Keynote Speech at International Symposium on Digital Fraud Prevention and Detection

Good morning, Ladies and Gentlemen.  It is a great pleasure for me to be here today and to participate in today’s International Symposium on Digital Fraud Prevention and Detection.  My thanks to the City University of Hong Kong (CityU) for putting together such an interesting programme, and to Dr Young (Senior Teaching Fellow, Department of Social and Behavioural Sciences, CityU) for inviting me to speak.  Coming back to CityU reminds me of the fond memories I had while I was studying for my Master’s degree at the University before the turn of the millennium.

This morning, I would like to share my thoughts on a more holistic approach to protecting the integrity of our banking system from the menace of fraud amid continued digitalisation.  My focus will be on Hong Kong, but I believe our experience would have reference value to friends from overseas.

The business of banking is evolving rapidly as digital technologies and the internet are redefining the interface between financial institutions and their customers, as well as the very nature of commerce.  Today:

• More than 50% of bank accounts are opened online – remotely, using a digital interface;
• The Faster Payment System (FPS), first introduced by the HKMA in 2018, has gone from strength to strength; as at 30 June 2025 there were 17.2 million registrations, for a local population of 7.5 million;  
• The number of HKD FPS transactions exceeded 400 million in the first half of 2025, which was more than 16 times the number of paper cheques processed over the same period;
• The number of electronic wallets and prepaid cards in use has risen to 81 million, and the total number of transactions conducted via these stored value facilities has grown by 50%, from 15 million per day in Q4 2016 to 23 million in Q1 2025.

The digitalisation of the financial system is not only gathering speed but also expanding in scope.  The HKMA continues to develop and implement next-generation financial infrastructure, digitising trade and finance and driving growth, supporting both our city’s economic development and reinforcing Hong Kong’s role as a hub for innovation, trade, and commerce.  The HKMA’s Commercial Data Interchange enables more efficient financial intermediation, particularly in the realm of SME financing.  Project Ensemble supports the development of the tokenisation ecosystem in Hong Kong and, most recently, the launch of Payment Connect allows Hong Kong and Mainland residents to make instant cross boundary payments.

The benefits of these developments are all around us – greater efficiency, new customer experience, and savings in costs, to name but a few.  However, on the flip side, the opportunities these developments have provided have also fuelled the rapid growth of digital fraud which, if left unchecked, threatens to undermine the integrity of our financial system.  This gives rise to the fear that the rapid digitalisation of financial services may have outpaced the development of appropriate safeguards.

Safeguarding our future

Our job at the HKMA is to make sure those safeguards remain effective:  safeguards which support digitalisation and growth while balancing those objectives with effective risk management. But achieving that balance is not always easy: criminals innovate to stay one step ahead by using new technologies; continually adapting their tactics to exploit new products and delivery channels; and constantly probing our defences for vulnerabilities. 

So we are not standing still.  We are always looking for ways to help us do a better job, as demonstrated by the actions the HKMA has taken over the past few years.  We are not afraid to use new technologies, or make fundamental changes to our legal and regulatory regime, if these offer better outcomes.

Redefining our focus on early detection and intervention

We have made significant progress in delivering a number of key commitments aimed at redefining our focus on early detection and intervention.  These include: first, setting clear supervisory expectations on banks to detect, deter and disrupt authorised payment scams in December last year and requiring them to establish a dynamic monitoring system and intervention mechanism to protect their customers from falling prey to scams; second, expanding the use of the Police’s Scameter database so as to flag up mule account networks before they are used to launder fraud proceeds; third, emphasising the need for a whole-of-ecosystem approach to all forms of financial crime, including digital fraud, by fostering collaboration across multiple Government and private-sector entities; and fourth, promoting innovation and the use of technology to deliver change.  Equally crucial is ensuring that the public is informed and stays vigilant, to help deliver trust in the digital financial services we all rely on.

None of these measures on their own will address the problem of fraud.  But there are tangible signs that collaboration between the public and private sectors is starting to reduce the scope for fraud to succeed:

• Yes, we are continuing to see increases in digital fraud. 20,800 deception cases were recorded in the first half of 2025, an increase of 4% compared to the same period last year. 
• However, the total amount of losses has started to decrease – HK$3.5 billion in the first half of this year, down 21% compared to the same period last year.
• An analysis of the latest statistics indicates that a major contributor to the significant decline in losses was banks’ improved ability to detect and disrupt fraud.  Specifically, banks’ dynamic fraud monitoring system detected 1,800 cases in the first half of 2025, more than double the number in the same period last year.  Correspondingly, the fraud detection rate jumped to 8.6% in 2025 from 2.9% last year.
• Because banks detected fraud earlier than before and intervened proactively, the average loss suffered by the victims fell by one third from HK$1.2 million in 2024 to HK$800,000 this year.

These latest developments are encouraging to both the banks and ourselves and seem to suggest that we are on the right track.  That said, we fully appreciate that the number of deception cases is still rising and we will continue to work closely with the Police and the banks to further strengthen the banking sector’s ability to detect and prevent fraud.   Let me outline some of the ways we plan to do that.

