| |
|
|
|
APPENDIX 2 - CLIENT ASSETS
|
|
INTRODUCTION
|
| 1. |
This Appendix provides more detailed guidance to auditors on the work normally carried out in order to form an
opinion on client assets in the auditors' reporting under the SFO. It provides guidance on the following rules: |
| |
a. |
Securities and Futures (Client Securities) Rules (Client Securities Rules); |
| |
b. |
Securities and Futures (Client Money) Rules (Client Money Rules); |
| |
c. |
Securities and Futures (Keeping of Records) Rules (Keeping of Records Rules); and |
| |
d. |
Securities and Futures (Accounts and Audit) Rules. |
| |
For the purpose of this Appendix the term "rules" means any of the above applicable rules. |
| 2. |
The main purpose of the rules in relation to client assets is to ensure that the regulated entity safeguards client
assets. A further purpose is to ensure that, in the event of insolvency of the regulated entity, client assets
are protected from the claims of its general creditors and, in the case of client money, from any right of set
off by institutions which hold the money. |
| 3. |
The rules require a regulated entity to maintain a high standard of custodianship and associated record keeping.
Management of a regulated entity is responsible for establishing and maintaining adequate accounting records and
systems and controls. This recognizes the position of trust under which client assets are held. |
| 4. |
This Appendix is separated into three sections as follows: |
| |
a. |
client securities; |
| |
b. |
client money; and |
| |
c. |
no client assets. |
| |
The sections on client securities and client money also set out the relevant planning considerations. |
| 5. |
This Appendix is to assist auditors in determining the scope of the work for each individual audit. However it
is not intended to limit or replace individual professional judgement, initiative and vigilance. Audit procedures
are designed to meet the requirements of the particular situation, giving careful consideration to the size and
type of regulated entity and the system of internal accounting control; this is a matter that requires the exercise
of professional judgement in the light of the circumstances of each particular case. |
| 6. |
Where the auditors discover that the systems have failed or material differences have arisen, they consider the
implications these may have on other areas of their work, on their reporting obligations and, in particular, on
the "truth and fairness" of the financial statements. |
| |
|
CLIENT SECURITIES
|
| Introduction |
| 7. |
Client securities, for the purpose of the Client Securities Rules, are securities that are: |
| |
a. |
either |
| |
|
i. |
listed or traded on a recognized stock market; or |
| |
|
ii. |
interests in a collective investment scheme authorized by the SFC under section 104 of the SFO; and |
| |
b. |
received or held in Hong Kong by or on behalf of |
| |
|
i. |
a licensed corporation in the course of the conduct of any regulated activity for which the licensed corporation
is licensed; or |
| |
|
ii. |
an associated entity of an intermediary in relation to the conduct of any regulated activity. |
| |
These securities may be held in the form of collateral. |
| 8. |
The Client Securities Rules do not apply to client securities of a licensed corporation that are in an account
established and maintained by a client of the licensed corporation, in that client's name, with a person other
than the licensed corporation or an associated entity of the licensed corporation. The Client Securities Rules
do not apply to client securities that are received or held outside Hong Kong by a licensed corporation or its
associated entity. |
| 9. |
For the particular regulated activity, the auditors need to understand what may constitute client securities that
are covered by the Client Securities Rules. They would consider all situations and transaction types that may be
entered into by the regulated entity. Although the regulated entity may consider that a particular area is not
covered by the rules relating to client securities, the auditors need to be alert to situations where this is incorrect
and the regulated entity is in breach of the Client Securities Rules as a result. |
| |
|
|
|
| Planning |
| 10. |
The auditors' work on client securities will be planned in relation to three reporting requirements. For client
securities, the main areas that need to be addressed by the auditors, to enable them to fulfill their reporting
requirements, are: |
| |
a. |
whether during the period under review, the regulated entity had adequate systems of control in place to ensure
compliance with the sections 4(4), 5, 10(1) and 12 of the Client Securities Rules; |
| |
b. |
whether during the period under review, the regulated entity has complied with sections 4(4), 5, 10(1) and 12 of
the Client Securities Rules; and |
| |
c. |
whether during the period under review, the regulated entity has complied with section 3 or 4 of the Keeping of
Records Rules to the extent that they relate to client securities. |
| 11. |
The control objectives that a regulated entity administering or holding client securities or securities collateral
will need to meet and the evidence that may be available to the auditors upon which they can base their conclusions
are outlined below. They are only indicative. |
| 12. |
Not every regulated entity, particularly a smaller one, will be able to meet all these objectives through the establishment
of formal controls and segregation of duties. In consequence, not all the evidence indicated below will be available
in every case. |
| 13. |
This does not necessarily mean that the regulated entity has weak controls or that there is insufficient evidence
for the auditors to give a conclusion. The regulated entity may well have adequate controls due to close supervision
by the management, taking into account the low volume of client securities handled. |
| 14. |
In some cases, therefore, the auditors may place greater reliance on observation and enquiry for their audit evidence
than inspection of documentation. In doing so, they need to bear in mind that undocumented systems are more prone
to error and fraud, and that their presence and enquiries may influence the manner in which procedures are operated
at that time. |
| |
| Adequate systems of control - Timely renewal of standing authorities (section 4(4)) |
| |
Control objectives - Timely renewal of standing authorities |
| 15. |
The main factors that will be considered are: |
| |
a. |
satisfactory arrangements for ensuring that standing authorities that are due for renewal are identified; |
