The Hong Kong Monetary Authority (HKMA) announced today (19 November) that it had completed investigations and disciplinary proceedings for four banks under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Chapter 615 of the Laws of Hong Kong) (AMLO) (Note 1). The Monetary Authority (MA) has imposed pecuniary penalties of a total of HK$44,200,000 against China Construction Bank (Asia) Corporation Limited (CCBA), CTBC Bank Co., Ltd., Hong Kong Branch (CTBCHK), Industrial and Commercial Bank of China (Asia) Limited (ICBCA) and UBS AG, Hong Kong Branch (UBSHK), as well as issued orders for remedying the contraventions where warranted (Note 2). Details of the disciplinary actions taken against each of the four banks are set out in the respective Statement of Disciplinary Action per attached.
The investigations followed a series of on-site examinations conducted by the HKMA on banks’ systems and controls for compliance with the AMLO after its enactment on 1 April 2012, when industry understanding and experience were less mature. The common control lapses identified in the relevant periods relate to ongoing monitoring of customer relationships and deficiencies in conducting enhanced customer due diligence in high risk situations.
Specifically, the four banks concerned have failed to carry out their duties to continuously monitor business relationships through ongoing customer due diligence (CDD), in which CTBCHK failed to take appropriate review steps to ensure documents, data and information relating to customers obtained by it were up-to-date and relevant, while CCBA, ICBCA and UBSHK did not conduct timely periodic reviews for certain customers. Regarding situations that by nature might present a high risk of money laundering (ML)/terrorist financing (TF), CTBCHK and ICBCA did not comply with the requirement to take either (i) reasonable measures to establish the relevant customers’ or beneficial owners’ sources of wealth and sources of funds involved in the business relationships or (ii) additional measures to mitigate the risk of ML/TF involved in respect of certain customers. In addition, all four banks contravened the requirement of establishing and maintaining effective procedures for carrying out their duties in relation to ongoing CDD under the AMLO, among which CCBA has adopted restrictive criteria in flagging up alerts for examination while UBSHK’s deficiencies included a system error in extracting customer risk profiles due for periodic review.
In deciding the disciplinary actions, the MA took into account the relevant circumstances and factors, including the following:
Ms Carmen Chu, Executive Director (Enforcement and AML) of the HKMA, said, “Banks have an important ‘gatekeeper’ role in the ecosystem for anti-money laundering and counter-financing of terrorism (AML/CFT), with legal and regulatory obligations as set out in the AMLO and the Guideline on AML/CFT, and also in line with international standards. The identified deficiencies in the four cases occurred in a period following the commencement of the AMLO when industry understanding and experience were less mature, and since then, significant progress has been made by the industry, including the banks concerned, in enhancing financial crime compliance capabilities, with attention being given to improving processes, controls, and staffing. Banks should make reference to these case examples to review data quality and respective transaction monitoring system effectiveness, and take appropriate risk mitigating measures on an ongoing basis. Looking forward, the HKMA expects this improving trend to continue, and that the risk-based approach in banks’ AML/CFT efforts should remain to be premised on up-to-date understanding of evolving risks, use of better quality data, responsible innovation including Regtech adoption, and close collaboration in the ecosystem.”
Relevant links: Statement of Disciplinary Action (CCBA)
Is your business effected by Cyber Crime?
If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters.
Digitpol can assist with all stages of cyber related incidents.
Contact Digitpol’s hotlines or respond to us online.
UK +44 20 8089 9944