This article was written by Urszula McCormack and Matthew Howlett.
The Money Authority of Singapore’s recent announcement that it intends to withdraw BSI Bank Limited’s licence highlights the potentially severe consequences for banks breaching their AML obligations – and a trend beyond mere financial penalties. It also highlights the ever-increasing risks for individuals.
This article summarises the key facts and provides four important takeaways for financial institutions operating in Hong Kong.
BSI Bank action
On 24 May 2016, the Monetary Authority of Singapore (MAS) announced that it had notified BSI Bank Limited (BSI Bank) of its intention to withdraw its status as a merchant bank in Singapore.
This significant step flowed from findings of serious breaches of anti-money laundering (AML) requirements, poor management oversight of the bank’s operations, and gross misconduct by certain staff. It marked the first time that MAS had withdrawn its approval for a merchant bank since 1984, when Jardine Fleming (Singapore) Pte Ltd was shut down for serious lapses in its advisory work.
Individuals have also been implicated.
In 2011, the MAS first inspected BSI Bank and found policy and process lapses at the front office and weak enforcement by control functions. The lapses were subsequently rectified.
In 2014, the MAS inspected the bank again and uncovered serious shortcomings in its due diligence checks on assets underlying the investment funds structured for the bank’s customers. Given repeated findings of weaknesses in its control regime, the MAS instructed BSI Bank’s management to increase scrutiny of the bank’s risk management processes and internal controls.
Subsequently, the MAS initiated a third more intrusive inspection in 2015, which revealed multiple breaches of AML regulations and a pervasive pattern of non-compliance.
The MAS’ announcement that it intended to withdraw BSI Bank’s status as a merchant bank took into account BIS Bank’s repetitive lapses, as well as its 2015 inspection findings which revealed the following issues:
Specific regulatory lapses included the processing of multiple unusual transactions which were essentially pass-through trades, often without economic substance. Transactions were approved on the faith of client representations despite deficient documentation and concerns raised by the bank’s compliance officers.
The MAS has also served BSI Bank notice of its intention to impose financial penalties amounting to SGD13.3 million (approximately HKD75 million or USD9.7 million) for 41 breaches of MAS Notice 1014 - Prevention of Money Laundering and Countering the Financing of Terrorism.
The breaches include failure to perform enhanced customer due diligence on high risk accounts, and to monitor for suspicious customer transactions on an ongoing basis.
By way of contrast, the only public fine levied to date directly by Hong Kong’s financial regulators under the current AML regime is HKD7.5 million, in the HKMA’s State Bank of India case last year. We have yet to see how the trend unfolds, as further enforcement action is finalised.
Individuals – referral to criminal prosecution
Additionally, the MAS has referred the names of six members of BSI Bank’s senior management and staff to the Public Prosecutor, to evaluate whether they have committed any criminal offences.
Several of the bank's staff members were held to have committed wilful acts of misconduct, such as:
- making material misrepresentations to auditors;
- abetting improper valuations of assets; and
- taking instructions from persons other than customers’ authorised representatives on matters relating to customers’ accounts.
Key takeaways for financial institutions in Hong Kong
Takeaway 1: It could happen here
First and foremost, regulated financial institutions in Hong Kong could find themselves in a similar position as BSI Bank. Specifically:
1. Licence could be revoked
There are no powers of revocation under the Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance (Cap 615) (AMLO). However, importantly, they exist under the primary legislation / regulatory regimes for financial institutions. For example, the HKMA has a broad power to revoke an authorized institution’s (AI) authorisation under Schedule 8 to the Banking Ordinance (Cap 155), including where the HKMA is satisfied that the AI:
“engages in business practices which would be likely to prejudice the interests of Hong Kong as an international financial centre”.
2. Significant fines could be levied
The HKMA and other financial regulators have the power to impose fines of up HKD10 million or three times the profits gained or costs avoided as a result of each relevant contravention, as well as to issue formal reprimands and require remedial measures to be taken by the AI.
In assessing the fines to be imposed, financial regulators must take into account their own penalty guidelines. For example, the HKMA will usually take into account a range of factors, including:
- the need to send a clear message to the market about the importance of effective AML/CTF controls and procedures;
- the AI's cooperation during the investigation and any remediation work undertaken to address any contraventions identified in the HKMA investigation and other weaknesses identified by any HKMA onsite investigation;
- whether the AI has any previous disciplinary record; and
- the extent to which the AI engages third parties / external audit to conduct external reviews / audit on an ongoing basis.
3. Individuals are at personal criminal risk
Senior staff, managers and employees who are concerned with the management of the AI should also be aware that they face potential criminal liability under the AMLO in circumstances where:
- they "knowingly cause" or "knowingly permit" a breach of a specified provision under the AMLO. The maximum penalty is a HKD1 million fine and imprisonment for 2 years; or
- with intent to defraud the financial institution or any relevant authority, causes or permits the financial institution to contravene a specified provision. The maximum penalty is HK$1 million fine and imprisonment for 7 years.
However, it is a defence to the first limb if an individual can prove that they acted in accordance with the policies and procedures established and maintained by the financial institution. This highlights the fundamental importance of those controls.
Our comment: We are still at a very early stage in enforcement in Hong Kong. It remains to be seen how the HKMA, the Securities and Futures Commission (SFC) and other financial regulators will approach the calculation of penalties and referral to criminal prosecution, particularly in the lead up to the next FATF Mutual Evaluation expected in 2018.
Takeaway 2: Engage with your regulators
Arguably, the BSI Bank shutdown in Singapore could have been avoided through better regulatory engagement.
What does good engagement look like in practice? It requires four key pillars.
Takeaway 3: Get the basics right, then keep evolving
Regulators expect the basics to be right. There is no more tolerance for basic failures such as absence of controls, chronic missing CDD information, no management interest or oversight, no periodic review, clear screening lapses etc.
However, we are now moving beyond that. There is an increasing expectation of a considered approach to more complex issues such as:
- risk-sensitive customer acceptance policies (not wholesale “de-risking”);
- trade finance, including potential dual use goods;
- regulatory technology (or “RegTech”);
- data mining and analytics; and
ML/TF is becoming increasingly sophisticated. This requires consistent investment and evolution in thinking. Regulators are learning not only from enforcement, but also from their counterparts globally, the industry and third party service providers. Financial institutions need to take the same approach.
Takeaway 4: Engage in upcoming developments
All financial institutions face genuine grey areas in AML/CTF regulation. Aside from taking advice, consulting stakeholders and coming up with a considered position, there is a range of industry channels that can be used to highlight those grey areas.
We expect areas of upcoming focus will include technology, source of wealth/funds, politically exposed persons, trafficking and slavery, correspondent banking and data-sharing.
Please contact us anytime if we can help.
Note: King & Wood Mallesons does not practice Singapore law. All references to the BSI Bank matter or otherwise relating to Singapore-related matters are based on public information. This article does not constitute legal advice.