2022-09-27

Added · Updated

Guide to Enhanced Competency Framework on Compliance

The Hong Kong Monetary Authority issued this guide to establish the Enhanced Competency Framework on Compliance, a non-statutory framework designed to define core competencies for banking practitioners in Hong Kong. It outlines qualification standards, including specific training modules and examinations, to certify practitioners as Associate or Certified Compliance Professionals based on their experience and role. The document details the scope of application, grandfathering arrangements for existing staff, and continuing professional development requirements to ensure a sustainable talent pool for the banking industry.

Hong Kong Monetary Authority logo

Hong Kong

Hong Kong Monetary Authority

Click to view thumbnail

Guide to Enhanced Competency Framework on Compliance Hong Kong Monetary Authority 27 September 2022

  • 2 - Table of Contents
  1. Introduction................................................................................................................................ 3
  2. Objectives ................................................................................................................................... 4
  3. Scope of application................................................................................................................... 5
  4. Competency standards .............................................................................................................. 8
  5. Qualification standards and certification................................................................................ 9
  6. Training programmes and examinations............................................................................... 11
  7. Grandfathering ........................................................................................................................ 11
  8. Modular exemption.................................................................................................................. 13
  9. Continuing professional development (CPD)........................................................................ 14
  10. Maintenance of relevant records............................................................................................ 16
  11. Administration of the ECF-Compliance................................................................................ 16
  12. Accreditation ............................................................................................................................ 16 Annex 1 - ECF-Compliance: Key roles and tasks for Relevant Practitioners..................... 18 Annex 2 - ECF-Compliance: Competency framework............................................................ 21 Annex 3 - ECF-Compliance: Learning outcomes and syllabus .................................................. 24 Annex 4 – Accreditation mechanism for the ECF-Compliance................................................... 32
  • 3 -
  1. Introduction 1.1 The Enhanced Competency Framework (ECF) is a collaborative effort of the Hong Kong Monetary Authority (HKMA) with relevant professional bodies and the banking sector in establishing a set of common and transparent competency standards for different professional areas which are central to the safety and soundness of banks and where talent shortages are more apparent. The development of a set of competency standards will enable more effective training for new entrants and support the ongoing professional development of existing practitioners in the banking industry, which will contribute to maintaining the competitiveness of Hong Kong as an international financial centre. To date, the HKMA has launched eight ECF modules, namely private wealth management, anti-money laundering and counter-financing of terrorism (AML/CFT), cybersecurity, treasury management, retail wealth management, credit risk management, operational risk management and Fintech. 1.2 Banks in Hong Kong have to adapt to a fast-paced and dynamic business environment while navigating the increasingly complex regulatory environment. The compliance function of a bank plays a key role in ensuring the bank’s compliance with applicable laws, rules, regulations and internal policies. There is a clear demand for the banking industry to keep up with the evolving regulatory environment and have an effective compliance framework in place to manage the compliance risk. Against such a background, there is a need for banking practitioners to be equipped with the technical skills and professional knowledge required to properly perform the compliance function for an Authorized Institution (AI) and to facilitate the development of the required policies, procedures, and controls accordingly. 1.3 The ECF on Compliance (ECF-Compliance) is aimed at equipping banking practitioners with the technical skills and professional knowledge required in the day-to-day activities of the compliance function of an AI.
  • 4 -
  1. Objectives 2.1 The ECF-Compliance is a non-statutory framework which sets out the common and core competencies and capabilities required of compliance practitioners in Hong Kong’s banking industry. The objective of the ECF-Compliance is twofold: (a) to develop a sustainable talent pool of compliance practitioners for the banking industry; and (b) to raise and maintain the professional competence of existing compliance practitioners in the banking industry. 2.2 Although the ECF-Compliance is not a mandatory licensing regime, AIs are encouraged to adopt it for purposes including but not limited to: (a) serving as a benchmark to determine the level of competence required and assess the ongoing competence of relevant employees; (b) supporting relevant employees to attend training programmes and examinations that meet the ECF-Compliance benchmark; (c) supporting the continuing professional development (CPD) of relevant employees; and (d) promoting the ECF-Compliance as an industry-recognised qualification, including for recruitment purposes. 2.3 The ECF-Compliance is designed to cover practitioners who are performing functions that involve the monitoring of an AI’s activities to ensure its compliance with relevant laws, rules, regulations and internal policies. The structured competency framework would enable relevant practitioners to develop the required technical skills and professional knowledge for managing the compliance risk within an AI. 2.4 The ECF-Compliance is not intended to cover all applicable laws and regulations. The main focus of this ECF will be on the application of key legal and regulatory requirements set by the Hong Kong Monetary Authority (HKMA), the Securities and Futures Commission (SFC) and the Insurance Authority (IA), as well as international regulatory standards which are applicable to AIs based on the jurisdiction of domicile of their parent company.
  • 5 - 2.5 The ECF-Compliance comprises the following two elements: (a) Competency standards These standards are derived from the job skills and competencies required for the compliance function and its relevant job roles such as regulatory affairs management, compliance advisory, and compliance monitoring, covering compliance risk identification, assessment, monitoring, testing, assurance and mitigation, providing regulatory advice on laws, rules and standards, providing oversight to the business units, and enhancing compliance awareness within an AI. (b) Qualification standards These standards are the requirements for qualifying compliance practitioners, including certification requirements, grandfathering arrangements and CPD for the required qualifications.
  1. Scope of application 3.1 The compliance function of an AI ensures that it adheres to the laws, regulations and guidelines relevant to its business processes. The fast evolving regulatory landscape has heightened the need for a sound compliance function to support an AI in navigating its responsibilities and avoiding regulatory actions and fines. Within the compliance function, the practitioners’ responsibilities can typically be segregated into three components: (i) Compliance risk governance – to establish a compliance programme that ensures the AI’s compliance with the statutory provisions, regulatory requirements and codes of conduct applicable to its banking or other regulated activities; (ii) Identify and assess – to identify and assess compliance risk and provide advice to senior management on the legal, regulatory requirements and standards with which the AI is required to comply; (iii) Monitor – to ensure that the AI’s compliance policies and guidelines remain effective and compliance issues are adequately monitored and addressed. Depending on the organisational structure and the assignment of roles and responsibilities within an AI, these activities may be housed under a business unit solely dedicated to compliance function or as part of a wider legal and compliance function. A strong firm-wide focus on ethics and responsibility, coupled with a firm commitment to upholding compliance principles, and having adequate resources to support those principles are important characteristics of a good compliance function.
  • 6 - 3.2 The ECF-Compliance is intended to apply to staff whose primary responsibilities involve performing the compliance function (other than AML/CFT compliance) within an AI. Specifically, it is aimed at “Relevant Practitioners (RPs)” located in the Hong Kong office of an AI who perform the compliance job roles as listed in Table 1 below. Table 1 – Job roles of the ECF-Compliance Role 1 – General Compliance Role 2 – Investment and Insurance Compliance Responsibilities • Assist senior management in meeting their responsibility in terms of understanding, monitoring and managing compliance related matters • Establish compliance review programmes to ensure compliance with applicable legal and regulatory requirements and codes of conduct • Handle non-compliance issues and monitor the remedial actions taken • Develop and implement transactions monitoring and surveillance infrastructure on general banking activities • Maintain communication with internal stakeholders and liaise with regulators to understand potential risk areas and monitor regulatory developments • Provide training and advice to the business units on compliance related matters • Report to and advise senior management on matters concerning compliance with relevant regulatory requirements including sales suitability, financial need analysis requirements and cross border selling restrictions • Investigate suspicious activities and handle non-compliance incidents whilst monitoring the remedial actions taken • Provide regulatory advice and analysis (and raise queries where appropriate) in relation to the life cycle of investment and insurance products • Develop and implement transactions monitoring and surveillance infrastructure on investment and insurance business activities • Liaise with local regulators on a regular basis to ensure open lines of communication, maintain reporting obligations and handle requests 3.3 The definition of RPs has taken into account differences among AIs in how compliance practitioners are assigned within their organisational structures. Functional roles rather than the functional titles of staff members should be essential in considering whether the definition

