Financial Institutions Better Governed than Other Hong Kong Corporations, says Report

Hong Kong's financial institutions have better corporate governance than most other corporations in the territory, according to a report.

In a PwC study of 230 listed companies on the territory's Hang Seng Index and Hang Seng Chinese Enterprise Index ("HSCEI"), financial services firms outperformed those in the real estate, retail and technology sectors in terms of corporate governance.

The report, which was announced on 29 September at a media briefing and will be released in mid-October, found that 69 percent of the listed firms assessed were early adopters of a new disclosure requirement for the annual review of internal control and risk management systems. Some 86 percent of HSI companies analysed were early adopters, compared with just 60 percent of HSCEI entities.

"One of the reasons that HSI constituents perform better is because substantial emphasis and resources are put into risk management and internal control areas to respond to market expectations and regulatory changes," said Kanus Yue, a PwC risk assurance partner in Hong Kong. "The majority of HSI constituents have made an effort to increase their voluntary disclosure beyond the level of mere compliance," she said.

Hong Kong Exchanges and Clearing ("HKEX"), the parent company of the Stock Exchange of Hong Kong ("SEHK"), amended its corporate governance code in December 2014 to focus on risk management and internal controls.

The changes were aimed at placing greater emphasis on risk management, defining the roles and responsibilities of the board and management, and reinforcing the boards' continuing responsibility to oversee risk management and internal control systems.

The amendments to the code became effective for accounting periods commencing on or after 1 January 2016.

Financial Sector has a "Head Start" on Governance

The report said financial services and real estate firms were better positioned to disclose information on the state of their governance and internal controls, than firms in the technology and retail sectors, and that financial services firms were more easily able to evidence the processes they used to gauge and manage significant risks than those in other sectors. The report suggested this was because Hong Kong's financial sector already devoted substantial resources to their governance, risk, compliance and legal functions.

"Financial services has had a head start over other industries as a result of the many banking-led economic and financial crises. This, in turn, has driven the expectation by stakeholders and the general public for greater oversight and regulations. As a result, you have an industry that is highly regulated," said Eric Yeung, a PwC risk assurance partner in Hong Kong.

Another related reason for financial services firms' high scores was the fact that many of them operated internationally, "where standards tend to be more stringent or prescriptive", Yeung said. Consequently, such organisations often adopted the most stringent rules across all the jurisdictions where they operated, he said.

Yeung said if financial firms failed to manage risks, the results would be disastrous and could lead to contagion on a macro level because of the important role such institutions played in the international economy.

"The risk management system required in financial services could be relatively more complex or sophisticated … [with] a lot of quantitative metrics to measure risks such as liquidity risk, credit risk and market risk. Hence, it is a common practice for financial institutions to establish a robust risk management framework to mitigate risks in a dynamic market, which is a key part of the corporate governance code."

The study made the point that the amount of money banks spent on compliance, legal and risk management also had some bearing on their better corporate governance scores.

Three Lines of Defence

Many financial institutions operate on the traditional three lines of defence model, which clearly delineates the roles of management (the first line); risk, compliance and quality assurance functions (the second line); and internal audit (the third line).

"Each of these lines of defence has key roles to play in a well-governed organisation. Naturally, if each of these functions are well-resourced and equipped with the right skills and experience, it would go a long way to ensuring good governance," Yeung said.

"It is also important to distinguish between disclosure of practices and actual compliance. Many financial institutions do already have very good policies and procedures and internal controls. However, the risk culture of the organisation is of the utmost importance."

The corporate culture in terms of risk can often be a better gauge of how management operates the business than its policies and procedures. The shifting regulatory environment adds yet more complexity, because companies must not only take the time to understand new regulations, but must also allocate resources to comply with regulatory changes.

The report also found that only 20 percent of firms thought they had sufficient resources and appropriately qualified, experienced internal audit staff. Firms should aim to build stronger systems and plan to allocate more resources to corporate governance, "to increase their competitiveness, improve investor relations and protect shareholders," the report said.


Ajay Shamdasani is a senior staff writer with Thomson Reuters Regulatory Intelligence in Hong Kong. He covers regulatory developments in Hong Kong, India and South Korea. He also writes about money laundering, fraud, corruption, data privacy and cybercrime.