Insight,

Current Trends in Financial Crime Compliance and Enforcement in Hong Kong

03 August 2022

Our People
HK | EN
Current site :    HK   |   EN
Australia
EN |
China
JP | ZH | EN |
China Hong Kong SAR
ZH | EN |
Japan
JP | ZH | EN |
Singapore
ZH | EN |
United States
EN |
Global
ZH | EN |

Regulatory action in response to financial crime is on the rise and it is critically important for organisations to understand the key focus areas of authorities and ways to minimise the risks.

In this alert, we discuss the current trends in financial crime compliance and enforcement in Hong Kong. Specifically, we describe:

Hong Kong regulators have increased the level of enforcement for breaches of AML/CTF obligations against financial institutions and there is an ongoing push for rules and regulations relating to financial crime. They are also driving Regtech innovation to help mitigate ML/TF risk. As outlined in more detail below, it is essential for all financial institutions to:

  • ensure they have procedures in place to assist with meeting the specified provisions of the AMLO
  • ensure the procedures around ongoing monitoring are not overlooked. Failing to identify suspicious transactions or review customer files in a timely and adequate manner remain the most common factors for enforcement action by both the HKMA and the SFC
  • strive to develop innovative Regtech, or partner with innovative third-party Regtech vendors, to assist with detecting financial crimes, establishing trusted digital identity systems, customer risk profiling, and
  • ensure they understand new rules and regulations and the requirements placed upon them.

AML/CFT enforcement trends

Enforcement for AML/CTF failings has ramped up in Hong Kong.

The AMLO was enacted in 2012.  Until recently, the HKMA had brought very few proceedings under the AMLO. Between 2012 and mid-2021, only four banks were penalised for AML/CTF failings.

In November 2021, the HKMA announced disciplinary action against four further banks, imposing a total penalty of HKD44.2 million (details below). Two further disciplinary actions followed in 2022 against stored value facility licensees. 

The HKMA’s increased enforcement activity follows a number of enforcement cases brought by the SFC between 2019 and 2021 regarding AML breaches, including a significant fine of HKD2.7 billion imposed in relation to the 1MDB scandal.

Key takeaways and tips
HKMA enforcement
  • Hong Kong’s banking sector AML/CTF framework leverages the strong collaboration between the HKMA and The Hong Kong Association of Banks (HKAB) in terms of standard setting and typology development. The Joint Financial Intelligence Unit and the Privacy Commissioner are also regularly involved where their respective expertise is needed
  • The HKMA enforcement team remains busy and further fines against banks in Hong Kong are in the pipeline
  • Ongoing customer monitoring is integral. Failing to conduct periodic reviews properly and on a timely basis was a key failing in multiple enforcement actions
  • Banks must not allow periodic review, trigger event reviews and transaction alert reviews to fall into a backlog. We see this regularly, particularly where staff resource is diverted away from matters like periodic review to focus on remediation or simply to expedite onboarding of new customers. This creates a snowball effect in backlog numbers
  • “Industry practice” can be taken into account and the HKMA does seek to understand how systems and resources are evolving. However, it is not a defence; many of the failings were in the early days after the AMLO came into effect
  • Regtech should be properly assessed and implemented to assist with ongoing due diligence but it is only as good as the data that feeds it and the system adopted; quality data and quality vendors are essential, and
  • Where the HKMA finds a failure in conducting mandatory due diligence steps, it will likely tack on an additional failure of failing to maintain adequate procedures around that step.

The contraventions by the four banks recently fined are summarised below. 

BANK A

BANK B

BANK C

BANK D
  • Failed to conduct annual periodic reviews for high-risk customers
  • Failed to conduct trigger event reviews in a timely manner
  • Failed to examine unusual transactions or failed to investigate them in a timely manner
  • Failed to investigate transaction monitoring alerts
  • Failed to obtain senior management approval for high risk clients
  • Failed to maintain proper records

Fined HKD8.5 million
  • Failed to carry out adequate periodic reviews
  • Failed to maintain adequate procedures to keep information up to date
  • Failed to conduct enhanced due diligence on pre-existing customers that were high risk (pre-existing the AMLO)

Fined HKD6 million

 
  • Failed to conduct annual periodic reviews for high-risk customers
  • Failed to maintain effective procedures for periodic review
  • Failed to obtain senior manager approval for pre-existing high-risk customers, including those with Politically Exposed Person nexus
  • Failed to ensure wire transfers included mandatory data
  • Failed to produce risk assessment forms for 26 customers (record keeping failures)

Fined HKD20.7 million
  • Failed to maintain effective procedures for conducting periodic reviews
  • Failed to carry out customer due diligence on a number of pre-existing customers and then failed to conduct timely review of the same customers after suspicious activity was identified
  • Failed to exit customer relationships for whom customer due diligence could not be completed

Fined HKD9 million
Key takeaways
SFC enforcement

The predominant cause of SFC AML/CTF-related fines to date is failing to identify and prevent third party payments. It is integral for those financial institutions regulated by the SFC to ensure they have proper systems in place to identify and investigate third party payments. 

