This question assesses the understanding of conflict of interest provisions within the Code of Conduct for Persons Providing Credit Rating Services (the ‘CRA Code’).

Statement I is correct. The CRA Code prohibits a representative from being involved in rating an entity if their immediate relation (including a spouse) works for or has a relationship with the rated entity that may cause a conflict of interest. Owning securities in the rated entity falls under this prohibition, which extends to spouses. Therefore, Leo’s wife inheriting shares creates a conflict, and Leo should be removed from the rating process for InnovateTech.

Statement II is correct. The CRA Code explicitly prohibits representatives from accepting gifts offered in the form of cash from any entity with which the CRA does business. The lai see packet containing cash is a direct violation of this rule, regardless of the cultural context or amount.

Statement III is correct. To ensure objectivity, the CRA Code specifically prohibits compensating or evaluating a representative based on the amount of revenue that the CRA derives from the entities that the representative rates. Linking Leo’s bonus to the fee income from his covered portfolio, including InnovateTech, is a clear breach of this fundamental principle.

Statement IV is incorrect. The rules regarding prohibitions on owning securities or derivatives of a rated entity specifically provide an exclusion for holdings in collective investment schemes (such as unit trusts or mutual funds). As Leo’s investment is through a unit trust, it does not constitute a breach of the CRA Code. Therefore, statements I, II and III are correct.

According to the Code of Conduct for Persons Providing Credit Rating Services, a licensed Credit Rating Agency (CRA) is required to submit its annual financial statements and the auditor’s report to the Securities and Futures Commission (SFC). The deadline for this submission is not later than four months after the end of the CRA’s financial year, unless a reasonable excuse for delay exists. In the scenario provided, with a financial year-end of 31 March, the four-month period concludes on 31 July of the same year. The seven-year period mentioned is the minimum duration for which a CRA must retain its records, which is a separate obligation from the annual financial reporting timeline. Shorter or longer periods, such as one or six months, are incorrect for this specific regulatory requirement concerning CRAs.

According to Hong Kong’s Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (GAML), licensed corporations have specific obligations regarding senior management oversight and the appointment of key personnel. Statement I is correct as the GAML requires the appointment of a senior member of staff as the Money Laundering Reporting Officer (MLRO), who acts as the central point of contact for handling and reporting suspicious transactions to the Joint Financial Intelligence Unit (JFIU). Statement II is also correct; the GAML mandates that a director or a senior manager be appointed as the Compliance Officer, who holds the responsibility for the establishment and ongoing maintenance of the firm’s AML/CFT systems. Statement III is incorrect because the GAML explicitly requires the MLRO to be a senior member of staff to ensure they possess the necessary authority and resources to perform their duties effectively. Prohibiting a member of senior management from holding this role would contradict the principle of ensuring the role has sufficient seniority. Statement IV is incorrect as the review of AML/CFT policies can be conducted by the firm’s internal compliance or audit functions. While external parties can be engaged, it is not a requirement for the review to be performed exclusively by an external auditor. Senior management retains ultimate oversight responsibility for the effectiveness of these reviews. Therefore, statements I and II are correct.

The correct answer is that the CRA must provide a disclosure on the degree to which it has analysed the sensitivity of the rating to changes in its underlying assumptions. The SFC’s Code of Conduct for Persons Providing Credit Rating Services (the ‘CRA Code’) imposes additional disclosure requirements for ratings of structured finance products due to their complexity. This sensitivity analysis is crucial because the performance of these products can be highly dependent on specific assumptions (e.g., about default rates, recovery rates, or prepayment speeds of the underlying assets). Investors need this information to understand how the rating might change if market conditions deviate from the CRA’s initial assumptions. The other options are incorrect. While the CRA Code prefers that ratings for structured finance products are clearly differentiated from traditional corporate bond ratings, using a different rating symbology is not mandatory; the primary goal is clear communication and investor understanding, which can be achieved in other ways. A CRA is obligated to protect, not publicly disclose, confidential information provided by the rated entity. Finally, a CRA’s role is to assess credit risk and the likelihood of default, not to provide a forecast of the product’s future market price or investment performance.

