Review of banks anti-money

laundering systems and controls

Stewart McGlynn
Anti-Money Laundering
Banking Supervision Department
Hong Kong Monetary Authority

22 & 23 April 2013

Disclaimer

This presentation provides guidance to authorized institutions (AIs) on

issues relating to the Anti-Money Laundering and Counter-Terrorist
Financing (Financial Institutions) Ordinance (AMLO) and the AMLO
Guideline. The presentation is provided for training purposes and does
not form part of the formal legal and regulatory requirements of the HKMA.
It should not be substituted for seeking detailed advice on any specific
case from an AIs own professional adviser.

The HKMA is the owner of the copyright and any other rights in the
PowerPoint materials of this presentation. These materials may be used
for personal viewing purposes or for use within an AI. Such materials may
not be reproduced for or distributed to third parties, or used for
commercial purposes, without the HKMAs prior written consent.

2
Regulatory Regime

Mature Anti-Money Laundering (AML) Regime

HKMA Guideline since 1993, STR requirement since 1989/95
Anti-Money Laundering and Counter-Terrorist
Financing Ord. (AMLO) commenced on 1 April 2012
14 x AML Examinations after 1 April 2012
5 x In-Depth Tier 2
9 x Thematic examination - Transaction Monitoring (TM) &
Suspicious Transaction Reporting (STR)

3
ML/TF Risk Management

Senior Management Oversight

Policies and Procedures
Management of AML/CFT Function
Internal Audit and Compliance Reviews
Correspondent Banking
Transaction Screening
Transaction Monitoring
Suspicious Transaction Reporting

4
Senior Management Oversight

Expectation is senior management should take clear

responsibility for managing ML risks
There should be evidence of active engagement by senior
management in the banks approach to managing ML risks

AMLO requires a FI to take all

reasonable measures to ensure
that proper safeguards are taken
to prevent a contravention and to
mitigate ML and TF risks (s.23)

5
Senior Management Oversight

Participation by management at sufficiently high level

is needed
Senior management should receive informative and
objective information sufficient to discharge AML
obligations
Must be strategy or evidence of self improvement
Coordination across the bank on AML required
AML issues must be dealt with on a proactive basis
Senior Management should ensure AML department
has sufficient resources

6
Policies and Procedures

Must have in place up-to-date P&P that are appropriate

to its business. These P&P must be readily accessible,
effective and understood by all relevant staff. We expect
banks to check whether P&P are applied consistently
and effectively

7
Money Laundering Reporting Officer

Money Laundering Reporting Officers (MLRO) are

responsible for oversight of the banks compliance with its
AML/CFT obligations and should act as a central
reference point for reporting suspicious transactions. For
example:
the MLRO should have sufficient resources,
experience, access and seniority to be effective
the MLRO should fully understand the rationale of
policies they were overseeing
The MLRO should have sufficient awareness and
oversight of the highest risk relationships

8
Money Laundering Reporting Officer

Our Requirements:

MLRO should not simply be that of a passive recipient

of ad hoc reports of suspicious transactions
MLRO should play an active role in the identification
and reporting of suspicious transactions
This may also involve regular review of exception
reports or large or irregular transaction reports as well
as ad hoc reports made by staff

9
Internal Audit & Compliance Reviews

Banks approach to reviews of effectiveness of AML

systems must be comprehensive
Scope of review must address Banks risks
Findings of recent IA and compliance reviews on AML
controls must drive change
Reports must be of sufficient quality
Should ensure the information is discussed at
sufficiently senior level
Implementation of remedial
measures must be consistent

10
Risks of Correspondent Banking

The correspondent AI often has no direct relationship

with the underlying parties to a transaction
Banks often have limited information regarding the
nature and purpose of the underlying transactions
Correspondent banking is therefore regarded as high-
risk from a ML/TF perspective
Special due diligence requirements for correspondent
banking relationships apply

11
Correspondent Banking

Must consider the ML risk of Correspondent Bank

Should have adequate P&P on how to deal with
respondents
Should not apply a one size fits all
Reliance on assessments that exist elsewhere within a
group, without local nexus, may not be sufficient
Ensure robust monitoring of respondents identified as
presenting higher risks

12
Transaction Screening

Does the bank maintain a comprehensive and up-to-

date watch list database for effective identification of
names that may trigger suspicion?

