2025-12-19

Added · Updated

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5

The Hong Kong Monetary Authority issued this statutory guideline to require Authorized Institutions to implement robust systems and controls for identifying, measuring, and monitoring exposures to connected parties. The document defines connected parties under the Banking (Exposure Limits) Rules and enforces strict statutory limits, including a 15% aggregate exposure ratio and specific caps on individual natural person exposures. It further mandates board oversight, arm's length transaction standards, and comprehensive disclosure to prevent conflicts of interest and ensure financial stability.

Hong Kong Monetary Authority logo

Hong Kong

Hong Kong Monetary Authority

Click to view thumbnail

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 1 This module should be read in conjunction with the Introduction and with the Glossary, which contains an explanation of abbreviations and other terms used in this Manual. If reading on-line, click on blue underlined headings to activate hyperlinks to the relevant module. ————————— Interpretation In this module (including the Annex): • BELR means the Banking (Exposure Limits) Rules (Cap. 155S); • unless otherwise specified, a reference to a Rule, Subdivision, Division or a Part means a Rule, Subdivision, Division or a Part respectively of the BELR Purpose To specify systems and controls that AIs should have in order to identify, measure, monitor and control their exposures to connected parties (including those covered under Part 8) Classification A statutory guideline issued by the MA under the Banking Ordinance, §7(3) Previous guidelines superseded Circular “Connected lending” dated 12.11.99; CR-G-9 “Connected Lending” (V.1) dated 29.06.01, CR-G-9 “Exposures to Connected Parties” (V.2) dated 20.11.15, CR-G-9 “Exposures to Connected Parties” (V.3) dated 27.12.19 and CR-G-9 “Exposures to Connected Parties” (V.4) dated 13.12.2024 Application To all AIs incorporated in Hong Kong

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 2 Structure

  1. Introduction 1.1 Background and scope
  2. Statutory limitation on exposures to connected parties 2.1 Scope of connected parties 2.2 Limits under Rule 87 2.3 Determination of connected party exposures 2.4 Exposures disregarded under Rule 92 2.5 Exposures protected by recognized credit risk mitigation
  3. Controls over exposures to connected parties 3.1 Oversight by Board of Directors 3.2 Policy on exposures to connected parties 3.3 Monitoring of exposures to connected parties 3.4 Compliance with Section 3
  4. Disclosure and regulatory reporting 4.1 Financial disclosure 4.2 Regulatory reporting 4.3 Capital adequacy treatment Annex A: Illustration of scope of coverage of statutory limits under Part 8

  1. Introduction 1.1 Background and scope 1.1.1 This module provides guidance on the manner in which the MA proposes to exercise functions in relation to the statutory limitation on the exposures of AIs incorporated in Hong Kong to connected parties under Part 8, and sets out prudent controls and risk management measures applicable to exposures to connected parties. AIs should read this module in

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 3 conjunction with the relevant provisions of the BELR. 1.1.2 As a general rule, an AI should deal with its connected parties on an arm’s length basis to protect its best interests. 1.1.3 Part 8 limits the exposures 1 which an AI incorporated in Hong Kong may incur against its connected parties. This is to reduce the risk of improper and excessive lending to connected parties which may jeopardise an AI’s interests or be detrimental to its financial position. A breach of the statutory limits under Rule 87 (or, if applicable, that rule as varied under Rule 88(1)) of Part 8 by an AI is a serious matter and constitutes a “notifiable event” defined under Rule 7(2). An AI must notify the MA of a notifiable event as soon as practicable after it is aware of the event or ought to be aware of the event. Further, §81A(5) of the Banking Ordinance requires that an AI complies with provisions of the BELR applicable to it. Non-compliance with an applicable provision in Part 8 would thus constitute a breach of the Ordinance and may also call into question whether the AI continues to satisfy the relevant authorization criteria specified in the Seventh Schedule to the Ordinance. 1.1.4 Therefore, AIs should monitor carefully their exposures to connected parties, whether natural persons or companies, and take appropriate steps to control or reduce the risks of connected lending. 1.1.5 To prevent breaching the statutory limits under Part 8 and imprudent connected lending, AIs should have a robust system of checks and balances to monitor compliance with the limits, uphold impartiality and prevent credit activities of any kind (including on- and off-balance sheet transactions) which override established credit approval policies and procedures 1 Given that the valuation of exposure under Part 8 takes into account recognized credit risk mitigation, essentially only the amount of exposure unprotected by recognized credit risk mitigation is subject to the limits under Part 8.

