Our code of conduct and business ethics conforms to the rules and regulations of Nasdaq. The code of conduct and business ethics applies to all of our directors, officers and employees, including our principal executive officer, principal financial officer and principal accounting officer, and addresses, among other things, honesty and ethical conduct, conflicts of interest, compliance with laws, regulations and policies, including disclosure requirements under the federal securities laws, confidentiality, trading on inside information, and reporting of violations of the code. A copy of conduct and business ethics has been filed as Exhibit 99.1 to the registration statement on Form F-1 (File No. 333-271525), as amended, initially filed with the SEC on April 28, 2023. Our code of ethics is also posted on the corporate governance page of our website at https://www.solomonwin.com.hk. During the fiscal year ended March 31, 2024, there were no waivers of our code of ethics.
-134-
ITEM 16C. PRINCIPAL ACCOUNTANT FEES AND SERVICES
The following table sets forth the aggregate fees by categories specified below in connection with services rendered by our principal external auditors for the periods indicated.
“Audit Fees” consisted of the aggregate fees billed for professional services rendered for the audit of our annual financial statements and review of the interim financial statements or services that are normally provided by the accountant in connection with statutory and regulatory filings or engagements.
“Tax Fees” consisted of the aggregate fees billed for professional services rendered for tax compliance, tax advice and tax planning. Included in such Tax Fees were fees for preparation of our tax returns and consultancy and advice on other tax planning matters.
Our Audit Committee pre-approves all auditing services and permitted non-audit services to be performed for us by our independent auditor, including the fees and terms thereof (subject to the de minimums exceptions for non-audit services described in Section 10A(i)(l)(B) of the Exchange Act that are approved by our Audit Committee prior to the completion of the audit). The percentage of services provided for which we paid audit-related fees, tax fees, or other fees that were approved by our Audit Committee pursuant to paragraph (c)(7)(i)(C) of Rule 2-01 of Regulation S-X promulgated by the SEC was 100%.
ITEM 16D. EXEMPTIONS FROM THE LISTING STANDARDS FOR AUDIT COMMITTEES
We have not asked for, nor have we been granted, an exemption from the applicable listing standards for our Audit Committee.
ITEM 16E. PURCHASES OF EQUITY SECURITIES BY THE ISSUER AND AFFILIATED PURCHASERS
There were no purchases of equity securities made by or on behalf of us or any “affiliated purchaser” as defined in Rule 10b-18 of the Exchange Act during the period covered by this Annual Report.
ITEM 16F. CHANGE IN REGISTRANT’S CERTIFYING ACCOUNTANT
None.
ITEM 16G. CORPORATE GOVERNANCE
We were incorporated in Cayman Islands and our corporate governance practices are governed by applicable Cayman Islands law, our amended and restated memorandum and articles of association. In addition, because our ordinary shares are listed on Nasdaq, we are subject to Nasdaq’s corporate governance requirements.
Nasdaq Listing Rule 5615(a)(3) permits a foreign private issuer like us to follow home country practices in lieu of certain requirements of Listing Rule 5600, provided that such foreign private issuer discloses in its annual report filed with the SEC each requirement of Rule 5600 that it does not follow and describes the home country practice followed in lieu of such requirement.
-135-
We currently follow our home country practice that does not require us to seek shareholders’ approval for an equity compensation arrangement, pursuant to which stock may be acquired by officers, directors, employees, or consultants in lieu of the corporate governance requirements of Nasdaq Listing Rule 5635(c) with respect to shareholder approval.
Our Cayman Islands counsel has provided a relevant letter to Nasdaq certifying that under Cayman Islands law, we are not required to seek shareholders’ approval in the above circumstance.
ITEM 16H. MINE SAFETY DISCLOSURE
Not applicable.
ITEM 16I. DISCLOSURE REGARDING FOREIGN JURISDICTIONS THAT PREVENT INSPECTIONS
Not Applicable.