  • 7 - of RPs is met. To facilitate the determination of whether a staff member falls under the scope of RPs, the key tasks of different job roles are specified in Annex 1 as a reference. 3.4 It should be noted that the ECF-Compliance is not intended to cover staff members performing the following functions: a) Staff performing solely AML/CFT roles within an AI, as they are already subject to the ECF-AML/CFT. Please refer to the HKMA’s Guide to ECF on AML/CFT for details on these roles. In some cases, the responsibilities of compliance and AML/CFT roles may overlap. AIs should consider the relative weight of roles and responsibilities relevant to compliance and AML/CFT roles performed by staff members when assessing whether they should fall under the ECF-Compliance or ECF-AML/CFT or both; b) Staff performing compliance functions within an AI that are not related to regulatory compliance (e.g. financial/accounting risk); c) Staff performing specialised functions within an AI for ensuring compliance with prudential regulations (e.g. capital and liquidity requirements) and for risk areas that are covered under other ECF modules (e.g. liquidity risk, credit risk and operational risk that are covered under the ECF on Treasury Management, ECF on Credit Risk Management, and ECF on Operational Risk Management respectively); d) Staff in the compliance function within an AI who are performing solely clerical and administrative duties or other incidental functions1 . e) Staff in the legal or internal audit function of an AI; f) Senior management or relevant compliance committee members 2 other than the manager or person-in-charge of the compliance department; and g) Staff employed by an AI in Hong Kong whose primary function does not involve serving the AI in Hong Kong (e.g. regional office staff who are based in Hong Kong serving the compliance function for an overseas office) and staff based in the subsidiaries of AIs or overseas branches of AIs who are serving the compliance function for Hong Kong and/or overseas offices. That said, it should be noted that AIs have a responsibility to 1 Examples of other incidental functions include arranging meetings to discuss compliance related issues and preparing minutes of meetings that involve the discussion of compliance related issues. 2 Given that the main responsibilities of senior management or relevant compliance committee members (other than the manager or person-in-charge of the compliance department) may not be limited to managing the compliance risk of an AI, they are not captured within the scope of the ECF-Compliance. However, such persons may choose to acquire the ECF certification(s) which is(are) of interest and relevance to them.

  • 8 - ensure that the relevant staff based in the subsidiaries and overseas branches receive adequate compliance training, including those applicable in overseas jurisdictions. 3.5 For the avoidance of doubt, a staff member is not required to work full time in the compliance function or perform all of the roles specified in the job description in order to be classified as an RP. AIs are expected to adopt a principles-based approach when determining whether a staff member with multiple job roles falls within the definition of RPs. If a staff member’s job responsibility covers a majority of the key tasks detailed in ECF-Compliance’s role description, the staff member will be considered in scope. AIs should refer to the key tasks listed in Annex 1 to assess the significance of the compliance role performed by the staff member. AIs are expected to justify their decisions made in this regard. The following is a non-exhaustive list of criteria that can be taken into consideration when assessing whether a staff member should be classified as an RP: • Proportion of time spent on compliance related matters; • Extent to which the staff member reports to senior management and/or governance committees on compliance related matters; • Level of authority/seniority of the staff member in making decisions on compliance related matters; and • Organisational structure of the AI. For example, a staff member with roles and tasks dedicated to compliance may be working in other functions such as Legal or Risk Management.

