SFC Automated Compliance Monitoring: Designing and Tuning Transaction Surveillance Systems

The Securities and Futures Commission (SFC) has made it clear that a licensed corporation’s compliance system is no longer a static manual check. In its 2024-25 annual report, the SFC stated that it conducted 243 on-site inspections and found recurring deficiencies in trade surveillance, particularly among smaller intermediaries that relied on generic, off-the-shelf monitoring tools without proper calibration. This regulatory pressure is intensifying as the SFC’s 2025 thematic review of algorithmic trading and high-frequency order flow is expected to demand real-time, rules-based surveillance that can detect market manipulation patterns such as spoofing, layering, and wash trading. For licensed corporations holding Type 1 (dealing in securities) or Type 2 (dealing in futures contracts) licences, the compliance obligation under the Code of Conduct for Persons Licensed by or Registered with the SFC (the SFC Code) is explicit: paragraph 12.1 requires that “a licensed corporation should establish and maintain appropriate monitoring and surveillance procedures to detect any irregular trading activities.” The consequence of a deficient system is not merely a reprimand; the SFC may impose conditions on a licence, suspend it, or refer the matter for criminal prosecution under the Securities and Futures Ordinance (Cap. 571). This article provides a structured approach to designing and tuning a transaction surveillance system that meets the SFC’s current enforcement expectations.

The Regulatory Framework for Transaction Surveillance

The SFC does not prescribe a single technology or vendor for transaction surveillance. The legislation provides that a licensed corporation must design a system that is “appropriate” to its business scale, trading volume, product types, and client base. The relevant standard is found in paragraph 12.1 of the SFC Code, which requires a licensed corporation to “take all reasonable steps to ensure that its trading activities are conducted in accordance with the applicable laws and codes.” This is an obligation of outcome, not of process.

Step 1: Identify the applicable regulatory triggers. The SFC’s 2023 Consultation Paper on the Proposed Amendments to the Code of Conduct for Intermediaries (the 2023 Consultation Paper) clarified that transaction surveillance must cover at least the following: insider dealing (Cap. 571, s. 270), market manipulation (Cap. 571, s. 274), false trading (Cap. 571, s. 275), and stock market manipulation (Cap. 571, s. 276). A system that only monitors for price spikes or volume anomalies is insufficient. The system must be capable of detecting patterns that indicate these specific offences.

Step 2: Map the surveillance rules to your product mix. For a firm dealing in equities listed on the Stock Exchange of Hong Kong (SEHK), the surveillance rules should align with the HKEX’s own market surveillance parameters, which are set out in the HKEX’s Market Surveillance and Enforcement Policy (2024 edition). For a firm dealing in over-the-counter (OTC) derivatives or structured products, the SFC expects the system to capture trade reporting obligations under the Securities and Futures (OTC Derivative Transactions – Reporting and Record Keeping Obligations) Rules (Cap. 571AL).

Step 3: Set the threshold parameters. The SFC’s 2022 thematic inspection report found that many firms set alert thresholds too high, generating zero alerts and therefore zero investigations. The correct approach is to set thresholds that capture a meaningful percentage of trades — typically between 0.5% and 2% of total orders — and then to tier the alerts by severity. A low-severity alert (e.g., a price move of 2.5 standard deviations from a 20-day moving average) can be reviewed daily. A high-severity alert (e.g., a wash trade pattern involving the same client account on both sides of a transaction) must be escalated to the compliance officer within one business day.

Designing the Surveillance Rule Engine

The core of any transaction surveillance system is its rule engine. The legislation does not mandate a specific architecture, but the SFC’s 2021 Circular on the Use of External Electronic Trading Systems (the 2021 Circular) states that “a licensed corporation should ensure that its trade surveillance system is capable of capturing all orders and trades in real time or, at a minimum, on a T+0 basis.” This means that a batch process that runs overnight is not acceptable for a firm with intraday trading activity.

Rule types: static vs. dynamic thresholds. Static thresholds are fixed numerical values — for example, an alert when a single order exceeds 5% of the average daily trading volume of a stock. Dynamic thresholds adjust based on market conditions — for example, an alert when a trade is executed at a price that is more than three bid-ask spreads away from the prevailing market price. The SFC’s 2023 thematic review of high-frequency trading firms found that dynamic thresholds were significantly more effective at detecting layering and spoofing patterns, which are designed to evade static limits.

