Carmen Chu, Executive Director (Enforcement and AML), Hong Kong Monetary Authority
Anti-Money Laundering and Financial Crime Risk: How effective are we?
- It is a great pleasure for me to participate in Fraud and Financial Crime Asia 2021 Conference. Among various themes, I will focus my opening remarks on the challenges presented by online fraud and related money laundering and how regulators, working with the industry, are helping to shape an effective response to deter, detect and disrupt new and emerging threats to businesses and individuals.
- I will focus on the need to introduce best practices more consistently across the global network so that our respective AML and risk management systems are able to deliver a more effective return on the huge investment at the institutional, sectoral and national levels. The necessary changes include richer data streams like digital footprints to drive the gains from analytics; technology-enabled information sharing partnerships to deliver more responsive and actionable suspicious activity reporting; and, for regulators, data-driven supervision and industry engagement.
Epidemic of Online Fraud
- The last 12 to 18 months have been a landmark for the banking sector in Hong Kong. The successful launch of eight Virtual Banks and collective efforts across the entire banking sector to overcome major challenges arising from the pandemic - banks had to make changes to meet customer demand within a very short time to launch or expand digital and online financial services. While this is in the interests of customers and has brought huge benefits, the global AML community, led by the Financial Action Task Force, saw increased levels of online fraud and cybercrime.
- The scale at which the online economy was developing has been matched only by the increasingly sophisticated attempts of criminal networks to exploit it. Both the scale and speed with which this has happened are breathtaking; fraudulent websites and spam emails targeting Government-led pandemic relief efforts, for example, often surfaced within hours of the initiatives being launched.
- Hong Kong has not been immune to this global phenomenon. There were over 15,000 deception cases in 2020, almost doubling from about 8,000 cases in the previous year. A similar increase was noted by the HKMA in bank customer complaints related to fraud and financial crime, which rose by about 120% in the first half of 2021 when compared with the same period a year ago.
- It’s not all bad news, however. When we coordinate effectively, when we formulate and implement strategies for the public and private sectors to work closely together and take timely actions, we can make an impact. The Anti-Deception Coordination Centre of the Police, which leads action against fraud, has intercepted HK$6.3 billion conned from victims of phone and internet scams in its first three years of operation since 2017. The Centre intercepted a staggering HK$3 billion in a single year in 2020, and none of this success would be possible without the close cooperation of banks, 24 hours a day and 7 days a week, in helping disrupt fraud and financial crime and protecting customers from losses.
- These numbers must be a matter of concern for everyone in the global AML ecosystem and the wider economies. We all need to reflect on how effective we are being, while staying alert to new tricks and doubling our efforts to slow and reverse the tide. This is not to say that we expect to be able to pre-empt all fraud and financial crime, but that when these crimes unfortunately happen, our responses are quick and targeted.
- The HKMA’s approach is guided by our continuing commitment to international standards and best practices in how AML and financial crime risk management systems are implemented. Our ‘Fintech 2025’ strategy also outlines how innovative technologies can help achieve effective outcomes.
- We have been working to realise our vision, beginning with an AML/CFT RegTech Forum in 2019 to raise industry awareness and explore the role that technology could play in AML work. The HKMA also publishes various papers and reports from time to time to share Regtech use cases including AML, and will be putting all relevant resources in our centralised “Regtech Knowledge Hub”. In particular, I would strongly recommend our report titled AML/CFT Regtech: Case studies and Insights of January 2021 as a “must read”. The report collates insights from our engagement with around 40 banks at different stages of AML Regtech adoption since our 2019 forum. It highlights the opportunities Regtech offers to transform effectiveness and efficiency, sharing real-life examples and specific technologies and data applications, as well as robotic process automation in handling transaction monitoring alerts.
- We must also talk about data – quality data – to drive Regtech adoption. Specifically, the availability of richer data streams, such as digital footprint data, with proper integration, can have a significant impact on system effectiveness. Other external data and information are also becoming increasingly important in monitoring customer risk and to this end, we have recently shared key observations and best practices from a thematic review to assist banks in identifying and using these resources. We will also further these pieces of work later in the year when we launch our first interactive lab session featuring machine learning in the area of monitoring.
