Responding to Public Concerns – Improvement Measures for the New Inspection Regime on Companies Register

The Financial Services and the Treasury Bureau (“FSTB”) briefed the LegCo Panel on Financial Affairs in April 2021, proposing to implement the new inspection regime of the Companies Register under the existing Companies Ordinance (“CO”). In future, the usual residential addresses (“URA”) of a director will be replaced by the correspondence addresses, and only partial identification numbers (“IDN”)[1] will be made available in the Companies Register for public inspection. Only persons to be specified in a forthcoming subsidiary regulation[2] (such as a person authorised by the data subject, a liquidator and a public officer) will be able to access the usual residential addresses (“URA”) and full identification numbers (“IDN”) upon application. Since the announcement of the new arrangements, we have listened extensively to the views of various sectors of the community. The public are, in general, supportive of the broad principle of enhancing protection of personal information in the light of an increasing number of doxxing cases and “weaponisation” of personal data in recent years. Various enhancement proposals have also been received. With an aim to strike a balance between public access to necessary information and the need to protect privacy, we are going to introduce the following improvement measures in regard to the implementation of the new inspection regime.

1. Include more professional bodies into the list of specified persons which will be able to apply for access to full personal data of directors

On legislative amendments, we propose that certified public accountants (practising), practising solicitors in law firms and banks, Financial institutions[3] and designated non-financial businesses and professions[4], to which the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (“AMLO”) applies, will also be included as specified persons, and they may apply for access to the protected personal information of directors. Through engagements with the financial institutions and professional bodies, and careful examination of their scope of business and workflow, we understand that some of the due diligence and investigative work performed by the professionals may be affected (such as preventing money laundering and terrorist fund-raising, etc.), and that service of legal documents to directors will be required by solicitors in civil proceedings. The inclusion of financial institutions and designated persons to which the AMLO applies will help the industries guard against money laundering and terrorist financing activities, maintaining a robust regulatory standard of the financial, commercial and corporate governance system.

It should be noted in particular that the newly included specified persons should use the personal information of directors obtained upon application strictly in the performance of their professional duties. A person who misuses such personal information commits an offence and is subject to disciplinary proceedings and punishment by the professional body he/she belongs to or the relevant regulatory authority.

2. Identifying cross-directorship

In addition to providing information about individual company directors, the Companies Register also helps members of the public identify cross-directorship. We understand that identifying cross-directorship serves a wide range of purposes. In financial and business transactions, it is useful in making assessment pertaining to connected transactions, while in claims involving employees’ rights, it enables workers to know if their employers are directors of multiple companies. Under the new inspection arrangement, we will process and consolidate the director information through which even with partial IDN, members of the public can easily tell whether cross-directorship is involved when making searches. It is a comparable alternative to the use of a unique director identification number as proposed by some industry associations, allowing identification of cross-directorship by members of the public without displaying the full IDN of a director.

3. Differentiating directors who share the same name

As we have clarified earlier, the public will be able to obtain the correspondence addresses and partial IDN of a director under the new inspection arrangement. Together with the full name of a director, it should be enough for identification in most of the cases. However, in some extremely rare cases when different directors have identical full names and partial IDN, extra digit of their identity card numbers will be provided for effective identification and differentiation.

4. Demand more diligently companies to register the names of their directors in accordance with their identification document

Under existing regulations, a director is required to provide his/her name based on the name and format shown on his/her identity document when submitting information to the Companies Registry. The Company Registry will demand more diligently companies to register with such requirement in future. For example, if different names and formats are filled across different companies by the same director, the Company Registry will request the relevant director to follow up and modify the incorrect information registered once it is found.

5. Protecting labour rights

Under the new inspection arrangements, the Labour Department (“LD”), the functions of which are performed by public officers, will be a specified person as defined under the CO with access to the URA and full IDN of company directors. Hence, the new inspection arrangements will not impact LD’s existing services and functions in respect of protecting labour rights, such as resolving labour disputes, assisting workers in applying for ex gratia payment from the Protection of Wages on Insolvency Fund and instituting criminal proceedings under the Employment Ordinance. We will work with the LD in briefing the labour organisations on how to continue to use the information on the Companies Register and the services of the LD when assisting workers in filing claims involving labour rights.

After extensively soliciting the views of various sectors of the community, we have introduced enhancements to the proposed arrangements in respect of the Companies Register. On the one hand more professional bodies are included into the list of specified persons through legislative amendments to facilitate the work of the financial and professional sectors, on the other hand we will also enhance the reliability of the Companies Register in terms of data consolidation and presentation by administrative and technical means. The various enhancements will strike a balance between public access to necessary information and the need to protect privacy. They also serve to prevent misuse of personal information on the Companies Register for the purpose of doxxing. Relevant subsidiary legislation will be tabled to the Legislative Council for scrutiny in late June and be brought into operation in phases as planned.

[1] The first alphabet and the three digits that follow of a Hong Kong identity card

[2] Including the data subject, a person authorised by the data subject, a member of a company, a liquidator, a trustee in bankruptcy, a public officer or public body, an inspector appointed under the Trustee Ordinance (Cap. 29) and an inspector under section 838(1) of the CO and a recognized clearing house, a recognized exchange company, a recognized exchange controller, a recognized investor compensation company within the meaning of Schedule 1 to the Securities and Futures Ordinance (Cap. 571). And an investigator appointed under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615)

[3] e.g. securities companies, insurance companies, money service operators and stored value facility licensees

[4] e.g. estate agents and trust or company service providers

12 June 2021