Introduction

Our previous newsletter “SFC reprimands and fines UBS HK$400 million for overcharging clients” (December 2019 Issue) shed light upon the record-high HK$400 million sanction imposed by the Securities and Futures Commissions (“SFC”) on UBS AG for repeatedly overcharging of its clients for nearly a decade as well as related systematic internal control problems. In July 2021, the brokerage arm of UBS Group AG paid US$8 million to settle charges made by the U.S. Securities and Exchange Commission over its compliance issues.

Nonetheless, in August 2021, UBS AG and UBS Securities Asia Limited (“UBSSAL”) (collectively “UBS”) were once again publicly reprimanded by SFC and fined HK$9.8 million and HK$1.75 million respectively over various regulatory breaches pursuant to sections 194 and 196 of the Securities and Futures Ordinance (“SFO”). This is not the first time UBS has been reprimanded and fined by regulatory bodies for its internal control failures, ringing an alarm bell for all industry participants.

Both UBS AG and UBSSAL are licensed corporations providing financial and securities services. UBS AG is registered to carry on Type 1 (dealing in securities), Type 4 (advising on securities), Type 6 (advising on corporate finance), Type 7 (providing automated trading services) and Type 9 (asset management) regulated activities under the SFO. UBSSAL is licensed to carry on Type 1 (dealing in securities), Type 2 (dealing in futures contracts) and Type 4 (advising on securities) regulated activities under the SFO.

The issues covered areas ranging from lacking proper disclosures of conflicts and risks to clients to client suitability issues. These breaches were discovered when UBS self-reported the findings to the Hong Kong Monetary Authority, which referred the same to the SFC.

Multiple regulatory breaches

(1) UBS’s failure in disclosing its conflict of interests

Firstly, the SFC found that, between May 2004 and May 2018, UBS failed to make proper disclosure of its financial interests in some Hong Kong listed companies covered in its 205 research reports issued during sample periods between September 2017 and May 2018.

Upon investigation, it was discovered that such failure was caused by (a) multiple data feed logic errors in relation to a legacy data source used by UBS for tracking its shareholding positions, and (b) the UBS’s lack of proper systems and controls to test the accuracy of and detect the logic errors in the data feeds.

UBS was found to have acted in contrary to General Principle (“GP”) 2, GP 7, paragraphs 4.3, 12.1 and 16.5(a) of the Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission (“Code of Conduct”).

(2) Client’s suitability

Secondly, between November 2012 and February 2019, UBS AG wrongly assumed some of its clients as professional investor (“PI”). Consequently, 2,263 non-PI clients were wrongly assumed as PIs and subscribed to the SPL service without giving valid standing authorities to UBS AG, out of which 91 clients entered into 913 SPL transactions with UBS AG.

UBS AG was found to have acted in contrary to sections 4 and 7 of the Securities and Futures (Client Securities) Rules (“CSR”), section 4 of the Securities and Futures (Contract Notes, Statements of Account and Receipts) Rules (“CNR”), GP 2, GP 7, paragraphs 4.2, 4.3 and 12.1 of the Code of Conduct.

Thirdly, it was discovered that, between 2 January 2018 and 17 June 2020, UBS AG failed to obtain trading evidence (e.g. bank statements) from 858 clients, 380 of which subsequently traded derivative products with UBS AG, who declared that they had conducted five or more derivative trades in the past three years.  As such, UBS AG failed to follow applicable regulatory guidelines relating to the assessment of clients’ derivatives knowledge.

UBS was found to have acted in contrary to GP 2, GP 7 and paragraphs 4.3, 5.1A and 12.1 of the Code of Conduct.

(3) Inadequacy of UBS’s internal systems and controls

Fourthly, UBS AG had repeatedly failed to record a large number of client order instructions received through the telephone due to:

1.   omission in the voice recording setting during and after the migration of UBS AG’s telephone system to a new system, leading to order instructions placed between August 2017 and December 2017 through 8 overflow lines for 2,006 transactions executed for 364 clients left unrecorded;

2.   omission to re-activate the voice recording function when the telephone line was transferred from a former client adviser to a newly joined client adviser, thus again causing order instructions placed between November 2018 and January 2019 through a telephone line for 20 transactions executed for 5 clients being unrecorded; and

3.   human error in the course of transitioning UBS AG’s telephony system from Skype for Business soft phones to Cisco desk phone which led to a break in the voice recording system at that point of time, leading to failure in recording order instructions placed between 13 and 17 June 2019 through 26 telephone lines for 96 transactions executed for 51 clients.

UBS was found to have acted in contrary to GP 2, GP 7 and paragraphs 4.3 and 12.1 of the Code of Conduct.

Lastly, the SFC found that UBS AG had failed to disclose to its clients the “stop loss event” feature of a structured note issued by an issuer (the “Notes”) before trade execution, affecting 15 client accounts involving the sale of 12 Notes between October 2017 and February 2020 for a total notional amount of about US$12 million. The failure was caused by an omission of the stop loss event feature in the additional product sheet prepared by UBS AG’s Structured Product Sales Team in Singapore and its team member’s subsequent failure to alert the team upon becoming aware of the omission.

UBS AG was found to have acted in contrary to GP 2, GP 5, GP 7 and paragraphs 4.3, 5.3 and 12.1 of the Code of Conduct.

Having considered all the above, the SFC eventually reprimanded and fined the UBS a total of HK$11.55 million.

Recommendations on establishing effective internal control

The above misconducts of UBS were mainly brought about by the unsatisfactory and inadequate internal control implemented within the group. To avoid similar failures, financial institutions are reminded to pay particular attention to the relevant sections cited in the Code of Conduct, CSR and CNR above. They should also take heed of the “Management, Supervision and Internal Control Guidelines for Persons Licensed by or Registered with the Securities and Futures Commission” published by the SFC, which sets out its recommendations on establishing satisfactory internal control and internal management systems. This Guidelines set out various key controls and attributes of an adequate internal control systems, namely, “management and supervision”, “segregation of duties and functions”, “personnel and training”, “information management”, “compliance”, “audit”, “operational controls” and “risk management”, as well as possible effective methods of achieving those attributes. It is definitely a useful guide for financial institutions to follow.

Takeaways

It may be helpful to recap here a reminder from the SFC in its Statement of Disciplinary Action against UBSSAL dated 21 March 2018 for its failure to put in place effective controls to record transactions and client consents in relation to its facilitation trading activities – “As a licensed corporation, [UBSSAL] is under a regulatory duty to have the resources and procedures which are needed for the proper performance of its business activities and implement them effectively. It is also expected to maintain and keep sufficient records to explain its client facilitation business.”

The disciplinary actions against UBS serve as a firm indication of the importance of putting in place adequate systems and controls to ensure compliance with the applicable regulatory requirements, especially when licensed corporations are considered to be more resourceful. Even in seemingly routine tasks in day-to-day business operation of licensed or registered persons, ranging from telephone recording, disclosing information, to knowing the client and obtaining supporting documents, financial advisers should diligently conduct internal checks and investigations to avoid reprimands and penalties from authorities.