Cognitive GRC provides services mainly to regulated firms in Hong Kong that provide services to institutional and professional investors only. We work with international service providers to deliver a global service for firms located in Hong Kong. The following topics are raised as part of regular updates we provide to our clients during the year to assist with business planning and should not be considered legal advice. We work with leading service providers to deliver holistic solutions in areas where we have developed unique symbiotic relationships but please note that some of the content below links to other websites and we are not responsible for the content or security of those external sites. Please contact your adviser in relation to any matters raised in this discussion and obtain legal advice where necessary.
Quarter 3 Updates/Year end planning
2023 is approaching rapidly and there is not much time left in the day after dealing with market stresses to keep on top of the operational ones, but please find an extract of our quarterly client newsletter for a roundup of items for consideration as the year end approaches.
At the beginning of the last quarter, Cognitive GRC prepared a kitchen sink white paper on operational resilience which you might incorporate into an annual governance review to record your consideration of key issues that you might have not yet incorporated into your risk universe. Clients may refer to our client information portal (datasite) or you can simply request a copy of those resources here. We also discussed the key issues during a panel on Corporate Bouncebackability at AIMA’s APAC Annual Forum back in September.
We also saw the launch of AIMA’s Hong Kong vision paper (Source: AIMA) in July providing a balance to the negative sentiment and reconfirming Hong Kong’s value, notwithstanding the recent exodus(es). We are starting to see more positive signs around Hong Kong’s bouncebackability with progressively positive announcements arriving by the day. We look forward to seeing this positive trend continue.
E-Learning: Please find a 6-minute introduction to the content of our recently produced core compliance e-learning here on our YouTube channel to showcase what we can design or make available for clients in online training. Our team has been working with converting our training content onto quality online versions and making them available to our clients.
Project Services: Website. Developing a trusted bench of service partners takes a lifetime. See our project consulting site for further guidance on how we ensure we have access to the right resources for the larger projects that we work on, without disrupting ongoing service quality. Having worked with top industry professionals in the US, the UK and Asia, our long-term relationships continue to help us help them help our clients within APAC budgets.
SFC Regulatory Updates
Clients may find our regular updates on SFC enforcement and regulatory updates in the usual place. We provide more detailed analysis there. Some highlights included below (expand for further details).
SFC Enforcement Consultation
The consultation on enforcement (Source; SFC) has highlighted that the SFC has felt constrained in its enforcement strategy to date. This is borne out by recent cases. Where licenced persons have breached guidelines but not specific statutory provisions, the SFC has been limited to bans and fines which provides no compensation for impacted parties. Section 213 (the SFC’s wider powers of injunctive relief) only applies to statutory offences, and this has been considered sub-optimal to achieving enforcement aims. We have witnessed through the SFC’s use of Section 300 (i.e. prohibition on the use of manipulating devices) in relation to overseas markets cases, that they have needed to broaden their approach for non-Hong Kong market behaviours; They have also needed to use fitness and properness criteria to fine and ban individuals to pursue perceived wrongdoing by market participants in overseas markets but remain unable to seek compensation due to jurisdictional limits. In some of the conspiracy/ramp and damp cases, they have also added anti-money laundering offences to provide for additional pressure and options for redress. The SFC are also looking at re-establishing the purest form of the offense of marketing professional investor funds to individuals without obtaining verification of professional investor status. If you remember the wind behind their sales was stolen in 2016. While extremely important for the industry to protect the retail community, there is a concern that an overly burdensome approach could impact the competitiveness of Hong Kong managers by placing a more difficult standard for them to maintain than would exist for banks or overseas managers, who either have access to the required information already, as they run accounts or can establish such status on the basis of reasonable belief under local requirements. The target for the legislative change is sometime next summer so this will become relevant soon. The progression and pace of change also reveals that the enforcement team continues to operate even while in transition of leadership as the consultation has arisen in the middle of the change in Directors. AIMA has collected thoughts and responded (members can access content there).
