Global menu

Our global pages


Lessons learnt from the SFC’s enforcement action - Timely reminders

  • Hong Kong
  • Financial services and markets regulation



In March 2021, the Securities and Futures Commission (“SFC”) has reprimanded and fined GEO Securities Limited (“GEO”) HK$6.3 million for breaching its licensing conditions and failures related to the sale of unlisted bonds.

A few months later in June 2021, the SFC suspended the licence of Mr Lun Sheung Nim (“Lun”), a responsible officer of GEO, for 7.2 months, having concluded that GEO’s misconduct was attributable to Lun and should also be regarded as misconduct on Lun’s part.

This case does not reveal anything earth shatteringly new as regards the SFC’s approach to enforcement or licensed corporations’ regulatory obligations, but it does cover a range of issues related to (i) product due diligence, (ii) suitability recommendations and (iii) the requirement to keep records of how a licensed corporation is fulfilling its duties that are timely and relate to areas which we regularly receive queries on from licensed corporations. The case really brings home the requirement for licensed persons to understand their business, the products they are selling, and their clients and to document how they discharge their obligations. It's really a sharp reminder to keep focused on doing the basics right.

Product due diligence

As a matter of general principle, a licensed person should only recommend investment products if the licensed person:

  • understands the nature and extent of risks of the investment products;
  • performs proportionate due diligence work in selecting appropriate investment products for each client and documents the due diligence work;
  • considers factors which may impact on risk return profiles and growth prospects of investments, such as:
    • market and industry risks;
    • economic and political environments; and
    • regulatory restrictions;
  • takes into account all relevant information that is appropriate and reasonably available for a fair and balanced assessment (and not rely solely on risk or credit ratings); and
  • conducts due diligence on a continuous basis at appropriate intervals.

Specifically, licensed persons should pay attention to the below in conducting product due diligence for non-exchange traded products and exchange traded products:

Non-exchange traded products Exchange traded products
  • Develop a thorough understanding of the products (e.g. their structure, how they work, the nature of underlying investments, the level of risks they bear, the experience, financial condition and reputation of product issuers, guarantors (if any) and service providers, fees and charges, the relative performance and liquidity of investment products, lock-in periods, termination conditions, valuation and unit pricing, and safe custody arrangements).
  • Make enquiries and obtain full explanation from product issuers about the risks inherent in the investment products, where appropriate.
  • Avoid relying on prospectuses, offering circulars or marketing materials as necessarily being self-sufficient and self-explanatory.
  • Document verification work and enquiries which have been made about the products, the criteria for selecting the products and in what aspects they are considered suitable for different risk categories of investors, and the approvals they obtain from senior management for recommending the products.


  • Have a thorough understanding of the investment products that are recommend to the client, including an understanding of the risks and features of different types of products.

  • Some types of products (e.g. derivative warrants, callable bull/ bear contracts and leveraged and inverse products) may have a higher level of risk than others.

  • The level of product due diligence and the documentation of the due diligence work can be proportionate to the complexity, opaqueness, risk and liquidity of the different types of exchange traded products.

In the GEO case, the SFC found that GEO failed to conduct adequate product due diligence on the unlisted bonds before recommending them to clients. In particular, the SFC identified the following as failures in relation to the product due diligence carried out by GEO:

  • focusing primarily on evaluating the default risk of the issuers and not examining the individual features of the unlisted bonds to understand and assess the risks of the particular bonds and their suitability for clients;
  • not implementing a methodology to assign a risk rating to each unlisted bond;
  • only summarising the product due diligence in internal reports, but not recording (i) the steps taken and enquiries made to verify the information in the internal reports, and (ii) the rationale for restricting the distribution of the unlisted bonds to professional investor clients only; and
  • not having in place written policies and/or procedures on conducting product due diligence.

