Amendments to the SFC Code of Conduct (“Code”) were announced earlier this year and the majority came into effect over the weekend, on 1 December 2012.  Here we take a closer look at what is the most important new requirement, which imposes an obligation on licenced entities to report suspected market misconduct by clients.

The new reporting requirement

The major change to the Code is a new paragraph in the reporting section of the Code (section 12.5) which requires licenced persons or entities to immediately report to the SFC:

Any material breach, infringement or non-compliance of market misconduct provisions set out in Part XIII or Part XIV of the Securities and Futures Ordinance that it reasonably suspects may have been committed by its client, giving particulars of the suspected breach, infringement or non-compliance and relevant information and documents.

This means that licensed persons/entities are now required to report suspected breaches by their clients of the market misconduct provisions in the Securities and Futures Ordinance (“SFO”).  This is a significant shift from the other requirements in section 12 of the Code, which focus on a licenced entity's own compliance. Going forward, licensed persons/entities are now required to monitor their clients’ compliance with certain parts of the SFO.

The obligation only arises in relation to the market misconduct provisions in Part XIII and Part XIV of the SFO (essentially ss.281, 291 to 294) and not to breaches of the SFO generally.  Accordingly, it requires reporting where there is a suspicion that clients have undertaken trading which would amount to market manipulation (such as price rigging) or insider dealing.

It is important to note that the new requirement does not refer to actual breaches, but to suspected breaches, so licensed entities are required to a report even where the breach has not been proven.  There are a number of implications for licenced entities to consider, including three major issues:

  1. What will amount to a “reasonable suspicion” of a breach?
  2. How much information is required when a suspected breach is reported?
  3. Will the report breach client confidentiality requirements?

We consider each of these below.

Reasonable suspicion

The SFC has not provided any guidance on what will amount to “reasonable suspicion” and this will inevitably involve a judgment call.  It clearly involves something more than a mere suspicion, but what elevates a mere suspicion to a reasonable suspicion is subjective and will be difficult to determine in some (if not most) cases. 

Guidance may be drawn from other legislation and from the criminal law, which use a similar concept, including Sections 25 of the Drug Trafficking (Recovery of Proceeds) Ordinance and Section 25 of the Organized and Serious Crimes Ordinance, which use the concept of “having reasonable grounds to believe”.

The concept of “reasonable grounds to believe” in both of those sections is similar to a “reasonable suspicion”, although the authorities in relation to these provisions suggest that “reasonable grounds to believe” is a higher threshold than suspicion.

In considering whether a person has reasonable grounds to believe, the Courts have considered both objective matters, generally whether circumstances exist which would give rise to that belief, and subjective matters, whether the defendant in question was aware of those circumstances.  Proof that the defendant held that believe is not necessary to prove the offence in this case.2

Another source of guidance is authorities dealing with the requirement that a police officer have reasonable grounds for suspicion that an offence has occurred before they can arrest a suspect.  Whilst the subject matter is quite different, the concept of what is necessary to constitute a reasonable suspicion is similar.  Those cases also suggest that there will be a subjective and objective element to the test.  In a House of Lords decision in relation to that issue3,  the Court noted that the test for a reasonable suspicion:

“…relates entirely to what is in the mind of the arresting officer when the power is exercised.  In part it is a subjective test, because he must have formed a genuine suspicion in his own mind…In part also it is an objective one, because there must also be reasonable ground for the suspicion which he has formed.”4

The cases in relation to police officers also suggest that a suspicion need not be based on first-hand information, but on information obtained from another person.  In the context of the reporting under paragraph 12.5(f) of the Code that means that a licenced person need not have first-hand knowledge of the matters giving rise to the suspicion in order for a reporting obligation to arise. 

On that basis, the test for whether there is a reasonable suspicion could be:

  1. whether objectively, there are reasonable grounds giving rise to that suspicion; and if so,
  2. whether, the licensed entity/person is aware of the existence of those grounds.

Accordingly, it seems that the reporting requirement may not be triggered in circumstances where a licenced person has a “hunch” that a client may have contravened a market misconduct provision of the SFO, but his or her belief is not supported by objective facts. What inquiries should you make if that situation arises is not clear: do you need to investigate further or at all? That presents practical difficulties when time and resources are stretched; however it is a judgement call as to whether to investigate and how far any follow-up inquiries should be taken.

How much information is required?

Paragraph 12.5(f) includes an express requirement that the report include particulars of the breach and any relevant information or documents.  Accordingly, when making a report, it will be necessary to consider whether the organisation holds documents which relate to the suspected breach, and if so, whether they will need to be provided as part of the report.  The provision of those documents needs to be considered carefully in light of client confidentiality obligations (considered below) not only to the client in question, but also to other clients if the relevant documents relate to more than one client.  Where necessary you should consider redacting material which is not relevant to the suspected breach.

Again, in light of client confidentiality, it is equally important for an organisation not to provide more information/documents than is necessary.  Although there is no guidance on what kind of documents will be considered relevant, you should consider what is necessary to support the suspicion and only provide those documents, not all documentation relevant to the client or even the trading in question if it does not point to the suspicion. 


One of the main concerns raised by the industry in the consultation phase leading to the amendments to the Code was that this reporting obligation would breach client confidentiality.  The SFC dismissed that concern and noted that confidentiality obligations can be overridden where necessary, in particular where there is a public duty to disclose the information.  Whilst that may be true, the commercial and legal reality is that organisations run the risk of breaching their implied and/or contractual obligations of confidentiality to clients if they report suspected breaches to the SFC.

Accordingly, it is important to ensure that your client agreements allow a disclosure such as the one now required by paragraph 12.5(f).  It may be that your existing agreements allow this if they have a general exemption to confidentiality where disclosure it is required by the regulator.  However, a general exemption which allows disclosure where it is compelled by law will not be sufficient as the Code is not part of the SFO which means that the reporting obligations in Section 12.5 of the Code are not legal requirements.  Organisations should check their client agreements to ensure that they contain a sufficiently wide exemption to their obligation of confidentiality to clients.

Practical tips: what do you need to do?

  • The first step is to ensure that your internal policies are updated to reflect all of the changes to the Code, including the new telephone recording requirements (which require telephone recordings of clients orders to be retained for six months)
  • Review client agreements to determine whether they allow reporting as required under paragraph 12.5(f) of the Code
  • Consider running staff training sessions in relation to the new reporting requirement so that staff are aware of the obligations and how to determine whether a reporting obligation under 12.5(f) has arisen
  • Understand the basic elements of market misconduct offences
  • Consider and agree to the criteria and parameters for self-report to the regulators
  • Have an internal self-report process (for example, hotline for employees, established escalation procedures)
  • Establish and monitor controls for employees' and clients' trading activities
  • Make sure employees have the right mind-set (there may be resistance to reporting clients' misconduct)
  • Be aware of the potential impact of a self-report: how to handle the client relationship going forward, does this trigger other reporting obligations, any conflict of laws issue if the laws of another jurisdiction also apply

How is the SFC going to use the information reported?

For the ways in which the SFC can disclose information provided as part of a self-report under the Code, please see our previous client alert in relation to sharing of information between regulators by clicking here.

Another concern is whether licensed persons/entities could be involved in any subsequent regulatory investigation or court proceedings against their client, and if so, to what extent.