The Securities and Futures Commission (SFC) has banned Mr Chan Wai Nun, a former investment counsellor of DBS Bank (Hong Kong) Limited (DBSHK), from re-entering the industry for six months from 19 January 2018 to 18 July 2018 for transferring client data out of DBSHK prior to his departure from DBSHK to join another bank (Note 1).
The SFC found that in December 2015, Chan forwarded a list containing personal data of approximately 208 clients from his work email account at DBSHK to his personal email account.
In February 2016, about two months before he was due to commence his new employment with another bank, Chan forwarded the client list from his personal email account to the personal email account of an ex-colleague who was working for Chan’s new employer at that time and would have been Chan’s supervisor when he joined the bank. Unknown to Chan, the ex-colleague then forwarded the client list to his work email account.
The email containing the client data was identified by the new employer during its email surveillance and the origin of the email was traced back to Chan.
Chan’s conduct was in breach of DBSHK’s internal policies, the Personal Data (Privacy) Ordinance (PDPO) and the Code of Conduct for Persons Licensed by or Registered with the SFC (Code of Conduct) (Notes 2 & 3).
In deciding the sanction, the SFC took into account all relevant circumstances, including Chan’s remorse and admission of his misconduct, as well as his otherwise clean disciplinary record.
The case was referred to the SFC by the Hong Kong Monetary Authority (HKMA).