occupies a position within the corporation which is of sufficient authority to enable the individual to exert a significant influence on the conduct of that Core Function;
• has authority to make decisions (e.g. assume business risks within pre-set parameters or limits) for that Core Function;
• has authority to allocate resources or incur expenditures in connection with the particular department, division or functional unit carrying on that Core Function; and
• has authority to represent the particular department, division or functional unit carrying on that Core Function (e.g. in senior management meetings or in meetings with outside parties).
Another factor to be taken into account is an individual’s seniority. An MIC would normally:-
• report directly to the Board of the corporation, or to the MIC who assumes the Overall Management Oversight function of the corporation; and
• be accountable for the performance or achievement of business objectives set by the Board, or by the MIC who assumes the Overall Management Oversight function.
MICs do not need necessarily be employees of the Hong Kong licensed corporation. They may be located in overseas in a Group Company. External parties merely providing outsourced services cannot be MICs.
Fit and Proper
The company must ensure that any person it employs or appoints to conduct business is fit and proper and qualified to act in the capacity so employed or appointed.
To determine whether a regulated person, including a person involved in the management of a licensed corporation, is a fit and proper person for the purpose of considering taking disciplinary action, the SFC may, among other matters, take into account the past or present conduct of the person (see s194(3) and s129 of the SFO).
If an MIC fails to ensure a licensed corporation’s compliance published by the SFC, the failure may call into question the having regard to his or her level of responsibility within the firm.
It will be necessary for firms in many cases to undertake more comprehensive background checks and provide more comprehensive training programmes for MICs than was historically the case.
MICs of the Overall Management Oversight function and the Key Business Line function should normally be ROs in respect of the regulated activities but not all ROs will necessarily be MICs.
An RO applicant who will be an MIC of the Overall Management Oversight function must meet the industry experience tests set out in the Guidelines on Competence.
The SFC takes into account the applicant’s overall career history within the industry, as well as his or her proposed activities and the resources (including system and expertise) available to the licensed corporation in totality.
An applicant who has held a senior position to manage a control or operational function (e.g. risk management, compliance, financial or operational control) for a long time may be approved as RO subject to appropriate licensing conditions, even if he or she has not had any experience in conducting or directly supervising regulated activity. Usually a licensing condition may be imposed to the effect that he or she should work together with another RO who is fully competent, also known as the ‘non-sole condition’.
The SFC confirmed that the current exam exemptions in Appendices D and E to the Guidelines on Competence currently provide various exemptions from the recognised industry qualification requirement and the local regulatory framework paper requirement still apply and an RO applicant, who is assuming a very senior management position in a licensed corporation, may be exempt from taking the local regulatory framework paper if he or she has sufficient industry experience and there is regulatory support available to him or her from other personnel within a controlled environment. In the past 5 years some of these exemptions have been very difficult to obtain in practice. It will be interesting to see how hard they are with this new approach.
Filings to the SFC
When applying for a licence, a corporation is required to provide information about its human resources and organisational structure showing that it is capable of carrying on regulated activities competently and for the SFC to assess the fitness and properness of the firm.
Under this new circular, the SFC expects the corporation to provide information regarding its MICs and its organisational chart in its application. The following information is needed for each MIC:-
- full name;
- identification information;
- job title (which means the individual’s position and his particular business or operational area – Chief Executive Officer, Chief Investment Officer, Chief Administrative Officer, Head of Risk Management, Head of Corporate Finance);
- place of residence;
- the Core Function(s) which he or she is in charge of; and
- the job title(s) of the person(s) to whom he or she reports within the corporation and, if applicable, within its corporate group.
The firm must also submit an organisational chart depicting its management and governance structure, business and operational units and key human resources and their respective reporting lines.
The chart must show all MICs engaged by the corporation, their respective reporting lines and the job titles of the persons reporting directly to these MICs in relation to the operations of the corporation.
The firm must also notify the SFC of any changes in its appointment of MICs (including any new appointment and cessation of appointment) or any changes in the particulars of its MICs within 7 business days of the changes.
Where a change involves a new appointment or cessation of appointment, or a change in the particulars referred to in items above, the firm should also submit an updated organisational chart in its notification of that change. The SFC has advised that these notifications will be done electronically and that will present some challenges to existing filing procedures for firms.
The Board of the firm or a firm itself must ensure that the information submitted to the SFC is complete and accurate. Under s383 or 384 of the SFO, a person may commit an offence if he provides false or misleading information in support of a licence application or in relation to a notification.
On a practical note, the SFC has amended Supplement 8 and included a new form Supplement 8A – Manager in Charge of Core Functions for applications.
For more information on how these changes affect your firm please speak with your case manager, Philippa Allen or Alex Duperouzel of the Hong Kong office.
ComplianceAsia is the longest established compliance consulting firm in Asia Pacific established in 2003 with key offices in Hong Kong and Singapore. We have an unmatched track record of completing complex compliance consulting projects for financial firms in the APAC region.
With over 50 staff who are compliance experts with experience in dealing with the SFC, HKMA, MAS, CSRC, JFSA and Asian exchanges, we provide independent, unbiased advice on Asian financial industry legislation and regulations. Our international client base consists of asset managers, hedge funds, private equity funds, family offices, broker-dealers, insurers, wealth managers and investment banks.
Click here for the pdf version of this alert.
HONG KONG ADDRESS: Suite 1102, ChinaChem Tower, 34 – 37 Connaught Road, Central | T: +852 2868 9070
SINGAPORE ADDRESS: 137 Telok Ayer Street #03 – 06, Singapore 068602 | T: +65 6533 8834
For employment and regulatory related legal enquiries please contact Russell Bennett.
Disclaimer: This publication is general in nature and is not intended to constitute legal advice. You should seek professional advice before taking any action in relation to the matters dealt with in this publication.