AML / CTF compliance – Why it pays to pay attention
The payment by HSBC of a US$1.9 billion fine in December 2012 to settle a money-laundering and terrorist-financing charge by US authorities has been a high-profile reminder of the need to keep anti-money laundering and counter-terrorist financing (AML/ CTF) compliance on your risk radar.
Anti-money laundering and counter- terrorist financing (AML/ CTF) compliance is a regular staple of the company secretarial CPD calendar, but it often takes a compliance failure to remind everyone involved – company secretaries, directors and senior managers included – what those seminars are really about.
In addition to the high-profile HSBC case, there has been a stream of news stories this year about corruption, embezzlement and money laundering – they seem to be common bedfellows. In August this year, Navin Kumar Aggarwal, an ex-partner with law firm K&L Gates, pleaded guilty to fraud and money laundering and was sentenced to 12 years imprisonment.
In October this year, four people were charged with fraud and money laundering at Pearl Oriental Oil Ltd. In that same month, Yueshou Environmental Holdings former deputy chairman Kelly Cheng Kit-yin admitted a total of 11 counts of conspiracy to defraud (including money laundering) in the District Court. In March this year, Lam Mei-ling, moved more than HK$6.7 billion through nine Hong Kong banks over almost four years and was jailed for 10 years. This followed the jailing of mainlander Luo Juncheng, 22, in January for 101⁄2 years for laundering HK$13 billion.
It can happen to you
The priority given to AML/ CTF compliance by company secretaries has, at least historically, depended on the sector practitioners work in. For obvious reasons, those working in the financial sector have been subject to higher expectations from AML/ CTF regulators locally and globally.
On 1 April 2012, the Hong Kong government brought in the HKSAR’s first law targetted at AML/ CTF compliance. Under the Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance (AMLO), financial institutions must reinforce their business conduct security, strengthen their compliance staff, and bolster their risk- based approach to customer due diligence and ongoing monitoring. They must have excellent record keeping, staff training and they must encourage suspicious transaction reporting.
Criminal convictions for non-compliance with AMLO provisions carry a maximum penalty of HK$1million and seven years imprisonment, while any financial institution convicted of intent to defraud a relevant authority – including the Securities and Futures Commission (SFC), the Hong Kong Monetary Authority (HKMA), or the Customs and Excise Department – may be served a maximum penalty of a HK$1 million fine and seven years’ imprisonment.
In synchrony with the AMLO coming into effect, the SFC issued its Guideline on Anti-Money Laundering and Counter- Terrorist Financing for corporations, and the Prevention of Money Laundering and Terrorist Financing Guideline issued by the Securities and Futures Commission for Associated Entities which, as its title indicates, is targetted at associated entities. These guidelines aim to help companies and associated entities implement appropriate and effective policies, procedures and controls to comply with Hong Kong’s AML/ CTF regulatory requirements.
However, AML/ CTF risk management has never been the sole concern of financial institutions; it applies to all companies in Hong Kong and, as Samantha Suen, Chief Executive of the HKICS, points out, it has been around for some time. ‘This is not a new burden,’ she says. ‘Some years ago, corporate service providers were required to have “know your customer” [KYC] procedures in place.’
Indeed, in recent years the focus of AML/ CTF regulators has switched from financial institutions to designated non-financial businesses and professions (DNFBPs), which include lawyers, accountants and company secretaries working for trusts and company service providers (CSPs). Of high concern in
Hong Kong has been the relative ease with which international agents (or residents) can open shell companies for the purposes of money laundering: small players could slip through the net to finance big crimes. Not that it is as simple as hanging out a shingle and watching illegal dollars flow in.
‘Purchasing a shell company is only part of the process,’ says Suzanne Callister, Regional Commercial Director of Intertrust Hong Kong. ‘To operate the company one needs a bank account and often the involvement of a financial intermediary. With financial institutions (including banks and financial intermediaries) being regulated entities subject to the AMLO, we believe that all of the prudent service providers incorporating companies in Hong Kong will conduct appropriate due diligence on the ultimate beneficial ownership and related parties.’
She notes, however, that some smaller players could feel the challenge of increased pressure as they may have limited resources to carry out duties in relation to AML. Ms Suen agrees: ‘In well-established companies, stringent compliance and AML requirements will be in place and controlled in-house,’ but she also notes that while smaller players should know the requirements, the ability and willingness of those companies to ensure compliance may be lacking.
Overall, AML has long been a focus in any company, small or big; financial or non- financial, says Ms Callister. ‘The changing landscape is a consequence of regulation, starting from the financial institutions and moving towards the non-financial institutions. From our perspective, there is no substantial change… though I do see compliance becoming even more key with increasing responsibility being placed onto corporate service providers and their role.’
