Financial Services Sector Updates - February 2021 Issue

16 February 2021

To maintain the financial stability and facilitate the economic growth of Hong Kong, regulators have been reviewing different regulations and guidelines regularly. Regulators and financial institutions around the globe may have new developments. In this month, the following incidents have happened:

AML/CFT Regtech: Case studies and insights

On 21 January 2021, the Hong Kong Monetary Authority (HKMA) published a report titled ‘AML/CFT Regtech: Case Studies and Insights’ highlighting the opportunities that Regtech offers to transform the effectiveness and efficiency of anti-money laundering and counter-financing of terrorism (AML/CFT) controls, and sharing end-to-end approaches which worked in real-life examples.

Following the first AML/CFT RegTech Forum in November 2019, the HKMA followed up progress made by three breakout groups of banks. This report includes different examples of AML/CFT Regtech adoption by banks using Network analytics, robotic process automation (RPA), data analytics and machine learning technique for its media searches, name screening and transaction monitoring processes. 

The thematic insight HKMA concluded from this follow up report includes:

  • Getting started – common initial questions; possible ways to begin; good practices.
  • Data and process readiness – key preparatory steps regarding data, processes and the use of network analytics.
  • Third-party vendor relationships – how to identify and evaluate potential Regtech providers in a fast-developing field.
  • People, talent and culture – necessary knowledge, skills and experience in implementation teams and the often misunderstood role of data scientists.
  • Performance metrics and indicators – what success looks like.

While adoption of Regtech solutions for AML/CFT is generally more mature than in some other risk disciplines, the HKMA believes there are significant opportunities for banks to further adopt established solutions in AML/CFT, and to explore new solutions as they emerge. To continue supporting its roadmap to accelerate adoption in the banking sector, the HKMA will keep Regtech as a key focus in its 2021 AML/CFT supervisory programme.

Banks should get ready to explore appropriate approaches to enable them to stay effective and efficient in the light of evolving risks, in particular money laundering and terrorist financing (ML/TF) risks, and to assess the adoption of Regtech solutions in their AML/CFT programmes now or in the future. If you are interested to explore more, please do not hesitate to contact BDO Risk Advisory to provide further assistance.

Report link:

Read more from the source:

COVID-19 and the changing money laundering and terrorist financing risk landscape

In May 2020, the Financial Action Task Force (FATF) published its first report on the impact of COVID-19 on the global money laundering and terrorist financing landscape. Since then, the FAFT has continued to monitor developments and they published another update in January 2021.

From the global network of over 200 countries, examples of criminals profiting from the pandemic have been gathered. These include fraudulent access to and diversion of government aid, the impersonation of government officials, fake fundraising campaigns and the counterfeiting of medical supplies, and now vaccines.

Criminals have used the sharp increase in online activity to develop targeted malware campaigns, ransomware or phishing attacks with fake links to government stimulus packages, infection rate maps and websites selling personal protection supplies. The pandemic also resulted in an increase in human trafficking and exploitation of workers. Most disturbing of all, with children unable to attend school and spending more time online, members reported a rise in online child exploitation.

The pandemic changed the way criminals are laundering their money

Banks, financial institutions and non-financial businesses and professions have moved interactions with customers online. Limited in-person contact is impacting customer identification procedures and criminals are quick to exploit these changes in internal controls to bypass customer due diligence.

The FATF encouraged the use of technology, including FinTech, RegTech and SupTech to the fullest extent possible. Using digital or contactless payments and digital onboarding reduces the risk of spreading the COVID-19 virus. But not every digital ID is reliable. FATF issued guidance highlighting how to determine whether the digital ID system’s technology, architecture and governance have suitable levels of assurance and whether it is appropriately reliable and independent. A trustworthy digital identity can improve the security, privacy and convenience of identifying people remotely for both onboarding and conducting transactions. And it can help mitigate money laundering and terrorist financing risks.

The pandemic has left many businesses or individuals in financial need and may become easy targets for criminals who may exploit them to take part in money-laundering activity, eg by using a failing but legitimate business as a front for illegal activity. The economic volatility has resulted in a number of other money laundering vulnerabilities, such as an increase in unregulated financial services and insider trading from the large shifts in value due to the pandemic.

FATF's actions

The change in customer behaviour by using online transactions has increased significantly in nearly every sector. With ever-growing online transactions, better use of technology will lead to more effective and efficient ways in weeding out criminal activity. Big data analytics and machine learning, for examples, are reducing false positives that require manual review. This contributes to enhanced productivity and the standardisation of compliance efforts.

A key priority of the FATF is to explore the opportunities that digital transformation brings to fighting money laundering, including customer onboarding or criminal activity detection. In particular, the FATF is focusing on three areas:

1. Identifying the opportunities and challenges of new technologies for the private sector, supervisors and regulators;

2. Exploring the potential for data pooling, data analysis and the real and perceived barriers to this including data privacy and protection; exploring new technologies that facilitate information-sharing amongst financial institutions while protecting personal information; and

3. Helping to accelerate digital transformation for operational agencies, such as financial intelligence units and law enforcement authorities.

