Achieving Effectiveness in AML is a Shared Mission: HKMA’s Carmen Chu

Ms Carmen Chu discusses Hong Kong’s threat landscape, HKMA’s efforts to improve industry effectiveness, and key messages for FIs on collaboration and the use of technology.

This interview was conducted for the “AML Tech Barometer 2024” report, published by NICE Actimize and Regulation Asia to explore AML and fraud trends based on survey and interview data collected from 144 practitioners in Asia Pacific.

What are the main financial crime threats the HKMA is observing in the current environment, and how are these informing your strategy?

Carmen Chu: Hong Kong is an international financial centre and trading hub, and its financial sector plays a vital role as an intermediary between Mainland China, the world’s second-largest economy, and the rest of the world. Recent years have seen an expansion of the various “Connect” schemes for stocks, bonds and wealth management, building on Hong Kong’s position as the leading centre for offshore RMB cross-border trade, and recently underlined in the announcement of six further policy measures to deepen these arrangements, including expanding the cross-boundary e-CNY pilots in Hong Kong. Hong Kong’s wealth management sector has assets under management equivalent to about three times its GDP.

These characteristics, most notably the sophistication and efficiency of the financial sector, do present challenges when it comes to financial crime and associated money laundering. The biggest challenge currently is the rapid growth in fraud, especially digital fraud, while Hong Kong’s second Money Laundering and Terrorist Financing Risk Assessment Report, published in July 2022, also highlights other external threats common to all international financial centres, including high-end money laundering, corruption and tax evasion.

The situation for fraud reflects global trends; in Hong Kong, fraud is the predicate offence in over 70% of money laundering investigations and convictions. So fraud is certainly our leading challenge at present, given the number of cases and the often devastating effects on victims and confidence in digital financial services.

These developments inform our strategy, the need to make sure that regulation and supervisory approaches support effectiveness rather than “tick box” compliance, with our priorities then implemented through a wide range of initiatives at the tactical level, for example the deployment of machine learning to assist in complex decision making. And underpinning all of this is accurate and accessible data, supported by integrated technology solutions.

Within this evolving landscape, how is the HKMA tackling the convergence of fraud and money laundering activities?

Carmen Chu: Fraud risks have evolved. Technological advancement enables speedy payments and cross-border transactions. While bringing great benefits and convenience, this also provides opportunities for fraudsters to exploit the financial system for illicit fund flows and fuels a global surge in fraud, especially digital fraud. Due to information asymmetry and data protection issues among banks and law enforcement agencies (LEAs), fund recalls or interception mechanisms may not respond as fast as the fund flows through payment systems.

The HKMA has continued to receive increasing numbers of fraud-related banking complaints in recent years – over 1,200 in 2023, more than double the total of 555 for the whole of 2022, albeit the growth rates appeared to lose some steam in Q4 2023 following concerted anti-fraud and money laundering initiatives in Hong Kong.

Seventy percent of banking complaints were related to credit card transactions and the remainder involved remittance transactions, payment transactions and bank loans.

At the same time, there is an increasing focus globally on how fraud and money laundering are converging, as well as recognition of the benefits that an integrated approach to detection brings to efforts to combat financial crime. To be successful, fraudsters need to launder the proceeds through the financial system, often via mule accounts, and we are certainly seeing some banks increasing operational efficiency and optimising risk management by bringing part of these risk disciplines together or ensuring there is close collaboration or a composite approach.

Close collaboration among the HKMA, the banking industry and the Hong Kong Police Force (HKPF) is therefore at the heart of five joint anti-deception initiatives launched in 2023 including a bank-to-bank information sharing platform, the Financial Intelligence Evaluation Sharing Tool (FINEST), in June; implementation of real-time fraud monitoring systems by all retail banks in September and so far alerted over 1,200 potential victims of fraud to stop funds amounting to about HKD 18 million from being deposited into fraudsters’ accounts; establishment of the “Anti-Deception Alliance” in November, co-locating bank staff with police officers, to speed up identification and interception of crime proceeds and proactively identify potential victims of scams. These measures enable the entire AML ecosystem to detect and disrupt fraud and mule account networks more effectively, increasing the ability to identify and alert potential fraud victims at an early stage.

