Back Custom print Link Text Only Rich Text Print

  • HC-7.1 Compliance

    • HC-7.1.1

      The Board must:

      (a) Oversee the management of the licensee’s compliance risk;
      (b) Establish an independent compliance function and approve an appropriate compliance framework for the licensee based on its size and complexity of its operations;
      (c) Set priorities for the management of its compliance risk in a way that is consistent with its risk management strategy and structures; and
      (d) Approve the licensee’s compliance policy for identifying, assessing, monitoring, reporting and advising on compliance risk.
      Added: July 2023

    • HC-7.1.2

      The compliance function and the internal audit function must be separate.

      Added: July 2023

    • HC-7.1.3

      The Board, Audit Committee or the designated Board committee and senior management must:

      (a) Ensure that, based on an agreed remedial action plan, all compliance findings are resolved within a reasonable period of time to be set based on level and magnitude of risk;
      (b) Not restrict the compliance function from reporting any irregularities or breaches that are identified as a result of its work or investigations, and must ensure that such reporting can be done without fear of retaliation or disfavour from management, board members or other staff members;
      (c) Ensure that the head of compliance and his staff are not placed in a position where there is a possible conflict of interest between their compliance responsibilities and any other responsibilities they may have;
      (d) Not consider the compliance function as a cost center; instead it should be viewed as an activity that helps the licensee avoid enforcement action for non-compliance, enhances the licensee’s reputation and promotes the right environment for better financial performance; and
      (e) Ensure the compliance function’s right to:
      i. Have unrestricted access to any records or files necessary to carry out its responsibilities, and the corresponding duty of licensee staff to co-operate in supplying this information;
      ii. Conduct investigations of possible breaches of the applicable laws, regulations and the compliance policy; and
      iii. Appoint, subject to audit committee’s approval, outside experts to perform a specific task, if appropriate.
      Added: July 2023

    • HC-7.1.4

      Licensees must appoint a head of compliance with overall responsibility for the licensee’s compliance function.

      Added: July 2023

    • HC-7.1.5

      In groups (applicable to Category 1 investment firms):

      (a) The audit committee and senior management, with assistance of the group head of compliance, should ensure that adequate resources, commensurate with the scale and complexity of operations, are assigned for compliance activities at the head office, subsidiaries and overseas branches; and
      (b) The group head of compliance should ensure that:
      i. Adequate reports and information are received from subsidiaries and overseas branches on compliance related issues and must report the same to the audit committee; and
      ii. It conducts annual compliance testing on subsidiaries and overseas branches whose total revenue represents 20% or more of the group’s total revenue and every two years for other overseas operations.
      Added: July 2023

    • HC-7.1.6

      Subject to the CBB’s approval, the role of head of compliance may be combined with the head of risk if the size and nature of the licensee justify the same.

      Added: July 2023

    • HC-7.1.7

      The head of compliance must:

      (a) Report to the Audit Committee or the designated Board committee and administratively to the CEO. In the case of overseas investment firm licensees, the reporting must be to the Group or Regional Head of Compliance and administratively to the CEO/GM of the branch;
      (b) Establish the operating compliance procedures and processes for identifying, assessing, monitoring, reporting and advising on compliance risk;
      (c) Establish written guidance to the licensee’s staff on the appropriate implementation of laws and regulations;
      (d) Conduct, under the sponsorship of the CEO, awareness sessions for the licensee’s staff on compliance policy requirements and issues; and
      (e) Report to the Audit Committee or the designated Board Committee:
      i. On a quarterly basis, the licensee’s management of its compliance risk, in such a manner as to assist committee members to make an informed judgment on whether the licensee is managing its compliance risk effectively; and
      ii. Immediately any material compliance failures as they arise (e.g. failures that may attract a significant risk of legal or regulatory sanctions, material financial loss, or loss of reputation).
      Added: July 2023

    • HC-7.1.8

      The compliance function must:

      (a) Have a formal status with sufficient authority within the licensee;
      (b) Carry out its responsibilities under a risk-based compliance programme that sets out its planned activities, such as the implementation and review of specific policies and procedures, compliance risk assessment and compliance testing;
      (c) Assess in cooperation with the relevant functions, in case of new regulations, the appropriateness of the licensee’s relevant policies as well as the compliance policy and related procedures and processes. It must promptly follow up regarding any identified deficiencies, and, where necessary, formulate proposals for amendments in cooperation with the relevant functions;
      (d) On a proactive basis, identify, measure, document and assess the compliance risks associated with the licensee’s business activities including the development of new products and business practices, proposed establishment of new types of business or customer relationships, or material changes in the nature of such relationships. If the licensee has a new products and services committee, the compliance function staff must be represented on the committee;
      (e) Monitor and test compliance by performing sufficient and representative compliance testing. The results of such testing must be reported to the Audit Committee ;
      (f) Advise the audit committee and senior management on all relevant laws, regulations and standards in all jurisdictions in which the licensee conducts its business and inform them on developments on the subject;
      (g) Must provide to the CBB a compliance assessment report on every application/request for approval to the CBB confirming that all related legal and regulatory requirements pertaining to the request have been thoroughly checked, including the impact of such request on the licensee’s financial position and compliance status, and a reference must be made to any previously approved arrangements by the CBB. In cases where the requests have a potential financial impact on the licensee, a report from the financial control function in consultation with external auditors must also be submitted as part of the compliance assessment report, whereas in case of any legal implication of such a request a legal opinion on the matter must be submitted;
      (h) Act as a contact point within the licensee for compliance queries from staff members; and
      (i) Have sufficient and appropriate resources to carry out its functions effectively, commensurate with the size and complexity of the licensee.
      Added: July 2023

    • HC-7.1.9

      The compliance function staff must:

      (a) Have the necessary qualifications, experience and professional and personal qualities to enable them to carry out their specific duties;
      (b) Have a sound understanding of applicable laws, regulations and standards and their practical impact on the licensee’s business activities and operations; and
      (c) Be subject to regular and systematic training to remain up-to-date with developments in laws, regulations and standards.
      Added: July 2023

    • HC-7.1.10

      The CBB may at its own discretion communicate directly with the Head of Compliance to discuss issues of material concerns related to compliance risk.

      Added: July 2023