Corporate Finance Adviser Code of Conduct (“CFA Code”) Paragraph 4.3 – Chinese Walls
This FAQ is prepared by the Corporate Finance Division and aims to clarify the meaning of paragraph 4.3 of the CFA Code.
4.3 Chinese walls
Where a Corporate Finance Adviser is part of a professional firm or group of companies undertaking other activities, e.g. auditing, banking, research, stock broking and fund management, the Corporate Finance Adviser should ensure that there is an effective system of functional barriers (Chinese walls) to prevent the flow of information that may be confidential or price sensitive between the corporate finance activities and the other business activities. This system should include physical separation between, and different staff employed for, the various business activities.
The information set out below is not meant to be exhaustive. This FAQ may be updated and revised from time to time. This FAQ is only for general reference. The SFC reserves the rights to exercise all powers conferred under the law. Unless otherwise defined herein, all capitalised terms shall have the meanings given to such terms in the CFA Code.
Paragraph 4.3 of the CFA Code expects there to be an “effective system of functional barriers” (Chinese Walls) to prevent the flow of information that may be confidential or price sensitive between the corporate finance activities and the other activities. Provided that firms and their staff do not disclose the relevant information to clients, why is this required?
Corporate Finance Advisers often have important information about their clients. That information may be price sensitive1 and will invariably be confidential2 . Having confidential information can also give rise to potential "conflicts of interest" situations3 . The regulatory policy behind Paragraph 4.3 is that any price sensitive/confidential information which a Corporate Finance Adviser has through advising on corporate finance or mergers and acquisitions, should not be disclosed inappropriately or otherwise used by the firm or its staff (whether for its or their own benefit or for the benefit of other clients). It is related to the broader principles that firms should act fairly and in the best interests of their clients (General Principle 1 of the Code of Conduct for Persons Licensed by or Registered with the SFC), and should try to avoid conflicts of interest and ensure the fair treatment of its clients (General Principle 6 of the Code of Conduct for Persons Licensed by or Registered with the SFC).
The Commission considers Chinese Walls essential to protect against the misuse of and wrongful disclosure of sensitive information. To put it broadly, corporate finance information should generally be restricted to those people who "need to know" it, e.g. in order to enable the firm to provide its services to the relevant corporate finance client. Information is at greater risk of being misused or wrongly disclosed, when it is freely available around a firm and its group. There is also a greater risk of breaches of the insider dealing prohibitions.
Who should be responsible for compliance with Chinese Walls requirement?
The Senior Management of a Corporate Finance Adviser is responsible for ensuring compliance with the Chinese Walls requirement set out in Paragraph 4.3 of the CFA Code. The Senior Management should ensure that effective Chinese Walls are in place and careful consideration is given to where Chinese Walls are placed within the organisation and which staff are grouped together.
When does a Corporate Finance Adviser have confidential information or price sensitive information (“corporate finance information”) for these purposes?
It is for each Corporate Finance Adviser to determine when it has corporate finance information that has to be protected (including as to when information has ceased to be confidential or price sensitive). As a general matter, the Commission would expect non-public corporate finance information about a client to be confidential to that client (for the purposes of the Commission’s codes, rules and guidance).
Paragraph 4.3 of the CFA Code provides that an "effective system of functional barriers" should include physical separation between, and different staff employed for, the various business activities. How important is physical separation?
Where a firm (or its group) carries on different businesses, physical separation is a very strong, useful and effective measure to achieve the regulatory purpose of protecting confidential information. Physical separation helps reduce the risk of accidental leakage and disclosure of corporate finance information by confining information to a limited number of persons within a limited physical area.
Although the Code identifies physical separation as a necessary element in an effective system, the Commission considers that physical separation is not of itself enough to constitute an effective Chinese Wall. The Commission would be concerned if any firm’s procedures depended on physical separation alone.
The Commission accepts that it is not necessary for corporate finance staff to be permanently physically separated from all other staff on the private side (see FAQ 6 below for a discussion on what is meant by the private side). Where staff from different business activities regularly and routinely provide different services to the same client(s) in tandem, it may be appropriate to locate corporate finance staff with staff providing other private side services. Corporate finance staff must always be physically separated from non-private side staff.