The HKMA has also been working with the banking industry and the HKPF to enhance information sharing to tackle deception cases and related mule account networks through the Fraud and Money Laundering Intelligence Taskforce (FMLIT), a public-private partnership established in 2017. We have also been increasing efforts to alert and educate consumers to protect themselves, including through the recent launch of suspicious proxy ID alerts to customers, based on information in the Scameter database before conducting risky payment transactions and communicating the latest fraud trends quickly through various social media platforms. The key to being effective here is being fast and agile in our response, matching the threats we are facing.

What challenges do banks have in applying proportionate, risk-based AML controls? How do you address these?

Carmen Chu: Maintaining a safe and efficient banking system and promoting access to basic banking services for legitimate businesses are key priorities of the HKMA. Consistent with international standards, the HKMA requires banks to adopt a risk-based approach in AML/CFT efforts to help target activities at priority threats while delivering effective outcomes consistent with treating customers fairly and financial inclusion. In simple terms, this means more when they are identified as higher risks, and as importantly, less when those risks are lower. In our communication with the industry, we emphasise that these objectives are not mutually exclusive.

As we understand the challenges around executing the risk-based approach effectively and consistently, we have issued considerable practical guidance and feedback to assist banks in best practices and clarify our thinking on particular pain points. These include a thematic review on on-boarding of Small and Medium sized Enterprises (SME) customers, with best practices for risk-based AML/CFT work shared with the industry for system review and procedural enhancement by individual AIs.

We also issued guidance on access to banking services for corporate customers, addressing the issue of risk management versus wholesale derisking. Most recently, on balanced and effective AML/CFT measures, sharing, amongst other things, good industry practices for private banks’ collection of information on source of wealth and funds.

What changes has the HKMA made in its approach to AML assessments and inspections and how does this drive effectiveness?

Carmen Chu: We have been running a Digitalisation Programme since 2019 that has enabled AML subject matter experts to become more targeted in supervisory work, thus supporting more effective AML/CFT measures in banks. Our goal is to more seamlessly combine data-driven off-site monitoring with an onsite examination regime, where the focus of supervisors ‘on-the-ground’ is guided by intelligence and insights uncovered through offsite analytics and research.

Completion of automation and process re-engineering in the last 12 months have led to many supervisory activities being streamlined, replaced, or eradicated, allowing our AML/CFT supervisors to focus on higher-value tasks. A dedicated analytics capability, underpinned by built-for-purpose data infrastructure and access to more granular data, is unlocking richer insights on ML/TF risk across the sector. In addition, a dedicated horizon-scanning capability, along with deeper collaboration with industry stakeholders, supports a more forward-looking approach to threat identification and response.

For several years the HKMA has been adopting an approach to regulation, supervision and guidance which supports more effective outcomes. The change to requirements for PEPs in 2022 is one good example for which we are currently developing guidance to support proportionate, risk-based implementation.

What lessons would the HKMA like the industry to take away from its use of enforcement tools?

Carmen Chu: The HKMA deploys supervisory and enforcement tools, in a proportionate manner, to address regulatory concerns. Enforcement tools are intended to deter similar deficiencies in systems and controls for the bank concerned and the industry. Another key objective of HKMA’s enforcement work is to bring about prompt and effective remedial actions by regulated persons.

Remedial steps taken since identification of possible contravention are one of the key factors considered in determining the seriousness of the contravention and the appropriate disciplinary actions. It is our general practice to publicise disciplinary actions to alert the industry on areas of control deficiencies and reinforce the message that banks must have AML/CFT systems and controls that are commensurate with assessed risks.

The disciplinary actions taken by the HKMA in 2023 have highlighted the importance of effective risk management to ensure robust AML/CFT systems and controls. In particular, we have drawn  attention to the need for adequate resources to address any lapses of controls, monitoring of follow-up actions to promptly address areas of higher ML/TF risk, sufficient guidance to staff on carrying out internal policies and procedures, as well as proper controls to monitor and review AML/CFT control functions outsourced to service providers.

What has the HKMA learned from establishing information-sharing networks with banks and financial institutions?

Carmen Chu: FINEST, a bank-to-bank information sharing platform, was launched in June 2023 by the HKMA, the Hong Kong Association of Banks and the HKPF. It allows banks to quickly share information about suspected mule accounts and networks, especially those linked to fraud, to assist law enforcement in restraining and ultimately confiscating illicit funds.

While FINEST has only been running for about six months, the value of bank-to-bank sharing has already been demonstrated in some of the early cases in which information has been shared, involving investment, online shopping and romance scams, resulting in participating banks being able to identify previously unknown suspicious accounts and file suspicious transaction reports to facilitate criminal investigations.

