CGj reviews four recent additions to the guidance note series of the Institute, two of which give advice on issues pertaining to merger and acquisition (M&A) transactions, notably those involving share transfers, while two spotlight the ethical themes relating to digital transformation.

Governance professionals are now expected to cover a far wider range of topics than ever before. They must be able to provide high-level advice and insights into such far-flung areas as the potential legal and business risks arising from change of control events in M&A transactions, technical compliance issues, ethical concerns linked to digital transformation, and fraud investigation and prevention.

The Institute’s guidance notes, issued through its seven Interest Groups set up under the Technical Consultation Panel in June 2016, are designed to assist the governance professional to understand the full gamut of pertinent matters, and to relay practical and easy-to-assimilate information. In this article, CGj offers a snapshot of four recent guidance notes. 

Share transfers: change of control

The seventh guidance note issued by the Takeovers, Mergers and Acquisitions Interest Group, in November 2021, examines change of control (COC) events in relation to M&As, especially those involving share transfers. As part of the overall due diligence necessary in such cases, and to help manage related legal and business risks, the governance professional should be aware of the issues involved in COC events and – where listed companies are involved – be knowledgeable about the regulatory compliance requirements. 

This guidance note looks at what governance professionals would need to know about the potential triggering of COC provisions under third-party agreements, and outlines the aims, definitions and implications of COC provisions; how they can guard against the risk of incompatibility with a new management team following a COC of a target company and its holding companies; some possible exclusions under a COC agreement; and various potential risks, including existing contractual obligations of the target company group and potential commercial risks, as well as ways to mitigate such risks to ensure the acquirer in an M&A is able to receive all benefits of the target’s contracts.

Further requirements for listed companies

In addition, governance professionals need to be aware of the possible impact of a proposed acquisition of the shares of a listed company and the resulting obligations under the Hong Kong Code on Takeovers and Mergers (the Code) administered by the Securities and Futures Commission. General Principle 2(2) of the Code provides that if control of a company changes, or is acquired or consolidated, a general offer must normally be made to all other shareholders, while a mandatory offer needs to be extended to all shareholders of a target company under Rule 26 of the Code for designated transactions.

The guidance note also calls attention to the reverse takeover (RTO) Rules under the Listing Rules, with which The Stock Exchange of Hong Kong Ltd (the Exchange) seeks to prevent ‘backdoor listings’ by investors acquiring controls of listed issuers for their listing platforms, and sets out the six factors that the Exchange will normally weigh up when determining whether an acquisition or a series of acquisitions constitutes a reverse takeover. The Exchange will also check a number of other factors to assess whether there has been a change in control or de facto control. As stated in the guidance, ‘The Exchange will treat a listed issuer proposing a reverse takeover as if it were a new listing applicant. The acquisition targets and the enlarged group must meet all the relevant listing requirements.’ 

Share transfers: stamp duty

The theme is further elucidated in the Interest Group’s eighth guidance note, also issued in November 2021, which gives a synopsis of the stamping of share transfers in private M&A transactions. Intensifying international concerns about tax evasion means that the governance professional needs to grasp the overall tax effects of any potential M&A transaction involving share transfers.

Stamp duty is charged on the sale or purchase of any Hong Kong stock, where ‘stock’, as defined by the Stamp Duty Ordinance (Cap 117) (SDO), covers a broad definition, including shares, stocks, debentures, loan stocks, funds, bonds, notes, units under a unit trust scheme and any rights to subscribe for any stock (excluding employees’ share options). ‘Sale and purchase’ of stock includes an exchange of shares (such as share-to-share swaps), but excludes the allotment of shares.

Since 1 August 2021, the stamp duty rate on contract notes for the sale or purchase of any Hong Kong stock is 0.13% of the higher of the consideration or its value on every bought note and every sold note. In effect, the stamp duty rate is 0.26% of the consideration or the value of the shares (whichever is higher).

The SDO does provide some options for stamp duty exemptions or relief. In the context of M&As, intracompany transactions are entitled to stamp duty relief, under certain conditions, but only for associated bodies corporate, and only when the transferor and transferee remain associated for at least two years.