In all cases, but particularly where staff from different business activities are located together, the Commission expects each firm to assess the totality of controls necessary to protect corporate finance information and to put in place the measures necessary to create an effective system of functional barriers.
What are measures other than physical separation that would form part of an "effective system of functional barriers"?
What is important is that the relevant corporate finance information is protected, as far as reasonably possible, from deliberate or accidental misuse or disclosure, both within a firm and its group and externally with respect to third parties4. There is no "one-size-fits-all" approach: it is for each firm and its Senior Management to decide what procedures and controls it should have in order to achieve that objective. Firms should look at the totality of their information-handling procedures and controls to protect corporate finance information in assessing whether, in aggregate, they have an effective system. Firms should also consider whether additional steps need to be taken to protect information on particular projects, transactions or matters.
Firms should always have in place well established policies and procedures on the control of corporate finance information and managing conflicts of interest. Their systems and controls for handling corporate finance information and managing conflicts of interest should be subject to on-going management oversight and regular review so that they remain robust. Firms must monitor compliance with their procedures and controls and take appropriate action where breaches or inadequacies are identified.
In determining the nature and extent of measures that are appropriate to its situation a firm should consider:-
the functions and roles of the staff on the private side that the firm plans to group together;
whether the features of specific transactions require the information to be held confidential within a specific team (whether facilities for temporary separation are necessary for particular deals or teams within the Chinese Walls); and
whether physical separation should be a permanent arrangement between particular business units (permanent physical separation between a firm’s corporate finance business and its proprietary traders is always necessary).
In addition to physical separation factors that should be considered include but are not limited to:
Compliance culture and attitude – firms should consider how to implement and promote a compliance culture that values the protection of client information, through training, management setting a good example, taking disciplinary action against staff who breach policies, etc.
Conflicts management – as noted at FAQ 1, firms should consider how their information-handling controls and procedures fit with their conflicts management arrangements, since avoiding/managing potential conflict situations can help to mitigate the risks of mis-use or disclosure (and is also a requirement of the Commission’s Code of Conduct). For example, a conflict check should be undertaken as soon as possible for new proposed transactions or clients and in any event before any pitch takes place for a specific mandate, substantive discussions occur, or presentation to an appropriate business approval committee. Informed consent might also be required from relevant clients when conducting a conflict check.
Form of information handled/stored –firms’ procedures should take into account the different ways in which information is to be communicated and handled, i.e., orally (by phone or at meetings), electronically or in paper form. For example, a firm should consider implementing "clear desk" policies in relation to paper documents, requiring meetings where corporate finance information is to be discussed to be held in private where it cannot be overheard. A firm should consider the use of code-names for projects and deals, avoiding names which might lead to others accurately guessing what the deals are.
Physical controls – firms have in place physical control measures to prevent accidental leakage and disclosure of corporate finance information. For example, visitors are to be accompanied at all times, and meetings with clients have to be conducted in client meeting rooms (not internal meeting rooms). Where necessary “Chinese box” rooms are used for internal conversations/meetings by staff on matters that should not be discussed in the shared office space. Access to these rooms is limited to the members of the specific deal team. Meeting rooms should be equipped with additional sound proofing.
IT infrastructure – firms should consider what IT controls should be implemented to ensure the security of information with respect to access to documents and e-mails. For example a firm should consider introducing a printing system whereby employees can only print materials which have been sent from their computers by swiping their personal access card on a control device on the printer. Segregated computer drives are set up for individual deal teams for each transaction with restricted access and password-protected filing system. Emails containing confidential information are required to be encrypted.
Support functions – firms should ensure that all staff, including in support functions, are subject to firms’ information-handling procedures and controls. Where a firm relies on the physical separation of its corporate finance business from its other activities, it will need to consider whether and how that separation is reflected in the relevant support functions.
Insider lists and "above the wall" staff – firms should compile lists of persons working for them with access to inside information relating, directly or indirectly, to corporate finance information, whether on a regular or occasional basis. Firms should maintain and regularly review their insider lists. The Commission acknowledges that some Senior Management staff and staff responsible for regulatory compliance will have access to corporate finance information, but without themselves being part of a firm’s corporate finance business. Firms should implement appropriate controls to ensure these staff comply with the firm’s and their information-handling obligations.