Testing banks’ systems on early detection and intervention

As a follow-up to our December circular requiring banks to put in place a dynamic fraud monitoring system, we have started a round of thematic reviews to test how effectively these measures have been implemented and make sure they are delivering the maximum possible value.  We also monitor the effectiveness of these measures by analysing the supervisory data we collect and have established regular communication with the banks to quickly share trends and good practices.  

Improving the tools for the job

We are acutely aware that the digitalisation of financial services has made our job far more challenging.  The speed of high-volume transfers through the faster payment system increases the banking sector’s vulnerabilities.  Markets have become more complex and there is increasing diversification among service providers and products.

The need for better tools to help us detect and intervene earlier has never been greater.  So one of our key policy goals has been to encourage the application of innovative technology in the banking industry.  We have ambitious plans for Hong Kong’s banking sector to embrace and adopt artificial intelligence (AI) in AML and anti-fraud systems.  AI has the potential to transform how financial crime is tackled across the industry, enabling banks to draw new and better insights from the data being collected and shared; to improve our ability to respond to emerging fraud trends; and most importantly ensure the continued effectiveness of our AML regime.

In September last year, we asked all banks with significant operations in Hong Kong to comprehensively evaluate the need for deploying AI in their suspicious activity monitoring frameworks.  The results indicate a unanimous inclination to integrate AI into the banks’ suspicious activity monitoring frameworks.

To expedite the process, throughout the next two years the HKMA will be working with a consultant to further support the use of AI by the industry.  We will help banks accelerate deployment across a number of use cases, in particular to enhance the early identification of risks to improve outcomes of intervention. 

Fast and efficient exchange of data

Fast and efficient sharing of data is another element which is vital to manage the risks arising from increased digitisation in our economy.  We now understand the dependency between good data and good judgement; good data helps supervisors identify financial crime risks early, and empowers firms and consumers to make sound decisions.

We therefore intend to build an analytics platform to identify patterns and draw insights from payments data which sits in the banking system, but which to date has been under-utilised.  We are also exploring the possibility of analysing account opening data collected from multiple banks to help develop risk profiles and detect anomalies across the sector and support more effective suspicious activity monitoring and early identification of patterns that indicate illicit activities.

In addition, like a number of major jurisdictions around the world, we want to make it easier for banks to share information, as a strategic measure to transform the industry’s ability to detect or prevent crime.   Banks have been sharing information of corporate accounts since 2023, but have been constrained from sharing information of personal accounts, which constitute an estimated 90% of money mules.  In June this year, the Legislative Council passed amendments to the Banking Ordinance to allow banks to share information on personal accounts where there are indications that the accounts, customers or transactions may be involved in money laundering or other financial crimes, and giving banks legal protection in doing so.

By supplementing the current sharing of corporate account information with personal account information among banks, our aim is to improve early detection of crime and enable proactive intervention.  We are now working closely with the Police and the banking sector on preparations, including systems and safeguards, with a view to rolling out the new mechanism later this year.

New threats: digital assets and new payments systems

In building these new tools we must also be mindful that threats evolve.  One area where this is particularly true is the growing popularity of digital assets, whose market capitalisation has doubled over the past 18 months, reaching US$4 trillion today.  The unique characteristics and vulnerabilities of digital assets are already being exploited for fraud and other forms of financial crime.  While the decentralised and largely unregulated nature of global digital asset markets is driving revolutionary developments in financial services, there is increasing evidence that they are also providing fertile ground for various fraudulent schemes.  Examples include fake initial coin offerings, and the use of deceptive emails and websites to steal private keys and access wallets.  According to a blockchain analytics firm, crypto-related crimes detected globally in 2024 reached US$40 billion, which is likely to be an underestimate as many cases may have gone undetected or unreported.

As the crypto market continues to expand, there is growing awareness amongst regulators and industry stakeholders of the enhanced security and risk management measures needed to protect users against fraud and other financial crimes.  This is why, in rolling out a new regulatory regime for stablecoin issuers in Hong Kong, the HKMA has taken a risk-based but cautious approach.  This reflects the HKMA’s commitment to maintaining financial integrity and addresses concerns recently expressed by the global central banking community.  As part of this regime, we have formulated a set of clear and proportionate AML requirements on stablecoin issuers, emphasising the importance of robust customer due diligence process and effective transaction monitoring systems.

But as with any new regulatory framework, we will keep our rules under review, making sure they remain suitable for the stablecoin market as it develops.  As yet, no regulator has a full understanding of the risks and what is needed to address them, but through increased collaboration – with consumer groups, with industry, with academia, and with overseas experts here today – we can shape the future regulatory regime for this new sector.  

Conclusion

Ladies and Gentlemen, the priorities I have highlighted – to be more adaptable in our implementation efforts, leveraging advanced techniques including AI to strengthen protection for customers from digital fraud, and the need to push further on information sharing – are all intended to improve early detection so that outcomes and interventions can keep improving.

And just as we at the HKMA, as a regulator, strive to make our regime increasingly focused on outcomes and effectiveness, I want to encourage all of you, whatever your sector or role in AML/CFT, to work with us in transforming our approach.  We need this transformation to make sure that we have a high-performing regional and global AML ecosystem that supports a financial system fit for our digital future, and appropriately manages the risks which come along with the many benefits of digitalisation.

With that, I hope you all enjoy the rest of what, I am sure, will be a very productive two days of sharing and discussions.

Thank you.