| |
b. |
satisfactory arrangements for notifying clients that their standing authorities are due to expire and informing
them that unless clients object, they will be renewed upon the same terms and conditions; and |
| |
c. |
satisfactory notification to clients of the renewal of the standing authorities within the specified time frame. |
| |
|
|
|
| |
Evidence - Timely renewal of standing authorities |
| 16. |
The main factors that will be considered are: |
| |
a. |
retention of client standing authorities in a secure environment; |
| |
b. |
tracking system for timely identification of standing authorities that are approaching expiry; |
| |
c. |
management review of standing authority renewal notices prior to despatch; |
| |
d. |
client relationship personnel follow up expiring standing authorities with clients to ensure they have received
notifications; |
| |
e. |
evidence of spot checks of standing authorities by the compliance or internal audit department to ensure that current
standing authorities are in place; and |
| |
f. |
evidence of procedures for ensuring that standing authority renewal notices have been provided within one week
after expiry. |
| |
| Adequate systems of control - Deposit or registration of client securities and securities collateral (section
5) |
| |
Control objectives - Deposit or registration of client securities and securities collateral |
| 17. |
The main factors that will be considered are: |
| |
a. |
whether registerable client securities are registered in a name permitted by the rules; |
| |
b. |
where client securities are deposited in the same name as that used for the intermediary's house positions, that
the client securities are deposited in a designated account different from that in which its house positions are
deposited; |
| |
c. |
securities held as collateral can be separately identified; |
| |
d. |
arrangements for releasing documents under stock lending and borrowing arrangements are in accordance with the
rules; |
| |
e. |
satisfactory arrangements for ensuring that the client securities were held or securities collateral kept after
receipt in a segregated account or registered in the name of the client from whom or on whose behalf the client
securities have been received, or the intermediary or associated entity; |
| |
f. |
satisfactory arrangements for ensuring that where client securities and securities collateral are deposited in
safe custody, that the financial institutions, custodians or other intermediaries in question are appropriately
authorized, approved or licensed as appropriate; |
| |
g. |
satisfactory arrangements for withdrawal or disposal of client securities and securities collateral to be made
to or by the client, or to or by any authorized party as specified in sections 5 and 6 of the Client Securities
Rules upon the circumstances or under discretionary powers given in the client agreement; |
| |
h. |
risk assessments to be carried out on all custodians to assess the risk of placing client securities and securities
collateral with a third party; |
| |
i. |
written arrangements between the intermediary or associated entity and the custodian covering at least the minimum
requirements of the rules; and |
| |
j. |
an adequate system to ensure that statements are sent to clients at required intervals, and that such statements
properly reflect the regulated entity's records. |
| |
|
|
|
| |
Evidence - Deposit or registration of client securities and securities collateral |
| 18. |
The main factors that will be considered are: |
| |
a. |
written instructions from clients stating the manner in which their securities are to be registered; these instructions
may be set out in standard client agreements; |
| |
b. |
written procedures setting out how each security is to be identified so as to reflect the client's entitlement
to that security (e.g. registered in the client's name); |
| |
c. |
where client securities are registered in the name of an associated entity, that an appropriate record of the interests
of individual clients is maintained; |
| |
d. |
clear segregation of client securities from other securities; |
| |
e. |
separate registers maintained of securities held as collateral; |
| |
f. |
evidence of appropriate authority to engage in stock lending arrangements, given to the regulated entity by the
clients concerned; |
| |
g. |
separate records of all such transactions sufficient to show the details of the stocks lent at any time and the
collateral held; |
| |
h. |
proper segregation of duties which ensure each area is staffed by people independent of any other operations and
password controls; |
| |
i. |
qualifications and experience of senior management; |
| |
j. |
strong boxes, fire-proof rooms and safes, restricted access via password controlled doors or limited access to
keys, especially where important documents like securities certificates, were kept in the office premise; |
| |
k. |
regular stock reconciliations performed against third party supporting documents; |
| |
l. |
evidence of spot checks of the custodian area by the compliance or internal audit department; |
| |
m. |
written procedures stating how custodian staff are to process the movement of securities and what is required in
the form of authorization; |
| |
n. |
evidence of procedures for selection of external financial institutions, custodians or other intermediaries to
ensure that they are eligible and suitable to hold client securities and securities collateral in safe custody; |
| |
o. |
results of a risk assessment process including external information on credit rating, financial results etc. and
internal information on customer service received; |
| |
p. |
letters of agreement with custodians stating the terms under which they are operating; |
| |
q. |
file copies of statements sent to clients, which agree with the records; and |
| |
r. |
procedures and controls (e.g. completed checklist) to ensure that all clients receive a statement (where required). |
| |
|
|
|
| Adequate systems of control - Depositing and transferring client securities and securities collateral (section
10(1)) |
| 19. |
Under section 10(1) of the Client Securities Rules a regulated entity is required to take reasonable steps to ensure
that client securities and securities collateral of the intermediary are not: |
| |
i. |
deposited; |
| |
ii. |
transferred; |
| |
iii. |
lent; |
| |
iv. |
pledged; |
| |
v. |
repledged; or |
| |
vi. |
otherwise dealt with, |
| |
except as provided in Part 2 of the Client Securities Rules.