Appeals Tribunal Case and SFC focus on Market Sounding
A case of note, which was raised for consideration in the recent annual SFC forum is a Securities and Futures Appeals Tribunal in which the Tribunal upheld the suspension of the principal, CIO and RO of a firm, who had interrupted a discussion he was having with a broker about a potential block trade. The SFC determined that sufficient information was passed in the short conversation, to require the manager to deduce which company would be the subject of a proposed block trade. Expert witnesses were used on both sides, and it was determined that even though the broker had not completed the formality of the wall cross during the initial conversation with the buy side manager, that the information he was provided was sufficient to require him to restrict his own trading activity in the specific stocks. In the SFAT determination, Justice Hartmann said that, in the course of a conversation of the kind initiated by the broker, “a party being approached – a buy-side participant – has the obligation at all times to consider the nature of the material being imparted and whether the nature and extent of that information binds him or her to confidentiality.” The SFC had already telegraphed in earlier speeches (e.g. at ASIFMA conference in June: (Source: SFC)) that it was looking at market sounding but it appears following a market survey that they have found a potential imbalance on what the market believes to be generally acceptable and is seeking to address that imbalance. During the case, the SFC's expert witness referred to a thematic review on market abuse (Source: FCA) conducted by the UK FCA in 2015 which identified good practice and poor practices in this regard.
The key principle that the case indirectly establishes is the SFC adopts the idea, also often discussed/argued in other jurisdictions that parties who trade in regulated markets, "ought" to know, when they are in possession of inside information.
Interestingly, and perhaps indicative of the issues highlighted in the recent enforcement consultation, as the market concerned was Korea, the SFC used the General Principles and Fitness and Propriety criteria to thread a fine line to establish that while the applicants honesty and integrity was not in question, his actions did not meet their expectations of market fairness in that regard. While the case is useful to establish the SFC's stance on a number of matters, the finding seems somewhat reverse engineered. Market participants will certainly benefit from the clarity that will emerge as a result of an issue being tackled, where it might be said, that local market guidance was, to date, somewhat lacking.
US Relevant Matters
SEC Regulatory Notices
There is quite a bit of regulatory noise coming out of the US but the big regulatory issue that has blown up relates to unsanctioned communication channels and has far reaching consequences for firms in the industry. The shrapnel has hit almost every investment bank that is operating in our space, and the ripples are likely to impact every market. I would hesitate to congratulate the firms that were able to duck the case for fear that there is more to come.
See further below (expand for further details). These points may be relevant whether you have US investors or not.
Off channel communications
https://www.sec.gov/news/press-release/2022-174 The firms generally admitted the facts set forth in their respective SEC orders, acknowledged that their conduct violated recordkeeping provisions of the federal securities laws, agreed to pay combined penalties of more than $1.1 billion, and have begun implementing improvements to their compliance policies and procedures to settle these matters, including being required to appoint compliance advisers to review their policies and procedures with regards to appropriate record keeping. It demonstrates how important it is to have senior management delivering tone from the top on a particular matter, because if they are not acting in accordance with the requirements, then it is hard to push it down through the firm and out to the rest of the market.
Data Destruction Reminders
https://www.sec.gov/news/press-release/2022-168 Another fine notice worth considering relates to disposal of hardware and failing to take adequate steps to destroying what was on them before disposal. $35 Million Dollar Fine. A good reminder to ask your service providers what they are doing with decommissioned laptops and devices as part of your annual service provider or EDSP review.
https://www.sec.gov/news/press-release/2022-175 While regulators still argue over who is responsible for regulation and whether an issue/instrument is a security, they are monitoring and willing to censure individuals for failing to obtain licences or engage in deceptive practices on that basis. Maybe we should be referring to it as a yet to be formally regulated market.
Custody Rule Sweep Exam
https://www.sec.gov/news/press-release/2022-156 The interesting update here, is that private funds may avail of an exemption to most of the requirements, if they are deemed to have custody, where they ensure that the private funds are audited within 120 days of the year end. If the Fund Audit is not completed by the time of the submission of the ADV, which is 90 days after the financial year end, you can highlight that the report is not yet completed but you need to follow up after by updating the ADV when it has.
