Securities & Futures Commission of Hong Kong

Principles

As a statutory body, we are accountable to the Hong Kong Special Administrative Region (HKSAR) Government and the public in carrying out our regulatory functions. To achieve this, we strive to comply with the principles underlying our governance structure.

Accountability

We report regularly to the Government. Our annual budget is submitted to the Financial Secretary of the HKSAR for approval and tabled before the Legislative Council (LegCo). We publish details of our operations and financial statements in our quarterly reports and a full-year account in our annual reports.

We attend meetings at LegCo to present and explain policy initiatives and other issues of public interest, including meetings of the Panel on Financial Affairs. We also deal with draft legislation at meetings of relevant LegCo designated bills committees and sub-committees.

Stakeholder engagement

In order to take diverse interests and conflicting viewpoints into account, we strive to maintain contact with the industry and the investing public through:

For regulatory, supervisory and market development issues, we also:

Internal codes and guidelines

We commit to uphold high standards of integrity and conduct within the organisation to promote and maintain public confidence. In addition to complying with relevant legal obligations, members of our staff must comply with our code of conduct, which stipulates the standards of behaviour expected of them. Key aspects of the code deal with:

  • maintaining confidentiality;
  • avoiding conflicts of interest;
  • guarding against corrupt practices; and
  • observing rules about personal investments.

We have established procedures for handling complaints or grievances. Reports of improper practice of the SFC or our staff can be made under a set of procedures for lodging complaints, which are posted on our website.

We adhere to financial controls and procedures to ensure that our resources are managed properly. We follow a set of tender guidelines and procedures when appointing vendors, consultants and other third parties.

Risk management

We identify, assess and manage external and internal risks in a timely and systematic manner.

External risks

Each division closely monitors and manages regulatory risks in its respective area. In addition, our risk identification and strategy-setting efforts are centralised in the Risk and Strategy unit which fosters cross-divisional dialogue on existing and emerging risk themes facing the SFC and the Hong Kong financial markets.

The Risk and Strategy unit also conducts risk-focused industry meetings with a range of financial institutions to better understand the evolution of market structure, product innovation, emerging risks and risk management practices. We then assess different perspectives and approaches, communicate views across relevant industry sectors and factor this work into our overall policy development.

We have a market contingency plan establishing detailed procedures for dealing with emergencies that may affect Hong Kong’s securities and futures markets, such as precipitous market falls and trading or clearing system failures. The plan helps us act promptly and appropriately when such problems arise.

Internal risks

Our internal control measures cover possible operational risks, including financial risks and office and information security.

To facilitate internal risk identification, we have developed and implemented an internal risk register which provides the SFC Board with an integrated overview of risks. The register involves various divisions sharing their perspective on risks (including potential emerging and systemic risks) in financial market entities, infrastructures, products and activities which may affect our ability to meet the regulatory objectives set out in the Securities and Futures Ordinance.

Our system of internal financial controls ensures proper management of our financial resources in compliance with established policies and procedures. An external audit firm reviews our internal controls annually to assess how well we adhere to our controls and to evaluate and enhance the adequacy of these procedures. The SFC’s Audit Committee approves the focus of these reviews each year.

We have in place a business resumption plan that covers readily identifiable risks, including technical problems, fires, natural disasters and other emergencies. The plan is communicated within the organisation and updated regularly.

We have a range of measures, including office and computer access controls, to protect our information and our information systems from unauthorized access, use, modification or destruction. We also have an information security policy to provide staff with guidance on how to protect the confidentiality and integrity of information.

3.5548 s