Our Ref: B10/1C
14 November 2005
The Chief Executive
All authorized institutions
Dear Sir / Madam,
In the light of the recent incident involving Banco Delta Asia SARL, some Authorized Institutions ("AIs") sought our clarification on the level of due diligence expected of them in combating money laundering and terrorist financing activities. We therefore consider it useful to write to all AIs to clarify our supervisory standard and approach. You should note that this letter does not in any way replace or alter our policy requirements and AIs must continue to observe all the circulars and guidelines issued by the HKMA on this subject.
Like other supervisory matters, the HKMA adopts a risk-based approach when evaluating the measures that AIs adopt in combating money laundering and terrorist financing activities. We also expect AIs to take a similar approach and put in place proper safeguards from time to time as situations arise. In other words, AIs should review their policies, practices, and procedures in combating money laundering and terrorist financing activities in the light of emerging events. With regard to the current situation, we believe that legal risk and reputational risk would stand out as particularly important among all risk dimensions, and so warrant special focus.
While we trust that all AIs are fully aware of their legal and regulatory obligations in respect of countering money laundering and terrorist financing, the following serves as a general reminder:
Ongoing obligation to report to the Joint Financial Intelligence Unit (JFIU): The act of reporting suspicious transactions involving a particular account does not necessarily discharge an AI's duty to report suspicious transactions involving the same account in future.
AIs should therefore maintain the same level of stringency in reporting suspicious transactions, notwithstanding that the accounts involved may have been reported to the JFIU before.
Implications arising from regulations of other jurisdictions: While AIs may not be directly subject to regulations of jurisdictions outside Hong Kong, it is advisable, depending on their scale and nature of business, geographical areas of operation etc, for AIs to consider the need for seeking legal advice on the implications of specific foreign laws and orders. This is also important in the context of reputational risk (see below).
Narrow compliance with laws and regulations may not fully protect AIs from reputational risk. AIs need to demonstrate that they have exercised adequate due diligence and put in place vigilant control measures that can effectively pick up suspicious accounts and transactions. In this regard, we would draw your attention to the following in particular:
Evolving nature of money laundering and terrorist financing activities: AIs should keep themselves abreast of news and developments relating to the subject of money laundering and terrorist financing (including the financing of development, production, acquisition, stockpiling, and delivery of weapons of mass destruction). This is particularly important in relation to the identification of names that may trigger suspicion or be perceived as posing higher risk to the institution concerned. In this regard, relevant designation by overseas authorities, such as the list of names published under US Executive Order 13382, provides useful references in addition to those lists that the HKMA draws to the attention of AIs from time to time.
Importance of "Know Your Customer" ("KYC"): The ability to identify suspicious transactions hinges on the quality of KYC processes. To effectively distinguish suspicious transactions from normal ones, AIs need to know their customers, particularly the high-risk customers, to the extent of understanding the normal volume, forms (e.g. cash deposit, remittance, letter of credit) and denomination of their transactions. The usual location of the customers' funding sources and payment destinations as well as other relevant information should also be analysed as far as practicable. In essence, the mere fact of modest transaction amounts may not be sufficient for AIs to determine that there is no suspicion.
Business relationship with high-risk accounts: In addition to reporting suspicious transactions, it is also in the interest of AIs to assess the reputational risk that may arise from maintaining business relationship with high-risk accounts. Adopting the risk-based approach, AIs should evaluate such accounts individually to ascertain the appropriateness of maintaining business relationship with each of those accounts and whether the benefits brought by such business relationship justifies taking up the respective risk. Since these are commercial decisions, AIs will have to make their judgement based on all the information available to them.
AIs should also note that the standard expected of financial institutions in combating money laundering and terrorist financing activities may evolve over time. AIs should in particular keep themselves updated by, for example, studying the implications of cases involving financial institutions found by supervisors in major markets as requiring improvements to their controls for combating money laundering and terrorist financing. The actions taken by the Comptroller of the Currency of the United States earlier this year that involved the New York branch of Arab Bank PLC is an example.
We expect all AIs to carefully assess the stringency and effectiveness of the measures that they adopt in combating money laundering and terrorist financing activities on an ongoing basis. We will continue to vigorously monitor AI's policies, practices, and procedures through our supervision process.
Meanwhile, should you have any question arising from this letter, please feel free to contact your usual supervisory contacts at the HKMA.