11 April, 2017
Money laundering has been a high profile area of focus for regulators internationally in recent years, with some eye-watering fines being meted out to many well-known financial institutions.
The SFC in Hong Kong has identified compliance with Anti-Money Laundering and Counter-Terrorist Financing (AML) requirements as a focus of supervision of intermediaries. In the past year, AML compliance has been one of the areas that the SFC examined during its routine inspections of licensed corporations (LCs). During 2016, the SFC also conducted thematic inspections of the AML practices of more than 290 firms, and identified more than 200 incidents of non-compliance. Among these incidents, the SFC has identified the following key areas of concern where the AML systems of some LCs fell short of compliance with relevant provisions of the AML Guideline[1], the Code of Conduct[2] and/or the Internal Control Guidelines[3]:
- failure to consider relevant money laundering risk factors, failures to use relevant available data or to keep adequate records in the course of conducting Institutional Risk Assessments[4];
- failure to provide adequate internal guidance to staff and perform compliance monitoring to ensure the effectiveness of AML systems;
- deficiencies in the implementation of certain customer due diligence and ongoing monitoring measures; and
- inadequate monitoring, evaluation and reporting of suspicious transactions.
In our newsletter of 20 October 2016, we drew readers’ attention to an SFC press release of 21 September 2016 which listed the following AML issues identified by the SFC:
- failure to scrutinise cash and third party deposits into customer accounts;
- ineffective monitoring of transactions in customer accounts;
- failure to take adequate measures to continuously monitor business relationships with customers which present a higher risk of money laundering;
- inadequate enquiries made to assess potentially suspicious transactions to determine whether to make a report to the Joint Financial Intelligence Unit[5], and lack of documentation of the assessment results;
- failure to monitor and supervise the ongoing implementation of AML and counter-terrorist financing policies and procedures.
As mentioned in our previous newsletters, this type of press release often signals an intensification of focus by the SFC.
On 26 January 2017, the SFC issued a further circular to raise the awareness of LCs and AEs about the importance of Institutional Risk Assessments and some important aspects of the implementation process, setting out their key 2016 inspection findings (the AML Circular).
The AML Circular directed LCs to take immediate action to rectify any similar breaches or deficiencies identified in the AML Circular and to consider the examples of good practices outlined in Appendix 3 of the AML Circular to strengthen management supervision and AML compliance programs. A link to the SFC’s suggested good practices can be found here.
The SFC has stated that AML compliance will continue to be a focus of the SFC’s supervision of LCs in the coming year.
Two enforcement actions were reported in March 2017. Both involved brokerages with clean disciplinary records, and in both cases the AML failures which gave rise to enforcement action occurred prior to a change in ownership and management of the LCs in question. Both cases involved third party payments (in one case third party deposits for clients of the LC, and in the other payments from clients of the LC to third parties). In both cases, the LC had adopted appropriate internal policies dealing with third party deposits and payments, but in practice failed to implement such policies effectively.
In one case, over 300 third party deposits were accepted over a two year period without undergoing the scrutiny and approval process of the LC’s compliance department and senior management, as required by the LC’s internal policies. Some of the deposits were significant sums: one third party deposited over HK$70 million to three different client accounts over a two week period.
The SFC issued a public reprimand and fined the LC HK$2.6 million.
In the other case, notwithstanding an internal policy generally prohibiting third party payments, approximately 700 third party payments over a two year period were identified, of which only 67 were supported by proper documentation and records.
In many instances, the relationship between the client and the third party and/or the purpose of payment could not be verified because the relationship and/or reason for payment was either not stated or stated to be “friends transfer”/ “business dealings”/ “loan”/ “repayment” without any supporting documentation. The third party payments involved millions and in one case nearly HK$40 million. Payments totalling nearly HK$4 million were made from three unrelated client accounts to the same third party on the same day, all using “friend transfer” as the reason.
Management proceeded to approve such payments without providing any meaningful reasons for approval or documenting their rationale.
The SFC issued a public reprimand and fined the LC HK$3 million. In a separate action, the SFC banned the LC’s former managing director from re-entering the industry for nine months.
Links to the SFC’s Statements of Disciplinary Action can be found here: 6 March 2017, 13 March 2017 and 14 March 2017.
Reports of further cases are expected to be announced shortly. These relate to actions commenced before the SFC’s 2016 thematic inspections, so it is likely that if deficiencies continue to be identified, more punitive disciplinary action will be taken in future, including higher fines and more suspensions of individuals’ licences.
[1]Guideline on Anti-Money Laundering and Counter-Terrorist Financing
[2]Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission
[3]Management, Supervision and Internal Control Guidelines for Persons Licensed by or Registered with the Securities and Futures Commission
[4] LCs and AEs are required to assess relevant risk factors (including products and services offered, delivery/distribution channels, types of customers and countries/geographical locations involved) in establishing and implementing adequate and appropriate AML/CFT systems. Such assessment at the firm level is commonly referred to as Institutional Risk Assessment.
[5] According to HK laws, in the event of a suspicious transaction, one should provide reports to the JFIU.