  1. Competency standards 4.1 Competency standards are set at two levels: (a) Core level This level is applicable to entry to junior level staff with less than 5 years of work experience in the compliance function. (b) Professional level This level is applicable to middle to senior level staff with 5 years or above of work experience in the compliance function. 4.2 The competency framework for the ECF-Compliance with details on the qualifications required and CPD requirement for each job role of an RP is included in Annex 2.
  • 9 -
  1. Qualification standards and certification 5.1 Qualifications are set in accordance with the following two competency standards: (a) Core Level This level of qualification can be met by completing Module 1 to Module 3 of the ECF-Compliance Core Level training programme. RPs who have completed the training programmes as specified in Annex 2 are eligible to apply for exemption on Module 1. (b) Professional Level This level of qualification can be met by completing Module 4 (for Role 1 – General Compliance) or Module 4 and Module 5 (for Role 2 – Investment and Insurance Compliance) of the ECF-Compliance Professional Level training programme on top of the Core Level qualification and having at least 5 years of relevant work experience3 in the compliance function. Details of the learning outcomes and syllabus are set out in Annex 3. 5.2 Upon attaining the above qualifications and fulfilling the minimum relevant work experience requirement, RPs may apply to the administrator of the ECF-Compliance, the HKIB, for certification as an Associate Compliance Professional (ACOP) or a Certified Compliance Professional – General Compliance Stream (CCOP(GC)) or a Certified Compliance Professional – Investment and Insurance Compliance Stream (CCOP(IIC)). (a) Associate Compliance Professional (ACOP) Successful completion of Module 1 to Module 3 of the Core Level training programme; or grandfathered pursuant to paragraph 7.1(a). (b) Certified Compliance Professional – General Compliance Stream (CCOP(GC)) On top of the Core Level certification, successful completion of Module 4 of the Professional Level training programme plus 5 years of relevant work experience4 in the general compliance function as specified in Annex 1; or grandfathered pursuant 3 In general, the administrator of the ECF-Compliance will consider whether the nature of work experience is substantially the same as that described in the compliance roles 1 and 2 in Annex 1. Relevant work experience is expected to be obtained from AIs. As for work experience related to compliance gained from non-bank financial institutions and/or regulators, they will be considered on a case-by-case basis taking into account the level of involvement in performing compliance related key tasks. The work experience acquired from frontline business processes and operations, internal audit and risk management functions will also be considered on a case-by-case basis. 4 Please see footnote 3.
  • 10 - to paragraph 7.1(b). The 5 years of relevant work experience 5 required for CCOP(GC) certification should be accumulated within the 10 years immediately prior to the date of application for certification, but it does not need to be continuous. (c) Certified Compliance Professional – Investment and Insurance Compliance Stream (CCOP(IIC)) On top of the Core Level certification, successful completion of Module 4 and Module 5 of the Professional Level training programme plus 5 years of relevant work experience6 in the investment and/or insurance compliance function as specified in Annex 1; or grandfathered pursuant to paragraph 7.1(b). The 5 years of relevant work experience7 required for CCOP(IIC) certification should be accumulated within the 10 years immediately prior to the date of application for certification, but it does not need to be continuous. 5.3 It may be the case that an RP performs the key roles and tasks of both Role 1 and Role 2 in Annex 1. In determining whether an RP is required to obtain CCOP(GC), CCOP(IIC) or both, the AI should assess the relative weight and significance of the key roles and tasks performed by the RP. The following is a non-exhaustive list of criteria that can be taken into consideration when assessing which certification a staff member should obtain: • Proportion of time spent on matters related to general compliance and/or investment and insurance compliance; • Extent to which the staff member reports to senior management and/or governance committees on matters related to general compliance and/or investment and insurance compliance; • Level of authority/seniority of the staff member in making decisions for general compliance and/or investment and insurance compliance; and • Organisational structure of the AI. For example, a staff member with roles and tasks dedicated to general compliance and/or investment and insurance compliance may be working in other functions such as Legal or Risk Management. 5.4 Work experience gained in performing AML/CFT compliance functions will be considered on a case-by-case basis for certification as ACOP, CCOP(GC) and CCOP(IIC), taking into account factors such as the level of involvement in compliance job roles as compared to AML/CFT job roles. The following is a list of non-exhaustive examples of work experiences 5 Please see footnote 3. 6 Please see footnote 3. 7 Please see footnote 3.

  • 11 - related to AML/CFT that can be taken into consideration during such an assessment: • Interpreting regulatory requirements and performing impact analysis on the AI; • Implementing and executing the compliance monitoring programmes; • Reporting of regulatory breaches to senior management and/or regulators; and • Designing controls and/or policies and procedures for managing AML/CFT related risks and meeting relevant regulatory requirements. 5.5 The ECF-Compliance certification is subject to annual renewal by the HKIB together with the renewal of the certificate holder’s membership of the HKIB. An RP is required to: (a) complete the annual CPD requirement; and (b) pay an annual certification fee to renew his/her ECF-Compliance certificate. 5.6 The ECF-Compliance is referenced to the Hong Kong Qualifications Framework (QF), with the Core Level and the Professional level training programmes mapped at QF Level 4 (i.e. equivalent to associate degree or higher diploma) and QF Level 5 (i.e. equivalent to bachelor’s degree) respectively.

  1. Training programmes and examinations 6.1 RPs can meet the ECF-Compliance benchmark by: (a) undertaking training programmes offered by the HKIB or other accredited training programmes; and (b) passing certification examinations hosted by the HKIB.
  2. Grandfathering 7.1 An RP may be grandfathered on a one-off basis based on his or her years of qualifying work experience. Such work experience need not be continuous. The detailed grandfathering requirements are as follows:
  • 12 - a) Core Level: • At least 3 years of relevant work experience8 in the general compliance function (for Role 1) or in the investment and/or insurance compliance function (for Role 2) as specified in Annex 1; and • Employed by an AI at the time of application. b) Professional Level: • At least 8 years of relevant work experience9 in the general compliance function (for Role 1) or in the investment and/or insurance compliance function (for Role 2) as specified in Annex 1, of which at least 3 years must be gained from respective Professional Level job roles; and • Employed by an AI at the time of application. 7.2 The majority of work experience gained from different job roles will affect the certification title (i.e. CCOP(GC) and CCOP(IIC)) upon grandfathering for Professional Level. For example, RPs with a majority of work experience gained from Role 1 – General Compliance will be granted the CCOP(GC) certification, while RPs with a majority of experience gained from Role 2 – Investment and Insurance Compliance will be granted CCOP(IIC). 7.3 RPs who have sufficient work experience in Role 1 – General Compliance and Role 2 – Investment and Insurance Compliance can be granted both the CCOP(GC) and CCOP(IIC) certifications (i.e. 8 years of work experience in Role 1 and 8 years of work experience in Role 2). 7.4 Work experience gained from non-bank financial institutions, regulators (e.g. HKMA, SFC, IA, etc.) and professional service firms providing compliance related services will be considered for grandfathering on a case-by-case basis taking into account the level of involvement in performing compliance related key tasks of the ECF-Compliance. 7.5 Work experience gained in performing both compliance and AML/CFT functions will be considered on a case-by-case basis during the grandfathering period, taking into account factors such as the level of involvement in compliance job roles as compared to AML/CFT job roles. The following is a list of non-exhaustive examples of work experiences related to AML/CFT that can be taken into consideration during such an assessment: • Interpreting regulatory requirements and performing impact analysis on the AI; 8 Please see footnote 3. 9 Please see footnote 3.

  • 13 - • Implementing and executing the compliance monitoring programmes; • Reporting of regulatory breaches to senior management and/or regulators; and • Designing controls and/or policies and procedures for managing AML/CFT related risks and meeting relevant regulatory requirements. 7.6 Existing RPs who meet the above criteria can submit their grandfathering applications to the HKIB, the administrator of the ECF-Compliance, from 1 February 2023 to 31 January 2024. A one-off grandfathering fee will apply. 7.7 For other individuals who have the relevant work experience but are not working in an AI or those staff of an AI who are not performing the compliance function during the grandfathering period, they may submit their applications to the HKIB for grandfathering within three months from the date of joining the compliance function of an AI and becoming RPs. However, they should have met all the applicable grandfathering criteria on or before 31 January 2024 as prescribed above. 7.8 Applications for grandfathering are handled and assessed by the HKIB. The HKIB may request that the applicant provide employment records or additional information to substantiate the application for grandfathering. Late application will not be accepted. 7.9 Upon grandfathering, the RP is required to apply for ACOP, CCOP(GC) and/or CCOP(IIC) and to renew the relevant certification annually with the HKIB.

