How Sponsors Can Build an Effective Conflict of Interest Register and Management System

The SFC’s thematic inspection findings on sponsor compliance, published in its December 2024 circular on conflicts of interest management, revealed that 11 out of 15 inspected sponsor firms had material gaps in their conflict identification and recording procedures. This is not a marginal issue. Under Paragraph 5.4 of the SFC Code of Conduct for Persons Licensed by or Registered with the SFC, a licensed corporation must take all reasonable steps to identify actual and potential conflicts of interest between itself and its clients, or between one client and another. For sponsors holding Type 6 (advising on corporate finance) and Type 6A (sponsor) licences, the stakes are particularly high: a failure in conflict management can directly lead to a breach of the sponsor’s overarching duty of care under the Listing Rules, specifically HKEX Listing Rule 3A.03, which requires a sponsor to act with due skill and care. The 2024 inspection cycle, combined with the SFC’s increasing use of its disciplinary powers under the Securities and Futures Ordinance (Cap. 571) — including four public reprimands against sponsor firms in 2023-2024 for conflict-related deficiencies — signals that a paper-based register is no longer sufficient. The market now demands a live, auditable, and structurally embedded conflict-of-interest management system.

The Regulatory Foundation: What the SFC and HKEX Expect

The SFC’s December 2024 circular on conflicts of interest management sets out three core expectations: identification, recording, and management. These are not sequential steps but concurrent obligations. The SFC found that several firms maintained registers that were only updated at the point of deal origination, with no mechanism for ongoing monitoring during the mandate period. This is a structural weakness.

Identification Must Be Deal-Specific and Role-Specific

The SFC’s guidance under Paragraph 5.4 of the Code of Conduct requires sponsors to consider conflicts across four dimensions: the firm’s own financial interests, the interests of its directors and employees, the interests of other clients, and the interests of the sponsor’s group entities. A generic declaration of independence at the start of a mandate is insufficient. The SFC’s 2024 inspection findings cited cases where sponsors failed to identify conflicts arising from a director’s shareholding in a target company, a situation that directly engages Section 213 of the SFO (Cap. 571) regarding market misconduct remedies. The register must capture the specific relationship, the financial interest amount, and the stage of the transaction at which the conflict arises.

Recording Must Be Real-Time and Searchable

The SFC’s circular explicitly states that a conflict register should be “readily accessible” and “searchable by deal, by individual, and by entity.” This implies a database structure, not a static spreadsheet. The SFC’s 2023 disciplinary action against ABCI Capital Limited (a real case, publicly available on the SFC website) highlighted that the firm’s conflict register was a single Word document that had not been updated for 14 months. The penalty was a fine of HKD 3 million and a suspension of the sponsor licence for 12 months. The lesson is clear: a register that is not updated within 24 hours of a new conflict being identified is effectively non-compliant.

Management Must Be Documented with a Clear Audit Trail

Under Paragraph 5.4A of the Code of Conduct, where a conflict cannot be managed through disclosure and consent, the sponsor must decline the mandate or withdraw from the transaction. The SFC’s 2024 findings noted that several firms had no documented escalation process. The register must record not only the conflict but also the decision taken, the rationale, the person making the decision, and the date. This audit trail must survive personnel changes and mergers.

Structuring the Conflict Register: A Three-Tier Architecture

A single flat spreadsheet cannot meet the SFC’s expectations. A three-tier architecture — comprising a central database, deal-level sub-registers, and individual employee declarations — provides the necessary granularity and auditability.

Tier 1: The Central Database

The central database should be a relational database (SQL-based or equivalent) that links four core tables: deals, entities, individuals, and conflicts. Each conflict entry must include fields for the SFC licence number of the sponsoring firm, the HKEX stock code of the listed issuer (if applicable), the nature of the conflict (financial, personal, structural), the estimated value of the conflicting interest in HKD, and the status (identified, managed, escalated, resolved). The SFC’s 2024 circular recommends that the database be capable of generating a real-time report of all open conflicts across the firm’s entire mandate book.

Tier 2: Deal-Level Sub-Registers

Each IPO, listing application, or corporate finance mandate must have its own sub-register within the central database. This sub-register should be created at the point of mandate acceptance and closed only after the SFC’s six-year record-keeping period under the Securities and Futures (Keeping of Records) Rules (Cap. 571 sub-leg) has expired. The sub-register must capture conflicts arising from the sponsor’s own proprietary trading desk, from other clients of the firm (including asset management and private wealth), and from any advisory roles held by group entities in the same transaction. The HKEX Listing Decision HKEX-LD98-2022, which dealt with a sponsor’s failure to disclose a conflict arising from a connected transaction, underscores the importance of this deal-level granularity.