The relevant elements of the Client Securities Rules in Part 2 (covering sections 5, 6, 7, 8 and 9) in summary
cover the following: |
| |
a. |
Section 5 - requirements for deposit or registration of client securities and securities collateral
Unless client securities and securities collateral are registered in the name of the client, or the associated
entity (or the intermediary in the case of securities collateral): |
| |
|
i. |
client securities are:
deposited in safe custody in a segregated account which is designated as a trust account or client account in Hong
Kong with an authorized financial institution, an approved custodian or another intermediary licensed for dealing
in securities; |
| |
|
ii. |
securities collateral is:
deposited in safe custody in a segregated account which is designated as a trust account or client account in Hong
Kong with an authorized financial institution, an approved custodian or another intermediary licensed for dealing
in securities; or
deposited in an account in the name of the intermediary or associated entity with authorized financial institution,
an approved custodian or another intermediary licensed for dealing in securities. |
| |
b. |
Section 6 - dealings with client securities and securities collateral
A regulated entity may deal with client securities or securities collateral in accordance with: |
| |
|
i. |
an oral or written direction to sell or to settle such a sale order; |
| |
|
ii. |
a written direction to withdraw the client securities or securities collateral (where required under section 5); |
| |
|
iii. |
a standing authority, except where this will result in:
a transfer of client securities or securities collateral to an account in Hong Kong other than an account referred
to in section 5;
a transfer of the client securities or securities collateral to an officer or employee, unless he is the client
in question; or
an unconscionable transaction in the sense of the Unconscionable Contracts Ordinance. |
| |
|
Where a licensed corporation is licensed for asset management, with the written agreement of the client, client
securities may be withdrawn from a trust account or client account, or where client securities that have been registered
in the name of the client or an associated entity they can be sold or used to settle a sale order on behalf of
the client.
Where there is a liability owed by or on behalf of a client, with that client's written agreement, a licensed corporation
may dispose, or initiate a disposal by any of its associated entities, of any of the client securities or securities
collateral in settlement of that liability. |
| |
c. |
Section 7 - treatment of client securities and securities collateral by intermediaries licensed for dealing
in securities and their associated entities
With a standing authority a licensed corporation licensed for dealing in securities may: |
| |
|
i. |
apply any of the securities or securities collateral pursuant to a securities borrowing or lending agreement; |
| |
|
ii. |
deposit any of the securities collateral in question with an authorized financial institution as collateral for
financial accommodation provided; or |
| |
|
iii. |
deposit any of the securities collateral in question with a recognized clearing house or another intermediary as
collateral for the discharge and satisfaction of the licensed corporation's settlement obligations and liabilities. |
| |
d. |
Section 8 - treatment of securities collateral by intermediaries licensed for securities margin financing and
their associated entities
With a standing authority a licensed corporation licensed for securities margin financing may deposit any of
the securities collateral that it receives with an authorized financial institution or an intermediary licensed
for dealing in securities as collateral for financial accommodation provided to the licensed corporation. |
| |
e. |
Section 9 - treatment of securities collateral by intermediaries licensed for dealing in futures contracts and
their associated entities
With a standing authority a licensed corporation licensed for dealing in futures contracts may deposit any
of the securities collateral that it receives with a recognized clearing house or an intermediary licensed for
dealing in futures contracts as collateral for the discharge and satisfaction of the licensed corporation's settlement
obligations and liabilities. |
| |
|
|
|
| |
Control objectives - Depositing and transferring client securities and securities collateral |
| 20. |
The control objectives that have been included in paragraph 17 above apply here. Additional factors that will be
considered are: |
| |
a. |
written procedures in place covering client dealing and transfer instructions; |
| |
b. |
controls provide assurance that client instructions are authorized prior to being actioned; |
| |
c. |
standing authorities are valid and current; and |
| |
d. |
transfers of client securities and securities collateral are made to appropriate authorized accounts. |
| |
|
|
|
| |
Evidence - Depositing and transferring client securities and securities collateral |
| 21. |
The main factors that will be considered are: |
| |
a. |
availability of up-to-date written procedures covering the handling of client instructions; |
| |
b. |
evidence that client instructions are verified as authentic and valid before being actioned; |
| |
c. |
evidence that client standing orders are checked that they are current and cover the transaction in question each
time they are used; and |
| |
d. |
