CSj highlights the latest additions to the guidance note series of The Hong Kong Chartered Governance Institute (the Institute), providing guidance on the new inspection regime for Hong Kong's Companies Register.

The Companies Ordinance rewrite exercise, which culminated in the proposed new Companies Ordinance in 2014, contained certain proposals to restrict public searches and hence access to the personal data of company officers required under the predecessor ordinance. These included the usual residential addresses (URAs) and full identification numbers (IDNs) of directors and company secretaries (together, the Protected Information). 

The part of the proposals allowing company secretaries not to disclose their URAs, but rather their correspondence addresses, was not controversial and was accordingly promulgated. However the other proposals to restrict access to the Protected Information of directors and company secretaries met varying degrees of opposition, especially relating to partial, as against full, disclosure of directors’ IDNs. Despite the Institute’s view that the proposals were balanced and acceptable, they were not promulgated until now, in 2021, some seven years later.

The new inspection regime

In 2021, the HKSAR Government set out seven pieces of subsidiary legislation to implement the new inspection regime. To enhance the privacy of company officers, there will be restrictions applied to public searches of internal company records in 2021 and redaction of new company filings, followed by the ability to make withholding applications for documents already filed with the Companies Registry (CR) in three phases, spanning August 2021 to December 2023 (see ‘Implementation timing’). 

Since the new arrangements have significant implications for governance professionals, both in terms of the practical compliance issues to be addressed and the need to update directors on the implications of the changes, the Institute published its Guidance Note on Promulgation of Companies Ordinance Provisions for a New Inspection Regime to Enhance Privacy Rights of Directors and Other Officers in August 2021. 

The guidance, authored by Mohan Datwani FCG HKFCG(PE), Institute Deputy Chief Executive, under the guidance of Edith Shih FCG(CS, CGP) HKFCG(CS, CGP)(PE), The Chartered Governance Institute Immediate Past International President, and Institute Past President; Executive Director and Company Secretary, CK Hutchison Holdings Ltd, gives practical advice to governance professionals relating to the implementation of Hong Kong's new inspection regime.

Following a webinar on these issues delivered by Ms Shih and a team of interns (see end note), the Institute received a number of member questions. This led to a second guidance note being published in October 2021 (Guidance Note on Promulgation of Companies Ordinance Provisions for a New Inspection Regime to Enhance Privacy Rights of Directors and Other Officers – Member Q&As) addressing the specific issues raised by members. This article summarises the Institute’s guidance on the issues raised by members.

Does the new inspection regime affect non-Hong Kong companies registered in Hong Kong, or only those incorporated in Hong Kong? 

Phase 1 of the new inspection regime (see ‘Implementation timing’), which commenced on 23 August 2021, only applies to Hong Kong incorporated companies. Both Phases and 2 and 3 apply to both Hong Kong incorporated and registered overseas companies.  

Phase 1 only applies to Hong Kong incorporated companies because it relates to the internal registers kept by Hong Kong incorporated companies established under, and in accordance with the requirements of, the Companies Ordinance. Since the Protected Information can still be found in the Companies Register kept by the CR, however, there is no real protection afforded to the Protected Information under Phase 1. The Institute’s guidance suggests that companies should still consider withholding access to the Protected Information to prepare for the implementation of Phase 2.

Following commencement of Phase 2, the CR’s index of documentary filings will not show the URAs and full IDNs of directors, nor the full IDNs of company secretaries. The underlying documents filed before the commencement date of Phase 2, that is filed before 24 October 2022, will still be shown. When Phase 3 commences on 27 December 2023, however, the individuals concerned may apply to the CR to withhold from public inspection their protected information registered with the CR prior to 24 October 2022.

Only the Specified Persons set out under applicable regulation (including data subjects, members of the company, liquidators, trustees in bankruptcy, a public officer or public body and various professional practitioners) will continue to have access to the full Protected Information. 

What actions need to be taken after the implementation of Phase 1 with respect to companies' own registers?

Actions after the implementation of Phase 1 are optional. If companies wish to withhold the Protected Information from public (and member) searches, a duplicate of the Register of Directors (ROD) should be created with directors’ URAs replaced by correspondence addresses. Likewise, the full IDNs of directors and company secretaries should be replaced by partial IDNs in the duplicate ROD and Register of Company Secretaries (ROCS) respectively. The original ROD and ROCS should be preserved and updated when necessary with the Protected Information. In short, the company will have two versions of their ROD and ROCS, an original and a duplicate for public (and member) searches.

If the optional withholding of the Protected Information under Phase 1 is not adopted, current directors will still need to be consulted for their correspondence addresses need to be inserted into the ROD.

Do directors’ correspondence addresses have to be Hong Kong addresses? If not, do they have to be in the same jurisdiction as the URAs they replace?

There is no requirement for the correspondence address to be a Hong Kong address, nor in the same jurisdiction as the URA. Nevertheless, according to Section 115A(6) of Schedule 11 to the Companies Ordinance, upon the commencement of Phase 1 on 23 August 2021, the company’s registered office address is to be regarded as the correspondence address of a director until the date on which the company enters the director’s correspondence address in the ROD, or the first annual return date of the company on or after the commencement of Phase 2, whichever is the earlier.

