In 2021, Hong Kong regulators encouraged financial institutions to strengthen anti-money laundering (AML) and counter-financing of terrorism (CFT) compliance. The two regulatory authorities responsible were the Hong Kong Monetary Authority (HKMA)—the leading banking regulator—and the Securities and Futures Commission (SFC), responsible for regulating local businesses, securities, and futures markets.
Both authorities issued new regulatory guidelines. The HKMA issued its “Fintech 2025” strategy to encourage fintech adoption and formulate supportive policies for the future fintech ecosystem. Meanwhile, the SFC introduced several AML/CFT Guideline updates, providing practical guidance on strengthening CDD requirements (such as additional requirements for cross-border correspondent relationships).
It’s high time for regulated companies to get prepared. Let’s look closer at the amended requirements to stay compliant.
In September 2021, the SFC issued an updated version of its Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (For Licensed Corporations), which includes the following initiatives:
It’s worth mentioning that most of the regulatory amendments from the AML/CFT Guideline are not particularly extensive. There are, however, two changes that deserve special attention: 1) additional CDD requirements for cross-border correspondent relationships and 2) red flag indicators of suspicious transactions and activities.
After March 30th, 2022, financial institutions will need to meet updated requirements for cross-border correspondent relationships, which aim to align with the FATF’s Guidance for a Risk-Based Approach for the Securities Sector (October 2018). Accordingly, the FATF requires financial institutions to apply additional due diligence and risk-based measures for business relationships in the securities sector, as well as for cross-border correspondent banking relationships.
The updated AML/CFT Guideline states that:
According to the Guideline, financial institutions may establish cross-border correspondent relationships with respondent institutions around the world. For example, a Hong Kong securities broker can execute trades for a foreign broker who provides services for customers outside Hong Kong.
Financial institutions should determine the red flags relevant to them by considering the nature of their customer transactions, as well as the risk profiles of their customers and business relationships.
Financial institutions should review transactions and ask for additional CDD information from a customer when:
Financial institutions should be alert to these red flags to prevent money laundering, terrorist financing and fraud.
First of all, financial institutions must apply situation-specific CDD measures. This includes taking a risk-based approach, performing ongoing monitoring, and record-keeping.
Financial institutions should evaluate the risks associated with new or existing business relationships to determine the degree, frequency, and extent of the CDD measures and ongoing monitoring required. The scope of CDD measures taken should vary according to the ML/TF risks assessed with regard to the customer.
Customer due diligence (CDD)
The following CDD measures are mandatory for financial institutions:
For natural persons, financial institutions should identify the customer by obtaining the following information:
Financial institutions are required to ensure that documents or information obtained to verify the customer’s identity is relevant. They also must understand the purpose and intended nature of the business relationship. Accordingly, the following information should be obtained:
These are general CDD measures, and the extent of their application may vary according to the risks presented by the customer.
Politically exposed persons (PEPs)
The Guidance also requires financial institutions to implement appropriate risk management systems to identify PEPs. Once a PEP is detected, financial institutions need to:
PEP status doesn’t always mean that an individual is corrupt or involved in any criminal activity. However, close attention must still be paid to them, especially if the customer is from a foreign country widely known for bribery, corruption, and financial irregularity.
Additional CDD requirements and measures for cross-border correspondent relationships
Financial institutions should establish and maintain adequate measures for reducing the risks associated with cross-border correspondent relationships. When a financial institution establishes a cross-border correspondent relationship, they should:
Not all cross-border correspondent relationships pose the same ML/TF risk levels. Therefore, additional CDD measures vary depending on several factors:
If any cross-border correspondent relationship presents higher risks, an in-depth review of the respondent institution’s AML/CFT controls should be conducted, including:
There is also a provision for the staff of licensed corporations to avoid tipping off the CDD process. Tipping-off means disclosing that a suspicious transaction report or anything related has been filed. This can include the following behaviour:
If the financial institution reasonably suspects that performing the CDD process will tip off the customer, it may stop the process.
Financial institutions should review existing CDD records of customers on a regular basis and/or upon trigger events such as substantial transactions. This is to ensure that documents, data, and information about a customer is up-to-date and relevant.
Record-keeping is essential to detect, investigate, and confiscate criminal property or funds. Check results, together with all screening records, must be documented or recorded electronically throughout the business relationship with the customer and for at least five years after the end of the business relationship.
Amendments to the AML/CFT Guideline will affect financial institutions operating in Hong Kong. As stated in the Guideline, the term “financial institutions” refers to licensed corporations involved in the following regulated activities:
In the context of cross-border correspondent relationships, the term “financial institution” refers to businesses falling under the definition set by the FATF Recommendations.
It’s worth mentioning that changes will not only affect local businesses but also overseas companies that have cross-border correspondent relationships with financial institutions in Hong Kong.
In June 2021, HKMA issued a new strategy, “Fintech 2025,” focused on the complete digitalization of financial institutions by 2025. This strategy encourages the financial sector to adopt new measures, including regulatory technology (Regtech), to combat new money laundering and fraud challenges in the digital era. These measures include:
This means that financial institutions should get ready for complete digitalization and the resulting impacts on AML/CTF measures.
The following industries will face changes:
In 2017, the Smart Banking Era Strategy was announced, in which HKMA promotes the adoption of fintech by Hong Kong banks by digitizing operations from front-end to back-end. The HKMA will assess banks’ current and planned stages of fintech adoption in the coming years to identify weaknesses and provide help if necessary.
The HKMA has been working with the BIS Innovation Hub Hong Kong Centre to research retail CBDCs and the e-HKD to discover its use cases, benefits, and related risks. The HKMA will also continue collaborating with the People’s Bank of China to support technical testing of the e-CNY in Hong Kong to provide convenient cross-boundary payments for domestic and mainland residents.
The HKMA will establish a Fintech Cross-Agency Coordination Group to collaborate with key industry players to formulate supportive policies for the Hong Kong fintech ecosystem. Moreover, the Fintech Supervisory Sandbox will provide funding support to qualified fintech projects.
To meet the above objectives, the HKMA consulted the management of financial institutions to make sure they have sufficient resources and relevant subject matter experts to get ready for new technology initiatives.
It’s evident that financial regulators in Hong Kong are raising their compliance standards, which comes with both economic and legal consequences. Since the new requirements are already approved, businesses should start preparing now.