Statement I describes a breach because accepting a gift of significant value from a client can create a conflict of interest and compromise the representative’s objectivity. The Code of Conduct for Persons Licensed by or Registered with the SFC (the ‘Code of Conduct’) requires licensed persons to act with due skill, care and diligence, in the best interests of their clients (General Principle 1) and to avoid conflicts of interest (General Principle 6). Failing to report such a gift to the firm’s compliance department is a violation of internal controls designed to manage such conflicts.

Statement II is a serious breach. This constitutes mishandling of client assets. General Principle 8 of the Code of Conduct requires licensed corporations to ensure that client assets are promptly and properly accounted for and adequately safeguarded. The Securities and Futures (Client Money) Rules explicitly require client money to be segregated from the firm’s or the representative’s own money and paid into a designated trust or segregated account without delay.

Statement III does not describe a breach. While dealing with a connected person (a cousin) requires care, it is not prohibited. As long as the recommendation is based on a proper suitability assessment, is documented, and the client is treated fairly and on the same terms as other clients, the action is compliant. The potential conflict is manageable and does not automatically constitute a breach.

Statement IV describes a breach. Engaging in private financial transactions, such as providing a personal loan to a client, creates a significant conflict of interest. It compromises the professional boundary between the representative and the client and can impair the representative’s ability to provide objective advice. This is a violation of the duty to avoid conflicts of interest under General Principle 6 of the Code of Conduct. Therefore, statements I, II and IV are correct.

The correct answer is that the arrangement is problematic because the sole Executive Director serving as a Responsible Officer is not based in Hong Kong. According to the SFC’s requirements, a licensed corporation must appoint at least two Responsible Officers. Among these, at least one must be an Executive Director of the corporation. Furthermore, to ensure proper supervision, the SFC requires at least one Responsible Officer to be based in Hong Kong. The SFC generally expects that at least one of the Executive Director ROs will be based in Hong Kong to directly supervise the regulated activity. In this scenario, while the firm has the minimum of two ROs and one is an Executive Director, the Executive Director RO is located overseas, which does not meet the SFC’s supervisory expectations. The other statements are incorrect. There is no requirement that both Responsible Officers must be Executive Directors; the rule specifies a minimum of one. The minimum number of Responsible Officers is two, which the firm has, so the total number is not the issue. Finally, having a non-executive director as a Responsible Officer is permissible, provided the other requirements are met.

Under section 157 of the Securities and Futures Ordinance (SFO), an auditor of a licensed corporation has a statutory duty to report certain matters to the Securities and Futures Commission (SFC) as soon as reasonably practicable. These are known as ‘reportable matters’.

Statement I describes a breach of the Financial Resources Rules (FRR), specifically a liquid capital deficit. Any breach of the FRR is explicitly defined as a reportable matter.

Statement II indicates the auditor’s intention to issue a qualified opinion. The SFO explicitly states that if an auditor proposes to include a qualification or an adverse statement in any report, this must be reported to the SFC.

Statement III details a failure to comply with the Securities and Futures (Client Money) Rules. This constitutes a failure to comply with a ‘prescribed requirement’ and is a serious regulatory breach, making it a reportable matter.

Statement IV describes a change in accounting policy. As long as the change is from one generally accepted accounting principle to another and is properly justified and disclosed, it is a legitimate accounting decision and not a reportable matter in itself. It does not represent a breach of rules or adversely affect the firm’s financial position in a way that requires reporting. Therefore, statements I, II and III are correct.

The correct answer is attending a structured online seminar on regulatory amendments. The SFC’s Guidelines on Continuous Professional Training require licensed individuals to undertake activities that enhance their technical skills, professional expertise, and regulatory knowledge. Attending courses, workshops, and seminars on relevant topics like compliance and legislative standards is a primary method for fulfilling CPT requirements. The other options are incorrect because they represent activities explicitly excluded by the guidelines. Reading financial journals and newspapers, while beneficial for staying informed, is not considered a formal training activity and does not count towards CPT hours. Similarly, performing normal work duties, such as training colleagues on internal procedures as part of one’s job, is not eligible. Lastly, unstructured self-study, such as reading a textbook without an associated assessment or interaction with a recognized institution, does not qualify as CPT.