  1. Modular exemption 8.1 An RP may be exempted from specified modules based on completion of eligible training programmes. Please note that the lists of eligible training programmes below are not meant to be exhaustive. Other training programmes covering syllabuses that have significant overlap with that of the ECF-Compliance can also be considered for modular exemption on a case-by￾case basis. The detailed lists of eligible training programmes for modular exemption are as follows:10 a) Module 1 – Ethics and Corporate Governance in the Banking Industry (Core Level) 10 The modular exemption lists may be updated from time to time, and the most up-to-date lists are available at the HKMA’s website (https://www.hkma.gov.hk).
  • 14 - i) An RP who has passed any of the following training programme(s) is eligible to apply for exemption on Module 1 of the ECF-Compliance Core Level training programme: Training Programme Programme Provider Certified Professional Risk Manager Asia Risk Management Institute Certification in Risk Management Assurance Institute of Internal Auditors International Diploma in Governance, Risk and Compliance International Compliance Association Professional Ethics and Compliance module under the Advanced Diploma for Certified Banker (Stage I) The Hong Kong Institute of Bankers Bachelor’s or higher degree in law Universities in Hong Kong or overseas OR ii) An RP who is the holder of the following professional qualification(s) is eligible to apply for exemption on Module 1 of the ECF-Compliance Core Level training programme:
  • Certified Public Accountant of the Hong Kong Institute of Certified Public Accountants (HKICPA); or
  • Full member of Association of Chartered Certified Accountants (ACCA); or
  • Member of overseas accountancy bodies which are eligible for full exemption from the qualification programme for membership admission at the HKICPA under the HKICPA’s reciprocal membership and mutual recognition agreements (as listed on its website).
  1. Continuing professional development (CPD) 9.1 For the Core Level qualification, a minimum of 10 CPD hours is required for each calendar year (ending 31 December), of which at least 5 hours should be on topics related to compliance, legal and regulatory requirements, risk management and ethics. 9.2 For the Professional Level qualifications, a minimum of 12 CPD hours is required for each calendar year (ending 31 December), of which at least 6 hours should be on topics related to compliance, legal and regulatory requirements, risk management and ethics.
  • 15 - 9.3 Any excess CPD hours accumulated within a particular year cannot be carried forward to the following year. 9.4 Activities that qualify for CPD include: (a) Attending seminars or courses (both online and in-person) provided by AIs, financial services regulators, professional bodies, academic and training institutions, and the HKIB; (b) Taking professional examinations; and (c) Delivering training and speeches. 9.5 CPD training topics should be related to banking and finance or the job function. Examples of appropriate training topics include: (a) Compliance, code of conduct, professional ethics or risk management (including AML/CFT and other regulatory related topics); (b) Banking and financial knowledge; (c) Economics; (d) Accounting; (e) Legal principles; (f) Business and people management; (g) Language and information technology; and (h) Subject areas covered in the HKIB’s professional examinations. 9.6 The annual CPD requirements are also applicable to RPs meeting the ECF-Compliance benchmark through the grandfathering route. 9.7 The CPD requirements will be waived for the first calendar year (ending 31 December) of certification and grandfathering. 9.8 RPs are required to self-declare their CPD compliance to the HKIB at the time of certification renewal. Documentary evidence should be kept for random audit by the HKIB. The minimum

  • 16 - CPD requirements will be subject to periodic review in light of the latest developments in the banking sector. For details, please refer to the HKIB’s website (https://www.hkib.org/). 9.9 For the avoidance of doubt, RPs who are captured under multiple ECFs are only required to fulfil the CPD hours for one of their certifications per year (whichever is greater).

  1. Maintenance of relevant records 10.1 AIs should keep proper training, examination and CPD records of RPs for monitoring purposes. AIs that are current employers of RPs are expected to keep and confirm relevant information of their staff to facilitate the HKIB’s processing of the applications for grandfathering and certification. Regarding information related to an RP’s previous employment(s), the current employer of the RP is expected to confirm whether such information is consistent with its records (e.g. curriculum vitae provided by the RP at the time of job application).
  2. Administration of the ECF-Compliance 11.1 The HKIB is the administrator of the ECF-Compliance and will be tasked with certifying the qualification required under the ECF-Compliance, ensuring that applicants are satisfactorily certified under the specified qualification requirements. The HKIB will also be administering the CPD requirements for ECF-Compliance certification holders. 11.2 The HKMA will, as part of its ongoing supervisory process, conduct regular surveys to monitor the progress of AIs’ effort in implementing the ECF-Compliance as a benchmark for enhancing relevant employees’ competence level and on-going professional development.
  3. Accreditation 12.1 The ECF accreditation mechanism is established for interested AIs or education and training operators to have their learning programmes accredited as meeting the ECF standards (including but not limited to the QF Standards) of this ECF module. 12.2 The general criteria for ECF accreditation are as follows: (a) The learning programme meeting the required standards of individual ECF modules including programme objectives and learning outcomes, programme content and
  • 17 - structure, and trainer qualifications and learning mode; (b) Accreditation of the learning programme at corresponding QF Levels; and (c) Endorsement by the ECF Steering Committee. 12.3 In order to satisfy criteria 12.2 (a) and (b) outlined above, (a) For self-accrediting institutions (e.g. institutions funded by the University Grants Committee, including their continuing education arms)/institutions with Hong Kong Council for Accreditation of Academic and Vocational Qualifications (HKCAAVQ) Programme Area Accreditation (PAA) status in related programme areas, they are required to: (i) complete internal quality assurance processes for meeting the relevant ECF standards and the corresponding QF Level and (ii) be assessed by HKCAAVQ as fulfilling the ECF training objectives; and (b) For other institutions, they are required to complete the accreditation by HKCAAVQ to confirm that their learning programmes can meet the ECF training objectives and the corresponding QF Level. 12.4 HKCAAVQ will accept applications for ECF accreditation starting 1 November 2022. 12.5 Based on the relevant accreditation or assessment report submitted by the applicant, the ECF Steering Committee will confirm whether the training programme is or is not successful in qualifying as an ECF accredited programme. The route for ECF accreditation mechanism is illustrated at Annex 4.

