For the first time since the Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance (AMLO) came into force on 1 April 2012, the Hong Kong Monetary Authority has exercised its resulting power to impose a pecuniary penalty on a bank. William Hallatt, Senior Registered Foreign Lawyer, and Kyle Wombolt, Partner, Global Head – Corporate Crime and Investigations, Herbert Smith Freehills LLP, discuss the implications of the case.

On 31 July 2015, the Hong Kong Monetary Authority (HKMA) announced that it had reprimanded and fined the State Bank of India, Hong Kong Branch (SBI) HK$7.5 million for contravening four provisions under the Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance (AMLO). The HKMA further ordered SBI to submit a report prepared by an independent external adviser assessing the adequacy and effectiveness of its remedial plan in rectifying the contraventions identified by the HKMA. This is the first case since the AMLO came into force on 1 April 2012 in which the HKMA has exercised its power under the AMLO to impose a pecuniary penalty on a bank. The HKMA's actions clearly demonstrate how seriously it takes such failures. The outcome underscores the importance of having in place effective anti-money laundering and counter-terrorist financing (AML/CFT) internal controls and procedures.

Factual background

The disciplinary action followed the HKMA's investigation, which found that, between April 2012 and November 2013 (a period of about 20 months), SBI contravened four specified provisions of the AMLO. It was found that SBI had failed to:

• obtain the information necessary to carry out customer due diligence measures and identify or verify the identities of the beneficial owners in respect of 28 corporate customers, contrary to Section 3(1) of Schedule 2 to the AMLO
• continuously monitor its business relationships with its customers, contrary to Section 5(1) of Schedule 2 to the AMLO
• establish and maintain effective procedures for determining whether its customers (or their beneficial owners) were politically exposed persons before establishing business relationships and on a periodic basis thereafter, contrary to Section 19(1) of Schedule 2 to the AMLO, and
• establish effective procedures to ensure compliance with the AMLO, contrary to Section 19(3) of Schedule 2 to the AMLO.

In determining that SBI contravened these provisions of the AMLO, the HKMA had regard to the Guideline on Exercising Power to Impose Pecuniary Penalty and took into account all relevant circumstances of the case, including but not limited to several mitigating factors such as:

• the very positive and intensive remediation work undertaken by SBI to address the contraventions identified in the HKMA's investigation and other weaknesses identified in the HKMA's onsite examination
• SBI's proactive engagement of an external consultant to conduct an extensive review and an audit firm to carry out an internal audit on an ongoing basis
• the fact that SBI's external consultant confirmed that neither actual problem accounts nor suspicious transactions had been identified SBI's implementation of a remedial plan as recommended by the external consultant, and
• SBI's lack of any prior disciplinary record and its cooperation with the HKMA.

Comments

It is unclear whether SBI will make use of the review avenue afforded by Section 59 of the AMLO for persons aggrieved by decisions made in relation to disciplinary action. Under Section 59 of the AMLO, a person who is aggrieved by the decision of a relevant authority (defined in the AMLO to include the HKMA, Securities and Futures Commission, Insurance Authority and Commissioner of Customs and Excise) will have 21 days to apply to the Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Review Tribunal for a review of that decision. We note that this action comes shortly after steps taken by the Monetary Authority of Singapore to enhance the AML/CFT regime in Singapore (see 'Enhanced AML/CFT regime in Singapore' opposite), in particular, in relation to the financial sector. Amongst other things, the reforms introduce enhanced information sharing powers between the Monetary Authority of Singapore and foreign AML/CFT regulators.

Practical tips

The HKMA has obviously sought to send a strong message of deterrence to authorised institutions by means of this case. The HKMA has vowed to take appropriate enforcement action to deter any AML/CFT-related lapses. But those regulated by the Securities and Futures Commission, Insurance Authority and Commissioner of Customs and Excise should also be mindful of AMLO obligations as these regulatory bodies are capable of taking disciplinary actions under the AMLO as well. We expect that these regulatory bodies will take on an equally robust approach as the HKMA to promoting compliance amongst their regulated populations. We therefore advise all those regulated by these bodies to proactively review their AML/CFT policies, procedures, systems and controls to ensure that these are effectively able to mitigate the particular AML/CFT risks faced by the business. William Hallatt, Senior Registered Foreign Lawyer; and Kyle Wombolt, Partner, Global Head – Corporate Crime and Investigations, Herbert Smith Freehills LLP Details of the disciplinary action can be found on the HKMA website: www.hkma.gov.hk, see the press release of 31 July 2015 and the statement of disciplinary action. The contents of this article are for reference purposes only. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action based on this article.  

SIDEBAR: Enhanced AML/CFT regime in Singapore

Earlier this year, Singapore took steps to enhance its Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) regime.

The Notices

The Monetary Authority of Singapore (MAS) issued amendments to 11 Notices on 24 April 2015 providing for the enhanced AML requirements set out below.

Enterprise-wide risk assessment

Under the amended Notices, financial institutions are required to carry out an enterprise-wide risk assessment relating to their customers, countries in which they operate and their products, services and transactions. Further, financial institutions are required to ensure that policies and procedures are in place which manage and mitigate the risks identified.

Risk assessment of new products, practices and technologies

Financial institutions are required to put in place processes aimed at identifying and assessing money laundering (ML) and Terrorist Financing (TF) risks associated with the development of new products and new business practices, including new delivery mechanisms and the use of new or developing technologies. Special attention is to be paid in relation to products or technologies that favour anonymity and that deal with customer funds or the movement of such funds. The special ML/TF risk assessments are to be undertaken prior to the launch or use of such products or technologies and are to be in addition to and separate from the assessment of other types of risks, such as credit risks.

Cross-group information sharing

Financial institutions incorporated in Singapore are to put policies and procedures in place that provide for the sharing of customer, account and transaction information across branches and subsidiaries and to the group level's compliance and audit for purposes of customer due diligence (CDD) and ML/TF risk management. These policies and procedures are to take account of relevant data privacy and secrecy laws of the countries or jurisdictions in which the branches and subsidiaries are located. The latter condition will require a good grasp and understanding of local privacy, secrecy and confidentiality laws to avoid an inadvertent breach of local laws.

Remediation required in relation to higher risk customers by 24 October 2015

Financial institutions are required to conduct the detailed CDD measures set out in the Notices in relation to existing customers. The MAS has requested financial institutions to prioritise the identification of higher risk customers and to ensure that the detailed enhanced CDD measures are applied in relation to those customers by 24 October 2015. For example, Politically Exposed Persons (PEPs) are considered higher risk, and customers which are from a country known to have inadequate AML/CFT measures may be considered higher risk. The Notices have extended the scope of PEPs by including 'international organisation’ politically exposed persons. New enhanced CDD measures include an increase of the degree and nature of the monitoring of the business relations with and the transactions for the customer in order to determine whether they appear unusual or suspicious.

The MAS Amendment Act

In addition to the Notices, the Monetary Authority of Singapore (Amendment) Act 2015 (MAS Amendment Act) came into force on 26 June 2015. The amendments specifically mention the need to comply with the CDD requirements under the Notices and reiterate that a breach of the requirements may result in fines. The Amendments consolidate and set out the investigatory powers of the MAS in relation to compliance with the AML and CFT requirements. More substantive changes provide for the MAS's enhanced powers to share information with foreign AML/CTF authorities in relation to financial institutions compliance with AML/CTF requirements.

Although financial institutions

will no doubt be concerned with what information can be shared with whom, 11 safeguards regarding purpose, scope and confidentiality have been included in the MAS Amendment Act which need to be satisfied in the context of an information sharing exercise. It is of note that in certain circumstances, the foreign authorities may share information with third parties, with the MAS's consent.

Comment

If not already done, financial institutions will need to identify the Notices and guidance applicable to their business and ensure that their AML and CFT policies and procedures are compliant with the more detailed and enhanced requirements. The Notices and the MAS Amendment Act are a further illustration that the MAS is likely to pay increased attention to AML and CFT compliance. Further, we have been seeing increased levels of cooperation and information sharing between regulators and law enforcement agencies across different countries, and the Amendments to the MAS Act suggest that this trend will continue.