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 4 when granting credit facilities to connected parties. AIs should also ensure that the credit assessment undertaken for such lending should be no less stringent than that performed on non-connected parties, and the terms and conditions of such lending (e.g. tenor, interest rates, fees, amortisation schedules and collateral requirements) no more favourable than those applicable to non-connected parties with similar background and creditworthiness. 1.1.6 The principle of impartiality and other standards laid down in this module should also apply to other business transactions and dealings (e.g. acquisition/sale of assets, service contracts, lease agreements and construction contracts) between AIs and their connected parties. 1.1.7 Rule 6 empowers the MA to require an AI to comply with the statutory limits under the BELR (including the limits on connected party exposures under Rule 87) on an unconsolidated basis2 , a consolidated basis, or on both an unconsolidated and a consolidated basis. The MA has the discretion to specify which subsidiaries of an AI are to be included in the consolidation. Generally, consolidation for the purposes of Rule 6 will include subsidiaries that undertake financial business and those which incur risks regulated by the BELR (e.g. subsidiaries that engage in banking, property-holding, hire purchases, etc.). See Rule 6 and CR-L-1 “Consolidated Supervision of Concentration Risks: BELR Rule 6” for more guidance. 1.1.8 When the MA requires an AI to apply the provisions in relation to exposures to connected parties in Part 8 on a solo-consolidated basis or consolidated basis, the MA will specify the manner to implement the consolidation in practice. Unless otherwise specified by the MA, consolidation will only apply to the connected exposures incurred by the AI and all the 2 The application of any provision of the BELR to an AI incorporated in Hong Kong on an unconsolidated basis could be further categorised as being applicable on a solo basis or solo-consolidated basis.

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 5 specified subsidiaries to the connected parties of the AI. The AI’s exposures to the connected parties of the subsidiaries and the subsidiaries’ exposures to their own connected parties will not be consolidated for the purposes of Part 8. 2. Statutory limitation on exposures to connected parties 2.1 Scope of connected parties 2.1.1 Below is a list of connected parties in relation to an AI as specified under Rule 85(1), with respect to which the statutory limits prescribed under Rule 87 apply: Relationship of connected party with AI Exclusion (i) A director, and, where such director is a natural person, the relatives of such director N/A (ii) An employee who is responsible, either as a member of a committee (e.g. Credit Committee) or individually, for approving applications for financial facilities 3 , and the relatives of such employee N/A (iii) A controller 4 or minority shareholder controller, and where such controller or minority shareholder controller is a natural person, the relatives of such controller or minority shareholder controller Excluded if the controller or minority shareholder controller is another AI, or an entity which is not an AI but is approved by the MA under Rule 85(3) (iv) A firm, partnership or non-listed company5 in which the AI or any of its controllers, minority shareholder controllers or directors (including their relatives in the case of natural persons) is interested as a director, partner, manager or agent Excluded if the firm, partnership or non-listed company is another AI, or an entity which is not an AI but is approved by the MA under Rule 85(3) 3 The term “financial facility” is defined in Rule 2(1). 4 The term “controller” means any person who is an indirect controller or a majority shareholder controller as defined in §2(1) of the Banking Ordinance. 5 A “non-listed company” is defined under Rule 84(1) as a company not listed on a recognized stock market but excludes any statutory corporation specified in Schedule 3 to the BELR.