13
Transaction Screening

Should ensure the designated parties database and

high-risk / sanctioned jurisdictions list are complete
The algorithm used in the screening system should be
able to identify names with minor alterations (e.g.
reverse order or partial name)
Screening system must support Chinese characters /
commercial code OR written guidance must be
provided to mitigate this risk
Should have formal P&P for handling transactions
connected with high-risk / sanctioned jurisdictions

14
Good Practices

Clear P&P to ensure timely updating of the designation

parties database and high-risk / sanctioned
jurisdictions list
Conduct testing on the names of newly added
designated parties to ensure completeness and
accuracy of database
Establish internal P&P to provide guidance to staff
handling transactions with sanctioned jurisdictions
taking into account the restrictions imposed in sanction
programmes, including the requirement for review,
EDD etc

15
Transaction Monitoring

Are the banks transaction monitoring systems

adequate, given their business activities and size?
How does the bank ensure systematic investigations
into unusual transactions and potential STRs?

16
Transaction Monitoring
Depending on nature and scale of the bank,
automated TM systems may be important for effective
AML controls
Must ensure sufficiently detailed system review
Sufficient coverage of TM systems
Thresholds and parameters must be appropriate
Should have a clear understanding of what the system
could deliver / limitations
TM can only supplement, not replace human
element
Responsibilities for reviewing, investigating and
reporting alerts must be clearly allocated

17
Good Practices

Conduct detailed assessments prior to the launch of

TM systems to ensure adequate coverage
Give careful consideration to thresholds and
parameters and consider validation by independent
third parties
No one size fits all - categorize thresholds and
parameters according to customers business size and
nature
Conduct regular (e.g. annual) review and
enhancements on TM system by internal department
or use external consultants where the system is
complex or internal experience is insufficient

18
Suspicious Transaction Reports

To what extent does the bank understand and carry

out, their detection and reporting obligations on the
suspected proceeds of crime?

19
Suspicious Transaction Reports

STR reporting is not only a legal necessity, rather it is

a matter of real concern for banks
All internal reports must be subject to meaningful
analysis to determine whether disclosure is required
Guidance should be provided on connected accounts
to ensure understanding
Should conduct an appropriate review of business
relationship upon filing, to mitigate the risk
Processes for dealing with repeat internal / external
STRs must be sufficiently robust to protect the bank
Consent System must be clearly understood

20
Good Practices

Mandatory trigger event review & thorough process to determine

applicability of risk classification etc
Robust P&P underpinning these actions, including escalation, to
mitigate risk
Policy on repeat internal / external STRs
Termination of relationships where unacceptable ML risks existed
and indicate this in the initial disclosure to the JFIU
Use of internal / external reporting experience to identify
weaknesses in CDD, branch controls; evidence of active learning
Clear P&P regarding timeframe for analysis; clear guidance for
escalation where immediate risk existed
Conduct regular reviews of resources allocated to these tasks,
and ensure the Board act upon the findings of the review

21
Looking Forward

22
Alerts

WARNING!

Handling of alerts must be effective

Actions performed must address
risk

23
Opportunity for Intervention

STR and Post

Customer Ongoing
Reporting
On Boarding Monitoring
Actions

Protect the
Robust CDD institution from
further ML
risks

24
Key Takeaways

Senior management must demonstrate leadership on

AML
Policy & procedure must reflect that leadership
AML function needs experienced people and adequate
resources requirement to review
AML responsibility lies with all staff but CO/MLRO play
a central role
Effectiveness of controls must be regularly reviewed
Transaction Monitoring and STR are pillars
ML risks should be understood and mitigated
Banks should demonstrate willingness to exit where
there are unacceptable ML risks

25
Stewart McGlynn
Tel. 2878 1095
smcglynn@hkma.gov.hk

26
 n t
me
c u
d o
hi s
oft
h t
r i g
py
c o
Suspicious Transaction
t h e Report
n s
o w
Trends and Quality Improvement
e rc
F o
i ce
Chief Inspector l
o Bernard LAW
g P
o n
Joint Financial
g K Intelligence Unit
n
Ho Joint Financial
Intelligence Unit
 n t
me
c u
d o
hi s
ft
Important Notice

t o
All rights, including copyright, in this PowerPoint file are owned
i gh
r
and reserved by the Hong Kong Police Force. Unless prior
y
o p
permission in writing is given by the Commissioner of Police, you

e c
may not use the materials other than for your personal learning

s th
and in the course of your official duty.

w n
e o
or c
e F

l i c
o

g
P
n
g Ko
o n
H Joint Financial
Intelligence Unit
Agenda t
e n
u m
c o
i s d
Importance of Reporting Institutionsf t h
t o
Typologies i gh
y r
Statistic of Suspicious Transaction c op
t h e
Reports n s
o w
Quality Suspicious
r c e Transaction Reporting
o
Conclusion ce F
o l i
g P
o n
g K
n
Ho Joint Financial
Intelligence Unit
Importance of Reporting Institutiont
e n
um
o c
s d
f t hi
t o
h
FIUs
yrig
o p
e c
s th
w n
e o AML/CFT
or c role
e F
Reporting
l i c LEAs

