Stepping-Up Individual Accountability with the SFC’s New the Manager-in-Charge Regime
On December 16, 2016, the Securities and Futures Commission (“SFC”) issued a circular (“MIC Circular”) introducing a Manager-In-Charge regime (“MIC Regime”). The MIC Regime holds individual senior managers of firms licensed by the SFC to account for compliance with regulatory standards. It requires certain senior managers to be identified as managers-in-charge ("MICs") and certain MICs to be licensed and approved as responsible officers ("ROs"). It further mandates the provision of notifications to the SFC identifying the MICs and their reporting lines. The new MIC Regime signals a greater level of personal liability for senior managers at licensed firms, even those senior managers who are not licensed by the SFC. In this article, we provide an overview of the MIC Regime, provide context for individual liability and make some suggestions as to how to manage this liability.
At a high level, the MIC Regime imposes 3 requirements, namely (i) a requirement for certain senior executives to be licensed and approved as ROs, (ii) a requirement for certain senior executives to be identified as MICs of prescribed core functions (“Core Functions”), and (iii) a requirement for information relating to corporate governance with specific reference to the MICs to be provided to the SFC.
MICs who fail to meet regulatory standards may be subject to disciplinary action, even if they are not licensed by the SFC.
At a macro level, the MIC Regime is not surprising given the broader overall trend of imposing personal liability on individuals. This trend is most obvious in SFC enforcement action against officers of listed companies engaged in malfeasance but there is evidence of increasing SFC enforcement action against ROs for supervisory failures. It is equally significant to note that the SFC has publicly stated that individual accountability is an enforcement priority.
Though there is no reason to believe that the MIC Regime will, in the short-term, result in frequent enforcement action against individual MICs, the fact that the SFC is now more readily taking enforcement action against ROs for supervisory failures suggests a willingness to sanction individuals who are not complicit in wrongdoing but are, in essence, merely negligent in the discharge of their oversight responsibilities. In this regard, it is significant to note that until recently, it has been rare in the almost 15 years since the RO regime was introduced in 2003 for the SFC to discipline an RO who was not complicit in wrongdoing.
Perhaps significantly, the SFC introduced the MIC Regime not on the basis of its statutory power to license persons performing functions “relating” to a regulated activity but on the basis of its power to discipline persons involved in the management of the business of a licensed corporation. It may well be that there were administrative concerns in extending the historical exercise of the SFC’s licensing power to include senior executives in the back and middle office as such an exercise might raise difficult questions as to why others in the back and middle office might not need to be licensed. Nevertheless, the specific reliance on disciplinary powers in introducing the MIC Regime suggests that non-compliance with regulatory standards will not only be a matter concerning a licensed firm but also those of its senior executives who may have failed to cause the firm to meet those standards.
The MIC Regime requires each licensed corporation to appoint at least 1 individual as the MIC for each of the 8 Core Functions, namely:
- overall management oversight,
- key business line,
- operational control and review,
- risk management,
- finance and accounting,
- information technology,
- compliance, and
- anti-money laundering and counter-terrorist financing.
The SFC permits more than 1 individual to be appointed as an MIC for a specific Core Function. The SFC does not require an MIC to be an employee though an MIC cannot be an external service provider. Thus, for example, it is possible in the case of the compliance function of a global firm to appoint either or both the local and global heads of compliance as the MICs for that function but it would not be possible to appoint an external compliance consultancy.
In identifying the MIC for a key business line, the SFC gives each licensed corporation the flexibility to define the scope of a key business line. For example, in an asset management firm, there could be separate key business lines for portfolio management, trading and marketing or there could be a single front office business line.
The SFC requires that an MIC have real decision making authority but does not set specific eligibility requirements for MICs save to require that MICs be “fit and proper”. As a result, it is not clear, for example, what information technology experience and credentials, if any, may be required of an MIC for the information technology function. It appears that this is a judgment call to be made by management as a whole.
