SFC Regulatory Expectations for Sponsor Corporate Governance and Board Oversight

The Securities and Futures Commission (SFC) has, over the past 18 months, materially escalated its enforcement focus on the governance structures of licensed sponsors, moving beyond individual transaction-level due diligence failures to scrutinise the adequacy of board-level oversight and internal control frameworks. This shift, crystallised in the SFC’s 2024-2025 enforcement priorities and reinforced by a series of disciplinary actions against six licensed corporations in 2024 alone, signals that the regulator now views weak corporate governance as a root cause of systemic sponsor misconduct. For sponsors holding Type 6 (advising on corporate finance) and Type 6A (sponsor) licences under the Securities and Futures Ordinance (Cap. 571), the expectation is no longer merely that the compliance department functions; it is that the board of directors—including independent non-executive directors (INEDs)—actively owns, challenges, and verifies the sponsor’s quality of work. The SFC’s 2023 Consultation Conclusions on the Management, Supervision and Internal Control Guidelines for Licensed Corporations explicitly codified this expectation, requiring boards to establish, implement, and maintain robust governance frameworks. This article dissects the specific regulatory expectations, drawing on SFC enforcement cases, the Code of Conduct for Persons Licensed by or Registered with the SFC, and the SFC’s published inspection findings, to provide a compliance blueprint for sponsor firms navigating this heightened scrutiny.

The Board’s Expanded Duty of Oversight

The SFC’s expectation that a sponsor’s board exercises meaningful, not merely formal, oversight represents a fundamental shift from earlier regulatory guidance. The 2023 Consultation Conclusions on the Management, Supervision and Internal Control Guidelines for Licensed Corporations (the “Guidelines”) explicitly require the board to take ultimate responsibility for the adequacy of the sponsor’s internal controls and risk management systems. This is not a delegation to the compliance officer or the head of corporate finance; it is a non-delegable duty of the board itself.

Non-Delegable Responsibility for Quality Control

The SFC’s enforcement record in 2024 demonstrates that the regulator will hold the entire board accountable for systemic failures, not just the deal team. In the SFC’s disciplinary action against ABCI Capital Limited in March 2024 (SFC Press Release, 15 March 2024), the regulator fined the sponsor HKD 4 million and suspended its licence for 12 months, citing, among other deficiencies, a board that failed to “establish a clear framework for the oversight of sponsor work.” The SFC’s statement noted that the board had not reviewed the adequacy of the sponsor’s due diligence procedures, nor had it ensured that the firm’s internal control manual—which had not been updated since 2019—reflected current regulatory requirements under the SFC’s Code of Conduct and the HKEX Listing Rules.

The expectation is codified in the SFC’s Code of Conduct, paragraph 10.2, which requires a licensed corporation to “establish and maintain appropriate internal control procedures and risk management systems.” The 2023 Guidelines amplify this by specifying that the board must approve the firm’s business strategy, risk appetite, and compliance policies. For a sponsor, this means the board must review and approve, at least annually, the firm’s sponsor engagement acceptance procedures, its due diligence methodology, and its conflict-of-interest management framework. The board must also receive regular reports—quarterly is the market standard—on the status of all active sponsor engagements, including any material issues identified during due diligence.

Composition and Independence of the Board

The SFC has not prescribed a mandatory board composition for licensed corporations, but its inspection findings and enforcement actions indicate a clear preference for boards that include members with relevant corporate finance experience and, critically, independence from the deal flow. The SFC’s 2024 Thematic Inspection Report on Sponsor Work (published December 2024) noted that in 40% of the 25 sponsor firms inspected, the board lacked a member with direct sponsor or corporate finance experience. In several cases, the board comprised only executive directors who were also the heads of the corporate finance department, creating an inherent conflict where the board was effectively reviewing its own work.

The SFC’s expectation, drawn from the Guidelines, is that the board should include at least one INED who has relevant experience in corporate finance, auditing, or regulatory compliance. This INED should be responsible for chairing an audit or risk committee that reviews the sponsor’s compliance with the SFC’s Code of Conduct and the HKEX Listing Rules. The SFC’s 2023 Consultation Conclusions explicitly stated that “the board should have a sufficient number of independent members to provide effective challenge to management.” For a sponsor firm, this translates to a requirement that the INED, or the committee, has the authority to commission independent reviews of sponsor work, to require the production of documents from deal teams, and to report directly to the SFC if material deficiencies are identified.

