Some lessons to be learned from recent SFC enforcement actions

Despite the restrictions on activity affecting Hong Kong since the beginning of the year, there have been several enforcement cases reported which can provide some useful lessons or reminders for intermediaries.

Approvals involve due diligence

A requirement for approval for a transaction indicates that the transaction is unusual or involves material risk. The person giving approval is on notice that the transaction requires scrutiny, and it is therefore implied that the approval should only be given after due enquiry as to the nature and circumstances of the transaction.

In a recent enforcement case by the Securities and Futures Commission (SFC) a responsible officer (Supervising RO), who was responsible for monitoring employee dealings and supervising the operation of discretionary accounts at a broker (Company), routinely approved transactions by the CEO of the Company (including personal trades, short sales and cross trades) without making any inquiries nor checking whether there were any irregularities.

The CEO conducted illegal short sales through his personal account and the discretionary account of a client without informing the Company or the client. He concealed his uncovered positions by buying the relevant stock at the end of the trading day. Sometimes he would cover his position through a cross trade with his discretionary client at a price favourable to himself.

In spite of an enquiry from the HK Stock Exchange (HKSE) into the short sales, the Supervising RO failed to conduct any proper investigation or take any other action apart from issuing a warning letter to the CEO. In every short sale, a key question to ask is how cover is being provided. However, the Supervising RO continued to rubber-stamp the CEO’s personal dealings, so that the CEO was able to continue his illicit activities for another two months.

The CEO was banned from the industry for 28 months following his criminal conviction for illegal short selling; the Supervising RO’s licence was suspended for seven months; and the Company was publicly reprimanded and fined HK$6.3 million.

The Company was a relatively small enterprise, and it is likely that there was a high degree of trust between the ROs: such businesses often operate as quasi partnerships, which rely on the partners’ good faith and integrity. However, the case demonstrates the need for vigilance even in such a relationship.

At the time the trades were entered into, it was unclear whether the Fund Manager Code of Conduct (FMCC) applied to transactions for a segregated discretionary account. Since the introduction of the new FMCC, the staff dealing rues of the FMCC would clearly apply which, inter alia, prohibit cross trades between staff accounts and client accounts.

The importance of supervision and compliance checks

A licensed asset manager was publicly reprimanded and fined HK$1.5 million for failing to comply with Taiwanese laws and regulations and failing to supervise its licensed representatives. About 96% of the company’s business was derived from the distribution of investment products in Taiwan through its SFC licensed representatives during the relevant period. They lived in Taiwan and only visited Hong Kong for a couple of days per month. The company had no procedures to ensure its business was in compliance with Taiwanese laws and regulations. The company had guidelines on cross-border activities but it did not specify the steps to ensure compliance with local laws and regulations.

This was not the first time the SFC has disciplined an intermediary for failure to comply with overseas regulations.

It was also revealed during the SFC’s investigation that the activities in Taiwan were not adequately supervised by the ROs. One of the ROs claimed that he relied on other ROs to supervise sales staff. The second RO said that his ability to supervise was ineffective given the sales staff were located in different parts of Taiwan. The third RO said that he knew nothing about how the sales persons operated in Taiwan, and the fourth RO said that she did not know where the sales persons distributed investment products. It was therefore not surprising that the SFC concluded that the licensed company had failed to supervise its licensed representatives adequately.

Had the manager-in-charge regime been in place during the relevant period, there would have been clearer accountability for which members of senior management were responsible for ensuring compliance with the relevant requirements, and it seems likely the SFC would have held them personally accountable.

In another case involving a broker, a licensed representative was found to have traded securities for a client of a discretionary basis. During an SFC inspection, it was found that the relevant account opening documentation did not contain the necessary discretionary authority. A discretionary agreement was not entered into until two years after discretionary trading commenced, although the broker’s internal controls provided that a client who wished to open a discretionary account was required to enter into a discretionary account agreement, and management approval was required before commencement of trading. Moreover, the performance and trading activities of discretionary accounts were supposed to be closely and regularly monitored by the compliance department, ROs and management.

