Mayer Brown’s Susanne Harris, Wei Na Sim, Alan Linning and Charlene Wong discuss key developments in the AML/CFT space in Hong Kong in 2021.
Regulatory developments on anti-money laundering and counter-financing of terrorism (AML/CFT) over the last 12 months demonstrate a trend in increased standards expected of Hong Kong Financial Institutions (FIs).
FIs are expected to harness external data and new technologies, as well as implement new measures to mitigate AML/CFT risk. FIs in Hong Kong need to keep pace with the growing sophistication of AML/CFT compliance requirements and to have in place controls that are commensurate with the nature, scale and complexity of the FI’s operations.
Regulatory Developments within Hong Kong
Two key developments in the AML/CFT space in Hong Kong in 2021 were: (i) the updated AML/CFT Guideline issued by the SFC, and (ii) HKMA’s continued push for FIs to harness external information and the use of new technologies for AML/CFT.
SFC Guideline on AML/CFT
The SFC issued an updated version of the Guideline on AML/CFT (for Licenced Corporations) (AML/CFT Guideline) in September 2021, introducing amendments to align the AML/CFT Guideline with the Financial Action Task Force (FATF) guidance on a risk-based approach for the securities sector (FATF RBA Guidance). The SFC also sought to address some areas for improvement identified in the 2019 FATF Mutual Evaluation Report of Hong Kong, and to provide practical guidance to facilitate the implementation of AML/CFT measures in a risk-sensitive manner.
The key amendments to the AML/CFT Guideline covered the following areas:
- adopting an institutional approach to assessment of AML/CFT risks;
- considering a more holistic range of risk factors that FIs are exposed to depending on their specific circumstances;
- adopting a risk-based approach to simplified and enhanced customer due diligence (CDD) requirements;
- new CDD requirements and risk mitigating measures for cross-border correspondent banking relationships; and
- new measures to mitigate AML/CFT risks associated with transactions involving third-party deposits and payments.
One area which received a ‘considerable’ number of responses during the consultation concerned cross-border correspondent relationships. Some respondents suggested a 12-month implementation period for the new requirements but the SFC noted, in its consultation conclusions, that the application of the provisions to the securities sector was elucidated in the FATF RBA Guidance published in October 2018 and such provisions have already been implemented in other jurisdictions (Singapore and the UK). As such, the SFC considered a six-month transitional period for FIs to establish the required policies and procedures to be appropriate.
HKMA RegTech Push
Over the past year, the HKMA has continued to encourage FIs to enhance the effectiveness of their AML/CFT control systems by harnessing external information and using new technologies, including regulatory technology (Regtech).
In a letter to the Chief Executives of FIs dated 26 April 2021, the HKMA shared the benefits of integrating external information and data such as intelligence received from the Fraud and Money Laundering Intelligence Taskforce (FMLIT) in order to tackle emerging ML/TF risks and to enhance the effectiveness of FIs’ AML/CFT control systems. The HKMA also encouraged FIs to collaborate with other FIs and to contribute case-specific and typological information into the ‘AML/CFT ecosystem’.
It is recognised that FIs of differing sizes, technologies and capabilities will have different practices and outcomes, where some FIs have the capability to adopt a more proactive approach by using more advanced technology and capabilities such as network analytics to “identify high-risk relationships, suspicious transactions and networks of mule accounts”, the letter said.
However, the HKMA’s letter noted that FIs who may be less mature in the use of technology were still able to achieve better results by integrating external information and data and using less advanced tools such as spreadsheets and simple database queries to facilitate data aggregation to identify previously unknown suspicious transactions.
In another letter to the Chief Executives of FIs dated 11 August 2021, the HKMA highlighted advantages of the use of technology and data analytics in the AML/CFT space. In particular, reference was made to the Opportunities and Challenges of New Technologies for AML/CFT report issued by the FATF in July 2021, which examined how the use of technologies for AML/CFT in various countries, such as implementing a dynamic risk assessment tool and digital CDD procedures, positively impacts AML/CFT efforts.
With regard to Regtech, a new Regtech Adoption Practice Guide series was launched by the HKMA in July 2021 to promote the adoption of Regtech and to supply banks with detailed guidance on the implementation of Cloud-based Regtech solutions to support their risk management and compliance with regulatory obligations. This was complemented by the HKMA’s launch of a Regtech Skills Framework in October 2021 to promote RegTech talent development in Hong Kong.
The above developments demonstrate HKMA’s strong commitment to promote AML/CFT technology adoption in line with its ‘Fintech 2025′ strategy to drive Fintech development in Hong Kong. The HKMA is planning to roll out more ‘Fintech 2025’ strategy initiatives in the coming months, including this month’s launch of its first AML Regtech Lab, known as AmLab, to experiment and engage with new technologies and emerging data analytics techniques. This is aimed at creating a more conducive environment for inclusive AML/CFT innovation.
To meet the above objectives, the HKMA has, in its letter dated 11 August 2021, requested senior management of FIs to ensure they have sufficient resources and relevant subject matter experts to prepare for these new technological initiatives and to support the mandate for AML/CFT innovation. In addition, the HKMA requested FIs to coordinate internally to proactively provide data to the HKMA to enable it to present an updated overview of AML and Financial Crime Regtech adoption in Hong Kong.
Case-specific Information Sharing
Evident from the above, Hong Kong regulators are keeping an eye on AML/CTF developments in other major financial centres to stay ahead of the curve with respect to best practices and new technologies. As mentioned in the previous section, the HKMA strongly encourages FIs to collaborate on AML/CFT risk information sharing. FMLIT is currently the main platform for such information sharing between FIs in Hong Kong. However, there are limitations as the information is not shared in a structured format and FIs may face difficulties with integrating the shared data with existing data analytics tools.
To tackle this issue, the Monetary Authority of Singapore (MAS) and six major commercial banks in Singapore have co-created an innovative centralised digital platform, named “Collaborative Sharing of ML/TF Information & Cases” (COSMIC), which the MAS plans to launch in phases from the first half of 2023. If COSMIC proves to be successful, it could be a matter of time before similar platforms are rolled out in other jurisdictions, including Hong Kong, to enable law enforcement and regulators to more easily track illicit activities across different FIs and to stop bad actors from abusing the financial system.
How does COSMIC work? COSMIC will be the first centralised digital platform in the world which enables FIs to securely share customer and transaction information in a structured format, when material risk thresholds are crossed, to help FIs identify and disrupt illicit networks. To safeguard the interests and privacy of legitimate persons, Singapore will also introduce a regulatory framework to specify the types of information to be shared and when information sharing is permitted or required (i.e. for AML/CFT purposes only).
COSMIC will be operated by the MAS and the MAS will also be able to use information on the platform in its risk surveillance activities and to exercise timely supervisory intervention. Needless to say, COSMIC will be reinforced with strong security features to prevent unauthorised access and to ensure the privacy of the data shared on the platform. More information about COSMIC is available in MAS’ media release and consultation paper.
The trend of increased standards in AML/CFT compliance looks set to continue in Hong Kong, particularly with respect to the use of a risk-based approach to AML/CFT and new AML/CFT technologies.
As the AML/CFT compliance models of FIs that are more adept to implementing new approaches and technologies increase in sophistication and effectiveness, the rest of the financial industry in Hong Kong would likewise be expected to demonstrate rising standards that are commensurate with their size and scope of business.
This article was contributed by Susanne Harris, Wei Na Sim, Alan Linning and Charlene Wong of Mayer Brown.