Lessons for Regulated Firms From The SFC's Recent Inspections
A report produced by the SFC setting out its findings in recent theme inspections of licensed corporations provides the latest insight into the SFC’s evolving expectations for licensing corporations and registered institutions. In this article, we explore the key lessons learned.
In October, 2012, the Securities and Futures Commission (“SFC”) published its “Report on the Thematic Inspection of Selling Practices of Licensed Corporations” (“Selling Practices Report”) which highlighted deficiencies in policies and procedures of licensed corporations inspected by the SFC. The report itself, together with recent enforcement actions by the SFC against several “big name” licensed corporations and the previous “mystery shopper” survey carried out in 2010, continue to highlight a trend on the part of the SFC towards more aggressive enforcement action and a stricter and more burdensome interpretation of requirements under the Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission (“Code”).
This trend underlines the need for licensed corporations to raise their standards. Generic compliance policies which merely regurgitate regulatory requirements but which do not provide clear guidance on how to comply with such requirements are likely to fall short of the required standard.
Under the Code, licensed corporations and registered institutions should have in place measures to ensure compliance with regulatory requirements.
In its Selling Practices Report, the SFC identified a number of problems with compliance monitoring programmes at firms it inspected. In one case, compliance monitoring had simply stopped due to a lack of resources. In another case, there were insufficient controls to ensure that information required to be collected from clients had in fact been collected. The absence of such controls resulted in missing or inconsistent details in client account opening forms and updates to client profiles. In a third case, there were no pre- or post-trade reviews to ensure that guidelines regarding the types of products that were suitable for clients with different risk profiles were followed by sales staff when making investment recommendations.
Regulated firms may consider the following to strengthen their compliance monitoring programmes:
- Checklists - Use checklists to ensure that (i) all necessary information is obtained from a client when an account is opened, (ii) client profiles are periodically updated, and (iii) suitability assessments are properly carried out before or after a trade as part of a systematic process.
- Exception Reporting - Require staff who perform compliance monitoring to report any exceptions or issues identified directly to the compliance function and senior management of the licensed corporation.
- Enforcement Action - Establish a system to penalize breaches of policies and procedures and to communicate to staff that non-compliant behaviour is unacceptable.
- Periodic Self-Examination - Establish a programme for periodic review of the adequacy and effectiveness of controls and procedures and the follow-up of deficiencies identified. In this regard, the SFC has previously advised licensed corporations to conduct a formal self examination of their procedures on suitability obligations and for management to review such self-examinations to ensure that established controls and procedures are operating effectively. The Selling Practices Report noted that some licensed corporations had still not carried out such self examinations, whereas other licensed corporations had not properly documented the self examination results, the review by the management or the follow-up actions taken.
Under the Code, a licensed or registered person should ensure that it has adequate resources to supervise diligently persons employed by it to conduct business on its behalf. The Code does not prescribe minimum resources a firm must have to supervise its regulated activities. However, in its Selling Practices Report, the SFC identified a situation where a responsible officer was responsible for directly supervising the selling activities of over 70 sales staff and the responsible officer failed to identify transactions involving a risk mismatch. This failure was potentially attributable to the inability of a single responsible officer to exercise effective supervision over such a large number of sales staff. As a result, although securities legislation only requires a minimum of 2 responsible officers, regulated firms should consider whether they have a sufficient number of responsible officers to supervise their regulated activities.
Written Policies and Procedures
The Code requires licensed and registered firms to have in place measures to ensure compliance with regulatory requirements. As a result, licensed corporations and registered institutions should generally have in place a written compliance manual. The Selling Practices Report highlighted a core problem with many generic compliance manuals on the market today, namely that they rehearse regulatory requirements but offer no specific guidance to staff.
The Selling Practices Report suggests the following:
- Guidance on Documenting the Rationale for Investment Recommendations - Regulated firms should provide guidance to sales staff in respect of documenting the rationale underlying the investment recommendations made to clients.
- Guidance on Conducting Suitability Assessments - Regulated firms should provide guidelines on how to conduct suitability assessments based on the overall risks of a client’s portfolio. This will help to ensure uniformity of standards, thereby in turn helping to ensure that the level of risk of every transaction is suitable for a client.
