Internal controls requirement on
non-compliance issues for listing companies (2)



Non-compliance incidents are not uncommon for private companies whose officers have insufficient legal knowledge or have not received any training in compliance matters. However, when private companies become public, they should set up sufficient and adequate internal control system to prevent non-compliance recurrence. Below are some common non-compliance events noted in IPO projects:


  • The applicant did not complete in time their social insurance registrations/ housing provident fund registrations and pay social insurance contributions/ the required housing provident fund contribution for employees in full.

  • Lease contracts have not been registered with relevant authorities in the PRC administration department due to failure at providing the building ownership certificate by lessors.

  • The applicant did not obtain relevant land use rights certificates for the self-owned properties.

  • The applicant did not fully comply with the construction checking procedures which include acquisition of construction planning permits, construction permits and submission of the completion of construction checking report to relevant authority.


In order to continuously improve the internal control procedures and to prevent recurrence of non-compliance in the future, the applicant should consider adopting the following internal control measures:


  1. Policies and procedures – The applicant should establish clear policies and procedures on various operation flows to ensure that effective operation of those internal controls is in line with the growth of the business and good corporate governance practice.

  2. Internal audit functions – The applicant should establish an internal audit function or appoint external internal control consultant to perform independent review on the internal control system and provide recommendations on the internal control deficiencies. A written internal audit charter should also be established to define and identify the mission, objectives, scope, authority and accountability of the internal audit function.

  3. Continuous training plan – The applicant should provide continuous training, development programmes and/or updates regarding the legal and regulatory requirements applicable to the business operations for both senior management and employees.

  4. Risk management system – The applicant should build a risk management system which requires the management to collect information relating to the relevant risks, in order to evaluate the impact of risks, formulate solution plan for each material risk and conduct performance reviews on our risk management work. The applicant should also designate an experience staff, such as chief executive officer or chief operation officer, to be the compliance officer and lead the risk management process. He/she is responsible for assisting the Board of Directors to identify, assess and manage the risks associated with the operation from time to time to ensure due compliance of laws, rules and regulations applicable to our Group.

  5. Mechanism on seeking professional advice – The applicant should consider appointing external compliance adviser and legal adviser, who would provide professional advice to assist the applicant in complying with the relevant registration and filing requirements.


Source from:

Guidance letter HKEx-GL63-13: Guidance on disclosure of material non-compliance incidents in listing documents



If there are any aspects which we may assist, please do not hesitate to contact our partner Mr. Roy Lo at 3583 8048 ( or our Risk Manager Ms. Gloria So at 3583 8517 (


SHINEWING Risk Services Limited