- Some of those technologies featured prominently in the successes we have seen in identifying and disrupting mule account networks linked to COVID-19 and investment scams, which have been shared through our public-private information sharing partnership, the Fraud and Money Laundering Intelligence Taskforce - or FMLIT. The FMLIT partnership has seen remarkable growth in the last three years, bringing about clear improvements in our collective abilities to identify and disrupt financial crime. Since its launch in 2017, actions taken by banks through FMLIT have identified over 11,000 bank accounts which were previously unknown to law enforcement agencies, leading to restraint or confiscation of about HK$700 million in crime proceeds mainly from investment scams and other frauds involving financial impacts on customers and/or banks themselves.
- In one case, a FMLIT member bank developed the capability to incorporate digital footprint data such as IP addresses into its analysis, and as a result, successfully identified a network of mule accounts linked to a fraud syndicate. This information was subsequently shared resulting in further responsive reporting. In another example, one of our virtual banks successfully used data related to customers’ mobile devices to identify a network of mule accounts which led to a number of suspicious transaction reports being filed and dozens of counterparty accounts being closed down. The subsequent police investigation safeguarded more than HK$10 million worth of assets.
- This of course is only half the story. Robust yet customer-friendly front-end controls are also an important part of the response. To address impersonation risk, we have issued guidance on expectations for remote onboarding technology and worked with the industry to better educate bank staff and customers on fraud prevention. The HKMA and the industry associations have also undertaken various initiatives, including sharing sessions and publicity campaigns, to promote awareness of fraud prevention and detection among bank staff, and remind customers to stay alert of phishing instant message and protect their personal information.
AML/CFT Supervision in the Age of Digital Innovation
- Returning to the question I posed: how effective are we in our AML and financial crime work? It is essential for regulators to ask ourselves how AML/CFT supervision needs to change in the age of digital innovation. The HKMA’s approach is to build on our strong foundations as a risk-based AML supervisor, while recognising the need to constantly learn and adapt to the digital age. We are implementing a series of changes to better leverage the latest technology in our supervisory work, while building capacity to allow us to adopt new technologies and techniques as they emerge.
- One key area we are currently focusing on, and which will impact the Hong Kong banking sector, is to significantly upgrade our ability to source, store, process, and more importantly, use data to enhance and support our AML/CFT supervisors, while investing in other talent – data specialists – to help drive this initiative. The improvements we are making in our data, technology and people will be closely aligned to the outcomes we want to achieve in combatting financial crime. Read more about our agenda and priorities in the AML section of the HKMA website.
International Cooperation to drive greater global consistency
- International cooperation with other supervisors and global standard-setting bodies is more vital than ever if we are to fight against cross-border criminal syndicates and illicit fund flows. The FATF has shown considerable leadership both in terms of the response to the pandemic, and the frauds and money laundering it has given rise to, and has recently issued guidance on the opportunities and challenges of new technologies for AML/CFT. I’m sure that the available and emerging technology-based solutions described will be highly relevant to many of you as they are for the HKMA.
Building an AML Regime for the Future
- To round off, we must recognise that the COVID-19 situation has demonstrated how quickly financial services can change when they need to. Today, I have highlighted three aspects which we feel will help shape AML/CFT systems to be effective and fit for the future, particularly in the light of the “fraud pandemic” that we are increasingly facing:
- First, data — to expand the use of non-traditional and new data streams, including digital footprints, to realise the full potential of analytics capabilities and AML Regtech;
- Second, technology — to leverage on information-sharing and network analytics to help curb risk displacement across the system. The objective must be more responsive reporting, earlier and at a scale commensurate with the threat; and
- Third, collaboration — transformation is needed for AML regulators as much as for banks, and maximum benefits will be gained through public-private partnership and engagement. Those who are data-driven, technology-led and collaborative will do the best in meeting new challenges.
- I understand that a number of these issues will be discussed in the next two days, so I hope I have provided an overview, not only of how we are responding, but also how to assess effectiveness of that response. I believe these will be relevant to your firms and people, so let me end by reiterating the importance of data, technology and collaboration to enhance effectiveness and achieve our common vision for AML and financial crime risk.
- I wish the event every success and look forward to fruitful discussion. Thank you.