evidence that where appropriate client securities and securities collateral are only transferred to or deposited
with authorized financial institutions, approved custodians or other intermediaries licensed for dealing in securities. |
| |
|
|
|
| Adequate systems of control - Reporting of non-compliance with certain provisions of the rules (section 12) |
| |
Control objectives - Reporting of non-compliance with certain provisions of the rules |
| 22. |
The main factors that will be considered are: |
| |
a. |
system in place to identify potential incidents of non-compliance with the rules; |
| |
b. |
potential incidents of non-compliance reported to management on a timely basis; and |
| |
c. |
matters of non-compliance (a reportable matter as defined in section 157 of the SFO) are reported to the SFC in
writing within one business day. |
| |
|
|
|
| |
Evidence - Reporting of non-compliance with certain provisions of the rules |
| 23. |
The main factors that will be considered are: |
| |
a. |
evidence that the business has a system in place to identify potential incidents of non-compliance with the rules; |
| |
b. |
level of awareness amongst staff of the rules; |
| |
c. |
records kept in relation to potential incidents of non-compliance demonstrating that these have been reported to
management on a timely basis; and |
| |
d. |
evidence that matters of non-compliance have been reported to the SFC in writing within one business day. |
| |
|
|
|
| Compliance with the rules |
| 24. |
The work that the auditors will have performed as outlined above in relation to determining whether during the
period under review, the regulated entity had adequate systems of control in place to ensure compliance with sections
4(4), 5, 10(1) and 12 of the Client Securities Rules is likely to also enable them to report on whether during
the period under review, the regulated entity has complied with sections 4(4), 5, 10(1) and 12 of the Client Securities
Rules.
Depending on the results of the work on the systems of control, some additional testing is likely to be required
to enable the auditors to issue their opinion on the regulated entity's compliance with the rules during the period
under review.
The auditors would consider obtaining written representations from management that all incidents of non-compliance
with the rules have been disclosed, or that there have been no incidents of non-compliance. |
| |
| Adequate accounting records have been maintained |
| |
Control objectives - Adequate accounting records have been maintained |
| 25. |
The main factors that will be considered are: |
| |
a. |
proper and prompt recording of the movements of documents (this includes all documents, including those relating
to the regulated entity's own securities as there is a risk of teeming and lading and having client documents mixed
with the regulated entity's own documents); |
| |
b. |
proper and prompt recording of all purchases and sales of securities on behalf of clients; |
| |
c. |
records in agreement with the statements sent to clients of assets held on their behalf; |
| |
d. |
reconciliations carried out in accordance with the rules; and |
| |
e. |
proper and prompt accounting for benefits, such as bonus or scrip issues accruing to clients. |
| |
|
|
|
| |
Evidence - Adequate accounting records have been maintained |
| 26. |
The main factors that will be considered are: |
| |
a. |
evidence that documents of title are recorded immediately on receipt; |
| |
b. |
evidence that documents of title are not released from the regulated entity's control to clients, registrars, brokers,
etc. without the records being amended; |
| |
c. |
records kept in respect of any document clearly setting out the date of receipt and despatch of the document, the
nature of the document, the client to whom the document relates, and the nature, amount and nominal value of the
securities to which the document relates; |
| |
d. |
evidence that statements are sent to clients at the required intervals, made up to the appropriate date, and properly
specifying the documents held. In this context, the auditors may consider obtaining direct confirmation from clients; |
| |
e. |
evidence that correspondence from clients querying statements (including client complaints) and any other queries
have been dealt with properly and promptly; |
| |
f. |
evidence that benefits such as dividends or scrip issues are collectively and correctly allocated to each client; |
| |
g. |
evidence that reconciliations have been carried out in accordance with the rules (for more detailed guidance on
reconciliations see paragraphs 28 to 35 below); and |
| |
h. |
circularisation of account balances in accordance with paragraph 27 below. |
| 27. |
Auditors exercise their professional judgement to determine whether and how to go about the performance of a circularization
of clients' account balances. The SFC has issued a list of matters which may be taken into account by auditors
in conducting a circularization of clients' account balances: |
| |
a. |
auditors would exercise their judgement in determining sufficient coverage of samples over the total population
of clients' accounts both in terms of number of clients and the money value of clients' assets; |
| |
b. |
confirmation would be prepared in language that the clients of the regulated entity are familiar with; |
| |
c. |
confirmation would be directly sent to and received from clients. Clients would be provided with convenient means
of responding to the auditors; |
| |
d. |
be aware of any client enquiries regarding any discrepancies in their account balances; |
