Please note that we provide links to external sites which were correct at the time of publication, but they may be updated. Cognitive GRC provides advisory services to regulated firms in Hong Kong on international requirements and works with various service partners to deliver these services. Firms should obtain specific advice relating to matters that we highlight here. This is neithe legal, accounting or investment advice.
What firms need to be thinking about as we move closer to 2024 from a GRC perspective
Please find an update on what we believe to be most relevant for our clients and what may be actionable over the close out of this year. Q4 is here, and we wonder where the year has gone. You can also refer to our separate updates on BRMQ 2024 and Digital Assets (coming soon).
Enforcement Summary
Another round of ramp and dump freezes, and prosecutions populate the list of enforcement cases, including illegal short selling and insider trading offences. A continued focus on sponsor obligations as well as senior management failings.
A lifetime ban for an RO for failure to maintain adequate financial resources and providing false and misleading information. One relatively small fine for failure to disclose relevant matters in a license application such as a prior refusal to obtain a license and a fine of HK1.3 million for failure to adequately monitor employee dealings.
Clients can refer to our summaries for the details which we will bring up in our usual annual training for staff.
SEC cases around unsanctioned communication channels, conflicts of interest and custody rules take the lead with dynamic issues being addressed by proposed rules/implemented requirements. See further discussion below where relevant to you. We cover the relevant cases in our annual training.
MLRO Updates
As usual, our team has produced the quarterly MLRO update with more detailed response options on the updated BRMQ questions being finalise for the season. We have discussed internally the relevant responses to the re-ordered section on AML. This is in addition to our general analysis of the latest BRMQ questions. Clients can choose to stay ahead of the inevitable post BRMQ phone-call from the case officer if they have not yet taken note of the new questions. Minor updates have already been incorporated into our procedural updates.
Specific Updates
A SFC reminder on cyber-health in September (See here Source SFC) should get people thinking about their regular review processes, but please refer to our update on operational resilience from this time last year, if you feel that you are already covered, as we help firms pre-empt potential risks across the operational risk universe. As you may be aware, we are working with a continuity and security expert to help firms do proper desktop reviews on a project basis and have successfully conducted such reviews on boutique managers in a useful manner. We don't want to just tick a box here as in the case of crisis management checklists need to be tested for effectiveness.
We also noted the update on streamlined Sophisticated Professional Investor processes and are not entirely clear how the update might impact single strategy asset managers. We don't believe the update was directed at independent managers, but are concerned with the unintended interpretations for investors who cannot satisfy the new sophisticated investor criteria.
Global Compliance Matters
The details of both US and European regulatory update are very well covered in AIMA's recently introduced AIMA Regulatory Horizon Scan (Source: AIMA -Non-Member Access) which is updated on a regular basis. As noted, it should not be the only source of your forward planning, but it is one of the best sources of up-to-date information on what firms should be considering as they peer into 2024. We have our own cognitive views those items, which we discuss below.
AIMA has now also produced a broader document on Regulatory issues called the Regulatory Almanac (Source: AIMA) for those of us interested in the broader regulatory change agenda.
You may also refer to reference ACA Group materials and/or your counsel for further discussions on US/European matters.
Please click the relevant chevron to see our thoughts on each line.
Climate Requirements (Global Consideration)
Hong Kong
It is a year since large Hong Kong ROOF managers needed to declare their position (August) and the anniversary for non-large ROOF managers is coming up soon. (November). [Reminder on Scope here[ Source SFC FAQ] It is time for a Hong Kong manager's governance team to reevaluate their stance on materiality and relevance, against their portfolio and performance.
US and Global implications
While there are still major differences in views on climate, we are moving forward on the basis that we need to be part of the solution. We covered the conundrums well last year (see our update on Climate Risk Management from August 2022). For a good summary of where on the fence the US sits and why this is a drag on progress, I would suggest you listening to industry peers at the SEC's own conference from summer, 2023 which clarifies the fundamental differences of approach in different jurisdictions.
Source SEC, May 2023, Emerging Trends in Asset Management. After about 33 minutes of intellectual self-stimulation on regulatory matters, there is an interesting discussion regarding the US stance (or lack of one) on Climate. It is a very good discussion on the different approaches and considerations.
Corporate Disclosure Standards
While we hoped that international agreements on accounting standards in Sustainability and Climate would resolve the key conundrums, we understand there are still some differences of opinions on whether disclosures should be purely on financial impact, environmental or both, so the dynamic debate on disclosure continues across the different jurisdictions. IFRS 1 and IFRS 2 were issued (Source: IFRS.Org) by the International Sustainability Board (ISSB) in June and were endorsed by IOSCO (Source IOSCO) in July. The US manager framework is continuing to lean toward investor led benefits, with a view to letting the market decide, while the European framework continues to broaden the stakeholder benefactors to the community at large.
Cognitive Climate Solutions
While there are still a few general matters under discussion, we have worked with the Red Links (Source: Red Links) consortium and Inflection Point Intelligence to produce online training "Climate 101 for Managers and Analysts" because the key to getting to an ongoing solution is ensuring that the people involved in the research and decision making, understand the fundamentals on where climate comes into the risk reward decision. It is not something that a control function like compliance or risk can determine until the investment team decide what they wish to achieve when it comes to climate strategy. Sure, there are metrics that can be used as a yardstick but ultimately the decision-making team will need to determine their own goal posts if they wish to harden their stance on climate. This training has been designed to get that team on the same page, regardless of the remaining uncertainties.
If you are interested in getting decision makers onto the same page, we invite you to consider getting them to take this course which covers the things that would interest them from an investment point of view and includes references to the various sources of information that can help. Find a link to our course update here (Group Rates available) or you can directly sign on to the course here.
Cayman Governance Standards
US Private Fund Rules (Managers of Private Funds)
US Form PF Event Reporting Guide (Registered Investment Advisers)
US Cyber Incident Reporting
US Fund Names Criteria
US Custody Rules
Fee Allocation and NAV Calculations Conflicts
Exempt Reporting Advisers (Offshore)
Record Keeping - Unapproved Record Keeping Channels
CSRC - Privacy Requirements
Use of Artificial Intelligence
While some are steaming ahead, like many new things that we are dealing with, often the old wisdom still applies. Unless the database that you are using only exists, in a ringfenced environment on your network, then putting anything into to that system will expose it to be used or accessed by others. Appropriate care is required. Don't put sensitive data into such systems. We are still looking at what this means for policy and procedures but are raising it as part of training.
General
We produced these summaries to make sure we are covering areas of concern. If you feel that you are covered on these topics, then we would assume that you are our clients, but if not, please do contact us. If there is anything you think is important, but we have not covered, please do reach out to your consultant or contact me directly at dmg@cognitivegrc.com.
Look out for updates on the Consultation on Market Sounding in Hong Kong, and Beneficial Ownership reporting from the US.
We are again taking part in Regulation Asia's annual Technology Awards providing us with access to the latest and greatest system solutions for Compliance matters that are being offered, keeping us up to date on the latest solutions.
Office
You may have noted that we have moved back to our old office in LKF Tower after our hiatus in Sheung Wan.
Training
Please note the addition of online Climate training produced with Red Links and the updates to AML training in respect of digital assets if you have a chance. We have provided a youtube update here.
The team and I are looking forward to continuing to support you.