The regulatory net is tightening
The AMLO was the Hong Kong government’s response to a 2008 evaluation by the international Financial Action Task Force (FATF) which identified deficiencies in Hong Kong’s AML/ CTF regime. These included:
- customer due diligence and record keeping requirements for financial institutions had no statutory backing
- financial regulatory authorities lacked supervisory and enforcement powers
- the absence of criminal or supervisory sanctions to deal with cases of non-compliance, and
- the absence of a regulatory regime for remittance agents and money changers.
When the FATF makes a recommendation or highlights an inadequacy in governmental policy, governments take notice. Both the AMLO and the SFC’s AML/ CTF guidelines were designed to raise Hong Kong’s score with the FATF and enrich its profile as an international business and financial centre.
‘I believe that Hong Kong, as a jurisdiction, is also convinced of the advantages of being compliant,’ says Ms Callister. ‘The government has been deliberating on the best regulatory model for the non-financial professions. Currently, it is still at the stage of building a capable approach by the way of education, rather than via a punitive approach. We trust the government will continue to strike a balance between compliance with global standards and the business interests of the community.’
For larger companies like Intertrust, self-policing the rigorous application of international standards are the benchmark of corporate service provision. ‘We deliver training to the team, and our compliance people test the information provided to us all the time,’ says Ms Callister. ‘Our people are trained to review the story of the business over and over again. Our KYC goes beyond know your customer. It also includes customer’s transactions and understanding the business rationale as well.’
Who should be responsible for AML compliance?
The SFC’s Guidelines on Anti-Money Laundering and Counter-Terrorist Financing are intended to help licensed corporations create and implement effective AML/ CTF policies, procedures and controls, but who is actually doing the creating and implementing at the corporate level? Furthermore, who should?
Ms Suen suggests that the company secretary is well suited to ensure these policies and systems are put in place. ‘I understand that some companies have a compliance officer in place and perhaps those companies charge the compliance officer with AML as well. Either way, whoever is tasked with AML, compliance should be the responsibility of someone very senior with the authority and experience to put such procedures into place.’
She adds that AML/ CTF controls need to be adopted and understood by everyone in an organisation. ‘We should all work to lift compliance standards, and AML/ CTF at all levels of business. Good corporate governance and AML/ CTF standards should be drilled down through the ranks. For instance, in purchasing departments, suppliers should be reviewed and known – following the KYC or client due diligence [CDD] ethos. All levels of a company’s people should understand why it is required and the advantage of good corporate governance standards. If you have only a few people who understand and apply the principles, it’s useless. I think in general we should have more education on this aspect.’
Elisa Chan, Senior Manager, Compliance at Intertrust, believes that the role of AML compliance should rest with a compliance team, as a compliance officer should be independent of all business operations. She notes that her team has the constantly demanding task of “knowing your customers” and their transactions. ‘We are responsible for conducting reviews on new clients for client acceptance, as well as conducting reviews on existing client entities on a regular basis and a transactional basis as determined by the risk-based approach for ongoing monitoring. We aim to ascertain the rationale of client structures, identify any irregularities and inconsistencies on documents and information provided by clients, and raise queries where appropriate. The level of risk rating of a client entity determines the frequency of the regular reviews conducted by us. For high-risk client entities, a regular review will be done annually; whereas for those client entities of medium risk and low risk, a review will be conducted every two and three years respectively. We may also review associated legal documents to ensure compliance with the the relevant laws, rules and regulations,’ she explains.
‘We place compliance high on the agenda and include compliance training as part of our induction training for new employees with an annual refresher for all staff as part of our corporate culture. Not only do we have a group head of compliance, but also a team of compliance professionals locally, attending to client acceptance and ongoing review and monitoring of client transactions,’ says Ms Callister.
Ms Suen notes that a company secretary of a large corporation has numerous duties and responsibilities, and as a result, it would not be easy to take on AML as an additional burden. ‘I believe that segregating the role is possible, though I don’t have a perfect answer for who should be in charge of AML.. Company secretaries are not excused from their overall responsibility for ensuring regulatory compliance and advising on good corporate governance standards. From the HKICS’s point of view, we don’t set AML/ CTF standards but we bring our members up to date on current standards, and we provide guidelines and update information to our members to allow them to carry on compliance or AML/ CTF functions – or help them delegate and set up procedures.’
Ms Callister points out that ultimately monitoring AML/ CTF compliance risk is the responsibility of the board. ‘To enable company leaders in AML compliance to discharge their duties effectively, it would be most desirable for them to be independent of all operational and business functions with a sufficient level of seniority and authority, access to all records of the company and above all reporting to the management. In most jurisdictions, this role may be executed by a Compliance Officer, or Money Laundering Reporting Officer. Compliance will at least reach its goal when the management of the company supports it. Only then the quality standards can be respected and guaranteed.’
What is next?
Now that the AMLO is in place, the next set of rules regarding AML/ CTF compliance is likely to target DNFBPs, Ms Callister believes. ‘We are fully committed to do what we have to do and comply with international standards – but we take it even further, as we also attend to our group standards, which take into account what happens across the world. We haven’t seen a timeline on new regulations. We wish to be well prepared, so we are working with a global approach. We welcome increased regulation – it’s good for Hong Kong to have a safe environment in which people can work.’
