億東金融科技有限公司

The foundation of Anti-Money Laundering (AML)

Anti Money Laundering 20240606 e1717747057873

Hong Kong is recognized globally for its robust Anti-Money Laundering (AML) regulatory framework. Back in 2019, the Financial Action Task Force (FATF), an inter-governmental agency that sets international AML compliance standards and assesses financial regulators’ compliance with these standards, found Hong Kong’s regime to be fully compliant with FATF and overall effective. This made Hong Kong the first financial center in the Asia Pacific to receive this recognition in FATF’s latest evaluation round.

There are several regulatory authorities in Hong Kong with the power to investigate suspected breaches of the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO) and initiate enforcement proceedings against institutions and individuals. The Hong Kong Monetary Authority (HKMA) regulates banks and other deposit-taking institutions, while the Securities and Futures Commission (SFC) regulates entities licensed to conduct securities and futures activities.

Due to the government’s strict stance and emphasis on compliance with AMLO, Know Your Customer (KYC) and Customer Due Diligence (CDD) measures are more important than ever. The AMLO establishes legal requirements for CDD and record-keeping for specific regulated institutions. Designated non-financial businesses and professions, including Trust or Company Service Providers (TCSPs) are also fall under this regulatory framework.

What is Money Laundering?

Money laundering is an illegal activity that makes large amounts of money generated by criminal endeavours, such as drug trafficking or terrorist funding, appear to have come from legitimate sources. Essentially, it “cleans” the money to make it seem lawful.

Three Steps of Money Laundering:
Common money laundering techniques

Criminals employ various tactics to obscure the source of illicit funds. These include structuring transactions, using shell companies, and layering funds through complex financial networks.

Here are some of the most common money laundering schemes as example:

Scheme
Description
Smurfing or structuring
Criminals divide a substantial sum of money into smaller portions to avoid arousing suspicion. Since financial institutions are required to report transactions exceeding a set of thresholds, directly depositing large amounts of illicit funds is risky. Instead, the criminal enlists associates, friends, or relatives as well as across multiple countries, in order to deposit smaller sums into various accounts. The funds are then wired to the criminal’s own account.
Shell companies
Shell companies, existing only on paper without actual operations or assets, play a crucial role in money laundering. To layer funds through a series of transactions, obscuring the illicit origins of the money. Alternatively, dirty money could flow through shell companies as fictitious payments for non-existent goods or services.
Gambling
Casinos, whether online or offline, serve as conduits for significant cash flow, making them attractive for money laundering. The layering and placement stages of the laundering process are relatively straightforward within a casino environment. For instance, two accomplices sitting at the same table can intentionally lose, discreetly transferring money between themselves.
Cryptocurrency
In the past, cash held a dominant position in criminal activities, but that landscape has shifted. Virtual currencies, such as Bitcoin, lack uniform regulation, making them attractive for laundering illicit funds. Additionally, specific cryptocurrencies offer substantial anonymity. This relatively new money laundering scheme poses challenges for regulators and financial institutions as they strive to adapt.

Criminals are often driven by profit, and money laundering allows them to disguise illegally-gained funds as legitimate assets. By doing so, they can use the money without detection of its illegal origin. Unfortunately, this process fuels criminal enterprises, including drug trafficking, terrorism, and arms dealing. If left unchecked, money laundering can undermine the integrity of financial systems worldwide.

HSBC fined $85 mln for anti-money laundering failings

What Happened? HSBC, a major global bank, was fined £64 million (approximately USD$85 million) by British regulators for AML deficiencies spanning eight years. The Financial Conduct Authority (FCA) identified serious weaknesses in three key parts of HSBC’s transaction monitoring systems in Britain from 31 March 2010, to 31 March 2018.

HSBC’s shortcomings included inadequate monitoring of money laundering and terrorist financing scenarios until 2014, poor risk assessment of “new scenarios” after 2016, inappropriate testing, and incomplete data checks in monitoring systems. Notably, HSBC failed to detect suspicious activity related to a construction director involved in a criminal gang attempting to steal millions via fake companies. Additionally, the bank missed unusual activity by a customer imprisoned for smuggling cigarettes into the UK.

These failings exposed the bank and community to avoidable risks, emphasizing the importance of robust AML processes.

(Source: Reuters – HSBC fined $85 mln for anti-money laundering failings: https://www.reuters.com/business/hsbc-fined-85-mln-anti-money-laundering-failings-2021-12-17/)

How Anti-Money Laundering (AML) works?