In essence, product due diligence has to be proportionate to the risk, specific to the relevant investment product, thorough and comprehensive. The due diligence process has to be structured and relevant policies and procedures must be in place. Last but not least, it is crucial for the licensed person to document the due diligence process in a thorough manner to show that it has fully complied with its obligation to ensure any recommendations are suitable for each and every client where applicable.

Suitability of recommendations

Licensed persons are obliged to use their professional judgment to assess diligently whether the characteristics and risk exposures of each recommended investment product are actually suitable for the client and are in the best interests of the client. Below are some examples of the factors that a licensed person should consider in making suitable recommendations:

  • for clients: age, investment objectives, investment horizon, investment knowledge and experience, risk tolerance, financial situation, concentration risks, overall effect of the recommended investment products on a client’s portfolio and all other relevant circumstances; and
  • product: transaction costs, effect of gearing and foreign currency risks, where appropriate, etc.

In the GEO case, the SFC found that GEO had failed to establish adequate and effective internal controls and procedures to assess the risk tolerance of clients and to ensure the recommendations / solicitations made to clients on the unlisted bonds were both suitable and reasonable. In particular, the SFC identified the following failures in the processes adopted by GEO:

  • relying on the clients’ self-declared risk tolerance without procedures to independently review the same;
  • not having in place written policies or procedures to determine the suitability of investment products for clients, and largely relying on the judgment of the account executives (“AEs”) to determine the suitability of an investment product for the clients;
  • not implementing a system to ensure the AEs comply with the requirement to distribute the unlisted bonds to professional investor clients only; and
  • not requiring the AEs to mandatorily attend internal training seminars where restrictions on selling unlisted bonds to professional investor clients only were communicated to the AEs during such seminars.

The GEO case highlights the importance of having in place procedures and policies to make sure suitability obligations are being complied with. In the event of enforcement action by the SFC, existing internal controls will be evidence of compliance with suitability obligations. To mitigate the risks of making unsuitable recommendations, licensed persons should make sure they carry out a thorough know-your-client and risk profiling process to establish each client’s identity, financial situation, investment experience and investment objectives and keep written records of the same, so that such information can be used as evidence of its suitability obligations being discharged.

Documentation of investment advice

A licensed entity is required to maintain records documenting:

  • the rationale underlying investment recommendations made to the client;
  • the information given to each client, including any material queries raised by the client and the responses given by the licensed or registered persons;
  • all client transactions including orders placed to product providers; and
  • where the relevant service is discretionary account management, the suitability assessment and rationale for recommending a revised mandate or predefined model investment portfolio.

The record retention period for non-exchange traded products is at least 7 years, and for exchange traded products is at least 2 years. A licensed person should provide a copy of the rationale for the recommendations to the client upon his or her request.

In the GEO case, the SFC identified that GEO had failed to maintain documentary records of the recommendations / investment advice given to clients for subscribing to the unlisted bonds and failed to provide clients with a copy of the written advice. Without proper documentation, it will be difficult for a licensed person to effectively supervise and monitor its AEs to ensure that the recommendations or solicitations made to the clients are suitable and reasonable. It will also be hard for the licensed person to properly assess any client complaint regarding possible mis-selling of investment products.

Other suitability obligations

As mentioned above, a thorough know-your-client process to establish each client’s information is important for discharging a licensed person’s suitability obligations. Additionally, licensed persons are also expected to provide all relevant material information to clients and help them make informed investment decisions, as well as employ competent staff (including agents, consultants, contractors, etc.) and provide them with appropriate suitability training.

Finally, if a licensed person does not document what it does when carrying out its functions, the SFC will simply consider that the licensed person did not do what it is obliged to from a regulatory perspective. Keeping proper records is a vital part of being able to establish that a licensed person has fulfilled its regulatory duties.

Finally, if a licensed person does not document what it does when carrying out its functions, the SFC will simply consider that the licensed person did not do what it is obliged to from a regulatory perspective. Keeping proper records is a vital part of being able to establish that a licensed person has fulfilled its regulatory duties.