Introduction

Money laundering

  • definition
    • covers all kinds of methods used to change the identity of illegally obtained money (i.e. crime proceeds)
    • so that it appears to have originated from a legitimate source
  • stages - frequently involving numerous transactions
    • placement
      • physical disposal of cash proceeds derived from illegal activities
    • layering
      • separating illicit proceeds from their source by creating complex layers of financial transactions
    • integration
      • returning the laundered proceeds back into the general financial system so that the proceeds appear to be the result of legitimate business activities

Terrorist financing

  • definition
    • can be defined in simple terms as the financial support, in any form, of terrorism or to those who encourage, plan or engage in terrorism
    • can be dirty or clean money, may come from donation, everyone may pay it

International Standards

FATF

  • stands for
    • Financial Action Task Force
  • objectives
    • to set up standards and promote effective implementation of legal, regulatory and operational measures
    • for combating ML/TF and other related threats to the integrity of the international financial system
  • key recommendations
    • customer due diligence (recommendation 10)
    • politically exposed persons (recommendation 12)
    • higher-risk countries (recommendation 19)
    • record keeping (recommendation 11)
    • reporting of suspicious transactions (recommendation 20)
    • tipping-off and confidentiality (recommendation 21)
    • suggest the requirements for FI regarding (recommendation 22 and 23)
      • the customer due diligence and record-keeping
      • suspicious transactions reporting
      • should also be applied to the designated non-financial businesses and professions (DNFBPs) involved in certain types of business
      • DNFBPs includes
        • casinos
        • real estate agents
        • dealers in precious metals
        • dealers in precious stones
        • lawyers, notaries, other independent legal professionals and accountants
        • trust and company service providers

Legistation and Regulation in Hong Kong

Relevant to AML/CTF

  • key elements
    • Drug Trafficking (Recovery of Proceeds) Ordinance (“DTRPO”) (Cap. 405)
    • Organized and Serious Crimes Ordinance (“OSCO”) (Cap. 455)
    • United Nations (Anti-Terrorism Measures) Ordinance (“UNATMO”) (Cap. 575)
      • provides or collect funds
      • make funds or financial services available to or for the benefit of terrorist
    • Anti-Money Laundering and Counter-Terrorist Financing Ordinance (“AMLO”) (Cap. 615)
      • take all reasonable measures
        • to ensure that proper sageguards exist
        • to mitigate ML/TF risks
      • applies to
        • licensed corporations (by SFC)
        • authorized institutions (by HKMA)
        • insurers, insurance agents and brokers
        • remittance agents and money changers
        • DNFBPs
      • extend the statutory customer due diligence and record-keeping requirements to cover the following designated non-financial businesses or professions (“DNFBPs”)
        • legal professionals
        • accounting professionals
        • estate agents
        • trust or company service providers
      • when they engage in specified transactions
        • specified transactions include
          • real estate transactions
          • management of client money, securities or other assets
          • management of bank, savings or securities accounts
          • company formation and management
          • buying and selling of business entities, etc.
      • introduce a licensing regime for trust or company service providers
    • United Nations Sanctions Ordinance (“UNSO”) (Cap. 537)
    • Weapons of Mass Destruction (Control of Provision of Services) Ordinance (“WMD(CPS)O”) (CAP. 526)
  • penalty
    • Q: Is it an offence to deal with proceeds of drug trafficking or of an indictable offence?
    • A: Yes. The highest penalty for the offence upon conviction is imprisonment for 14 years and a fine of HK$5 million.
    • Q: Is it an offence to provide financial services to terrorists or their associates?
    • A: Yes. The highest penalty for the offence upon conviction is imprisonment for 14 years and a fine. The UNATMO also permits terrorist property to be frozen and subsequently forfeited.
    • Q: Is it a must to report suspicious transactions?
    • A: Yes. This offence carries a maximum term of imprisonment of 3 months and a fine of HK$50,000 upon conviction.
    • Q: Can I inform my client after submission of a suspicious transaction report?
    • A: No. A person commits an offence if, knowing or suspecting that a disclosure has been made, he discloses to any other person any matter which is likely to prejudice any investigation. Maximum penalty for the offence upon conviction is imprisonment for 3 years and a fine.
    • Q: What are the penalties imposed upon conviction of the offences under the AMLO?
    • A:
      • for contravening a specified provision (CDD and record keeping)
        • criminal sanction (both FI and employee’s liability)
        • civil sanction (disciplinary action such as reprimand / remedy / fine for FI’s liability)
      • defence for employee – acted in accordance with policies and procedures established