Under section 159 of the Securities and Futures Ordinance (SFO), the SFC is empowered to appoint an auditor to examine a licensed corporation’s affairs under specific circumstances. Statement I is correct because one of these circumstances is if the SFC has reasonable cause to believe the corporation has not complied with the Financial Resources Rules (FRR). Statement II is also correct, as s. 159(1)(c) explicitly allows the SFC to appoint an auditor if it has received a report from the corporation’s own auditor stating a failure to comply with any prescribed requirement, which includes the Keeping of Records Rules. Statement III is correct because, according to section 162 of the SFO, an auditor appointed by the SFC has extensive powers, including the authority to examine officers, employees, and agents of the licensed corporation on oath. Statement IV is incorrect; the SFO grants the SFC this power directly, and there is no requirement for the SFC to obtain a court order before appointing an auditor under these provisions. Therefore, statements I, II and III are correct.

This question assesses the understanding of senior management’s core responsibilities in a licensed corporation, as guided by the SFC’s Code of Conduct and principles of good corporate governance. Statement I is correct because senior management is responsible for setting the ‘tone from the top,’ which involves fostering a strong ethical culture that prioritizes client interests and market integrity. Statement II is correct as a fundamental duty of senior management is to establish, maintain, and oversee effective systems for risk management, compliance, and internal controls to ensure the firm operates soundly and within regulatory requirements. Statement IV is also correct; senior management must ensure that the firm has sufficient financial, human, and technological resources to conduct its regulated activities properly and meet its obligations. Statement III is incorrect because while senior management can delegate tasks to the compliance department, they retain ultimate responsibility for the firm’s compliance. Complete delegation without ongoing oversight constitutes an abdication of this responsibility and is a serious governance failure. Therefore, statements I, II and IV are correct.

The regulatory framework for credit rating services in Hong Kong, governed by the Securities and Futures Ordinance (SFO) and the SFC’s Code of Conduct for Persons Providing Credit Rating Services, specifically targets the preparation and dissemination of opinions on the creditworthiness of entities like corporations, sovereign nations, or specific debt instruments. Statement I describes a classic credit rating activity that is not exempt; providing an opinion on a structured product for investor use falls directly under the Type 10 licensing requirement. Statement IV is also a core regulated activity, as providing a rating on a listed company’s debt for public use is a primary function of a Credit Rating Agency (CRA). In contrast, Statement II describes a ‘private credit assessment’. The SFO provides a specific carve-out for such assessments when they are prepared exclusively for the internal use of a person or a corporate group and are not intended for external distribution or public dissemination. Statement III describes the provision of consumer credit scores for individuals. This activity is not captured by the Type 10 regime, which is focused on the institutional and capital markets, not on individual consumer credit reporting. Therefore, statements II and III are correct.

The correct answer is that the analyst should be removed from the rating assignment to avoid any perception of a conflict of interest. The Code of Conduct for Persons Providing Credit Rating Services (the ‘CRA Code’) places significant emphasis on maintaining not only the substance but also the appearance of independence and objectivity. In this scenario, the close and material business relationship between the analyst’s spouse’s employer and the rated entity creates a significant perceived conflict of interest. Even if the analyst is genuinely able to remain objective, the market’s perception could be that the rating is compromised, thereby undermining its credibility. The most effective way to manage this perceived conflict is to remove the source of it from the process. Simply disclosing the relationship in the final report may not be sufficient to mitigate the market’s perception of bias. While implementing enhanced supervision is a valid internal control, it does not eliminate the external perception of a conflict. Dismissing the issue because the spouse is in a separate company is incorrect as it fails to address the core principle that even the appearance of a conflict must be managed proactively.

The correct answer is that the plan creates a conflict of interest by linking the analyst’s remuneration to the fee income from the specific entities he rates. According to the Code of Conduct for Persons Licensed by or Registered with the SFC, a credit rating agency must establish, maintain, and enforce policies to ensure that the compensation of its employees involved in the credit rating process is not contingent on the amount of fee income received from the specific rated entity, its affiliates, or originators of securities rated by the analyst. This rule is designed to safeguard the independence and objectivity of the rating process. Linking an analyst’s bonus directly to the fees generated from the companies they cover could create an incentive to issue more favourable ratings to retain or attract business, thereby compromising the integrity of the rating. The other options are incorrect. While basing bonuses on the overall profitability of the firm is a common and acceptable practice to mitigate such conflicts, the primary regulatory issue here is the direct prohibited linkage, not the absence of a firm-wide profit-sharing model. The SFC does not require licensed corporations to seek prior approval for their internal remuneration schemes; firms are expected to design and implement compliant policies themselves. Lastly, the Code of Conduct does not specify a percentage threshold or a ‘safe harbour’ for such arrangements; the linkage itself is prohibited, regardless of the proportion of the bonus it represents.