  • 18 - Annex 1 - ECF-Compliance: Key roles and tasks for Relevant Practitioners Role 1 – General Compliance Role 2 – Investment and Insurance Compliance Core Level (For entry to junior level staff with less than 5 years of work experience) Examples of functional title (for reference only) Compliance Officer, Compliance specialist, Associate/Assistant Compliance Manager Key Tasks • Assist in drafting, revising and updating the AI’s compliance policies, procedures, guidelines and compliance related documents to ensure congruence with its legal and regulatory obligations and the AI’s internal requirements • Assist in performing compliance testing and other reviews according to the compliance monitoring programmes to ensure the AI’s compliance with applicable legal and regulatory requirements, and codes of conduct • Assist in performing compliance assessments and reviews on business activities as mandated by the compliance function to identify, assess and monitor compliance risk and mitigate any conduct and reputational risk issues • Assist in compiling reports on compliance related matters and/or transactions monitoring to senior management • Conduct initial analysis and facilitate the investigation of suspicious activities and report any possible breaches of laws and regulations in business activities • Conduct initial investigation of non-compliance issues and monitor the status of remedial actions taken • Assist in providing general advice on laws, rules and standards to the business units and senior management • Assist in drafting, revising and updating whistleblowing policies and procedures for identifying and reporting potential and actual non-compliance issues • Maintain regular communication and interaction with operational risk, market risk and credit risk colleagues to understand current areas of heightened operational risk, market risk and credit risk. Assist line managers in maintaining these relationships to ensure a coordinated approach to managing risk in the organisation • Assist in liaising with local regulators on a regular basis to ensure open lines of communication, maintain reporting obligations and handle requests • Handle information requests from local regulators and coordinate with respective business units in responding to regulatory enquiries • Perform research and gap analysis on key legal and regulatory changes both in Hong Kong and relevant overseas jurisdictions • Prepare training materials on compliance related matters and assist in providing training to business departments/operation units in Hong Kong

  • 19 - Role 1 – General Compliance Role 2 – Investment and Insurance Compliance Professional Level (For staff taking up middle to senior level positions in the compliance function with 5+ years of work experience) Examples of functional title (for reference only) General Compliance Manager, Regulatory Compliance Manager Investment and Insurance Compliance Manager Key Tasks • Develop, review, evaluate and update the AI’s compliance policies, procedures, guidelines and compliance related documents to ensure congruence with its legal and regulatory obligations and the AI’s internal requirements • Establish and review compliance monitoring programmes to ensure the AI’s compliance with applicable legal and regulatory requirements, and codes of conduct • Conduct independent compliance assessments and reviews as mandated by the compliance function to identify, assess and monitor compliance risk and mitigate any conduct and reputational risk issues • Report to and advise senior management on compliance related matters • Investigate suspicious activities and report any possible breaches of laws and regulations in business activities • Analyse areas of non-compliance and identify actions for improvement • Monitor the effectiveness of any remedial actions taken • Provide advice and recommendations on laws, rules and standards to the business units • Maintain a strong understanding of new and emerging products and services and the compliance implications on the AI of such • Develop, review, evaluate and update the AI’s compliance policies, procedures, guidelines and compliance related documents to ensure congruence with its legal and regulatory obligations and the AI’s internal requirements • Establish and review compliance monitoring programmes to ensure the AI’s compliance with applicable legal and regulatory requirements, and codes of conduct covering the selling process • Report to and advise senior management on compliance related matters including sales suitability, financial need analysis and cross border selling restrictions • Investigate suspicious activities and report any possible non-compliance incidents related to AI’s investment and insurance business activities • Identify and handle non-compliance issues and monitor the effectiveness of any remedial actions taken • Provide advice on business initiatives, product development, and review and approve marketing materials for dissemination • Provide advice and guidance on compliance related matters to relationship managers and investment and insurance product managers • Liaise with local regulators on a regular basis to ensure open lines of communication, maintain reporting obligations and handle requests

  • 20 - Role 1 – General Compliance Role 2 – Investment and Insurance Compliance Professional Level (For staff taking up middle to senior level positions in the compliance function with 5+ years of work experience) products and services • Develop, review, evaluate and update escalation and whistleblowing policies and procedures for identifying and reporting potential and actual non￾compliance issues • Maintain regular communication and interaction with operational risk, market risk and credit risk colleagues to understand current areas of heightened operational risk, market risk and credit risk • Liaise with local regulators on a regular basis to ensure open lines of communication, maintain reporting obligations and handle requests • Develop and implement transactions monitoring and surveillance infrastructure on general banking activities • Track and capture key legal and regulatory changes both in Hong Kong and relevant overseas jurisdictions and notify relevant stakeholders to ensure the business operations of the AI could meet the relevant requirements • Provide advice and compliance related training to business units in Hong Kong • Develop and implement transactions monitoring and surveillance infrastructure on investment and insurance business activities • Track and capture key local and regulatory changes both in Hong Kong and relevant overseas jurisdictions and notify relevant stakeholders to ensure the business operations of the AI could meet the relevant requirements • Provide advice and training on investment and insurance compliance to business units in Hong Kong

  • 21 - Annex 2 - ECF-Compliance: Competency framework Role 1 – General Compliance Role 2 – Investment and Insurance Compliance Core Level Qualification • Completion of Module 1 to Module 3 of the ECF-Compliance Core Level training programme (benchmarked at the QF Level 4) and experience 11 Certification title • Associate Compliance Professional (ACOP) Exemption RP who has passed the following training programme(s) is eligible to apply for exemption on Module 1 of the ECF-Compliance Core Level training programme: • Certified Professional Risk Manager of the Asia Risk Management Institute (ARIMI); or • Certification in Risk Management Assurance of the Institute of Internal Auditors (IIA); or • International Diploma in Governance, Risk and Compliance of the International Compliance Association (ICA); or • Professional Ethics and Compliance module under the Advanced Diploma for Certified Banker (Stage I) of the HKIB; or • Bachelor’s or higher degree in law; or • Certified Public Accountant of the Hong Kong Institute of Certified Public Accountants (HKICPA); or • Full member of Association of Chartered Certified Accountants (ACCA); or • Members of overseas accountancy bodies which are eligible for full exemption from the qualification programme for membership admission at the HKICPA under the HKICPA’s reciprocal membership and mutual recognition agreements (as listed on its website). Remarks: Other equivalent academic/professional qualifications in compliance may be considered for exemption on Module 1 on a case-by-case basis. RPs will need to provide detailed information on such qualifications (e.g. training course syllabus, examination syllabus) to the HKIB to facilitate their assessment. The assessment to determine if the RPs are qualified for exemption will be focused on: • The content of the syllabus to ensure there is adequate coverage of the ECF￾Compliance syllabus; and • The level of the examination (e.g. QF Level or academic level) of the compliance related training programmes/qualifications. 11 Module 1 and Module 2 are identical for both ECF-Operational Risk Management and ECF-Compliance. Hence, an RP who has completed Module 1 and/or Module 2 under either of these ECF streams will not be required to complete the same module(s) when he/she undertakes the training programme under the other ECF stream.