Po
Institutions

n g
Ko
n g
Ho Joint Financial
Intelligence Unit
Different Players and Roles t
e n
u m
oc
i s d
Reporting h
f t LEAs
FIUs
t o
Institutions
i gh
yr
o p
Handling STRh e c
Customer identification
s t ML investigation
Record keeping
w n
Dissemination Asset tracing

e o exchange
Internal systems and
c
orFeedback
Information Asset recovery
controls
Suspicious transactions ce
F Information exchange

o l i Outreach program MLA

g P
o n
g K
n
Ho Joint Financial
Intelligence Unit
Information Flow t
e n
u m
oc
i s d
h
f tPolice/
oProsecuting
Reporting FIUs
Entities Other
t
h authorities
Intelligence
r i g
agencies
py
c o
th
INFORMATION e
n s
context
o wcontext context
Transformation

Transformation
rc Intelligence
process

process
Evidence
STR
e F products in case
i c
P ol
n g
K o
n g
H o
Joint Financial
Intelligence Unit
Legislation t
e n
Reporting Obligation u m
oc
Organized and Serious Crimes Ordinance OSCO i s d
f t h
Section 25A(1)
t o
A person knows or suspect that
i gh
y r
any property (directly or indirectly) represents
p
ooffence
any
persons proceeds of an indictable
e c
should disclose that knowledge t h
s or suspicion to an
n
wa reasonable time
authorized officer within
e o
or c
e F
l i c
P o
g
nSuspicious Transaction Report
K o
g (STR)
o n
H Joint Financial
Intelligence Unit
Legislation t
e n
u m
c o
Offence if failing to report: s. 25A(1)is d
f t h
Disclosure protection of ML offence: t o s.25A(2)
i gh
r
y (3)
Protection against suit: s.25A o p
e c
Offence to disclose the s t hdisclosure: s.25A (5)
w n
tipping off any ematter o likely to prejudice an
orc
investigation
e F
l i c
P o
n g
K o
n g
Ho Joint Financial
Intelligence Unit
 n t
me
c u
d o
hi s
oft
h t
r i g
py
c o
th e
n s
ow
rc e
F o
i ce Typologies
Pol
n g
K o
n g
H o
Joint Financial
Intelligence Unit
Typologies t
e n
u m
c
o are
A series of ML or TF arrangements which i s d
f h
t using the
conducted in similar manner tor o
i gh
same methods. yr p
c o
t he
In general term, wthe ns study of methods,
e o
techniques and orc trends used by money
e Fterrorist financier.
lic
launderer and
o
g P
o n
g K
o n
H Joint Financial
Intelligence Unit
Typologies t
e n
u m
c o
i s d
To help the reporting institutions
f t h in
t o
i h
g identifying
understanding the trend and y r
o p
e c
the vulnerable areas tused
s h by the Money
w n
Launderer andrcTerrorist e o Financier
F o
i ce
o l
g P
o n
g K
o n
H Joint Financial
Intelligence Unit
Typologies t
e n
u m
oc
Corporate Vehicle
i s d
easy to set up
ft h
beneficial ownership t o
i gh
shell company
yr
o p
e c
th s
Use of TCSP
w n
o
non-resident holding several companies
registeredrc/ ecorresponding address
F o
ce
secretarial
i
services
o l
g P
o n
g K Bank Account
o n opened company accounts with different banks
H 3rd party as authorized signatories
Joint Financial
Intelligence Unit
Typologies t
e n
u m
oc
Trade-based Transaction i s d
over & under invoicing ft h
t o
counter balance
i gh
yr
multiple business
o p
e c
Money Transfer s th
w n
e-Banking o e
o
via Money r cServices Operator
e F transfers between accounts
c
multiple
i
o l
g P
o n Other issues
g K
on
unlicensed Money Services Operator
H front man
Joint Financial
theft of identity
Intelligence Unit
Typologies t
e n
u m
oc
Indicators i s d
ft h
t o
Multiple inward remittances from different i gh senders
y r
Multiple outward remittances to overseas c op accounts
t h e
Temporary repository of fund n s
o w
Destination of transfer r c enot commensurate with customer
F o
profile
i ce
o l
Payment gofPconsultancy fees or loan
o n
g K only operated for a few months
n
Accounts
o
H Joint Financial
Intelligence Unit
STR received in the past 10 years t
e n
u m
o c
s
i0 d 282
h
25000 3
t
f 9 87 2
to
2
6 20
20000
i gh 062 19
3r 16
7
9 57 ,4 5
p y8
8
o
2 5
0 14,5 1 5 ,
c
40 5 14
15000 1
87 11 67 8 1 13
t h e
1 0
s n
10000
o w
r c e
5000
e Fo
i c
Pol
0
n g
o
K 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012
n g
2002