According to the SFC’s Code of Conduct for Persons Providing Credit Rating Services, a Credit Rating Agency (CRA) has a specific obligation to promote transparency by making certain key policies and mechanisms available to the public on an annual basis. The correct answer is that a CRA must disclose its internal control mechanisms for ensuring the quality of its credit rating activities, its record-keeping policy, and its policy on the rotation of management and rating analysts. These three elements are explicitly mandated to give the public insight into the integrity, governance, and operational quality of the CRA’s rating process. Disclosing a list of all rated entities and the minutes from internal rating committee meetings would violate confidentiality and the integrity of the private deliberative process. While a CRA must have a business continuity plan and a fee schedule, these are not part of the specific set of governance documents required for this particular annual public disclosure rule. Similarly, details like the compensation structure for senior management or the firm’s IT security policy are considered sensitive internal matters and are not required to be publicly disclosed under this provision of the CRA Code.

The correct answer is that AML/CFT training records must be kept for a minimum of 3 years. According to the Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (for Licensed Corporations), licensed corporations are required to maintain documentation of the training provided to their staff. These records, which should include details on who was trained, the date of the training, and the topics covered, must be retained for at least three years to allow for regulatory review and to demonstrate compliance. The other retention periods are incorrect in this context. A 2-year period is typically associated with the retention of telephone recordings under the Code of Conduct. A 5-year period is generally required for keeping client identity and transaction records after the termination of a business relationship. A 7-year period is a common requirement for corporate and tax records under other ordinances, but it is not the specified duration for AML training records.

The Securities and Futures Ordinance (SFO) has extraterritorial reach, meaning its market misconduct provisions can apply to conduct outside of Hong Kong. Statement I is correct because conduct overseas (in Singapore) that affects Hong Kong’s markets (the Hong Kong Futures Exchange) falls within the SFO’s jurisdiction. Statement II is correct as the SFO also covers conduct in Hong Kong that affects overseas markets (the Shanghai Stock Exchange). Statement III describes a classic case of insider dealing concerning a security dually listed in Hong Kong; the SFO’s insider dealing provisions apply regardless of where the person is located (Thailand) or where the transaction is executed when the security has a Hong Kong listing. Statement IV is incorrect because the SFO provides a ‘safe harbour’ for persons, such as news agencies or publishers, who transmit information in good faith and in the ordinary course of their business, acting merely as a conduit. As the news agency had no knowledge of the information’s falsity, it would not be considered to have engaged in market misconduct. Therefore, statements I, II and III are correct.

The correct answer is that the CRA must refuse the rating engagement due to the unacceptable conflict of interest. The Code of Conduct for Persons Providing Credit Rating Services (the CRA Code) is extremely strict on matters of independence and conflicts of interest. It explicitly prohibits a CRA from carrying on any business which can reasonably be considered to have the potential to give rise to any conflict of interest in relation to its credit rating services. Linking a favorable rating process to a future, lucrative advisory contract creates a direct and powerful incentive for the CRA to compromise its objectivity. The integrity of the rating process must be paramount and free from any influence stemming from other business relationships. Therefore, the CRA must avoid this situation entirely. Simply disclosing the potential conflict in the rating report is insufficient; disclosure does not remedy a fundamental conflict that should have been avoided in the first place. Establishing internal information barriers, or ‘Chinese Walls’, is a standard compliance procedure, but it is not designed to mitigate such a direct and overt inducement linked to the outcome of a rating. Deferring the advisory discussion does not eliminate the initial conflict, as the potential for future business could still improperly influence the current rating assessment.

This question assesses the understanding of a licensed corporation’s statutory obligations regarding the appointment of auditors and related notifications to the SFC under the Securities and Futures Ordinance (SFO).

Statement I is correct. Section 153 of the SFO requires a licensed corporation to appoint an auditor within one month of becoming licensed.

