Authors from Linklaters examine two recent SFC enforcement cases that show how senior executives can face severe sanctions for supervisory failures, despite having no direct or actual knowledge or participation in the misconduct.

Two recent enforcement actions in September 2025 against senior executives by the Securities and Futures Commission (SFC) demonstrate the regulator’s approach to management accountability in financial institutions. The SFC has suspended a former responsible officer of an asset management company for 12 months, whilst banning another former responsible officer, ManagerIn-Charge of Key Business Line, board member and Head of Pan-Asia Equities of a major international investment bank from re-entering the industry for five years. Both cases involved supervisory failures only; neither executive had actual knowledge of or involvement in the underlying misconduct.

Key supervisory failures across different types of financial institution

Investment banking

From 2008 to 2018, the cash equity desk of a major international investment bank sent mislabelled indications of interest (IOIs) to clients when there was no genuine client interest, with the purported purpose of provoking client enquiries in the belief that traders would be able to find natural opposite flows to cross with client orders. Contemporaneous correspondence revealed that the executive should have known of this practice. By exerting significant pressure on his subordinates to grow the bank’s market share while failing to remain vigilant for signs that this growth was achieved through dishonest means, the SFC found that the executive enabled a culture of prioritising revenue generation over client interests and basic standards of honesty to take root within the bank.

A number of clients had also complained about the quality and accuracy of the firm’s IOIs, and had emphasised the importance of accuracy around IOIs in meetings with the heads and members of the Desks. Whilst these complaints were recorded in writing and sent to the executive as one of the recipients on a wide distribution list, he claimed that he did not read the relevant reports at the material time. Consequently, he did not take any steps to investigate or address the client complaints, and therefore no measures were taken to stop the dissemination of mislabelled IOIs.

In addition, the SFC found serious and systemic internal control failures, which the executive failed to identify or rectify, notwithstanding that he had a number of opportunities to do so. For example:

• He attended a roundtable meeting with the SFC on behalf of the firm, during which time the attendees’ attention was drawn to common deficiencies found in client facilitation activities in the market.
• Following a limited review of the bank’s business, which revealed some operational control deficiencies around IOIs, the SFC set out its concerns in a management letter addressed to the executive in his capacity as the bank’s responsible officer.
• The SFC issued a circular to licensed corporations on client facilitation to remind intermediaries that when they assume a risk-taking principal position in client facilitation activities, the nature of the trades should be disclosed to the clients and their prior consent should be obtained.

In September 2025, the SFC banned this individual from re-entering the industry for five years.

Asset management – conflicts of interest and risk management failures

This case involves a Hong Kong–based asset management company that served as an investment manager for Cayman-incorporated funds. One responsible officer, who was the firm’s sole shareholder and director, was found to be responsible for serious misconduct, including window-dressing the firm’s financial resources during licence applications and systematically mismanaging fund assets by investing the assets in companies he personally controlled. In December 2024, the SFC banned that individual for life and fined him $1.7 million.

The other responsible officer in the case served as Manager-In-Charge of Compliance, Anti–Money Laundering, Operational Control and Review, and Risk Management. Whilst this individual was not found to have acted dishonestly, the SFC did find that he was aware of these transactions and did not raise any concerns regarding the apparent conflicts of interest, and that he failed to discharge his supervisory duties to prevent conflicts of interest and to protect investors’ interests. In September 2025, the SFC suspended him for 12 months.

Similar enforcement actions in the UK

These decisions follow and are consistent with similar findings in the UK, where sanctions for supervisory failings have been part of the regulatory landscape for many years. In 2023, the UK’s Prudential Regulatory Authority (PRA) fined the former chief information officer of a large British bank for failing to take reasonable steps to ensure that his bank complied with outsourcing regulations during an IT migration exercise. The following year, it found that the former CEO of another bank had failed to take steps to ensure that his firm had adequate systems and controls in relation to the large exposures regime and the PRA record-keeping requirements.

The PRA acted against this individual, despite accepting that he had taken steps to develop and embed the firm’s risk management framework with the assistance of external professional advisers.

What this means for financial institutions

These cases establish several critical principles for senior management in large organisations.

• Supervisory failings may come in one or more forms – failure to put in place adequate controls, failure to exercise appropriate oversight or act on red flags, and prioritising commercial performance while not recognising the risks that come with that. Senior managers must be alert to the regulatory obligations they assume and take active steps to discharge them.
• Senior management cannot rely on claims of ignorance or delegation to avoid personal liability. The individuals were found to have failed in their supervisory obligations in that the firm’s breaches and failings were attributable to the executive’s failure to discharge his duties as a responsible officer, Manager-InCharge and a member of senior management, despite not having actual knowledge of or involvement in the misconduct.
• The most senior individuals can be held accountable even where other senior individuals below them are closer to day-to-day supervision. Senior management must actively seek out potential compliance issues rather than waiting for escalation through reporting lines.
• Senior management must actively monitor business operations and investigate warning signs of potential misconduct. Red flags may be dispersed in time and focus, but will be clear to a regulator with the benefit of hindsight.
• All communications received by senior management will be scrutinised by regulators. Client complaints must be properly investigated and addressed by senior management, irrespective of how such complaints are communicated or distributed. Firms should implement systems to ensure that material compliancerelated communications are properly flagged and addressed, with documented follow-up actions.
• Commercial pressures cannot excuse compliance failures and senior management must ensure that commercial objectives do not override regulatory obligations.

These cases demonstrate that regulators will not hesitate to impose severe personal consequences on executives who fail in their supervisory duties, particularly where revenue-driven misconduct is allowed to persist despite clear warning signs.

Andrew Chung, Denise Fung and Justin Tang, Partners, Litigation, Arbitration & Investigations, Hong Kong SAR

Linklaters LLP

© Copyright Linklaters LLP, October 2025