.jpg)
28 April, 2017
Since early March 2017, the Securities and Futures Commission (SFC) and the Hong Kong Monetary Authority (HKMA) have collectively taken disciplinary actions against five regulated entities and an individual relating to breaches of anti-money laundering (AML) and counter financing of terrorism (CFT) regulatory requirements. The entities were fined amounts ranging from HK$2.6 million to HK$7 million, whereas the individual was banned from re-entering the industry for nine months.
Both the SFC and the HKMA have made it clear that AML and CFT compliance will continue to be a priority in 2017, and the recent disciplinary actions demonstrate swift action on their part. The SFC has set up a temporary specialised team within its Enforcement Division to tackle know-your-client and AML/CFT control failings. The raft of disciplinary actions serves as a warning that the SFC and the HKMA are prepared to impose tough sanctions and that regulated entities should take action now to ensure compliance with the relevant requirements.
1. The disciplinary actions taken
The SFC/HKMA took the following actions:
(a) On 6 March 2017, Guangdong Securities Limited (GSL) (now known as Sinolink Securities (Hong Kong) Company Limited) was reprimanded and fined HK$3 million by the SFC1for AML/CFT breaches when handling third party payments between February 2011 and March 2013 ;
(b) On 13 March 2017, GSL’s former managing director and responsible officer, Mr Huang Qiang, was prohibited by the SFC from re-entering the industry for nine months until 9 December 2017 for misconduct which contributed to GSL’s breaches2. The disciplinary action is consistent with the SFC’s approach in holding senior management accountable for a firm's misconduct;
(c) On 14 March 2017, Zhongtai International Securities Limited (Zhongtai) was reprimanded and fined HK$2.6 million by the SFC for non-compliance with AML/CFT regulatory requirements in relation to the handling of third party fund deposits between January 2013 and December 20143;
(d) On 5 April 2017, Guoyuan Securities Brokerage (Hong Kong) Limited (Guoyuan) was reprimanded and fined HK$4.5 million by the SFC for AML/CFT breaches when processing third party fund transfers for clients between September 2010 and July 20124;
(e) On 11 April 2017, a licensed bank was fined by the HKMA for AML/CFT breaches relating to identifying and approving business relationships with politically exposed persons (PEPs) between April 2012 and June 20155; and
(f) On 12 April 2017, iSTAR International Futures Co. Limited (now known as Rifa Futures Limited (Rifa)) was reprimanded and fined HK$3 million by the SFC also for breaches in relation to third party deposits and transfers for clients between January and July 20146.
2. Recurrent themes in the investigations
The various investigations exposed breaches of the above entities' own internal policies as well as requirements under the Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance and under regulatory guidance such as the Prevention of Money Laundering and Terrorist Financing Guidance Note (AML Guidance Note), the Guideline on Anti-Money Laundering and Counter-Terrorist Financing (which superseded the AML Guidance Note from 1 April 2012) (AML Guideline), and the Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission (Code of Conduct).
These require, among other things, that the relevant entities be vigilant in monitoring the activities of customers and pay special attention to all complex, unusual large transactions which have no apparent economic or lawful purpose. In addition, they should take reasonable measures to ensure that proper safeguards exist to mitigate money laundering and terrorist financing risks.
In particular, the breaches identified by the SFC and the HKMA in relation to handling third party transactions and identifying PEPs fell within the following broad categories:
- Failures relating to internal deficiencies and controls;
- Failures to conduct appropriate enquiries before processing third party transactions or establishing or
- continuing business relationships; and
- Failures to keep proper records and/or documentation.
The HKMA and the SFC considered mitigating factors when deciding the appropriate disciplinary action, which included cooperation with the SFC/HKMA, remedial actions undertaken to address the deficiencies, engagement of an independent reviewer to conduct a review of internal controls, an otherwise clean disciplinary record, implementation of new AML/CFT policies and procedures and the fact that some of the entities in question had changed senior management since the breaches.
Failures relating to internal deficiencies and controls
The SFC and the HKMA found that all of the above regulated entities had to some extent failed to comply with the relevant AML/CFT regulations due to internal deficiencies and controls. They failed to properly implement internal policies and ensure adequate understanding of such policies and controls amongst the relevant staff. Specifically:
GSL's internal controls for handling payments from client accounts to third parties were found to be deficient and inadequate. In addition, one of the findings against Mr Huang was that, as a managing director and responsible officer of GSL, he did not adequately enforce or implement GSL's policies and procedures; nor did he diligently supervise his staff members to conduct business on GSL's behalf;
There were deficiencies in Zhongtai's internal controls for handling third party deposits at the relevant time and its staff did not observe the internal policy that third party payments should generally be discouraged. There was evidence of relevant compliance staff and responsible officers showing a lack of mutual understanding of their respective roles and responsibilities in handling third party deposits;
As for Guoyuan, it had failed to properly implement and communicate policies and procedures regarding AML and CTF to its relevant employees. Although Guoyuan claimed to have a compliance manual, the relevant compliance officer and other key personnel were not aware of such manual. The SFC found that third party transfers were unverified and unrelated to clients, but even when red flags were raised by Guoyuan's compliance department, they were routinely processed by its senior management without further enquiries;
In Rifa's case, it did not have an appropriate and effective compliance function, and had not provided adequate AML training to its staff. Deficiencies included the fact that some of Rifa's staff did not even know that the temporary compliance officer and money laundering reporting officer who had been appointed held such a position at the relevant time; and
The HKMA investigation against the licensed bank found that the bank had failed to establish and maintain effective procedures to identify PEPs and seek senior management approval to continue business relationships with such PEPs.