Whilst the MIC Circular sets out general scope of duties of the MIC of each core function, there are no specific guidelines. As a result, the minimum standard of conduct is left to general principles.
The MIC Regime mandates that MICs responsible for overall management oversight and for each key business line be approved as ROs. This requirement may be problematic, particularly if the SFC will expect that the MIC with overall management oversight responsibility of a firm be approved as a responsible officer for each regulated activity undertaken by that firm because it may happen that the individual will not be able to meet competency requirements set by the SFC for all of the regulated activities of the firm.
Notification to SFC
Each licensed corporation must notify the identity of MICs to the SFC but no prior approval from the SFC is required for specific MICs. In tandem, each licensed corporation must provide a corporate organizational chart showing the reporting lines of the MICs for each of the Core Functions.
As part of the transitional period, the SFC expects every licensed corporation to provide requisite notifications to it no later than July 17, 2017.
While MICs do not face jail time for failures in relation to their duties as an MIC (unless those failures also amount to a criminal offence under existing legislation), MICs may be publicly reprimanded or fined. The consequence of a reprimand on an MIC are unclear. It may well be that such reprimands will have significant career consequences.
MICs may wish to consider the following steps to manage this liability:
- Directors and Officers Liability Insurance (“D&O Insurance”)– Care should be taken to ensure that coverage provides for advancement of defence costs and that coverage can be enforced by the MIC. MICs should be cognizant that, as a result of the operation of Hong Kong legal principles, D&O coverage may not respond to regulatory fines notwithstanding that many policies contain specific language suggesting coverage for such fines.
- Independent Legal Advice – MICs may wish to obtain independent legal advice as necessary to ensure they are able to comply with regulatory expectations. In this regard, MICs should be aware that legal advice obtained by a licensed firm normally belongs to that firm and in the event of a breakdown in relations between an MIC and his employing firm, the MIC may no longer have access to such advice should it be required for defensive purposes.
- Collective Board Action – The SFC recognizes the continued supremacy of the board of directors but the board is not per se an MIC. Collective decisions of the board do not seem to be subject to scrutiny under the MIC Regime. MICs, particularly those with overall management oversight responsibility, may therefore consider whether it would be apt for the board to make certain decisions so that such decisions cannot be challenged by the SFC under the MIC Regime. For example, it may well be that a board decision to hire an MIC for a particular Core Function is beyond question whereas such a decision by the CEO, as the MIC with overall management oversight responsibility, may subject the CEO to scrutiny by the SFC.
- Delineation of Responsibilities – MICs should have a clear understanding of the scope of their responsibility. This may require a clear job description outlining responsibilities and authority to make sure that there are no gaps between responsibilities of MICs of different Core Functions. In practice, this would seem to also require regular and perhaps documented discussion between MICs given that many Core Functions overlap. For example, in the event that there is a system failure where client monies are transferred without client’s authority, it may be unclear whether responsibility would lie with the MIC for compliance, information technology, operational control and review, that key business line or overall management oversight.
- Documenting Standards – MICs may wish to consider producing written procedures governing the operation of the Core Function for which they serve as MIC so as to provide evidence of the presence of procedures for regulatory compliance. However, care must be taken not to set standards too high in such procedures as this may set an unnecessarily high regulatory standard by which the MIC’s conduct may be measured.
Changes in MICs
It is not clear whether the SFC will allow for a grace period to find a replacement in the event that an MIC’s employment ceases. In the meantime, firms may wish to consider whether it is necessary to increase notice periods for termination of employment relationships with MICs or whether it may be desirable to have multiple MICs for each Core Function to provide redundancy in the event of a resignation.
About the Firm
Founded in 2004, Timothy Loh LLP is an internationally recognized Hong Kong law firm focused on mergers & acquisitions, litigation and general financial markets and financial services matters. The firm is a leader in banking, financial regulation, corporate finance, capital markets and investment funds as measured by its rankings and those of its lawyers in leading independent editorial publications. The firm routinely acts for Fortune Global 500 companies. For more information, visit www.timothyloh.com.