On 2 September 2014, the SFC held its first ever Supervisory Briefing Session (“Session”) to share with market participants their major findings and observations emanating from recent inspections of the equities and FICC (Fixed Income, Commodity, Currencies) businesses.
The Session was attended by over 200 participants, including representatives from investment banks, licensed firms, and regulatory practice advisers.
The main speakers at the Session were Mr Ashley Alder (CEO of SFC), Mr James Shipton (Executive Director of SFC and Head of the Intermediaries Division), Mr Mark Steward (Executive Director of SFC and Head of Enforcement Division) and Mr Stephen Po (Senior Director of Intermediaries Supervision).
This bulletin provides a summary of what we believe are the key points raised during the briefing. It does not constitute an exhaustive account of the matters discussed and has not been endorsed by the SFC.
1. Key Takeaways
- Primary responsibility for market misconduct lies with senior management, and there should be alignment of management responsibilities on global and local levels, i.e. a ‘top down’ approach.
- The SFC recognizes that responsibility for the management at firms often doesn’t just sit with Responsible Officers. There may be other decision makers in the firm who share those responsibilities and the Securities and Futures Ordinance (“SFO”) anticipates this by extending liability to any person involved in the management of the business if relevant misconduct occurred with his consent, connivance or neglect.
- Senior management must take ownership of regulatory issues and ensure proper conduct and procedures are in place within the firm.
- Controls and systems within firms are crucial. It is equally important that middle management and others within the firm, especially the business itself and the operations teams, are familiar with such controls and systems and apply them consistently.
- Market participants should be more proactive (rather than just reactive) in dealing with issues and potential problems.
- When issues arise, firms should ensure that they report to the SFC at the earliest opportunity so that appropriate action can be taken swiftly.
2. Enforcement Trends
- The SFC considers hindsight to be an important part of its regulatory toolkit.
- The SFC’s decision to impose remedial solutions in place of penal sanctions in a number of past cases was a strategic one and will not be repeated in future, i.e. solutions and sanctions will be applied in equal measure.
- Both the firm and the individual may be held liable for regulatory breaches. In the past, the SFC had pursued criminal action against individuals and had taken civil actions against firms in the same set of circumstances. This approach will continue.
- In terms of senior management responsibility, the SFC will continue to focus on:
- a proper process of investigation, including open transparent conversations with market participants to ensure there are no surprises; and
- the importance of evidence (cards lie where they fall) – an individual will be liable if evidence suggests that the failure attributable to him; but if the system is responsible for the failure, the firm is more likely to be held liable
- Market participants in receipt of compliance advice letters should take note, as the issue of such letters means that the SFC takes the view that they came close to the enforcement line. No complacency should arise from such letters and firms are expected to continue to monitor and improve their own practice.
- The SFC will continue to conduct real-time surveillance to monitor securities trading activities in the markets. In view of market developments, such as the Shanghai/Hong Kong Stock Connect, the SFC expects to issue more requests under section 181 of the SFO, seeking information relating to transactions.
3. Key Inspection Focus Areas
- Fat finger errors
- Firms need to be aware of the potentially serious consequences of ‘fat finger’ errors. Large trading errors can quickly have a serious economic impact on the capital position of firms.
- Electronic Trading Controls
- Electronic Trading Guidelines were introduced on 1 January 2014 to impose pre-trade vetting and post-trade monitoring and to regulate the internet trading environment. Specifically, the SFC issued a circular on 27 January 2014 on Internet Trading and Reducing Internet Hacking Risks.
- Anti-Money laundering
- There is a concern that, at present, the identification and reporting of suspicious transactions to the JFIU and other relevant bodies in this sector is lower than it should be.
- Supervision and Controls
- Senior management has the responsibility to ensure that the right systems are in place to facilitate compliance, and to foster open internal communication.
- Compliance departments are expected to ensure that the business complies with regulatory requirements.
- Control thresholds should be set at a reasonable level and should result in action when breached.
- Where a firm incurs a significant loss, follow up investigations and action is expected.
- Intermediaries will be supervised by the SFC through on-site inspection (e.g. routine inspection at firms) and off-site monitoring (e.g. discussions with market participants and overseas regulators).
4. Specific Focus Points
- Client facilitation: There is often a lack of adequate controls in place to avoid conflict of interest (e.g. head traders having access to client information) and lack of client consent transaction by transaction.
- Short-selling: There is a need for firms to ensure documentary assurance is obtained prior to the execution of trades.
- Stock borrowing and lending: Weaknesses identified include a lack of adequate controls to prevent over-lending, inconsistent application of firm-wide policies and procedures and a failure to account for pay-to-hold requests.
- Cancel and amend transactions: Common problems include lack of specific controls, insufficient analytical reporting, and insufficient follow up of exceptional cancel and amend transactions.
- Dark pool operations: Typical failures include a lack of proper safeguards against information leakage, ineffective control over client on-boarding to dark pools, failure to handle client orders fairly, improper incident management (need to escalate to senior management to take corrective action to avoid the same mistakes in the future).