Consultation Paper on Enhancing the Regulation and Supervision of Trust Business

(1)

1

Consultation Paper on

Enhancing the Regulation and Supervision of Trust Business

10 July 2020

(2)

2

I. Foreword

1. This consultation paper sets out the proposal of the Hong Kong Monetary Authority (“HKMA”) for enhancing the regulation and supervision of trust business in Hong Kong, especially those conducted by banks for wealth management purposes.

2. The HKMA invites comments on the proposal in this paper. A full list of the consultation questions can be found at Annex 1.

3. Please submit your comments to your industry associations or to the mailbox at trustconsultation@hkma.gov.hk by 9 October 2020.

4. Persons submitting comments on behalf of an organisation should provide details of the organisation whose views they represent.

5. Please note that the names of commentators and the contents of their submissions may be published by the HKMA on the website or in other documents to be published by the HKMA. Please read the Personal Information Collection Statement in the following section for details.

6. If you do not wish your name or submission to be published by the HKMA, please indicate so when you make your submission.

(4)

4

II. Personal Information Collection Statement

7. This Personal Information Collection Statement (“PICS”) is made in accordance with the guidelines issued by the Privacy Commissioner for Personal Data. The PICS sets out the purposes for which your Personal Data¹will be used following collection, what you are agreeing to with respect to the HKMA’s use of your Personal Data, and your rights under the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”).

Purpose of Collection

8. The personal data provided in your submission in response to this consultation paper may be used by the HKMA for one or more of the following purposes –

 to administer the provisions of the Banking Ordinance (Cap. 155) and guidelines published pursuant to the powers vested in the HKMA;

 to perform statutory functions under the provisions of the Banking Ordinance (Cap. 155);

 for research and statistical purposes; or

 for other purposes permitted by law.

Transfer of Personal Data

9. Personal data may be disclosed by the HKMA to members of the public in Hong Kong and elsewhere as part of this consultation. The names of persons who submit comments on this consultation paper, together with the whole or any part of their submissions, may be disclosed to members of the public. This will be done by publishing this information on the HKMA website or in documents to be published by the HKMA during the consultation period or at its conclusion.

Access to Data

10. You have the right to request access to and correction of your personal data in accordance with the provisions of the PDPO. Your right of access

1 Personal data means personal information as defined in the Personal Data (Privacy) Ordinance (Cap. 486).

(5)

5

includes the right to obtain a copy of your personal data provided in your submission on this consultation paper. The HKMA has the right to charge a reasonable fee for processing any data access request.

Retention

11. Personal data provided to the HKMA in response to this consultation paper will be retained for such period as may be necessary for the proper discharge of its functions.

Enquiries

12. Any enquiries regarding the personal data provided in your submission on this consultation paper, requests for access to personal data or correction of personal data should be addressed in writing to –

Personal Data Privacy Officer Hong Kong Monetary Authority

55/F Two International Finance Centre 8 Finance Street

Central, Hong Kong

(6)

6

III. Background

13. Hong Kong is positioned as a premier asset and wealth management centre.

To reinforce this position, it is reckoned that Hong Kong should continue to attract and provide services in asset and wealth management, including those for high net worth individuals and family offices. Among others, trust, as a means of protecting assets and controlling how they are used, is an important tool for managing wealth. Protection of client assets held on trust is thus paramount. International standard setting bodies have issued standards on business conduct of trust service providers.

14. The current regulatory regime in Hong Kong for trust business involves a number of financial regulators. Trustees of mandatory provident fund (“MPF”) schemes are approved and regulated by the Mandatory Provident Fund Schemes Authority (“MPFA”). Trustees and custodians of collective investment schemes (“CIS”) authorized by the Securities and Futures Commission (“SFC”) are not currently but have been proposed to be subject to the direct regulation by the SFC under the Securities and Futures Ordinance (Cap. 571) (“SFO”). The Insurance Authority adopts an indirect supervisory approach by ensuring non-regulated entities including trustees and custodians within an authorized insurer group will not adversely affect the position of the authorized insurer. The HKMA conducts consolidated supervision of locally-incorporated authorized institutions under the Banking Ordinance (Cap. 155) (“BO”) and their subsidiaries. Pursuant to the Anti- Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615) (“AMLO”), trustees are required to apply for a licence from the Registrar of Companies (unless otherwise exempted), where trustees are subject to requirements on customer due diligence and record-keeping but not business conduct.

15. Some limitations in the current regulatory regime have been identified. In particular, in respect of the banking sector, the HKMA has not promulgated any conduct requirements specific for trust business conducted by authorized institutions (“AIs”) and their subsidiaries. The SFC plans to license and regulate “top-level” trustees and custodians (i.e. the entity at the top of the custodial chain) of SFC-authorized CIS (subject to certain exemptions) under the proposed SFO regime for depositaries of SFC- authorized CIS (to be called Type 13 regulated activity, or “RA13”).

