JOnline: Using Information Technologies to Restore Investor Trust 

Download Article

The way a financial intermediary (FI) sets itself apart from its competitors, by virtue of its sound investment advice with the use of information technologies, is how it services the clients.

Many investors have begun to question the integrity of FIs and hesitate to do further business with them. To survive, FIs must restore investor trust at all cost. With respect to the current conditions of the financial markets in Hong Kong, this article discusses how to restore investor trust by implementing appropriate technological solutions.

Investment Difficulties Faced by Retail Investors

In today’s rapidly changing financial market, there has been a great flood of innovative and complex financial products. Offering these financial products provides an investment opportunity to investors. In deciding in which financial products to invest, retail investors (people who invest for their own accounts) may find themselves in the midst of a tunnel for two reasons. First, they generally do not have sufficient knowledge of the financial products and the underlying investment risks. Second, these investors may not be well aware of the investment risk level that they can tolerate.

Governance of Financial Products in Hong Kong

In Hong Kong, all FIs who sell or recommend financial products to investors need to abide by the Code of Conduct for Persons Licensed by or Registered With the Securities and Futures Commission (the “Code”) established by the Hong Kong Securities and Futures Commission (SFC).1 The Code requires that the “suitability” of investors to invest in a financial product must be thoroughly considered by the FI concerned with full disclosure of relevant information. To some extent, this requirement helps alleviate the investment difficulties confronted by the retail investors.

Following the recent collapse of Lehman Brothers, investors in more than 8,000 Lehman-related financial products have filed complaints with the SFC.2 These investors complained that (a) FIs did not fully explain the features and the underlying risks of the Lehman-related financial products and (b) FIs failed to consider the investors’ risk tolerance and personal circumstances when selling these products. In an attempt to get their money back, these investors joined in a protest. A probe to investigate the cause of the saga is now underway by the SFC and a subcommittee of the Legislative Council of Hong Kong.

In fact, the financial loss of retail investors caused by the Lehman collapse is not the first scandal of this type. In 2004, SFC had instituted disciplinary proceedings against Towry Law (a financial advisor) as a result of its failure in relation to two hedge funds managed by third parties.3 SFC alleged that:

Towry Law: (a) conducted insufficient due diligence into two funds before recommending them to clients; (b) sold the two funds to clients whose investment objectives and risk tolerance did not always match with the risk profiles of the two funds; (c) failed to conduct proper enquiries into circumstances surrounding the two funds which indicated problems with the funds; and (d) failed to advise clients when it became clear the funds had problems.4

In the end, disgruntled investors were compensated after the SFC reached a US $37.7 million settlement with Towry Law—the biggest compensation in Hong Kong’s history.5

Incidents like these have unavoidably reduced the investor confidence in the integrity of FIs and in turn damaged Hong Kong’s reputation as an international financial center.

SFC ’s Code of Conduct

To survive, particularly in the recent global financial crisis, it is of utmost importance for FIs to restore investor trust, which can be achieved in two ways:

  1. Improving the internal business practices of FIs with a view to complying with the SFC’s Code
  2. Making this compliance visible to clients (see figure 1)

Information technologies, if properly used, can help FIs to achieve both.

Figure 1

Before presenting suggested IT solutions, it is important to consider some major requirements of the SFC’s Code6 as follows:

  1. Honest, fairness and due diligence—In conducting its business activities, an FI should act honestly and fairly, with due skill, care and diligence, and in the best interests of its clients and the integrity of the market.
  2. Competence of staff—Staff employed or appointed by an FI should be fit and proper in terms of their professional training and experience.
  3. Knowledge of clients and products—An FI should seek from its clients information about their financial situation, investment experience and investment objectives relevant to the services to be provided. Furthermore, the firm should fully understand the financial products and their associated investment risks.
  4. Disclosure of information and explanations of investment advice—An FI should disclose relevant material information in its dealing with the clients. Furthermore, it should help each client make informed decisions by giving proper and fair explanations of why the recommended financial products are suitable for the client and the nature and extent of risks the financial products bear.
  5. Documentation standards—To demonstrate compliance with regulatory requirements, an FI should document and record the information given to each client and the rationale for recommendations given to the client, including any material queries raised by the client and the responses given by the FI. In addition, an FI should keep sufficient documentation on all client transactions including the orders placed to the providers of financial products.

