October Regulatory Roundup Hong Kong - GRC Planning 2023

Cognitive GRC provides services mainly to regulated firms in Hong Kong that provide services to institutional and professional investors only. We work with international service providers to deliver a global service for firms located in Hong Kong. The following topics are raised as part of regular updates we provide to our clients during the year to assist with business planning and should not be considered legal advice. We work with leading service providers to deliver holistic solutions in areas where we have developed unique symbiotic relationships but please note that some of the content below links to other websites and we are not responsible for the content or security of those external sites. Please contact your adviser in relation to any matters raised in this discussion and obtain legal advice where necessary.


Quarter 3 Updates/Year end planning

2023 is approaching rapidly and there is not much time left in the day after dealing with market stresses to keep on top of the operational ones, but please find an extract of our quarterly client newsletter for a roundup of items for consideration as the year end approaches.


At the beginning of the last quarter, Cognitive GRC prepared a kitchen sink white paper on operational resilience which you might incorporate into an annual governance review to record your consideration of key issues that you might have not yet incorporated into your risk universe. Clients may refer to our client information portal (datasite) or you can simply request a copy of those resources here. We also discussed the key issues during a panel on Corporate Bouncebackability at AIMA’s APAC Annual Forum back in September.


We also saw the launch of AIMA’s Hong Kong vision paper (Source: AIMA) in July providing a balance to the negative sentiment and reconfirming Hong Kong’s value, notwithstanding the recent exodus(es). We are starting to see more positive signs around Hong Kong’s bouncebackability with progressively positive announcements arriving by the day. We look forward to seeing this positive trend continue.


Service Offerings

E-Learning: Please find a 6-minute introduction to the content of our recently produced core compliance e-learning here on our YouTube channel to showcase what we can design or make available for clients in online training. Our team has been working with converting our training content onto quality online versions and making them available to our clients.


Project Services: Website. Developing a trusted bench of service partners takes a lifetime. See our project consulting site for further guidance on how we ensure we have access to the right resources for the larger projects that we work on, without disrupting ongoing service quality. Having worked with top industry professionals in the US, the UK and Asia, our long-term relationships continue to help us help them help our clients within APAC budgets.


SFC Regulatory Updates

Clients may find our regular updates on SFC enforcement and regulatory updates in the usual place. We provide more detailed analysis there. Some highlights included below (expand for further details).

SFC Enforcement Consultation

Appeals Tribunal Case and SFC focus on Market Sounding


US Relevant Matters

SEC Regulatory Notices

There is quite a bit of regulatory noise coming out of the US but the big regulatory issue that has blown up relates to unsanctioned communication channels and has far reaching consequences for firms in the industry. The shrapnel has hit almost every investment bank that is operating in our space, and the ripples are likely to impact every market. I would hesitate to congratulate the firms that were able to duck the case for fear that there is more to come.


See further below (expand for further details). These points may be relevant whether you have US investors or not.

Off channel communications

Data Destruction Reminders

Crypto-Manipulation

Custody Rule Sweep Exam

Hack and Burn

Various regulatory updates from the SEC - It seems that an error of 404 has occurred.

Private Fund Reporting proposal.

ACA October Update

ACA clients may refer to their quarterly update and various updates relating to these updates. You can request a download here. There are also some recent digests on Cyber and Reporting cycles available for your consideration.


US Marketing Rule Deadline - 4th November

Obviously the most important change that has been in discussion for the last 18 months is the shaking of the regulatory etch-a-sketch, that was previously a lattice shaped no action letter filled bible of dos and don'ts with regards to advertising and marketing. ACA are helping our RIA clients through the implementation of a clear rewrite of the rules covering solicitation and advertisements. In our view the new requirements seem to be consistent with ensuring clarity, fairness and balanced representation of historic performance (i.e. standards that we have lived with in Europe/UK/Hong Kong). Not rocket science, but we found a few resources to be particularly useful. For a technical run down of the core regulations, I found Aiken Gump's video series on the core marketing changes from the beginning of this year particularly useful but please find a link to their 30 day compliance plan which references that video series for your review https://www.akingump.com/en/news-insights/sec-marketing-rule-a-30-day-compliance-plan.html


Also take a listen to ACAs discussion with various industry practitioners (Episode 1 includes SEC staff and Carlo Di Florio from ACA Global getting into it on the practical impact) on the implications of the new rule. https://www.acaglobal.com/insights/new-sec-marketing-rule-master-class-podcast-released?utm_medium=social&utm_source=linkedin&utm_campaign=2022-08-02-marketing-rule-podcast. Although the SEC is not yet providing further guidance on this (as was hoped) they have indicated that they will be examining marketing in their upcoming exams so definitely one to focus on for those with US exposure. Clients should be well on their way to consider the implications for newsletters or updates to be published after the deadline. Get in touch if you are not yet there.


ESG Action Required - 20th November

Please find our previous discussion on the general approaches here. We have tried to pick on the core ideas to simplify the questions, but it is increasingly clear that such is an impossible task. If you are looking for assistance in achieving compliance with the requirements, or advanced disclosures, please request a call with our climate risk specialist partners. Dare I say that it is more important for the investment team to fundamentally wrap their heads around the investment, risk and the strategy propositions issues than ticking the box that is required, and though I try to resist tick box compliance, in this case, the box must be ticked, even in absence of complete or consistent data (or even consistent measuring sticks, for that matter). As compliance with the requirement depends on factors which will come into focus after the deadline, this is likely to be a key focus area for some time to come, but the key message to take away is that it is not just a simple compliance issue to resolve. It must be driven from the principals and their understanding of the matters at stake.


Cyber Awareness Month

A now annual event, ACA Aponix, provides a great summary of the scariest cybersecurity stories from 2022. Please do register here (Source: ACA Aponix) for a scare at bad time as Halloween approaches. ACA Aponix has many resources that you may consider, if not already being discussed with your current cybersecurity provider.


Please also refer to the Hong Kong Computer Emergency Response Team Security Bulletin (Source: Hong Kong CERT) for a summary of recent exposures. In line with our recommendations in our whitepaper, HKCERT published an incident response plan for SME's that is worth referring to when completing your own self assesment.


Final Points

Recent regulatory action regarding notifications of material compliance matters hopefully focuses market participants on relevant reporting. Keep in mind that market volatility can create opportunity for turbulence, fraud and inadvertent failures, at a time that is least convenient, but this is the time, when it is most important to stay on top obligations. We are here to help.


CPT Deadline (detail on requirements available here) Less than 3 months to achieve the new broader CPT targets set by the SFC for 2022. Try to avoid leaving this to the last minute but let us know if you need help, as soon as possible.


We hope to have a chance to meet up in person over the coming months.


If you are not a client yet and would like to get in touch, please do not hesitate in reaching out below.