When Phase 2 commences, if the registered office is not the correspondence address, but another address, this information should be filed with the CR within 15 days. The relevant form for the filing has not yet been published. The CR is preparing new/revised forms for use to facilitate the implementation of Phase 2 of the new inspection regime. The new/revised forms will be introduced as soon as practicable with a view to allowing companies and corporate service providers to have sufficient time to prepare for the changes. 

If a Mainland ID number is given in an annual return, how will the partial IDNs be displayed?

There are no provisions under the Companies Ordinance requiring the filing of a Mainland ID number in an annual return. Insofar as ID numbers are concerned, an annual return must contain, in respect of each director and company secretary who is a natural person, the number of the Hong Kong identity card (HKID card) or, if the person is not a holder of an HKID card, the number and issuing country of his or her passport.

In respect of disclosure of the partial IDNs, under Section 657(2)(g) and Section 3 of the Company Records (Inspection and Provision of Copies) (Amendment) Regulation 2021, only the first half (of an even alphanumeric number of characters) or up to the middle of the sequence (for an odd number of alphanumeric number of characters) needs to be disclosed.

If a company creates an ROD for public inspection, should it contain all the director information from the company's incorporation date?

It should because, while the Protected Information can be withheld, the Companies Ordinance allows for public (and member) searches over the whole of the ROD and ROCS. A related question is whether the Protected Information should be withheld for past directors and company secretaries in the duplicate ROD and ROCS. We recommend this to be done as well, despite this being optional. This is because, if an avenue is afforded to protect privacy, it should be adopted. The position with directors who have resigned is the same as former directors and we suggest that the duplicate ROD should withhold the Protected Information for them as well.

Can current directors apply in Phase 2 to add a correspondence address and do you think this will be quicker than applying for the Protected Information to be withheld in Phase 3 given the number of expected requests?

The actual filing of the correspondence addresses will be within 15 days of commencement of Phase 2, but no filing is required where the registered office is the correspondence address. The possibility of making withholding applications after commencement of Phase 3 relates to the URAs and full IDNs of documents filed with the CR that have not otherwise withheld the Protected Information. While the correspondence addresses instead of the URAs will be disclosed under a search where the URA has been withheld, this cannot automatically achieve the same effect as a withholding application. Withholding applications to withhold the Protected Information, including the URAs of directors, would still be required to protect all of the Protected Information.

Could you elaborate more on officers’ applications to withhold the Protected Information? 

Please read Section 49(4), which commences with Phase 3 on 27 December 2023. Directors, reserve directors, company secretaries and persons in these former capacities can apply to withhold their URAs. The withholding of full IDNs can be made by any persons. To support the application, we understand that the thinking is that the particular document or documents under which the Protected Information is to be withheld need to be set out under the application which the governance professional should have with the original filing records, but can otherwise search from the CR index of filings.

Why are members of the Institute (unlike solicitors and certified public accountants) not authorised to get access to the Protected Information?

The company secretary can make withholding applications under Phase 3 in relation to their companies, but to access the information of other companies, this is not regarded as a mainstay of the company secretarial function. Please remember that the company secretary under the Companies Ordinance does not require any particular qualification, and cannot be confused with a listed company secretary. Institute members working in a licensed TCSP can apply for access as a ‘Specified Person’ to the Protected Information to carry out their required functions under the Anti–Money Laundering and Counter–Terrorist Financing Ordinance.

Do Specified Persons only have to apply once to be able to access Protected Information?

It is a case-by-case application. While Part 4 of the Companies (Residential Addresses and Identification Numbers) Regulation provides for the application made for the purposes of Section 58(3) of the Companies Ordinance, that is, disclosure of Protected Information, the detailed procedures of the application is being worked out by the CR depending on the final design of the CR’s information system.

How can we be assured that Specified Persons will not abuse their privilege of being able to access the Protected Information?

There is a need to confirm that the application is in accordance with applicable regulations. An abuse of the privilege will presumably amount to a false declaration.

If Specified Persons who are partners or directors of a company have obtained the CR's approval to access the Protected Information, can they delegate to their teammates to carry out the searches? In practice, partners and directors usually delegate such work to their team.

It is a case-by-case application. In respect of delegation, the Specified Person will be responsible in accordance with applicable legal principles for the acts and defaults of the authorised person.

What would happen if the CR cannot reach a company officer by his or her correspondence address?

There are powers for the CR to use the Protected Information under the Companies Ordinance to carry out its statutory functions and responsibilities.  

The guidance notes reviewed in this article are available from the publications section of the Institute's website: www.hkcgi.org.hk. The team of interns working under the guidance of Ms Shih comprised: Adrian Au, University of Hong Kong, Sean Lee, Columbia University, Annabel Loke, Bryn Mawr College, and Ruodong Wu, Hong Kong Metropolitan University.   

SIDEBAR: Implementation timing 

Hong Kong’s new Companies Register inspection regime is to be implemented in three phases.

Phase 1 (commenced 23 August 2021) – companies may withhold the URAs of directors and full IDNs of directors and company secretaries (together, the Protected Information) that are contained in their own registers from public inspection.

Phase 2 (commencing 24 October 2022) – in respect of new filings, the Companies Registry will withhold the protected information from public inspection.

Phase 3 (commencing 27 December 2023) – the individuals concerned may apply to the Companies Registry to withhold from public inspection their Protected Information registered with the Companies Registry prior to 24 October 2022.