Upcoming Changes in the SFC's Business Risk Management Questionnaire (BRMQ)
The Securities and Futures Commission (“SFC” or “the Commission”) recognizes the need for continuous improvement in compliance practices.
As a result, on 23rd December 2022, the Commission announced forthcoming changes to the Business Risk Management Questionnaire (“BRMQ”); its supervisory tool used to gather data from licensed corporations (“LCs”) on an annual basis for the Commission’s industry analysis, monitoring of market trends and identifying emerging issues.
PDF version: Upcoming Changes in the SFC’s BRMQ
Introduction
The new changes to the BRMQ focus on key areas such as:
- General Compliance
- Shareholders and Group Structure
- Online Banking & Internet Trading
- Anti-Money Laundering (“AML“)
- Client Onboarding
- Asset Management
- Securities Broking
- Bookbuilding, Placement, Distribution & Advisory
- Corporate Finance
In light of these changes which will be used for financial years ending on or after 30th November 2023, it is in the interest of LCs to proactively gather the newly required information ahead of their financial year end.
General Compliance
Under the revised questionnaire, the scope of activities which LCs will have to provide information on has been increased to include virtual assets.
Additionally, LCs will now be required to provide the total number of staff, both licensed and unlicensed, along with information regarding controls in place to ensure staff integrity.
LCs must also disclose whether they have received requests of any sort from law enforcement agencies and, if so, provide details about the agency and the type of request.
Shareholders and Group Structure
For LCs that are part of a group with overseas affiliates, the updated questionnaire demands additional information regarding these affiliates.
This includes details about the financial status of overseas shareholders, their commitment to Hong Kong, and any existing revenue/funding arrangements.
Furthermore, the LC will need to state whether it has an ‘exit plan’ in place.
Online Banking & Internet Trading
The forthcoming changes emphasize the importance of online banking and internet trading controls.
LCs will be required to provide detailed information about the use of online banking for both house and client accounts.
This includes disclosing the percentage of revenue generated from internet trading and specifying the internet trading platforms used, or if provided by a third party, etc.
LCs must also provide information about arrangements towards monitoring and detection of suspicious trading activities such as spoofing, false trading, ramp and dump schemes, etc.
Anti-Money Laundering
To strengthen AML practices, the revised questionnaire includes several additional requirements, including inquisitions about LC’s branches/subsidiaries, their location, activity, and AML controls.
LCs will need to provide extensive information about their Institutional Risk Assessment (“IRA”), such as the existence of the assessment, frequency, date of the last assessment, key risk factors considered, and potential future risk areas.
Senior management responsibilities:
- Reviewing the IRA
- Checking AML systems
- Reviewing alerted incidents
- Reviewing status reports on high-risk clients
- Reviewing suspicious transaction reports
- Keeping up with regulatory developments
Furthermore, LCs will need to disclose information about:
- AML training provided to staff
- Outsourcing of AML arrangements
- Independent reviews of AML systems
- Compliance checking of AML systems
- Clients and controls in its cross-border correspondent relationships
- Clients classified as politically exposed persons (“PEPs”)
- Whether the LC has refused or terminated any business relationships due to AML risks
- Changes (if any) of its Money Laundering Reporting Officer(s) (“MLRO”)
- Reliance on third-party intermediaries for AML matters
- Enhanced due diligence (“EDD“) processes
- Virtual asset business operations
- Sanctions screening controls
LCs shall further provide more details relating to its transaction monitoring program such as frequency, adopted processes, date of most recent review as well as and controls for preventing the use of nominee shareholders in securities transactions (e.g., monitoring of trading activities and third-party operated accounts, identification of cross-trades, etc.).
Client Onboarding
LCs will be required to provide comprehensive information on their clients, including the total number, categorization (individual vs. non-individual), country of residence/domicile, and any new client engagements.
Details about the onboarding method (face-to-face vs. non-face-to-face) and the adopted approach for onboarding non-face-to-face clients will also be required.
Asset Management
The updated questionnaire includes additional information requirements for LCs engaged in asset management activities.
This encompasses the number of discretionary accounts vs private funds under its management, controls around cross-border transfers, and identification and acceptance procedures for deposits into clients’ accounts.
Unauthorized funds where the LC is Responsible for Overall Operation of the fund (“ROOF”) receive additional inquisitions.
Additional disclosure requirements for ROOFs:
- Existence of a Custodian
- Total Number of Funds
- Total Assets Under Management (“AUM“)
- Total Number of Investors
Moreover, applicable LCs will need to provide details about fund and discretionary account management activities such as primary strategy, geographical location of underlying investments, annualized returns, gross fees, common exposures between funds and discretionary accounts, and mainland China exposure by asset type.
Securities Brokerage
The oncoming changes will require LCs to provide additional information on exchanges, brokers, and custodians it deals with, including names, countries of operation, and transaction values.
LCs, where applicable, shall also provide more information about its margin financing activities, including basis for determining margin limits, incident reports, credit limit controls, and the frequency of credit reviews.
The frequency of review of haircuts for securities collateral and client concentration risk management disclosures will also be required.
Additionally, such LCs will need to provide information regarding margin calls and the triggers and basis for such calls.
Bookbuilding, Placing, Distribution & Advisory
LCs involved in bookbuilding, placing, distribution, and advisory activities will face additional reporting requirements.
This includes providing detailed information such as the number and value of transactions, income received, number of completed IPOs, etc…
Additionally, the applicable LCs will need to also provide information about their distribution/investment advisory services, including:
- Client Classification
- Types of Products
- Determination of Complex Products
- Risk Weighting Assignments
- Client Risk Tolerance Assessments
- Suitability Reviews
- Controls
- Use of Online Platforms
Corporate Finance
The revised BRMQ seeks additional information related to corporate finance activities.
This includes details about the types of mandates the LC has been involved in (e.g., IPOs, financial advisory, SPACs, etc.) and the frequency of advice provided in the syndicate composition.
Coming into effect with submissions from financial year ending 30th November 2023 onwards, LCs are required to continue to submit the annual BRMQ via the SFC WINGS platform.