Using IT to Comply With SFC ’s Code of Conduct

Following are recommendations for using IT to help an FI comply with the SFC’s Code and make this compliance visible to its clients (see figure 2):

Figure 2

  1. Evaluation of financial products—To act in the best interests of the clients, an FI should conduct a thorough evaluation of the structure, complexity and risk-return characteristic of every financial product concerned. The compliance of each product with the latest securities regulations should also be checked. The evaluation results should be stored in a financial product database and made publicly available via the FI’s corporate web site.7, 8, 9, 10 Because the financial markets are highly volatile, the evaluation exercise has to be repeated regularly from time to time for each financial product. In this regard, the date of last evaluation should be provided in the corporate web site to assure the clients that the FI stays current with the product knowledge. Furthermore, the FI’s corporate web site should include navigation links to the web sites of the providers of financial products, to facilitate information-seeking by the clients. These practices contribute to the fulfillment of requirements 3 and 4 of the SFC’s Code.
  2. Credentials of frontline staff—To demonstrate to clients that the credentials of the frontline staff are beyond dispute, information such as the educational background, professional training and previous achievements of the staff members should be made available on the FI’s corporate web site for browsing by clients.11 This practice, coupled with recommendation 1, will make clients feel that investment advice is given with a high standard of professionalism by the FI’s staff. As a result, requirements 1 and 2 of the SFC’s Code are fulfilled.
  3. Personal profiles of clients—A database storing the personal profiles of clients should be established. Besides the client’s basic data, such as age, educational background and occupation, the database should maintain other investmentrelated data including the client’s investment objectives and experience, risk tolerance level, and investment portfolio and constraints. The client database should be linked to the FI’s corporate web site so that clients can browse their personal data online after completing an initial system sign-on process. This recommendation helps fulfill requirement 3 of the SFC’s Code.
  4. Decision support system (DSS) for investment advice— DSS has a long history of success in supporting the information needs of the financial sector.12, 13, 14, 15, 16 An FI should consider acquiring or developing such a system, which takes the financial product database (recommendation 1) and the client database (recommendation 3) as inputs, and generates investment advice (such as the financial products deemed fit for clients and the investment risks associated with these products) to be considered by the clients. A copy of the system output should be given to the clients, so they can compare the investment advice generated by the DSS with the opinions from the FI’s staff. The clients may demand an explanation if the staff’s opinions are not in line with the system-generated investment advice. This practice helps prevent an FI’s staff member from recommending financial products that are deemed unfit to the clients, with a view to earning a higher remuneration. In this way, requirements 1 and 4 of the SFC’s Code of Conduct can be fulfilled.
  5. Confirmation of investment orders—The trading system accepting and processing trade orders from clients should be linked to the investment advice DSS (recommendation 4), the financial product database (recommendation 1) and the client database (recommendation 3). Through this linkage, whenever a trade order with detected “abnormalities” (i.e., the investment risk associated with the financial product exceeds the risk tolerance level of the client, or the trade order is significantly different from the investment advice generated by the DSS) is entered into the trading system, an online warning message can be automatically generated to alert the FI’s staff and the client. If this happens, the FI’s staff should seek confirmation from the client (preferably after another round of detailed analysis and explanation) before committing to a trade. This recommendation contributes to the fulfillment of requirements 1 and 4 of the SFC’s Code.

Note that a side benefit of the recommendations involving the use of IT is better support for document management (corresponds to requirement 5 of the SFC’s Code). Because data related to clients, financial products and trade orders are now stored in electronic form, an FI can streamline its recordkeeping process and tighten its data security and protection mechanism (by means of defining proper users’ access privileges and performing regular database backups).