In our experience, other key areas for scrutiny are:

  • identifying who the customer is when dealing with funds (ie the fund or the fund manager),
  • identifying who the person purporting to act on behalf of the customer (PPTA) is when dealing with funds and carrying out due diligence to Hong Kong standards on the PPTA. Due diligence is often delegated to a fund administrator in places like the Cayman Islands. It is important the administrator understands Hong Kong’s particular requirements when it is appointed to act as an intermediary,
  • carrying on business in a regulated activity without a licence to permit that activity. This may be for example where the corporation holds a Type 1 licence (dealing in securities) but not a Type 4 licence (advising on securities) and yet has strayed into an advisory role, and
  • failing to update the SFC in relation to key changes to the business model or senior personnel information.  

The SFC remains an active regulator and has issued a number of fines in recent years for AML/CTF failings.  

Regtech – leveraging technology for AML/CTF

The HKMA has focused on Regtech developments for assisting with mitigating ML/TF risk.

In May 2021, the HKMA supported the use of “iAM Smart” to remotely onboard customers without this needing to impact the customer’s risk assessment. This was critical as the AMLO position generally contemplated non-face-to-face onboarding as being inherently higher risk; technology improvements including the use of iAM Smart have significantly alleviated the compliance burden on banks.

On 11 August 2021, the HKMA issued a circular to raise awareness of a report issued by the Financial Action Task Force: “Opportunities and Challenges of New Technologies for AML/CFT”. This reported how solutions such as machine learning and natural language processing can help improve the speed, quality and efficiency of AML/CTF measures. The HKMA then issued a “Regtech Adoption Practice Guide” focused on AML/CTF. This sets out that in establishing a Regtech framework, a bank should consider whether the solution enhances the bank’s capabilities to prevent, detect, or respond to ML/TF activities or remediate deficiencies in AML/CTF controls.

Example use cases were also provided. These included:

 

Machine learning: a supervised machine learning model was developed to identify new customer clusters. This calibrates new transaction monitoring detection thresholds by referencing historical transaction patterns while ensuring the identification of alerts that result in suspicious transaction report (STR) filings under the new thresholds. This refined customer segmentation resulted in better scenario performance and therefore improved the effectiveness of the rule-based system, while achieving a 50% reduction in the volume of alerts generated by the transaction monitoring system.

 

Cognitive computing: a research solution was created to assist with conducting periodic reviews to reduce backlogs. The solution was able to replace a significant amount of time spent by CDD analysts on manual research and investigations into customers to see if their risk profile had changed. Information was organised into threads in over 25 languages and auto-translated. Accuracy was greatly enhanced, eliminating 95% of false positives.

 

Customer activity dashboard: the bank implemented a robotic process automation tool that reduced efforts in collating transaction information from various systems by replicating and automating the existing data processing procedures. Other non-transactional information (eg the opening of a new account, login details, and locations) was added to the database. When in use, the tool identified and visualised customer activity displaying red flag indicators in a dashboard giving insights into transaction patterns indicative of ML/TF. It also displayed geographic and counterparty clusters, through which the bank was able to detect activities that were not in line with the profile the bank had of the customer. 

In November 2021, the HKMA launched an AML/CTF Regtech lab. This uses network analytics to address the risks of fraud-related mule accounts and enhances data and information sharing through public-private partnership efforts. 

It is clear that the HKMA will expect banks to explore and implement innovative technology to improve customer onboarding, mitigate ML/TF risk and enhance regulatory reporting. 