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 6 (v) A natural person, firm, partnership or non-listed company to whom the AI has provided a financial facility in respect of which a controller, minority shareholder controller or director of the AI (including their relatives in the case of natural persons) is a guarantor6 N/A 2.1.2 For connected parties who are natural persons, the term “relative” is defined under Rule 85(4) to mean the following: (a) a parent; (b) a step-parent or adoptive parent; (c) the spouse; (d) if the person is a party to a union of concubinage— the other party of the union; (e) a cohabitee; (f) a parent, step-parent or adoptive parent of a spouse; (g) a son, step-son, adopted son, daughter, step￾daughter or adopted daughter. The terms “adopted”, “cohabitee”, “party to a union of concubinage” and “union of concubinage” are also defined under that Rule. 2.1.3 Under Rule 84(1), a connected natural person is defined, in substance, as a natural person who is a connected party of the AI as specified in (i), (ii) or (iii) of section 2.1.1 above. Rule 94(2) further provides that an exposure of an AI to any firm, partnership or non￾listed company which a connected natural person is able to control shall be deemed to be an exposure to that person. 2.1.4 For the purpose of Rule 94(2), a firm, partnership or non-listed company (“controlled entity”) is treated as being controlled by a connected natural person if: 6 For the avoidance of doubt, this is only limited to cases where the guarantee from the relevant guarantor is on the performance of the natural person, firm, partnership or non-listed company to whom the AI has provided a financial facility.

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 7 (a) the person owns more than 50% of the voting rights in the controlled entity; (b) the person has control of a majority of the voting rights in the controlled entity under an agreement with other shareholders (or similar holders of voting rights); (c) the person has the right to appoint or remove a majority of the members of the controlled entity’s board of directors (or a similar governing body); (d) a majority of the members of the controlled entity’s board of directors (or a similar governing body) have been appointed solely as a result of the person exercising his or her voting rights; or (e) the person has the power, under a contract or otherwise, to exercise a controlling influence over the management or policies of the controlled entity. 2.2 Limits under Rule 87 2.2.1 Rule 87 imposes various limits on the exposures of AIs incorporated in Hong Kong to their connected parties who might be able to exert undue influence on the AIs’ activities. 2.2.2 Under Rule 88, the MA may, by written notice served on an AI, vary any or all of the limits prescribed under Rule 87 for the AI if the MA, after taking into account the considerations set out in Rule 88(2), is satisfied on reasonable grounds that it is prudent to do so. While the MA may raise or lower a limit under this power, the policy intent is to use the power for tightening a limit only as the situation warrants, e.g. the AI has shown significant weakness in its internal control systems to prevent conflict of interest relating to connected party exposures. 2.2.3 Under Rule 87(a), an AI’s aggregate connected parties exposure ratio (“ACPE ratio” ) 7 must not exceed 15%. 7 ACPE ratio is defined under Rule 84(1) as the ratio of an AI’s aggregate connected parties exposure (“ACP exposure”) to the amount of the AI’s Tier 1 capital.

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 8 2.2.4 Under Rule 87(c), an AI’s aggregate single connected party exposure (“ASCP exposure”) 8 to each connected natural person must not exceed the lower of (i) HK$20 million and (ii) 5% of the amount of the AI’s Tier 1 capital; and, under Rule 87(b), its aggregate connected natural persons exposure ratio (“ACNPE ratio”) 9 must not exceed 5%. 2.2.5 For AIs’ reference, a chart illustrating the scope of coverage of the statutory limits under Part 8 is set out in Annex A. 2.3 Determination of connected party exposures 2.3.1 The method for valuing an exposure to a connected party is generally the same as that for valuing an exposure to a counterparty under Part 7, subject to any modification under Division 4 of Part 8. In particular, since the valuation of an exposure takes into account credit risk mitigation under Subdivision 2, Division 3 of Part 7, only the CRM uncovered portion 10 of an exposure (as defined under Part 7) to a connected party is subject to the statutory limits under Part 8. 2.3.2 For determining the amount of exposures to a connected party under Part 8, an AI should take into account the following: (a) Under Rule 93A, Rule 48(1)(a) (which exempts certain exposures of the AI to its affiliates) must be disregarded; (b) Under Rule 93(2), a Category B institution under Part 7 should apply the credit risk mitigation treatment as if it were a Category A institution for valuing an exposure to a connected party; and 8 Under Rule 89, an AI’s ASCP exposure to a connected party is the same as the AI’s ASC exposure to the party, determined in accordance with Rule 46 of Part 7, subject to any modification under Division 4 of Part 8. 9 ACNPE ratio is defined under Rule 84(1) as the ratio of an AI’s aggregate connected natural persons exposure (“ACNP exposure”) to the amount of the AI’s Tier 1 capital. 10 The meaning of “CRM uncovered portion” is provided under Rule 39(1).

