Jeffrey Hau

Managing Director

Jeffrey leads Protiviti Hong Kong's risk and compliance and internal audit practices with more than 20 years of experience in regulatory compliance consulting and auditing. As the leader of the financial services practice, his specific areas of focus include advising leading local and international financial institutions on compliance with SFC and HKMA regulations in the areas of conduct, licensing, regulatory controls and compliance, financial crime, internal audit, operational risk and resilience, and other areas of risk and compliance management. As the head of internal audit advisory, he advises clients across multiple sectors on internal audit, internal controls, enterprise risk management, quality assessments and next-gen audit and transformation. Prior to joining Protiviti, Jeffrey was a partner at KPMG, where he was responsible for providing governance, risk and compliance advisory services to clients in Hong Kong and China.

Major projects

  • Led a 40-person team for a KYC/CDD remediation backlog of over 10,000 commercial customers for the Hong Kong office of a leading Southeast Asian bank and provided project governance. 
  • Conducted large-scale sample-based audits to identify inappropriate conduct and instances where clients were being unfairly treated
  • Led large-scale regulatory review, advisory, and remediation projects covering credit, margin lending, treasury, remuneration, operational risk, cash management, fund manager code of conduct
  • Developed and implemented over ten customer risk profiling, product risk rating mechanisms, suitability models (including portfolio-based suitability), and supervision models for private and retail banks
  • Led client service teams for virtual banks
    • Delivered advisory projects to 7 of the 8 virtual banks, building target operating models from the ground up, obtaining SFC and IA licenses and providing business strategy and advisory in the areas of banking, wealth management and insurance
    • Acted as a principal consultant to two virtual banks on their robo-advisory investment platform roll-out
  • Managed over 10 HKMA/SFC driven regulatory reviews (s59(2) Banking Ordinance, s201 SFO and other regulator initiated) over the sales/distribution of wealth management products and the provision of investment advice for a number of retail banks, private banks, and asset managers
  • Worked on risk and control framework development for 1LOD and 1.5LOD for private banking clients, including monitoring framework, definition of roles and responsibilities, coordination with 2LOD, surveillance monitoring, KRI, quality assurance, and testing methodology
  • Lead partner for a number of regulator-driven projects on senior management effectiveness and accountability, adequacy of 2LOD and 3LOD, corporate governance structure, effectiveness of monitoring mechanisms, adequacy of risk and compliance functions, including oversight and supervision
  • Operational resilience lead, advising clients on the latest 2022 HKMA SPM OR-2, including framework buildout, interdependency mapping, testing and implementation.
  • Delivery of a number of outsourced/co-sourced IA audits in the region for real estate, public sector, fin-tech, virtual asset exchange, banking and asset management clientele
  • Development and roll out of IA quality assurance frameworks in the Asia-Pacific region


  • Bachelor of Commerce, Accounting, University of British Columbia 

Industry expertise

  • Banking
  • Asset management
  • Insurance

Areas of expertise

  • Regulatory review
  • Governance and controls
  • AML
  • Internal audit
  • Risk management
  • Operations

Professional memberships and certifications

  • Certified Public Accountant (CPA)
  • Chartered Accountant (CA)
  • Institute of Internal Auditors