AML/CTF legal updates

There are important legal updates on the horizon for Hong Kong’s AML/CTF regime which relate to three key areas:

  • Licensing of virtual asset exchanges: the Anti-Money Laundering and Counter Terrorist Financing (Amendment) Bill 2022 (AMLO Amendment Bill) has been issued in draft. The AMLO Amendment Bill proposes amendments to provide a framework for the licensing of companies that operate virtual asset exchanges in, or market to, Hong Kong. The SFC will oversee the new regime which commences on 1 March 2023.
  • Precious metals and stones dealer (DPMS) registration: a new registration regime for DPMS under the AMLO is to be introduced, overseen by the Commissioner for Customs & Excise. It will be a two-tier system will apply with the level of regulation dependent on whether the DPMS engages in cash transactions for HKD120,000 or more.
  • Upgrade and modernisation of AMLO standards: the AMLO Amendment Bill also makes a number of miscellaneous but important updates, including:
    • the definition of politically exposed person (PEP) is to change such that enhanced due diligence will be required not only for PEP’s from outside of China but also for PEPs from other part of China outside of Hong Kong
    • alignment of beneficial ownership definition of trusts to the concept of controlling person by clarifying that, where a trust is concerned, a beneficial owner includes a trustee, beneficiary and class of beneficiaries
    • greater flexibility regarding customer due diligence in non-face-to-face situations, and
    • increased sanctions for unlicensed money service operators.

Our summary of the key proposals from the Financial Services and the Treasury Bureau is available here. See also our thoughts here on the draft implementing Bill which was gazetted on 24 June 2022.

Looking ahead, we also expect that Hong Kong will continue to evaluate updates from the global standard-setter, the FATF, of which it is a member. Our summary of the latest developments is here. Briefly, FATF has been focused on COVID-19 related threats, binding standards to prevent the misuse of virtual assets for ML/TF and improving and updating the understanding of terrorist financing, including ethnically or racially motivated terrorist financing. 

Financial crime-related regulatory developments

A number of regulatory developments regarding financial crime and related matters have taken place over the last 12 months or are progressing. KWM has advised the industry in relation to a number of these initiatives. The developments include:

 

AML/CTF compliance and proceeds of crime - FAQs support compliance with new laws

The HKAB has updated its Frequently Asked Questions on AML/CTF, as published by the HKMA. The new questions and answers make it clear that as offences under the National Security Law (NSL) are indictable offences or terrorism related offences, proceeds flowing from such offences are the proceeds of crime or terrorism related proceeds and are subject to AML/CTF laws and obligations. The SFC has similarly updated its FAQs to address the NSL.

 

Staff misconduct and ‘rolling bad apples’ - Mandatory Reference Checking Scheme

A critical part of any organisation’s financial crime risk management is ensuring that its staff are fit and proper. The HKMA and HKAB have introduced a new mandatory reference checking scheme. The Guidelines seek to redress the “rolling bad apples” phenomenon in Hong Kong’s banking sector. That is, they seek to prevent individuals involved in misconduct from moving from one authorised institution (AI) to another. Further details are available in our May 2022 alert.

Our top three key tips

Regulators in Hong Kong are focused on AML/CTF prevention and deterrence.

Three of the most useful things any organisation can do are to:

  • encourage a culture of compliance and open dialogue on enhancements it can make
  • host regular, interactive and relevant training, using case studies and debating challenging scenarios, and
  • refresh and benchmark systems and controls periodically. An external eye can be especially beneficial to identify possible blind spots.

 

For capitalized terms which are not defined in this alert, please refer to 'Sidebar - The Words We Use' in our foreword here.

Disclaimer: This alert is provided for general information purposes only and does not constitute legal advice.

Categories

MEET THE AUTHORS

LATEST THINKING
Insight
Abolition of MPF Offsetting Arrangement in Hong Kong: Key Impacts and Considerations
Abolition of MPF Offsetting Arrangement in Hong Kong: Key Impacts and Considerations

12 May 2025

Insight
Vietnam Sets the Stage for Carbon Trading
Vietnam has released an approved roadmap for a domestic carbon market, in a significant step towards achieving net-zero emissions by 2050. A phased approach will see a pilot start in June 2025, working towards full implementation by 2029.

05 May 2025

Insight
Public-Private Partnerships in Asia - Bangladesh Guide
In Bangladesh, Public-Private Partnerships (PPPs) are gaining momentum as a strategic tool to bridge the infrastructure gap and drive economic growth.

17 April 2025

EXPLORE LATEST THINKING
OUR PEOPLE
LOCATIONS
MEDIA CENTRE
CAREERS
ABOUT US
Explore Our Expertise
Explore insights
Explore Our Insights

Advertising and Targeting Cookies