Contract notes and instruments of transfer of unquoted shares should be presented to the Stamp Office for stamping – which can also be done online via the e-Stamping service – while other specified documents must also be submitted for the assessment of the amount of stamp duty payable. Contract notes for the sale or purchase of any Hong Kong stock have to be stamped within two days after the sale or purchase if effected in Hong Kong, or within 30 days after the sale or purchase if effected elsewhere. 

Penalties for late stamping will be imposed, although there is a mechanism in place whereby the Collector of Stamp Revenue may remit partly or wholly the penalty payable, depending on individual circumstances and with appropriate documentation. Allotments and other methods can also be used to minimise stamp duty payments – which could be significant depending on the size of the transaction – and so appropriate professional advice should be sought.

Remote working: overarching ethical dimensions

In the face of business disruption forced by events such as Covid-19, remote working has become increasingly prevalent amongst organisations. Today’s technological advancements have undoubtedly brought benefits such as overcoming geographical barriers, reducing office expenses and allowing employees a greater autonomy. However, the digital transformation of today’s working environment does not come without significant challenges, not least from the ethical perspective. 

It is this ethical perspective allied to digital transformation, along with a consideration of the necessary elements of an internal control mechanism, that is the focus of the eighth guidance note issued in January 2022 by the Ethics, Bribery and Corruption Interest Group, whereas their ninth guidance note – also issued that same month – provides an overview of associated ethical values and fraud prevention measures.

In this section, we summarise the overarching ethical dimensions discussed in the eighth guidance note, and suggest how these principles are important for the governance professional to understand, in order to better assist their organisation and people through the complexities of digital transformation. 

Five recurrent ethical themes

Digital transformation can involve a number of jurisdictions, and ethical standards can vary according to location, industry, organisation and individual. However, the following five standards – which are consistent with the Institute’s own Code of Professional Ethics and Conduct, as well as the Code of Ethics for Professional Accountant of the Hong Kong Institute of Certified Public Accountants – are a useful and widely adopted rule of thumb when appraising ethical thinking and behaviour.

  • integrity and objectivity
  • professional competence and due care
  • professional behaviour
  • transparency, and
  • confidentiality.

Remote working and an internal control mechanism

Apart from having a good grasp of the overarching ethical standards made necessary by digital transformation, the governance professional should advise their organisations and people on various aspects of remote working – in particular, having an appropriate internal control mechanism in place to ensure good business ethics. 

Control mechanism plus human oversight. As the guidance note states, ‘the governance professional should start by ensuring that there is an understanding that having a strong internal control framework is critical for the success of a digital transformation’, whether the people involved are working in the office or remotely, or a combination of both. 

To control against fraud and risk of error, segregation should be introduced for duties, authorisations and approvals, as well as for physical and IT security, while no one person should have control over an entire process – all of which becomes more difficult with remote working. A clear internal control mechanism needs to be firmly established to address these and other issues, tailored to each organisation’s needs and situation. 

However, the framework’s policies and procedures in themselves are not enough – there also needs to be in-person supervision and communication to better monitor and support employees. 

Safeguarding data security. Not all companies are in a position to provide their employees with devices when working remotely, which has resulted in a ‘bring-your-own-device’ (BYOD) situation in many cases. Without proper internal controls, this can pose a serious data security risk when employees use their devices to access their organisation’s networks and systems. 

The governance professional should therefore be aware that preventive and detective controls need to be installed or programmed into the employees’ personal device(s) for BYOD to be deemed safe.

Communicating virtually. In a remote working situation – where interactions between people in an organisation are necessarily curtailed – virtual communication applications and cloud-based platforms are invaluable for team collaboration and information exchange. However, without proper controls, virtual meetings can be attended by unintended participants, with potential loss of shared details and documents, and there is scope for possible information leakage and employee misconduct. 

Staff well-being. Apart from the ethical concerns and IT exposures outlined above, the governance professional will also need to be aware of the latent danger of staff becoming anxious, stressed or isolated when working remotely, with a detrimental impact on their work–life balance. This in turn can lead to employees losing their sense of belonging and loyalty to an organisation, becoming less careful about risks involved in working away from the office, or even, as the guidance note suggests, becoming ‘more prone to engaging in self-serving actions’. Careful monitoring, and greater support and awareness of this scenario, is therefore something else to be considered when identifying some of the issues involved with digital transformation of the workplace. 

