Asia-Pacific Risk and Compliance Insights (Issue 5)

Asia-Pacific Risk and Compliance Insights (Issue 5)

September 2017

Welcome to the latest edition of Protiviti’s Asia-Pacific Risk and Compliance Insights. In this quarterly newsletter, we provide a summary of important risk and compliance developments across the Asia-Pacific financial services sector.

Recent developments include Hong Kong’s Securities & Futures Commission (SFC) issuing the first in a series of bulletins relating to its intervention in the pre-IPO market, Singapore’s regulatory clarification on digital token offerings and Australia’s recent civil lawsuit, related to anti-money laundering (AML), against a major domestic bank. Further afield, the U.S. Office of the Comptroller of the Currency (OCC) has published a guidance document for financial services firms on industry trends and emerging issues.

Round-up of Regional Updates in Asia


Hong Kong’s Securities and Future Commissions (SFC) has consulted on proposals to introduce new company structure rules covering open-ended fund companies (OFC).
The new OFC structure will enable investment funds to be established in corporate form in Hong Kong, in addition to the current unit trust form. The proposals include new requirements relating to the OFC’s formation, its key operators, ongoing maintenance, termination and winding up, which will be applicable to all OFCs. The consultation deadline passed on August 28, 2017, and the final rules are likely to be published and enacted in 2018.

In response to changing market conditions and risks, the SFC has increased its supervisory intensity to more actively protect the investing public and to suppress illegal, dishonorable and improper market practices.

The SFC has issued a Regulatory Bulletin highlighting over 10 real case studies covering IPOs and post-IPOs investigations and the associated regulatory actions taken by the SFC. 

Hong Kong’s SFC issued a circular highlighting some irregularities and deficiencies identified during the course of its supervision of licensed corporations engaged in managing private funds and discretionary accounts. In a number of cases, private funds and discretionary accounts with concentrated, illiquid and interconnected investments were found to have irregular features (examples include related-party acquisition or disposal of listed company shares by bought and sold notes, or asset managers having acted solely at the direction of their clients rather than the managers exercising their own investment discretion).

The SFC expects the board and other senior management (including the Managers-in-Charge of Core Functions) of all asset managers to maintain adequate oversight of their firm’s business activities. The circular is a clear warning to the market and similar to the recently published bulletin on listed corporations. No immediate enforcement action was announced.

Hong Kong’s SFC and the Hong Kong Police have signed a memorandum of understanding (MOU) to formalize and further strengthen cooperation in combating financial crime.

The memorandum covers a range of matters including referral of cases, joint investigations, exchange and use of information, and mutual provision of investigative assistance and establishes a framework for closer collaboration on policy, operational and training issues.

This signed MOU should further smooth the interaction of security firms with law enforcement agencies and provide financial crime combating activities the same level of attention they receive in the banking sector regulated by the Hong Kong Monetary Authority (HKMA). 


China’s second-largest peer-to-peer lending platform, the Lujiazui International Financial Asset Exchange, or Lufax, founded by the Ping An Group, has been granted a license to operate in Singapore, giving the city a leg up in its competition against Hong Kong in attracting investments to nurture financial technology and innovation.
Singapore was chosen over Hong Kong as a result of a more developed and streamlined fintech regulation (more advanced in Singapore), according to Lufax. Additionally, the fintech firm had to apply to only a single regulatory entity, the Monetary Authority of Singapore (MAS), unlike in Hong Kong, where there are separate regulators for banks, security firms and insurance companies.

The MAS has clarified that the offer or issue of digital tokens in Singapore will be regulated by the supervisor if the digital tokens constitute products regulated under the Securities and Futures Act (Cap. 289) (SFA). MAS’s clarification comes in the wake of a recent increase in the number of initial coin offerings (ICO) in Singapore as a means of raising funds.

This guidance provides additional clarity to the local market, especially when it comes to investors and counterparties dealing with firms raising or offering ICOs. This aligns with the U.S. SEC stance on ICOs published at the end of July – see the international news section below. 

Singapore's financial sector underwent simulated terrorist and cyberattacks as part of efforts to ensure that financial firms have good plans in place in the event of such crises.

The exercise involved 139 financial institutions, including banks, finance companies, insurers, asset management firms, securities and brokerage firms, financial market technology providers, industry associations, the Singapore Exchange, and the MAS.

QR payments are coming in Singapore
(Published August 31, 2017)

Singapore’s enthusiasm for the mobile-readable quick-response (QR) code is apparent from the formation of a task force in late August by the central bank's (MAS) payments council. The goal is to have the specifications for a common QR code for Singapore ready by the end of 2017.

The use of QR payments is quick, easy and convenient and requires only a mobile phone, which is why it grew so popular in China. With this move, Singapore appears to be trying to catch up with the fast mobile payment developments in China and tap into this emerging market.