How it works 20240606 e1717746943897

Anti-Money Laundering (AML) refers to a set of laws, regulations, and procedures designed to prevent the illegal generation of income through criminal activities and the subsequent disguising of its origins to appear legitimate. The primary goal of AML measures is to detect and deter money laundering activities. In essence, AML aims to safeguard the integrity of financial systems by identifying and mitigating risks associated with money laundering and terrorist financing.

Controls and Measures:
Measure
Description
Know Your Customer (KYC)
Verifying the identity of customers and understanding their background history.
Customer Due Diligence (CDD)
Assessing the risk associated with each customer and perform ongoing monitoring periodically.
Transaction Monitoring
Detect suspicious transaction patterns indicative of money laundering.
Suspicious Activity Report (SARs)
Reporting unusual or suspicious activities to responsible authorities.
Record Keeping
KYC/CDD documents, original or copies, is required to keep at least 5 years.
Legal Framework:
  • AMLO and regulations vary by country but are often based on international standards set by organizations like the Financial Action Task Force (FATF).
  • Regulated institutions must comply with these regulations to prevent money laundering and protect their reputation.
Collaboration and Reporting:
  • AML efforts involve cooperation among financial institutions, law enforcement agencies, and regulatory bodies.
  • Reporting requirements ensure that suspicious activities are promptly identified and investigated.

What is KYC and CDD?

KYC is the initial step where businesses verify the identity of their customers. It involves collecting and verifying personal information for onboarding process. On the other hand, Customer Due Diligence (“CDD”) is an ongoing process. It involves continuously monitoring customer behaviour and assessing risks associated with it. Both are pivotal in preventing financial crimes.

Primary goals of KYC/CDD:
  • Risk Mitigation: Identifying and managing risks associated with money laundering, terrorist financing, fraud, and other financial crimes.
  • Regulatory Compliance: Meeting legal requirements set by regulatory bodies such as Financial Action Task Force (“FATF”), local authorities etc.
Here are 3 steps of KYC/CDD procedures:

Step 1: Verification of Identity

  • Collecting identifying information to confirm a customer’s identity.

  • Depends if the customer is a company or individual, using various methods to verifying official documents (e.g. passports, address proof, company certificate etc.).

  • Perform Background Check via screening system or manual screening (e.g. Google search, world check etc.)

Step 2: Risk Assessment

  • In accordance with various information (e.g. Source of income, jurisdiction, sanctions and watchlist screening results etc.) during the document collection and screening process in step 1 to assess the customer risk level.

  • With three levels of risk rating (Low, middle, and high), and notice when to perform periodical review.

  • Depends on the risk rating, SDD standard DD and EDD approach apply if applicable.

Step 3: Ongoing Monitoring

  • Depends on the latest risk level rating, regulated institutions are required to perform CDD periodically.

    (see the below table as example)

Risk Level
Perform Periodical Review
Low
25 to 36 months
Middle
13-24 months
High
6-12 months
  • Checking any expired document or any structure changes such as change of members, directors. And request updated document accordingly.

 

  • Perform risk reassessment in order to keeping risk level up to date.

 

(Note: Different types of regulated institutions should have a different approach depends on different regulated requirement, jurisdiction etc., for example: SFC require regulated institutions to review risk assessment level at least every 2 years)

 

Simplified due diligence (SDD) and Enhanced Due Diligence (EDD)

By performing risk assessment during the KYC/CDD process, different risk level of customers should be identified where specific due diligence is applicable/required or not.

Simplified Due Diligence (SDD)

SDD represents the minimum level of CDD that regulated institutions can apply. It involves a brief identity verification process applicable to eligible customers when the risk of money laundering or terrorist financing is considered very low. SDD precedes standard due diligence (applied to low and medium-risk customers).

However, SDD still require to conduct the four basic components of CDD outlined by the FATF:

  • Customer & UBO identification and verification
  • Purpose of nature and relationship
  • Ongoing monitoring

In a short word, SDD involves less intensive information gathering compared to higher levels of due diligence.

Enhanced Due Diligence (EDD)

On the other hand, EDD represents the highest level of CDD. It representing customers with the highest-risk which might require a more robust approach other than standard due diligence.

Companies / individuals might fall into the EDD approach, if they are:

  • Business in countries on the hight-risk third countries list.
  • Politically exposed persons (PEP) or their close circles (e.g. family members).
  • Sectors with a higher risk of money laundering (e.g. casino, firearm dealer)
  • Shell corporations.
  • Companies that funded terrorist activities and are blacklisted.