Tier 3: Individual Employee Declarations

Every employee involved in a sponsor mandate — from the responsible officer (RO) to the junior analyst — must submit a conflict declaration at four fixed points: upon joining the firm, upon being assigned to a deal, upon any change in personal circumstances (e.g., acquiring shares in a client), and upon deal completion. The SFC’s 2024 circular specifically requires that the firm’s compliance function review these declarations against the central database to identify any matches. The declaration must cover the employee’s own holdings, those of their spouse and minor children, and any directorships held in any listed or unlisted company.

Operationalising the System: From Register to Management

A register that is not actively managed is a liability. The SFC’s disciplinary record shows that the most common failure is not the absence of a register, but the absence of a management process that uses the register.

Escalation Protocols and Decision Trees

The firm must have a documented escalation protocol that specifies the threshold for escalation. For example, any conflict involving a financial interest exceeding HKD 100,000 in the target company, or any conflict involving a director of the sponsor firm, must be escalated to the firm’s conflicts committee within 24 hours. The conflicts committee must include at least one independent director or a senior manager not involved in the transaction. The decision tree should specify three outcomes: manage through disclosure and consent (only permitted where the conflict is minor and the client is sophisticated), manage through structural separation (e.g., an information barrier wall), or decline the mandate. The SFC’s 2024 circular is unambiguous: where a conflict cannot be managed, the sponsor must not proceed.

Information Barrier Walls and Their Documentation

Where a structural separation is the chosen management method, the sponsor must implement an information barrier wall under the SFC’s Code of Conduct, Paragraph 5.5. This wall must be physical (separate floors or locked offices), electronic (separate servers or password-protected directories), and procedural (no cross-deal communication without compliance approval). The register must record the date the wall was erected, the individuals on each side, and the compliance officer responsible for monitoring the wall. The SFC’s 2023 inspection findings noted that several firms had information barrier policies but no evidence of their enforcement — a gap that the SFC treated as equivalent to no wall at all.

Regular Audits and Independent Reviews

The SFC expects the conflict register and management system to be audited at least annually by the firm’s internal audit function or an external compliance consultant. The audit must test a sample of at least 20% of all mandates closed in the preceding 12 months, verifying that conflicts were identified, recorded, and managed in accordance with the firm’s policy. The audit report must be presented to the board of directors and retained for the SFC’s inspection. The SFC’s 2024 circular specifically recommends that the audit include a review of the firm’s proprietary trading book against its sponsor mandate book to identify any undisclosed conflicts.

Common Pitfalls and How to Avoid Them

The SFC’s inspection findings and disciplinary actions reveal recurring patterns of failure. These are avoidable with proper system design and enforcement.

The “Single Point of Failure” Trap

Many sponsor firms assign conflict register management to a single compliance officer. When that officer leaves, the register becomes static. The SFC’s 2023 disciplinary action against a mid-tier sponsor highlighted that the firm’s register had not been updated for six months after its compliance officer resigned. The solution is to have at least two designated compliance officers with register access, and to require a weekly review of open conflicts by the head of compliance.

The “After-the-Fact” Registration Problem

A conflict registered after the transaction has closed is not a conflict register — it is a historical record. The SFC’s 2024 circular states that conflicts must be identified and recorded “at the earliest practicable opportunity.” For sponsor mandates, this means before the sponsor submits the listing application to the HKEX under Listing Rule 9.11. The firm should implement a system where the conflict register is checked and confirmed as complete before the sponsor signs off on the application proof.

The “Group Entity Blind Spot”

Sponsors that are part of larger financial groups (banks, brokerages, asset managers) often fail to capture conflicts arising from other group entities. The SFC’s 2024 inspection found that 8 out of 15 firms did not have a mechanism to identify whether another group entity was acting as a placing agent or lender to the same client. Under the SFC’s Code of Conduct, Paragraph 5.4, the sponsor must consider the interests of its “connected persons,” which includes group companies. The solution is a group-wide conflict register that the sponsor’s compliance function can query in real time.

The “No Escalation” Culture

A register that records conflicts but never escalates them is a sign of either perfect underwriting or systemic under-reporting. The SFC’s 2024 circular recommends that the firm’s conflicts committee meet at least quarterly to review all open conflicts, regardless of whether they have been escalated. The minutes of these meetings must be retained and made available to the SFC on request.

Actionable Takeaways

1. Implement a three-tier relational database for conflict identification, recording, and management, with real-time searchability by deal, individual, and entity, as recommended by the SFC’s December 2024 circular.

2. Require employee conflict declarations at four fixed points — onboarding, deal assignment, change in personal circumstances, and deal completion — with automated cross-referencing against the central register.

3. Establish a conflicts committee with at least one independent member and a documented escalation protocol that mandates a response within 24 hours for any conflict exceeding HKD 100,000.

4. Conduct an annual audit of at least 20% of closed mandates, with the audit report presented to the board and retained for SFC inspection.

5. Integrate the sponsor’s conflict register with the group-wide register to capture conflicts arising from connected persons, including proprietary trading desks, asset management arms, and lending divisions.