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 9 (c) Under Rule 93(3), an interest in land that meets the specified criteria is treated as if it were a recognized collateral for valuing an exposure to a connected party. The relevant valuation methodology is set out in Rule 93(4) and (5). 2.3.3 With ASCP exposure to a single connected party determined according to sections 2.3.1 and 2.3.2 above, an AI’s ACP exposure is simply the sum of the AI’s ASCP exposure to all of its connected parties. 2.3.4 An AI’s ACNP exposure is the sum of the AI’s ASCP exposure to all of its connected natural persons. 2.4 Exposures disregarded under Rule 92 2.4.1 The MA may give a written consent under Rule 92, subject to such conditions as the MA may think proper to attach thereto, to allow an exposure or a class of exposures not to be taken into account for determining an AI’s ASCP exposure to a connected party, if the MA considers that it is reasonable to do so, having regard to— (a) the nature of, and the risks associated with, the exposure or class of exposures; (b) any risk mitigation measures taken by the AI to manage those risks; (c) the risks associated with those measures; and (d) any other factors that the MA considers relevant. 2.4.2 AIs should note that the consent under Rule 92 will only be granted on a very exceptional basis after considering all the circumstances of the application. An exemption will likely be granted, if, in the case of common directors, the connected party concerned is a non-commercial organization. Whilst each case will be considered on its own merits, the following criteria should, as a minimum, be satisfied, though this will not in itself be sufficient for an exemption to be granted:

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 10 (a) in relation to a facility, the facility granted is on arm’s length terms and commercially justified; (b) in the case of common directors, the relevant director(s) of the AI should play no part in the approval process; (c) in the case of common directors, the relevant director(s) of the AI should have no executive responsibility, except in situations where an executive director of the AI is appointed as a director of the borrower only to help protect the existing interests of the AI as a lender; and (d) in the case of an intragroup exposure, the connected party is under effective consolidated supervision. 2.5 Exposures protected by recognized credit risk mitigation 2.5.1 Although the Part 8 limits only apply to exposures not protected by recognized credit risk mitigation, care should also be taken by AIs when considering to incur protected exposures to connected parties in order to prevent conflict of interests. 2.5.2 As mentioned under section 2.3.2(c), subject to the fulfilment of specified criteria, an interest in land is acceptable as a recognized collateral under Part 8 (while it is not under Part 7). “Land” includes houses and other buildings upon it. 2.5.3 AIs should closely monitor their protected exposures to connected parties to ensure that changes in circumstances (e.g. downgrade of the credit rating of a credit protection provider or depreciation in the value of collateral) will not lead to a breach of the limits under Part 8.