| |
e. |
auditors would independently select samples for circularization; |
| |
f. |
auditors to determine appropriate procedures in assessing the reliability of the confirmation letters received
such as verifying client signatures on the confirmation against client agreements; and/or directly calling the
clients to verify the agreed balances on a sample basis; and |
| |
g. |
adequate and timely follow-up procedures for the non-reply confirmations would be carried out such as considering
sending reminders or directly calling the non-reply clients etc. and/or reviewing a sample of trade orders and
withdrawals of funds and securities recorded in their accounts. |
| |
|
|
|
| |
Reconciliations |
| 28. |
The requirement to carry out reconciliations is set out in the Keeping of Records Rules. |
| |
Control objectives - Reconciliation of client securities - Physically held client securities |
| 28A. |
The main factors that will be considered are: |
| |
a. |
physical counts and reconciliations of all securities performed with at least the frequency and in the manner required
by the rules, and by staff (in so far as possible) independent of the custodian department; |
| |
b. |
procedures planned and implemented to ensure that the count of client title documents is accurate; |
| |
c. |
timely clearance of reconciling items; and |
| |
d. |
records retained of the dates and results of the physical counts. |
| |
Evidence - Reconciliation of client securities - Physically held client securities |
| 29. |
The main factors that will be considered are: |
| |
a. |
detailed instructions for the counts; |
| |
b. |
an independent function (such as compliance department or internal audit) organizing, controlling or participating
in carrying out the counts and reconciliations; |
| |
c. |
sufficient time and resources devoted to the counts and reconciliations; |
| |
d. |
full and clear documentation of the counts and reconciliations; |
| |
e. |
counts carried out at the frequency and with the time limits required by the rules; |
| |
f. |
adequate explanations for reconciling items; and |
| |
g. |
completion of reconciliations (i.e. all items explained). |
| |
Control objectives - Reconciliation of client securities - Client securities held by a custodian |
| 30. |
The main factors that will be considered are: |
| |
a. |
reconciliations for all custodians performed with at least the frequency and in the manner required by the rules; |
| |
b. |
timely clearance of reconciling items; |
| |
c. |
the reconciliations undertaken by a person who is not involved with the recording or movement of the assets, if
the size of the regulated entity permits this segregation of duties; and |
| |
d. |
records retained of the dates and results of reconciliations including confirmations from external custodians. |
| |
Evidence - Reconciliation of client securities - client securities held by a custodian |
| 31. |
The main factors that will be considered are: |
| |
a. |
an independent function carrying out the reconciliations; |
| |
b. |
sufficient time and resources devoted to reconciliations; |
| |
c. |
full and clear documentation of the reconciliations; |
| |
d. |
reconcilations carried out at the frequency required by the rules; |
| |
e. |
adequate explanations for reconciling items; and |
| |
f. |
completion of reconciliations (i.e. all items explained). |
| 32. |
Where client securities are physically held by the regulated entity itself, the auditors may attend part or all
of one of the physical counts of client title documents. In reaching a conclusion regarding the extent to which
this is necessary, the auditors consider the strength of controls surrounding, and the independence of, the count,
reconciliation, day to day processing and custody of client documents of title. |
| 33. |
The auditors examine confirmations from independent custodians of documents of title held by them. |
| 34. |
The auditors inspect correspondence and agreements with custodians in order to verify compliance with the rules. |
| 35. |
In larger regulated entities, a rolling reconciliation basis of confirming client title documents (similar to a
manufacturing company's system of perpetual stock-taking) is sometimes adopted. Care must be taken to ensure that
systems and controls are in place to prevent teeming and lading. |
| |
|
CLIENT MONEY
|
| Introduction |
| 36. |
The Client Money Rules apply to client money of a licensed corporation that is received or held by or on behalf
of: |
| |
a. |
the licensed corporation, in the course of the conduct of any regulated activity for which the licensed corporation
is licensed; or |
| |
b. |
an associated entity of the licensed corporation where such an associated entity is not an authorized financial
institution, in relation to such conduct of the regulated activity. |
| |
The Client Money Rules do not therefore apply to associated entities of registered institutions. The reference
to "regulated entity" in this section below is therefore restricted to a licensed corporation or its
associated entity that is not an authorized financial institution. |
| 37. |
The Client Money Rules do not apply to client money of a licensed corporation that is received or held outside
Hong Kong by the licensed corporation or an associated entity of the licensed corporation. |
| 38. |
The Client Money Rules do not apply to client money of a licensed corporation that is in a bank account established
and maintained by a client of the licensed corporation in that client's name. |
| 39. |
