Key Information

Speeches by Speaker
Norman T.L. Chan
Peter Pang
Eddie Yue
Arthur Yuen
Zeti Akhtar Aziz
Raymond Li
Edmond Lau
Esmond Lee
Meena Datwani
Vincent W.S. Lee
James Lau
Joseph Yam
Y K Choi
William Ryback
David Carse
Tony Latter
Andrew Sheng
Hans Genberg
Simon Topping
Michael Taylor
The Honourable Donald Tsang
Chen Yuan
Dai Xianglong
Don Brash
Jaime Caruana
Andrew Crockett
Mario Draghi
David Eldon
Stanley Fischer
Timothy F. Geithner
Stephen Grenville
Kenneth G. Lay
William McDonough
Ernest Patrikis
Glenn Stevens
Jean-Claude Trichet
Tarisa Watanagase
Zeti Akhtar Aziz
Carmen Chu
Alan Au
Press Releases
Press Releases by Category
Bogus Voice Message Phone Calls
Banking in Hong Kong
Fraudulent Websites, E-mails and Telephone System, and other fraud cases
Granting of Banking Licences
Exchange Fund
Table of Multiples of Notes and Payments for Allotted Amount under non-competitive tender
Table of Multiples of Notes and Payments of Application Amount under non-competitive tender
Tender of Exchange Fund Bills and Notes
Tender Results of Exchange Fund Bills and Notes
Tentative Issuance Schedule for Exchange Fund Bills and Notes
Appointments and Departures
HKMA Pay Review
HKMA Publications
The Hong Kong Mortgage Corporation
Hong Kong Note Printing Limited
Hong Kong Institute for Monetary Research
Exchange Fund Investment Limited
Hong Kong Financial Infrastructure
International Relations
Investment Products Related to Lehman Brothers
Monetary Policy
Notes and Coins
Renminbi business
Credit Card Lending Survey
Monetary Statistics
Residential Mortgage Survey
Year 2000
Guidelines and Circulars

Guidelines & Circulars

Our Ref.: B1/15C

14 July 2009

The Chief Executive
All authorized institutions

Dear Sir/Madam,

Abuse and Fraud Prevention in Private Banking and Wealth Management

The purpose of this circular is to share with authorized institutions (AIs) on some of the lessons learnt recently on staff abuses and frauds in private banking and the higher end of retail wealth management business (collectively referred to as "PB" in this circular) and remind AIs to maintain vigilant management control and oversight of this business.

A unique characteristic of PB is the close relationship between customer and relationship manager (RM) and the "all-inclusive" money management services provided by the RMs to their customers. Unless strong management control and oversight are maintained, the close customer-RM relationship, as well as the large amount involved in transactions, may make it susceptible to staff abuses or even frauds, such as unauthorized transactions and misappropriation of client funds.

This letter sets out some of the lessons learned recently on the prevention of staff abuses and frauds in PB, particularly in the areas of hold-mail service, address changes, and escalation and prompt reporting of non-compliance and suspicious transactions. In addition, the attachment to this circular puts forth some good practices in general on management control and oversight to minimise chances of staff abuses and frauds in PB operations.

  • Control on hold mail service and address change - customers should receive bank statements on their cash and investment transactions. Some institutions provide hold mail service to their customers (because for instance the customers demand a confidential relationship). This may be open to abuse such as concealment of unauthorized transactions as customers may not be able to verify the accuracy of their cash and investment transactions in a timely manner. In general, AIs should not allow hold mail service. If the customer insists on this service, AIs must have control measures in place to mitigate the risks. These control should include having such applications (which should be submitted in writing by the customer) reviewed and approved by the supervisory staff of the responsible RM and the compliance department, separating custody of the customer's mail and independent reconfirming with customers requesting this service by an independent person in the back office. Also, there must be a limit on the period (no more than 3 months) within which the customer must collect their mails held by the AI from a person independent of the RM, such as the back office. There should also be an independent process to verify and approve change of customer address and request for cheque books handled by the RM.


  • Staff compliance - AIs should adopt zero tolerance for exceptions in processing cash withdrawals or fund transfers. If exceptions are provided, they should be subject to independent and close monitoring. Non-compliant staff should be given formal warning and/or disciplined.


  • Whistle blowing and reporting of suspicious cases - as shown in a number of abuse and fraud cases, the junior staff may feel compelled or be intimidated to cooperate with the culprit despite observing irregularities. Senior management of AIs must be made aware of any suspicious cases involving possible criminal elements in a timely manner. To this end, AIs should have policies and procedures in place on when and how to escalate suspicious cases (which may arise from customer complaints, MIS reports, or whistle blowing by another staff) to the senior management for attention. A hotline or compatible reporting channels should be set up for staff to report in confidence irregular activities encountered at work to an independent unit such as Compliance or Internal Audit.


    In addition, whenever there is a suspected case involving possible criminal elements, AIs are expected to report the incident to both the Police and the HKMA in a timely manner.

  • Transaction control and monitoring - if left unchecked, a close customer-RM relationship may make unauthorized fund transfers/ withdrawals and investment transactions more susceptible because of the customer's trust and reliance on the RM. Activities of RMs should be subject to frequent (preferably daily) reporting to and review by their supervisors. AIs should develop an independent and robust process to review and confirm client orders, and cash transfers/withdrawals over certain value and investment instructions handled by the RM. For high risk transactions, such as transfers to unregistered third parties, AIs should have procedures to confirm these transactions with the customers, such as phone call-back by an independent person of the back office or by SMS messages to the customers. Also, AIs should have in place a system to sample check and monitor irregular transactions. Where irregular, unusual, high-risk, or suspicious transactions are identified, back-end checkers should call back customers to seek confirmation. More checks on transactions should be carried out on customers who are old-aged, reside outside Hong Kong, or have opted for hold mail service. There should also be management monitoring and review of staff's transactions through the bank to ensure that any irregularities (such as any unusual increases in securities trading) can be explained or investigated.

AIs should review their PB operations to ensure that their controls are effective, having regard to the points mentioned above and the good practices set out in the Attachment. AIs which have grown rapidly in this area and which have not carried out any review in the past year should conduct the review as a matter of priority. Going forward, the HKMA will examine selected AIs' PB operations and retail wealth management to assess the sufficiency of their management control and oversight.

Should you have any questions on the above, please get in touch with your usual supervisory contacts at the HKMA.

Yours faithfully,

Nelson Man
Executive Director
(Banking Supervision)

Encl. Management Control and Oversight (PDF file, 192KB)

Last revision date: 1 August 2011
Tender Invitations
Legislative Council Issues
The HKMA Information Centre
Monetary Stability
Banking Stability
International Financial Centre
Exchange Fund
Annual Report
Half-Yearly Monetary & Financial Stability Report
Quarterly Bulletin
HKMA Background Briefs
Reference Materials
CMU Bond Price Bulletin
Economic & Financial Data for Hong Kong
Monthly Statistical Bulletin
Monetary Statistics
Press Releases
Guidelines & Circulars
Forthcoming Events
Information in Other Languages (Bahasa Indonesia, हिन्दी, नेपाली, ਪੰਜਾਬੀ, Tagalog, ไทย, اردو)
Account Opening
Consumer Corner
Consumer Education Programme
Complaints about Banks
Complaints about SVF Licensees
Internet Banking
Fraudulent Bank Websites, Phishing E-mails and Similar Scams
Be Careful of Bogus Phone Calls and SMS Messages
Authenticate the Callers and Bank Hotline Numbers
Register of AIs & LROs
Register of Securities Staff of AIs
Register of SVF Licensees
Investment Products Related to Lehman Brothers
Photo Gallery