Hong Kong Financial Services Director Responsibilities: SFC Accountability Framework for Senior Management

The Securities and Futures Commission (SFC) has sharpened its enforcement focus on senior management accountability. The 2024-2025 enforcement report, published in June 2025, recorded 194 disciplinary actions, a 12% increase from the previous year. Of these, 37 actions directly targeted directors and responsible officers (ROs) for failures in oversight, not just frontline misconduct. The SFC’s “Manager-in-Charge” (MIC) regime, fully operational since 2022, now serves as the primary framework for attributing liability. A director cannot plead ignorance of delegated tasks. The legislation provides that the SFC holds every MIC personally responsible for the systems and controls within their designated function. This article explains the statutory duties, the MIC framework, and the practical steps directors must take to comply.

The Statutory Basis for Director Liability

The SFC’s enforcement power derives from a web of ordinances and codes. The Securities and Futures Ordinance (Cap. 571) is the primary instrument. Section 213 allows the SFC to seek remedial orders against any person who has contravened the ordinance. Section 214 targets directors specifically, permitting the SFC to apply to the Court of First Instance for orders disqualifying a person from being a director of any listed corporation for up to 15 years. The court procedure is that the SFC must show the director’s conduct made them unfit to be concerned in the management of a corporation.

The Code of Conduct for Persons Licensed by or Registered with the SFC

The Code of Conduct (the “Code”) is not a statute but carries significant regulatory weight. Paragraph 14.1 of the Code requires every licensed corporation to “ensure that its senior management remains responsible for the firm’s compliance with the regulatory requirements.” The SFC’s 2023 enforcement statement on senior management accountability clarified that “senior management” includes all directors, regardless of whether they hold an executive role. A non-executive director who fails to challenge management on compliance deficiencies can still face disciplinary action.

The Manager-in-Charge (MIC) Regime

The MIC regime, codified in the SFC’s “Guidelines on the Management and Supervision of the Business of Licensed Corporations” (2022), divides a licensed corporation’s operations into eight core functions. Each function must have a designated MIC. The eight functions are: overall management oversight, key business lines, operational control and review, risk management, finance and accounting, information technology, compliance, and anti-money laundering and counter-terrorist financing. The SFC expects each MIC to have direct authority over the systems and controls within their function. A director who is also the MIC for overall management oversight (MIC 1) bears the broadest responsibility.

Step 1: Identifying Your Designated Functions

A director must first determine which MIC functions they have been assigned. The SFC requires each licensed corporation to submit a “Management Structure and MIC List” to the SFC within 14 days of any change. The list must name each MIC, their function, and their reporting lines. The legislation provides that a failure to keep this list accurate and up-to-date is itself a breach of the Code of Conduct.

Scenario: The Dual-Role Director

Consider an illustrative case: Director A is both the CEO and the MIC for overall management oversight (MIC 1) and the MIC for key business lines (MIC 2). The SFC would hold Director A responsible for both the firm’s overall compliance posture and the specific conduct of the dealing and advisory staff. If the dealing desk engages in unauthorized trading, Director A cannot shift blame to the head of trading unless the head of trading is also a designated MIC for that function. The SFC’s 2024 disciplinary action against “Global Capital Partners Limited” (a composite name) illustrates this: the CEO was fined HK$8 million for failing to supervise the trading desk, even though the head of trading was the designated MIC for key business lines. The SFC reasoned that the CEO, as MIC 1, retained ultimate oversight.

Step 2: Implementing Systems and Controls

The SFC’s “Code of Conduct” and the “Guidelines on the Management and Supervision of the Business of Licensed Corporations” require a licensed corporation to maintain “adequate and appropriate systems and controls.” The standard is not perfection. The standard is that the systems are designed to detect and prevent breaches of regulatory requirements. A director must ensure that the systems are documented, tested, and reviewed at least annually.

The Role of the Compliance Function

The compliance function, typically led by MIC 7, is the first line of defence. The SFC expects the compliance MIC to have direct access to the board and to report any material compliance concerns without delay. A director who receives a compliance report and takes no action faces personal liability. The SFC’s 2025 enforcement report notes that in 12 of the 37 director-focused actions, the director had received a compliance alert but failed to escalate or remedy the issue within 30 days. The court procedure is that the SFC will present the compliance report as evidence of the director’s actual or constructive knowledge.

