UPDATE : SFC’s Proposed Enhancements to AML/CFT Guidelines

Since March 2012, when Hong Kong tightened its AML/CTF laws[1] for financial institutions, there have been a number of initiatives to refine[2] or expand[3] the regime. More refinements have been proposed by the SFC in a consultation paper in September 2020, which will[4] incorporate the FATF's[5] Guidance for a Risk-based Approach ("RBA") for the Securities Sector[6] .

The consultation paper sets out proposed amendments to the SFC's AML Guidelines, and the key proposed amendments are summarised below. Licensed Corporations ("LCs") can take pro-active steps to review their existing AML/CFT controls to assess the impact of these proposed amendments.

1. Increased guidance in relation to institutional risk assessments

To facilitate the implementation of a risk-based approach, the SFC proposes to incorporate additional requirements for LCs in conducting proper institutional risk assessments ("IRAs").

The proposed amendments include requiring LCs to consider quantitative and qualitative information from relevant internal and external sources to identify, manage and mitigate risks, and to conduct IRAs where the nature and extent of the procedures are commensurate with the nature, size and complexity of the LC's business.

To assess ML/TF risks and determine the level of risks present in an LC's business operations or LC’s customer base, the SFC has proposed an expanded non-exhaustive list of relevant risk indicators which is relevant to IRAs and customer risk assessments.

Significantly, the SFC is also proposing that LCs conduct a periodic review of their IRAs at least every two years, or more frequently upon the occurrence of a trigger event with material impact on a LC's business and risk exposure.

LCs should take a group level approach to mitigate ML/TF risks. To facilitate the design and implementation of the LC's existing group-wide AML/CFT systems, group-wide risk assessments should be conducted for LCs with overseas branches and subsidiary undertakings carrying on the same business as financial institutions. LCs which are part of a financial group may rely on a group-wide or regional IRA provided such assessment adequately reflects the local ML/TF risks posed to the LC.

2. Greater due diligence requirements for cross-border correspondent relationships

When establishing a cross-border correspondent relationship with an overseas financial institution (i.e. the respondent institution), even if they are related foreign financial institutions within the same group, LCs should apply additional due diligence and other measures to mitigate ML/TF risks[7] .

The ML/TF risks posed by respondent institutions and the extent of due diligence measures should be assessed by conducting regular reviews (or when a trigger event occurs) of the information obtained on the respondent institutions to ensure it is up-to-date and relevant, and monitoring transactions for any unexpected or unusual activities which may change the respondent institutions' risk profile.

The emphasis in this area has been the banking sector, where banks have relationships with correspondent banks and it seems clear that scrutiny will now expand to the securities sector.

3. Simplified and enhanced measures under a risk-based approach

The SFC proposes an expanded list of examples of simplified and enhanced CDD and ongoing monitoring measures[8] , the SFC does describe to help LCs better assess ML/TF risks[9] , such as:

• Evaluating the information provided by the customer in relation to the destination of funds involved in the transaction and the reasons for the transaction;
• Requiring sales proceeds to be paid to the customer's bank account from which the funds for investment were originally transferred, particularly where there is a pattern of frequent changes of bank account details; and
• Obtaining additional customer information on underlying investors when acting as a delegated asset manager without having a business relationship with the overseas delegating management company's customer.

4. Enhanced list of red-flag indicators of suspicious transactions and activities

The SFC proposes to refine the existing list of red-flag indicators, including the addition of new red flags with securities sector-specific indicators of suspicious transactions and activities, and the removal of red-flag indictors whose significance has diminished due to the evolution of ML/TF risks.

It should be noted that LCs should not apply these red-flag indicators with a "check-list" approach. Each LC needs to consider the red flags relevant to their specific businesses, risk profiles and transaction and activities patterns of their customers.

5. Third-party deposits and payments

LCs are generally expected to perform third-party deposit due diligence before settling transactions with the funds deposited by their clients. There have been a number of enforcement actions taken against LCs who have been lax in dealing with third party deposits or payments. However, it seems that the SFC recognises that it is not always practical to complete due diligence before settling transactions with deposited funds and has proposed amendments to allow for delayed third-party deposit due diligence under certain conditions[10] .

In view of these conditions, LCs should clearly define in their policies and procedures how these exceptional situations are identified and, where such delayed third-party deposit due diligence may be allowed, adopt appropriate risk management policies and procedures[11] . Where third-party deposit due diligence cannot be completed within a reasonable timeframe, LCs should refrain from carrying out further transactions for the customer and assess whether there are grounds for filing a suspicious transaction report to the JFIU.

The full consultation paper is available here. The SFC welcomes comments on or before 18 December 2020.

_______________________________________
[1] Via the Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance, since renamed as the Anti-Money Laundering and Counter-Terrorist Financing Ordinance.
[2] Mainly by way of revised guidelines and issuance of FAQs.
[3] To designated non-financial professions and businesses such as lawyers and accountants.
[4] As well as refine the guidance previously provided in the SFC's circulars.
[5] Financial Action Task Force.
[6] Published on 26 October 2018.
[7] Paragraph 4.20 of the Proposed Revised AML Guidelines.
[8] Paragraph 1, Appendix C of the Proposed Revised AML Guidelines.
[9] Paragraph 2, Appendix C of the Proposed Revised AML Guidelines.
[10] Paragraph 11.9 of the Proposed Revised AML Guidelines.
[11] For guidance on appropriate risk management policies and procedures, see paragraph 11.10 of the Proposed Revised AML Guidelines.

About Us

Howse Williams is an independent law firm which combines the in-depth experience of its lawyers with a forward thinking approach.

Our key practice areas are corporate/commercial and corporate finance; commercial and maritime dispute resolution; clinical negligence and healthcare; insurance, personal injury and professional indemnity insurance; employment; family and matrimonial; property and building management; banking; fraud; financial services/corporate regulatory and compliance.

As an independent law firm, we are able to minimise legal and commercial conflicts of interest and act for clients in every industry sector. The partners have spent the majority of their careers in Hong Kong and have a detailed understanding of international business and business in Asia.

Disclaimer: The information contained in this article is intended to be a general guide only and is not intended to provide legal advice.  Please contact [email protected] if you have any questions about the article.