Statement II is correct. Section 153 of the SFO also mandates that the licensed corporation must notify the SFC in writing of the auditor’s name and address within seven business days of the appointment.

Statement III is correct. Under Section 155 of the SFO, a licensed corporation must notify the SFC in writing of its financial year-end within one month after it becomes licensed.

Statement IV is incorrect. Section 154 of the SFO stipulates a much stricter deadline. The licensed corporation must notify the SFC within one business day after it gives notice to its members of a motion to remove or replace an auditor. The seven-business-day period is associated with the initial appointment notification, not a removal proposal. Therefore, statements I, II and III are correct.

This question assesses the understanding of a licensed corporation’s obligations regarding the submission of annual audited accounts and the specific procedures required when an auditor’s report is modified, as stipulated by the Securities and Futures (Accounts and Audit) Rules.

Statement I is correct. Under the Securities and Futures (Accounts and Audit) Rules, a licensed corporation must lodge its audited financial statements and other required documents with the SFC not later than 4 months after the end of its financial year.

Statement II is also correct. The submission to the SFC must include a copy of the audited financial statements for the financial year and a copy of the auditor’s report on those statements.

Statement III is correct and highlights a critical compliance requirement. If the auditor has modified their report (e.g., issued a qualified, adverse, or disclaimer of opinion), the licensed corporation is obligated to notify the SFC in writing of this fact as soon as reasonably practicable after becoming aware of it. This is a separate and more urgent notification than the standard 4-month submission.

Statement IV is incorrect. While failure to lodge the required documents within the specified period without a reasonable excuse is an offence under the Securities and Futures Ordinance, it does not result in the automatic imprisonment of the Responsible Officer. The offence is liable on conviction to a fine and potentially imprisonment, but this is determined by a court and is not an automatic administrative penalty. Therefore, statements I, II and III are correct.

Under the Securities and Futures Ordinance (SFO), a breach occurs when a person carries on, or holds themselves out as carrying on, a business in a regulated activity without being licensed by the SFC. In this scenario, by engaging a consultant to provide specific investment advice, the foreign firm is holding itself out as conducting a regulated activity (e.g., Type 4 – Advising on Securities) in Hong Kong before it has obtained the required license. This is a direct contravention of Section 114 of the SFO. Concurrently, the individual consultant, by performing the act of advising clients on specific investments, is performing a ‘regulated function’ without being a licensed representative, which is also a breach under Section 114. The requirement to obtain prior SFC approval before becoming a substantial shareholder applies specifically to acquisitions of shares in a ‘licensed corporation’. Since the Hong Kong entity has not yet been granted a license by the SFC, it is not a licensed corporation. Therefore, the acquisition of a 12% stake at this pre-licensing stage does not constitute a breach of the substantial shareholder approval requirements under Section 131 of the SFO.

The correct answer is that the Responsible Officer must remove the analyst from any participation in determining the credit rating for the issuer. The Code of Conduct for Persons Providing Credit Rating Services (the CRA Code) places a strong emphasis on ensuring the objectivity, independence, and integrity of the credit rating process. When a direct and material conflict of interest is identified, such as an analyst holding a financial interest in the entity being rated, the primary regulatory expectation is to eliminate the conflict’s potential to influence the rating. Removing the individual from the assignment is the most direct and effective way to achieve this. Merely disclosing the conflict in the final report is insufficient, as it does not address the potential for bias during the analytical process itself. While transparency is a key principle, it cannot be used to justify allowing a known conflict to persist within the rating process. Similarly, having a compliance officer review the analyst’s work does not eliminate the conflict; it only adds a layer of oversight that may not detect subtle biases in judgment or analysis. The fundamental conflict remains. While immediate termination might be a possible outcome of an internal disciplinary review depending on the firm’s policies and whether the analyst failed to disclose the interest, it is not the primary immediate action required to protect the integrity of the specific credit rating in question.

