" />

Institute of Compliance Officers



Stepping into a new era of

Multi-dimensional Compliance in Hong Kong

The Light-weight Compliance Function in the Past

The Securities and Futures Ordinance (“SFO”) in 2003 underwent a major modernization of the regulatory framework for the Hong Kong financial market. “It consolidates and modernizes 10 existing ordinances governing the securities and futures markets into a composite piece of legislation to keep the Hong Kong regulatory regime on a par with international standards and practices.”, according to a Hong Kong government press release. 


On the intermediaries aspect, SFO set out a new regulatory framework for intermediaries to deal with securities, futures and forex exchange. It introduced a single licensing system for corporations and persons in carrying out the re-defined regulated activities. A licensed representative is an individual who is granted a licence to carry on one or more regulated activities for a licensed corporation to which he is accredited. A responsible officer (“RO”) is licensed to supervise the regulated activity of the licensed corporation to which he is accredited.

At the time when the SFO became effective, there was a consultation by the SFC about the role of compliance officers in licensed corporations. The conclusion of the consultation was that there was not a need to require compliance officers in licensed corporations to undergo pre-requisite examinations or certification. Since then, the significance of basic qualifications and requirements on compliance officers have not been given sufficient weight and the training of compliance officers has not been formalized and it is only limited to on-the-job.

The Global Emerging Compliance Function

After the financial tsunami in 2008, the US government has imposed heavy penalties on banks and financial institutions that breached the regulatory standards. Subsequently, the compliance costs (or non-compliance costs) have escalated substantially. This has also raised the awareness of the importance of regulatory compliance and having on board a proper and up-to-standard compliance officer in a corporation. 

Today, regulators are not just more aggressively pursuing institutions who break the law.  Higher penalties are being levied on lawbreakers. Compliance has become a pivotal issue for banks and licensed corporations, because failing to do due diligence on their customers and transactions leaves a company open to scrutiny and litigation. If a client’s fraudulent scheme benefits an entity, and the entity willfully fails to file a proper return, the entity’s actions may make it a co-conspirator and susceptible to prosecution. 

On the personal level, there are recent cases in the US where Financial Crimes Enforcement Network (“FinCEN”) is permitted to assess civil penalties against a “partner, director, officer, or employee” of a financial institution for willful violations of the Bank Secrecy Act. In each case the former compliance officer involved has to pay a substantial fine in addition to suspension. This means increasing risk of personal liability of compliance professionals for their breach of AML/CTF regulations .

The Role of Compliance Officers in Modern Organizations

Compliance officers are charged with the duty of determining how to protect their particular organizations from all risks. They are responsible for establishing standards and implementing policies and procedures to ensure that the compliance programs throughout the organization are effective and efficient in identifying, detecting, preventing and correcting non-compliance with applicable laws and regulations.

Compliance officers are always under pressure to prove that their programs are effective. They must develop simple protocols for reviewing compliance issues and create internal control processes to monitor. Raising awareness of risk, training, and advice are the three critical elements of a modern compliance officer’s mission. It requires the compliance officer to have particular personal attributes and a different kind of skill set. 

In April 2014, the popular newspaper Financial Times cited compliance as one of the hottest areas of financial recruitment, called now the “age of the compliance officer”.

The Compliance Role in Licensed Corporations Nowadays

Following the global trend of tighter regulation, stronger enforcement and tougher penalty, we have seen in the Hong Kong financial market greater supervision on licensed intermediaries.  The SFC has become more focused on individual culpability from the outset of an investigation.  It has increased thematic reviews of intermediaries and also adopted a “front-load” approach to identify emerging risks and taking early targeted intervention to minimize damage to the market.

On 16 December, 2016, the SFC introduced a Manager-In-Charge (“MIC”) regime in its circular.  The MIC regime holds individual senior managers of 8 core functions of firms licensed by the SFC to account for compliance with regulatory standards: overall management oversight, key business line; operational control and review; risk management; finance and accounting; information technology; compliance and anti-money laundering and counter-terrorist financing. It further mandates the provision of notifications to the SFC identifying the MICs and their reporting lines.  The MIC regime signals a higher level of personal liability for senior managers in licensed corporations if they fail to meet regulatory standards, even though such senior managers are not licensed by the SFC.

