Appendix 3
Examples of Good Practices Adopted by Certain LCs
The examples below are not exhaustive nor should they be treated as the only methods of
meeting the relevant AML/CFT statutory and regulatory requirements. Firms are encouraged
to consider whether any of these measures should be adopted, so as to strengthen
management supervision and AML/CFT compliance programs.
A) Effective controls
Senior management oversight
1. Senior management of an LC maintained oversight of AML/CFT matters by multiple
means including: setting up a designated committee; regular meetings of senior
management personnel from both business and compliance functions; and periodic
circulation of management information reports. In addition, senior management carried
out the following oversight tasks, among others:
(a)
review and approval of matters pertaining to the LC’s AML/CFT systems, e.g.
institutional risk assessment, internal guidance on AML/CFT policies and
procedures, etc.;
(b)
periodic review of relevant management information, e.g. figures and case
summaries of suspicious transaction reports filed to the JFIU, etc. to maintain
ongoing oversight of the firm’s ML/TF risk profile;
(c)
review and approval of the on-boarding of, or the continuance of business
relationship with, high-risk customers (including politically exposed persons).
Compliance and audit function
2. An LC established a risk-based compliance monitoring program for testing the operating
effectiveness of all key components of its AML/CFT systems on a regular basis.
3. The internal audit function of an LC performed substantive testing procedures on all
AML/CFT-related audit components rated as high or medium risk and conducted a follow
up review to ensure the deficiencies identified had all been properly rectified.
Staff training
4. Some LCs, in addition to organizing separate, tailored training programs for different
groups of staff according to their job roles and functions, provided annual refresher
training to apprise staff of the latest regulatory developments and remind them of key
AML/CFT requirements.
1
Tel: (852) 2231 1222
Fax: (852) 2284 4660
Website: www.sfc.hk
Appendix 3
B) Customer due diligence and ongoing monitoring
Determination of jurisdictional equivalence
5. An LC designed and established a framework of country risk ratings that took into
account a wide range of assessment factors for determining jurisdictional equivalence.
Factors assessed included robustness of the country’s regulatory framework, prevalence
of ML/TF or other criminal activities, etc., and reference was made to reports from a wide
range of sources such as FATF, Transparency International, World Bank, etc. in the
assessment. In addition, the LC reviewed the country risk ratings on an annual basis to
ensure that these ratings and the associated jurisdictional equivalence assessments
remained up-to-date.
Identification of politically exposed persons
6. Some LCs conducted screening of the customers, their beneficial owners, and other
connected parties against commercially available databases, to assist in identifying
politically exposed persons. Both Chinese and English names (wherever applicable)
were screened for better effectiveness.
Enhanced monitoring for high risk customers
7. Some LCs adopted enhanced procedures to perform periodic review of the account
activities of high risk customers. For example, assigning a senior member of staff (e.g. a
Responsible Officer) to conduct quarterly reviews of the account movements to detect
any unusual activities; and screening the customer names against media reports to
identify any negative news which might further increase the risk of ML/TF presented by
the high risk customers.
Name screening against terrorist / sanction designations
8. Some LCs deployed systems for name screening against terrorist/ sanction designations
with algorithms for screening Chinese names in both traditional and simplified characters,
and generating matches with minor variations for further checking.
C) Suspicious transaction monitoring, evaluation and reporting
Cash transactions and third party payments
9. Some LCs conducted monthly post-transaction reviews on customers whose
accumulated level of cash transactions or third party payments exceeded certain
thresholds set according to the customers’ usual practices previously assessed to be
reasonable (in terms of frequency and amount) to evaluate whether there was cause for
suspicion of ML/TF.
10. Some LCs prohibited cash transactions and third party payments after considering the
extent to which these transactions are vulnerable to ML/TF abuse and their capacity to
mitigate the associated risks. In some other LCs, proposed cash transactions and third
party payments were subject to senior management approval.
2
Tel: (852) 2231 1222
Fax: (852) 2284 4660
Website: www.sfc.hk
Appendix 3
Transaction monitoring system and alert clearance
11. Some LCs adopted monitoring parameters formulated and tailored to identify some types
of suspicious transactions considered to be particularly relevant to the LC’s
circumstances, in addition to incorporating the list of types of suspicious transactions set
out in the AML Guideline1 in the design of these monitoring parameters.
12. Some LCs performed regular reviews of the risk factors, parameters and thresholds used
in the transaction monitoring system to evaluate their continuing relevance, including
analysis of the reasons why the system had failed to generate alerts for some internal
disclosures made by staff based on suspicion identified from other sources.
13. Some LCs produced aging reports to monitor the alert clearance status such that any
long outstanding alerts would be escalated to senior management on a regular basis for
discussion and resolution.
Post-reporting measures
14. Some LCs implemented one or more of the following measures relating to customers on
whom STRs had been filed to the JFIU in order to address the potential risks posed to
the LCs:
1
(a)
setting more stringent transaction monitoring parameters and/or increasing the
frequency of transaction reviews on those customers;
(b)
including those customers in a “media watchlist” for adverse news monitoring;
(c)
restricting certain business activities with those customers (e.g. entering into new
services or transactions, conducting further third party payments) and obtaining
senior management’s approval before proceeding with these proposed activities.
Paragraphs 7.14, 7.39 & 7.40 of the AML Guideline
3
Tel: (852) 2231 1222
Fax: (852) 2284 4660
Website: www.sfc.hk