Key Requirements and Best Practice

Risk-based approach

  • an FI should determine
    • the extent of CDD measure and ongoing monitoring by using a risk-based approach (“RBA”)
  • RBA depending upon
    • the background of the customer
    • the product, transaction or service used by the customer
  • relevant factors to be considered
    • country risk
    • customer risk
    • product service risk
    • delivery distribution channel risk
  • proportionate controls and oversight by determining
    • the extent of the due diligence to be performed on the direct customers
    • the extent of the measures to be undertaken to verify the identity of any beneficial owner and any person purporting to act on behalf of the customer
    • the level of ongoing monitoring to be applied to the relationship
    • measures to mitigate any risks identified
  • keep records and relevant documents of the risk assessment
    • so that it can demonstrate to the relevant authorities
      • how it assesses the customer’s ML/TF risk
      • the extent of CDD and ongoing monitoring is appropriate based on that customer’s ML/TF risks

Customer due diligence

  • overview
    • the AMLO prescribes the circumstances in which an FI must carry out CDD
    • FIs may also need to conduct additional measures or could conduct simplified customer due diligence (“SDD”) depending on specific circumstances
    • an FI is required to carry out CDD measures when
      • opening account
      • occasional transaction, equal to or exceeding HK$120,000
      • wire transfer, equal to or exceeding HK$8,000
      • suspect/doubt money laundering
      • doubt the veracity or adequacy of any information previously obtained for the purpose of identifying the customer or verifying his/her identity
    • an FI is required to
      • identify the customer and verifying the customer’s identity using reliable, independent source documents, data, or information
      • identify the beneficial owner and may adopt a risk-based approach
      • obtain information on the purpose and intended nature of the business relationship (if any) established with the FI
      • identify the person purports to act on behalf of the customer and taking reasonable measures to verify the person’s identity and verify the person’s authority to act on behalf of the customer
  • timing of identification and verification of identity
    • an FI must complete the CDD process before or during the course of establishing a business relationship or conducting transactions for occasional customers
    • an FI may, exceptionally, verify the identity of a customer and any beneficial owner of the customer after establishing a business relationship if
      • the normal conduct of business with regard to the customer is not interrupted
      • risk of money laundering or terrorist financing is effectively managed
    • example
  • corportation
    • an FI should obtain and verify the following information in relation to a customer which is a corporation
      • full name
      • date and place of incorporation
      • registration or incorporation number
      • registered office address in the place of incorporation (if the business address of the customer is different from the registered office address -> the FI should obtain information on the business address and verify as far as practicable)
    • the FI should record the names of all directors and verify the identity of directors on a risk-based approach
    • an FI should verify the information from
  • beneficial owners
    • an FI should identify and record the identity of all beneficial owners, and take reasonable measures to verify the identity of
  • high-risk situations
    • an FI must, in any situation that by its nature presents a higher risk of ML / TF, take additional measures or enhanced due diligence to mitigate the risk of ML / TF, including
  • non-face-to-face customers
    • when a customer is not physically present for identification purposes (i.e. the non-face-to-face customer), a FI or a DNFBP must carry out at least one of the following measures
      • obtain additional documents, data or information to further verify the customer’s identity
      • taking supplementary measures to verify “information relating to the customer that has been obtained by the FI or the DNFBP”
      • ensuring that the first payment made in relation to the customer’s account is carried out through an account opened in the customer’s name with –
        • an authorized institution
        • an institution that
          • is incorporated or established in an equivalent jurisdiction
          • carries on a business similar
          • has measures in place similar to this Schedule of the AMLO
          • is supervised by authorities in that jurisdiction which perform functions similar to those of the Monetary Authority
    • suitable certifiers and the certification procedure
      • use of an independent suitable certifier
      • the certifier must sign and date the copy document
  • politically exposed person (PEP)
    • if a new customer or a beneficial owner of a new customer is a PEP, an FI or the DNFBP must
      • obtain approval from its senior management
      • take reasonable measures to establish the customer’s or beneficial owner’s source of wealth and the source of the funds that will be involved in the proposed business relationship
    • if an existing customer or a beneficial owner of an existing customer is a PEP or has become a PEP, an FI or the DNFBP must not continue its business relationship with the customer unless it
      • has obtained approval from its senior management
      • has taken reasonable measures to establish the customer’s or beneficial owner’s source of wealth and the source of the funds that will be involved in the proposed business relationship
  • wire transfers
    • applies to the cases equal to or above HK$8,000
    • before carrying out a wire trnasfer, a FI must record
      • originator / recipient’s name
      • number of orginator / recipient’s account
      • originator’s address
    • this section does not apply to a wire transfer
      • between 2 FIs if each of them acts on its own behalf
      • between an FI and a foreign insititution if each of them acts on its own behalf
      • is carried out using a credit or debit card
  • risk-based approach
    • FIs should conduct ongoing monitoring in relation to all business relationships following the RBA
    • where the ML/TF risks are higher, the FI should conduct enhanced monitoring
    • in lower risk situations, the FI may reduce the extent of monitoring
  • reliance on CDD performed by intermediaries
    • the ultimate responsibility for ensuring that CDD requirements are met remains with the FI
    • FI should immediately obtain the data or information of CDD from the intermediaries
    • the intermediaries must keep record for 5 years and provide upon request
    • domestic intermediaries
      • FI
      • CPA firm / CPA
      • estate agents
      • solicitor
      • licensed trust or company service provider (TCSP)
    • oversea intermediaries
      • FIs are
        • intermediary FI with similar business
        • lawyer or notary public
        • auditor/ professional accountant/ tax advisor
        • trust or company service provider
        • trust company carrying on trust business
        • person who carries on a business similar to estate agent
        • related foreign financial institutions
          • FI may rely on a related foreign FI to perform any part of the CDD measures, if the related foreign FI
            • carries on a business similar to that carried on by an intermediary FI outside Hong Kong, and it is within the same group
            • is required under group policy to implement compliance programmes against AML/CTF
            • is supervised for compliance with the requirements mentioned in paragraph (b) at a group level by an Regulated Authority (“RA”) or by an authority in an equivalent jurisdiction

