Compliance update – ACRU 2017 review: part two
CSj highlights the main compliance issues raised by regulators at the Institute’s latest Annual Corporate and Regulatory Update.
The Institute’s Annual Corporate and Regulatory Update (ACRU) provides attendees with first-hand knowledge of the emerging trends and areas of concern for Hong Kong’s leading regulatory bodies. There was no shortage of compliance and governance issues to be discussed in the latest ACRU.
Listed company governance issues were the focus of the Hong Kong Exchanges and Clearing Ltd (the Exchange) and Securities and Futures Commission (SFC) sessions. The Companies Registry session was devoted to the government’s proposed new legislative amendments designed to upgrade Hong Kong’s anti-money laundering and counter-terrorism financing (AML/CTF) regime, as well as an introduction to the Registry’s electronic services. The Privacy Commissioner for Personal Data discussed effective privacy management and, in the final session of the day, the Hong Kong Monetary Authority addressed the empowerment of independent non-executive directors and improving governance culture.
Regulation of trust and company service providers
Ellen Chan, Deputy Principal Solicitor, Companies Registry, addressed a topic highly relevant to the company secretaries in the ACRU audience – the government’s proposed licensing regime for trust or company service providers (TCSPs). She gave an account of how the Companies Registry, which will be the regulator responsible for implementing the new regime, intends to enforce the new requirements.
Under the licensing scheme, TCSPs will be required to apply for a licence from the Registrar of Companies (the Registrar) before they can carry on a trust or company service business in Hong Kong. ‘A person who carries on a trust or company service business without a licence commits an offence, and is liable to a fine and imprisonment. The Registrar will keep a register of all TCSP licensees, which will be open for public inspection,’ Ms Chan said.
This is designed to fulfil the requirements of the Financial Action Task Force (FATF). FATF recommends that ‘designated non-financial businesses and professions’ (DNFBPs), which includes TCSPs, should be subject to effective systems for monitoring to ensure their compliance with AML/CFT requirements.
FATF also requires DNFBPs to be subject to customer due diligence (CDD) and record-keeping requirements. Currently, these are only prescribed for financial institutions (as set out in Schedule 2 of the Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance). The government proposes to extend Schedule 2 of the Ordinance to cover, among others, TCSP licensees.
This would mean TCSPs would need to, among other things: verify their customers’ identities and identify any beneficial owners. They would also be required to keep, in relation to each transaction and each customer, the original or a copy of the documents and a record of the data and information obtained (such as identification data, account files, business correspondence and records of transactions) for a period of six years.
The Registrar will be empowered to carry out inspections for the purposes of ascertaining whether a TCSP licensee is complying with the licensing and statutory CDD/record-keeping requirements. A TCSP licensee in contravention of the statutory requirements, or any conditions of the licence, may be disciplined and subject to a range of civil sanctions, including: a public reprimand, a remedial order to remedy the contravention, and payment of a pecuniary penalty.
There will be a review tribunal to which any person aggrieved by the Registrar’s decisions in implementing the licensing and disciplinary regime for TCSPs may appeal.
Beneficial ownership disclosure
FATF also requires member jurisdictions, which includes Hong Kong, to take measures to prevent the misuse of legal structures for money laundering and terrorist financing by ensuring that adequate and accurate information on the beneficial owners and control of such structures can be obtained or accessed in a timely fashion by competent authorities. Accordingly, the government’s proposes to amend the Companies Ordinance to require disclosure of beneficial ownership information by Hong Kong companies.
Francis Mok, Senior Solicitor, Companies Registry, highlighted the main components of the new beneficial ownership regime in Hong Kong for the ACRU audience. He pointed out that the Companies Ordinance currently has no requirement for the disclosure of beneficial ownership information. Under the Securities and Futures Ordinance (SFO), however, listed corporations are required to keep a register of those individuals or entities owning 5% or more interests in any class of shares (including any beneficial owner of such shares). Listed companies will therefore be exempted from the new regime since they are subject to a more stringent disclosure requirement under the SFO.
