Facebook   LinkedIn   WeChat   YouTube Alert List
Keeping of Records Rules

A. General

Q1 : Are records of overseas clients covered under the scope of the Rules?


Yes, the Rules do not distinguish between records of local or overseas clients.  

Q2 : Is it acceptable if an intermediary is keeping the records that are required to be maintained by its associated entity?


To avoid any possible duplication, this practice is considered acceptable.  Having said that, the associated entity still bears the primary responsibility for ensuring compliance with the Rules. 

Q3 : Do documents need to be retained even if they are no longer required other than to comply with the Rules? This may be in conflict with the Personal Data (Privacy) Ordinance which prohibits the keeping of personal data for longer than necessary.


Section 26 of the Personal Data (Privacy) Ordinance provides that a data user shall erase personal data held by the data user where the data are no longer required for the purpose for which the data were used, unless any such erasure is prohibited under any law. The Rules, in so far as they require records containing personal data to be kept for a specified period, are a law that prohibits the erasure of the data within that specified period.

B. Definition of Record

Q4 :

The Rules require an intermediary and an associated entity to keep records of any authority/direction given by clients. 

However, some of these authorities given by clients (e.g. “hold-mail” annual confirmation), may be via telephone. How can this comply with the Rules if the telephone conversation record is excluded from the definition of “record”?


Whilst the Rules or the Code of Conduct do not prescribe how and in what form annual confirmation of hold-mail arrangement should be obtained, generally we would recommend obtaining a written confirmation or employing the deemed renewal process for better internal controls and audit trail. This is important in order to protect both the firm and its clients in case of dispute as a hold-mail arrangement, if not properly authorised and controlled, may prevent any misconduct in the accounts of clients from being noticed by the firm and its clients.

Section reference: 2

Q5 : Are non-trade related documents such as expenses invoices and bank statements within the definition of “record”?


Yes, no differentiation should be made between trade or non-trade related items so long as they are all records necessary to explain the business operations and financial position of an intermediary.

Section reference: 2

C. Record Keeping Requirements

Q6 : Do mandate agreements signed with clients by intermediaries licensed for Type 4 (securities advising) & Type 6 (corporate finance advising) regulated activities fall under the scope of the general record keeping requirements?


Section 3 of the Rules requires an intermediary to keep, amongst others, sufficient records to explain the operation of its businesses which constitute any regulated activity.  Section 2 of the Schedule to the Rules also requires records of all contracts (including written agreements with clients) entered into by the intermediary to be kept. In general, we are of the view that mandate agreements signed with clients would be covered under the above provisions. 

Section reference: 3

Q7 : Does an intermediary licensed or registered for Type 1 regulated activity need to keep underwriting agreements entered into by it under the Rules?


Yes, these records are required to be kept under section 5 of the Rules to show the particulars of all underwriting and sub-underwriting transactions entered into by the intermediary.

Section reference: 5

Q8 : Is the normal financial accommodation provided by registered institutions captured under the particular record keeping requirements for an intermediary that provides financial accommodation other than securities margin financing?


No, under section 151(8) of the SFO, any financial accommodation provided by registered institutions other than in respect of their regulated activities is not caught by the Rules.  

Section reference: 7

D. Form in which Records are to be kept

Q9 : Are there any requirements on the form of record being kept? Can the records be kept in electronic form?


As a general principle, records kept in electronic form are acceptable so long as they can be readily convertible into written form. Intermediaries are also expected to have all necessary procedures to guard against damage, falsification, tampering with and destruction of these records.

Section reference: 9

E. Record Retention Period

Q10 : What is the required record keeping period for a client agreement if the client has died or closed his account already?


As client agreements form part of the records that are required to be kept by an intermediary under section 2 of the Schedule, they should be kept for at least 7 years under section 10 of the Rules.  In respect of deceased clients or closed accounts, the 7 year retention period runs from the date immediately prior to the account closure date.  

Section reference: 10

Q11 : Are order books and order records only required to be kept for 2 years?


Pursuant to section 10(b) of the Rules, records showing particulars of all orders received or initiated by the intermediary (e.g. blotter, dealing slip or order book as you may call it) are required to be retained for a period of not less than 2 years.

Section reference: 10

Q12 : If orders/instructions are received via fax or e-mail from clients, are the original fax or e-mail orders required to be kept for 2 years?


Yes, as they form part of the records which are required to be kept under section 1(d) of the Schedule.

Section reference: 10

F. Reporting of Non-Compliance

Q13 : Is an intermediary required to report each occurrence of non-compliance (including “minor” ones) to the Commission?


Yes, it is in the interest of investor protection to have the regulator informed of all non-compliance irrespective of the reason and materiality thereof.  Materiality of the breach needs to be assessed in view of the circumstances. The Commission should be immediately notified of the breach in order for it to evaluate the implication.

Section reference: 11

Last update: 17 Mar 2003

We use cookies to improve the website performance and user experience. If you continue to use this website, you are agreeing to their uses. Learn more about our privacy policy.