Amidst its continued regulatory focus on money laundering and terrorist financing risks, the SFC seeks to clarify and consolidate guidance for licensed firms.

By Simon Hawkins and Kenneth Y.F. Hui

On 18 September 2020, the Hong Kong Securities and Futures Commission (SFC) published a consultation paper proposing a number of amendments to its Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (AML/CFT) for SFC-licensed firms (the Guideline).

The consultation paper was issued following a wave of high-profile disciplinary actions taken by Hong Kong regulators for breaches of AML/CFT requirements. The SFC proposes to clarify and consolidate certain AML/CFT requirements by incorporating into the Guideline relevant guidance from the Financial Action Task Force (FATF), including the FATF’s Guidance for a Risk-Based Approach for the Securities Sector (FATF Guidance) and the SFC’s previous circulars on AML/CFT standards and regulatory expectations.

The SFC’s proposals help address some areas identified by the latest Mutual Evaluation Report of Hong Kong, which the FATF published on 4 September 2019, and aims to further increase the effectiveness of Hong Kong’s AML/CFT regime and provide practical guidance to facilitate the implementation of AML/CFT measures in a risk-sensitive manner.

The consultation paper focuses on the following key areas:

Institutional risk assessment

The SFC seeks to formalize the requirement to conduct and document institutional risk assessments by incorporating into the Guideline the content of its circulars on risk assessments dated January 2017 and August 2018.

The SFC proposes clarifying the sources of information that licensed firms should consider in order to identify, manage, and mitigate risks so as to be consistent with the FATF Guidance. The FATF Guidance requires securities firms to take a holistic approach toward their institutional risk assessments and consider quantitative and qualitative information obtained from relevant internal and external sources, including: intergovernmental organizations; national competent authorities and the FATF or associated assessment bodies; and money laundering and terrorist financing (ML/TF) risk assessments carried out by relevant governments and authorities.

While licensed firms are already required to keep their institutional risk assessments up to date, the SFC proposes requiring licensed firms to conduct periodic reviews at least once every two years (or more frequently upon the occurrence of certain “trigger events” that materially impact a licensed firm’s business and risk exposure).

The SFC proposes including illustrative examples in the Guideline to provide further guidance on how the risk assessment process may differ depending on the nature, size, and complexity of the licensed firm, and the risk indicators that should be considered in determining which risk factors the licensed firm may be exposed to.

Cross-border correspondent relationships

The SFC seeks to impose on licensed firms certain requirements regarding diligence on cross-border correspondent relationships, similar to the requirements that apply to banks in respect of their overseas correspondent banking relationships. The proposed amendments to the Guideline state that the cross-border correspondent relationship provisions in the Anti-Money Laundering and Counter-Terrorist Financing Ordinance will be applicable to licensed firms that execute transactions in securities, futures contracts, and leveraged foreign exchange contracts for an overseas respondent intermediary on behalf of its underlying local customers.

The proposed amendments to the Guideline provides that licensed firms should adopt a risk-based approach in applying the additional due diligence measures on an overseas respondent intermediary, taking into account relevant factors as outlined in the revised Guideline. For example, in assessing the AML/CFT controls of the respondent intermediary, licensed firms may first obtain information for the assessment from the respondent intermediary (e.g., via a due diligence questionnaire). If a cross-border correspondent relationship presents higher risks, licensed firms may undertake a more in-depth review (e.g., independent auditing, interviews, and on-site visits). Licensed firms should also assess cross-border correspondent relationships involving related foreign financial institutions within the same group for ML/TF risks.

Consistent with FATF standards, the SFC proposals regarding cross-border correspondent relationships prohibit licensed firms from entering into or continuing direct or nested correspondent relationships with shell financial institutions (nested correspondent relationships in this context refers to situations in which the respondent intermediary uses the correspondent account to provide services to a shell financial institution).

Simplified and enhanced customer due diligence measures under a risk-based approach

The SFC proposes to expand the list of illustrative examples of possible simplified and enhanced measures that licensed firms may apply in their risk-based application of customer due diligence and ongoing monitoring measures for customers. These examples are mainly drawn from the FATF Guidance and should assist licensed firms in applying the risk-based approach more effectively to combat ML/TF risks.

Red-flag indicators of suspicious transactions and activities

The SFC seeks to update the list of red-flag indicators of potential ML/TF activities to include situations in which a customer exhibits unusual concern with the licensed firm’s AML/CFT systems (including policies, controls, monitoring, or reporting thresholds), or situations in which multiple new customers are referred by the same individual to open accounts for trading in the same security within a short period of time.

Third party deposits and payments

Third party deposits and payments continues to be an area of focus for the SFC due to the ML/TF risks associated with customers using third parties to fund investments and/or to receive investment proceeds. SFC enforcement actions have highlighted the failures of AML/CFT requirements in this area, including failures to implement effective AML/CFT internal controls on third party deposits, verify the identity of third party depositors and scrutinize the reasons for third party deposits, and maintain proper documentation of risk assessments on clients.

The SFC proposes to incorporate guidance from its May 2019 circular into a new chapter of the Guideline. This includes the general requirement that licensed firms must take all reasonable measures to mitigate ML/TF risks (including transactions involving third party deposits and payments), and ensure adequate policies and procedures are in place for handling third party deposits and payments.

Under the proposed amendments to the Guideline, in exceptional circumstances licensed firms should be permitted to complete due diligence of third party deposits after settling transactions with the deposited funds. Such delayed due diligence should be permissible only if: (i) any risk of ML/TF arising from the delay in completing the third party due diligence can be effectively managed; (ii) avoiding interruption of the normal conduct of business with the customer is necessary; and (iii) the third party deposit due diligence is completed as soon as reasonably practicable after settlement. If delayed due diligence of third party deposits is permitted, licensed firms should adopt appropriate risk management policies and procedures setting out the conditions under which the customer may use the deposited funds prior to completion of the due diligence.

Next steps

Licensed firms should review the SFC’s proposals set out in the consultation paper and consider whether, and the extent to which, they will need to make changes to their internal policies, procedures, and systems and controls if the SFC’s proposed changes are effected without further amendment.

The deadline for responses to the consultation paper is 18 December 2020.