ITEM 16J. INSIDER TRADING POLICIES
Solowin has
ITEM 16K. CYBERSECURITY
Risk Management and Strategy
We maintain a technology and cybersecurity program, which includes information security, as part of our overall risk management process with the aim that our information systems, including those of our suppliers and other third-parties, will be resilient, effective and capable of safeguarding against emerging risks and cybersecurity threats. We endeavor to assure our program is appropriately resourced and to attract and retain expert talent to execute it.
As to date, Hong Kong law does not impose any cybersecurity obligations on critical infrastructures. Currently, the program is based on the PRC Cybersecurity Law, aiming to comply with applicable laws and regulations. We use the PRC Cybersecurity Law as a guideline to help us identify, assess, and manage cybersecurity risks related to our business operations.
Under the PRC Cybersecurity Law, we have established preventive measures that are consistent with the national cybersecurity level. We fulfill our security obligations to protect our networks from interference, damage, or unauthorized access, and to prevent the leakage, theft, or alteration of network data. As part of our supplier risk management program, we conduct security assessments prior to engagement of high-risk suppliers and other third-party providers and have a monitoring program to evaluate ongoing compliance with our cybersecurity standards.
A key element of our technology and cybersecurity program strategy is fostering training and awareness. Our training and awareness program includes annual cybersecurity awareness training and role-based phishing tests for our employees and for third parties with access to our systems.
-136-
Our technology and cybersecurity program focuses on the defense, rapid detection and rapid remediation of cybersecurity threats and incidents. Our approach aims to deliver the control capabilities specified in the PRC Cybersecurity Law. Additionally, our program incorporates comprehensive cybersecurity policies and crisis response and management procedures, aimed at rapidly addressing, responding to, and effectively communicating about cybersecurity threats and incident.
Our cybersecurity crisis management program sets forth the items, procedures and actions we expect to address and follow in the event of a cybersecurity incident, including detection, response, mitigation and remediation. When a potential threat or incident is identified, our cyber security incident response team will assign a risk level classification and initiate the escalation and other steps called for by our plan. All incidents that are initially assessed by the cybersecurity incident response team as potentially high-risk are escalated promptly to our Chief Financial Officer, who will determine whether and what elements of our cybersecurity crisis response and management plan should be activated, including escalation to other senior management. Our Chief Financial Officer will inform our board of directors of cybersecurity incidents, as appropriate, considering a variety of factors, including financial, operational, legal or reputational impact.
Our program’s maturity and operational readiness are regularly evaluated by independent experts using the PRC Cybersecurity Law’s cybersecurity framework and penetration tests that are consistent with the national cybersecurity level. Our program, and the results of these independent evaluations and testing, are regularly reviewed by our senior management and members of our board of directors.
We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition.
The Hong Kong Government recently tabled a legislative proposal to regulate the cybersecurity obligations of critical infrastructure operators to the Legislative Council Panel on Security for consultation on July 2, 2024. Upon the Panel consultation, the Government will further consult relevant industry sectors on the legislative proposals over a one-month period. According to the current timetable, the relevant bill has been included in the 2024 Legislative Program. This signifies the imminent enactment of Hong Kong’s first cybersecurity legislation. We will review and update the program based on the Hong Kong Cybersecurity Law as soon as possible to comply with applicable laws and regulations.
Risk Governance
We are committed to appropriate cybersecurity governance and oversight.
Our board of directors has oversight of our strategic and business risk management, including cybersecurity risk management. Our board of directors is responsible for ensuring that management has processes in place designed to identify and evaluate cybersecurity risks to which we are exposed and to implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. Management is responsible for identifying, assessing, and managing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures, maintaining cybersecurity policies and procedures, and providing regular reports to our board of directors.
For additional information on our cybersecurity risks, please see Item 3 “Key information-D. Risk Factors
-137-
PART III
ITEM 17. FINANCIAL STATEMENTS
We have elected to provide our financial statements pursuant to Item 18.
ITEM 18. FINANCIAL STATEMENTS
The full text of our audited consolidated financial statements begins on page F-1 of this annual report.
ITEM 19. EXHIBITS