Asia Risk and Compliance Newsletter

Asia Risk and Compliance Newsletter

November 2017 - Issue 6

Welcome to the latest edition of Protiviti’s Asia-Pacific Risk and Compliance Insights. In this bimonthly newsletter, we provide a summary of important risk and compliance developments across the Asia-Pacific financial services sector.

Recent developments include Hong Kong’s Securities & Futures Commission issuing a statement in relation to initial coin offerings (following a similar approach by U.S. and Chinese regulatory bodies earlier in the year); Singapore’s easing of regulatory requirements for venture capital funds; and Australia’s recent publication of 2018 corporate plans by its key regulatory agencies.

Round-up of Regional Updates in Asia


Statement on initial coin offerings
(Published 05 Sept 2017)

The Securities and Futures Commission (SFC) issued a statement on existing regulations that could be applicable to initial coin offerings (ICO). The statement explains that depending on the specific circumstances surrounding an ICO, digital tokens that are offered or sold may be considered to be securities as defined in the Securities and Futures Ordinance, and accordingly subject to the securities laws of Hong Kong.

ICOs typically involve the issuance of digital tokens created and disseminated using distributed ledger or blockchain technology. While digital tokens offered in typical ICOs are usually characterized as a virtual commodity, the SFC observed that certain ICOs have terms and features that define the digital tokens as securities.

Where the digital tokens involved in an ICO fall under the definition of securities, dealing in or advising on such digital tokens, or managing or marketing a fund investing in tokens, may constitute a regulated activity.

Parties engaging in a regulated activity targeting the Hong Kong public are required to be licensed by or registered with the SFC, irrespective of where they are located.

The SFC reminded parties engaging in ICO activities to seek legal or other professional advice if they are in doubt about the applicable legal and regulatory requirements. Additionally, the SFC urges investors to be mindful of potential scams as well as the investment risks involved in ICOs. As the organizers of ICOs typically operate online and may not have a presence in Hong Kong, investors may be exposed to heightened risks of fraud.

Norman Chan Tak-lam, chief executive of the Hong Kong Monetary Authority (HKMA), has warned banks and financial institutions that are trading or handling bitcoin or other digital currencies to be careful about breaching anti-money laundering (AML) requirements.Chan Tak-Lam stated that “bitcoin or other digital currencies do not require holders to trade under their real name, which allows them to be used for money laundering activities. Bitcoin and other digital currencies are considered as commodities, so investors could trade them as commodities. However, investors need to understand these commodities have no monetary backing.

The SFC has issued a circular highlighting some common instances of noncompliance in managing funds and discretionary accounts. In a number of referenced cases in the circular, the SFC noted multiple shortcomings relating to fund and discretionary account management. Quoted examples include inappropriate receipt of cash rebates giving rise to apparent conflict of interest, or failure to ensure suitability of funds or discretionary account mandates when making solicitations or recommendations of funds under their management or providing discretionary account management services to clients.

The SFC outlined an expectation for the boards and senior management of all asset management companies to review and enhance their internal control procedures and operational capabilities to ensure compliance with regulatory requirements.

Launch of the SFC regulatory sandbox
(Published 29 Sept 2017)

The SFC has launched a regulatory sandbox to provide a confined regulatory environment for qualified firms to conduct regulated activities using financial technologies (fintech).

The sandbox aims to enable qualified firms, through close dialogue and supervision by the SFC, to identify and address any risks or concerns associated with their regulated activities before their services can be provided to the wider public in Hong Kong.

The initiative follows the Hong Kong government’s push to position the city as a hub for the application and setting of standards for cutting-edge fintech. The government also plans to set up a new HK$2 billion Innovation and Technology Venture Fund to invest in local innovation and technology start-ups.

The HKMA and other Hong Kong regulatory authorities (including the SFC) have agreed to remove the address-verification requirements set out in the Guideline on Anti-Money Laundering and Counter-Terrorist Financing. As a result, HKMA-regulated financial institutions are required to collect only address information of customers and/or beneficial owners, without the need to acquire documentary evidence for AML/CFT purposes. Relevant paragraphs of the AML Guideline will be amended and are expected tentatively to be released in the first half of 2018, together with other revisions to the guideline.