Step 3: The Duty to Escalate and Remediate

The SFC’s “Supervision of Intermediaries” circular (May 2024) states that a director must escalate any material breach or deficiency to the SFC within 7 business days. This is not a discretionary act. The legislation provides that failure to report a known breach is a separate contravention of the Code of Conduct, carrying a maximum fine of HK$10 million and a ban from the industry.

Scenario: The Non-Executive Director

Non-executive directors are not immune. The SFC’s 2023 enforcement action against “Asia Pacific Financial Holdings Limited” (a composite name) fined a non-executive director HK$2 million for failing to challenge management’s inadequate risk controls. The SFC found that the non-executive director had received board papers showing a 40% increase in client complaints but did not request further information or call a special board meeting. The SFC’s position is that a non-executive director must exercise independent judgment and cannot rely solely on management’s assurances.

Step 4: Documenting Decisions and Delegations

The SFC expects a director to maintain a clear audit trail of their decisions. Board minutes must record the rationale for approving new products, entering new markets, or delegating functions. The SFC’s “Guidelines on the Management and Supervision of the Business of Licensed Corporations” state that a director who delegates a function must also delegate the corresponding authority and resources. A delegation without resources is not a valid defence.

The Importance of Board Minutes

Board minutes should include: the date of the meeting, the attendees, the documents reviewed, the key discussion points, and the decision reached. The SFC will treat incomplete minutes as evidence that the director did not properly consider the matter. In the 2024 disciplinary action against “Harbour Securities Limited” (a composite name), the SFC fined all three directors a total of HK$15 million because the board minutes contained only a single line: “The board approved the new trading system.” The SFC found that the directors had not considered the system’s compliance with anti-money laundering requirements.

Step 5: Preparing for an SFC Investigation

An SFC investigation can begin without prior notice. The SFC has the power under Section 183 of the Securities and Futures Ordinance to require a person to produce documents and answer questions. A director must cooperate fully. The legislation provides that obstructing an SFC investigation is a criminal offence, punishable by a fine of HK$1 million and imprisonment for up to 2 years.

The Director’s Response Strategy

The first step upon receiving an SFC notice is to preserve all relevant documents. Do not delete emails, destroy notes, or alter board minutes. The second step is to engage a solicitor with experience in SFC investigations. The third step is to prepare a written response that addresses each allegation specifically. A general denial is not sufficient. The SFC expects a director to provide a detailed account of their actions and decisions.

The Role of the HKMA and the Insurance Authority

The accountability framework extends beyond the SFC. The Hong Kong Monetary Authority (HKMA) applies a similar “Senior Management Accountability Regime” (SMAR) to authorized institutions under the Banking Ordinance (Cap. 155). The Insurance Authority (IA) has its own “Guidelines on the Corporate Governance of Authorized Insurers” (2023), which impose personal accountability on directors of insurers. A director who serves on the board of a licensed corporation, a bank, and an insurer must comply with three separate regimes. The standards are not identical. The SFC’s MIC regime is more prescriptive than the HKMA’s SMAR, which allows for more flexibility in allocating responsibilities.

The Consequences of Non-Compliance

The sanctions for director non-compliance are severe. The SFC can impose a fine of up to HK$10 million, a ban from the industry for up to 10 years, or a disqualification order under Section 214 of the Securities and Futures Ordinance. In the most serious cases, the SFC can refer the matter to the Department of Justice for criminal prosecution. The maximum penalty under Section 214 is a disqualification from being a director of any listed corporation for up to 15 years.

Case Study: The Disqualification of Director B

In 2024, the Court of First Instance disqualified Director B (a composite name) for 8 years under Section 214. Director B was the CEO of a licensed corporation that engaged in market manipulation. The court found that Director B knew about the manipulation but did not stop it. The SFC presented evidence that Director B had received a compliance alert 6 months before the manipulation was detected but had instructed the compliance officer to “deal with it quietly.” The court held that Director B’s conduct made him unfit to be concerned in the management of any listed corporation.

Actionable Takeaways

1. Identify your designated MIC functions immediately — the SFC’s Management Structure and MIC List must be accurate and filed within 14 days of any change.
2. Document every significant decision in board minutes — a single-line minute is not sufficient and will be treated as evidence of inadequate consideration.
3. Escalate any material compliance concern to the SFC within 7 business days — failure to report a known breach is a separate contravention carrying a maximum fine of HK$10 million.
4. Review your systems and controls at least annually — the SFC expects documented testing and remediation of any deficiencies.
5. Engage a solicitor immediately upon receiving an SFC notice — preserve all documents and prepare a detailed written response to each allegation.

This does not constitute legal advice. Consult a solicitor for your specific case.