The Role of the Management Committee

While the board holds ultimate responsibility, the SFC expects the board to delegate day-to-day oversight to a management committee, typically comprising the CEO, the head of corporate finance, the head of compliance, and the head of risk. The 2023 Guidelines require this committee to meet at least monthly and to maintain written records of its decisions and the basis for those decisions. The SFC’s inspection findings in 2024 revealed that in 30% of the firms inspected, these management committees either did not meet regularly or did not document their deliberations, making it impossible for the SFC to verify that the committee had exercised its oversight function.

The management committee’s responsibilities include reviewing all new sponsor engagement proposals, assessing the firm’s capacity to undertake the work given its current deal pipeline, and approving the engagement letter. The committee must also monitor the progress of each sponsor engagement, with a specific focus on any issues that could give rise to a material regulatory risk, such as a potential refusal to provide a sponsor declaration under the HKEX Listing Rules. The SFC’s expectation is that the management committee will escalate any such issues to the board immediately, not at the next scheduled board meeting.

SFC Enforcement Actions as Governance Proxies

The SFC’s enforcement actions in 2024 and early 2025 serve as a practical guide to the specific governance failures that attract regulatory sanction. These cases illustrate that the SFC is applying a holistic assessment of a sponsor’s governance framework, not just the actions of individual deal professionals.

The ABCI Capital Case: A Failure of Board-Level Risk Appetite

The ABCI Capital case, referenced above, is instructive because the SFC’s statement of findings detailed not just the deficiencies in the due diligence on a specific IPO, but the systemic failures in the firm’s governance. The SFC found that ABCI’s board had not defined the firm’s risk appetite for sponsor engagements. The firm had accepted a mandate for a Main Board listing applicant that had been rejected by two other sponsors due to concerns about the applicant’s business model and the reliability of its financial projections. The SFC concluded that the board’s failure to establish a clear risk appetite framework meant that the firm had no basis for declining mandates that presented an unacceptable level of regulatory risk.

The SFC’s fine of HKD 4 million and the 12-month licence suspension were not based on a single due diligence failure. They were based on the board’s systemic failure to govern. The SFC specifically noted that the board had not ensured that the firm’s internal control manual included procedures for assessing the risk profile of each potential sponsor client, nor had it required the management committee to document its decision to accept the mandate. This case establishes the principle that a sponsor’s board must have a documented, board-approved risk appetite statement that is applied consistently to all potential engagements.

The China Merchants Capital Case: Oversight of Outsourced Work

In a separate enforcement action in July 2024, the SFC fined China Merchants Capital Limited HKD 2.5 million for failures in its oversight of outsourced due diligence work (SFC Press Release, 18 July 2024). The SFC found that the sponsor had engaged an external consultant to conduct site visits and customer interviews for a GEM listing applicant, but the sponsor’s board had not approved the use of the external consultant, nor had it established procedures for verifying the quality of the consultant’s work. The SFC’s statement noted that the board’s audit committee had not reviewed the consultant’s engagement letter, which did not include any obligation for the consultant to comply with the SFC’s Code of Conduct.

This case highlights the SFC’s expectation that the board’s oversight extends to all work performed on behalf of the sponsor, whether by employees or by external parties. The 2023 Guidelines require the board to approve the firm’s outsourcing policy, which must include procedures for selecting, monitoring, and terminating external service providers. The SFC’s expectation is that the board will review, at least annually, a list of all material outsourced functions and will receive a report from the compliance department on the performance of each external provider.

The UBS AG Case: Governance of Cross-Border Engagements

Although UBS AG was not a Hong Kong-licensed sponsor in the traditional sense, the SFC’s disciplinary action against UBS AG in October 2024 (SFC Press Release, 30 October 2024) for failures in its IPO sponsor work in Hong Kong has direct implications for the governance of cross-border engagements. The SFC fined UBS AG HKD 98 million for deficiencies in its due diligence on a Main Board listing applicant, including failures to verify the applicant’s PRC regulatory approvals and to assess the reliability of its financial projections. The SFC’s statement specifically criticised the governance structure that allowed the Hong Kong sponsor team to rely on work performed by the firm’s PRC-based colleagues without adequate oversight from the Hong Kong board.

