A proposed national security law for Hong Kong that will be drafted by government agencies in mainland China could pose heightened regulatory risks for financial institutions in the world's third largest financial hub after New York and London.
The National People’s Congress (NPC) of China recently announced that it will decree a new national security law into Hong Kong’s Basic Law, the territory’s de facto constitution, through a process that will bypass existing legislative processes for consultation and review.
Controversy and confusion have erupted over the proposed legislation as details regarding its scope and application have yet to be disclosed. Concerns that regulators in the United States could impose sanctions over the move, which is being seen by some governments as a breach of the US-Hong Kong Policy Act in addition to several international treaties, are ratcheting up regulatory risk and uncertainty for financial institutions.
Risks for cross-border businesses
Under the Basic Law, which was implemented by the NPC in 1990, Hong Kong maintains a separate judiciary, legal framework and process for law enforcement that is administered by local government agencies. These policies are also enshrined in the Sino-British Joint Declaration, a treaty signed between the United Kingdom and China in 1984 and later registered with the United Nations.
The law empowers government agencies in mainland China to administer mechanisms to “prevent and punish” acts that pose a risk to national security such as “subversion, terrorism, separatism and foreign interference”. The scope of punishable offences under the draft law has yet to be defined; however, the broad scope of national security laws in mainland China have posed legal conflicts and created regulatory compliance challenges for businesses.
The U.S. Securities and Exchange Commission (SEC) previously sanctioned China-based subsidiaries of the Big Four accounting firms for refusing to produce audit papers related to a fraud investigation involving Chinese companies that were listed on U.S. exchanges. The accountants alleged they were prohibited from turning the documents over because of national security laws in China.
Several pieces of legislation, including state secret laws and a law on providing judicial assistance to foreign regulators empower the Chinese government with broad discretion to act on grounds of national security.
More recently, three Chinese banks were found in contempt by US courts after they refused to produce records on correspondent banking transactions associated with accounts linked to company based in Hong Kong that allegedly laundered money for North Korea’s Foreign Trade Bank. The banks said Chinese law prevents them from complying with the subpoena.
These two series of enforcement actions exemplify some of the complex challenges that multinationals in China must contend with in their compliance efforts with national security laws.
Moreover, the definition of national security risks under Chinese law includes actions perceived to pose a threat to economic and market performance, compounding the regulatory and reputation risk for market misconduct and regulatory compliance deficiencies.
At present, it is unclear whether financial institutions in Hong Kong may, one day, face the same degree of risk.
Similarly, without additional information on the scope of subversion, disclosing information perceived to be unfavorable to the Chinese government could expose businesses and their employees to criminal liability. This uncertainty impacts crucial job functions in the financial industry such as audit and financial research, not to mention essential compliance tasks such as due diligence and risk assessment.
Sanctions contingency planning needed
The US government has made a determination that the law, and the proposed method to implement it, is a diminishment of Hong Kong’s judiciary and legislative autonomy as defined under the 1992 US-Hong Kong Policy Act. It has further threatened to impose sanctions on individuals in Hong Kong and in China, as well as on any banks that service sanctioned entities under the Hong Kong Human Rights and Democracy Act of 2019 (HKHRDA).
Moreover, the United States could also revoke its trade status with Hong Kong, which was premised on the territory maintaining a high degree of autonomy under the Policy Act. Revocation could have implications beyond tariffs and visas to include air service agreements and currency exchanges between the U.S. dollar and the Hong Kong dollar, which are currently freely exchanged.
Given uncertainty over the timeline and the scope of the national security law, financial institutions have limited options for risk mitigation planning; however, preparing contingencies and maintaining agility in sanctions compliance policies could provide some cushioning.
Financial institutions should consider conducting pre-emptive assessments on a plan of compliance for HKHRDA sanctions and any potential implications from the proposed national security law. Collaboration with compliance, risk managers and senior management is essential to determine which business functions could be affected and the systems needed to screen and implement additional sanctions responses. Customer data of potential politically exposed persons should also be screened to ensure that it is up to date. Maintaining accurate client information can further streamline processes that are automated.
Formulating plans and processes to manage difficult scenarios can decrease the risk that firms are caught flat footed by sudden policy changes.