Under the proposed new beneficial ownership regime, companies incorporated in Hong Kong would be required to:
- maintain a register of people with significant control (PSC register) over the company, containing required particulars of their identities, and
- take reasonable steps to ascertain the individuals who (and legal entities which) have significant control over a company, give notice to them, and obtain accurate and up-to-date information about their identities.
The PSC register should contain required particulars of registrable persons (that is natural persons) who ultimately have a controlling ownership interest in a company, or who are exercising control of the company through other means, and registrable legal entities with significant control over the company to facilitate identification of PSC in a chain of ownership.
The PSC register must also include the name and contact details of a person designated by the company as its representative to provide assistance relating to the PSC register to a law enforcement officer. The designated representative must be a natural person resident in Hong Kong, or a DNFBP, that is an accountant, legal professional or a licensed trust or company service provider.
Persons whose names are entered in the register are entitled, on request made in the prescribed manner and without charge, to inspect the PSC register and to be provided with copies of the register (on payment of a prescribed fee). Law enforcement officers are also entitled, for the purposes of performing their functions under Hong Kong law, to inspect the PSC register at the place at which it is kept and make copies of the whole or part of the register.
Since late last year, both the SFC and the Exchange have been closely monitoring rights issues and open offers that substantially dilute the interests of non-subscribing minority shareholders. A joint statement on highly dilutive rights issues and open offers was issued by both regulators in December 2016.
Stephanie Lau, Senior Vice-President, Compliance and Monitoring, Listing, the Exchange, raised this issue in her ACRU presentation. She warned that the Exchange will not grant approval to share issues where they would undermine minority shareholders’ interest. ‘We expect directors to act in the best interests of the company,’ she said, ‘and this means acting in the best interests of all of the shareholders.’
Ms Lau highlighted the factors considered by the Exchange when assessing rights issues and open offers. These include the price discount; the dilution impact on the interests of non-participating shareholders; whether there has been any recent similar corporate actions; and whether there is a genuine funding need for the rights issue. Ms Lau emphasised that listed companies should be able to show that there is such a need and that the terms of the proposed fundraising are the best terms available.
Backdoor listings and shell activities
Stephanie Lau also discussed the Exchange’s current review of its regulations relating to backdoor listing activities. She warned that the Exchange will intervene where the use of reverse takeover and shell activities are designed to circumvent the requirements for IPO applicants and avoid the IPO vetting process. She emphasised that, among the factors considered by the Exchange, would be whether there has been any fundamental change in the issuer’s principal business, and other events and transactions (historical, proposed or intended) which, together with the acquisition, form a series of arrangements to circumvent the reverse takeover rules.
Kenneth Chan, Senior Vice-President, Compliance and Monitoring, Listing, the Exchange, also looked at this issue in his presentation. He focused on the approach of the Exchange to shell activities, emphasising that a listed company needs to have a sufficient level of operations, or have tangible or intangible assets of sufficient value, to demonstrate to the Exchange that it is a viable concern. He urged attendees to look at the Exchange’s published guidance on continuing listing criteria and how companies should comply with Rule 13.24 which requires sufficiency of operation. He also pointed out that, while issuers are normally given an opportunity to take remedial action, the Exchange may suspend the trading
in the securities or cancel the listing of an issuer where it does not have a sufficient level of operations or assets under Rule 13.24.
Another compliance issue that has been on regulators’ radars over the last year is the due diligence needed when the board considers valuation reports in the context of asset purchases or transfers. Mike Knight, Director, Corporate Finance, SFC, pointed out that directors are the guardians of listed company assets and they therefore must act in the interests of the company as a whole and exercise due care and skill when considering valuation reports.