The SFC provided a market update on the implementation of the manager-in-charge (MIC) regime, which was first announced in December 2016 as part of SFC’s goal to enhance senior management accountability.

Until the middle of October 2017, approximately 10,000 individuals were appointed by licensed corporations, and registered with the SFC, as a manager-in-charge (MIC) responsible for managing important functions. Around 40 percent of these individuals are nonlicensed persons and they are primarily responsible for managing operations or control functions.

This follows the December 2016 announcement, when the SFC issued a circular that outlined additional details on its code of conduct and senior management responsibilities for regulated activities. Eight core functional areas – including compliance and AML – require a nominated MIC to be appointed. The SFC expected that all MICs of the overall management-oversight function and the key business-line function would have applied for approval by 16 October 2017.


In late September, the Monetary Authority of Singapore (MAS) established the Cyber Security Advisory Panel (CSAP), which consists of cybersecurity thought leaders from around the world.

The CSAP will advise the MAS on strategies to enhance the cyber resilience of Singapore’s financial sector. This initiative follows the ongoing focus in Singapore to enhance its technology edge in cybersecurity.

Singaporean banks have closed accounts of several companies that specialize in providing cryptocurrency and payments services, according to two local bodies that represent fintech firms.

Noting that cryptocurrency firms have had similar problems with their banks in other countries, the head of Singapore’s Cryptocurrency and Blockchain Industry Association (Access) asked the government to step in. It has yet to be seen how the government or the MAS will react and if any specific guidance will be issued to the market.

The MAS announced its intention, effective immediately, to introduce a simplified regulatory regime for managers of venture capital funds. The new regulatory regime will simplify and shorten the authorization process for VC managers and will no longer require VC managers to have directors and representatives with at least five years of relevant experience in fund management or be subjected to the capital requirements and business-conduct rules that apply to other funds. AML rules under the Securities and Futures Act will still apply.

The simplified regulatory approach has been a result of “recognizing the lower risks posed by VC managers given their business model and sophisticated investor base. It will enhance the operating environment for VC managers to play a greater role in supporting start-up and growth stage businesses.”


The Commonwealth Treasury of Australia has released an exposure draft of its Banking Executive Accountability Regime (BEAR), which proposes that the Australian Prudential Regulation Authority (APRA) be granted new regulatory powers to disqualify individuals, have greater authority in shaping remuneration policies of Authorized Deposit-taking Institutions (ADI) and have the ability to levy civil penalties of up to AUD$210 million for large ADIs.
The truncated consultation period was held from 22 September through 29 September, signalling the Treasury’s intent to expedite the legislative process. A final rule is expected prior to the end of the year; affected institutions should begin planning for anticipated impacts.

The Australian Bankers’ Association (ABA) released its submission to the Commonwealth Treasury of Australia in response to the BEAR exposure draft. The submission captures the banking industry’s concerns about the shortened exposure-draft comment period while stressing its overall agreement with the stated aims of BEAR. To that end, the ABA notes several specific proposals that it believes will have unintended consequences, including the proposed implementation date of 1 July 2018, the inclusion of all subsidiaries within an ADI group and the extent of additional powers granted to APRA by it.

Given the condensed comment window and the aggressive time frame APRA has proposed for implementation of BEAR, impacted institutions should not expect a high volume of material changes between the proposed rule and the final rule. 

APRA opened a consultation period (ending 30 November 2017) on a proposed new phased approach for licensing of ADIs.

The new phased approach to licensing is intended to support increased competition in the banking sector by reducing barriers to new entrants being authorized to conduct banking business. This includes those companies with innovative or otherwise non-traditional business models or those leveraging greater use of technology.

APRA, the Commonwealth Treasury of Australia, the Australian Transaction Reports and Analysis Centre, and the Australian Securities and Investments Commission all have recently released corporate plans detailing anticipated activities covering 2017–18 and beyond. Collectively, these documents reiterate the agencies’ commitment to harnessing technology to provide better insights and services while stressing a continued focus on culture and conduct of financial institutions.


Mark Burgess
Mike Purvis
Ronita Dutta

Ready to work with us?