16. While there are industry guides issued by the Hong Kong Trustees’

Association (“HKTA”) in which HKTA members need to confirm their adoption and compliance for admission and renewal of membership, HKTA membership is by itself voluntary:

(a) In a number of overseas jurisdictions with sizable trust business, such as Singapore, Jersey and Bermuda, relevant regulators have introduced specific codes or legislations governing business conduct and practices, and supervise correspondingly the business conduct and

(7)

7 practices of trustees.

(b) Furthermore, drawing reference from international standards and practices, some enhanced guidance could be developed in respect of a number of key areas, such as management supervision and accountability, management and control of trust assets, corporate governance and internal controls, compliance function and review, as well as staff training and professional development.

We therefore see the merits of developing a regulatory code to strengthen the level of protection of customers making use of trust services, especially those for wealth management purposes.

17. Financial institutions should treat their customers fairly. Retail banks and private banks in Hong Kong have adopted their respective Treat Customers Fairly Charters to foster a sound corporate culture that supports prudent risk management and contributes towards proper staff behaviour leading to positive customer outcomes and high ethical standards in the banking industry. Treating customers fairly promotes consumer protection, thereby helping enhance customer confidence and trust, and contribute to sustainable development of the industry. Hence, treating customers fairly would also be a key spirit in developing a regulatory code for trust business.

18. Against this backdrop, the HKMA proposes to introduce a Code of Practice for Trust Business (“Code”) to enhance protection of client assets held on trust and better align with the international standards and practices and to promote treating customers fairly and customer-centric culture in trust business. This would in turn enhance clients’ confidence in entrusting assets to trustees in Hong Kong, thereby reinforcing Hong Kong’s position as a leading asset and wealth management centre. In developing the proposed Code, reference to relevant local and international standards has been made.

19. The key proposal in this consultation paper has taken into account feedbacks from earlier discussions with the relevant industry associations.

(8)

8

IV. Proposal

Scope

20. The proposed Code will cover general principles and practical standards to govern the business conduct of companies that conduct trust business (collectively referred to as “trustees” or “trust companies” for the purposes of this consultation paper) in Hong Kong, unless otherwise specified. For the purposes of this consultation paper, a “company” refers to an individual carrying on business as a sole proprietor; a partnership; or a corporation.

The collective term “trustee” will capture a relevant party by whatever name called that performs the functions of a trustee under the proposed scope of the Code.

21. The proposed Code will not include trust-specific prudential requirements, as a trustee may already be subject to the prudential requirements applicable to it as an AI, or other regulated financial entity, which may vary depending on the other types of businesses also conducted by the trustee.

22. The proposed Code will not include anti-money laundering (“AML”) or counter-financing of terrorism (“CFT”) requirements, which are already set out in the applicable statutory and regulatory requirements including the AMLO.

23. The proposed Code will not have the force of law, and trustees should observe applicable statutory requirements and other regulatory requirements as relevant to their trust and other business, including but not limited to other conduct requirements, prudential requirements, and AML/CFT requirements. A set of the proposed Code is in Annex 2.

Applicability

24. It is proposed that the Code will apply to all AIs that conduct trust business in Hong Kong. Locally incorporated AIs with subsidiaries that conduct trust business in Hong Kong (“AI subsidiaries”) should also ensure the business conduct, practices and controls of such subsidiaries are in line with the proposed Code. To effect this, it is proposed that the HKMA issue a Supervisory Policy Manual (“SPM”) module in the form of a statutory guideline under section 7(3) of the BO which will include the proposed Code.

25. For better protection of client assets, we also propose that other trustees that conduct trust business in Hong Kong are encouraged to adopt the proposed Code to the extent applicable.

26. In the context of the proposed Code, a “trust” refers to an obligation imposed on a person to hold or control and administer assets for the benefit of others

(9)

9

(i.e. the beneficiaries) or for a specified purpose (e.g. charitable purpose, wills or estate planning).

27. “Trust business” refers to provision of the following services by a trustee: (i) setting up a trust; (ii) acting as trustee for a trust; (iii) arranging for any person to act as trustee for a trust; (iv) managing the assets held on trust;

(v) administration services for a trust; and/or (vi) eventual transfer of assets to beneficiaries. In other words, it is not confined to services involving fiduciary duties.

28. “Relevant staff” refers to staff engaged by a trustee to assist in the provision of trust business (including customer-facing staff, operations staff, and supervisors of such staff), other than those solely acting as an accountant for the overall book-keeping at the corporate level, general secretarial support or information technology support at the corporate level.

29. Where an AI or AI subsidiary does not provide its trust service but may merely introduce or refer another trustee to its customers for provision of trust services, the AI or AI subsidiary is not required to observe the proposed Code. However, the proposed SPM module will specify that such AI or AI subsidiary should observe the following general principles for protecting customers:

(a) The AI or AI subsidiary should perform proper due diligence on the trustee to be introduced or referred to its customers, taking into account whether the trustee follows the proposed Code, and other factors such as track record, reputation and standing, financial soundness, operational capability and capacity, and relevant internal controls and practices;

(b) In the case of an introduced or referred trustee that operates outside Hong Kong, due diligence by the AI or AI subsidiary should also take into account any implications to customers and the AI or AI subsidiary (e.g. different or diminished consumer protection in the jurisdiction concerned). In any case, the AI or AI subsidiary should be satisfied that it is appropriate to make such introduction or referral to the trustee outside Hong Kong, and the arrangement will not lead to reduced protection to the customers; and

(c) The AI or AI subsidiary should have an agreement in place with the introduced or referred trustee on how to handle incidents (e.g. disruption of services, data leakage), including notification on any impacted customers and safeguarding their interests.

