The requirements for compliance officers (CO) are constantly evolving and becoming increasingly onerous. It is, therefore, important that COs remain adaptable and keep abreast of changes in technology and the law. In this article, we examine some of the key requirements for COs of Hong Kong licensed corporations.
The principal functions are to:
A CO must possess the technical competence and experience necessary for the performance of his/her functions. He/she should be independent of other functions and report directly to the firm's senior management, unless this is impractical given the size of the firm.
As further useful guidance, the US SEC’s Chief of Staff, Andrew Donohue recently detailed nine key requirements for COs which we believe reflect the SFC’s expectations in Hong Kong. He stated that COs must:
Notably, on 9 November 2015, the SEC issued a National Exam Program Risk Alert to advisers and funds that outsource their compliance officer role. We believe this may be of interest to many Hong Kong licensed corporations which outsource their compliance functions. The risk alert summarised the findings of 20 examinations of such firms in order to evaluate the effectiveness of adviser and fund compliance programmes with an outsourced CO.
The SEC’s examination found that, while some outsourced COs were generally effective in administering the compliance programme and fulfilling their CO responsibilities, firms with outsourced COs may experience compliance programme policy and procedure failures in relation to areas which had been designated to the outsourced CO. The risk alert found examples of compliance policies and procedures that were not tailored to the firm, or that were factually inaccurate in critical areas, as a result of having been created using templates provided by the outsourced CO. Furthermore, concerns were raised about sufficient resources being available to perform compliance duties where one individual served as outsourced CO to multiple entities. The risk alert recommends that registrants with outsourced COs review their business practices in light of the risks noted and reminds firms that their COs must be appropriately empowered and have sufficient knowledge and authority to be effective in the CO role.