The Code requires licensed and registered firms to have in place measures to ensure compliance with regulatory requirements. These measures will almost invariably include training. The Selling Practices Report suggested room for improvement on this front.
In one case, a lack of training potentially led to an incorrect understanding of a product recommended by a member of sales staff. Due to a lack of training, the sales staff who had recommended the product to his clients believed that the product had a low liquidity risk, whereas the prospectus actually disclosed that the product was not suitable for an investor that required liquidity.
In another case, the firm did not make new product training compulsory for sales staff responsible for distributing a new product. As a result, attendance at weekly training was below 40 per cent., with some sales staff not attending any training in a 12 month period.
In a third case, the firm kept no records of the frequency and type of training provided nor staff’s attendance, with the result that the licensed corporation was unable to demonstrate the adequacy of the training it had provided.
These findings suggest the following protocols:
- Mandatory Training - Firms should train staff both initially and on an ongoing basis appropriate to the specific duties such staff undertake. For sales staff, training should include (i) training on the nature, terms, risk profile and characteristics of products offered as well as (ii) training on applicable regulatory requirements, to reinforce basic principles and concepts, and to provide updates on regulatory changes and developments.
- Training Records - Firms should monitor and keep records of training provided together with the attendance of staff at such training.
It is common in smaller firms for one individual to hold multiple roles due to the lack of personnel available. Indeed, the Selling Practices Report identified a situation where a sales team head was allowed to approve the suitability of his own client’s transactions and was delegated the authority to review and approve client orders submitted by his team members. As the individual earned commission generated from such transactions, the arrangements potentially impaired the independence of the suitability review and there were no safeguards or procedures to address the potential conflict of interests.
Given the tone of the Selling Practices Report, it is doubtful whether smaller firms can ignore the imperative to segregate and it is almost undoubtedly the case that larger firms must segregate the suitability assessment process from the sales process.
The Code requires licensed and registered persons (i) to ensure the suitability of their recommendations or solicitations to clients, (ii) to assure itself that clients understand the nature and risks of derivatives and have sufficient net worth to bear the potential losses of trading in derivatives, and (iii) to assess each client’s knowledge of derivatives. To comply with the suitability obligations imposed on them, licensed and registered firms should have in place an effective process to assess whether the risk return profile of an investment product matches the personal circumstances of a client.
Know Your Client
Licensed corporations and registered institutions must obtain such information as is necessary to understand their client’s personal circumstances and to ensure that any investment advice or recommendation is suitable for the client. Firms must be in a position to consider the client’s financial situation, investment experience, investment knowledge, investment horizon, risk tolerance and, where appropriate, capacity to make regular contributions and meet extra collateral requirements.
The Selling Practices Report identified an instance where a licensed corporation asked its clients to simply pick a risk tolerance category from a number of options given in the account opening form. However, there were no explanations for the risks represented by each category and no descriptions outlining the common traits of individuals in the different risk tolerance categories. As a result, it was possible that the client and the licensed corporation had different interpretations of the level of risk a particular category represented.
In another case, a risk-profiling questionnaire asked a number of questions, but the resulting risk tolerance category was effectively determined by the answer to just one question relating to the client’s investment experience in different types of investments. The result was that a client could obtain a high risk score from this question even if they had no experience in trading structured products and derivatives.
The Selling Practices Report suggests that regulated firms adopt the following measures:
- Guidance on Risk Categories - Establish clear and comprehensive descriptions of risk categories so that clients and staff at the firm share a common understanding of each risk category.
- Client Due Diligence - Establish a sufficiently broad base of knowledge for each client to enable an assessment of the client’s investment profile based on a comprehensive understanding of the client’s investment objectives, investment experience and financial situation.
- Client Acknowledgement of Risk Profile - Require clients to sign and acknowledge the risk profiling results and provide clients with a copy of the signed document for their records.
- Annual Client Confirmation of Risk Profile - Send an annual letter to clients requesting them to confirm their risk profile. If there have been any changes in a client’s risk appetite or investment objectives, or if they do not agree with the assessed risk tolerance level, the client should be required to contact a designated member of staff to update their risk profile.
