Hong Kong SAR, China

• Important trends or developments
• Law reforms that impact corporate criminal liability
• Internal investigations – key developments
• Sectors targeted by law reforms or enforcement action
• Cross‑border cooperation investigation or enforcement activity
• Predictions for 2023

Important trends or developments

Regulatory and other authorities in Hong Kong remained active in their investigation of misconduct and possible white collar crime in 2021/2022, with a particular focus on targeting “high-impact” cases.

In the quarter ended 30 September 2022, the SFC conducted 433 investigations into white collar crime, including corporate disclosure, corporate mis-governance, insider dealing, intermediary misconduct, market manipulation and unlicensed activities. Intermediary misconduct made up 154 out of the 433 investigations.

There has also been an increase in joint operations between the SFC and other regulatory and enforcement authorities in and outside Hong Kong. For example, as announced on:

• 10 November 2022, the SFC and the Independent Commission Against Corruption (ICAC) conducted a joint operation against a sophisticated ramp-and-dump syndicate
• 30 September 2022, 13 people were charged following a joint operation between the SFC and the Hong Kong Police Force (HKPF) against a ramp-and-dump syndicate
• 5 July 2022, the SFC and HKPF conducted a joint operation on suspected corporate fraud.

The SFC’s disciplinary actions have focused on combating: (i) intermediary misconduct, including IPO sponsor failures, AML-related breaches and deficient selling practices (such as internal control failures); and (ii) corporate fraud, including misapplication of funds.

Meanwhile, the cost of disciplinary fines has continued its upward trajectory since 2015. In the period from April 2021 to March 2022, the SFC disciplined 36 corporations/individuals, imposing aggregated fines of HKD 4101.1 million.

Outside of enforcement action, the SFC continues to drive investor protection. To this end, the SFC has released a consultation proposing enhancements to certain enforcement provisions in the SFO, which would have wide‑reaching implications for a regulated person’s liability for misconduct and the scope of insider dealing offences. The SFC has also urged investors to be extremely careful if they intend to invest in stock tokens offered on unregulated trading platforms, and affirmed that they will not hesitate to take enforcement action against unlicensed platform operators where appropriate.

For listed companies, HKEX’s enforcement actions from late 2021 to mid-2022 have focused on failures to provide proper disclosure and obtain shareholder approval.

Law reforms that impact corporate criminal liability

The SFC continues to advocate for, and seeks to expand its regulatory oversight of, the cryptocurrency sector.

The Anti-Money Laundering and Terrorist Financing Ordinance (AMLO) has been amended to introduce a licensing regime for virtual asset service providers (VASP). Unlicensed persons who, without reasonable excuse, carry on a business that is a VASP, or holds themselves out as carrying on such business, will be liable for an offence. In addition, the VASP regime has also criminalised a broad range of crypto-related misconduct, regardless of whether it takes place on a licensed VASP exchange. Offences include breach of regulations regarding the issuance of advertisements relating to virtual asset services, the use of fraudulent or deceptive devices in transactions involving virtual assets, and the use of fraudulent or reckless misrepresentations with the intention to induce investment in virtual assets. Importantly, the offences of making fraudulent or reckless misrepresentations or employing deceptive or fraudulent devices will capture all individuals and/or firms engaging in this type of conduct with a substantial nexus to Hong Kong – it is not necessary that they be physically present in Hong Kong.

Finally, in the case of non-compliance with statutory anti-money laundering and counter‑terrorist financing, both the licensed VASP and its responsible officers (ROs) will be liable to a fine of HKD 1 million and two years’ imprisonment upon conviction, and subject to a range of disciplinary sanctions, including revocation of the VASP licences. Corporations that wish to carry on a business that is a VASP should take careful note of the new requirements.

It is expected that the relevant legislative change will take effect in early 2023. For more details, see Regulatory roadmap for a brave and ambitious Year of the Tiger.

There will continue to be a focus on the ambit and scope of money laundering obligations in Hong Kong following the government’s report in which it identified the need to enhance the AML/CFT legal framework. Money laundering obligations have been extended by amending the definition of politically exposed person (PEP) to include PEPs from outside Hong Kong, while changes have allowed an exemption from Enhanced Client Due Diligence (EDD) requirements in respect of former PEPs where the risks of money laundering and terrorist financing are low.

Corporates and their responsible officers should be made aware that the Hong Kong government has made clear their commitment to enhancing cybercrime laws and sanctions in Hong Kong. A Consultation Paper on Cyber‑Dependent Crimes and Jurisdictional Issues published on 20 July 2022 included recommendations for the creation of five new cybercrime offences: (i) illegal access to programmes or data; (ii) illegal interception of computer data; (iii) illegal interference in computer data; (iv) illegal interference in computer systems; and (v) making available or possessing a device or data for committing a crime. The five new offences, if enacted, would provide penalties of up to life imprisonment, reflecting a conclusion that existing punishments are too weak to safeguard national security.

There is no proposal to create a separate legislative basis so far as concerns personal liability. The Criminal Procedure Ordinance already extends liability to directors and officers of a company if it is proven that the offence in question was committed with the consent or connivance of such person. Further consideration may be given as to whether express provision on the liability of directors and persons in a managerial capacity is needed if the present recommendations are accepted.

The proposals were open for public consultation until 19 October 2022. See A guide to Hong Kong’s cybersecurity laws and practices.