o
HRepresents no. of STR made by Banks Joint Financial
Intelligence Unit
Quality Reporting t
e n
u m
oc
i s d
ft h
Suspicion
t o CDDandKYC
Sufficient identified?
i gh
information?
yr process?
o p
e c
s th
w n
e o
orcPreciseand
e F
i c Evaluation?
Pol Concise?

n g
K o
n g
H o
Joint Financial
Intelligence Unit
Quality Reporting t
e n
u m
oc
Sufficient Information i s d
ft h
t o
i gh
Client / BO information yr
o p
- company details e c
t h
- ID information nsw
e o
orc
F
Transaction information
e
- fund flowlic
P o
g
- counterparties
n information
K o
n g
Ho
Joint Financial
Intelligence Unit
Quality Reporting t
e n
u m
c o
Suspicion identified this d
o f
h t
r i g
py
Background c o of customer/BO
t h e
n
Quote s source of suspicion
o w
r ce Transaction patterns
F o
i ce Avoid incoherent information
Pol
n g
K o
n g
H o
Joint Financial
Intelligence Unit
Quality Reporting t
e n
u m
oc
KYC and CDD Process i s d
ft h
t o
i gh
r
py information
Update Personal and Company
o
e c
t h
Enquire customers for suspicious
s
n
transactions ow e
On-going transaction or c monitoring
e F
l i c
P o
n g
K o
n g
H o
Joint Financial
Intelligence Unit
Quality Reporting t
e n
u m
oc
Precise and Concise i s d
ft h
t o
i gh
23,282 STRs received in 2012 yr
c op
Quality reporting is essential
t h e
n s
Precise and concise o wwithout redundant and
r c e
duplicated information
F o
i ce
o l
g P
o n
g K
o n
H Joint Financial
Intelligence Unit
Quality Reporting t
e n
u m
oc
Evaluation i s d
ft h
t o
i gh
r
y if risk can be
Not every STR is to be reported
o p
c
mitigated he s t
Detailed the conclusion n
w reached on the
o
ereporting
o
necessity of STRr c
e F
Report STR l i c once suspicion arose
P o
n g
K o
n g
Ho Joint Financial
Intelligence Unit
Conclusion t
e n
u m
oc
Compliance is not a check-the-box i s d
f t h
exercise, but rather t o requires
i gh
r
financial institutions toopyexercise their
e c
judgement, as sinformedth by our
w n
o
guidance andceassistance.
or
F e
l i c
P o Bill Fox, ex-FinCEN Director
n g
Ko
n g
Ho Joint Financial
Intelligence Unit
 n t
me
c u
d o
hi s
oft
h t
r i g
py
c o
th e
n s
ow
Thank You F orc e
i ce
Pol
n g
K o
n g
H o
Joint Financial
Intelligence Unit
Supervisory Response
of the HKMA

Stewart McGlynn
Banking Supervision Department
Hong Kong Monetary Authority

22 & 23 April 2013

Well-focused Supervision

Our programme of in-depth AML examinations will

continue and at the same time be strengthened
Thematic AML examinations will remain a key part of our
supervisory approach
A thematic review of the private banking sector has just
commenced
AML examinations will also test banks controls and
vigilance to combat the risks of tax evasion

2
What to expect?

We intend to be more proactive, adopting a more

forward looking approach
We will review the frequency, intensity and scope of our
on-site and off-site examinations
We are significantly strengthening the resources
dedicated to AML supervision and are reviewing our
follow-up processes
We will be prepared to take early intervention to tackle
root cause rather than waiting for risks to accumulate

3
Key Questions

Is the tone from the top clear in your bank?

What steps have you taken to foster a strong risk
culture?
How do you ensure that the AML function is equipped
with sufficient resources to perform effectively?
Do you oversee measures to ensure that your AML
programme is systematic?
Is your AML programme subject to regular review?
Do you play a central and proactive role?

4
Key Takeaways

International standards and obligations on AML must be

met
Effective AML measures in the banking sector are
essential as it acts as a gatekeeper
Resources afforded to AML work must be adequate
The obligation to implement the AML rules fully and in
good faith must always come before business interests
HKMA will be ready to take tougher actions, including
the use of our powers under AMLO.

5
~ Thank You ~