Hack and Burn
https://www.sec.gov/news/press-release/2022-145 Highlighting the importance of maintaining strong cybersecurity defence and the international co-operation on these matters, 18 Defendants charged for offences which occurred 2017-18, where they hacked into retail brokerage accounts and improperly used them to manipulate stocks (Lotus Bio-Technology Development Corp. and Good Gaming, Inc). The SEC appreciated “the assistance of the Financial Industry Regulatory Authority, the Alberta Securities Commission, the Australia Securities and Investments Commission, the British Columbia Securities Commission, the Calgary Police Service, the Cayman Islands Monetary Authority, the Dubai Financial Services Authority, the French Autorité des Marchés Financiers, the Hong Kong Securities and Futures Commission, the Mauritius Financial Services Commission, the Ontario Securities Commission, the Quebec Autorité des Marchés Financiers, the Royal Canadian Mounted Police, the Securities Commission of the Bahamas, the Sûreté du Québec, the Superintendencia del Mercado de Valores de la República Dominicana, the Swiss Financial Market Supervisory Authority, and the United Kingdom Financial Conduct Authority.”
It takes a community of connected persons to capture a community of wrongdoers.
Various regulatory updates from the SEC - It seems that an error of 404 has occurred.
https://www.sec.gov/news/press-release/2022-186 You may have wondered where a whole bunch of US rule-making that was being discussed in the previous 2 quarters but there appears to have been a technical glitch in the matrix covering about 11 difference requests for rule comment, the following being noteworthy for advisors; · Market Manipulation using Security Based Swaps, Position reporting on Security Based Swaps · Short Position and Short Activity Reporting by Institutional Managers · Cybersecurity and Risk Management · Private Fund Advisers, Document of Registered Investment Advisers Compliance Reviews · Enhancements of Standardised Climate Related Disclosures for Investors Comments will be accepted for a further period if they had not been successfully submitted earlier and commenters have been asked to check to confirm if their previous comments were successfully delivered. This will probably delay the ultimate rule publication. However, the one that I believe will be of greatest interest is the one relating to private fund reporting which was released in August.
Private Fund Reporting proposal.
https://www.sec.gov/news/press-release/2022-141 · Enhance Reporting by Large Hedge Fund Advisers on Qualifying Hedge Funds. The proposal would enhance how large hedge fund advisers report investment exposures, borrowing and counterparty exposure, market factor effects, currency exposure reporting, turnover, country and industry exposure, central clearing counterparty reporting, risk metrics, investment performance by strategy, portfolio correlation, portfolio liquidity, and financing liquidity to provide better insight into the operations and strategies of these funds and their advisers and improve data quality and comparability. · Enhance Reporting on Basic Information About Advisers and the Private Funds They Advise. The proposal would require additional basic information about advisers and the private funds they advise including identifying information, assets under management, withdrawal and redemption rights, gross asset value and net asset value, inflows and outflows, base currency, borrowings and types of creditors, fair value hierarchy, beneficial ownership, and fund performance to provide greater insight into private funds’ operations and strategies, assist in identifying trends, including those that could create systemic risk, improve data quality and comparability, and reduce reporting errors. · Enhance Reporting Concerning Hedge Funds. The proposal would require more detailed information about the investment strategies, counterparty exposures, and trading and clearing mechanisms employed by hedge funds, while also removing duplicative questions, to provide greater insight into hedge funds’ operations and strategies, assist in identifying trends, and improve data quality and comparability. While some of these changes will be implemented in the Form PF (Reporting for Registered Investment Advisers (RIAs)), some of the requirements will be applied to all qualifying managers (not just the ones that need to do Form PF). The Hedge Fund one may require all managers to submit standardised performance figures, and this might eclipse the consideration about the impact of the general changes in the marketing rules for Exempt Reporting Advisers. i.e. We note that the detailed marketing and advertising rules are applied to RIAs, which means a lot of the specifics on performance disclosure are not applicable. However, as the anti-fraud provisions apply to all advisers, the content of ERA marketing is likely to be considered using the new standards even though most of the new rules will not apply directly. The detailed rules are probably more aligned with the general anti-fraud provisions in either case. However, the hedge fund reporting proposal could make the distinction in application between RIA and ERA less relevant if all private fund managers need to submit standardised performance figures to the SEC in any case. One to keep on watch.