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 11 3. Controls over exposures to connected parties 3.1 Oversight by Board of Directors 3.1.1 The Board should fully understand the AI’s legal obligations under the BELR in relation to exposures to connected parties and ensure that the AI complies with such obligations. In relation to connected parties of the AI that are intragroup entities, the Board should be mindful that while material intragroup transactions and exposures may facilitate synergies in terms of profits and costs and risk management, they may also impact the AI’s stability and solvency due to the risk of contagion, conflicts of interest and potential complications in resolution. The Board and the AI should thus ensure an appropriate balance between the benefits and risks of intragroup transactions and exposures. 3.1.2 The Board should ensure that the AI establishes a policy on exposures to connected parties that is appropriate for its business and risk profile. The policy, and any changes thereto, should be reviewed and approved by the Board. 3.1.3 The Board should also ensure that systems and procedures be in place for identifying, measuring, monitoring, evaluating, reporting and controlling connected party exposures as part of an AI’s broader risk management systems. 3.1.4 Exposures to connected parties should be reviewed and approved by the Board (or the Credit Committee or any other committee with authority delegated from the Board). The Board should also receive regular reports on the nature and size of exposures to connected parties (including exposures which fall within the scope of Part 8 and exposures to intragroup entities), and how the connected parties are related to the AI.

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 12 3.1.5 Any write-off of exposures to connected parties exceeding a specified amount or otherwise posing special risks to the AI should be approved by the Board (or the Credit Committee or any other committee with authority delegated from the Board). The write-off policy for such exposures (including the threshold for approval by the Board or other committee) should be appropriate to the AI’s business and risk profile. 3.1.6 Any member of the Board (or the Credit Committee or any other committee with authority delegated from the Board) with conflicting interests should not be involved in the approval and management of the relevant exposures to connected parties, including write-off of the exposures. 3.1.7 Where necessary the Board should obtain legal advice in relation to exposures to connected parties. 3.2 Policy on exposures to connected parties 3.2.1 AIs are expected to establish and implement policies on exposures to connected parties for internal risk management purposes, which should cover, at a minimum, the following: (a) the categories of connected parties – these should at least comprise: (i) the categories specified in Rule 85(1); (ii) the AI’s senior management and key staff (collectively comprising chief executive and managers 11 ) and the relatives 12 of such persons; 11 The terms “chief executive” and “manager” are defined in §2(1) of the Banking Ordinance. 12 The term “relative” is defined in Rule 85(4) (see section 2.1.2 above).

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 13 (iii) the AI’s subsidiaries13 , fellow subsidiaries14 and other entities (including special purpose entities) over which the AI is able to exert control15; (iv) the controllers, minority shareholder controllers, directors, senior management and key staff16 (and the relatives of such persons) of the AI’s subsidiaries, fellow subsidiaries and other entities as referred to in paragraph (a)(iii) above; and (v) any other entities whose duties or interests are in conflict with the interests of the AI, as determined by the AI in accordance with its policy17; (b) the calculation of exposures to connected parties – this should take into account the requirements under Rule 94, the principles underlying which should, for risk management purposes, be similarly extended to cover the persons and entities referred to in paragraphs (a)(ii) to (v) above; (c) the application of the policies to exposures booked in the AI’s subsidiaries; (d) the maximum limits that apply to exposures to connected parties (individually or in aggregate) before credit risk mitigation (“CRM”) and after 13 AIs should make reference to §2(1) of the Banking Ordinance for the meaning of “holding company” and “subsidiary”. 14 For the purposes of this module, “fellow subsidiaries” mean any entity in respect of which a controller of the AI is able to exert control. The term “control” should be subject to the same interpretation as set out in section 2.1.4 above. 15 The term “control” in this paragraph should be subject to the same interpretation as set out in section 2.1.4 above. 16 For an AI's subsidiary, fellow subsidiary or other entity which is not an AI itself, "senior management and key staff" means the chief executive officer (or equivalent) and those persons having a principal responsibility for a line of business within the subsidiary, fellow subsidiary or entity concerned. 17 For the purposes of identifying connected parties for internal risk management purposes, AIs are expected to take into account substance over form. For example, an AI should treat any company controlled by the AI’s controller that is primarily used for obtaining funding from the AI on behalf of the AI’s controller as a connected party under this paragraph.