  • 22 - Grandfathering (on a one-off basis) • Possessing at least 3 years of relevant work experience12 in a general compliance function (for Role 1) or in an investment and/or insurance compliance function (for Role 2), which is related to the key tasks in Annex 1; and • Employed by an AI at the time of application. CPD requirements • A minimum of 10 CPD hours is required for each calendar year, of which at least 5 hours should be on topics related to compliance, legal and regulatory requirements, risk management and ethics • Qualified CPD activities include: (a) attending seminars or courses (both on-line and in-person) provided by AIs, financial services regulators, professional bodies and academic and training institutions and the HKIB; (b) taking professional examinations; and (c) delivering training and speeches 12 Please see footnote 3.

  • 23 - Role 1 – General Compliance Role 2 – Investment and Insurance Compliance Professional Level Qualification • Completion of Module 4 of the ECF￾Compliance Professional Level training programme (benchmarked at QF level 5) on top of the Core Level certification; and • Having at least 5 years of relevant work experience in the general compliance function. • Completion of Module 4 and Module 5 of the ECF-Compliance Professional Level training programme (benchmarked at QF level 5) on top of the Core Level certification; and • Having at least 5 years of relevant work experience in the investment and/or insurance compliance function. and experience Certification title • Certified Compliance Professional – General Compliance Stream (CCOP(GC)) • Certified Compliance Professional – Investment and Insurance Compliance Stream (CCOP(IIC)) Grandfathering (on a one-off basis) • Possessing at least 8 years of relevant work experience13 in the general compliance function which is related to the key tasks in Annex 1, of which at least 3 years are gained from respective Professional Level job roles; and • Employed by an AI at the time of application • Possessing at least 8 years of relevant work experience14 in the compliance function for investment and/or insurance business activities which is related to the key tasks in Annex 1, of which at least 3 years are gained from respective Professional Level job roles; and • Employed by an AI at the time of application CPD requirements • A minimum of 12 CPD hours is required for each calendar year, of which at least 6 hours should be on topics related to compliance, legal and regulatory requirements, risk management and ethics • Qualified CPD activities include: (a) attending seminars or courses (both on-line and in-person) provided by AIs, financial services regulators, professional bodies and academic and training institutions and the HKIB; (b) taking professional examinations; and (c) delivering training and speeches 13 Please see footnote 3. 14 Please see footnote 3.

  • 24 - Annex 3 - ECF-Compliance: Learning outcomes and syllabus Learning Outcomes Core Level (Benchmarked at QF Level 4) Module 1 – Ethics and Corporate Governance in the Banking Industry Module 2 – Regulatory Framework and Compliance in the Banking Industry Module 3 – An Effective Compliance Function Learning outcomes - after completing Modules 1 to 3, participants will be able to: • Comply with business ethics and understand their place within modern financial institutions; understand ethical questions encountered in the second line of defence in the context of the broader risk environment • Assess the regulatory landscape as per defined guidelines and procedures and identify non-compliance issues encountered by different business units of the AI • Interpret the requirements of compliance monitoring activities and how to execute these activities • Analyse compliance vulnerabilities/risks within different business units and implement controls to adequately mitigate such risks • Examine compliance breaches and prepare compliance reports to escalate compliance matters to relevant stakeholders • Apply different compliance tools to manage and control compliance risk • Apply compliance knowledge in the support and delivery of compliance related training • Understand Regtech adoption in performing compliance and risk management functions Professional Level (Benchmarked at QF Level 5) Module 4 – Regulatory Compliance (Advanced) & Building a Sustainable Compliance Framework - General Compliance (For Relevant Practitioners who are performing Role 1 – General Compliance function and Role 2 – Investment and Insurance Compliance function) Learning outcomes - after completing Module 4, participants will be able to: • Formulate or review compliance policies, procedures and internal standards for the AI • Plan the implementation of compliance monitoring programmes and execute these programmes • Evaluate compliance risk and devise appropriate response plans and mitigating measures • Assess the effectiveness of the compliance risk management framework implemented and review associated policies and procedures to ensure the AI can meet the compliance standards • Design and deliver compliance related training to business units • Build and promote a strong compliance culture within the AI • Manage and investigate non-compliance issues of the AI and monitor the effectiveness of any remedial actions taken • Evaluate appropriate Regtech solutions for performing compliance and risk management functions

  • 25 - Module 5 – Investment and Insurance Compliance (For Relevant Practitioners who are performing Role 2 - Investment and Insurance Compliance function) Learning outcomes - after completing Module 5, participants will be able to: • Formulate or review compliance policies and procedures and internal standards associated with investment and insurance business for the AI • Plan the implementation of compliance monitoring programmes associated with investment and insurance business and execute these programmes • Evaluate compliance risk and apply appropriate response plans and mitigating measures associated with investment and insurance business • Manage and investigate non-compliance issues of the investment and insurance business of the AI and propose remedial actions to senior management • Specify the compliance requirements associated with the investment and insurance business • Understand the regulatory approach adopted by various regulators for the investment and insurance business of the AI • Specify regulatory expectations in Hong Kong regarding the sale of investment and insurance products and related submissions

  • 26 - Syllabus Core Level (Benchmarked at QF Level 4) Module 1 – Ethics and Corporate Governance in the Banking Industry • Business ethics

  • Understand business ethics, their place within modern financial institutions, ethical questions encountered in the second line of defence in the context of the broader risk environment

  • Provide understanding of identification and analysis of ethical situations in financial institutions and the management of ethics

  • Overview of ethical behaviour application and ethical decision making in the second line of defence in the context of the broader risk environment • Understanding governance, risk and compliance

  • Fundamentals of governance, risk and regulatory compliance and why there is a need to understand the regulatory landscape for financial institutions

  • Key tenets of governance and culture for effective management of regulatory compliance e.g. why risk management is the key to effective compliance

  • The role of the compliance department and compliance professionals in Governance, Risk and Compliance • Overview of Section 71 & 72B of Banking Ordinance (Cap. 155) and Supervisory Policy Manual related to corporate governance • Corporate governance in the banking industry and requirements mandated upon AIs