The licensed representative claimed that the client had verbally authorised him to trade discretionarily and that he had overlooked the written trading authorization requirement. His licence was suspended for five months.

Adequate training, supervision and controls might, or indeed should, have prevented the breach occurring: for example, a requirement for orders to the trading desk to be supported by a confirmation from the representative as to whether the trade was on client’s instructions (and if so how evidenced) or discretionary. Such a control would facilitate checks by compliance staff to pick up the breach.

The broker was also criticised for the infrequency of its sample checking of telephone recordings of client orders. The frequency of sample checking should be commensurate with the size of the business: with 70 account executives, 10 sample checks a month was clearly inadequate.

A licensed representative at another broker was banned from the industry for 14 months for overcharging clients. The broker’s regular sample checking of telephone recordings identified a number of bond transactions which the representative had executed at commission rates higher than had been previously agreed with the clients. The clients had agreed to a commission of 0.2% of the execution price in bond transactions.

The audio-recordings showed that during the price quotation stage the representative quoted the best available prices to the clients for the transactions but subsequently executed the transactions at a better price. It is not clear from the statement of disciplinary action what information was provided to the clients on execution, but the inference is that they were charged the quoted price plus 0.2% mark-up. The case demonstrates the value of sample checking and carefully analysing the content of transaction audio-recordings.

In some cases, the SFC has readily inferred a lack of supervision because the intermediary failed to keep adequate records to show that adequate checks had been carried out; in other cases, the SFC has concluded that the ratio of supervising staff to staff being supervised was manifestly inadequate to enable supervision to be performed to a satisfactory level.

The importance of implementing policies

Many of the cases underline the importance of implementing policies, procedures and other internal controls diligently and effectively: there is no point in having controls if they are not put into practice, and it can be shown that they have been adhered to. In many cases where the relevant licensed entity had written policies and controls which required certain approvals to be obtained, or required or prohibited certain actions, in practice individuals simply failed to follow procedure, whether through ignorance (as in the case mentioned above) or deliberate malfeasance.

In the SFC’s inspection of the same broker, research reports were found to have been issued in breach of the broker’s own controls which prohibited the issue of research on a company within 30 days of dealings in the company’s shares by research staff. Staff were required to seek approval for personal account dealings (which was done); compliance staff were supposed to add the relevant company to a restricted list (which was not done); compliance staff were supposed to check trades and the issue of reports against the restricted list (which was not done). It appears that these oversights may have occurred due to confusion over responsibility for conducting the relevant checks and supervision. The written policies assigned these tasks to the broker’s head office overseas, but this did not appear to have been adequately communicated to, or understood by, staff at both offices, and the relevant head office staff were not receiving the information they needed from the broker to carry out their oversight function effectively.

Another research analyst at the broker was found to have traded contrary to his own recommendations and trading securities on the broker’s restricted list, in breach of the brokers written policies. He had disguised his trades by trading through his father’s account, thus deliberately seeking to avoid compliance with the broker’s requirements, for which he was banned from the industry for 12 months. More comprehensive KYC might have established the relationship between the analyst and the owner of the account. Trades by the analyst, whether for his own account or for a client, which were contrary to the analyst’s recommendations, should have raised questions.

The broker was publicly reprimanded and fined HK$6.4 million

Diligent supervision is required even when there is separation of functions

In a case of conspiracy to steal and conspiracy to defraud, the SFC imposed a life-time ban on a licensed representative of a broker who stole HK$110.2 million worth of securities from clients of her employer. The employer had established separation of functions between the front office and back office, so that the licensed representative’s criminal acts required the participation of her co-conspirator, who was a settlement clerk at the broker.

As a result of the fraud, the broker’s shareholders and directors were required to give an undertaking to the SFC that the company, its shareholders and directors would fully compensate any clients affected by the misappropriation of client securities, and that undertaking was satisfied at a cost to the company of HK$156 million.

