The Monetary Authority (MA):-
(a) has reprimanded Shanghai Commercial Bank Limited (SCOM) for contravening section 19(3) of Schedule 2 to the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Chapter 615 of the Laws of Hong Kong) (AMLO) (Note 1) by failing to establish and maintain effective procedures for the purpose of carrying out its duty to continuously monitor business relationships;
(b) has ordered SCOM to submit to the Hong Kong Monetary Authority (HKMA), by a date and in a manner to be specified by the MA, a report prepared by an independent external advisor assessing whether the remedial measures implemented by SCOM are sufficient to address the contraventions and the effectiveness of the implementation; and
(c) has ordered SCOM to pay a pecuniary penalty of HKD5,000,000.
The disciplinary action (Note 2) follows an investigation by the HKMA which found that SCOM contravened three specified provisions of the AMLO (Note 3). In summary, SCOM did not:
(a) continuously monitor its business relationship with 33 customers by examining the background and purposes of their transactions that were identified as (i) complex, unusually large in amount or of an unusual pattern and (ii) having no apparent economic or lawful purpose, and setting out its findings in writing;
(b) establish and maintain effective procedures for the purpose of carrying out its duty under section 5 of Schedule 2 to the AMLO to continuously monitor business relationships; and
(c) carry out customer due diligence (CDD) measures in respect of certain pre-existing customers (Note 4) when a transaction took place with regard to each of the customers that (i) was, by virtue of the amount or nature of the transaction, unusual or suspicious, or (ii) was not consistent with SCOM’s knowledge of the customer or the customer’s business or risk profile, or with its knowledge of the source of the customer’s funds.
As regards the deficiencies in monitoring business relationships, although the relevant transactions were identified through SCOM’s Management Information System (MIS) reports, which took into account different customer risk levels and transaction types, and were selected by SCOM’s Compliance Department at the material time for further enquiry or investigation, SCOM had not adequately examined the background and purposes of those transactions and set out the findings in writing. SCOM also lacked effective policies and procedures for monitoring the handling of MIS alerts including properly recording the follow-up actions taken and monitoring the review time, resulting in significant delay in alert clearance. As for carrying out CDD measures in respect of pre-existing customers, while one of the customers conducted the relevant transactions as early as in May 2012, SCOM failed to identify those transactions at the material time as unusual or suspicious or not consistent with its knowledge of the customer and had not conducted CDD measures accordingly.
In deciding the disciplinary action, the MA took into account all of the relevant circumstances and factors, including the following:-
(a) the need to send a clear deterrent message to the industry about the importance of effective internal anti-money laundering/counter-terrorist financing (AML/CFT) controls and procedures;
(b) SCOM has taken and will take extensive remedial measures to enhance its AML/CFT systems and controls; and
(c) SCOM has no previous disciplinary record and was co-operative throughout the investigation.
Ms Carmen Chu, Executive Director (Enforcement and AML) of the HKMA, said, “This is a case concerning deficiencies in AML/CFT systems and controls in relation to transaction monitoring. While banks are expected to adopt a risk-based approach (RBA) in their AML/CFT efforts and it is unrealistic to expect a “zero failure” outcome, a RBA can only be effective if risk is adequately understood and managed. Risk assessments are not static; monitoring of customer transactions and ongoing reviews are fundamental components of a reasonably designed RBA, and banks should have robust systems and controls in place. Under a RBA, when potential increase in risk is identified, transactions of existing low risk customers and pre-existing customers must also be adequately examined without delay, and reference can be made to various guidance provided by the HKMA, including the Guidance Paper on Transaction Screening, Transaction Monitoring and Suspicious Transaction Reporting.”
Relevant link: Statement of Disciplinary Action
Prior to 1 March 2018, the short title of Chapter 615 of the Laws of Hong Kong was the Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance.
The disciplinary action is taken under section 21 of the AMLO. The AMLO imposes CDD and record-keeping requirements on specified financial institutions, including Authorized Institutions (AIs), and designated non-financial businesses and professions. As regards AIs, the MA is the relevant authority under the AMLO.
SCOM contravened sections 5(1) and 19(3) of Schedule 2 to the AMLO during the period from July 2014 to June 2016 and section 6(1) of Schedule 2 to the AMLO during the period from April 2012 to August 2017.
Part 1 of Schedule 2 to the AMLO defines a pre-existing customer, in relation to a financial institution, as a customer with whom the financial institution has established a business relationship before the date of commencement of the AMLO, i.e. 1 April 2012.