Statement I is incorrect. The Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (GAML) mandates a risk-based approach. This means the extent of ongoing monitoring must be linked to the customer’s risk profile. High-risk clients, such as Politically Exposed Persons (PEPs), must be subject to more frequent and more intensive monitoring than standard-risk clients. Statement IV is incorrect. According to the GAML, transaction records must be kept for a period of six years from the date of the completion of the transaction, irrespective of whether the business relationship ends during that period. The six-year period is not tied to the end of the relationship for transaction-specific documents. Statement II is correct. Customer due diligence documents and related information must be kept throughout the business relationship and for a period of six years after the end of the business relationship. Statement III is correct. The legal obligation to report suspicious transactions under ordinances like the Drug Trafficking (Recovery of Proceeds) Ordinance (DTRPO) and the Organized and Serious Crimes Ordinance (OSCO) rests with the individual who forms the suspicion. The standard procedure within a licensed corporation is for that individual to report their suspicion internally to the Money Laundering Reporting Officer (MLRO), who then makes the formal disclosure to the Joint Financial Intelligence Unit (JFIU). Therefore, statements II and III are correct.

The SFC’s regulatory framework requires licensed corporations to maintain a robust and independent compliance function. Statement I is a breach because all licensed corporations must comply with Hong Kong’s laws and regulations, including the SFC’s Code of Conduct, regardless of their group’s internal or overseas standards. Local rules take precedence. Statement II highlights a significant corporate governance deficiency; appointing the head of business development as the compliance officer creates a clear conflict of interest, compromising the independence and effectiveness of the compliance function. Statement III is a failure to cooperate with the regulator. The SFC has established cooperation agreements with many overseas regulators, and licensed corporations are expected to comply with information requests made through these official channels. Citing ‘operational inconvenience’ is not a valid reason for refusal. Statement IV points to a breach of record-keeping requirements. Under the Securities and Futures (Keeping of Records) Rules, records must be kept in a manner that allows them to be readily accessible for inspection by the SFC in Hong Kong. Therefore, all of the above statements are correct.

This question assesses understanding of the specific disclosure requirements for ratings of structured finance products under the SFC’s Code of Conduct for Persons Providing Credit Rating Services (the ‘CRA Code’).

Statement I is incorrect. The CRA Code indicates that while using a different or additional rating symbology for structured finance products is preferred to differentiate them from traditional corporate bond ratings, it is not a mandatory requirement. The primary objective is to ensure investors understand the differentiation, regardless of the method used.

Statement II is correct. The CRA Code explicitly requires a disclosure regarding the level of assessment the CRA has performed on the due diligence processes concerning the underlying assets. This includes stating whether the CRA conducted its own assessment or relied on a third party, and how that outcome influenced the rating.

Statement III is correct. A key requirement for structured finance product ratings is the disclosure of the degree to which the CRA has analysed the sensitivity of the rating to changes in its underlying assumptions. This helps investors understand the potential volatility of the rating.

Statement IV is incorrect. The CRA Code encourages the publication of historical performance data, such as ratings transition frequency and default rates, to assist investors in making comparisons. However, it cautions CRAs to beware of providing information that could be misleading, for example, if the nature of the data makes historical default rates inappropriate. It does not mandate a prohibitive statement or the omission of such data; rather, it calls for careful and non-misleading presentation. Therefore, statements II and III are correct.

The correct answer is that the agreement must contain a statement that it is governed by the laws of Hong Kong. Paragraph 6.2 of the Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission explicitly requires that a written client agreement must specify the governing law, which should be Hong Kong law. This ensures legal clarity and jurisdiction for all transactions and potential disputes. A clause that seeks to absolve the firm of all liability, including for its own gross negligence, would be contrary to the General Principles of the Code, particularly the duty to act with due skill, care, and diligence. Such a ‘non-responsibility’ clause is generally unacceptable. While providing a risk disclosure statement for leveraged products is a regulatory requirement, it is a separate document or a specific section, not a clause that must be signed prior to every single transaction involving such products within the main client agreement itself. Finally, specifying the exact frequency of portfolio statements (e.g., monthly) is a matter of operational procedure and disclosure, but the Code allows for different frequencies (e.g., at least every six months if there are outstanding positions), so mandating a monthly statement in all agreements is not a strict requirement.