Artificial intelligence, machine learning and privacy enhancing technologies have the potential to transform the way we fight money laundering and terrorist financing. The use of new technologies does not replace human intervention and judgement, it liberates and improves it. Banks can assess their risk exposed to money laundering and terrorist financing (ML/TF) affected by the pandemic and the benefits of adoption of Regtech solutions in their AML/CFT programmes.

Read more from the source:

Common compliance issues arising in the first year of the direct regulatory regime for licensed insurance agents and issues relating to authorised insurers   

On 18 December 2020, the Insurance Authority issued a letter to the Chief Executives of all authorised Insurers regarding common compliance issues arising in the first year of the direct regulatory regime for licensed insurance agents and issues relating to authorised insurers. It has been more than one year since the implementation of the new direct regulatory regime for licensed insurance intermediaries, set out in the Insurance Ordinance (Cap. 41) (the Ordinance).

There were more than a few common compliance issues noted by the Insurance Authority. If considered as contravention of the Ordinance, these can give rise to offences under the Ordinance. It is important that authorised insurers and licensed insurance agents are aware of the requirements and potential consequences for non-compliances.

I. Requirements relating to the notification of certain information to the Insurance Authority regarding licensed insurance agents

The Ordinance includes the following three administrative reporting requirements:

i. A licensed insurance agent must notify the Insurance Authority of any change of name, business or residential address, telephone number or electronic mail address, within 14 days of the date of the change.

ii. At least 14 days before an authorised insurer appoints an agent to carry on regulated activities in one or more lines of business, the insurer must notify the Insurance Authority in writing of the intended appointment.

iii. Within 14 days after the date on which an authorised insurer terminates the appointment of an agent, the insurer must notify the Insurance Authority in writing of the termination.

Although these reporting requirements are administrative in nature, contravention may constitute an offence.

An authorised insurer should have a system in place to make its appointed agents aware of the above requirements and should remind them of those requirements periodically. Further, an authorised insurer should have implemented documented internal compliance and onboarding procedures to notify the Insurance Authority of intended appointment of an agent at least 14 days before the intended appointment. Similarly, it should have documented internal control procedures to notify the Insurance Authority within the 14 days following the termination of any agent’s appointment.

II. Requirements relating to the notification of change of controllers, directors or key persons in control functions of an authorised insurer

An authorised insurer is required under sections 13A, 13AC, 13AE and 13B of the Ordinance to seek the Insurance Authority’s prior approval for any appointment of certain controllers (as defined in sections 13A and 13B of the Ordinance), directors and key persons in control functions.

In addition, section 14 of the Ordinance requires an authorised insurer to notify the Insurance Authority of any appointment of, or change in, certain controllers (as defined in section 9 of the Ordinance), directors and key persons in control functions by the specified deadline.

Contravention of these requirements constitutes an offence. Authorised insurers should keep their internal controls and processes under review to ensure adequate and effective measures are maintained to comply with these prior approval and notification requirements.

III. Intervention requirements imposed of an authorised insurer by the IA

Part V (Sections 26 to 41) of the Ordinance provides the Insurance Authority with certain ‘powers of intervention’ ie the power to impose certain restrictions or requirements on an authorised insurer on grounds of safeguarding policy holder interests, as stated in section 26 of the Ordinance. These restrictions and requirements include the following:

(i) Restrictions on new business

(ii) Restrictions on investments

(iii) Maintenance of assets in Hong Kong

(iv) Custody of assets

(v) Limitation of premium income

(vi) Actuarial investigations

(vii) Acceleration of information required by accounting provisions

(viii) Power to obtain information and require production of documents

(ix) Residual power to impose other requirements

Authorised insurers should take this opportunity to review and enhance the adequacy and effectiveness of their procedures and controls to ensure compliance of the above requirements.

Read more from the source:

Company secretary convicted of insider dealing

On 11 January 2021, the Eastern Magistrates' Court sentenced Mr A, company secretary of Listco X, to 45 days of imprisonment after he was convicted of insider dealing in the shares of Listco X following a prosecution by the Securities and Futures Commission (SFC).

Mr A was also ordered to pay a fine of $45,000 and the SFC's investigation costs of $37,029.51.

The court heard that on 11 April 2016, Mr A purchased a total of 534,000 Listco X shares through his wife’s securities account when he became aware of a possible general offer and was instructed to arrange suspension of trading. Between 14 and 21 April 2016, he sold some of the shares and made a profit of $7,417. The notional profit of the shares remained unsold was $36,865.

Using inside information to profit from trading a company's shares and gaining an unfair advantage in the market is a serious offense. Magnitude of the gain will not exempt any one from prosecution.

Establishing governance and controls on regular communication to remind staff on requirements of inside information are important to any listed companies, their senior management and staff.

Read more from the source:  

How can BDO help?

It is important to maintain an effective corporate governance practices, compliance function, and AML/CFT processes and systems and to keep staff updated with the latest regulatory requirements. BDO Risk Advisory has a dedicated team of experienced compliance consultants who have up-to-date knowledge on statutory requirements and help you improve governance and control practices in your Company. Contact our Risk Advisory team if you have any need!