The question of who will be doing the regulating is also a question. In accordance with the AMLO, money service providers are under a licensing and regulatory regime with the Customs & Excise Department as the competent authority. In addition, the Joint Financial Intelligence Unit (JFIU), jointly run by staff of the Hong Kong Police Force and the Hong Kong Customs & Excise Department, manages the suspicious transaction reports (STRs) regime for Hong Kong and receives, analyses and stores STRs for appropriate investigative units.
One possible option would be to make the HKICS a self-regulating organisation (SRO) to monitor AML/ CTF compliance among its members. This would be a challenge, Ms Suen points out, since the HKICS is not a statutory body. ‘As a professional institute we do however regulate our own members,’ she says. ‘If members are in breach of our code of professional conduct, they will face disciplinary action by the Institute.’
The Hong Kong Institute of Certified Public Accountants (HKICPA) and The Law Society of Hong Kong have laws governing them. As for the HKICS, she would prefer a different route where – in the case of CSPs – a person at the senior management level should be a member of the HKICS and follow the Institute’s lead in compliance and AML.
‘We think that CSPs are very important in the industry and the business world. Because they help business owners set up companies, they are the people on the frontline. We believe that our HKICS members have the appropriate guidelines and training in corporate governance, AML, ethics and conduct, and so we believe our members are the best people to safeguard and be in charge of this area. Therefore, if there is an HKICS member in the CSPs senior management, this would help Hong Kong maintain its status as a safe, premier business centre, and avoid potential money laundering,’ Ms Suen says.
Ms Callister believes that, as the current regulator for CSPs, the Customs & Excise Department is up to the task – particularly if the government continues to hire specialists from the private sector who are familiar with the practical side of AML/ CTF compliance.
‘We believe the Customs & Excise Department is well qualified to discharge its duties in its current regulatory role,’ she says. ‘It would certainly mature over time, and provided that the professional people of the right calibre and experience have been engaged by it or by any other authority designated with the duty to oversee a particular profession, we should have confidence in such a regulator.’
The Monetary Authority of Singapore went out into the industry and got training there, notes Ms Callister. ‘They effectively used the industry to help support and train people in their roles and those ties have been kept very close. This is where the HKICS plays an important role in helping the government understand what is happening in a fast- moving industry,’ she says.
‘The Hong Kong government is very good at consulting the industry, and the SFC and other organisations have given them insight into the practical skills of dealing with the industry.’
Gina Miller, Journalist, and Kieran Colvert, Editor CSj
The HKICS regularly holds seminars on AML/ CTF compliance. Readers can check the ‘ECPD’ section of the HKICS website (www.hkics.org.hk).
SIDEBAR: Online AML/ CTF resources for company secretaries
HKICS AML/ CTF guidelines
The HKICS Guidelines on Anti-Money Laundering and Counter-Terrorist Financing are specifically targetted at the AML/ CTF challenges faced by company secretaries. The guidelines outline recommended procedures to ensure AML/ CTF compliance and outline the principles of customer due diligence; record keeping; the reporting of suspicious transactions; employee training; and cooperation with law enforcement officials.
The guidelines are available on the ‘publications’ section of the HKICS website: www.hkics.org.hk.
SFC AML/ CTF guidelines
The SFC’s AML/ CTF guidelines are also a good source of information for company secretaries. The guidelines are intended to provide a general background on the subject of money laundering and terrorist financing and summarise the main provisions of AML/ CTF legislation in Hong Kong. Although failure to comply with any provisions of the guidelines would not itself make a person subject to judicial or other proceedings, failure to comply would be admissible as evidence in proceedings initiated under the AMLO and the Securities and Future Ordinance (SFO); may reflect adversely on the fitness and properness of SFC- licensed corporations and licensed representatives; and may be deemed misconduct.
The guidelines are available under ‘rulebook/ codes and guidelines’ on the SFC website: www.sfc.hk.
The Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance is targetted at the AML/ CTF compliance measures adopted by financial institutions in Hong Kong.
The full text of AMLO is available on the Bilingual Laws Information System (BLIS) website: www.legislation.gov.hk/blis.
The JFIU website
The Joint Financial Intelligence Unit (JFIU) website offers general information about how to identify potential money laundering or terrorist financing activities, how to identify suspicious transactions and how, and to whom, to file a suspicious transaction report.
The JFIU website address is: www.jfiu.gov.hk.
The FATF website
The Financial Action Task Force (FATF) reviews money laundering and terrorist financing techniques and counter- measures and promotes the adoption and implementation of appropriate measures globally. The FATF website is a useful source of information on AML/ CTF issues generally and, in particular, on FATF’s 40 Recommendations. In February 2012, the FATF released 40 Recommendations on AML/ CTF to be applied on a global scale. The recommendations are to be applied to both financial institutions and designated non-financial businesses and professions.
The FATF website address is: www.fatf-gafi.org.