(i) AFRC published an article “Safeguarding auditor independence: concerns surrounding procurement and purchases from audit clients”. (Press release, Article)

(Background/framework of auditor independence:The Code of Ethics for Professional Accountants; Hong Kong Standard on Quality Management 1).

Audit committees should review and monitor auditor independence and objectivity, not purely relying on audit firms’ self-declaration. There is a list of questions that audit committees should ask. (P.12)

What you should do

Audit committees

• Set the right tone to guard auditor independence

  • Stress and communicate to management

  • Auditor (at the firm/ individual level) not be offered any preferential treatment

  • E.g. pricing, product availability/accessibility

• Where significant transactions

  • Should diligently review such transactions

• Proactive oversight through open communication with auditors and scrutiny

(ii) SFC instituted proceedings in the Market Misconduct Tribunal against (1) Dickson Concept’s executive chairman (Dickson Poon) for alleged insider dealing (s. 270 of the Securities and Futures Ordinance (SFO)), (2) Dickson Concepts for alleged late disclosure of inside information (s.307B, SFO), (3) Dickson Poon and his son (Executive director) Pearson Poon for alleged failure to properly perform an officer’s duty to prevent a breach of disclosure requirement by Dickson Concepts (s.307G, SFO). (Press release)

Allegations:

• 20 Nov 2019: Paypal Holdings announced it had agreed to acquire Honey Science Corporation (Target) for around US$4 billion

• Dickson Concepts held around 3.73% of Target’s issued shares (booked as “Unlisted equity securities” under “Other Financial Assets”, without reference to Target)

• 28 Nov – 19 Dec 2019: while in possession of inside information about the proposed acquisition, Dickson Poon purchased 2,756,500 shares of Dickson Concepts via the securities account of an investment vehicle

• (7 weeks later) 9 Jan 2020: Dickson Concepts announced the proposed acquisition, and its gain of around $928.7m on disposing the shares

• 10 Jan 2020: Dickson Concepts shares rose by around 33.3%

(iii) SFC obtained a disqualification order in the Court of First Instance against the former CFO and Executive director of Fujian Nuoqi Co., Ltd. (Press release).

The case involved withdrawal of around 95% of the company’s IPO net proceeds (around RMB 225m) by its former chairman shortly after its listing, without board approval and did not serve any genuine commercial rationale. Despite this, the former CFO inserted a paragraph in the company’s financial statements that unused IPO proceeds have been deposited in HK licensed banks and would be used as outlined in its prospectus.

The former CFO admitted his failure to discharge his duties to:

(1) oversee the accounting and finance functions of the company, (2) advise and assist its board of directors, (3) supervise the preparation of its accounts and financial reports and ensure proper corporate governance.

He would be disqualified for 3 years, from acting as a director, liquidator, receiver or manager of the property or business of any corporation in HK, or being involved in the management of any corporation in HK.

(iv) SFC welcomes the publication of a voluntary code of conduct by an industry-led working group for ESG ratings and data products providers providing products and services in HK. (Press release, Code of conduct)

The voluntary code will establish a benchmark for the provision of high quality, reliable and transparent ESG information to combat greenwashing in HK’s growing green and sustainable finance ecosystem.

ESG ratings and data products providers who signed up to the code will be expected to make available publicly a self-attestation document, which explains their approach and actions taken to adhere to the principles of the code.

(v) The Privacy Commissioner for Personal Data (PCPD) published an investigation report on data breaches of the South China Athletic Association.  (Press release)

The association submitted a data breach notification to PCPD, that its servers had been attacked by ransomware and maliciously encrypted. Personal data of 72,315 members of the association were affected.

The investigation revealed that the hacker installed malware on one of the servers in Jan 2022, but without further malicious activities. In Mar 2024, the hacker (through the malware) installed remote control software and carried out malicious activities.

What you should watch out for:

Deficiencies identified by PCPD

• Accidental exposure of the relevant server to the Internet, which significantly raised the risk of cyber attack

• Lack of effective detection measures in the information systems to identify the malicious activities of the hacker conducted in 2022

• Failure to enable multi-factor authentication for administrator accounts, which allowed the hacker to access the operating system

• Absence of regular risk assessments and security audits

• Lack of offline data backup solutions

(vi) Competition Commission welcomed the amendments made by BYD to its car warranty manual, which clarify that maintenance and repairs of BYD vehicles (including the traction battery) can be conducted at non-authorised service providers without invalidating the warranties. (Press release)

The Commission considers that such amendments will facilitate greater competition among car maintenance and repair service providers.