Internal investigations – key developments

HKEX has published a Guidance Note on Cooperation and a revised enforcement sanctions statement. The guidance sets out examples of what may constitute good cooperation in terms of internal investigations, such as the disclosure of information not specifically requested or information that would not otherwise have been discovered by HKEX, the possible benefits of cooperation, and what may be construed as uncooperative conduct, such as late production of submissions or evidence. Importantly, cooperation includes voluntarily providing information regarding any weaknesses, failings or breaches. Meanwhile, revisions to HKEX’s Sanctions Statement provide clarity on the regulator’s expectations in respect of a listed issuer’s internal controls and the extent to which an individual may rely on others in the discharge of their duties.

Following the consultation conclusions on the proposed Mandatory Reference Checking Scheme (MRC Scheme) last year, formal Guidelines on the MRC Scheme were issued in May 2022. The MRC Scheme seeks to address “rolling bad apples” in the banking sector. Institutions recruiting for certain specified positions that fall within scope are now required to approach the former and current employer(s) of a prospective employee to request conduct-related information covering seven years prior to the application for employment. This information is expansive. It includes any breach of legal or regulatory requirements, incidents that cast doubt on an individual’s honesty and integrity, internal or external disciplinary actions, and ongoing investigations. Authorised Institutions will therefore need to consider carefully how to respond to reference requests, especially while investigations are ongoing, and maintain sufficient internal employee disciplinary records on an ongoing basis so that they can easily provide the information requested.

Authorised Institutions are expected to implement Phase 1 of the MRC Scheme by May 2023. For more detail see: Hong Kong’s proposed Mandatory Reference Checking Scheme: the end of “rolling bad apples”?

Sectors targeted by law reforms or enforcement action

The SFC’s investigations have continued to focus on intermediary misconduct and corporate misconduct, including keeping a close watch on internal control deficiencies, sponsors’ due diligence failures and mis-selling of financial products.

The HKEX’s enforcement actions in 2022 against listed corporations and/or its senior management have been in a mix of industry sectors. Those include property development, renewable energy, telecommunications, advertising and food and beverages. The focus was on the maintenance of adequate and effective systems and internal controls to ensure an issuer’s and the company directors’ compliance with their obligations.

In 2022, we saw the first criminal prosecution for market misconduct of a former senior manager at a crypto exchange; the senior manager was accused of illicitly making HKD 5 million by secretly trading against the company. The senior manager was charged with accessing the company’s internal systems “with criminal or dishonest intent” by setting up a retail account in his father’s name and trading against a corporate account he controlled, making a profit of about HKD 5 million in the form of USDT, the crypto industry’s largest stablecoin.

The Competition Commission is focused on investigations and bringing enforcement action where appropriate in the digital sector, having recently imposed sanctions on two competing travel services over a price-fixing cartel case.

Cross‑border cooperation investigation or enforcement activity

There has been a slight increase in enforcement-related cross‑border requests received and made by the SFC in 2020/2021 compared to the previous year. This trend will likely intensify given increased enforcement activity in a number of jurisdictions arising from recent macro-economic developments and other issues.

Meanwhile, the SFC maintained close enforcement cooperation with the China Securities Regulatory Commission (CSRC). In particular, the SFC held a meeting with the CSRC in June 2022 to discuss their enforcement cooperation efforts, and agreed on follow-up arrangements for emerging issues related to cross‑boundary enforcement cooperation issues.

December 2021 saw a joint operation between regulators and law enforcement agencies in Singapore and Hong Kong to protect the integrity of the securities markets. The SFC, the HKPF, the Monetary Authority of Singapore (MAS) and the Singapore Police Force (Singapore Police) announced that they had conducted a joint operation against an active and sophisticated syndicate suspected of operating ramp-and-dump manipulation schemes. Ten individuals believed to be the key members of the syndicate, their associates and some senior executives of Hong Kong‑listed companies were arrested during searches of 33 premises in Hong Kong and Singapore by more than 190 officers of the SFC, the HKPF, the MAS and the Singapore Police. A joint operation on this scale was unprecedented.

The SFC continues to agree memoranda of understanding (MoU) guidelines with various local and international regulators in order to aid future cooperation and to enhance cooperation and the exchange of information, including an MoU with the European Securities and Markets Authority, the EU’s financial markets regulator and supervisor, and a joint circular with the Australian Securities and Investments Commission on their collaborative thematic review of global financial institutions’ foreign exchange businesses and operations in Hong Kong and Australia.

Similarly, the Personal Data authorities in Hong Kong and Singapore renewed an MoU to maintain their existing ties and foster closer cooperation with an enhanced scope of collaboration in personal data protection. See the PCPD’s media statement here.

Predictions for 2023

An increase in collaboration between regulators

We expect to see an increase in collaboration between local regulators in Hong Kong, such as the SFC and the ICAC, by conducting joint operations to combat corporate fraud and misconduct of listed companies, directors or shareholders.

Continued efforts to bring the cryptocurrency markets within the purview of regulators

Historically, the SFC’s regulatory approach was to only allow professional investors to invest in Virtual Asset (VA)‑related funds and securities offered in Hong Kong. However, in November 2022, the SFC announced that Hong Kong intends to make significant moves toward a more open and inclusive approach to VA-related investments in order to foster the sustainable development of a vibrant ecosystem for VAs. Specifically, the SFC plans on opening up access to virtual asset investments for the retail market.

The SFC has also issued a Circular on the requirements for seeking SFC authorisation for public offerings in Hong Kong of exchange traded funds (ETFs). The SFC has stated that it is prepared to accept applications for authorisation of VA Futures ETFs traded on traditional regulated futures exchanges.

This article is part of the Allen & Overy Cross-border White collar Crime and Investigations Review. Please visit the review homepage for our overviews and insights in other jurisdictions.