For the particular regulated entity, the auditors need to understand what may constitute client money that is covered
by the Client Money Rules. They would consider all situations and transaction types that may be entered into by
the regulated entity. Although the regulated entity may consider that a particular area is not covered by the rules
relating to client money, the auditors need to be alert to situations where this is incorrect and the regulated
entity is in breach of the Client Money Rules as a result. |
| |
|
|
|
| Segregated accounts |
| 40. |
When a regulated entity holds or expects to hold client money, it must open one or more segregated accounts, each
of which shall be designated as a trust account or client account. These must be established and maintained with: |
| |
a. |
an authorized financial institution; or |
| |
b. |
any other institution approved by the SFC for the purposes of the Client Money Rules, either generally or in a
particular case. |
| |
|
|
|
| Planning |
| 41. |
The auditors' work on client money will be planned in relation to the three reporting requirements. For client
money, the main areas that need to be addressed by the auditors, to enable them to fulfil their reporting requirements
are: |
| |
a. |
whether during the period under review, the regulated entity had systems of control in place that were adequate
to ensure compliance with sections 4, 5, 6, 8(4), 10 and 11 of the Client Money Rules; |
| |
b. |
whether during the period under review, the regulated entity has complied with sections 4, 5, 6, 8(4), 10 and 11
of the Client Money Rules; and |
| |
c. |
whether during the period under review, the regulated entity has complied with section 3 or 4 of the Keeping of
Records Rules to the extent that they relate to client money. |
| 42. |
The control objectives that the auditors would expect to see in a regulated entity holding client money and the
evidence from which the auditors seek to draw reasonable conclusions are outlined below. They are only indicative
and will not be applicable to all regulated entities holding client money, especially smaller ones. |
| |
|
|
|
| Adequate systems of controls - Payment of client money into segregated accounts (section 4) |
| 43. |
Client money held by regulated entities has to be held on trust for clients in one or more segregated bank accounts
designated as a trust account or client account. |
| |
|
|
|
| |
Control objectives - Payment of client money into segregated account |
| 44. |
The main factors that will be considered are: |
| |
a. |
all client money is paid within one business day into a segregated account; |
| |
b. |
bank accounts opened only with an authorized financial institution, or any other institution approved by the SFC
for the purposes of the Client Money Rules; |
| |
c. |
bank accounts include "Client Account" or "Trust Account" in their description in accordance
with section 4(1) of the Client Money Rules; |
| |
d. |
appropriate statements, confirmations and agreements sent to and received from the authorized financial institutions; |
| |
e. |
systems are adequate to identify all client money; |
| |
f. |
systems are adequate to ensure that all client money and only client money is paid in compliance with the rules
(other than where it is specifically allowed by the rules); |
| |
g. |
systems are adequate to ensure that all client money is paid in promptly; that is within one business day, unless
otherwise disposed of in accordance with the rules; and |
| |
h. |
client money is only applied for the purposes of the client to whom it relates. |
| |
|
|
|
| |
Evidence - Payment of client money into segregated accounts |
| 45. |
The main factors that will be considered are: |
| |
a. |
clear internal instructions setting out the procedures to be followed in dealing with any potential client money; |
| |
b. |
suitable levels of staff (i.e. with the appropriate training and experience) responsible for establishing segregated
accounts and identifying client money within the regulated entity; |
| |
c. |
lodgements regularly and promptly made; |
| |
d. |
lodgements to segregated accounts comprise client money only, except as otherwise permitted; |
| |
e. |
lodgements to non client accounts do not include client money; |
| |
f. |
an up to date list of all bank accounts which identifies those that are segregated accounts; and |
| |
g. |
bank statements agreeing to the regulated entity's records. |
| |
|
|
|
| Adequate systems of controls - Payment of client money out of segregated accounts (section 5) |
| |
Control objectives - Payment of client money out of segregated accounts |
| 46. |
The main factors that will be considered are: |
| |
a. |
systems are adequate to ensure that all client money withdrawals in Hong Kong are made in compliance with the rules;
and |
| |
b. |
all withdrawals from segregated accounts are made only for prescribed purposes and in accordance with the rules. |
| |
|
|
|
| |
Evidence - Payment of client money out of segregated accounts |
| 47. |
The main factor that will be considered is: |
| |
a. |
withdrawals are properly authorized and for purposes approved by the rules. |
| |
|
|
|
| Adequate systems of controls - Treatment of interest on client money held in segregated accounts (section 6) |
| 48. |
The Client Money Rules require that interest derived from client money is held in a segregated account. To the
extent that any amount of interest retained in a segregated account which the regulated entity is entitled to retain
under an agreement with the client(s), this would be paid out of the account within one business day after the