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 14 CRM, taking into account the limits specified in Rule 8718; (e) the interest rates and other terms and conditions (such as tenor, fees, and amortisation schedules) that apply to various types of exposure to connected parties. In general, these should not be more favourable than the terms and conditions applicable to exposures to non-connected parties under similar circumstances19; (f) the authority and procedures for approving exposures to connected parties, including the extent to which such exposures should be subject to approval or review by the Board (or the Credit Committee or other committee with authority delegated from the Board); and for approving and/or escalating any exception to, or any non￾compliance with, the relevant policies and limits; (g) the policies and procedures for approving the write-off of exposures to connected parties (including the circumstances under which such write-off should be approved by the Board (or a committee of the Board)) (see also section 3.1.5 above); (h) the policies and procedures for ensuring that directors, senior management, credit officers and any other entities who are connected with the borrowing party or to whom (this includes, in the case of the entity being a natural person, a relative of the entity) a conflict of interest may arise vis-à￾vis the AI should be restricted from taking part in the credit approval process of granting or writing off an exposure to a connected party; (i) the arrangements for reporting exposures to connected parties to the HKMA and for ensuring the accuracy of such reports; and 18 The Rule 87 limits apply only to exposure to connected parties after CRM. However, the HKMA considers that it is also a good practice for AIs to establish their own internal limits on exposure to connected parties before CRM. This is consistent with prudent credit management practices. 19 An exception may be appropriate for beneficial terms that are part of a remuneration package whether under a specific employment contract or offered pursuant to, and in a manner consistent with, an AI’s pre-existing documented staff policy (e.g. staff receiving credit at favourable rates).

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 15 (j) the arrangements for ensuring compliance with the AI's policies and limits on exposures to connected parties, including the designation of specific officers responsible for this. 3.2.2 The policies should be submitted to the HKMA upon request. An AI should also inform the HKMA as soon as practicable of any material change to these policies. 3.3 Monitoring of exposures to connected parties 3.3.1 AIs should assign a designated independent unit or officer, e.g. compliance officer, to monitor exposures to connected parties and to ensure their compliance with both statutory and internal limits. 3.3.2 AIs should have adequate systems and controls for the identification, measurement, monitoring and reporting of their exposures to connected parties and identify exceptions promptly. The list of connected parties should be reviewed and updated regularly and as needed (e.g. see section 3.3.3). Any exceptions should be reported promptly to the appropriate level of management. If the exception is serious or the amount involved is significant as determined in accordance with applicable policies mentioned in section 3.2.1(f), it should be reported directly to the Board or Audit Committee as appropriate. 3.3.3 AIs should also be vigilant to situations in which a non￾connected party (to which an exposure exists) subsequently becomes a connected party. Hence, in addition to monitoring exposures to, or transactions with, existing connected parties, an AI should have robust systems and procedures to promptly identify new connected parties (to which there are existing exposures) and ensure that the statutory or internal limits on exposures to connected parties (whether individually or in aggregate) will continue to be observed. For example, an AI’s policy and procedures in relation to any merger and acquisition should include checking the extent of the AI’s exposures to

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 16 the target entity being considered under the merger/acquisition (and its senior management and key staff), and assessing the implications in respect of the AI’s compliance with statutory and internal limits relating to exposures to connected parties. Upon completion of the merger or acquisition, entities that have newly become a connected party of the AI should also be captured in the AI’s connected party exposures framework (regardless of whether the AI currently has exposures to the entities) to ensure the AI’s continued compliance with applicable regulatory, supervisory and internal requirements and limits. 3.3.4 Internal audit of an AI should conduct regular reviews to check whether applicable regulatory/supervisory requirements and the AI’s established policies, limits and procedures in relation to exposures to connected parties have been strictly adhered to. 3.3.5 As an additional safeguard, it is advisable for AIs to centralise all aspects of the granting, and subsequent management, of exposures to connected parties at their head office in Hong Kong so that such exposures can be more effectively monitored and controlled. 3.4 Compliance with Section 3 3.4.1 Drawing from implementation experience and having regard to the HKMA’s proportionate approach to supervision, the HKMA provides certain flexibility in AIs’ compliance with the foregoing provisions of this section (“Section 3 Provisions”) in the manner described below. 3.4.2 In principle, the HKMA would consider the following treatment of a Specified Exposure (as defined under section 3.4.3 below) of an AI to a Specified CR-G-9 Connected Party (as defined under section 3.4.4 below) as an indication of the AI having adequate risk management systems and controls for the purposes of compliance with the Section 3 Provisions:

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 17 (a) the AI may measure its Specified Exposures to a Specified CR-G-9 Connected Party in accordance with applicable risk management policies and procedures of the AI for internal risk management purposes; and (b) the AI continues to comply with all other Section 3 Provisions that are applicable to the AI and/or the exposure in question. 3.4.3 An exposure is a Specified Exposure of an AI if it meets and continues to meet all of the criteria below: (a) the exposure arises from the ordinary course of the private banking business of the AI; (b) the exposure is fully secured by collateral that is recognised as acceptable in accordance with the risk management policies of the AI for the relevant financial facility type, and is subject to the applicable collateral management policies and processes of the AI that are adequately robust to manage the associated risks; and (c) the exposure is incurred by the AI: (i) on an arm’s length basis and commercially justified, and its terms and conditions should not be more favourable than those applicable to a comparable exposure to non-connected parties of the AI under similar circumstances; and (ii) in compliance with applicable established risk management policies, procedures and limits of the AI as well as any applicable regulatory and supervisory requirements. 3.4.4 An entity is a Specified CR-G-9 Connected Party of an AI if the entity is not a connected party in relation to the AI under Rule 85(1) but is considered as a connected

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 18 party of the AI for internal risk management purposes pursuant to section 3.2.1(a)(iv) solely because the entity is: (a) a (natural person) director of any of the AI’s subsidiaries, fellow subsidiaries and other entities (including special purpose entities) over which the AI is able to exert control (“AI controlled entity”), provided that the entity has no executive responsibility in the AI, in the AI controlled entity or in any other member of the same group of companies as the AI; or (b) a relative (as defined under Rule 85(4)) of a director in paragraph (a) above. 4. Disclosure and regulatory reporting 4.1 Financial disclosure 4.1.1 AIs, in consultation with their external auditors, should ensure that they have properly disclosed details of their connected party transactions as required by laws, regulations, supervisory requirements and financial disclosure standards, etc., applicable to them. 4.2 Regulatory reporting 4.2.1 AIs should establish systems and procedures to ensure the accuracy of reporting in respect of exposures to connected parties in the HKMA’s “Return of Large Exposures – MA(BS)28” and “Certificate of Compliance – MA(BS)1F(a)”. 4.2.2 Any cases of breaching the limits under Part 8 should be reported to the HKMA as soon as practicable after the AI is aware of the event or ought to be aware of the event. In case of doubt, AIs should consult with the HKMA or seek relevant legal advice.

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 19 4.3 Capital adequacy treatment 4.3.1 An AI’s loans, facilities or other credit exposures (“relevant exposure”) provided to- (a) a connected company 20 that is a commercial entity21, pursuant to §46(1) of the Banking (Capital) Rules (Cap. 155L) (“BCR”), should be treated as part of its capital investment in that connected company that is to be deducted under §43(1)(n) of the BCR22; and (b) a connected company that is a financial sector entity23 , pursuant to §46(2) of the BCR, should be treated as part of the amount of the AI’s direct holdings, indirect holdings and synthetic holdings of CET1 capital instruments that are to be deducted under §43(1)(o), (p) and (q) of the BCR, unless the AI can demonstrate to the satisfaction of the MA that the relevant exposure was incurred in the ordinary course of the AI’s business. 4.3.2 AIs should put in place sufficient controls (including, but not limited to, an independent review by the compliance or other appropriate function) to ensure that the relevant exposures to connected companies have been incurred in the ordinary course of business. As appropriate, the HKMA may review the effectiveness of such controls as part of its ongoing supervisory work. 4.3.3 The MA would normally consider a relevant exposure to have been incurred in the ordinary course of business if the AI can demonstrate that the exposure: 20 The term “connected company” is defined in §35 of the BCR. 21 The term “commercial entity” is defined in §35 of the BCR. 22 Under §43(1)(n) of the BCR, for any capital investment in a connected company of the AI where that connected company is a commercial entity, that part of the net book value of the investment that exceeds 15% of the capital base of the AI as reported in the AI’s capital adequacy ratio return as at the immediately preceding calendar quarter end date must be deducted from its CET1 capital. 23 The term “financial sector entity” is defined in §35 of the BCR.

