Hong Kong's SFC introduces new bank account and authorised signatory control mandate

Hong Kong’s Securities and Futures Commission (“SFC”) has introduced a new regulatory mandate for the management of bank accounts within Licensed Corporations (“LCs”).

 
Hong Kong Buildings
 

On 28th June 2021, the SFC published a new set of regulatory rules for LCs aiming to tackle inadequate control practices in bank accounts management and operations.

During a recent course of supervision, the SFC has recorded a series of cases where LCs were lacking appropriate internal controls for the effective management of their bank accounts. Some of the examples mentioned in SFC’s original policy document include:

  • LC’s house or client bank accounts were operated by unauthorised personnel with insufficient control over the operations of the accounts, who were not Responsible Officers (ROs), or Managers-in-Charge of Core Functions (MICs).

  • Lack of appropriate signatory accountability.

  • Authorised signatories were not physically present in LC’s office during normal business operations.

  • Withdrawals of funds from house bank accounts for transactions unrelated to regulated activities, without the approval or knowledge of any ROs, MICs or other senior management.

  • ROs and MICs missing timely, effective, and direct access to information except for monthly bank statements.

What’s the new SFC’s bank accounts mandate all about?

SFC’s new bank accounts mandate will apply to both:

  • LC’s house bank accounts, and

  • client bank accounts.

But, it will not cover:

  • LC’s accounts held at execution brokers, and

  • bank accounts established and maintained by the LC’s clients in the clients’ name.

Its key purpose is to prompt LCs to develop and implement effective policies and internal controls for the operation of their bank accounts. Thus, they’ll ensure the proper safeguard of client funds and quick discharge of liabilities, whilst fully complying with the financial resources requirements under the Securities and Futures (Financial Resources) Rules (FRR).

To achieve this, the SFC has introduced the following set of governance rules grouped into 3 core categories:   

Senior management responsibilities

ROs and MICs should be explicitly held accountable for:

  • implementing and operationalising policies, procedures, and internal controls they consider necessary, including for the operation of bank accounts; and

  • ensuring that all signatories are appropriately authorised in relation to the operation of the LC’s bank accounts.

 
Authorised Signatory Management Guide Banner

What is Authorised Signatory Management?

Find out in our latest special report where we discuss the fundamentals of Authorised Signatory Management. Download

 

Authorised signer arrangements 

The authorised signers delegated to execute any type of payments out of an LC’s client bank accounts should only be ROs, MICs, or their delegates.

Timely and effective access to information in relation to bank accounts

Authorised signatories for LC’s bank accounts should, at all times, have the ability to exercise their oversight effectively. For example, through having constant access to regular account statements, and all other information about the operation and activities of the LC’s house and client bank accounts.  

Others

  1. For online banking accounts, individual user’s access credentials should not be publicly disclosed. They should also be uniquely identified for the purpose of detecting any unauthorised transactions.

  2. An LC should adopt a formal policy document, approved by the board of directors, that clearly outlines the organisation’s management structure and their roles, responsibilities as well as accountability.

When will the SFC’s bank accounts mandate go into effect?

According to the SFC’s policy release, LCs are required to critically review their existing policies and internal controls and be fully compliant with the expected standards by 3 January 2022.

How to get compliant

If your organisation is an LC that manages client money or has more complex banking arrangements, you would have to go through the following 4-step compliance process:  

  1. Carefully review the SFC’s official “Circular” document and audit your existing operational environment and processes to determine if any controls are missing and/or not working properly.

  2. Assess if all your existing bank accounts signatories are appropriately authorised and make sure all your authorised signatory lists are up-to-date.

  3. Create a formal internal policy document that sets out all relevant control and compliance measures.

  4. Consider using a digital signatory authorisation platform to streamline the process and enhance corporate governance.

Facilitate compliance with Cygnetise

Cygnetise provides a digital solution, as an alternative to the paper-based management and distribution of Authorised Signature Lists (ASLs). It allows you to manage all your authorised signatory / delegated authority data in a secure, cost-efficient and sustainable way, from anywhere in the world.

5 ways Cygnetise can help you become compliant:

  1. Manage, share and update signatory data in real-time

  2. Maintain a single source of truth

  3. Have instant, remote access to the latest signatory data entry

  4. Keep a historical record of any signatory data changes

  5. Develop a sufficiently standardised process across all your functions/entities

Want to learn more about Cygnetise? Request a free demo below and one of our team will get in touch with you right away!

RegulationStephen Pomfret