Following a recent Australian Transaction Reports and Analysis Centre (AUSTRAC) investigation identifying potential AML violations, Australian regulatory bodies have significantly increased supervisory intensity to evaluate whether institutions have adequately implemented and complied with AML/CTF requirements.
In response to the potential AML violation, AUSTRAC has recently filed a civil suit and the Australian Prudential Regulation Authority (APRA) has announced that it will establish an independent prudential inquiry into the governance, culture and accountability frameworks in place at the same institution.
The APRA inquiry is expected to last approximately six months. The inquiry may result in specific recommendations on strengthening governance practices and will be made public once finalized.

The Commonwealth Treasury of Australia has proposed that APRA be granted new regulatory powers to disqualify individuals (from APRA- regulated institutions), greater authority in shaping remuneration policies of authorized deposit-taking institutions (ADIs) and the ability to levy civil penalties of up to $200 million for ADIs with total liabilities of greater than $100 billion ($50 million for smaller ADIs).

Public submissions in response to this consultation paper closed on August 3, 2017. APRA will now review these responses and determine whether it will make any changes to the regime as proposed. 

The Commonwealth Treasury of Australia has released a draft bill to extend APRA’s regulatory authority to supervise non-ADI lenders. This draft bill seeks to provide APRA with greater authority to address financial stability risks via rule-making for lending activities of non-ADIs.

Public consultation on the bill closed on August 14, 2017; APRA will now analyze submissions and determine what changes to the final bill, if any, are needed.

The Australian Securities and Investments Commission (ASIC) is seeking authority to implement financial benchmark administration rules and compelled financial benchmark rules (compelled rules). The possible introduction of new rules will allow ASIC to align with global regulatory practices aiming to protect the integrity and reliability of key financial benchmarks.

Comments on the consultation paper were due on August 21, 2017. ASIC anticipates releasing an updated draft in the fourth quarter of this year. 

APRA has proposed changes to the licensing framework for ADIs. These changes would result in a phased registration process intended to reduce barriers to entry to conduct banking business. This proposal is designed to help fintech and other institutions with nontraditional business models begin conducting banking activities within Australia. This phased approach represents the first of many anticipated steps for increasing competition within the banking industry in Australia.
Public comments on this bill are open until November 30, 2017. APRA anticipates releasing a revised bill in the first quarter of 2018. 


The Japan Financial Service Agency (J-FSA) published its draft organization and fiscal plan on 2018. It announced a plan considering the abolishment of the Inspection Bureau, which is in charge of on-site monitoring, and the transfer of the bureau’s resources to the Supervising Bureau. The intention of the J-FSA is to shift its focus to self-governance at financial institutions and off-site monitoring.

The move by the J-FSA evidences regulatory plans to shift to more principles-based supervision, which financial institutions will need to adjust to.

Global News Update

The global news roundup focuses on coverage of developments and updates in the United States and Europe and updates from intergovernmental bodies.


In July 2017, the Office of the Comptroller of the Currency (OCC) issued its Semiannual Risk Perspective, which serves as guidance to its national bank examiners on industry trends and emerging issues requiring attention. The OCC concluded that key issues facing national banks have been relatively consistent, highlighting compliance, strategic, credit and operational risks as its top concerns overall. Notably, the OCC highlighted compliance risk management as an increasing risk.
The U.S. Securities and Exchange Commission (SEC) shook up the hot market for so-called initial coin offerings (ICOs) by ruling that some of the “coins” for sale are actually securities and are therefore subject to the agency's regulation.
In the coming weeks or months, the SEC will likely announce more detailed guidelines. The agency has also posted a bulletin warning investors to be careful in deciding whether to invest in ICOs.
A similar conclusion was reached by Singapore’s MAS – refer to the Singapore section above.


The UK’s Financial Conduct Authority (FCA) has launched a consultation paper regarding the government-proposed Office for Professional Body Anti-Money Laundering Supervision (OPBAS).
In March 2017, the UK government announced its intention to create the OPBAS as a new function within the FCA. The purpose of the agency is to oversee the adequacy of the anti- money laundering supervisory arrangements of 22 professional bodies. On July 20, 2017, the government published draft regulations that will give powers and responsibilities to the OPBAS.
The FCA has published proposals to extend the existing Senior Managers and Certification Regime (SM&CR) to almost all regulated firms. The new regime will essentially replace the Approved Persons Regime.
The aim of the new regime is to reduce harm to consumers and strengthen market integrity by making individuals more accountable for their conduct and competence. As part of this, the SM&CR aims to:
  • Encourage a culture of staff at all levels taking personal responsibility for their actions.
  • Make sure firms and staff clearly understand and can demonstrate where responsibility lies.


The Basel Committee on Banking Supervision (BCBS) has published a consultative document on the implications of fintech for the financial sector. The document focuses on how technology-driven innovation in financial services may affect the banking industry and the activities of supervisors in the near to medium term.
Banking standards and supervisory expectations should be adaptive to new innovations while maintaining appropriate prudential standards. Against this background, the BCBS has identified 10 key observations and related recommendations for which feedback input is being sought. Read more about this paper in the Protiviti View blog.


Mark Burgess
Mike Purvis
Ronita Dutta

Ready to work with us?