A recent announcement by the Securities and Futures Commission (SFC) that a securities dealer and asset management company has been publicly reprimanded and fined HK$6 million for past serious anti- money laundering (AML) internal control deficiencies is a warning to other licensed institutions in Hong Kong. It comes on the back of regulators in various jurisdictions taking tougher action against banks and other financial institutions. The SFC’s disciplinary sanction is intended to send a message to the market and a very public one at that. Going forward, the sanction is unlikely to be an isolated example, as local regulators look ahead to and set the scene for the Financial Action Task Force’s (the intergovernmental agency – FATF) next review of Hong Kong’s compliance with the “FATF Recommendations” by 2016.
Some key points
Hong Kong has a comprehensive set of AML and Counter-Terrorist Financing (CTF) laws. Key among them are the offences of dealing with property known or believed
to be the proceeds of a serious criminal offence or failing to report knowledge or suspicion of the proceeds of crime in a timely manner.
In addition to these criminal offences, the SFC has wide disciplinary powers that it can exercise against licensed entities and their responsible officers, pursuant to (among others) section 194 of the Securities and Futures Ordinance (Cap. 571 – SFO).
Where the SFC considers a licensed
entity or person guilty of misconduct or no longer fit and proper it can apply a
number of disciplinary sanctions, including: revocation or suspension of licence (thereby preventing the carrying out of one or more regulated activities), public or private reprimands and financial penalties of up to HK$10 million. Reprimands by the SFC for serious compliance failings are usually made public and are posted on its website (the “news releases” which are actively subscribed to).
Among the various market regulators in
Hong Kong, the SFC is the most active (with respect to those entities and persons governed by the “Code of Conduct for Persons Licensed by or Registered with the SFC” – the Code of Conduct).
SFC activity more recently has focused on
market misconduct (in particular, insider dealing). Its recent disciplinary action against a securities dealer for past AML internal control deficiencies illustrates that AML is not just the purview of the criminal
law; it is also liable to attract regulatory action. Such regulatory action comes on the back of unrelated high profile criminal prosecutions for money laundering offences in Hong Kong and evidences a two-prong approach; regulatory action and the threat of criminal prosecution.
That threat of criminal prosecution
has increased in light of the customer due diligence and record-keeping
requirements in Schedule 2 of the AMLCTF (Financial Institutions) Ordinance 2012 (Cap. 615 – AMLCTFO), breach of which can give rise to serious fines and custodial sentences. Financial institutions that breach these provisions are also liable to disciplinary action by a relevant regulator (the SFC, the Hong Kong Monetary Authority or Insurance Authority), pursuant to section 21 of the AMLCTFO; the regulators’ powers (in this regard) extend to public reprimands, orders for remedial action and/or financial penalties.
Financial institutions (such as, among
others, banks, licensed deposit-taking institutions, remittance agents, securities dealers, long-term insurers) should be reviewing their internal AML policies and procedures, in the expectation of further regulatory action and headlines.
The following would go a long way
to assuaging concerns: proper implementation of customer due diligence and record keeping requirements, an effective internal compliance regime and making timely suspicious transaction reports of money laundering suspicions (which, in turn, means knowing and evaluating your transaction “suspicious activity indicators”).
Hong Kong has been a member of the FATF since 1991 and presided over that body in 2002. Hong Kong is partially compliant with most FATF Recommendations. Few members are fully compliant.
The passage of the AMLCTFO in 2012 went a long way to addressing some FATF concerns about Hong Kong’s compliance, particularly as regards (for example): politically exposed persons (PEPs), wire transfers and money service operators. These concerns are heightened given Hong Kong’s proximity
to Mainland China and certain unauthorised banking and remittance services there.
The FATF’s next evaluation of Hong Kong’s compliance with the FATF Recommendations is due to start next year (as part of the fourth round of mutual evaluations starting this year), with a report in 2016. Against that background, it would not be a surprise to see increased regulatory activity in Hong Kong.
The Statement of Disciplinary Action (the Statement) against the securities dealer in question was made public by the SFC on
9 July 20141.
The SFC’s findings conclude that during the relevant period of the investigation (sometime during 2010-11) the securities dealer failed to (among other things):
establish AML internal controls
adequately report suspicious transactions to the relevant authority (the Joint Financial Intelligence Unit – JFIU) in a timely manner
provide AML training to its staff
adequately protect client assets by means of effective procedures (for example, inadequate due diligence of certain third party payments)
In short, the SFC found that there was no effective compliance function at the time.
The Statement records that a public reprimand is said to be necessary “to send a clear message to the market about the
importance of effective internal anti-money laundering controls and procedures”. The supporting SFC press release (dated 9 July 2014) suggests that the sanction could have been harsher but for the securities dealer’s remedial action and goes on to state that the case should serve as a warning to the financial services industry that “cavalier attitudes have no place in our market”. This may be the sort of regulatory language that is noticed with approval by the FATF.
