Latest Amendments to the Corporate Governance Code by the Stock Exchange of Hong Kong and Related Amendments and Publications

The Stock Exchange of Hong Kong Limited (HKEX) recently published consultation conclusions on the review of the corporate governance framework. Based on the consultation conclusions, HKEX amended the Corporate Governance Code (“CG Code”) set out in Appendix 14 of the Main Board Listing Rules as well as some related Listing Rules, most of which have become effective since 1 January 2022. Additionally, HKEX also published a Corporate Governance Guide for Boards and Directors (“Guidance”) to help directors carry out their duties effectively.

In recent years, HKEX has continued to improve the corporate governance framework with an aim toward enhancing the quality of corporate governance practices and reporting of listed companies. In addition to requiring the disclosure of broader and deeper information, the amendments also reflect increased expectations of various governance areas of listed companies. Listed companies in Hong Kong should understand the latest changes to the CG Code and Listing Rules and take timely actions to fulfil the new requirements. In addition to ensuring compliance with the new rules, the efforts made by listed companies will contribute to their long-term success.

Topics

Internal Audit and Corporate Governance

Key amendments to the CG Code and the Listing Rules

Key changes to rules can be categorized in four areas: corporate culture, board independence, diversity, and linkage between Corporate Governance (CG) and Environmental, Social and Governance (ESG).

Corporate Culture

Key Amendments

New CP^[1] A.1.1 – To require the board to align the company’s culture with its purpose, value and strategy.

New CP D.2.7 – To require establishment of anti-corruption policy(ies)/system(s) to promote and support anti-corruption laws and regulations.

Upgrading a RBP to CP D.2.6 – To require establishment of a whistleblowing policy.

Board Independence

Key Amendments

New CP B.1.4 – To establish mechanism(s) to ensure independent views are available to the board and disclose such mechanism(s) in the CG Report. The board should review the implementation and effectiveness of such mechanism(s) on an annual basis.

Revised CP B.2.3 – Further appointment of a Long Serving Independent Non-Executive Director (INED) (i.e. more than nine years) requires a separate shareholder resolution, and that the accompanying resolution should state the factors considered, the process and the board or nomination committee’s discussion in arriving at the determination why such INED is still independent and should be re-elected.

New CP B.2.4 – To require issuers whose INEDs are all Long Serving INEDs to:

(a) disclose the length of tenure of each existing INED on a named basis in the circular to shareholders and/or explanatory statement accompanying the notice of the annual general meeting; and

(b) appoint a new INED on the board at the forthcoming annual general meeting

New RBP E.1.9 – An issuer generally should not grant equity-based remuneration with performance-related elements to INEDs.

Board Diversity

Key Amendments

Revised Main Board Listing Rule 13.92 – Diversity is not considered to be achieved by a single gender board (with a three-year transition, i.e. appointment of a different gender director no later than 31 December 2024).

New MDR (paragraph J) – To require all issuers to disclose their policy on board diversity, to set and disclose numerical targets and timelines of achieving gender diversity at both board level and across the workforce (including senior management), the measures adopted and the progress of achieving the objectives.

New CP B.1.3 – To require the board to review the implementation and effectiveness of its board diversity policy annually.

Relationship of Corporate Governance and ESG

Key Amendments

The new introductory paragraph in the CG Code 2.3 sets out the relationship between CG and ESG. ESG risks should be included in the context of risk management.

The linkage is further elaborated in revised CPs by requiring the board’s annual review on risk management and internal control to include ESG risks, and by considering the adequacy of the issuer’s resources relating to the issuer’s ESG performance and reporting.

Revised Listing Rule 13.91(5)(d) and ESG Guide (paragraph 4(2)(d)) – To require publication of ESG reports at the same time as publication of annual reports.

Other than the above key changes, there are also amendments to the CG Code and Listing Rules regarding the nomination committee and communications with shareholders, which further enhance board effectiveness and safeguard the shareholders’ interest.

A recent publication on risk management and internal control

In February 2022, HKEX published an Enforcement Bulletin to highlight the importance of internal control and risk assessment for investor protection and market quality. This Bulletin points out that, in cases of enforcement action to ascertain whether there is a breach or misconduct, HKEX will also investigate the issuer’s internal controls and the steps taken by individual directors to discharge their responsibility on internal controls. The Bulletin further provides a summary of 14 recent disciplinary sanctions, the majority of which involve failures by listed companies and directors in discharging their duties on internal controls. This is consistent with the CG Code that all members of the board (i.e. directors) are responsible for overseeing internal control effectiveness. It also makes clear that even if it is ultimately concluded that no breach or misconduct is involved, directors may risk public sanctions if they fail to discharge their duties of establishing and maintaining an effective internal control system. In other words, when internal controls are deficient, this in itself may constitute a breach of duty worthy of disciplinary action and public sanction.

Some key principles of the CG Code on risk management and internal control systems that listed companies should adhere to include:

The board has an oversight responsibility on the issuer’s risk management and internal control systems, while confirmation on the effectiveness of the systems should be provided by management to the board;
The board’s oversight should be on an ongoing basis and ensure that a review of the effectiveness of the risk management and internal control systems has been conducted at least annually; and
The review should cover all material controls, including financial, operational and compliance controls.

During investigations, HKEX is looking for or expecting the issuer to demonstrate the following:

Evidence that internal controls are in place, and the steps taken to review them to ensure they are operating effectively;
Substantive documentary evidence exists showing a detailed methodical approach to the maintenance of effective controls;
Staff training on appropriate practices and procedures; and
Building a strong and positive organisation culture in regard to internal control and compliance.

HKEX also clarified some misunderstandings to help directors understand the expectation on discharging their duties on risk management and internal controls, as summarized below:

A passive approach to internal controls is insufficient – even without red flags, there is a need for the board to monitor internal controls on an ongoing basis.
External auditors’ work on internal controls during the annual financial statement audit process should not be regarded as the ongoing review of internal controls.
Reviewing internal controls on a rotational basis is not considered as covering all material controls – “deeper dive” reviews into specific areas may be required.
While the audit committee is tasked to perform a lead role in respect of internal controls, all members of the board have responsibility for them and at least should understand, support and oversee the audit committee’s work.

In closing

While board members and senior management should understand the latest requirements of the amended CG Code and related Listing Rules and take timely actions to ensure compliance, we are currently witnessing that regulators are continuously enhancing the required corporate governance framework to enhance the quality of governance of listed companies. Risk management and internal control systems are being viewed as a centrepiece of an organization to help it identify, assess and manage key risks the business faces for preserving and creating value for the organization.

Governance goes beyond policies and procedures, board meetings and information disclosure – stakeholders, including executive management and internal audit, have roles to play and interact with the board. Listed companies should establish a framework and methodology and leverage technology tools to align the efforts by operating management, risk management and internal audit to maximise efficiency and effectiveness in providing risk assurance to the board.

[1] The requirements under CG Code are classified as mandatory disclosure requirement (MDR), code provision (CP) which are on a “comply or explain” basis, and recommended best practice (RBP).