As part of the transitional period of 7 months, the SFC required every licensed corporation to provide requisite notifications to it no later than 17 July, 2017. While MICs do not face jail time for failures in relation to their duties as an MIC (unless those failures also amount to a criminal offence under existing legislation), MICs may be publicly reprimanded or fined. The consequence of a reprimand on an MIC is unclear but it is anticipated that such reprimands will have significant career consequences.

Given the 8 core functions, one tends to believe that responsible officers are only responsible for 2 of these core functions, that is, overall management oversight and key business lines, while the compliance functions (hence the responsibility) will lie with the MIC compliance officer. 

Responsible Officers Ultimately Responsible for Compliance Functions

In fact, as its name implies, responsible officers are ultimately responsible for the compliance of the licensed corporations. It was made clear by the Securities and Futures Appeal Tribunal ("SFAT") in the Ping An case in 2011 that: "The RO of a licensed corporation is a person who bears primary responsibility for compliance with all applicable regulatory standards and that where there is a failure in respect of compliance, there is little room for blame shifting."

The approach of the tribunal in the Ping An case clearly indicates that the RO is the person who bears the primary responsibility for compliance with all applicable standards. As such, ROs should be familiar with all the “Do’s” of regulated activities and the “Don’ts”, although it is the specialized area of compliance officers as gatekeeper to ensure no “red-line crossing wrong-doings” shall emerge from the daily activities of a licensed corporation.

If compliance officers resign and the company is under-resourced, these issues will not be taken into consideration when there are clear failures in compliance requirements. The ROs have to understand his or her role and bear the ultimate responsibility for compliance functions.

The Traditional Training of Compliance Officers in Licensed Corporations

With the ever-increasing number of opportunities in the market for compliance professionals, many people see this as a good opportunity to venture into this area, but without knowing  the effective route or channel.

On the employment front, because SFC does not require pre-requisite examinations or certifications for compliance officers, many firms are traditionally flexible when it comes to hiring for junior roles in the compliance area. This allows candidates who understand the business to transfer that knowledge into a compliance related capacity. Most of these transitions happen when there is a team already in place and the function is built on a solid foundation, and the candidate has the ability to learn from their peers (through on-the-job learning and training)

As the level of seniority increases, the difficulty in making the transition also increases. With personal liability and more responsibility at the senior end of the job spectrum, very few financial institutions are likely to consider non-compliance candidates for these key jobs. Hence, if professionals are looking to transition into the compliance field but have no direct compliance experience, they should be encouraged to look for internal opportunities instead of looking elsewhere. Once the compliance experience has been achieved, these senior compliance executives are bound to be more attractive to outside firms.


It has been 15 years since the promulgation of the Securities and Futures Ordinance in 2003.  During the period, we have experienced financial tsunami leading to a global trend of tighter regulation, stronger enforcement and heavier penalty. Compliance has become an important organizational function and compliance officers have turned into an indispensable executive in great demand.  At the same time, personal liability has become greater, requiring compliance practitioners to be more knowledgeable and careful in their practice.

Following this global trend, we saw the same phenomenon in our financial market. Compliance functions and the role of compliance officers in licensed corporations and listed companies are receiving unprecedented attention. Senior and experienced compliance officers are in great demand in the market. But owing to the lack of pre-requisite examination or certification required by the government, a professional yardstick does not exist in the market, hindering the common and standardized training for compliance officers. The imbalance of demand and supply of compliance officers, in the medium to longer term, may reduce Hong Kong’s ability to maintain its position as a global top-notch financial centre on a par with international standards and practices.

It is against this background that we see an urgent need for a compliance training for Responsible Officers as well as compliance professionals wishing to enter the industry. The proposed training will also benefit those young compliance officers who want to sharpen their knowledge on the subject with a more theoretical basis.