The Selling Practices Report cast doubt on the appropriateness of a regulated firm relying upon a client’s declaration that they have attended training or have prior trading or working experience with derivatives to establish the client’s knowledge of derivatives. Accordingly, regulated firms should make appropriate enquiries and gather relevant information to arrive at an independent determination.
Product Due Diligence
Regulated firms should have controls in place to ensure that their sales staff do not recommend products which they do not understand. Based on the Selling Practices Report, firms may wish to consider the following:
- Independent Due Diligence - Obtain a thorough understanding of products offered by performing adequate product due diligence. Simply reviewing the reputation, track record and financial standing of a fund house may not be sufficient if there is a lack of understanding regarding the features and risks of the individual products offered by such fund houses. Similarly, relying on the information available on a particular fund platform may not be sufficient if such information is limited in nature. Even where a fund is authorized by the SFC, such product due diligence is still necessary. The use of risk ratings may be appropriate, but a firm should not simply adopt a published risk rating without taking into account its own due diligence on the product. A firm should arrive at its own risk assessment of a product to use in the suitability determination process.
- Documenting Due Diligence - Ensure that adequate documentation is kept in respect of due diligence conducted to evidence compliance with suitability obligations. If records are not kept of the verification work carried out, the enquiries that were made in respect of the product and the basis on which the product is considered suitable for clients with different risk profiles, it will be difficult for the firm to demonstrate the discharge of its duties. In this regard, firms should consider setting out in detail the aspects of each product they consider make the product suitable for different risk categories of investors and providing clear guidance to sales staff in that regard. For example, the internal guidance for a high risk structured product may state that it would only be suitable for clients with a high risk tolerance level and who have a specific view regarding the market of the underlying asset.
The Selling Practices Report noted that regulated firms cannot assume that funds are not derivatives. Funds which use derivatives must be treated as derivative products.
The Selling Practices Report underlines the need for regulated firms to take into account all the relevant facts, including each client’s individual circumstances, in determining suitability. The SFC report identified one case where the firm failed to account for the investment horizon of an elderly client. In another case, a firm adopted a policy whereby all investment grade bonds were considered suitable for all clients despite the fact that such bonds could vary substantially as regards their features or structures. In a third case, a firm failed to consider concentration risk and did not take into account the type of investments already held by a client.
Licensed corporations and registered institutions should ensure that they prepare and keep adequate documentation to demonstrate the underlying rationale of any investment recommendation made to a client. If a regulated firm fails to create and keep appropriate documentation, it may not be able to demonstrate why the recommendations were considered suitable for a particular client given that client’s personal circumstances.
The Selling Practices Report identified a situation where a client with a balanced risk profile was recommended an aggressive fund which invested in derivatives such as futures. The retained documentation indicated that the client wanted to have a “more diversified and safer portfolio”, but did not demonstrate why the chosen product would achieve that for the client.
If sales staff keep personal notes but do not incorporate these into the firm’s official documents, the documentation of the licensed corporation is likely to be incomplete.
The Code provides that a client agreement of a licensed and registered person should not operate to remove, exclude or restrict any rights of a client or obligations of the licensed or registered person under the law. At the same time, it provides that licensed and registered persons should act honestly, fairly and in the best interests of clients and the integrity of the market.
In its Selling Practices Report, the SFC suggests that the use of disclaimers and other language to restrict the operation of investor protection measures under the Code may constitute a breach of the Code. Examples of language identified by the SFC as falling afoul of the Code include:
- A client agreement which provided that a licensed corporation was not required to forward to the client documents received by it in respect of the client’s investments.
- A client agreement which placed the obligation on the client to obtain copies of offering documents before submitting a subscription application.
- A declaration which attempted to circumvent the suitability requirements by requiring the client to acknowledge and agree that the licensed corporation was not responsible for reviewing and assessing whether particular products were suitable for the client.
- A declaration that required the client to confirm that in respect of a high risk product recommended to them, they received no recommendation and purchased the product on their own initiative.
- A declaration where a single choice encompassed a number of different issues which were not linked. The client was required to confirm that they had either received, or had not received, advice from the licensed corporation, but if the client confirmed the latter, they also had to confirm that they had made the investment decision at their own volition, had read and understood all relevant product literature and were competent to judge the suitability of the product.