Under the Securities and Futures (Financial Resources) Rules (FRR), when a licensed corporation holds multiple licences, its required liquid capital (RLC) is the highest amount applicable to any of its regulated activities; the requirements are not aggregated. A Credit Rating Agency (CRA) licensed for Type 10 activities has a minimum RLC of HK$3 million, while a Type 4 licence (Advising on Securities) has a lower requirement (e.g., HK$100,000 if not holding client assets). Therefore, the CRA’s RLC would be HK$3 million, which is the highest of its applicable requirements. Statement I correctly reflects this principle. Statement II is incorrect because the RLCs are not aggregated. Statement III correctly states the fundamental principle of the FRR: a licensed corporation’s liquid capital (liquid assets minus ranking liabilities) must always exceed its RLC. Statement IV is incorrect; the ‘higher of HK$100,000 or 5% of adjusted liabilities’ rule applies to a Type 10 licensee that is NOT a CRA and does not hold client assets. The specific minimum RLC for a CRA is HK$3 million. Therefore, statements I and III are correct.

According to the Securities and Futures Ordinance (SFO) and the Fit and Proper Guidelines, a licensed corporation must meet specific requirements regarding its Responsible Officers (ROs) to ensure proper management and supervision. The correct answer is that a licensed corporation must have at least two ROs at all times. Of these two individuals, a minimum of one must be an Executive Director of the corporation. Furthermore, to ensure adequate local supervision and accessibility for regulatory purposes, at least one of the ROs must be ordinarily resident in Hong Kong. The other options present common but incorrect interpretations of these rules. The requirement is not for a single RO, even if that person is an Executive Director based in Hong Kong; the minimum number is two. It is also not a requirement that both ROs must be Executive Directors; only one is required to be, although the other can be as well. Finally, while the SFC expects every Executive Director to be an RO, the rule does not mandate that all ROs must be resident in Hong Kong; the requirement is for at least one to be.

The explanation clarifies the application of the ‘Accuracy and retention’ principle under Hong Kong’s Personal Data (Privacy) Ordinance (PDPO). This principle mandates that all practicable steps must be taken to ensure personal data is not kept longer than necessary for the purpose for which it was collected. However, this must be balanced with other legal and regulatory obligations. The correct course of action is to retain the data only for the period required by other relevant regulations, such as the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO), which specifies minimum record-keeping periods for client and transaction data. Once this statutory period expires, the data must be securely destroyed or erased. Simply erasing the data immediately upon account closure is incorrect because it would violate these other mandatory record-keeping laws. Retaining the data indefinitely for potential future business is a direct violation of the PDPO, as the original purpose for data collection (servicing the account) has ended. Transferring the data to a marketing affiliate for a new purpose without the client’s explicit consent would breach the ‘Use’ principle of the PDPO.

Statement I is incorrect. The study manual explicitly disclaims that it is always up-to-date and advises candidates to keep abreast of any updates to laws and regulations. It does not provide a warranty of being a complete reflection of the current legal position. Statement II is correct. The manual clarifies that for the purpose of the examination, questions will be based on the materials within the manual unless the HKSI Institute provides specific updates. This sets the scope for the exam itself. Statement III is correct. A core professional responsibility for any licensed person, including a Responsible Officer for a Type 10 activity, is to adhere to the most current laws, regulations, and SFC circulars. Study materials are a guide, but the law itself is the ultimate authority in professional practice. Statement IV is incorrect. The manual explicitly states that it ‘does not amount to or constitute any legal advice’ and should not be relied upon as such. Its purpose is for examination preparation. Therefore, statements II and III are correct.

Statement I is correct. A fundamental principle of good corporate governance and compliance, as expected by the SFC, is that the compliance function must be independent of the business and operational functions it oversees. This independence is structurally reinforced by having a direct reporting line to senior management, ensuring that compliance issues are not suppressed by business interests. Statement II is also correct. For the compliance function to be effective, it must have the authority and ability to access all relevant information. The SFC’s Code of Conduct and Management, Supervision and Internal Control Guidelines emphasize that intermediaries must establish procedures to provide compliance staff with full access to records and documentation. Statement III is incorrect. Record-keeping requirements are comprehensive and are not limited to client-facing documents. The Code of Conduct explicitly requires procedures to cover client, proprietary, and staff dealings. Failing to maintain proper records of staff dealings is a significant compliance breach. Statement IV is incorrect. While certain records like telephone order recordings must be kept for at least 2 years, the general requirement under the Securities and Futures (Keeping of Records) Rules is that business records, such as ledgers, contracts, and client information, must be kept for a period of not less than 7 years. A blanket policy of two years would be non-compliant. Therefore, statements I and II are correct.