He emphasised that directors need to exercise independent due diligence, rather than simply focusing on the bare minimum compliance with the approval process. ‘Don’t accept blindly or unquestioningly the facts or assumptions made in valuation reports,’ he said. ‘You need to take all reasonable steps to check the accuracy of those facts or assumptions.’
In the Q&A concluding the SFC’s session, a question was raised as to whether
directors can rely on information supplied by others to whom they have delegated the task of assessing the valuation. ‘You can delegate the technical aspects of the valuation,’ Mr Knight said, ‘but you can’t delegate responsibility.’
These points were backed up by Eugène Goyne, Senior Director, Enforcement, SFC, in his ACRU presentation. ‘The message is very clear,’ he said, ‘directors have a duty to do all reasonable due diligence particularly if the valuation comes from the vendor, who obviously wants the best price,’ he said.
The fair and equal treatment of all shareholders was a recurring theme throughout ACRU 2017. In her update on the takeovers regime in Hong Kong, Zarina Curreem, Director, Corporate Finance, SFC, emphasised that this is the most important principle to bear in mind in takeovers activities.
‘The Takeovers Executive is not concerned with the commercial advantages of any proposed offer,’ she said, ‘this is for shareholders to decide. The Takeovers Executive is concerned to ensure the preservation of a fair market.’
In practical terms, this means that the SFC looks to ensure that there has been a full and timely disclosure of information. Ms Curreem reminded ACRU attendees that all documents related to takeover activities, except those designated for post-vetting, must be filed with Takeovers Executive for comment prior to release. Nevertheless, issuers have the ultimate responsibility for information disclosed and for compliance with the takeovers rules. Her final word of advice was to consult Takeovers Executive if in doubt.
Privacy management has been an issue of increasing concern for boards in Hong Kong as the regulations relating to privacy, both locally and overseas, have become more complex. Professor Stephen Kai-yi Wong, Privacy Commissioner for Personal Data, gave some practical and useful tips to the ACRU audience on how to design and implement an effective privacy management programme.
He started his presentation with a look at the paradigm shift in privacy management from a purely compliance approach to one based on accountability (see ‘Privacy management’). He pointed out that the ‘accountability principle’ under the OECD Privacy Guideline, for example, requires a data user to be accountable for complying with measures which give effect to the data protection principles. Moreover, the EU General Data Protection Regulation (GDPR), due to be implemented in 2018, makes accountability a legal requirement.
Mr Wong emphasised that the key to successful privacy management is to ensure that privacy issues are handled by the board. ‘Privacy issues should be discussed in the board room,’ he said. ‘Organisations need to embrace personal data privacy protection as part of their corporate governance responsibilities and apply it as a top-down business imperative throughout the organisation.’ He added that company secretaries can assist here by securing the buy-in from the board and top management.
He also urged all organisations in Hong Kong to adopt a formal privacy management programme, adding that organisations can make use of the PMP Best Practice Guide issued by the Office of the Privacy Commissioner for Personal Data, which provides direct guidance for compliance with specific provisions of the Personal Data (Privacy) Ordinance.
The 18th Annual Corporate and Regulatory Update (ACRU) took place in the Hong Kong Convention and Exhibition Centre, Hong Kong, on 2 June 2017.
The SFC Takeovers Executive can be reached via email: email@example.com, or via phone: 2231 1210.
SIDEBAR: The mobile registry
Wendy Ma, Deputy Registry Manager, Companies Registry, gave ACRU participants an update on the latest developments relating to the Companies Registry’s electronic services. In 2015, the Registry launched its full-scale electronic filing service and last year it introduced its ‘Company Search Mobile Service’ which enables users to conduct company searches using smartphone and mobile devices. Ms Ma explained that this year the Registry is rolling out its ‘eFiling Mobile App’ which allows users to file an increasing number of forms with the Registry via smartphones and mobile devices. Stage one was launched on 6 February 2017, stage two is now available for a pilot run, and stage three is expected to be available by the end of the year.