We have compiled the following chronology table which serves as a quick reference point to track the circulars and guidance published by HK financial services regulators in relation to COVID-19. We will update the table regularly. Kindly note that the table is not intended to capture all regulatory publications on an exhaustive basis.
Securities and Futures Commission (SFC)
Circulars/Guidelines |
|||||
TITLE |
SUMMARY |
DATE |
LINK |
REMARKS |
|
1 | Circular to Licensed Corporations and Associated Entities - Anti-Money Laundering / Counter-Financing of Terrorism Publication of the Latest Hong Kong's Money Laundering and Terrorist Financing Risk Assessment Report |
Background The Government published on 8 July 2022 the latest Hong Kong's Money Laundering and Terrorist Financing Risk Assessment Report ("the Report"). The Report examines the money laundering and terrorist financing ("ML/TF") threats and vulnerabilities facing various sectors in Hong Kong and the city as a whole in recent years, as well as assesses the risk of proliferation financing faced by Hong Kong. The updated assessment results facilitate the Government in implementing mitigating measures against the identified risks to ensure that Hong Kong's anti-money laundering and counter-financing of terrorism ("AML/CFT") regime can address challenges brought by the ever-changing market developments. The assessment concludes the ML risk of the securities sector remains at medium level, taking into account the ML threat and vulnerability levels for the securities sector which are both assessed to remain at medium level. The Report notes that the securities sector continues to be exposed to transnational, cross-border as well as domestic ML threats. In particular, it is also exposed to ML threats from social media investment scams in recent years. "Nominee" and dubious investment arrangements which have been exploited for use in schemes to facilitate market misconduct or in concealing the actual beneficial ownership for other illegal purposes are newly identified as key ML vulnerabilities. Furthermore, the increased use of online and mobile trading as well as remote office arrangements during the COVID-19 pandemic also provide opportunities for criminals to abuse the sector for online fraud and theft and related ML activities. Actions taken and will be taken by the SFC The SFC has strengthened its risk-based AML/CFT supervision which enables the monitoring of firms' AML/CFT compliance in a more risk-sensitive and effective manner. These include implementing the Manager-In-Charge regime for eight-core functions including AML/CFT, and launching a revamped Business and Risk Management Questionnaire which gathers more information about firms' business operations and AML/CFT controls. The SFC will reinforce its capacity building and outreach programmes to enhance the AML/CFT compliance capability of the securities sector to help mitigate the ML/TF risks. The SFC's Expectations of LCs and AEs Licensed corporations ("LCs") and associated entities ("AEs") are reminded to identify and assess ML/TF risks to which the firms are exposed and to keep the assessment up-to-date, having regard to the key ML/TF threats and vulnerabilities identified in the Report that are relevant to their own circumstances. LCs and AEs should design and implement adequate and appropriate AML/CFT policies, procedures and controls that are commensurate with the ML/TF risks identified in order to properly manage and mitigate them. |
8 July 2022 | Click here |
For the latest Hong Kong's Money Laundering and Terrorist Financing Risk Assessment Report published on 8 July 2022, please see here. The above report has been covered in item 16 in the HKMA circulars/guidelines below and item 4 of the IA circulars/guidelines below. |
2 | Circular to Licensed Corporations Updated Technical Specifications for OTC Derivatives Trade Reporting |
The SFC published a Circular on 29 March 2022 to inform licensed corporations (LCs) of the HKMA's notice (the "Notice") about updated technical specifications for over-the-counter (OTC) derivatives trade reporting under the Hong Kong Trade Repository (HKTR) and the postponement of the implementation date of updates to coding schemes to cover "Proprietary rates" due to the current pandemic situation. LCs that may be subject to mandatory reporting obligation are advised to refer to the Notice. |
29 March 2022 | Click here | Please refer to the HKMA notice "OTC Derivatives Trade Repository of the HKMA Updated Technical Specifications for Reporting" dated 29 March 2022 here (covered in item 26 of the HKMA circulars/guidelines below). |
3 | Circular to licensed corporations - Managing the risks of business email compromise |
The SFC published a Circular on 24 March 2022 to indicate their expectations to licensed corporations (LCs) in relation to business email compromise (BEC) risks, especially at times when remote working arrangements are commonplace. Background The SFC has recently received reports from LCs about BEC, a type of cyber fraud whereby fraudsters posing as known business contacts dupe unwary staff into sending them money or sensitive information. These incidents resulted in the leakage of client information which undermined client interests and, in some cases, significant financial losses which the LCs had to bear. Business email compromise A BEC scheme typically involves one or more of the following actions by the fraudsters:
In most cases where fraudsters succeeded, the identities of the email senders were either not verified or were checked improperly. For example, an LC staff simply called the phone number provided by the fraudster and followed the confirmation to process the fund transfer instructions. In addition, many red flags were ignored by the LCs. In one incident, fund transfers were rejected or withheld by some banks. Instead of promptly investigating the irregularities, the LC proceeded to act on the transfer instructions to other banks. Eventually, a number of fund transfers were effected, inflicting financial losses on the LC. LCs should take note of the examples of BEC provided in the Annex. The SFC's expectations The SFC expects LCs to have internal control procedures and financial and operational capabilities which can be reasonably expected to protect their operations and clients from financial losses arising from theft, fraud and other dishonest acts, professional misconduct or omissions. The SFC reminds LCs of its circular titled "Circular to licensed corporations Management of cybersecurity risks associated with remote office arrangements" dated 29 April 2020 (item 19 below), to vigilantly monitor and effectively manage BEC risks, especially at times when remote working arrangements are commonplace. Control mechanisms LCs should establish effective policies and procedures to provide guidance to their staff for managing BEC risks. In addition, LCs should strengthen internal controls in the following aspects: (a) Client contact information
(b) Amendment of client particulars
(c) Email requests for order placing or fund transfer
(d) Red flags
Senior management responsibility It should be noted that the above control measures and techniques are by no means exhaustive. The SFC suggests that each LC review its own circumstances and ensure that appropriate and effective control procedures are put in place and effectively enforced. It is the responsibility of the senior management to oversee LCs' implementation of internal control policies and procedures for the effective management of BEC risks, and ensure that adequate resources for such control functions are allocated and proper checks and balances are in place. LCs should provide regular training to staff to enhance their vigilance in watching out for email scams and ensure that they understand the appropriate handling procedures. LCs' staff should carefully examine email addresses, prudently verify the authenticity of requests, diligently investigate red flags and promptly escalate issues according to internal protocols. LCs are also advised to make reference to the SFC's guidance on the control measures and techniques for managing cybersecurity risks and guarding against email scams. Annex to the circular provides examples of BEC. |
24 March 2022 | Click here |
Please refer to the SFC's circular "Circular to licensed corporations Management of cybersecurity risks associated with remote office arrangements" dated 29 April 2020 here (covered in item 19 below). |
4 | Circular to licensed corporations - SFC-HKMA joint product survey 2021: extension of submission deadline |
The SFC published a Circular on 11 March 2022 regarding the SFC-HKMA joint product survey 2021. In light of the latest COVID-19 situation, the SFC understands that licensed corporations may need more time to complete the survey. Accordingly, the deadline for submitting the survey questionnaire has been extended from 11 March 2022 to 19 April 2022. This Circular should be read in conjunction with the circular entitled "Circular to intermediaries - SFC-HKMA joint product survey 2021" issued by the SFC on 10 December 2021, which provides information about the survey and the reporting timetable. |
11 March 2022 | Click here | Please see "Circular to intermediaries - SFC-HKMA joint product survey 2021" here. |
5 |
Circular to licensed corporations Importance of business continuity planning amidst latest COVID-19 situation |
The SFC published a Circular on 7 March 2022 to again remind licensed corporations to review and update their business continuity plan (BCP). As the HKSAR Government has announced its intention to implement a Compulsory Universal Testing (CUT) scheme, albeit its timing and details have not been announced yet, licensed corporations should start preparing now considering the number of actions that may need to be taken in advance. Steps for Licensed Corporations to take in light of CUT Specifically, licensed corporations should critically assess the impact of sudden disruptive events such as the scenarios of temporary staff shortages or reduced service offerings by essential vendors and service providers, as a result of positive cases identified before or during the CUT scheme, and take steps to manage associated risks to ensure that their business operations and client interests are not unduly affected. Licensed corporations should:
The SFC will continue close dialogue with licensed corporations and, so far as legally permitted (and consistent with market integrity and investor protection principles), afford regulatory flexibility where necessary to address unavoidable operational constraints arising from the COVID-19 situation. Resources and Updates for Licensed Corporations Licensed corporations should take note of the SFC's dedicated webpage, which provides updated information published by the SFC in relation to the COVID-19 situation. Recent updates include Frequently Asked Questions on time extensions for licensing examination and additional Continuous Professional Training hours issued on 2 March 2022 and the circular on the submission of scanned copies of licensed corporations' audited accounts issued on 4 March 2022. |
7 March 2022 | Click here |
Please see "Information for firms and market on COVID-19" here. |
Visit us at mayerbrown.com
Mayer Brown is a global services provider comprising associated legal practices that are separate entities, including Mayer Brown LLP (Illinois, USA), Mayer Brown International LLP (England & Wales), Mayer Brown (a Hong Kong partnership) and Tauil & Chequer Advogados (a Brazilian law partnership) and non-legal service providers, which provide consultancy services (collectively, the "Mayer Brown Practices"). The Mayer Brown Practices are established in various jurisdictions and may be a legal person or a partnership. PK Wong & Nair LLC ("PKWN") is the constituent Singapore law practice of our licensed joint law venture in Singapore, Mayer Brown PK Wong & Nair Pte. Ltd. Details of the individual Mayer Brown Practices and PKWN can be found in the Legal Notices section of our website. "Mayer Brown" and the Mayer Brown logo are the trademarks of Mayer Brown.
© Copyright 2023. The Mayer Brown Practices. All rights reserved.
This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.