(10)

10

Exemptions

30. To minimise any regulatory overlap, it is proposed that depositaries licensed or registered for the proposed RA13 under Schedule 5 to the SFO will be exempted from the scope of the proposed Code when RA13 comes into effect insofar as the trust services provided relate to a CIS authorized by the SFC under section 104 of the SFO and form part of the regulated functions for RA13 under the SFO.

31. Likewise, companies approved by the MPFA under section 20 of the Mandatory Provident Fund Schemes Ordinance (Cap. 485) (“MPFSO”) are also proposed to be exempted from observing the proposed Code insofar as the trust services provided relate to the MPF products mentioned below:

(a) a registered scheme or its constituent fund (as defined in section 2(1) of the MPFSO) (“MPF schemes”); and

(b) an approved pooled investment fund (“APIF”) (as defined in section 2 of the Mandatory Provident Fund Schemes (General) Regulation (Cap.

485A)) which is or is intended to be offered only to:

(i) professional investors for the purposes of MPF products;

(ii) employers (as defined in section 2(1) of the MPFSO);

(iii) MPF schemes;

(iv) occupational retirement schemes (as defined in section 2(1) of the Occupational Retirement Schemes Ordinance (Cap. 426) (“ORSO”));

(v) pooled agreements (as defined in section 2(4) of the ORSO); or (vi) other APIFs.

32. For accountancy firms and law firms that are subject to their own set of professional code or ethical standards, it is proposed that they should also be excluded from adopting the proposed Code.

Non-compliance

33. The HKMA oversees the trust business of AIs and AI subsidiaries as part of its supervision of the businesses of the AIs as a whole. The HKMA will monitor their compliance with the proposed Code in its ongoing supervision.

34. Where a trustee identifies that there is material non-compliance with the proposed Code or it comes to its attention that there is material non- compliance, the case should be promptly reviewed and timely reported to the senior management and relevant regulators as appropriate in accordance with the guidance under Principle 6 Co-operation with regulators in the proposed Code.

(11)

11

35. It is proposed that failure of a trustee to adhere to the proposed Code may call into question the fitness and propriety of the trustee, whether the AI concerned continues to satisfy the minimum criteria for authorization in the BO, and / or the fitness and propriety of the chief executive (including alternate chief executives), directors and shareholder controllers of the AI concerned.

Consultation questions:

Question 1: Do you have any comments on the proposed scope of the Code?

Question 2: Do you have any comments on the proposed applicability of the Code?

Question 3: Do you agree with the proposed exemptions from the Code? If not, please explain your views.

Question 4: Do you consider any other exemptions necessary? If so, what are they and why are they necessary?

General Principles

36. It is proposed that there will be six general principles in the proposed Code:

(a) Principle 1 Fairness, honesty and integrity: A trustee should act honestly, fairly, and with integrity in conducting its trust business;

(b) Principle 2 Due skill, care and diligence: A trustee, in conducting its trust business, should act with due skill, care and diligence, and in the interests of its customers. A trustee should ensure that the entity through which trust business is conducted and all relevant staff are fit and proper to perform their roles and functions;

(c) Principle 3 Management and control of trust assets: A trustee should exercise due care in understanding, managing and controlling all assets held within the trust in full conformity with its fiduciary obligations;

(d) Principle 4 Corporate governance and internal controls: A trustee should establish a proper corporate governance structure and implement adequate internal controls and risk management systems to ensure that its trust business is effectively managed;

(e) Principle 5 Compliance with legal and regulatory requirements

(12)

12

and standards: A trustee should comply with relevant legal and regulatory requirements and standards applicable to the conduct of its trust business activities; and

(f) Principle 6 Co-operation with regulators: A trustee should deal with relevant regulators in an open and co-operative manner.

Question 5: Do you have any comments on the proposed six general principles?

Question 6: Do you think any other general principles are necessary? If so, what are they and why are they necessary?

Standards of Conduct

Principle 1: Fairness, honesty and integrity

37. A trustee should ensure that its actions comply with relevant requirements and standards applicable to the trustee and/or its staff, where appropriate.

The higher standards should prevail. It is proposed that a trustee should observe the following:

(a) A trustee should conduct its trust business with integrity. A trustee should not engage in any conduct involving fraud or dishonesty or commit any act that reflects adversely on its honesty, trustworthiness or that compromises its integrity.

(b) A trustee should not attempt to avoid its responsibilities under the proposed Code and any other applicable requirements and standards.

