07 March 2017

Third party payments under fire: Hong Kong SFC fines brokerage for AML/CTF failings

This article was written by Urszula McCormack and Jack Nelson.

Large, undocumented money transfers to unidentified third parties should raise eyebrows. But it was exactly these red flags that Guangdong Securities Limited (“GSL”) a brokerage, failed to deal with adequately. The result? A HK$3 million fine and a public reprimand from the Securities and Futures Commission (“SFC”).

Our recent SFC enforcement trends alert identified anti-money laundering and counter-terrorist financing (“AML/CTF”) as a focus area for the SFC.

This article describes the key facts, findings and messages of the GSL case.

The exception that became the norm

Between February 2011 and March 2013, GSL, a brokerage, processed approximately 700 payments from client accounts to third parties.  This may seem unremarkable – except that GSL, like many other brokerages, prohibited third party transfers.

GSL’s general prohibition did allow third party transfers under “exceptional circumstances”.  To make use of this exception, GSL clients were required to complete an application form, attaching proof of the third party’s identity, the client’s relationship with that third party, and the reasons for the transfer. 

GSL management was then required to review the form and the attached documentation, and only if satisfied, approve the transfer.   

The SFC’s investigation

Following an investigation by the SFC, it was revealed that only 570 application forms for third party transfers could be located.  Of these 570, only 67 forms were supported by the required documentation.  The remainder displayed varying degrees of non-compliance, from a complete lack of documentation through to incomplete forms.  These application forms truly are a treasure trove of AML/CTF red flags, as we highlight below:

1.   Inadequate third party verification 

Transfers between parties with no apparent business relationship is a common AML/CTF indicator. 

Yet a significant number of the application forms stated that the transfer was between “friends” or that it was a “friend transfer”, and lacked any verification of the third party’s identity.  

2.   Inadequate reasons for transfer

Transfers without an economic rationale is another common AML/CTF indicator.  

GSL's application form did request that the client state the reason for the transfer.  However, some clients did not bother to state the reason – and others gave vague responses, such as “business dealings”, “loan” or “repayment”. 

3.   Large amounts through brokerage accounts

It does not generally make economic sense to move large sums through brokerage accounts rather than through bank accounts. 

Yet the transfers that GSL processed often involved millions of dollars – and in one case, a transfer of over HK$39 million was approved without any supporting documentation. 

4.   Coincidental transfers 

When multiple apparently unconnected accounts suddenly make a transfer to the same third party on the same day, bells should ring.  

Yet GSL’s records show two transfers, from two separate accounts to the same third party, totalling HK$10 million, on the same day – with seemingly no questions asked.  

5.   No reasons for approval 

Any and all departures from policy must be subject to written reasons for approval.  This echoes a fundamental principle of AML/CTF regulation of Hong Kong, in that departures from regulatory guidance are permitted, but only with a justified and documented rationale.  GSL’s staff and management failed to detail reasons for approval in any form whatsoever.  

GSL did claim that its staff made enquiries where insufficient documentation was provided by clients.  However, as these enquiries were also not recorded in writing, the SFC simply made this the grounds of another finding against GSL.  

6.   Deficient application forms

The SFC considered that GSL’s application form itself was deficient.  The form lacked detail on key topics, such as the relationship between the client and the third party.  

The SFC’s findings

The SFC found that GSL’s failure to adequately control third party payments constituted breaches of:

The transactions clearly show that any internal controls and monitoring that were in place at GSL between February 2011 and March 2013 were inadequate from an AML/CTF perspective – although no finding of actual money laundering or terrorist financing was made.

But no AMLO finding? 

Strikingly, the SFC’s findings did not include a breach of the Anti-Money Laundering and Counter-terrorist Financing (Financial Institutions) Ordinance (Cap. 615) (“AMLO”).  The SFC only exercised its disciplinary powers under the Securities and Futures Ordinance (Cap. 571).   This means that we still do not have a test case from the banking or securities regulator under the AMLO.

Why this case matters

The GSL case is a timely reminder of three key points:

1.   The SFC takes a hard line on third party payments

The SFC provided a list of controls for third party payments in its 3 December 2013 circular.  These included the following:

Third party payments generally 

• Discourage third party payments generally
• Only accept with the approval of a designated senior staff member

Source of funds 

Take reasonable steps to identify funds from third party sources

Red flags

Watch out for:

• any frequent and/or large third party funds transfers or cheque payments; and
• other red flags identified by the SFC in its AML/CTF guideline.

Enhanced due diligence  and monitoring 

Undertake enhanced customer due diligence and ongoing monitoring, plus additional risk-sensitive measures where, for example:

• customer requests payment to a third party; 
• money is paid by a third party having no apparent connection with the customer; 
• firm is being asked to accept funds in unconventional ways. 

Pay special attention to situations where non-resident customers or cross-border funds transfers are involved 

Consistency between information

• Make appropriate enquiries about the customer and the third party
• Consider whether a third party funds transfer is consistent with the customer’s known legitimate business or personal activities.


File a suspicious transaction report (“STR”) with the Joint Financial Intelligence Unit (“JFIU”) where there are grounds for suspicion

Guidance to staff

Ensure staff have guidance to enable them to: 

• recognise suspicious transactions generally (even without third party transfers); 
• identify and assess relevant information to judge whether a transaction or instruction is suspicious; and 
• understand their own personal statutory obligations and possible consequences for failure to report. 

2.  Departures from AML/CTF guidelines must be documented and justified

It is possible to take a different approach on certain aspects of AML/CTF regulation, but they must be documented and justified.  The “risk-based approach” does not contemplate ad hoc decisions or (worse) lazy compliance.  We are seeing more compliance and financial crime team members take this on board, but this is not universal.

3.   Lack of documentation is tantamount to no controls

An ongoing theme in regulatory investigations is documentation generally.  Where no records of an action exist, regulators generally assume that it didn’t happen. This is particularly important for individuals with AML/CTF functions, where personal criminal liability and other penalties at stake.  The law only protects individual staff members to the extent that they can demonstrate that they followed internal policies and procedures.  This means that relevant actions and any departures from policy need to be carefully documented.  During AML/CTF investigations, we have seen regulators ask for not only the end result of an action (eg screening), but also the decision-making process along the way.

A Guide to Doing Business in China

We explore the key issues being considered by clients looking to unlock investment opportunities in the People’s Republic of China.

Doing Business in China
Share on LinkedIn Share on Facebook Share on Twitter
    You might also be interested in

    We sum up SFC's recent regulatory bulletin on its front-loaded approach on IPO applications and corporate transactions.

    19 February 2020

    We sum up three key papers issued by the FSB, as well as the developments from other influential global policy-makers.

    24 January 2020

    We analyse the HKMA's regulatory guidance on big data analytics and artificial intelligence applications.

    13 January 2020

    Based on an SFC circular on the use of external electronic data storage providers, we look into why organisations are moving to the Cloud.

    12 December 2019

    You may also be interested in...

    This site uses cookies to enhance your experience and to help us improve the site. Please see our Privacy Policy for further information. If you continue without changing your settings, we will assume that you are happy to receive these cookies. You can change your cookie settings at any time.

    For more information on which cookies we use then please refer to our Cookie Policy.