SFC Proposed Guidelines for Online Platforms and their Implementation

Delivery of financial services through online platforms is becoming a norm and is further facilitated by extensive penetration of smart phones in Hong Kong. This means, like any other social situation, the face to face interaction is replaced by electronic information and communication. So, the question arises whether Securities and Futures Commission’s (the “SFC”) current regulations are robust enough to protect investors when the service delivery is through faceless online channels. SFC believes that though its conduct guidelines are principle based, it would still be appropriate to state specific operational parameters for online platforms. Therefore, SFC has issued a consultation paper for the proposed guidelines (the “Guidelines”) for online platforms.

The purpose of the Guidelines is to provide clarity on the design and operations of the online platforms. These Guidelines will apply to all licensed or registered entities conducting their regulated activities whether order execution or distribution or advisory. The Guidelines will apply to all forms of online presence i.e. websites, platforms, and other channels like social media. SFC has also clarified that the Guidelines are in addition to any other applicable principles and standards to a particular type of service to which a service provider is required to comply with.

The Guidelines focus on three critical areas of operations / services of licensed or registered entities using online platforms. These areas are governance and control including Robo-advice, suitability requirement and complex products.

Governance and control will be driven through certain Core Principles which are unique to online service providers. The Core Principles are:

·       Proper design: this means the online platform should restrict and control access rights, and should operate it with due skill, care and diligence.  Clients would have access to only that information which is relevant to them as a client.

·       Information for clients: The platform should make adequate disclosure of the relevant information on the products offered as well as the services provided and the limitations thereof, if any.

·       Risk management: The platform should have high level of reliability, cybersecurity, data protection, business continuity plan (the “BCP”), and the periodic testing of the BCP, etc.

·       Governance, capabilities and resources: the platform to have robust governance process to manage its operations including adequate human, technology and financial resources.

·       Review and monitoring: It will be mandatory to conduct periodic review of the operations of the platform.

·       Record keeping: Proper record of its online services rendered, audit trail of the transactions and suitability assessment should be kept.

The Guidelines will also cover the so called Robo-advisers i.e. automated portfolio construction or model portfolios based on a client’s personal circumstances. The challenge for the platforms is to ensure that while providing Robo-advice all regulatory provisions applicable to distribution of investment products including Suitability Requirement are fully complied with.

The second area pertains to compliance with Suitability Requirement (Paragraph 5.2 of the Code of Conduct for Persons Licensed by or Registered with SFC) i.e. when does Suitability Requirement get triggered and how to discharge these obligations. The position taken for trigger is that mere posting of factual, fair and balanced materials on the online platform will not in itself amount to recommendation or solicitation and will not trigger the Suitability Requirement. However, in case the client seeks Robo-advice on the platform, the suitability Requirement obligations will become active.

Finally, offering complex products through online platform will require the online service provider to comply with some additional regulatory provisions. Certain basic and key information on the complex product along with very clear and prominent warning statements should be displayed. Further, it is proposed that the platform operator shall ensure that any transaction in such products is suitable for the client in all circumstances.

What shall the online platforms do to comply with the proposed guidelines?

The Core Principles delineated by SFC are pretty standard provisions which are used by any other transaction based platform. It is our understanding that all of these should already be available in a platform. If not, the platform should without any loss of further time put together the IT and business team to implement these Core Principles.

Providing Robo-advice and complex products will attract the obligation associated with Suitability Requirement. The platform should mandatorily undertake risk profile, factual assessment of the risk profile and verification of each client availing these two services.  It is advisable that the process and procedure for these products is broken down in multiple steps so that information at each step is captured and verified with the supporting documents before generating the final Robo-advice or execution of the complex product transaction.

Further, an online platform should check the authenticity of the material on their website and ensure that the material posted there is factual, fair, and balanced.  A robust internal system must be put in place to ensure that any update or new material posted on the online platform passes the test of factual, fair and balanced.  Besides, an audit trail of the process followed for each update has to be maintained.