Enhancement of AML Regulatory Regime for Financial Sectors

At mid-July 2009, FSTB has launched a 3-month public consultation on its legislative proposals to enhance the anti-money laundering (AML) regulatory regime for the financial sectors. The proposals include codifying the customer due diligence and record-keeping requirements for financial institutions in law and putting in place an AML regulatory regime for remittance agents and money changers. The aim of the proposals is to address the deficiencies indentified by the FATF its evaluation of Hong Kong.

Summary of the key proposals are set out below:

Proposed Scope of the Future Legislation

• The proposed legislation will apply to the following financial institutions:

1. Authorized institutions (banks/deposit-taking institutions)
2. Licensed corporations regulated by SFC
3. Insurance companies and intermediaries carrying on or advising on long term business (i.e. life insurance)
4. Remittance agents and money changers (RAMCs)

• SFC, HKMA, OCI and C&ED will be designated as regulatory authorities to supervise compliance in respect of the securities, banking, insurance and RAMC sectors respectively.

Obligations of financial Institutions, Powers of the Regulatory Authorities and Offences and Sanctions

• The financial institutions will be required to implement CDD and record-keeping requirements in accordance with international standards, which are not substantially different from the existing requirements set out in the guidelines issued by the financial regulators.
• The regulatory authorities will issue guidelines on the statutory obligations to facilitate compliance.
• The regulatory authorities will be empowered to supervise compliance. These powers will be modeled on relevant powers in SFO, including powers to:

1. access to financial institutions' business premises for routine inspections
2. access to, extract or make copies of books and records of the financial institutions
3. require information and answers from financial institutions, staff and counterparties in investigation into suspected breaches
4. enter into and search a premises and seize documents/records and other items upon warrants
5. impose supervisory sanctions, including fines, public reprimand, suspension or revocation of licence having regard to the fitness and properness of the regulatees, and issue directions on remedial actions to be taken
6. prosecute offences summarily
7. share and exchange information with local and foreign authorities

• There will be appropriate checks and balance in the system, including the establishment of an independent appeals tribunal to hear appeals lodged by financial institutions against regulatory authorities' decisions made under the proposed new legislation.
• A financial institution commits an offence under the proposed new legislation only if it breaches the statutory customer due diligence and/or record-keeping requirements without reasonable excuses.
• No one will commit an offence under the proposed new legislation solely due to inadvertence on his/her part. A member of the management of a financial institution will be personally liable in case of a breach by the financial institution only if the breach was committed with his/her consent, connivance of, or is attributable to any recklessness on his/her part. Other staff members of the financial institution commit an offence only if they willfully breach the statutory obligations.
• The maximum level of penalty of the criminal sanctions will be specified in the new legislation, which will be determined by drawing reference from sanctions for offences of similar nature.

Licensing of the Remittance Agents and Money Changers

• A licensing system for RAMCs to be administered by the C&ED will be put in place. It will provide "fit and proper" test and other licensing criteria. Granting of new or renewed licences will be subject to a specified fee, to be determined on the cost recovery principle. C&ED will make regulations to prescribe the application and processing matters.
• To tackle unlicensed activities, carrying on a remittance and money changing business without a licence would be a criminal offence with penalty of fine and/or imprisonment.
• C&ED would be conferred with appropriate powers to take enforcement action against unlicensed RAMCs, such as the power to arrest/seizure as the Police currently have in administering the registration system for RAMCs under the Organized and Serious Crimes Ordinance.

Abuse and Fraud Prevention in Private Banking and Wealth Management

The recent case of misappropriation of private banking client assets by a former relationship manager of Hang Seng Bank should have stimulated the nerve of HKMA. Last week HKMA issued a circular to share with banks on some of the lessons learnt recently on staff abuses and frauds in private banking and the higher end of retail wealth management business.

HKMA considers that a unique characteristic of PB is the close relationship between customer and relationship manager (RM) and the "all-inclusive" money management services provided by the RMs to their customers. Unless strong management control and oversight are maintained, the close customer-RM relationship, as well as the large amount involved in transactions, may make it susceptible to staff abuses or even frauds, such as unauthorized transactions and misappropriation of client funds.

This circular sets out some of the lessons learned recently on the prevention of staff abuses and frauds in PB, particularly in the areas of hold-mail service, address changes, and escalation and prompt reporting of non-compliance and suspicious transactions. In addition, the attachment to this circular puts forth some good practices in general on management control and oversight to minimise chances of staff abuses and frauds in PB operations.

• Control on hold mail service and address change - Customers should receive bank statements on their cash and investment transactions. Some banks provide hold mail service to their customers (because for instance the customers demand a confidential relationship). This may be open to abuse such as concealment of unauthorized transactions as customers may not be able to verify the accuracy of their cash and investment transactions in a timely manner. In general, banks should not allow hold mail service. If the customer insists on this service, banks must have control measures in place to mitigate the risks. These controls should include having such applications (which should be submitted in writing by the customer) reviewed and approved by the supervisory staff of the responsible RM and the compliance department, separating custody of the customer's mail and independent reconfirming with customers requesting this service by an independent person in the back office. Also, there must be a limit on the period (no more than 3 months) within which the customer must collect their mails held by the bank from a person independent of the RM, such as the back office. There should also be an independent process to verify and approve change of customer address and request for cheque books handled by the RM.
• Staff compliance - Banks should adopt zero tolerance for exceptions in processing cash withdrawals or fund transfers. If exceptions are provided, they should be subject to independent and close monitoring. Non-compliant staff should be given formal warning and/or disciplined.
• Whistle blowing and reporting of suspicious cases - As shown in a number of abuse and fraud cases, the junior staff may feel compelled or be intimidated to cooperate with the culprit despite observing irregularities. Senior management of banks must be made aware of any suspicious cases involving possible criminal elements in a timely manner. To this end, banks should have policies and procedures in place on when and how to escalate suspicious cases (which may arise from customer complaints, MIS reports, or whistle blowing by another staff) to the senior management for attention. A hotline or compatible reporting channels should be set up for staff to report in confidence irregular activities encountered at work to an independent unit such as Compliance or Internal Audit. In addition, whenever there is a suspected case involving possible criminal elements, banks are expected to report the incident to both the Police and HKMA in a timely manner.
• Transaction control and monitoring - If left unchecked, a close customer-RM relationship may make unauthorized fund transfers/withdrawals and investment transactions more susceptible because of the customer's trust and reliance on the RM. Activities of RMs should be subject to frequent (preferably daily) reporting to and review by their supervisors. Banks should develop an independent and robust process to review and confirm client orders, and cash transfers/withdrawals over certain value and investment instructions handled by the RM. For high risk transactions, such as transfers to unregistered third parties, banks should have procedures to confirm these transactions with the customers, such as phone call-back by an independent person of the back office or by SMS messages to the customers. Also, banks should have in place a system to sample check and monitor irregular transactions. Where irregular, unusual, high-risk, or suspicious transactions are identified, back-end checkers should call back customers to seek confirmation. More checks on transactions should be carried out on customers who are old-aged, reside outside Hong Kong, or have opted for hold mail service. There should also be management monitoring and review of staff's transactions through the bank to ensure that any irregularities (such as any unusual increases in securities trading) can be explained or investigated.

Banks should review their PB operations to ensure that their controls are effective, having regard to the points mentioned above and the good practices set out in the attachment. Banks which have grown rapidly in this area and which have not carried out any review in the past year should conduct the review as a matter of priority. Going forward, HKMA will examine selected Banks' PB operations and retail wealth management to assess the sufficiency of their management control and oversight.

Overall speaking, I would say a private bank is bearing the same level of operational risk as a securities house.

Mis-selling of Accumulator

Before the incident of Lehman Minibond, many private banking clients had already complained on mis-selling of accumulator. Though these cliens were typically professional investors and thus accumulator was not authorized by SFC, it did not mean selling of such product to them was not subject to suitability obligations.

Last week (SFC) has prohibited Ms Ronnie Wong Wang, a former client adviser at Goldman Sachs (Asia) LLC, from re-entering the industry for two years.

An SFC investigation found that:

• in November 2007, Wong entered into an accumulator transaction with a total exposure of $13.8 million on behalf of a high net worth client without the client’s instructions, knowledge and proper authorisation;
• in December 2007, Wong prepared a spreadsheet for the client which contained inaccurate information in that it did not present a true picture of the client's portfolio. The spreadsheet included profits that had not yet accrued and overstated the client’s earnings by US$1.72 million.
  