Remote working: fraud dimensions

The ninth guidance note issued by the Ethics, Bribery and Corruption Interest Group expands on the topic of remote working, focusing on ethical value and fraud prevention in relation to digital transformation.

Relationship between ethical values and unethical or fraudulent activities

The governance professional is reminded that the occurrence of unethical or fraudulent activities is often based on what is termed the ‘fraud-triangle’, made up of three elements, as set out below:

Opportunity. Organisations should evaluate, identify and close any loopholes that could provide an opportunity for someone to engage in unethical or fraudulent activities. Remote working affords additional opportunities, especially if there are any loose data control measures, weak system identity authentication, inadequate password encryption or poor corporate governance oversight.

Pressure and incentive. While opportunity sets the backdrop for fraud, pressure and incentive are the elements that give purpose and motivation for a relevant person to engage in unethical or fraudulent activities. Remote working can give rise to increased pressure and incentive, including from unreasonable performance targets and negative emotions resulting from the isolation from a physical working environment.

Rationalisation. This is the process employed by a relevant person in justifying his or her unethical or fraudulent activities, or the belief that one’s actions do not violate ethical values or are at least ‘acceptable’ in the circumstances. This can be exacerbated in a remote working setting. 

Mitigation in response to remote working challenges

The chance of unethical or fraudulent activities taking place in an organisation has been shown to decrease proportionately with an increase in ethical values being instilled into employees. With the help of the governance professional, the fraud-triangle can be deterred effectively through the following high-level, pragmatic actions:

Leadership: organisations should draft policies and procedures relating to the remote working environment to serve as a guide to employees, while leaders should set the tone from the top to express the shared responsibility involved in digital transformation and their trust in their employees.

Work environment: the processes and procedures normally adopted in a work environment will have to be redesigned for remote working, while a safe and appropriate channel for reporting and escalating should be made available to employees to bring to light potential unethical or fraudulent activities without fear of potential retaliation. The company’s IT team also plays an important role in ensuring a smooth transition to a secure remote working situation. 

Employee collaboration: when not working together in an office setting, barriers may arise between mangers and team members. Ongoing communication via regular group or one-to-one online meetings can help to build harmonious working relationships, avoid emotional burnout and adjust work allocation, and, more appositely, help address any issues that might give rise to unethical or fraudulent activities before they happen. 

Turning remote working into a plus

The governance professional is well placed to help foster an ethical mindset and a sense of mutual trust in their organisation, which sets the foundation for establishing a fit and proper system of internal controls, thereby making the best of remote working arrangements.

The digital transformation from a traditional physical office to a remote working environment, if handled correctly, can create more track records and evidence to strengthen an organisation’s fraud detection and investigation capabilities. In addition, with no limitations on physical location brought about by digital transformation, organisations can attract, recruit and engage talent from around the world. 

The guidance notes reviewed in this article are available under the Thought Leadership section of the Institute’s website: 


SIDEBAR: Credits

The Institute would like to thank everyone involved in the guidance notes reviewed in this article, in particular the members of the Institute’s Interest Groups set out below. 

Takeovers, Mergers and Acquisitions Interest Group

Michelle Hung FCG HKFCG (Chairman), Dr David Ng FCG HKFCG, Henry Fung, Kevin Cheung, Lisa Chung, Patrick Cheung and Philip Pong. Gratitude is expressed to Patrick Cheung, Partner, Holman Fenwick Willan, as the author of this paper.

Ethics, Bribery and Corruption Interest Group

Dr Brain Lo FCG HKFCG (Chairman), Anna Lam, Jeremy Birch, Michael Chan, Ralph Sellar and William Tam ACG HKACG. Gratitude is expressed to William Tam ACG HKACG, Partner, Deloitte China, as the author of this paper.

Mohan Datwani FCG HKFCG(PE), Institute Deputy Chief Executive, serves as Secretary to the Institute’s Interest Groups. If you have any comments and/or suggestions relating to the Institute’s Interest Groups, he can be contacted at: