AML/CFT compliance in Hong Kong: Recent record fine and reminder of latest guidance

Authors: William Hallatt, Hannah Cassidy, Natalie Curtis, Valerie Tao and Jennifer Fong.

The Hong Kong Securities and Futures Commission (SFC) has recently reprimanded and fined Guosen Securities (HK) Brokerage Company (Guosen) HK$15.2 million for failures in complying with anti-money laundering and counter-terrorist financing (AML/CFT) regulatory requirements when handling third party fund deposits.

This is the largest fine imposed under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO) to date.

In this e-bulletin, we provide an overview of the Guosen case and other recent cases, the regulators' approach to AML/CFT enforcement, as well as a reminder of the recent AML/CFT regulatory guidance.

• The Guosen case
• Comment
• Recent regulatory guidance

The Guosen case

The SFC found that between November 2014 and December 2015, Guosen had processed 10,000 third party deposits totaling approximately HK$5 billion for more than 3,500 clients. Despite apparent AML/CFT red flags, Guosen failed to make enquiries about such deposits. It only began to report to the Joint Financial Intelligence Unit more than 2,200 of such deposits (totaling over HK$2.3 billion) as being suspicious in March 2016, after an SFC review.

The SFC also found that Guosen had failed to (among other things):

• implement adequate and proper internal controls to mitigate the risk of money laundering and terrorist financing associated with third party deposits;
• conduct adequate ongoing monitoring of its business relationships with clients; and
• put in place an effective compliance function.

The above constituted breaches of a number of provisions of the AMLO, the SFC’s guidelines and its 3 December 2013 circular on AML/CFT, the SFC’s main code of conduct as well as guidelines relating to internal controls. The SFC also found that Guosen’s former senior management and former responsible officer had turned a blind eye to the issues brought to their attention by their staff.

In deciding the disciplinary action, the SFC took into account all relevant circumstances, including the following mitigating factors:

• Guosen had engaged an independent reviewer to conduct a review of its internal controls and had taken steps to remediate the deficiencies identified, including implementing new AML/CFT policies and third party deposit procedures;
• it cooperated with the SFC in resolving the SFC’s concerns and accepting the disciplinary action; and
• it had an otherwise clean disciplinary record.

Comment

The focus on AML/CFT and the increasing fines are to be expected in view of Hong Kong’s ongoing mutual evaluation by the Financial Action Task Force (FATF), which saw an on-site visit by the FATF in late October 2018. The FATF plans to conduct a plenary discussion in June 2019 and publish its evaluation report within the third quarter of 2019.

The SFC has had a dedicated AML/CFT team within its Enforcement Division since late 2016, following the appointment of its new head of Enforcement, Mr Thomas Atkinson, and a strategic review of the division’s priorities, processes and structure. The HKMA has also placed AML/CFT compliance high on its agenda, and has recently invited tenders for a consultancy study on the enhancement of its AML/CFT surveillance capability.

The SFC’s dedicated AML/CFT enforcement team swiftly concluded seven disciplinary actions in the first half of 2017. The HKMA concluded three disciplinary actions in respect of AML/CFT breaches in the last two years. See our e-bulletin of April 2017 in relation to some of these cases.

The breaches found in the cases so far relate primarily to processing of third party transactions for clients and conducting of due diligence when establishing or continuing business relationships. These were mainly attributable to:

• failures in communicating and enforcing AML/CFT policies;
• deficiencies in internal controls and processes;
• lack of proper documentation;
• lack of senior management supervision or oversight.

The SFC has in appropriate cases imposed sanctions on firms as well as the individuals responsible for the firms’ breaches, in line with its focus on senior management accountability.

We expect the fines to continue to remain high, unless there are significant mitigating circumstances.

Recent regulatory guidance

The disciplinary actions serve as a reminder of what to do and what not to do, as well as the potential consequences of breaching AML/CFT requirements.

In reviewing their systems and controls, firms should familiarise themselves with all relevant regulatory requirements and guidance, including the following (where applicable):

• Updated guidelines issued by the SFC (for licensed corporations and associated entities), the HKMA (for authorised institutions and stored value facility licensees) and the Insurance Authority, implemented on 1 November 2018;
• Updated FAQs by the SFC and the HKMA to provide guidance on various aspects of the guidelines above;
• The SFC’s circular of 31 August 2018 highlighting both deficiencies and good practices observed at thematic and routine inspections relating to AML/CFT compliance by licensed corporations and associated entities (see our e-bulletin of September 2018).