English | 中文
Tightening Regulations: What this means for securities brokerages in Hong Kong and Mainland China
Since 2014, there has been significant integration of the Hong Kong and Mainland Chinese financial markets, especially with the launch and growth of the Stock Connect and Bond Connect. By the end of June 2020, regulators announced the Wealth Management Connect Scheme (WMC)1 which will further harmonise the two markets. This new scheme is expected to create a new channel for Chinese and Hong Kong registered securities brokerages seeking capital growth through the expansions of cross-border trading and broader capital markets.
However, the rapid expansion and the new business models also bring increasing concerns regarding internal controls and management from a regulatory standpoint. Newly issued regulations now have strengthened regulatory requirements and widened scopes. Frequent enforcement actions taken by regulators from January 2019 to June 2020 also demonstrate that regulators in the securities sector across both Hong Kong and Mainland China are tightening their oversight and showing less tolerance in regulatory breaches.
In our white paper, «Securities Brokerages in Hong Kong & Mainland China: Lessons Learned from Recent Regulatory Breaches», we review and study the recent regulatory breaches from enforcement cases in Hong Kong and Mainland China while deep-diving into the root causes for each breach type. We also take a look at the challenges that encountered when implementing an effective control framework.
Summary of regulatory breaches and their root causes
Our in-depth analysis of the regulatory breaches in Hong Kong and Mainland China shows that for both regions, most breaches happen during the sales and before the trade. In Hong Kong, misappropriation of client money, unauthorised client transactions, insufficient client suitability checks and improper information disclosures are the most common breaches.
On the other hand, in Mainland China, the breach of insufficient information disclosures is the only breach that was similarly observed. Selling unapproved products and the failure to observe client’s risk appetite during the sales of investment products are instead frequently seen.
The root causes of the most common breach types found in the enforcement cases in Hong Kong and Mainland China can be summarised as:
- Lack of embedded risk culture: A lack of the correct risk culture which promotes the balanced risk-profit attitude and do-the-right-thing culture amongst staff.
- Unclear accountability structure: A lack of explicit accountability and ownership of risk incidents amongst staff.
- Insufficient surveillance system: A lack of efficient surveillance functions that monitors overall business activities.
- Inefficient control framework: A lack of an effective control framework with strengthened first and second line of defence controls.
- Non-holistic view of business activities: A lack of an integrated view of the end-to-end business activities across various platforms and different products.
Based on the five root causes identified, a pyramid with five corresponding criteria can be used to evaluate the level of compliance for securities brokerages (as shown in Figure 2). These include risk culture, staff accountability, surveillance functions, internal control framework and a holistic view of business activities. The pyramid lists the good practices for a firm to adopt – from encouraging ethical behaviour amongst staff by actively promoting risk culture, to detecting unsavoury behaviour by means of control and monitoring of business activities.
Implementing an effective control framework: Recommendations and challenges
However, while it is imperative to remain compliant, compliance resources are limited in securities brokerages, especially for small scale operators, and many are tasked with finding a solution that monitors specific behaviours in more rigorous ways.
With the sheer volume of transactions being a distinct feature of their business models, securities brokerages are driven to implement effective control frameworks that adopt up-to-date technology. These technologies, such as monitoring tools that cover the trading systems and communication channels, keep the business activities compliant without tremendous increase of the compliance staffing. However, to leverage the technologies effectively, there are requirements that need to be accounted for when designing the control framework and so often some challenges are observed.
Amongst the causes, weakness in risk culture and flaws in the control framework are commonly detected. To facilitate a highly effective and efficient surveillance function to support the internal control framework, it involves a sound framework design and system that aggregates data from across the business to create a comprehensive and holistic picture of business activities. This represents a further step away from the legacy rule-based approach.
Synpulse has experience in providing industry best practice advice to financial institutions to help them design and implement risk control frameworks. Our insights on effective and efficient control frameworks and technologies have helped various private banks and medium-to-small-size financial intermediaries establish compliance in their processes and increase cost-efficiency.