Ongoing monitoring

  • definition
    • a FI must continuously monitor its business relationship with a customer by
      • reviewing from time to time documents, data and information
      • conducting appropriate scrutiny of transactions
      • identifying transactions that are complex, unusually large in amount or of unusual pattern, and have no apparent economic or lawful purpose
        • examining the background and purposes of those transactions and setting out the findings in writing
  • contents
    • for a pre-existing customer, the FI is only required to review the documents, data and information relating to the customer that are held by it at the time it conducts the review
    • a FI must take additional measures to compensate for any risk of money laundering or terrorist financing if
      • a customer has not been physically present for identification purposes
      • a customer or a beneficial owner of a customer is known to be a PEP
      • a customer or a beneficial owner is involved in high risk situations
    • all customer that present high ML/TF risks should be subjects to a minimum of an annual review

Record keeping and retention of records

  • definition
    • FIs should maintain CDD information, transaction records and other records to ensure that
      • the audit trail is clear and complete
      • available swiftly
      • compliance with any relevant requirements
  • customer records
    • include the original or a copy of identifying and verifying the identity of the customer
    • must be kept for 5 years
  • transaction records
    • include the original or a copy of connection with the transaction
    • must be kept for 5 years

Recognition and reporting of suspicious transactions

  • definition
    • once an employee has reported his suspicion to the appropriate person in accordance with the procedure established by his employer
    • he has fully satisfied the statutory obligation
  • contents
    • when a transaction or a series of transactions of a customer is unusual (e.g. in a pattern that has no apparent economic or lawful purpose), the FI should take appropriate steps to further examine the transactions and identify if there is any suspicion
    • FIs should provide sufficient guidance to its staff
    • FIs should appoint a Money Laundering Reporting Officer (“MLRO”)
    • FIs should establish and maintain procedures to ensure that
      • all staff are made aware of the identity of the MLRO and of the procedures to follow when making an internal disclosure report
      • all disclosure reports must reach the MLRO without undue delay
    • the internal report should include sufficient details of the customer concerned and the information giving rise to the suspicion
    • the review process should be documented, together with any conclusions drawn
    • if after completing the evaluation, the MLRO decides that there are grounds for knowledge or suspicion, he should disclose the information and file a suspicious transaction report (“STR”) to the JFIU as soon as it is reasonable to do so
    • FIs must establish and maintain a record of all STRs made to the JFIU, the record must include
      • details of the date of the STR
      • the person who made the STR
      • information to allow the papers relevant to the STR to be located
    • examples that might give rise to suspicion
      • an institution located in a place outside Hong Kong who uses local accounts to trade on stock / futures exchanges located in that place
      • requests by customers for investment management services (as regards securities, futures contracts or leveraged foreign exchange contracts) where the source of the funds is unclear or not consistent with the customers' apparent standing
      • a number of transactions by the same customer in small amounts relating to the same investment, each purchased for cash and then sold in one transaction, the proceeds being paid to a person other than that customer
      • frequent funds or other property transfers or cheque payments to or from third parties that are unrelated, unverified or difficult to verify
      • incoming payments made by cheques with multiple endorsements
  • SFC suggestions
    • defining comprehensive parameters and thresholds for transaction monitoring in a wide range of situations which might give rise to suspicions. More stringent monitoring thresholds were applied to customers assessed to be of higher ML/TF risk
