Fraud is one of the thorniest problems for banks and their customers globally, with billions of dollars of leakage to opportunists, criminal syndicates and thieves. The Hong Kong Monetary Authority (HKMA) has recently announced Hong Kong’s newest institutional financial crime tool – FINEST:
The initiative was launched in collaboration with the Hong Kong Police Force (HKPF) and The Hong Kong Association of Banks (HKAB).
King & Wood Mallesons was delighted to serve as legal advisor on the project.
This alert summarises the key points to know.
Key drivers
When COVID hit, we all stayed home, we adapted and evolved to a new way of life. Unfortunately, so did criminal behaviour. Health products were fabricated. Lucrative sales of false products were made. Bribery and corruption occurred. Social media-based scams escalated. The banks noticed. There was a significant increase in fraudulent behaviour. For example, shell companies sprung up, selling contracts for health products that either did not exist or were priced significantly over market value.
The risk for financial institutions being targeted as conduits for laundering fraudulent proceeds also increased as a consequence of COVID-19-related vulnerabilities and opportunistic behaviour. When COVID-19 and health-related mandates eased globally, fraud persisted and as always, evolved.
In its 2020 paper,[1] the FATF recommended that member jurisdictions, including Hong Kong, take steps to understand new risks and adopt operational responses, in addition to strengthening communication between the public and the private sector.
Hong Kong already has the inter-bank “Fraud and Money Laundering Intelligence Taskforce”, which was launched in 2017. But this involves typologies – not specific data sharing.
Key aspects of FINEST
The HKMA has announced the new FINEST initiative. The key aspects of the initiative that have been publicly announced so far are as follows:
- FINEST is a data-sharing tool for Hong Kong banks to share information regarding corporates suspected of fraud to tackle this kind of behaviour.
- The HKPF will run this “cyber-secured platform”, with the initiative having been developed by HKAB with guidance from the HKMA.
- This is Phase 1 of the new initiative, with only corporate (i.e. not personal data) being shared for the time being.
- Initially, only five domestic systemically important banks will share information related to suspected fraud.
- Future expansion to include additional banks and additional data will be considered in future.
Key considerations
Any bank seeking to participate in FINEST (if eligible) will need to carefully consider the following:
- Capacity to identify and report. This should already be a part of banks’ financial crime controls, but suspected fraud alone is not always reportable under existing suspicious transaction reporting requirements, so an uplift in systems, procedures and training may well be required.
- Data-sharing consents. Bankers generally owe an implied duty of confidentiality – even to corporate customers. Not all contracts are broad enough to capture sharing with other banks or tools such as FINEST, and customers and courts increasingly expect consents to be explicit – not just buried in fine print or housed in broad generic statements. It’s also important to remember that the consent should be at or before the time at which data is provided – this sequencing is especially critical where data may well be shared before a person is formally onboarded. Any variation to existing contracts may also need consent.
- Personal data can be lurking in the mix of “corporate” data. Even “corporate” data may include personal data (e.g. data relating to directors and authorised signatories) so extreme care is needed. Furthermore, some customers that are classed as “corporate” such as partnerships, may actually be a collection of individuals with an individual’s name. And finally, something that may appear to be non-personal data in the hands of one person, could well be data that identifies a living individual (i.e. personal data) in the hands of another, particularly when it is combined with other data. So being able to differentiate between data and taking a highly nuanced approach to participation is vital.
Mitigating fraud is in the interests of the public at large. Of course, for customers and prospective customers, you are entitled to ask how your data is being used. We understand further information about FINEST will be launched in due course.
Please contact us if you have any queries about your financial crime controls or data-sharing arrangements. We would be delighted to help.
Any reference to “Hong Kong” or “Hong Kong SAR” in this article shall be construed as a reference to “Hong Kong Special Administrative Region of the People’s Republic of China”.
Reference
[1] FATF, COVID-19-related Money Laundering and Terrorist Financing: Risks and Policy Responses, (May 2020).