  • Corporate governance code (for listed AIs)

  • Code of conduct, common policies and procedures

  • Corporate social responsibility • Case studies, good practices and challenges associated with ethics and corporate governance in the banking industry Module 2 – Regulatory Framework and Compliance in the Banking Industry • Overview of the regulatory framework under the Hong Kong Monetary Authority (HKMA), the Securities and Futures Commission (SFC) and the Insurance Authority (IA)

  • Overview of the regulatory regime in Hong Kong, providing an understanding of how regulations and applicable laws impact the operations of financial institutions • HKMA Bank culture reform (Governance, Incentive systems, Assessment and Feedback mechanisms) • Introduction to international regulation (roles of regulator, regulatory powers, different international regulatory models, latest market trends) • Regulatory objectives and relevant mandates

  • Personal Data (Privacy) Ordinance

  • EU General Data Protection Regulation (GDPR)

  • Code of Banking Practice

  • Code of Conduct for Persons Licensed by or Registered with the SFC • Supervisory approach and Manager-In-Charge (MIC) Regime

  • Specific overview of the MIC regime and the compliance implications upon AIs in Hong Kong • Formulation of internal policies, standards and guidelines

  • An overview of good practices in the implementation of internal governance documents (including internal policies, standards and guidelines) to ensure compliance with regulatory frameworks • Overview of the investment and insurance products in Hong Kong • Registration and licensing requirements, including listing rules (for listed AIs)

  • The process that needs to be undertaken to ensure compliance with registration and licensing regulations • Examples of regulatory breaches • Overview of the future of banking and expected compliance requirements covering areas such as sustainability, green finance, cross-border activities and virtual banking

  • 27 - • Case studies, good practices and challenges associated with adapting to regulatory changes in the banking industry Module 3 – An Effective Compliance Function • Overview of an effective compliance function

  • An overview of how organisations can drive an organisational culture of compliance • Principles and components of compliance frameworks and internal controls

  • An overview of the key principles and components required for an effective compliance function

  • The importance of the compliance function in delivering more than incident prevention and ensuring legal compliance • Understanding the organisational structure of HKMA and the roles and responsibilities among departments • Roles and responsibilities of a compliance function

  • Key compliance activities and processes

  • The impact of an effective compliance programme and function on an organisation

  • Core foundational elements: • Compliance structure • Compliance risk assessment • Compliance annual plan and testing • Compliance monitoring and review • Compliance reporting and escalation • Compliance breaches investigation (including escalation and whistle-blowing) • Understanding operational risk management • Implementation of compliance programmes

  • An explanation of how formal compliance programmes are implemented, diving into how compliance programmes are applied in practice • Understanding compliance tools

  • An overview of the technologies, workflows, policies, monitoring, and training necessary to create an effective compliance function

  • Governance, Risk and Compliance (GRC) tools that can be implemented and how they can interact with existing business systems

  • Regtech solutions that can be implemented and how they can be applied in performing compliance and risk management functions • Regtech: Overview and Emerging Trend of Development

  • Introduction to Regtech

  • Evolution of Regtech

  • Importance of Regtech to the Banking Industry

  • Regtech’s Underlying Technologies

  • Regtech’s Application Areas

  • Regtech: Current State and Government Initiatives

  • Regtech Adoption in HK: Opportunities and Challenges

  • Case Studies and Insights: Regtech Applications in Banks

  • Suptech and HKMA’s Adoption of Suptech

  • Future of Regtech • Legislative Framework and Regtech Overview

  • Regtech Taxonomy, LoNG PESTEL, BIDT

  • Why banking is under regulation?

  • History of Regtech

  • Regtech 1.0, 2.0 …..

  • Regtech – Digital Identity and Digital Signature

  • Managing Trust and Managing Risk • Data, Financial Intelligence and Customer Protection

  • Data Governance in Opening Banking Regtech – ownership, stewardship, custodian

  • Digital (Computer) Forensics in Regtech

  • 28 -

  • Corporate Strategy, Data Governance and Incident Response • Case studies, good practices and challenges associated with compliance

  • Developing a sound compliance culture in the organisation, including setting the right tone from the top, defining clear accountability for compliance and creating the right incentives

  • Development of performance indicators and reporting mechanisms

  • Maintaining governance for the oversight of compliance risk

  • Direct reporting line to the board or a board committee

  • Access to all relevant information to enable the function to carry out its responsibilities

  • Compliance training and communications strategy

  • 29 - Professional Level (Benchmarked at QF Level 5) Module 4 – Regulatory Compliance (Advanced) & Building a Sustainable Compliance Framework – General Compliance (For Relevant Practitioners who are performing Role 1 – General Compliance function and Role 2 – Investment and Insurance Compliance function) • Sound bank culture – Banks are expected to develop and foster a sound culture that promotes fair treatment of customers; embedding a culture of compliance within an organisation and implementing a successful and sustainable compliance framework in line with behavioural standards that promote a customer-centric culture • An in-depth review of the essentials/elements to a successful and sustainable compliance framework:

  • Codes of conduct; Policies, procedures, and standards; Training; Development of a compliance plan; Information flows; Communication and interaction with business partners; Sustainable monitoring and reporting. • Investigation and enforcement orders – an overview of the strategies for dealing with non-compliance, particularly in the light of Hong Kong’s regulations: • Managing non-compliance • Use of a Senior Response Team • Reporting and other communication (both internally and externally) • Enforcing compliance discipline within an organisation • Root cause analysis of compliance breaches • Regular review of the effectiveness of monitoring measures on non-compliance • Application of key regulatory requirements/expectations and international regulatory standards • Key Banking Regulations (e.g. Banking Ordinance (Cap. 155))

  • Banking (Disclosure) Rules (Cap. 155M)

  • Banking (Exposure Limits) Rules (Cap. 155S)

  • Code of Practice, Supervisory Policy Manual, Guide to Authorisation, and other supervisory guidance

  • Treat Customers Fairly Charter

  • Code of Banking Practice, and other industry standards/good practices

  • Deposit Protection Scheme (Representation on Scheme Membership and Protection of Financial Products under Scheme) Rules and Deposit Protection Scheme (Asset Maintenance) Rules • Other Financial Regulations

  • Securities and Futures Ordinance (Cap. 571) and rules (e.g. Cap. 571AL and 571AN on OTC derivatives reporting and clearing)

  • Insurance Ordinance (Cap. 41), including subsidiary legislation, and the codes, guidelines, circulars of the IA

  • Markets in Financial Instruments Directive (MiFID II)