     

EDD measures consist of different procedures, such as:

  • Identification documents such as passport, address proof may require a suitable certifier (e.g. CPA, Lawyer, Authorities) to conduct certification of the specific document.
  • Defining the purpose and intended nature of the business relationship, and more.
  • Additional information may require, such as self-certification, PEP verification related record.

 

In simple words, EDD is an extended KYC and AML process that intensifies the scrutiny of potential business partnerships, an advanced risk assessment process that entities use to gather comprehensive information about high-risk customers.

Manual KYC Approach

Miners

For small businesses without using any AML system, KYC is a manual affair. Responsible staff reviewed and verify physical documents, interviewed customers, and perform screening for background check of onboarding and ongoing customers by manually cross-reference data (e.g. watchlists, criminal records etc.).

Key aspects
Advantage
Disadvantage
Investigator Expertise
AML analysts manually review transactions, customer profiles, and suspicious activities. Their expertise is crucial for identifying patterns and anomalies.
With such experience and technical skills, high salary is possible. Also Requires a significant workforce, training, and ongoing supervision.
Highly Customizable
Manual processes allow flexibility in adapting to unique risk profiles and specific organizational needs.
Error, inconsistencies, and integrity issues are more likely to happen causing by human biases.
Case Management
Investigators handle alerts, conduct investigations, and document findings precisely.
With a large-scale number of cases, manual approach could be overwhelming.

If entities have a large scale of customer number of size, manual screening processes could be time-consumed, prone to human errors, and costly due to the needs for large compliance teams.

The Rise of Automation

Mining Machine e1717750831879

A sufficient AML system can offer efficiency, cost-effectiveness, compliance, security, and a smoother customer journey. It is a valuable tool for financial institutions seeking to balance regulatory requirements with operational effectiveness.

Advantage
Description
Time Efficiency
AML system significantly reduces the time required for client onboarding and verification compared to manual processes. This streamlined approach enhances the customer experience and allows financial institutions to onboard clients swiftly and efficiently.
Scalability
Automation scales effortlessly. As number of size of customers and transaction volumes increase, the system adapts without proportional staff expansion.
Cost Savings
By automating KYC processes, companies can save costs associated with hiring staff for manual checks. Deploying software for KYC tasks is more cost-effective and scalable in the long run.
Continuously
Automation enables continuous monitoring of customer profiles and perform background screening on a daily bases, ensuring that information remains accurate and up-to-date. Ongoing KYC approach enhances risk management and security.
Enhanced Security
Automated systems reduce the chances of human error and improve data security. They can detect suspicious activities more effectively, contributing to robust anti-money laundering efforts.
Record Keeping
With a sufficient AML system, end-user audit trail and records should be included within the system. Without costing any extra human resource, record is automatically saved and able to generate reports if needed anytime.
Improved Customer Experience
Faster onboarding, fewer manual steps, and accurate data contribute to an overall better customer experience. Clients appreciate efficient processes that do not cause unnecessary delays.

Should we fully replace manual approach with automation? 

Automation and manual are not mutually exclusive, they work best together. Scalable automation, coupled with human oversight, ensures efficient compliance while maintaining accuracy and ethical standards.

Many institutions adopt a hybrid model, combining manual expertise with automated tools.

  • Thresholds and Alerts: Automated systems generate alerts based on predefined thresholds; manual investigation approach should focus on these alerts.
  • Enhanced Due Diligence (EDD): Manual EDD processes complement automated risk scoring for high-risk customers.
  • Adaptability: Institutions can adjust the balance between manual and automated processes as needed.

 

While automation enhances efficiency and consistency, manual expertise remains essential for nuanced decision-making. A well-designed hybrid approach combines the best of both worlds, leveraging technology while valuing human judgment.

The Future of AML

AML is becoming increasingly critical. Sanctions, fines, monitoring efforts, and legal actions by government bodies and regulators are becoming more stringent and unavoidable.

The banking sector in Hong Kong has also recently seen a high-profile example of AML enforcement. The HKMA took disciplinary action against four banks for breaches of AMLO, imposing aggregate fines of HK$44.2m (US$5.7m). This was the first such action against banks in Hong Kong since December 2018.

Regulated entities must enhance their AML practices, remain vigilant for suspicious activities, and promptly report to regulators in order to protect themselves as well as fulfilling their obligations.

(Source: Hong Kong AML Update – IFC Review: https://www.ifcreview.com/articles/2022/january/hong-kong-aml-update/)