interest is credited to the account or the regulated entity becomes aware that the interest has been credited to
the account. |
| |
|
|
|
| |
Control objectives - Treatment of interest on client money held in segregated accounts |
| 49. |
The main factors that will be considered are: |
| |
a. |
appropriate procedures in place for identifying and withdrawing regulated entity's entitlement of interest on segregated
accounts on a timely basis; |
| |
b. |
where applicable, interest paid on all money subject to interest calculations; and |
| |
c. |
interest payments correctly calculated by reference to the appropriate dates. |
| |
|
|
|
| |
Evidence - Treatment of interest on client money held in segregated accounts |
| 50. |
The main factors that will be considered are: |
| |
a. |
evidence that regulated entity's interest entitlements are withdrawn on a timely basis in accordance with the rules;
and |
| |
b. |
schedules showing how interest due to clients has been calculated (or equivalent computer processes). |
| |
|
|
|
| Adequate systems of control - Timely renewal of standing authorities (section 8(4)) |
| |
Control objectives - Timely renewal of standing authorities |
| 51. |
The main factors that will be considered are: |
| |
a. |
satisfactory arrangements for ensuring that standing authorities that are due for renewal are identified; |
| |
b. |
satisfactory arrangements for notifying clients that their standing authorities are due to expire and informing
them that unless clients object, they will be renewed upon the same terms and conditions; and |
| |
c. |
satisfactory notification to clients of the renewal of the standing authorities within the specified time frame. |
| |
|
|
|
| |
Evidence - Timely renewal of standing authorities |
| 52. |
The main factors that will be considered are: |
| |
a. |
retention of client standing authorities in a secure environment; |
| |
b. |
tracking system for timely identification of standing authorities that are approaching expiry; |
| |
c. |
management review of standing authority renewal notices prior to despatch; |
| |
d. |
client relationship personnel follow up expiring standing authorities with clients to ensure they have received
notifications; |
| |
e. |
evidence of spot checks of standing authorities by the compliance or internal audit department to ensure that current
authorities are in place; and |
| |
f. |
evidence of procedures for ensuring that standing authority renewal notices have been provided within one week
after expiry. |
| |
|
|
|
| Adequate systems of controls - Requirement to pay money other than client money out of segregated accounts (section
10) |
| 53. |
The Client Money Rules require that a regulated entity which becomes aware that is it holding an amount of money
in a segregated account that is not client money of the regulated entity shall, within one business day of becoming
so aware, pay that amount of money out of the segregated account. |
| |
|
|
|
| |
Control objectives - Requirement to pay money other than client money out of segregated accounts |
| 54. |
The main factor that will be considered is: |
| |
a. |
appropriate procedures in place for identifying and withdrawing regulated entity's money from segregated accounts
on a timely basis. |
| |
|
|
|
| |
Evidence - Requirement to pay money other than client money out of segregated accounts |
| 55. |
The main factor that will be considered is: |
| |
a. |
evidence that regulated entity's money is withdrawn on a timely basis in accordance with the rules. |
| |
|
|
|
| Adequate systems of control - Reporting of non-compliance with certain provisions of the rules (section 11) |
| |
Control objectives - Reporting of non-compliance with certain provisions of the rules |
| 56. |
The main factors that will be considered are: |
| |
a. |
system in place to identify potential incidents of non-compliance with the rules; |
| |
b. |
potential incidents of non-compliance reported to management on a timely basis; and |
| |
c. |
matters of non-compliance (a reportable matter as defined by section 157 of the SFO) are reported to the SFC in
writing within one business day. |
| |
|
|
|
| |
Evidence - Reporting of non-compliance with certain provisions of the rules |
| 57. |
The main factors that will be considered are: |
| |
a. |
evidence that the regulated entity has a system in place to identify potential incidents of non-compliance with
the rules; |
| |
b. |
level of awareness amongst staff of the rules; |
| |
c. |
records kept in relation to potential incidents of non-compliance demonstrating that these have been reported to
management on a timely basis; and |
| |
d. |
evidence that matters of non-compliance have been reported to the SFC in writing within one business day. |
| |
|
|
|
| Compliance with the rules |
| 58. |
The work that the auditors will have performed as outlined above in relation to determining whether during the
period under review, the regulated entity had adequate systems of control in place to ensure compliance with sections
4, 5, 6, 8(4), 10 and 11 of the Client Money Rules is likely to also enable them to report on whether during the
period under review, the regulated entity has complied with sections 4, 5, 6, 8(4), 10 and 11 of the Client Money
Rules.
Depending on the results of the work on the systems of control, some additional testing is likely to be required
to enable the auditors to issue their conclusion on the regulated entity's compliance with the rules during the
period under review.