(c) A trustee should act fairly and objectively when dealing with the settlors and beneficiaries of a trust (collectively “the customers”). In particular, a trustee should:

(i) act in accordance with the objects of a trust and work within the parameters and terms set out in the trust governing documents (i.e. contracts, agreements or any other documents setting out the general and specific terms associated with services provided / to be provided by a trustee, for example, trust deeds) and/or any directions from a relevant party where permitted, in accordance with applicable requirements and standards;

(ii) treat its customers fairly at all stages of the relationship and act impartially between them (such as treating same classes of

(13)

13

beneficiaries equally and treating different classes of beneficiaries fairly), while having regard to its legal and contractual obligations;

(iii) take all reasonable steps to consider and strive for a balance between the different objects of the trust, and, where practicable, strive for a balance between the interests of the stakeholders;

and

(iv) provide objective advice where required and appropriate to its customers and exercise independent professional judgement in performing its duties.

Disclosure of information

38. It is proposed that a trustee should make adequate and accurate disclosure of relevant information to help customers make an informed decision prior to entering into any contract or agreement (for example, key risks, terms and conditions, fees and charges). A trustee should ensure that where appropriate customers have access to relevant and updated information concerning that trust. Where there are any material changes or updates relating to the trust from time to time, a trustee should timely provide notifications to those parties to the trust entitled to that information.

Fees and charges

39. It is proposed that a trustee should ensure that fees and charges in relation to a trust are fair and reasonable. A trustee should be open and transparent with customers about fees and charges, for example:

(a) prior agreement on fees and charges, and document the basis for such fees and charges;

(b) prior disclosure of any fees and charges, commissions, rebates, compensation, or benefits to be received from parties other than the customers;

(c) disclosure of the manner by which fees and charges will be collected;

(d) giving adequate notice before introducing any change in fees and charges; and

(e) disclosure of the arrangement of fees and charges in relation to the termination of services, such as whether fees paid in advance are refundable in the event of termination.

(14)

14 Representations

40. It is proposed that a trustee should take reasonable steps to ensure that representations made, including invitations and advertisements, are accurate, and do not contain information that is false, misleading, or deceptive.

Question 7: Do you have any comments on the proposed standards for disclosure of relevant information?

Question 8: Do you have any comments on the proposed standards for fees and charges?

Question 9: Do you have any comments on the proposed standards for representations?

Question 10: Do you have any other comments on the proposed standards for the principle on “fairness, honesty and integrity”?

Principle 2: Due skill, care and diligence

Prompt execution

41. It is proposed that a trustee should take all reasonable steps to execute requests or instructions from customers promptly and effectively, including the establishment, transfer or closing of business relationships.

Acting in the interests of customers

42. It is proposed that a trustee should act with proper purpose, and act with due skill, care, and diligence in performing its duties. A trustee should not take up outside duties or responsibilities that may pose undue influence on the trustee’s decisions or compromise the trustee’s ability to act in the interests of the trust.

43. A trustee should have a complete and updated understanding of the trust governing documents in each case, and seek legal or other professional advice where necessary.

44. A trustee should treat the interests of customers as paramount, subject to any legal obligations to other parties. Where there is more than one trustee,

(15)

15

a trustee should consider whether it is appropriate to make decisions collectively, and only act on an individual basis if direction to do so may be given by an appropriate stakeholder or if otherwise to do so would clearly be in the interests of the customers.

45. When a trustee exercises power or discretion for or on behalf of its customers (such as the power to invest, manage or arrange for investment), it should act with due care and attention to ensure that it suitably exercises such power or discretion. For example, a trustee should:

(a) act on a fully informed basis;

(b) exercise power or discretion consistently in accordance with the objects and terms set out in the trust governing documents and applicable legal and regulatory requirements; and

(c) evidence any decision made, in particular for decisions constituting a departure from the objects and terms set out in the trust governing documents.

Handling conflicts of interest

46. It is proposed that a trustee should establish and implement effective policies and procedures to identify and manage actual or potential conflicts of interest.

47. It is proposed that a trustee should consider the circumstances in determining the appropriate actions to handle actual or potential conflicts of interest so that they can be avoided or prevented, and if not possible, at least appropriately managed. For example, a trustee should:

(a) segregate duties adequately;

(b) establish necessary information boundaries, such as physical separation of certain departments or data segregation;

(c) identify the relationships, services, activities or transactions of the trustee in respect of which conflicts of interest may arise, and set out possible measures for preventing or managing these conflicts, such as:

 ensuring that deliberations, voting and decision making on issues exclude those persons whose participation may give rise to a real or perceived conflict;

 disclosing interests or conflicts to the customers and other impacted parties, and if appropriate, seeking customers’ written consent;

 advising customers to seek independent professional advice if needed; and

(d) takes reasonable steps to ensure that customers are fairly treated.

(16)

16

48. If a trustee has involvement with any connected party, it should implement proper internal controls, including dealing with connected parties on an arm’s length basis and in the interests of the trust, disclosure of connections, and maintaining proper documentation of the justifications for approving a transaction with a connected party.

Fitness and propriety of a trustee and its staff

49. It is proposed that a trustee should possess and maintain sufficient skills, knowledge and expertise to conduct its trust business. It should only conduct those areas of trust services for which it has relevant professional knowledge and expertise.

