The Securities and Futures Commission of Hong
Kong is warning financial institutions to beef up their digital engagement with
customers when it comes to brokerage and wealth management.
Its concern comes at time when almost all
new client engagements are now occurring digitally.
The regulator has published a circular dated 31 August that says 96 percent of new accounts opened by licensed corporations (or LCs, that is, banks, brokers, financial advisors, other wealth managers) have been occurred without physical interaction over the past 12 months.
That is a testament to how sharply distributing wealth products and advice has changed: almost all new business is now conducted virutally.
Along with onboarding new customers, these licensed corporations are also now using their online platforms to sell investment products or execute client orders.
Not ready for the digital era?
Some companies have not been prepared for
this surge of online activity: they have gathered many new customers but without
investing in the operations, compliance, or I.T. reviews to ensure the platforms
are just as robust as the traditional, in-person business.
The platforms often incorporate features such as research to enable self-directed investment. This is becoming the norm because the SFC’s rules around product suitability are strict, involving in-person evaluations of a customer’s risk appetite and sophistication.
Therefore if a platform wishes to provide advice, it probably has to stick to the most vanilla, low-risk products, otherwise it won’t be able to sell them without a face-to-face meeting.
On the other hand, many players, including digital banks and brokers, are positioning themselves as a neutral marketplace in which customers are free to buy what they wish, caveat emptor.
Deficient protections
The SFC says it has found compliance deficiencies in some of these models. These boil down to three concerns: identity, suitability, and security.
Poor verification of client identity: the SFC has found cases where platforms were not recognizing client’s designated bank accounts in Hong Kong, or were using facial recognition technologies without a robust assessment of how they work. The SFC is particularly worried that purely digital onboarding makes it easier for people to impersonate a customer.
Suitability obligations: The SFC finds that some licensed corporations are dodging their suitability requirements (ensuring clients are sold products that suit their risk profile) with a simple client acknowledgement that the platform provider hasn’t solicited or recommended anything.
The SFC’s wording on this point is not very
specific. It says: “This may be seen as an attempt to restrict clients’ rights,
exclude the obligations of the LCs, or misdescribe the actual services provided
to clients.”
The SFC also says it has uncovered instances
of inadequate client risk profiling, or failures to monitor what goes on in the
comments sections of these platforms.
Cybersecurity: the SFC found some distributors or advisors hadn’t implemented adequate mechanisms to mitigate cybersecurity risks. For example, some lacked two-factor authentication, or lacked the proper surveillance tools to detect unauthorized access to a client’s account.