The SFC published its Consultation Conclusion on the “Proposed Enhancements to the Competency Framework for Intermediaries and Individual Practitioners” on 18 June 2021. The resulting Revised Guidelines on Competence, Guidelines on Continuous Professional Training and Fit and Proper Guidelines will become effective on 1 January 2022. In addition to highlighting the changes on competence requirements and the material changes to the continuing professional training regime, we have taken a good hard look at what these changes are likely to mean for running a regulated business in compliance with these requirements.
BASIC LEVEL COMPETENCE REQUIREMENTS
In summary, the SFC raises the bar for basic requirements on minimum standards to more than just passing English/Chinese and Maths but increases the types of alternative qualifications that can be used.
CONTINUOUS PROFESSIONAL TRAINING (“CPT”) REQUIREMENTS AND OTHER MATTERS RELATING TO TRAINING FOR SFC FIRMS
Changes to annual CPT hours for 2022 onwards (Click on arrows to expand)
In addition, the SFC has implemented changes on CPT requirements for Type 6 (Sponsors and Take Over Advisers) LRs and ROs.
IMPLICATIONS OF THE CHANGES ON TOP OF THE DIRECTION OF TRAVEL ON TRAINING
Ethics (arguably the basis of compliance) is defined to include topics around SFC general principles (i.e., integrity, fairness, objectivity, conflicts avoidance, acting in best interests), whereas Compliance extends into specific codes, firm policies, and professional standards.
Cognitive GRC has been developing ways Firms can enhance training to reinforce policy awareness and prepare for these increased requirements. As part of initial license applications Firms are now also required to confirm:
· Whether they have policy and procedures to ensure that adequate training is suitable for the specific duties that staff perform both initially and on an ongoing basis.
· Whether the staff possess or acquire appropriate and practical experience through on the job training and where appropriate, structured courses.
Specifically in the Corporate Governance section of Questionnaire A[1] for new applicants, the SFC ask applicants to confirm that they have adequate training suitable for the specific duties that staff members perform and that they confirm that it will be provided both initially and on an ongoing basis.
The relatively new annual Business Risk Management Questionnaire (BRMQ) has two important questions that suggest this widened expectation is supported.
Section A2 - Question 3
“Please indicate the means adopted by the Licensed Corporation to keep its Managers-In-Charge and Responsible Officers updated with the latest business and compliance knowledge and information that have impact on their respective areas of responsibility, such as development of applicable legal and regulatory requirements, and risks and challenges that affect or will affect the business.”
Section A2 - Question 4
“Does the Licensed Corporation offer any training to its staff carrying out the following functions to ensure that they possess adequate and up-to-date business and compliance knowledge for fulfilling their responsibilities?
(a) Sales and dealing
(b) Settlement
(c) Risk Management
(d) Compliance
(e) Internal Audit
(f) Finance and Accounting
(g) Anti-Money Laundering
(h) Information Technology
While Firms of every size source knowledge from updates such as those that companies like ourselves provide on a regular basis, the implications indicate a paradigm shift to one that requires a greater emphasis on the overall training provided on specific duties. It is a very subtle distinction which we wanted to highlight because taken together we believe Firms need to be much better at delivering (or at least making available) focused training to their broader teams, on deeper issues regardless of size. It is probably even more important for smaller firms with an absence of dedicated human resource to take care of training plans.
CEOs, OMOs, indeed, ROs need to make sure that they are giving their team sufficient resources to do their jobs and Manager(s)-in-Charge (MICs) need to highlight when they need directed training within their own role. For example, if you are MIC for Information Technology, you should consider regular cyber training in addition to the standard training provided to staff on ensuring security standards are met. If you are the Money Laundering Reporting Officer, you should consider more focused training on onboarding than the annual update training provided by you or your service providers to all staff etc.
SO, WHAT CAN FIRMS DO?
At least annually, all Firms should consider whether training needs are being met. Just ticking the box that CPT numbers have been achieved is not going to achieve that objective. MICs and other non-licensed staff need to be provided with regular refresher training within their areas of expertise. Training needs to be designed in accordance with Firms’ unique operational set up to ensure that staff are provided with the practical understanding of the Firm’s unique characteristics.
Ensuring employees are provided with relevant and practical training on how Firms’ operations work is a key element in being able to state that the Firm has taken all reasonable precautions to prevent operational loss/errors. Indeed, we are aware that regulators will ask about the specific training that was provided to users on systems/processes when reviewing trading or operational errors. Therefore, it is key that Firms ensure that appropriate training is delivered on specific implementation of systems.
It is important to shift the mind/ (disrupt the apparent status quo) and move away from the minimum viable effort mentality to training and competence. Firms that do well, consider the risks they are trying to mitigate when providing a training programme and adopt one that is fit for the purpose of mitigating it. This requires a bit of management consideration at the governance and risk level. A little bit of effort here is going to significantly improve a business’ ability to meet objectives.
At a basic level, Firms need to consider training and implementation needs as part of their governance process and ensure that the HR Lead/Department Head/COO is not just chasing up on how staff are meeting CPT targets as the end of the year approaches as that is not likely to survive as a passable strategy anymore.
At a higher level, Cognitive GRC suggests clients implement a dynamic training policy and programme. From our experience, we do see that Firms which adopt more considered training programmes incorporating both regulatory requirements and personal development do better.
There are many in in-person/online/hybrid programmes available that cover topics like Compliance and Ethics, (for example, Cognitive GRC participate in delivering the Henley Hedge Fund Course which allows for stand-alone trainings on both Ethics and Compliance amongst other relevant topics). Also, we have already developed and made Asia relevant content available on online platforms and we have many more topics which we are preparing for launch. The whole market for learning has been changed by the recent pandemic and it is become much more possible to structure and track the training needs and obligations with existing cost-effective systems that sit along the old classroom style update programmes. Individuals will need standardised training, interactive training and bespoke one on one training to achieve the objectives, and this is now made possible with a little bit of planning.
INSERT ANECDOTE HERE!
We often hear the argument that people are too busy to do time management training and don’t have enough resources to take the time to do resource planning. Well, there is no time like the present to mention the 8 Ps (Proper Planning Preparation Practice Prevents....Poor Performance) Management at both large and small Firms need to change mentality when there are so many online resources now available to help in that regard. There is no time to Procrastinate (No. 9?) in this regard.
Online learning content on wider range of training skills is now more available than ever before. A decent well thought out training policy will incorporate regulatory knowledge, soft skills, team building, relevant systems and on the job one-to-one training sessions designed for each key role.
We are already providing updates to manuals and policies for the basic changes to the requirements and have created content for online training but please speak with your consultant about options around enhancing your cognition and development programme to prepare for the next level. The first step is to look at your needs, what can be delivered as a group, and what needs to be tailored to your particular risk profile. This last element may take some time to prepare for and therefore the earlier the overall approach is considered, the less difficult it will be to hit the annual targets.
Clients may refer to our collateral library for an updated optimal training policy and programme for 2022, but please do put some time aside to consider and plan for 2022 and yes, it probably will also need some budget, however, a planned spend is often less costly than a hasty one.
Clients will receive a more detailed version of this note as part of our regular updates. Enjoy your planning. Please contact your regular contacts for further support.
[1]Note: New Questionnaires were introduced at the beginning of 2019 requesting new Firms to confirm certain items like training and development. In practice, saying no is unlikely to be accepted as an option and therefore new standards are evolving. Legislation by questionnaire.