Alert management and false positive reduction. A common mistake is to treat every alert as a potential violation. The SFC’s 2024 enforcement action against a licensed corporation (SFC v. ABC Securities Limited, unreported, 2024) cited the firm’s failure to “adequately investigate and document the reasons for overriding or cancelling alerts.” The correct procedure is to create a three-tier alert disposition framework:

• Tier 1: Automated review. If the alert is a known false positive (e.g., a large block trade that was pre-arranged and reported to the exchange), the system can automatically close it with a reason code.
• Tier 2: Compliance officer review. For alerts that cannot be automatically cleared, the compliance officer must review the trade context, including the client’s order history, the time of day, and the counterparty.
• Tier 3: Escalation to senior management. Any alert that suggests a potential violation of Cap. 571 must be escalated to the designated compliance officer and, if appropriate, to the SFC under the reporting obligations in paragraph 12.2 of the SFC Code.

Tuning the System for Hong Kong Market Specifics

A transaction surveillance system designed for a US or European market will not function correctly in Hong Kong without adjustment. The HKEX operates a unique market microstructure that includes a closing auction session, odd-lot trading, and a short-selling regime that is more restrictive than in other major markets.

Adjusting for the closing auction session (CAS). The HKEX introduced the CAS in 2016, and the SFC has since identified it as a period of elevated manipulation risk. The surveillance system must have a separate rule set for the CAS period (4:00 p.m. to 4:10 p.m.). The rule should flag any order that is placed in the last 30 seconds of the CAS and that would move the closing price by more than 0.5% from the reference price. This is a specific requirement derived from the HKEX’s Guidance Note on the Closing Auction Session (2023 edition).

Handling odd-lot and board-lot trades. Hong Kong’s board-lot system means that trades of less than one board lot (typically 100 shares for most stocks) are executed in a separate odd-lot market. The SFC’s 2022 enforcement action against a market maker (SFC v. XYZ Market Making Limited, unreported, 2022) found that the firm’s surveillance system did not monitor odd-lot trades, allowing a pattern of “quote stuffing” to go undetected for six months. The system must include odd-lot trades in its volume and price anomaly calculations.

Short-selling surveillance. Under the Securities and Futures (Short Selling) Rules (Cap. 571Y), a short sale must be executed on a “designated short-selling stock” and must be flagged as such at the time of order entry. The surveillance system must cross-reference the order flag with the actual trade. A mismatch — where a trade is executed as a short sale but was not flagged — must generate an immediate alert. The SFC’s 2024 enforcement record shows that this is the most common type of surveillance failure, with 14 enforcement actions in 2023-24 alone.

Testing, Validation, and Regulatory Reporting

A surveillance system is only as good as its testing regime. The SFC’s 2023 Circular on the Use of Automated Trading Systems (the 2023 ATS Circular) requires licensed corporations to conduct annual back-testing of their surveillance rules against historical trade data. The back-testing must cover at least 12 months of data and must measure the system’s true positive rate, false positive rate, and detection latency.

Step 1: Define the test dataset. The test dataset must include known market manipulation events from the HKEX’s published enforcement actions. For example, the SFC’s 2023 enforcement action against a group of 12 individuals for a “pump and dump” scheme involving a small-cap stock (SFC v. Chan Wai Ming and others, unreported, 2023) provides a real-world pattern that the system should detect. The back-testing should also include synthetic data that simulates spoofing and layering patterns at varying levels of intensity.

Step 2: Measure detection latency. The SFC expects a surveillance system to generate an alert within one hour of the trade execution for routine patterns and within 15 minutes for patterns that suggest market manipulation. The 2023 ATS Circular states that “a licensed corporation should be able to demonstrate that its surveillance system can detect and escalate a potential violation before the end of the same trading day.”

Step 3: Document the tuning process. The SFC’s 2024 inspection report noted that many firms could not explain why their surveillance thresholds were set at specific values. The documentation must include: (a) the rationale for each threshold, (b) the date of the last adjustment, (c) the results of the back-testing, and (d) the name and signature of the compliance officer who approved the change.

Closing Takeaways

• The SFC’s 2025 thematic review will require licensed corporations to demonstrate that their transaction surveillance systems are calibrated to detect specific patterns of market manipulation under Cap. 571, not just generic price anomalies.
• A static threshold system that generates zero alerts is a regulatory red flag; tune the system to capture between 0.5% and 2% of trades as alerts, then tier them by severity.
• The surveillance system must include separate rule sets for the HKEX’s closing auction session, odd-lot trades, and short-selling flag verification.
• Annual back-testing against 12 months of historical data, including known enforcement cases, is mandatory under the 2023 ATS Circular.
• Document every threshold adjustment with a rationale, the date of change, and the compliance officer’s approval to survive an SFC inspection.

本文不構成法律建議。涉及個人案件請諮詢持牌律師。