Investment management firms with operations in Hong Kong must turn its attention to the new Securities & Futures Commission (SFC) Fund Manager Code of Conduct (FMCC), which comes into force in four months. The package of new rules will apply to anyone licensed to carry out asset management regulated activity in Hong Kong.
Key Steps to Code Compliance
There are five key steps to reach compliance with the SFC’s new FMCC. These include:
Gap analysis – If they have not already done so, firms should begin to conduct a gap analysis as soon as possible to determine where their policies need updating to comply with the new guidelines. The analysis should benchmark the organisation’s framework against the whole of the Code of Conduct document, including the material in the appendices.
Risk framework – Firms will need to identify their risk universe to ensure their framework captures the specific requirements of the guidelines and make changes if it does not already do this. They must consider the effectiveness of all related controls, determine the residual risks, and implement an appropriate responsibility matrix, including a proper governance process around the risk management function. There are specific elements of the new FMCC, such as investment risk stress testing, that may require particular focus if this is not already in place.
Policies and procedures – Documentation will either need to be created or updated to reflect the outcomes of the gap analysis and the implemented risk framework. Firms should consider implementing policies and procedures geared around derivative risk management, vendor risk management, and counterparty and execution management.
Resourcing – For many organisations, the FMCC will create a whole new function. Or for some, it may require the reorganisation of tasks performed by a variety of individuals as part of other roles into a consolidated risk program with formal governance. With four months to go until implementation, time is growing short if the firm discovers that it needs to hire or train up for key roles, such as a new chief risk officer (CRO). And firms should now consider if they need external resources from consultants and technology providers, as they may find these have limited availability in the run up to the deadline.
Staff training – Training staff on the new policies and procedures is going to take time and will require coordination of resources. Firms should allow enough time for training and ensure they book time in advance as there will be significant demand as the FMCC deadline draws nearer.
There is a lot for firms to do before the 18 November deadline, but becoming compliant in time for implementation is still possible.
Leaving compliance to the last minute could create unneeded difficulties for the organisation. The FMCC compliance clock is ticking. If your firm has not yet started this project, you should commence work on it in good time.