Management is responsible after all
The SFC issued a circular to companies licensed for Type 1 regulated activity on 5 February 2016 to remind them to have sufficient internal controls and management supervision to protect client assets against internal misconduct. Although directed primarily at Type 1 licensees, this circular also contains messages that are relevant for corporations licensed for other types of activity, whether or not they hold client assets.
This type of circular often signals an intensification of focus by the SFC on the areas covered by the circular, whether by way of around of themed inspections or enforcement action.
The circular highlights a number of points, including the following:
- Weak internal controls and lax management supervision are still key findings that the SFC has identified during their onsite inspections.
- Key duties and functions should, where possible, be segregated and performed by different individuals.
- Clear policies and procedures are not sufficient - the policies and procedures need to be enforced, reviewed and improved on an ongoing basis.
- Management of a licensed company (which includes a firm’s Board of Directors, Chief Executive Officer, Managing Director, or other senior operating management personnel) need to fully understand the licensed entity's operations and internal controls. They must consider what types of reports and information they need to monitor whether their staff comply with the relevant policies and procedures. They also need to be vigilant and ask appropriate questions when reviewing those reports. They are ultimately responsible for the adequacy and effectiveness of the company's internal controls and compliance with the applicable rules and regulations.
The circular contains two appendices, one setting out a useful list of possible red flags, pitfalls and vulnerabilities which the SFC has identified, the other containing a list of some suggested key measures and controls to protect client assets against internal misconduct. Licensed persons would be well-advised to ensure that they can demonstrate that they have at least considered the red flag issues identified by the SFC, (and whether there may be others relevant to their business) and the preventative measures they should put in place. The circular provides a useful self-assessment checklist for management as well as in-house compliance.
Does 25 March 2016 mean anything to you?
If you have been reading our newsletters, you should know that we have been reminding our readers about the implementation of the new PI regime that will take effect on 25 March 2016. If your company deals with individual PIs and corporate PIs that do not pass the CPI assessment, your company will need to treat them as retail investors. If your corporate PIs have passed the CPI assessment but do not consent to be treated as PIs, your company will also need to treat them as retail investors.
Just do it!
The SFC conducts surveys and questionnaires every now and then. Even though most of them are not mandatory, we typically recommend that clients participate anyway. Do you need to have your legal department or Deacons analyse each of the questions for you? Probably not. We suggest clients simply answer the questions as best as they can and consistently. It might be useful to keep a record of the basis of selecting / inputting a particular answer / number. If some of the questions are ambiguous, you can inform the SFC how you have interpreted the question. The SFC will seek clarification if it has any questions about your response.