50. A trustee should ensure relevant staff are and remain fit and proper for their roles and responsibilities. A trustee should also ensure that relevant staff and staff engaged in compliance, internal controls, risk management and internal audit functions possess the necessary technical knowledge and skills, ethics and compliance knowledge, qualifications and experience.

51. A trustee should establish and implement appropriate training policies, procedures and plans that take into account the following:

(a) assessing the adequacy of relevant academic and professional qualifications, knowledge, skills, work experience and soundness of judgement of staff;

(b) assessing propriety of staff, such as any adverse records related to integrity, reputation and character, and require staff to update the trustee for any changes thereafter (e.g. convicted a criminal offence which is related to fitness and propriety, disciplined or disqualified by a professional or regulatory body in relation to the business or profession, bankruptcy order);

(c) providing adequate level of supervision to staff; and

(d) establishing a training plan and providing relevant and timely guidance and training to staff initially and on an on-going basis, including relevant induction and continuous training and development on technical knowledge and skills, industry developments, applicable legal and regulatory requirements (including ethics and compliance knowledge), and relevant internal control policies and procedures.

52. In order to maintain on-going professionalism and keep abreast of the latest development, relevant staff are expected to fulfil not less than 10 hours of trust-related continuous professional training (“CPT”) in each calendar year, of which at least 2 hours are on ethics and compliance. For the avoidance of doubt, trust-related professional training or development activities fulfilled by an individual under relevant professional qualifications can count towards the CPT hours in the same calendar year under the Code, provided that such training or development activities are achieved through the acceptable

(17)

17

means mentioned below: (i) classroom training courses, workshops, lectures, seminars; (ii) distance learning or self-study which requires submission of assignments or assessments; (iii) industry research, publication of paper, delivery of speeches or providing comments to industry consultation papers; and/or (iv) time spent in giving lectures or teaching (although repeatedly giving the same lecture or teaching should not be counted as satisfying the requirement).

53. We do not intend to accredit or specify eligible training providers, training programmes or courses, or professional qualifications that could be counted as relevant training activities. Trust-related training may be organised by relevant professional bodies, training providers or employing institutions.

This proposed approach will allow flexibility for relevant staff to choose relevant training that is suitable to their needs and circumstances.

54. A trustee should keep records to evidence the competence and on-going professional development of relevant staff and staff engaged in compliance, internal controls, risk management and internal audit functions.

Competency and professional development of trust practitioners

55. For development of the trust industry in Hong Kong, it is important to have a pool of professional talents. The availability of transparent competency standards will enable more effective training for new entrants and professional development for existing trust practitioners.

56. At present, there are local and international professional qualifications made available to trust practitioners, such as “Certified Trust Practitioner” awarded by the HKTA and “Trust and Estate Practitioner” awarded by The Society of Trust and Estate Practitioners (“STEP”). We would like to take this opportunity to hear the views from the industry to what extent the existing local and international development programmes and professional qualifications have met the industry’s need. Suggestions on measures that are appropriate and useful to the industry on the competency of practitioners and talent development would be welcomed.

Question 11: Do you have any comments on the proposed standards for prompt execution?

Question 12: Do you have any comments on the proposed standards for acting in the interests of customers?

Question 13: Do you have any comments on the proposed standards for handling conflicts of interest?

(18)

18

Question 14: Do you have any comments on the proposed standards for fitness and propriety of a trustee and its staff?

Question 15: Do you have any comments on the proposed continuous professional training and training hours for individuals engaged in the trust business?

Question 16: What are your views about the industry’s need for competency and professional development of trust practitioners? Do you consider that the existing local and international development programmes and professional qualifications have met the need? Do you have any suggestions to enhance competency and develop the talent pool for the industry?

Question 17: Do you have any other comments on the proposed standards for the principle on “Due skill, care and diligence”?

Principle 3: Management and control of trust assets

Ownership and entitlement of trust assets

57. It is proposed that a trustee should exercise care in safekeeping assets held on trust. Where physical assets are held, physical storage should be secure.

58. Adequate procedures should be effectively implemented to minimise the risk of loss, theft, fraud, and other acts of misappropriation. Proper records should be maintained in respect of assets to evidence their registration, good title and security as appropriate and to ensure their availability for distribution in accordance with the trust deed and / or trustees’ exercise of its discretion. Proper audit trails should be created to evidence the receipt, delivery and other movements of assets.

59. A trustee investing in and managing the assets of a trust should act in accordance with clearly defined authorities conferred by the creation of the trust and take into account the objects, terms, distribution requirements, other relevant directions and documents from customers, enforcers and protectors, applicable legal and regulatory requirements, and other circumstances of the trust.

Segregation of trust assets

60. It is proposed that a trustee should ensure assets held on trust are clearly identified and segregated from one another and from the assets of the trustee and any delegate(s) or other party(ies) involved in the operations of the trust.

(19)

19 Reconciliation of trust assets

61. Regular reconciliation of assets held on trust against third party records and verification of asset ownership should be conducted by independent staff of the trustee, subject to review and approval by appropriate management staff.

For physical assets, regular audits should be conducted at the premises where the physical assets are kept.