The amount of the financial penalty (HK$6 million of a maximum HK$10 million) is pursuant to section 194(2) of the SFO and takes into account the SFC’s “Disciplinary Fining Guidelines”2.
It is worth noting that if the misconduct had happened after the coming into force of the AMLCTFO (in April 2012) and amounted to a breach of the customer due diligence and/or record-keeping requirements of Schedule 2 of the AMLCTFO, the SFC would have alternative powers available under section 21(2) of that Ordinance. While the level of the maximum financial penalty is the same, by its nature a breach of the AMLCTFO might attract greater attention and regulatory disapproval, given (for example) the purpose of that Ordinance, the background against which it was
enacted in 2012 and the current regulatory environment3.
It is worth stressing that the defects identified in the Statement go back to events sometime during 2010-11 and that the securities dealer concerned is stated to have had an otherwise
clean disciplinary record and taken remedial steps. The defects were compliance related; there was no criminal liability.
It is also worth stressing that financial institutions in Hong Kong have now had over two years to get used to the AMLCTFO and most have adequate AML internal policies and procedures in place. That said, there are examples of some financial institutions that could do more as regards implementation, particularly with respect to (for example): timely and qualitative suspicious transaction reports to the JFIU, customer due diligence of PEPs and remittances originating from
Mainland China. Policies and procedures alone are not sufficient and the focus of regulators is as much on implementation, in the knowledge that “papering” over the cracks is liable to be an easier prosecution or regulatory action4.
Addressing such concerns will increase compliance costs at a time when some financial institutions are seeking growth in new markets while also trying to control their cost base. This presents financial institutions with something of a dilemma but, as they are prone to advise their own customers, some growth does not come without cost.
The risk of criminal proceedings in Hong Kong, with respect to instances of money laundering, or regulatory action with respect to instances of AML compliance failings, has probably never been more real.
We are seeing a greater interest in the market for compliance and regulatory related training and know-how. As part of a recent presentation to the Hong Kong Foreign Financial Institutions Association (HKFFIA) we prepared an AML checklist overview (which is attached for ease of reference).
Anti-money laundering (AML) Checklist – Overview
Documents and record-keeping
If AML and Counter Terrorist Financing (Financial Institutions) Ordinance (Cap. 615) applies to your organisation,
review its compliance with (among other things) Schedule 2 Part 2 (Customer Due Diligence) and Part 3 (Record-keeping)
Monitor any of your intermediaries’
compliance with customer due diligence requirements
Review due diligence on customers
and transactions and identify process weaknesses (conduct periodic audits and disseminate lessons eg “close calls”)
Keep records in accordance with
document retention policies and regulatory obligations (HKMA, SFC, Office of the Commissioner of Insurance, Inland Revenue)
Review AML policies in place, review any gaps and keep up to date in accordance with regulatory guidelines (HKMA, SFC, Office of the Commissioner of Insurance)
Review how the organisation
communicates the AML policies and codes of conduct to staff at all levels
Ensure there is transparent and regular
monitoring and audits of compliance with AML policies and procedures eg on a formal and annual basis
Review and audit STR processes
Prepare training and communication exercises to ensure employees understand AML policies and changes in the law
Review AML training for all new employees;
eg “induction training” (a “bottom-up” approach)
Review and continue with AML training for all employees
Ensure there are adequate records of
all attendance at training and of the communication of AML policies and that such records are held safely
In particular, organise front office
Arrange AML presentations and training at board level (a “top-down” approach)
Perform due diligence on new recruits at all levels of hiring
Review senior management
communications to all employees concerning “zero tolerance” of money laundering
Encourage culture of “reporting-up” (but
note laws against “tipping-off” eg HKMA AML Guideline Chapter 7.19-7.30; and equivalent provisions of AML Guidelines of the Office of the Commissioner of Insurance and the SFC)
Review employment and secondment
contracts – get buy-in to AML regime as a matter of contract and staff reviews/appraisals
Review disciplinary and grievance policies
to make specific reference to AML policies and practices
Review legal requirements for introduction
of new policies and contractual terms eg employee consent/consultation
Include reference to risk management
and AML compliance in performance appraisals and remuneration criteria
Day to day operations
Review function of in-house legal and AML compliance officer(s) to ensure most effective working practices with front-line staff
Review AML operations of front-office and
Periodically review organisation’s various terms of business with (for example) customers, correspondent banks and intermediaries for compliance with
Review emergency plans and “crisis management” policies to ensure a clear plan in place to deal with major incidents eg regulatory proceedings, criminal investigations
Step back and ask what more can you and your organisation do across its three Ps (people, policies, processes)
Many of the same points arise in
connection with your organisation’s anti-bribery and corruption policies and
procedures (with respect to both local laws and the extra-territorial reach of foreign anti-bribery and corruption laws)