Training – a firm must ensure that its staff are trained on the relevant regulatory and legal requirements and on the procedures and controls that the firm has implemented to comply with those requirements. The Commission would expect refresher training to be repeated from time to time.
What is “private side”? Can all staff on the "private side" of a Chinese Wall know the information on all of the deals the Corporate Finance Adviser is working on?
Private side of a licensed firm normally refers to groups that have access to inside company information that is not available to the public. These groups deal directly with clients and hence have access to inside information.
In the Commission’s view, corporate finance information should generally be restricted to those people who "need to know" it, e.g. in order to enable the firm to provide its services to the relevant corporate finance clients. Consequently, this may mean that corporate finance information should not be available to all staff on the "private side" of a Chinese Wall.
Are "wall crossings" permitted?
The Commission accepts that corporate finance information may sometimes be legitimately disclosed by persons within a firm’s corporate finance business unit to staff on the non-private side of a Chinese Wall and sometimes even to other clients, for example, to conduct "market soundings" in a placing – commonly described as a "wall crossing" or bringing someone "over the wall". However, such disclosures must be subject to proper controls, and must not be made if such staff or client has expressly or impliedly refused to be brought across the wall. In particular, this must be done on a "need to know" basis (e.g. because the recipients’ views on a transaction are needed) and the recipients must be subject to a duty of confidentiality such that they cannot use or disclose the information for their own or others benefit until the information becomes public or otherwise ceases to be price-sensitive. Firms should keep proper records of such wall crossings.
Are these FAQs relevant to the "Chinese Wall defence" to insider dealing (see sections 271(2) and 292(2)) under the Securities and Futures Ordinance (Cap.571)?
These FAQs are not directed at what firms must do to comply with the terms of the "Chinese Wall defence" to insider dealing, although clearly there are areas of overlap. Firms should obtain their own legal advice on the defence, as necessary.
Is this guidance relevant to other business areas?
These FAQs are aimed at Corporate Finance Advisers and their obligations under Paragraph 4.3 of the CFA Code. However, this is not the only business in which client confidential information or price sensitive information arises. Accordingly, all firms and staff should take note of the importance the Commission places on protecting client confidentiality and not mis-using confidential information.
1 Using or disclosing such information could be a breach of insider dealing prohibitions, whether in Hong Kong or overseas - see, for example, Sections 270 and 291 of the Securities and Futures Ordinance (Cap.571).
2 Confidential information has to be protected (i.e. not used or disclosed otherwise than as the client has agreed or as the law allows or requires). See, for example, section 307D(2)(b) and Paragraph 6.2 of the CFA Code. The firm may also have a general law duty of confidentiality to the client.
3 Broadly, regulatory "conflicts of interest" arise in the present circumstances in two broad situations: (i) a firm’s duty of confidentiality to client A conflicts with a duty to act in the best interests of client B where the latter duty requires the firm to use client A’s confidential information for client B’s benefit, and (ii) a conflict between the firm’s duty of confidentiality to a client and its own interests, e.g. of using the client’s information for its own benefit. Corporate Finance Advisers must try to avoid conflicts of interest, put clients’ interest first and ensure fair treatment for clients (see Paragraph 4 and 4.1 of the CFA Code, and General Principle 6 and Paragraph 10.1 of the Commission’s Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission).
4 Reference should be made to paragraph 67 of the Commission’s Guidelines on Disclosure of Inside Information whereby when a listed corporation avails itself of a safe harbour, confidentiality is not breached if information is given to an external party who needs the information to fulfil the persons’ duties and functions in relation to the corporation and provided that the person owes the corporation a duty of confidentiality. The information should be given on the basis that restricts its use to the stated purpose and the recipient should recognise the resulting obligations. The categories of persons who may receive the information including the following –
the corporation’s advisers and advisers of other persons involved in the matter in question;
persons with whom the corporation is negotiating, or intends to negotiate, any commercial, financial or investment transaction (including prospective underwriters or placees of the securities of the corporation);
the corporation’s lenders;
the corporation’s major shareholders; and
any government department, statutory or regulatory body or authority (e.g. SFC, Stock Exchange).
Last update: 12 Apr 2013