  • Mandatory Provident Fund (MPF) Schemes Ordinance (Cap. 485)

  • Personal Data (Privacy) Ordinance, Ethical Accountability Framework, as well as relevant codes of practice/guidelines issued by Privacy Commissioner for Personal Data • Some areas of regulatory focus

  • Suitability, best execution, virtual banking, complaint handling, staff dealing policy, digital financial services, engagement of third parties such as lending intermediaries

  • Key challenges and the future of compliance • Disruptive Changes in Banking, Finance and Regulations

  • Disruptive Innovation and Technology in Banking and Finance

  • Scoping Exercise re Future Money and Crypto-tokens

  • Disruptive Changes Impacting Banking and Regulation • Banking Strategy: Crossroad Regtech 1.0 or Regtech 2.0

  • What is Regtech 2.0

  • Case Study: Regtech 2.0 as an integral part of WealthTech Application/ Robotrader

  • Regtech 2.0 in Open Banking APIs and Open Banking Architecture • Smart Banking, and Smart Regtech

  • FPS and Regtech 2.0

  • 30 -

  • CBDC/ DCEP

  • Smart Contracts

  • Algorithmic Regulation: Automating Financial Compliance Monitoring and Regulation using AI and Blockchain

  • Standards-based Technology Architecture for Regtech

  • Future Banking and Regtech Strategy • Case studies, good practices and challenges associated with compliance

  • Keeping up with regulatory changes and maintaining compliance in a changing landscape

  • Mapping of current controls and standards against new or updated regulations and the translation to policy and processes

  • Comprehensive inventory of all legal and regulatory requirements in place to develop a risk-based compliance risk assessment programme Module 5 – Investment and Insurance Compliance (For Relevant Practitioners who are performing Role 2 – Investment and Insurance Compliance function) • Regulatory requirements on sales of financial products

  • Overview of relevant sections of Supervisory Policy Manual, Guidelines and Circulars issued by HKMA

  • Securities and Futures Ordinance

  • Code of Conduct for Persons Licensed by or Registered with the SFC and other relevant guidelines and circulars issued by the SFC relating to the requirements on sales of financial products, including but not limited to online distribution of complex/non-complex investment products (e.g. such as product due diligence, selling and suitability are indeed stated in the SFC’s guidelines/circulars, rather than the principle-based Code of Conduct)

  • Insurance Ordinance (Cap. 41)

  • Code of Conduct for Licensed Insurance Agents and Code of Conduct for Licensed Insurance Brokers and other guidelines issued by the IA in relation to sale of insurance products

  • Mandatory Provident Fund (MPF) Schemes Ordinance (Cap. 485)

  • Guidelines on Conduct Requirements for Registered Intermediaries (issued by the Mandatory Provident Fund Schemes Authority) • Overview of the regulatory approach adopted by regulators towards financial services organisations

  • The remit of different regulators and different areas of focus for individual regulators, e.g. illustration of the relationship between the SFC and HKMA and the IA’s delegation of inspection and investigation powers to the Monetary Authority • Regulatory expectations regarding the sale of investment products and handling of client securities

  • Investor protection measures, professional investor regime, and private placement regime

  • Pre-trade disclosure requirements (e.g. disclosure of risk statements, providing information to customers to make informed decisions)

  • Requirements relating to sales suitability in online and offline environments (e.g. know your clients, understanding the investment products being recommended to clients, providing suitable recommendations by matching the risk-return profile of each investment product with the personal circumstances of each client, consideration of concentration risk based on available information about the customer, portfolio suitability and robo-advisory)

  • Portfolio-based suitability assessment for private banking customers

  • Alternative investment products (e.g. any advice or recommendations provided to customers is based on analysis and incorporates consideration of available alternatives)

  • Best execution (e.g. controls to ensure client orders are executed at the best prevailing prices, monitoring measures carried out to review trade execution quality)

  • Complex products (e.g. definition and factors for consideration, disclosure and warning statements)

  • Cross-border business activities

  • 31 -

  • Conflicts of interest (e.g. disclosure and fair treatment, independence, the sale of in-house products issued by related entities)

  • Compliance with licensing requirements (e.g. “Fit and Proper” criteria, competence, continuous professional development)

  • Controls reviews required when handling client securities and selling/distributing investment products (e.g. control systems must be implemented and regularly reviewed to ensure compliance with regulatory expectations) • Treat Customers Fairly Charter - Banking services and products must be designed to meet the needs of customers, clearly outline the features, risks and applicable fees associated with the products offered • Specific requirements on the sale of insurance products

  • Overview of relevant sections of the Insurance Ordinance (Cap.41) and relevant codes, guidelines and circulars issued by the IA including the Code of Conduct for Licensed Insurance Agents, the Code of Conduct for Licensed Insurance Brokers and guidelines on "Fit and Proper" criteria for licensed insurance intermediaries, offering of gifts, long term insurance policy replacement, benefit illustrations for long term insurance policies, cooling-off period, financial needs analysis, etc., and circulars issued by HKMA, e.g. circulars on selling of annuity insurance products • The regulatory submissions required when selling investment and insurance products

  • AIs as RIs under the SFO regime

  • Registration required for AIs under the SFO, communication of changes in management, handling of client securities, corporate governance

  • AIs as licensed insurance intermediaries under the Insurance Ordinance regime

  • Licensing required for AIs as licensed insurance intermediaries under the Insurance Ordinance and relevant rules and guidelines issued by the IA, such as guidelines on "Fit and Proper" criteria for licensed insurance intermediaries, and continuing professional development • Case studies, good practices and challenges associated with compliance

  • Embedding a compliance culture and an understanding of the compliance risk appetite across different business units

  • Alignment of compliance activities with the AI's strategic objectives

  • Involvement of compliance where the AI seeks to undertake significant decisions, major change projects, strategic initiatives and major transactions

  • 32 - Annex 4 – Accreditation mechanism for the ECF-Compliance Subject to re-accreditation/re-assessment by HKCAAVQ Endorsement by ECF Steering Committee Applicant to notify ECF Steering Committee the intention of obtaining accreditation with programme objectives & learning outcomes, programme syllabus, training materials, and trainers’ profile for record Obtain ECF and QF accreditation through HKCAAVQ Submit proof of ECF and QF accreditation Training programme accredited for ECF Register on the QR Submit proof of ECF assessment

  1. Complete internal quality assurance processes for meeting ECF objectives and QF standards
  2. Obtain ECF assessment through HKCAAVQ Non self-accrediting institutions Self-accrediting institutions / institutions with HKCAAVQ PAA Status