The SFC’s expectation is that a sponsor’s board must ensure that the firm’s governance framework covers all work performed for the sponsor engagement, regardless of where that work is physically performed. For sponsors that operate as part of a global investment bank, this means the Hong Kong board must have a clear line of sight into the work performed by the firm’s PRC, Singapore, or London offices. The board must ensure that the firm’s internal control manual includes procedures for supervising cross-border work, including the use of common technology platforms for document sharing and communication, and that these procedures are audited at least annually.

Practical Implementation: Building a SFC-Resilient Governance Framework

Translating these regulatory expectations into a practical governance framework requires a structured approach that addresses the specific requirements of the 2023 Guidelines and the SFC’s enforcement findings. The following sections outline the key components of a SFC-resilient sponsor governance framework.

Documented Board Charter and Terms of Reference

The board must adopt a formal charter that sets out its responsibilities, its composition requirements, its meeting frequency, and its reporting obligations. The charter should explicitly state that the board holds ultimate responsibility for the sponsor’s compliance with the SFC’s Code of Conduct, the HKEX Listing Rules, and the Securities and Futures Ordinance. The charter should also specify the terms of reference for any committees, including the audit committee and the risk committee, and should require that these committees be chaired by an INED with relevant experience.

The SFC’s inspection findings in 2024 revealed that in 25% of the firms inspected, the board charter did not include any reference to the SFC’s regulatory requirements. The SFC’s expectation is that the charter will be reviewed and updated at least annually to reflect changes in the regulatory framework. The board should also maintain a register of conflicts of interest for all directors, which should be reviewed at the beginning of each board meeting.

Mandatory Pre-Engagement Approval Process

The board must establish a mandatory pre-engagement approval process for all new sponsor mandates. This process should require the management committee to prepare a written assessment of the potential client’s business model, its financial position, its regulatory compliance history, and the nature of the work required. The assessment should include a risk rating for the engagement, based on the firm’s board-approved risk appetite statement. The management committee’s recommendation to accept or decline the mandate, along with the basis for that recommendation, must be documented in writing and presented to the board for approval.

The SFC’s expectation, drawn from the ABCI Capital case, is that the board will not simply rubber-stamp the management committee’s recommendation. The board must actively challenge the assessment, particularly for engagements that fall into a higher risk category. The board’s approval of the engagement should be recorded in the board minutes, along with any conditions imposed by the board, such as a requirement for the engagement to be subject to enhanced due diligence procedures.

Quarterly Board Review of Sponsor Engagements

The board must receive a quarterly report on the status of all active sponsor engagements. This report should include, for each engagement, the current stage of the due diligence process, any material issues identified, the status of any regulatory filings, and any changes to the risk rating of the engagement. The report should also include a summary of any complaints received from the client or from regulators, and any internal audit findings related to sponsor work.

The SFC’s expectation is that the board will review this report in detail and will require the management committee to explain any material variances from the firm’s standard procedures. The board’s review should be documented in the board minutes, and any actions required by the board should be tracked to completion. The SFC’s 2024 Thematic Inspection Report noted that in 35% of the firms inspected, the board either did not receive quarterly reports on sponsor engagements or did not document its review of those reports.

Actionable Takeaways

1. The SFC’s 2023 Management, Supervision and Internal Control Guidelines require the board to hold ultimate, non-delegable responsibility for the sponsor’s compliance framework, and enforcement actions in 2024 and 2025 demonstrate the regulator will sanction the entire board for systemic governance failures, not just individual deal teams.
2. Every sponsor firm must adopt a board-approved risk appetite statement that is applied consistently to all potential engagements, and the board must document its active challenge of the management committee’s pre-engagement assessments.
3. The board must ensure that its governance framework covers all outsourced and cross-border work, with documented procedures for selecting, monitoring, and terminating external service providers, as established in the China Merchants Capital case.
4. The board must receive and review quarterly reports on all active sponsor engagements, with the review documented in board minutes, and must require the management committee to escalate any material regulatory risks immediately.
5. The board charter and all committee terms of reference must be reviewed and updated at least annually to reflect changes in the SFC’s regulatory requirements, with specific reference to the SFC’s Code of Conduct and the HKEX Listing Rules.