Making it through tough times is a tricky business. An FI must react fast to formulate effective strategies for fighting through the global financial crisis. Otherwise, the firm’s doors will be shuttered and its assets put up for liquidation. A promising strategy is to restore investor trust of the firm. Realizing this strategy requires improving business practices (with respect to the fulfilment of the SFC’s Code) that are visible to the investors. In this regard, this article has provided some sound IT solutions to make it happen.


1 Securities and Futures Commission, Code of Conduct for Persons Licensed by or Registered With the Securities and Futures Commission, Hong Kong, May 2006
2 Securities and Futures Commission, Issues Raised by the Lehmans Minibonds Crisis: Report to the Financial Secretary, Hong Kong, December 2008
3 Securities and Futures Commission, “Towry Law (Asia) HK Limited Offers Ex-gratia Payments to Investors in GDT and GOT SFC Settles Disciplinary Proceedings With a Severe Reprimand,” Press Release, Hong Kong, 17 August 2004
4 Ibid.
5 Hilken, D.; “Towry Law Faces Fresh Pressure to Repay Investors,” The Standard, 23 November 2005
6 Op cit, Securities and Futures Commission, May 2006
7 Lymer, A.; “The Use of the Internet for Corporate Reporting: A Discussion of the Issues and Survey of Current Usage in the UK,” Journal of Financial Information Systems, 1997
8 Meroño-Cerdan, A.L.; P. Soto-Acosta; “External Web Content and Its Influence on Organizational Performance,” European Journal of Information Systems, vol. 16, no. 1, 2007, p. 66-80
9 Poon, P.-L.; D. Li; Y.T. Yu; “Internet Financial Reporting,” Information Systems Control Journal, vol. 1, 2003, p. 42-45
10 Wong, A.; P.-L. Poon; “Control Issues of Using Corporate Web Sites for Public Disclosure,” Information Systems Control Journal, vol. 5, 2008, p. 38-40
11 Noack, D.; “Web Pages Help Build Investor Relations,” Investor’s Business Daily A1, 10 October 1997
12 “CMoney: Institutional Investors Investment Decision Support System,” CMoney web site,
13 Advameg Inc., “Decision Support Systems in Portfolio Management, ”
14 Kingdon, J.; Intelligent Systems and Financial Forecasting, Springer, USA, 1997
15 Kotsiantis, S.; D. Kanellopoulos; V. Tampakas; “On Implementing a Financial Decision Support System,” International Journal of Computer Science and Network Security, vol. 6, no. 1a, 2006, p. 103-112
16 Shane, B.; M. Fry; R. Toro; “The Design of an Investment Portfolio Selection Decision Support System Using Two Expert Systems and a Consulting System,” Journal of Management Information Systems, vol. 3, no. 4, 1987, p. 79-92

Antonio Wong, Ph.D., CFA
is a lecturer at the School of Accounting and Finance of The Hong Kong Polytechnic University. His research interests include corporate finance and investments, web-based financial systems, and IT corporate governance. He can be reached at

Pak-Lok Poon, Ph.D., CISA, CSQA, MACM, MIEEE
is an associate professor at the School of Accounting and Finance of The Hong Kong Polytechnic University. His research interests include software engineering, IT audit and control, electronic commerce, business process reengineering, and computers in education. He was a co-recipient of ISACA’s Michael Cangemi Best Book/Article Award in 2001. Before commencing his academic career, he was the computer audit manager of an international airline company. He can be reached at

ISACA Journal, formerly Information Systems Control Journal, is published by ISACA, a nonprofit organization created for the public in 1969. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute and their committees, and from opinions endorsed by authors, employers or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.

Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, Mass. 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.

Subscription Rates:
US: one year (6 issues) $75.00
All international orders: one year (6 issues) $90.00
Remittance must be made in US funds.