Quick search
CTRL+K
Quick search
CTRL+K
Since 2010, the Global Law Experts annual awards have been celebrating excellence, innovation and performance across the legal communities from around the world.
posted 2 years ago
By LI Fai:
The Hong Kong Stock Exchange (the “Exchange”) published an Enforcement Bulletin (the “Bulletin”) in February 2022 with the focus on internal controls and risk management framework in Hong Kong listed companies[1]. This article summarises (a) directors’ common misconceptions, (b) typical enforcement cases as well as (c) the Exchange’s expectations on internal control regimes, as highlighted in the Bulletin.
Clarifications for common misconceptions
The Exchange found that some directors of listed companies had misconceptions on internal controls (as listed below). Such mistakenly-held beliefs might be genuine but the Exchange has provided useful clarifications.
|
|
Common misconception |
Clarification |
|
1. |
Engaging external auditor is sufficient to discharge a listed issuer’s duty to review its internal controls. |
Unless an external auditor is specifically engaged to conduct a formal review on a listed issuer’s internal controls to meet the relevant requirements under the Corporate Governance Code (the “Corporate Governance Code”) as set out in Appendix 14 of the Rules Governing the Listing of Securities on The Stock Exchange of Hong Kong Limited (the “Listing Rules”), directors should not assume that the duty to conduct ongoing review of internal controls is discharged merely on the basis that the auditor has not brought any issues or red flags to their attention. |
|
2. |
It is sufficient to review part of the listed issuer’s internal controls every year. |
While a more in-depth review may be conducted for specific internal controls of a listed issuer on an ad hoc or rotation basis, the Corporate Governance Code requires all material internal controls to be reviewed annually. Even if a professional adviser is engaged to conduct the review, the board of directors must maintain oversight and ensure that the review is adequate. |
|
3. |
Only the audit committee is responsible for the internal controls. |
While the Corporate Governance Code stipulates a particular role for the audit committee to play in respect of internal controls, the directors of a listed issuer remain collectively and individually responsible for ensuring that internal controls are appropriate and effective. Directors are expected to understand, support and oversee the audit committee’s work, take an active interest in potential deficiencies and assist in implementing any necessary enhancements even if the audit committee is to take a lead role in internal controls. |
|
4. |
A listed issuer may take a passive approach and assume that its internal controls are sound if major issues and/or red flags do not emerge. |
It is insufficient for a listed issuer to take a passive approach in reviewing and monitoring its internal controls. Internal controls should be considered on an ongoing basis to ensure they remain fit for purpose by design and are fully implemented and working effectively. |
|
5. |
There will be no disciplinary sanctions if internal control deficiencies do not lead to the sufferance of any loss. |
An internal control deficiency may, in itself, constitute a breach of duty and result in disciplinary action and public sanction. Disciplinary action and sanction are neither contingent on loss being suffered nor contingent on a separate breach or misconduct being found. |
Enforcement cases and trends
From the summary of sanctions published by the Exchange during the second half of 2021, most enforcement cases involved:
These are results of internal control deficiencies and breaches of Listing Rules (sometimes persistent breaches). The Bulletin reported that, out of the 14 disciplinary sanctions published by the Exchange during the second half of 2021, 7 involved failure in relation to internal controls and 8 involved directors’ failure to cooperate with the Exchange in its investigations. This demonstrates both internal control and cooperation in investigations are key enforcement focuses of the Exchange.
It is worth noting that in one of the disciplinary sanctions listed[2], a listed issuer was sanctioned for failure to have adequate internal controls and oversight in respect of the operation and affairs of its subsidiaries. Therefore, a listed issuer’s duty to put in place a comprehensive and effective internal control and risk management framework and its directors’ duty to ensure that such controls are appropriate and effective apply not only to the operation and affairs of the listed issuer but extend also to those of its subsidiaries.
The Exchange’s expectations on the internal control regimes of listed issuers
Listed issuers are reminded that they are expected to have a comprehensive and effective internal control and risk management framework in place and their directors are collectively and individually responsible for ensuring that such controls are appropriate and effective.
In the event of a potential breach, the Exchange will not only investigate the relevant event, but also the listed issuer’s internal controls in place, its culture and general attitude towards risk, internal controls, compliance and corporate governance, and whether the directors have taken sufficient and proactive steps to discharge their duties in respect of internal controls. Where there is an internal control deficiency, the Exchange may impose disciplinary sanctions on the listed issuer and/or its directors regardless of whether a breach or misconduct is found.
While the Exchange acknowledges that there is no “one-size-fits-all” approach to internal controls, it expects listed issuers allocate sufficient time and resources to review the effectiveness of internal controls on an ongoing basis and to maintain detailed documentary evidence demonstrating the internal controls in place and their review and enhancement work. Listed issuers are, therefore, urged to keep an “audit trail”.
The Exchange points to the Corporate Governance Code, which contains principles and provisions in relation to internal controls, including but not limited to:
The Exchange encourages listed issuers to refer to the following materials:
Directors who are unsure as to whether a robust and effective internal control and risk management framework is in place are urged to consider obtaining professional advice.
The author would like to thank Ms. Cici Ng (trainee solicitor) for her contribution in this article.
Download (pdf)
___________________________________________
[1] https://www.hkex.com.hk/-/media/HKEX-Market/Listing/Rules-and-Guidance/Disciplinary-and-Enforcement/Enforcement-Newsletter/newsletter202202.pdf?la=en
[2] https://www.hkex.com.hk/News/Regulatory-Announcements/2021/210707news?sc_lang=en
[3] https://www.hkex.com.hk/Listing/Rules-and-Guidance/Corporate-Governance-Practices?sc_lang=en
[4] https://www.hkex.com.hk/-/media/HKEX-Market/Listing/Rules-and-Guidance/Corporate-Governance-Practices/guide_board_dir.pdf?la=en
[5] https://www.hkicpa.org.hk/-/media/HKICPA-Website/HKICPA/section4_cpd/Continuing-Professinoal-Development-Programme-(CPD)/Guide_Eng_August.pdf?la=en&hash=64947E3F384BBC605520949C7EBA3403
[6] https://www.hkicpa.org.hk/-/media/HKICPA-Website/New-HKICPA/Standards-and-regulation/SSD/03_Our-views/TB_-Cir/Auditing/131221/1aatb1212.pdf
Note: This material has been prepared for general information purposes only and is not intended to be relied upon as professional advice for any cases. Should you need further information or legal advice, please contact us.
Sign up for the latest advisory briefings and news within Global Advisory Experts’ community, as well as a whole host of features, editorial and conference updates direct to your email inbox.
Naturally you can unsubscribe at any time.
Global Advisory Experts is dedicated to providing exceptional advisory services to clients around the world. With a vast network of highly skilled and experienced advisers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.