It is interesting to note that there was an opportunity to uncover the fraud, as noted in the report of the criminal proceedings: the licensed representative had to fill in an order form. The information in this form was fed into the broker’s computer system. Each day the computer system would generate a “Stock Balance by Item Report”. This report recorded the total amount of shares held by all clients of the broker and the market value of the shares. The stock balance of the Stock Balance by Item Report should tally with the figures kept by the HKSE in its CCASS system. One of the settlement clerk’s tasks was to make sure that there was no discrepancy between the two and to compile a “CCASS Stock Matching Report” (Matching Report) for the approval of her supervisors. The settlement clerk’s supervisors would endorse the Matching Report if no discrepancy was found, but they did not check the CCASS record, thus giving the settlement clerk an opportunity to tamper with the broker’s internal records to cover up the theft.

This case again demonstrates the need for vigilance in supervision, and in times of economic hardship, the need for vigilance is even greater, particularly where employees are paid little or no salary but rely primarily on commission for their livelihood, will be under increased pressure to cut corners or even resort to criminal activity to supplement their incomes.

A clean SFC inspection does not guarantee a clean bill of health

SFC inspections are necessarily limited in scope. Sometimes the SFC will conduct inspections of a number of participants in a particular part of the industry, and those inspections will focus on one particular area, such as the sales process. There have been many such “themed” inspections which are usually followed by a detailed public report, often with summaries of good and bad practices identified by the SFC in the course of the “themed” inspections. Industry participants would do well to heed any recommendations and observations in such reports.

In other cases the inspections are more general. Sometimes the SFC will publish beforehand the areas of focus of inspections for the upcoming year, which gives intermediaries an opportunity to review their controls and procedures to prepare for an inspection. If deficiencies are found which amount to a material breach, they must be reported promptly to the SFC. However it is certainly preferable to report a problem which has been detected internally, rather than for the SFC to find it on an inspection.

A clean SFC inspection result does not amount to a seal of approval, and does not provide any sort of assurance that an intermediary is in full compliance with all applicable requirements. In the fraud case referred to above, a relatively simple reconciliation would have alerted the company to the fraud. In the absence of that check, the fraud continued for nearly seven years despite an SFC inspection in the interim.

Regular “mock inspections” by third party professional advisers can be invaluable in providing a fresh perspective on an intermediary’s business and its compliance systems.

The SFC takes conflicts seriously

In its December 2006 Enforcement Reporter, the SFC said that stealing client assets would lead to a life-time ban. Breaches involving dishonesty merit harsher disciplinary action than those involving ignorance or oversight. Somewhere in between fall cases involving conflicts of interest. Failing to recognise and manage conflicts fairly may fall short of actual dishonesty, but casts doubt on the ethical standards and integrity of those involved, and is therefore a matter to be dealt with severely. Personal account trading, transactions with connected persons and other areas which potentially give rise to conflicts of interest therefore require particularly close attention.

For example, there have been several cases where the managers of SFC authorised public funds have been fined for failing to ensure that, where the funds’ cash was deposited with a bank connected with the manager of the custodian, the bank paid interest at normal arm’s length commercial rates. Interest rates during the relevant periods (six years in each case) were extremely low, so the amount of the loss to individual investors was immaterial, but the fines amounted to between approximately 3.5 and 12.5 times the total loss to the funds. In addition, in each case the relevant manager was required to appoint an independent reviewer to examine their internal controls. The costs incurred in management time conducting the necessary internal investigation and calculation of the impact on the funds will have been considerable.

Records

In many cases, problems can be traced back to inadequate record-keeping. In the absence of an appropriate record, it is likely that the SFC will draw an adverse inference: if there is no record of an approval, it will be assumed it was not obtained; if there is no record of attendance, absence will be inferred; if an intermediary cannot produce records to show that KYC, AML, a suitability assessment or other requirement has been satisfied, it will be assumed that the relevant action has not been taken at all. In the context of supervision and compliance, records must be kept of enquiries made and checks undertaken or it will be assumed that none were conducted.

The importance of proper record-keeping cannot be over-emphasised.