Whilst it must undoubtedly be true that regulated firms cannot contract out of the regulatory requirements applicable to them in dealing with clients and should not ask or require clients to make false declarations to facilitate compliance with regulatory requirements, it is doubtful whether the Selling Practices Report goes further to restrict how regulated firms structure their dealings with clients.
Disclosure of Monetary Benefits
Under the Code, licensed corporations and registered institutions must disclose details of the monetary and non-monetary benefits received or receivable by them, prior to or at the point of sale. The Selling Practices Report clarified the requirements as follows:
- Full Disclosure of Rebates - It is insufficient to disclose only charges payable by clients. Where a licensed corporation received rebates from a product provider, it is under a duty to disclose such rebates.
- Disclosure of Actual Rebates - A regulated firm should disclose actual rebates receivable rather than the highest possible level of rebate receivable.
Professional Investor Verification
High net worth clients who meet threshold financial requirements under the Securities and Futures (Professional Investor) Rules (“Professional Investor Rules”) are, for certain purposes under the Securities and Futures Ordinance, treated as professional investors. However, if a regulated firm wishes to waive specified requirements under the Code in respect of a client, they must undertake a further assessment of the client’s investment experience in addition to meeting the threshold financial requirements under the Professional Investor Rules.
Threshold Financial Tests
The Selling Practices Report noted that there were misconceptions regarding which assets of a client can be included to satisfy the requisite financial threshold tests. It clarified that the value of a client’s residential property cannot be included when determining whether a client has a portfolio valued at HK$8 million or more.
At the same time, whilst the Professional Investor Rules give regulated firms flexibility in assessing whether a client satisfies threshold financial tests, the Selling Practices Report encourages regulated firms to use the methods prescribed under the Professional Investor Rules and failing that, to ensure that they keep proper records to demonstrate that they have exercised professional judgment and have reached a reasonable conclusion that a client meets the financial tests to qualify as a professional investor for the purposes of the SFO.
Prior to waiving any of the specified requirements under the Code, a licensed corporation should be satisfied that the client in question is knowledgeable and has sufficient expertise and investment experience in relevant products and markets by carrying out an assessment in writing. As with suitability assessments, the Selling Practices Report suggested the following:
- Independent Verification - When assessing a client’s knowledge, expertise and investment experience in relevant products and markets, a regulated firm should not simply rely on a client’s responses given in a standard professional investor assessment form. In this regard, for example, a regulated firm should check whether the information provided in the form is consistent with other information received from the client (e.g. from KYC documentation).
- Guided Verification - Regulated firms should assist clients to complete and return an assessment form, rather than allowing them to complete such forms on their own, to ensure that the responses are accurate.
- Clear Risk Disclosure - Regulated firms should provide a clear written explanation to a client regarding the consequences of being treated as a professional investor for the purposes of the Code and inform the client of their right to withdraw from being so treated. The client should be requested to sign a written declaration confirming that the consequences of being treated as a professional investor, and the right to withdraw from being so treated, have been explained to them and they consent accordingly.
- Record Keeping - A regulated firm should keep adequate records of all relevant information and documents gathered in its assessment of a client’s knowledge so that it can demonstrate the basis for its decision to treat a client as a professional investor.
Although regulated firms are in the business of selling investment products, in the current regulatory environment, the pendulum has swung towards protecting investors rather than encouraging investors to exercise their own independent judgment. As a result, it is more important than ever for regulated firms to review their compliance practices periodically and to strengthen them where appropriate so that they can demonstrate to the regulator that they have their clients’ best interests at heart. A failure to do so may result in regulatory enforcement action.
Originally published by Thomson Reuters GRC
About the Firm
Founded in 2004, Timothy Loh LLP is an internationally recognized Hong Kong law firm focused on mergers & acquisitions, litigation and general financial markets and financial services matters. The firm is a leader in banking, financial regulation, corporate finance, capital markets and investment funds as measured by its rankings and those of its lawyers in leading independent editorial publications. The firm routinely acts for Fortune Global 500 companies. For more information, visit www.timothyloh.com.