62. Proper procedures should be implemented to follow up any issues or discrepancies identified, take any rectification and remedial measures, and report or escalate the matters as appropriate.

Question 18: Do you have any comments on the proposed standards related to ownership and entitlement of trust assets?

Question 19: Do you have any comments on the proposed standards for segregation of trust assets?

Question 20: Do you have any comments on the proposed standards for reconciliation of trust assets?

Principle 4: Corporate governance and internal controls

63. It is proposed that a trustee should establish and maintain robust corporate governance policies and practices as well as effective internal controls and risk management processes that are commensurate with the nature, scale and complexity of the trust business.

64. A trustee should implement processes to ensure the senior management could timely obtain updates and apprise the affairs of the trust business.

65. A trustee should ensure that reporting lines are clearly identified with supervisory and reporting responsibilities assigned to appropriate staff with separation of duties as appropriate.

66. A trustee should regularly review the effectiveness and appropriateness of the governance policies and practices, and the internal controls, taking into account the business activities, risk profile and market development.

67. A trustee should have proper oversight of all delegates and other parties (e.g. outsourcing service providers, nominees, agents) engaged for providing services related to its trust business activities. Among others, a

(20)

20

trustee should have adequate internal control policies and procedures for ongoing monitoring of such delegates and other parties to be satisfied that the operations concerned are performed in compliance with relevant legal and regulatory requirements and the trust governing documents.

Management accountability

68. The ultimate responsibility for the operation and conduct of a trust business of a trustee lies with the board of that trustee.

69. Senior management of a trustee are accountable to the board, and are responsible and accountable for running the trust business on a day-to-day basis, and should ensure that the business activities comply with applicable legal and regulatory requirements and internal procedures.

70. We propose that a trustee that is an AI should be required to appoint (a) manager(s) under section 72B of the BO to supervise and be principally responsible (alone or with others) for its trust business under different lines of business (e.g. retail banking, private banking, corporate banking, or other business which is material to the institution). The AI is required to comply with the HKMA’s Supervisory Policy Manual CG-2 on Systems of Control for the Appointment of Managers (“SPM CG-2”), which sets out, among others, the fit and proper criteria and respective controls to ensure fitness and propriety of individuals appointed as managers, and notification requirements and timeline to the HKMA.

71. It is proposed that a trustee that is an AI subsidiary should be required to appoint appropriate individual(s) to supervise the trust business and be principally responsible (alone or with others) for the conduct of the trust business. It should notify, as signed by the chief executive, the HKMA in respect of the appointment of such individual(s):

(i) the name of the individual;

(ii) the identify card or passport number of the individual;

(iii) the position or title of the individual; and

(iv) the date of new appointment, cessation of existing appointment or change in responsibilities,

within 14 days of the appointment, cessation or change.

72. For appointing individual(s) to supervise the trust business in the above paragraph, the trustee concerned could draw reference from the attributes set in the paragraph 2.3.3 of SPM CG-2 and the fit and proper criteria as set out in section 3 of SPM CG-2 in assessing the fitness and propriety of individual(s).

(21)

21 Confidentiality

73. It is proposed that a trustee should implement appropriate policies, procedures and controls on collection, use and transmission of trust related information and personal data.

74. Staff are required to hold in strict confidence all trust related information and customer data the trustee has collected or obtained from persons related to trusts (e.g. settlors, protectors, enforcers and beneficiaries). A trustee should not disclose such information to third parties unless required by applicable legal and regulatory requirements, or consent is given by the person concerned. An institution should take all necessary steps to safeguard the confidentiality of customer information, including formulating internal policies for the collection, use and transmission of confidential data.

75. It is proposed that a trustee should implement adequate controls to prevent staff from benefiting in financial or non-financial terms from the improper use of confidential information which may lead to unfair, improper or illegal behaviour.

Outsourcing

76. For the purpose of the proposed Code, outsourcing refers to an arrangement under which another party (i.e. a service provider) undertakes to provide to a trustee a service previously carried out by the trustee itself or a new service to be launched by the trustee. The service provider may be another unit of the same entity (e.g. head office or an overseas branch in the case of an AI), another company with the group (e.g. holding company, subsidiary, affiliate), or an independent third party.

77. We propose that a trustee should assess and continually manage the risks associated with an outsourced activity. A trustee should not enter into, or continue, any outsourcing arrangements if this may result in its internal control systems or business conduct being compromised or weakened after the activity has been outsourced.

78. In line with the relevant requirements in the SPM SA-2 on Outsourcing, a trustee should establish adequate policies, procedures and controls in relation to the selection, appointment, monitoring, assessment and supervision of service providers, including:

(a) setting selection criteria (taking into account the costs, quality of services, financial soundness, reputation, managerial skills, technical capabilities, operational capability, compatibility and other relevant factors) and perform appropriate due diligence of a service provider prior to engagement;

(22)

22

(b) executing an agreement which clearly sets out the type and level of services to be provided and the liabilities and obligations of the service provider; and

(c) implementing controls to monitor the performance, manage the relationship with the service provider on a continuous basis, and implementing safeguards to protect the integrity and confidentiality of customer information.