It is worth noting that the HKMA in particular took into account the need to send a clear deterrent message about the importance of effective internal controls and procedures when deciding the appropriate disciplinary action.
Failures to conduct appropriate enquiries before processing third party transactions or establishing or continuing business relationships
The SFC and the HKMA found that the entities in question had not conducted adequate enquiries or checks before processing third party transactions or establishing or continuing certain business relationships. It was found (among other things) that:
Out of around 700 payments from GSL's client accounts to third parties, only around 570 payments were accompanied by application forms. Of those applications, only about 67 were supported by proper documentation. The SFC was also critical of the fact that some of the third party payments involved millions of dollars and in one case, up to over HK$39 million;
Mr Huang had contravened the Code of Conduct by approving a number of third party payments at GSL without meaningful explanation of the relationship and purpose of the payments;
When processing third party deposits, Zhongtai had failed to monitor and/or make sufficient and timely enquiries regarding numerous deposits made by third parties to its sub-accounts set up for clients. Zhongtai processed more than 300 third party deposits made via the sub-accounts without clarifying and verifying the origins of the deposits and/or the identities of the third parties. For example, it could not immediately detect the ultimate identity of the party who deposited funds into the sub-account and the majority of third party deposits were processed without the relevant approval by its compliance department;
As for Guoyuan, it had failed to make proper enquiries and exercise sufficient scrutiny over a significant number of third party fund deposits and withdrawals. In particular, some of these transactions were large and frequent (two client accounts alone recorded an aggregate of fund transfers to and from third parties totalling $665.3 million during the period from September 2010 to July 2012), unusual and/or suspicious, but Guoyuan failed to identify them as such and/or follow up on them. Further, Guoyuan had failed to ensure that the activities in clients' accounts were consistent with the clients' net worth/annual income as stated on their account opening forms; and
Rifa had effected a number of third party deposits before proper written directions had been obtained from clients, including an internal transfer from a client to a responsible officer which was a breach of the Securities and Futures (Client Money) Rules.
Failures to keep proper records and/or documentation
The final main category of breaches found by the SFC/HKMA was the failure to properly record and document decisions and/or evidence relating to third party transactions. The SFC found (among other things) that:
The enquiries GSL claimed to have made at the time and the rationale for approving such payments were not properly recorded or documented in writing;
When Zhongtai took steps to re-assess certain third party deposits, it failed to maintain a proper and accurate record of such assessments; and
When processing third party transfers, Guoyuan failed to properly record enquiries which were allegedly made in respect of those transactions which were approved and executed. While Guoyuan's managing director and responsible officer claimed that relevant enquiries were made, these were not properly recorded in writing to assist the SFC and other relevant authorities.
3. Conclusion
The recent spate of disciplinary actions illustrates the SFC and the HKMA's continued focus on ensuring regulated entities have appropriate AML/CFT systems in place to comply with regulatory requirements. Lessons can be learned from the disciplinary actions taken, and regulated entities can take a number of practical steps to avoid falling foul of AML/CFT requirements. Such steps will include:
(a) Properly and effectively implementing internal policies and procedures for handling third party payments and deposits, including demonstrating that appropriate enquiries have been made before approving and processing such payments and deposits;
(b) Monitoring and making sufficient and timely enquiries on any deposits made by third parties and on the activities of customers to detect unusual or suspicious transactions;
(c) Having regard to the relevant suspicious indicators set out in the AML Guideline when identifying transactions that could be the cause of scrutiny and should prompt further enquiries;
(d) Maintaining proper and accurate written records to evidence that appropriate enquiries and assessments have been made with respect to third party payments and deposits before approvals are given. Such records should include meaningful reasons and the rationale for approving such payments and/or deposits; and
(e) Ensuring there exist clear procedures and controls for identifying PEPs and for approving continuation of business relationships with such PEPs; and
(f) Providing regular training and guidance to staff on the relevant regulatory requirements and internal policies and procedures.
More broadly, regulated entities should be mindful of a circular issued by the SFC on 26 January 2017. The circular highlights the SFC's key concerns regarding compliance with AML/CFT requirements (including deficiencies and inadequacies in institutional risk assessment and in other areas) and also outlines examples of best practice. Regulated entities should without delay review their AML/CFT systems for possible deficiencies and inadequacies with reference to the circular and take immediate remediation action to address issues that may exist in their own policies, procedures and controls. Our e-bulletin on the circular and practical steps that may be taken can be found here.
1 For further details, please refer to the SFC's press release and statement of disciplinary action
2 For further details, please refer to the SFC's press release and statement of disciplinary action.
3 For further details, please refer to the SFC's press release and statement of disciplinary action.
4 For further details, please refer to the SFC's press release and statement of disciplinary action.
5 For further details, please refer to the HKMA's press release and statement of disciplinary action.
6 For further details, please refer to the SFC's press release and statement of disciplinary action.
For further information, please contact:
William Hallatt, Partner, Herbert Smith Freehills
William.Hallatt@hsf.com