But we have also encountered challenges. Because of concerns over data privacy and confidentiality requirements, which also exist globally, FINEST is currently limited to corporate accounts, even though the vast majority of mule accounts are believed to be held in individual names. We believe that expanding this type of sharing to cover more accounts, including personal accounts, will be crucial in the fight against financial crime, especially fraud. Of course data protection and confidentiality are very important – in fact, essential to the banking sector – but there is a growing consensus that they should not prevent information sharing from contributing to the fight against financial crime.

Therefore, we have recently commenced public consultation on proposals to permit banks to share information on accounts or transactions which may be involved in crime and where there is a need to alert other banks in order to intercept illicit funds, while also striking the right balance between two important and legitimate objectives: protecting citizens from financial crime while protecting data privacy and confidentiality.

In the HKMA’s view, what should be a bank’s priorities when it comes to managing financial crime risk?

Carmen Chu: Putting aside specific threats such as fraud or corruption for a moment, one significant part of our overall strategy is that we expect banks to innovate, focus on effectiveness and embrace the notion that tackling financial crimes like fraud and money laundering is a shared mission, beyond the capacity of individual agencies or institutions. Only by enabling stakeholders including banks to work collaboratively within the AML ecosystem, powered by data and technology, can we deliver improved outcomes.

Information and intelligence sharing partnerships are hugely important in this context and, in the last five years or so, have made great progress. Since the establishment of FMLIT in 2017, the HKMA has been an active participant collaborating with a number of major retail banks, to share information and intelligence on fraud and other financial crime. This forum has been extremely effective in delivering the right data to give better opportunities for banks to stop the harm of financial crime faster.

In parallel, to underline the importance of adaptability and embracing change, the HKMA has been working with the banking sector to encourage the wider use of technology in AML work, publishing adoption case studies reports and organising AML Regtech Labs – or AMLabs – covering such topics as the use of network analytics techniques in identifying fraud mule account networks.

We have also made sure that our engagement on raising awareness, lowering barriers and encouraging collaboration covers the entire ecosystem. A key message is that it is not only big, multi-national banks that can benefit. Smaller institutions can apply these techniques to their data and achieve very beneficial results without incurring high costs or having to recruit large numbers of data scientists.

What are the HKMA’s expectations on the use of advanced technologies like artificial intelligence (AI) by financial institutions in their AML efforts?

Carmen Chu: The growing use of AI presents both opportunities and new risk-management challenges to banks. Our expectations are commensurate with sound industry practices and similar principles formulated by overseas peer authorities. In parallel, banks should carefully consider the nature of their AI applications and the level of risks involved.

Where using AI in the context of AML/CFT, our expectations include ensuring auditability and explainability for AI applications; the use of good quality data with rigorous model validation; and effective oversight of third-party vendors through periodic reviews and on-going monitoring, etc. In the year ahead, the HKMA will issue guidance so that AML/CFT-related AI applications are ‘fit for purpose’.

Given the considerable efforts the HKMA has made in the past few years to encourage banks to embrace AML Regtech, including AMLabs and various publications, it is pleasing to see that most banks’ AML functions are already well past the early stage of adoption, with some reaching an advanced stage. For example, network analytics has already been adopted by banks covering nearly 90% of retail banking customers.

We are confident that these capabilities, when implemented more widely, will help banks monitor and respond to fraud and financial crime risks more effectively and thus contribute to a better response across Hong Kong’s AML ecosystem.

How is the HKMA incorporating advanced technologies in its own supervisory activities and operations to enhance the AML ecosystem?

Carmen Chu: We are just completing the latest phase in our AML Suptech roadmap, a Macro Analytics pilot, using granular data from multiple banks for the first time to assess sectoral money-laundering risks. The pilot went beyond assessment and benchmarking of individual banks’ AML control systems, using data from real threats to provide a more dynamic and holistic picture of where and how risks were emerging, which parts of the banking system they are moving to, and how individual banks and the sector as a whole are responding.

This has already helped inform more timely supervisory responses aimed at reducing and preventing serious harm, such as that from mule account networks for fraud and financial crime. We will be sharing these findings with the industry and in parallel begin work on next-stage development of Macro Analytics.

This interview was conducted for the “AML Tech Barometer 2024” report, published by NICE Actimize and Regulation Asia to explore AML and fraud trends based on survey and interview data collected from 144 practitioners in Asia Pacific. Download the report here. 

To Top
Share via
Copy link
Powered by Social Snap