Internal controls on managing and administering the trust

79. It is proposed that a trustee should implement adequate procedures and controls in managing and administering the trust. Among other things, the controls should include, as appropriate, cashflow monitoring, investment monitoring, safekeeping and valuation of assets, trust accounting, receipt and distribution of payments and assets in accordance with the trust governing documents and applicable legal and regulatory requirements.

80. A trustee should ensure it has in place an adequate business continuity plan and procedures to handle potential disruptions, failures, and other contingencies for its trust business activities. A trustee should also establish an appropriate contingency plan for the engagement of delegates and other parties.

Complaint handling

81. We propose that a trustee should implement adequate policies and procedures for handling complaints lodged by customers or a third party on behalf of customers related to its trust business, in line with the SPM IC-4 on Complaint Handling Procedures.

82. Policies and procedures should cover receiving complaints, investigation of complaints, responding to complaints, and availability of any redress or compensation in appropriate circumstances.

83. Complaints should be handled, investigated and addressed in a fair, prompt and appropriate manner. Staff assigned to handle the complaint should be independent and should not be involved in the subject of the complaint.

84. Details on where and how to lodge a complaint should be communicated and made available to customers.

85. Records of complaints should be maintained which show the complainant’s name, details of the complaint, assessment result, correspondence between a trustee and the complainant, and any actions taken.

86. A trustee should set up effective procedures to monitor complaints and prepare regular reports with complaint related data to the senior management for review.

(23)

23 Risk management

87. We propose that a trustee should establish an effective risk management framework and implement adequate procedures and internal controls to identify, monitor and manage risks in acting as a trustee.

Accounting and other record keeping

88. It is proposed that a trustee should maintain adequate records and adequate internal controls of its records to demonstrate compliance with the proposed Code, other applicable legal and regulatory requirements, and trust governing documents.

Professional indemnity insurance

89. It is proposed that a trustee should maintain professional indemnity insurance to cover claims for liability related to its duties and obligations in the course of carrying out its trust business. A trustee should maintain professional indemnity insurance with adequate coverage that is commensurate with its trust business. Coverage may be taken at the entity or group level, so long as it is adequate.

Question 21: Do you have any comments on the proposed standards for management accountability?

Question 22: Do you have any comments on the proposed standards for confidentiality?

Question 23: Do you have any comments on the proposed standards for managing outsourced activities which are basically in line with the relevant requirements in the SPM SA-2 on Outsourcing?

Question 24: Do you have any comments on the proposed standards for internal controls on managing and administering the trust?

Question 25: Do you have any comments on the proposed standards for complaint handling which are basically in line with the SPM IC-4 on Complaint Handling Procedures?

Question 26: Do you have any comments on the proposed standards for risk management?

Question 27: Do you have any comments on the proposed standards for accounting and other record keeping?

(24)

24

Question 28: Do you have any comments on the proposed standards for professional indemnity insurance cover?

Question 29: Do you have any other comments on the proposed standards for the principle on “Corporate governance and internal controls”?

Principle 5: Compliance with legal and regulatory requirements and standards

90. A trustee should comply with applicable legal and regulatory requirements, regulatory standards, and internal policies and procedures relevant to its trust business.

Compliance policies and procedures

91. It is proposed that a trustee should establish a compliance policy with proper approval from its senior management, and be subject to regular review to ensure adequacy and relevancy.

92. Adequate procedures and internal controls should be implemented to ensure compliance with relevant legal and regulatory requirements, regulatory standards, and internal policies and procedures.

Compliance function and review

93. Senior management of a trustee should establish a compliance function comprising staff with relevant knowledge, skills, qualification and experience to execute their duties effectively.

94. The compliance function should be independent of all business and operational functions, and report to senior management directly. It should have unfettered access to all business and supporting units, as well as documentation, records and information necessary to properly discharge the roles and responsibilities.

95. The trustee should establish a compliance program for planning and conducting regular independent review of its trust business activities and operation. Effective systems and controls should be implemented to identify, monitor and manage any conduct issues, control deficiencies and non- compliance with relevant requirements (including the proposed Code) and standards governing the trust business.

96. Appropriate remedial measures should be taken by the units concerned to rectify the issues and weaknesses identified and/or prevent similar

(25)

25

occurrences in future. Such action plans and measures should be reviewed and monitored by relevant control and risk management functions and management, including the compliance function.

97. The trustee should observe relevant guidelines to escalate or report to senior management and regulators any material non-compliance and other relevant matters as appropriate.

Question 30: Do you have any comments on the proposed standards for compliance policies and procedures?

Question 31: Do you have any comments on the proposed standards for compliance function and review?

Principle 6: Co-operation with regulators

98. A trustee should deal with relevant regulators in an open and cooperative manner.

99. Communications made by a trustee with relevant regulators should be timely and accurate.

Notification or reporting to regulators

100. Information or representations made to relevant regulators should be accurate, fair, not misleading, timely and within any prescribed timeline, and in accordance with any relevant requirements.