    • performing annual reviews of the parameters and thresholds used in its automated transaction monitoring system to ensure its effectiveness in identifying potentially suspicious transactions and reducing false positives
    • adopting a policy of not accepting any third-party fund deposits. For direct fund deposits, the LC would require customers to produce evidence to show the source of funds when the amount exceeded a certain threshold
    • evaluating the reasonableness of third-party fund deposits. Obtaining corroborative evidence from the customers or other sources to verify their purported relationship with the third parties and the reasons for the third-party deposits

Staff training

  • definition
    • provide and ensure adequate and appropriate AMLs/CTF training
    • the scope and frequency of training should be tailored to the specific risks faced by the FI and pitched according to the job functions, responsibilities and experience of the staff, i.e. new staff, front-line personnel, back-office staff, managerial staff and MLROs
  • contents
    • refresher training
    • staff should be made aware of
      • statutory obligations and the possible consequences if failed to report suspicious transactions and to comply with other statutory and regulatory requirements
      • their FI’s AML/CTF policies and procedures
      • any update on emerging techniques, methods and trends in ML/TF
    • FIs should maintain the staff training records for a minimum of 3 years

Latest Update on AML/CTF in Hong Kong

SFC fundings from inspections

  • failures in
    • comprehensive and up-to-date policies and procedures
    • following up on the assessment results
    • third party payors
    • establishing source of wealth and source of funds
    • screening existing customers, their beneficial owners
  • examples - internal control and governance
    • failed to update their policies and procedures promptly
    • failed to provide sufficient information for senior management to maintain adequate oversight
    • backlogs of sanctions screening and transaction alerts
    • delays in performance of periodic reviews

Deficiencies and non-compliance in the critical areas

  • ML/TF risk assessments
    • inadequate consideration of all key, relevant ML/TF risk factors in institutional risk assessment and customer risk assessment processes
      • deemed all countries which are a member jurisdiction of a FATF style regional body as non-high risk without conducting a proper assessment ML/TF risk assessments
  • transaction monitoring systems and processes
    • not all fund deposits by clients were assessed to ascertain whether they came from third party payors and should be subject to the LC’s due diligence and transaction review processes
  • establishing source of wealth and source of funds
    • merely collected general financial information from high-risk customers in account opening forms and failed to take reasonable measures to establish the sources of wealth and source of funds
    • wrongly concluded that a customer’s source of funds had been established after confirming that the funds were transferred from the customer’ bank account without determining what activity generate the funds
  • sanctions screening systems
    • low-risk customers, such as listed companies, financial institutions and its own affiliated companies, shareholders and employees, are not subject to sanctions screening
    • conduct ongoing screening only at a fixed interval without regard to new designations or updates
  • senior management responsibilities
    • to properly discharge their role, senior management should ensure, among other actions
      • appropriate mechanisms are in place to develop and continuously review the firm’s AML/CTF policies and procedures
      • adequate training tailored to their specific job functions and responsibilities is provided to staff
      • appropriate ongoing compliance monitoring and periodic independent reviews are in place to detect and remedy any deficiencies or non-compliance in critical AML/CTF controls in a timely manner
      • appropriate reporting mechanisms are in place for senior management to be apprised of key ML/TF risks and concerns in a timely manner