Hong Kong’s forthcoming “manager-in-charge” regime will likely increase the risk of the Securities and Futures Commission (“SFC”) taking enforcement action against senior managers, given the personal liability the regime will bestow upon individuals, lawyers said.
Preparing for the regime would also be a challenge for HR teams, as many organisations will have to clarify and make changes to reporting lines, they said.
The regime, which will become effective on 17 July, will require licensed corporations to designate a fit and proper individual as “manager in charge” (“MIC”) to be responsible and accountable for a number of core functions, such as overall management oversight, compliance and IT. These MICs will also be regarded as part of the senior managers of a licensed corporation.
Although the SFC has allowed for one individual to be MIC for more than one of the eight functions, the regulator has also said the regime should help drive good conduct across an organisation by ensuring the compliance role is part of senior management.
In a speech last month, Julia Leung, the head of intermediaries at the SFC, said the regulator’s aim was for compliance to be the responsibility of not just one department, and for front-line managers to nurture a culture of acting honestly, fairly and in the best interests of their clients and the integrity of the market.
One potential outcome of the regime, however, was that the designated MICs would be more likely to be targeted for enforcement action by the SFC when things went wrong, lawyers said.
“Taking action against senior management would be consistent with the priorities set by the SFC and other regulators of ensuring genuine responsibility of, and clear accountability for, senior management,” Matt Bower, partner at law firm Allen & Overy in Hong Kong, said in a client briefing.
As firms would be required to provide the SFC with the names and responsibilities of each MIC, this would allow the SFC to identify easily who was responsible for the management of the core function in which misconduct may have occurred, he said.
In addition, as each individual MIC has will have to acknowledge their responsibility, this will make it difficult for an individual MIC to say later that he was not properly appointed or not involved in the management.
“Those who are designated as MICs will wish to keep in mind the legal basis by which they could be deemed responsible for the conduct of others within their core function,” Bower said.
Preparing for the MIC Regime
The MIC regime and the SFC’s views on senior management looked at corporate governance on a legal entity basis, starting from the board and then moving down to the MICs and responsible officers (“ROs”), Charlotte Robins, partner at Allen & Overy in Hong Kong, said in a client note.
“While this approach may work for many of the smaller, local licensed corporations, this presents challenges for licensed corporations that form part of larger, global groups that do not typically organise themselves around their legal entities or who have business lines that cross geographic and legal entity lines,” she said.
As a starting point, she said, many larger groups would need to map their governance and reporting structure, as UK firms had done in preparation for the Senior Managers and Certification Regime (“SMR”), to determine which businesses operated in which legal entities.
“Particular care should be taken around the edges of responsibility where there is overlap and where there may be more than one MIC for a specific core function,” she said. “If responsibility is not clearly allocated, the risk arises that all MICs for that core function will be presumed responsible for any failures within it. In a worst-case scenario, where a responsibility that should have fallen to a particular MIC falls between the cracks, there is a risk the SFC may take action against the overall management oversight MIC or the board of the licensed corporation for a flaw in the governance structure of the licensed corporation.”
She said the SFC expected firms to prepare and maintain a formal document setting out the management structure, including an accurate description of the roles, responsibilities, accountability and reporting lines of its senior management personnel.
Robins said this was similar to the management responsibilities map required under the UK SMR, although it would not require the same level of detail.
“While an express requirement of the SFC, this is in any event an important document that should be carefully prepared for the above reasons; it will aid the SFC's understanding of the licensed corporation should they ever need to review the document in the context of the MIC regime or otherwise,” she said.
The Role of HR
HR teams should be engaged early in the process of mapping responsibilities for core functions, Gareth Thomas and Gillian McKenzie, lawyers at Herbert Smith Freehills in Hong Kong, said in a client note. Thomas and McKenzie said HR should consider:
- Auditing the employment contracts of MICs and their job descriptions, as well as existing policies and procedures relating to standards of conduct, what it means to be “fit and proper”, appraisals, performance management, disciplinary procedures, objective setting and determining fixed and variable remuneration.
- Engaging in discussions with the individuals the firm proposed to appoint as MICs, to agree the scope of roles and responsibilities. This should be documented as a supplement to the employment contract. “A clear division of responsibilities will be especially critical where two or more individuals are appointed as MIC for the same core function,” Thomas and McKenzie said.
- Checking notice provisions, continuous record-keeping requirements, handover obligations and duties to cooperate with the firm once the employment relationship has ended, to facilitate a smooth transition when an MIC leaves the firm and is replaced in that role.
- Encouraging MICs to think about succession planning, to ensure that when they leave the firm there are others who are capable of taking over.
- Establishing whether an MIC may need legal advice in relation to their responsibilities, and whether a conflict of interest between the MIC and the firm may make it necessary for the MIC to have separate legal advisers from the firm.
Those about to take on new responsibilities as an MIC should consider what they need to do to fulfil that obligation, Bower said. This would include reviewing handover notes, meeting with relevant stakeholders, understanding applicable governance and risk management frameworks as well as systems and controls, reviewing risk thresholds and appetites and risk assessments, and understanding the main regulatory requirements that apply to the particular core function.
“Given the risk of personal sanction for any misconduct that may occur within the core function(s) for which a MIC is responsible, the MIC may also wish to undertake a pre-appointment risk assessment,” Bower said.
He said incoming MICs should consider:
- What risks may arise in the core function for which he is responsible.
- How those risks are assessed and monitored.
- What improvements could be made to the systems and controls to address those risks more effectively.
- How the implementation of those improvements should be monitored and when they needed to be in place.
“MICs should take time prior to the commencement of the regime to familiarise themselves with the structure of their core function, reporting lines, key personnel, policies, and procedures,” he said. “This process will serve to identify any problems prior to assuming responsibility as MIC of that function so that there are no surprises after the regime takes effect.”
Third Parties and Outsourcing
In its soft consultation with the industry, the SFC accepted that some firms might need to delegate responsibility for certain core functions, such as IT, to third parties. The regulator said, however, that a MIC should still be responsible for supervising the outsourced function.
“Outsourcing continues to be a double-edged sword: an excellent way for a licensed corporation to reduce costs but one that introduces additional risks because of potential decreased oversight and control over the outsourced services,” Robins said.
“This highlights [how important it is for] a MIC in charge of a function that involves outsourcing to look carefully at, and monitor on an ongoing basis, outsourcing arrangements and consider whether they have sufficient oversight over those arrangements, for example, through site visits, periodic updated due diligence and so on,” she said.