101. A trustee that is an AI or AI subsidiary (as the case may be) should promptly report to the HKMA or notify the HKMA of relevant matters on its trust business activities and operations, including significant changes in business plans, material non-compliance with any legal and regulatory requirements (including the proposed Code), and any other matters that may have material impact on the fitness and propriety of the trustee.

102. For the matters mentioned in the above paragraph, the AI or AI subsidiary (as the case may be) should report to the HKMA and notify it of any rectification and remedial action plan within any prescribed timeline in accordance with the requirements applicable to AIs.

(26)

26 Consultation questions:

Question 32: Do you have any comments on the proposed standards for notification or reporting to regulators?

Question 33: Do you have any other comments on the proposed standards for “Co-operation with regulators”?

(27)

27

V. Proposed Implementation Arrangements

Proposed List of Trust Companies

103. The HKMA is contemplating the idea of publishing and maintaining on its website a list of AIs and AI subsidiaries that conduct trust business in Hong Kong, which are required to comply with the proposed Code and align their practices with the proposed Code, and be subject to the supervision of the HKMA.

104. Views are also sought on the feasibility and desirability for the above- mentioned HKMA list to also include a dedicated section setting out other trust companies that conduct trust business in Hong Kong (other than accountants and lawyers) that have submitted to the HKMA a declaration that they observe the proposed Code and any other information considered necessary by the HKMA, and that they wish to be included in the list for access by members of the public.

105. For the purpose of the list, relevant AIs and AI subsidiaries, as well as any other trust companies that will be published on the list, will be required to provide to the HKMA initially and subsequently for each calendar year declaration signed by the relevant business head(s), and the Head of Compliance or Head of an equivalent function, on compliance with the proposed Code as applicable to their trust business.

106. The list will contain basic particulars of the trust companies at the entity level (e.g. company name, telephone, office address, website address). For commencement and suspension or cessation of trust business, and any subsequent changes in the basic particulars and any other information deemed necessary, the trust company should notify the HKMA within seven business days².

107. Explanatory notes will be provided on the webpage as appropriate to facilitate users to understand the purpose and limitations of the list. Among other things, we may consider some categorisation (such as by the types of entities, e.g. AIs, AI subsidiaries and other companies that conduct trust business in Hong Kong). It will also make clear that the HKMA does not guarantee the performance or creditworthiness of any entities that are published on the list. Based on information reported by the trust companies or any other relevant information that the HKMA is aware of, the HKMA reserves the right to (permanently or temporarily) remove particulars of a trust company from the list.

2 “Business day” refers to any day other than (a) a public holiday; or (b) a gale warning day or a black rainstorm warning day as defined in section 71(2) of the Interpretation and General Clauses Ordinance (Cap. 1)

(28)

28 Consultation questions:

Question 34: Do you agree that the HKMA should establish and maintain on its website a list of trust companies? Please explain your view.

Question 35: If yes to Question 34, do you agree that trust service providers other than those regulated and supervised by the HKMA should be published on the list (while differentiation may be made by categorising by types of entities)?

Question 36: Do you have any comments and/or suggestions on any basic particulars that should be provided in the list? Please explain your view and suggestions.

Question 37: Do you have any other comments on the “Proposed list of trust companies”?

Supervisory Approach of Trust Business

108. The HKMA plans to adopt a risk-based approach to determine the means and intensity of supervision for trust business provided by AIs and AI subsidiaries, taking into account factors such as the nature, scale and complexity of their trust services, effectiveness of relevant internal controls, and observations from off-site surveillance and on-site reviews as appropriate.

109. As regards off-site surveillance, it will include but will not be limited to requiring AIs and AI subsidiaries to submit to the HKMA regular surveys on certain information to facilitate the continuing supervision of their trust business and understanding industry trends. Other ad-hoc surveys or reviews may be conducted where appropriate. Information collected from off-site surveillance will also be used for prioritising supervisory focus.

110. On-site reviews may include on-site examinations by the HKMA on AIs and AI subsidiaries or engagement by AIs or AI subsidiaries with internal or external auditors or an equivalent party to conduct reviews. The on-site reviews on the trust business may mainly focus on effectiveness of internal controls, regulatory compliance (including compliance with the proposed Code), and adequacy of management supervision. The HKMA may require AIs and AI subsidiaries to provide a copy of the auditors’ report, together with their management response on the remedial action plans.

(29)

29

Proposed Implementation Timeline

111. The HKMA welcomes comments on the proposal in this consultation paper, and will take into account feedback received to finalise the proposal.

112. There is an understanding that the proposed principles and standards are largely being applied by the industry in the current practice, and thus it is anticipated that the industry should not have material difficulties in implementing the proposed Code. In this regard, it is proposed that AIs and AI subsidiaries should be required to comply with the finalised Code as soon as practicable, but not later than 6 months from the date of issuing the finalised Code. Other trust companies will be encouraged to follow the same timeline in adopting the standards in the proposed Code to the extent applicable.

Consultation question:

Question 38: Do you have any comments on the proposed implementation timeline?

Consultation Paper on Enhancing the Regulation and Supervision of Trust Business