ACA October Update
ACA clients may refer to their quarterly update and various updates relating to these updates. You can request a download here. There are also some recent digests on Cyber and Reporting cycles available for your consideration.
US Marketing Rule Deadline - 4th November
Obviously the most important change that has been in discussion for the last 18 months is the shaking of the regulatory etch-a-sketch, that was previously a lattice shaped no action letter filled bible of dos and don'ts with regards to advertising and marketing. ACA are helping our RIA clients through the implementation of a clear rewrite of the rules covering solicitation and advertisements. In our view the new requirements seem to be consistent with ensuring clarity, fairness and balanced representation of historic performance (i.e. standards that we have lived with in Europe/UK/Hong Kong). Not rocket science, but we found a few resources to be particularly useful. For a technical run down of the core regulations, I found Aiken Gump's video series on the core marketing changes from the beginning of this year particularly useful but please find a link to their 30 day compliance plan which references that video series for your review https://www.akingump.com/en/news-insights/sec-marketing-rule-a-30-day-compliance-plan.html
Also take a listen to ACAs discussion with various industry practitioners (Episode 1 includes SEC staff and Carlo Di Florio from ACA Global getting into it on the practical impact) on the implications of the new rule. https://www.acaglobal.com/insights/new-sec-marketing-rule-master-class-podcast-released?utm_medium=social&utm_source=linkedin&utm_campaign=2022-08-02-marketing-rule-podcast. Although the SEC is not yet providing further guidance on this (as was hoped) they have indicated that they will be examining marketing in their upcoming exams so definitely one to focus on for those with US exposure. Clients should be well on their way to consider the implications for newsletters or updates to be published after the deadline. Get in touch if you are not yet there.
ESG Action Required - 20th November
Please find our previous discussion on the general approaches here. We have tried to pick on the core ideas to simplify the questions, but it is increasingly clear that such is an impossible task. If you are looking for assistance in achieving compliance with the requirements, or advanced disclosures, please request a call with our climate risk specialist partners. Dare I say that it is more important for the investment team to fundamentally wrap their heads around the investment, risk and the strategy propositions issues than ticking the box that is required, and though I try to resist tick box compliance, in this case, the box must be ticked, even in absence of complete or consistent data (or even consistent measuring sticks, for that matter). As compliance with the requirement depends on factors which will come into focus after the deadline, this is likely to be a key focus area for some time to come, but the key message to take away is that it is not just a simple compliance issue to resolve. It must be driven from the principals and their understanding of the matters at stake.
Cyber Awareness Month
A now annual event, ACA Aponix, provides a great summary of the scariest cybersecurity stories from 2022. Please do register here (Source: ACA Aponix) for a scare at bad time as Halloween approaches. ACA Aponix has many resources that you may consider, if not already being discussed with your current cybersecurity provider.
Please also refer to the Hong Kong Computer Emergency Response Team Security Bulletin (Source: Hong Kong CERT) for a summary of recent exposures. In line with our recommendations in our whitepaper, HKCERT published an incident response plan for SME's that is worth referring to when completing your own self assesment.
Recent regulatory action regarding notifications of material compliance matters hopefully focuses market participants on relevant reporting. Keep in mind that market volatility can create opportunity for turbulence, fraud and inadvertent failures, at a time that is least convenient, but this is the time, when it is most important to stay on top obligations. We are here to help.
CPT Deadline (detail on requirements available here) Less than 3 months to achieve the new broader CPT targets set by the SFC for 2022. Try to avoid leaving this to the last minute but let us know if you need help, as soon as possible.
We hope to have a chance to meet up in person over the coming months.
If you are not a client yet and would like to get in touch, please do not hesitate in reaching out below.