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 20 (a) arises from the conduct of the routine day-to-day business activities of the AI; (b) is granted on terms and conditions that are comparable to those of similar credits granted by the AI to an ordinary customer under similar circumstances; (c) is not capital in nature (e.g. it is not used by the recipient to fund investment in subsidiaries); and (d) is approved and managed in compliance with applicable established risk management policies, procedures and limits of the AI as well as any applicable regulatory and supervisory requirements. ————————— Contents Glossary Home Introduction

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 21 Annex A: Illustration of scope of coverage of statutory limits under Part 8 Chart

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 22 Legend A: denotes any firm, partnership or non-listed company (other than a firm, partnership or non-listed company which is another AI, or an entity approved by the MA under Rule 85(3)). To avoid doubt, “A” referred to in different boxes in the chart should not be construed as representing the same entity. B: denotes any natural person, firm, partnership or non-listed company. To avoid doubt, “B” referred to in different boxes in the chart should not be construed as representing the same entity. C: denotes any firm, partnership or non-listed company. To avoid doubt, “C” referred to in different boxes in the chart should not be construed as representing the same entity. #: denotes, in relation to any two boxes in the chart linked together by this symbol, that the person in the upper box is able to control the entity in the lower box. The term “control” follows the interpretation set out in section 2.1.4 of this module. * : denotes, in relation to any two boxes in the chart linked together by this symbol, that the person in the upper box is a director, partner, manager or agent of the entity in the lower box. ^: denotes, in relation to any two boxes in the chart linked together by this symbol, that the person in the upper box is a guarantor of a financial facility provided by the AI to the person/ entity in the lower box. Explanatory Notes

  1. The chart should be read in conjunction with Part 8 and section 2 of this module.
  2. Each yellow rectangle in the chart illustrates one of the six situations in which an AI’s aggregate exposure to a single connected natural person in the upper box of the rectangle, as specified in Rule 85(1)(a), (b), (c), (d), (e) or (f), is subject to the limit specified in Rule 87(c) (i.e. the lower of (i) HK$20 million and (ii) 5% of the amount of the AI’s Tier 1 capital). By virtue of Rule 94(2), the same limit also covers an AI’s aggregate exposure to an entity in the lower box of the rectangle if the connected natural person in the upper box of the rectangle is able to control that entity. For example, as depicted in the first yellow rectangle from the left, an AI’s aggregate exposure to any director of the AI and any firm, partnership or non-listed company that the director is able to control should not exceed the limit specified in Rule 87(c). The connected parties

Supervisory Policy Manual CR-G-9 Exposures to Connected Parties V.5 –19.12.2025 23 shown in the yellow rectangles correspond to connected natural persons referred to in section 2.1.3 of this module. 3. The green rectangle in the chart illustrates that an AI’s aggregate exposure to all connected parties shown in the six yellow rectangles (i.e. those natural persons specified in Rule 85(1)(a), (b), (c), (d), (e) and (f) and those entities covered by virtue of Rule 94(2)) should not exceed 5% of its Tier 1 capital under Rule 87(b). 4. The blue rectangle in the chart illustrates that an AI’s aggregate exposure to all connected parties within the rectangle, whether they are natural persons or otherwise, should not exceed 15% of its Tier 1 capital under Rule 87(a). The connected parties include those shown in the yellow rectangles and those specified in Rule 85(1)(g) and (h) (i.e. corresponding to those specified in section 2.1.1(iv) and (v) of this module).