The auditors would consider obtaining written representations from management that all incidents of non-compliance
with the rules have been disclosed, or that there have been no incidents of non-compliance. |
| |
|
|
|
| Adequate accounting records have been maintained |
| |
Control objectives - Adequate accounting records have been maintained |
| 59. |
The main factors that will be considered are: |
| |
a. |
proper recording of movements of client money; |
| |
b. |
interest credited in accordance with the rules; |
| |
c. |
reconciliations carried out in accordance with the rules; and |
| |
d. |
appropriate titles are given to accounts. |
| |
|
|
|
| |
Evidence - Adequate accounting records have been maintained |
| 60. |
The main factors that will be considered are: |
| |
a. |
adequate details of the day to day entries of money paid into and out of the segregated accounts and individual
client accounts including: |
| |
|
i. |
dates of receipts and payments; |
| |
|
ii. |
name of the client; |
| |
|
iii. |
name of the person from whom money was received or to whom it was paid, if other than the client; |
| |
|
iv. |
sub-ledgers with individual client accounts; and |
| |
|
v. |
evidence of designation from a client; |
| |
b. |
records of the interest earned on the segregated accounts, the determination of the amount of interest payable
to clients and the dates and amounts of interest paid/credited to clients; |
| |
c. |
records maintained on a timely basis; |
| |
d. |
evidence that reconciliations have been carried out as required and reconciling items have been investigated and
cleared promptly (for more detailed guidance on reconciliations see paragraphs 61 to 66 below); |
| |
e. |
the records maintained comply with the guidance given by the SFC; |
| |
f. |
to provide third party evidence of client balances (except settlement balances), the auditors may consider obtaining
direct confirmation from clients; in practice, this may be conveniently combined with testing the accuracy of statements
of their securities sent to clients; and |
| |
g. |
circularization of account balances in accordance with paragraph 27 of this Appendix. |
| |
|
|
|
| |
Reconciliations |
| 61. |
The requirement to carry out reconciliations is set out in the Keeping of Records Rules. |
| 62. |
Regulated entities that hold client money are required to reconcile each month any differences during that month
in its balances or positions with any of their associated entities and other parties, including: |
| |
a. |
recognized exchange companies; |
| |
b. |
clearing houses; |
| |
c. |
other intermediaries; |
| |
d. |
custodians; and |
| |
e. |
banks, |
| |
and show how such differences were resolved. |
| |
Control objectives - Reconciliation |
| 63. |
The main factors that will be considered are: |
| |
a. |
client/trust money per the segregated account, as recorded by the regulated entity, is reconciled with the total
of balances recorded as due to each client at least each month; |
| |
b. |
balance of each such segregated account, as recorded by the regulated entity, is reconciled with the relevant bank
statements; |
| |
c. |
the reconciliations are properly prepared and adequate explanations given for reconciling items, which would be
cleared without delay; and |
| |
d. |
records are retained of the dates and results of the reconciliations. |
| |
Evidence - Reconciliation |
| 64. |
The main factors that will be considered are: |
| |
a. |
an up-to-date list of the segregated accounts held that agrees with the segregated accounts being reconciled; |
| |
b. |
evidence of an independent preparation and review of these reconciliations; and |
| |
c. |
reconciliations being carried out regularly over the period under review. |
| 65. |
The auditors carry out normal audit tests on bank reconciliations. Particular attention will be paid to reconciling
items, ensuring that outstanding and uncleared items are properly identified and are duly cleared shortly after
the reconciliation. As part of their substantive testing, the auditors examine and where appropriate obtain direct
confirmation of bank balances from each bank concerned. |
| 66. |
The regulated entity would also reconcile its segregated bank accounts as often as necessary but at least once
every month. Some regulated entities need to reconcile segregated accounts daily if the volume of business is high. |
| |
|
NO CLIENT ASSETS
|
| 67. |
Auditors must be alert to a situation where a licensed corporation is not permitted under its licensing condition
to hold client assets or does not, as a matter of policy, hold client assets. Where this is the case, the licensed
corporation would have systems in place to avoid receiving and holding client assets. |
| 68. |
Although auditors are not required to give the SFC independent assurance that the licensed corporation has not
administered or held client assets, they still consider carrying out the following procedures: |
| |
a. |
enquire as to what arrangements a licensed corporation has in place to ensure that relevant staff are aware of
what constitutes client assets. This could be documented in a procedural manual or internal memorandum and would
outline the procedures to be followed if client assets are identified; |
| |
b. |
enquire as to how settlements are effected on behalf of clients (reference will be made to client documentation
and payment instructions on contract notes or statements); |
| |
c. |
review the cash book in order to confirm that receipts and payments in the cash book only relate to the licensed
corporation's own money and that no client money is being received or held; |
| |
d. |
review the licensed corporation's client files to see whether they provide any indication that it has held client
assets in order to undertake a particular transaction; |
| |
e. |
review client agreements for statements of how custody is to be operated; as a corollary, review the agreements
with any custodians used and the counterparty files (i.e. the documentation which supports the securities transactions)
for correspondence on settlement procedures to ensure that there is no evidence that the licensed corporation has
offered client money protection (i.e. held separately in accordance with the rules); |
| |
f. |
ascertain whether a system of review exists to ensure that client assets are not administered or held. This could
constitute periodic review by the internal auditors or compliance officer and encompasses substantive review of
the licensed corporation's bank accounts and client agreements; and |
| |
g. |
enquire as to details of any client money the licensed corporation has received and the action taken. |
| 69. |
Auditors will consider obtaining written representations from management that the licensed corporation has not
breached any rules relating to the client assets during the period under review. |
| |
|
|
|
| |
|
|
|
| |
|
|
|