Wong admitted to SFC that she had entered into the accumulator transaction without proper authorisation. However, she claimed it was a good investment and the client normally accepted her recommendations. Although the client signed a confirmation of the transaction in January 2008, she complained to SFC about the unauthorised transaction in March 2008.

Private banking is a business model where the clients place a high degree of trust on the advisers, especially when the advisers can make huge profits for them. When the clients has realized that the trust could be abused, it's the right time for private banks to change the culture.

Manipulated Settlement Process

SFC has recently banned Ms Agnes Li and Ms Chan Sheung Ling, both former employees of Hang Tung Securities Ltd, from re-entering the industry for life.

An SFC investigation revealed that between July 2000 and April 2007 Li used her sister's account with Hang Tung to carry out personal trades in securities. Li started incurring substantial trading losses in her sister's account in February 2006 and losses in that account continued to rise thereafter. Li manipulated the settlement process to avoid paying for the losses and she owed Hang Tung $3.8 million as at April 2007.

In order to conceal the losses, Li utilised the settlement process as a credit facility. She used proceeds of sales of securities (settled before T+2) to offset amounts due for subsequent purchases of securities (settled beyond T+2). Li then gave the relevant bought or sold notes to Hang Tung's settlement department which processed the trades according to information supplied by her. On many occasions, Li was able to match proceeds from the sales against the amounts due for her purchases, and she only ended up paying or receiving a small difference. As a result of such an arrangement, Li never settled her trades in full and her losses rolled over.

During these times, Chan oversaw the Accounts and Settlement Department at Hang Tung. By allowing Li to offset the cost of her purchases against the sales, Chan's conduct facilitated the concealment of Li's failure to settle the transactions in full since the actual outstanding amount in the account of Li's sister was not reflected in certain internal reports.

Chan also used inaccurate internal reports to compile Hang Tung's financial returns and used sale proceeds due to another client to settle the account of Li's sister, which is in breach of the Client Money Rules and Hang Tung's written policy.

This case again demonstrates an important fact: front-line staff can't perfectly commit fraud without the facilitation of a corrupted back office.

Retail Distribution Review

In June 2006, UK FSA launched the Retail Distribution Review (RDR), looking at how investments are distributed to retail consumers in the UK. Through the review, they identified various long-running problems that impact on the quality of advice and consumer outcomes, as well as confidence and trust, in the UK investment market. Following extensive discussion with industry and consumer representatives, they are now proposing amendments to regulatory requirements to deliver various changes.

FSA's proposals involve:

Improving clarity for consumers about advice services

• They are proposing changes to make it easier for consumers to distinguish between the different forms of advice on offer to them, with all investment firms clearly describing their services as either "independent advice" or "restricted advice". Their rules and guidance will ensure that firms that describe their advice as independent genuinely do make their recommendations based on comprehensive and fair analysis, and provide unbiased, unrestricted advice. Equally, where consumers choose to use a restricted service - such as a firm that can only give advice on its own range of products - this will be made clear.

Addressing the potential for remuneration bias ("Adviser Charging")

• All firms that give investment advice must set their own charges, in agreement with their clients, and will have to meet new standards regarding how they determine and operate these charges. The proposals bring to an end the current, commission-based system of adviser remuneration: they propose to ban product providers from offering amounts of commission to secure sales from adviser firms and, in turn, to ban adviser firms from recommending products that automatically pay commission. Consumers will still be able to have their adviser charges deducted from their investments if they wish, but these charges will no longer be determined by the product providers they are recommended.

Increasing professional standards of advisers

• We plan to raise the minimum level of qualification for investment advisers, and to institute an overarching Code of Ethics and enhanced standards for continuing professional development. They are also proposing visible maintenance and enforcement of these standards through the establishment of a Professional Standards Board.

FSA has recently issued the consultation paper "Distribution of retail investments: Delivering the RDR", which sets out detailed proposals to implement the wide-ranging reforms. The changes, which will take effect from the end of 2012, will improve outcomes for savers and investors by enhancing the quality of advice they receive, and prepare both consumers and the industry for the future.

This paper may serve as a good reference for the Hong Kong regulatory regime.