This article was written by Urszula McCormack and Jack Nelson.
Large, undocumented money transfers to unidentified third parties should raise eyebrows. But it was exactly these red flags that Guangdong Securities Limited (“GSL”) a brokerage, failed to deal with adequately. The result? A HK$3 million fine and a public reprimand from the Securities and Futures Commission (“SFC”).
Our recent SFC enforcement trends alert identified anti-money laundering and counter-terrorist financing (“AML/CTF”) as a focus area for the SFC.
This article describes the key facts, findings and messages of the GSL case.
The exception that became the norm
Between February 2011 and March 2013, GSL, a brokerage, processed approximately 700 payments from client accounts to third parties. This may seem unremarkable – except that GSL, like many other brokerages, prohibited third party transfers.
GSL’s general prohibition did allow third party transfers under “exceptional circumstances”. To make use of this exception, GSL clients were required to complete an application form, attaching proof of the third party’s identity, the client’s relationship with that third party, and the reasons for the transfer.
GSL management was then required to review the form and the attached documentation, and only if satisfied, approve the transfer.
The SFC’s investigation
Following an investigation by the SFC, it was revealed that only 570 application forms for third party transfers could be located. Of these 570, only 67 forms were supported by the required documentation. The remainder displayed varying degrees of non-compliance, from a complete lack of documentation through to incomplete forms. These application forms truly are a treasure trove of AML/CTF red flags, as we highlight below:
1. Inadequate third party verification
Transfers between parties with no apparent business relationship is a common AML/CTF indicator.
Yet a significant number of the application forms stated that the transfer was between “friends” or that it was a “friend transfer”, and lacked any verification of the third party’s identity.
2. Inadequate reasons for transfer
Transfers without an economic rationale is another common AML/CTF indicator.
GSL's application form did request that the client state the reason for the transfer. However, some clients did not bother to state the reason – and others gave vague responses, such as “business dealings”, “loan” or “repayment”.
3. Large amounts through brokerage accounts
It does not generally make economic sense to move large sums through brokerage accounts rather than through bank accounts.
Yet the transfers that GSL processed often involved millions of dollars – and in one case, a transfer of over HK$39 million was approved without any supporting documentation.
4. Coincidental transfers
When multiple apparently unconnected accounts suddenly make a transfer to the same third party on the same day, bells should ring.
Yet GSL’s records show two transfers, from two separate accounts to the same third party, totalling HK$10 million, on the same day – with seemingly no questions asked.
5. No reasons for approval
Any and all departures from policy must be subject to written reasons for approval. This echoes a fundamental principle of AML/CTF regulation of Hong Kong, in that departures from regulatory guidance are permitted, but only with a justified and documented rationale. GSL’s staff and management failed to detail reasons for approval in any form whatsoever.
GSL did claim that its staff made enquiries where insufficient documentation was provided by clients. However, as these enquiries were also not recorded in writing, the SFC simply made this the grounds of another finding against GSL.
6. Deficient application forms
The SFC considered that GSL’s application form itself was deficient. The form lacked detail on key topics, such as the relationship between the client and the third party.
The SFC’s findings
The SFC found that GSL’s failure to adequately control third party payments constituted breaches of:
The transactions clearly show that any internal controls and monitoring that were in place at GSL between February 2011 and March 2013 were inadequate from an AML/CTF perspective – although no finding of actual money laundering or terrorist financing was made.
But no AMLO finding?
Strikingly, the SFC’s findings did not include a breach of the Anti-Money Laundering and Counter-terrorist Financing (Financial Institutions) Ordinance (Cap. 615) (“AMLO”). The SFC only exercised its disciplinary powers under the Securities and Futures Ordinance (Cap. 571). This means that we still do not have a test case from the banking or securities regulator under the AMLO.
Why this case matters
The GSL case is a timely reminder of three key points:
1. The SFC takes a hard line on third party payments
The SFC provided a list of controls for third party payments in its 3 December 2013 circular. These included the following:
Third party payments generally
• Discourage third party payments generally
• Only accept with the approval of a designated senior staff member
Source of funds
Take reasonable steps to identify funds from third party sources
Watch out for:
• any frequent and/or large third party funds transfers or cheque payments; and
• other red flags identified by the SFC in its AML/CTF guideline.
Enhanced due diligence and monitoring
Undertake enhanced customer due diligence and ongoing monitoring, plus additional risk-sensitive measures where, for example:
• customer requests payment to a third party;
• money is paid by a third party having no apparent connection with the customer;
• firm is being asked to accept funds in unconventional ways.
Pay special attention to situations where non-resident customers or cross-border funds transfers are involved
Consistency between information
• Make appropriate enquiries about the customer and the third party
• Consider whether a third party funds transfer is consistent with the customer’s known legitimate business or personal activities.
File a suspicious transaction report (“STR”) with the Joint Financial Intelligence Unit (“JFIU”) where there are grounds for suspicion
Guidance to staff
Ensure staff have guidance to enable them to:
• recognise suspicious transactions generally (even without third party transfers);
• identify and assess relevant information to judge whether a transaction or instruction is suspicious; and
• understand their own personal statutory obligations and possible consequences for failure to report.
2. Departures from AML/CTF guidelines must be documented and justified
It is possible to take a different approach on certain aspects of AML/CTF regulation, but they must be documented and justified. The “risk-based approach” does not contemplate ad hoc decisions or (worse) lazy compliance. We are seeing more compliance and financial crime team members take this on board, but this is not universal.
3. Lack of documentation is tantamount to no controls
An ongoing theme in regulatory investigations is documentation generally. Where no records of an action exist, regulators generally assume that it didn’t happen. This is particularly important for individuals with AML/CTF functions, where personal criminal liability and other penalties at stake. The law only protects individual staff members to the extent that they can demonstrate that they followed internal policies and procedures. This means that relevant actions and any departures from policy need to be carefully documented. During AML/CTF investigations, we have seen regulators ask for not only the end result of an action (eg screening), but also the decision-making process along the way.