On 26 April 2021, the Hong Kong Monetary Authority (HKMA) published its key observations and good practices from a thematic review on the use of external information and data by authorised institutions (AIs) in their anti-money laundering and counter-financing of terrorism (AML/CFT) control systems.
The thematic review was part of the HKMA’s response to emerging risks in connection with Covid-19 related fraud, mule account networks and activities related to identity theft and investment scams, which have been the subject of increasing bank customer enquiries and complaints to the HKMA.
The HKMA’s circular to AIs attaches a note which sets out four key messages together with its observations from the thematic review and examples of good practices by AIs. It has also published a circular to stored value facility (SVF) licensees, to whom the findings of the review also apply.
Next steps for AIs and SVF licensees
The HKMA expects AIs and SVF licensees to review its guidance and findings and adopt the most appropriate arrangements (commensurate with their size, business scope and risks) to optimise the performance of their AML/CFT systems.
AIs and SVF licensees should also consider the report “AML/CFT Regtech: Case Studies and Insights” published in January 2021 by the HKMA in collaboration with Deloitte (January 2021 Report), which highlights opportunities offered by regtech to improve the efficacy and efficiency of AML/CFT efforts by financial institutions through real-life examples.
Scope of thematic review
The thematic review examined AIs’ end-to-end processes in handling and using information and data from various sources, including intelligence from the Fraud and Money Laundering Intelligence Taskforce (FMLIT), and how this enabled a more effective management of money laundering and terrorist financing (ML/TF) risks.
The FMLIT was established in 2017 by the Hong Kong Police Force in collaboration with the HKMA, the Hong Kong Association of Banks and a number of banks, with a view to enhancing the detection, prevention and disruption of serious financial crime and money laundering threats. In a recent speech, Mr Arthur Yuen (Deputy Chief Executive of the HKMA) stated that since its launch in 2017, actions taken by banks through the FMLIT have led to HK$692 million in proceeds of financial crime, investment scams, fraud and other serious crimes being restrained or confiscated.
HKMA’s four key messages and observations from thematic review
The following are four key areas set out by the HKMA which AIs and SVF licensees should consider, together with the HKMA’s observations from the thematic review and examples of good practices of AIs.
Integrate information and data from external sources into AML/CFT system to enhance targeting and mitigation of specific ML/TF risks
- The AIs involved in the review made use of information and data received externally and internally, such as case-specific and typological information received from the FMLIT (which they have found to be helpful), customer due diligence and transaction data, and confirmed scam-related bank accounts identified in their customer bases.
- In the analysis phase:
- an AI proactively developed a list of common risk indicators by analysing customer profiles and transaction patterns, and used dedicated data analytics to identify additional suspicious accounts displaying the common risk indicators;
- another AI incorporated external information into its internal analysis by conducting Covid-19 related keyword searches in payment references;
- the same AI conducted data analysis on customer transactions (such as the reasonableness of increase in transactions or a continuation of cash activities during the pandemic) with the support of data analytics and visualisation capabilities, to identify higher-risk transactions for further analysis.
- Following analysis, the AIs filed suspicious transaction reports (STRs) to the Joint Financial Intelligence Unit where warranted. Some AIs incorporated the new information and learnings into their AML/CFT systems, as well as shared the information and learnings with their staff to increase awareness. An AI also took the initiative to share its observations and risk indicators from its analysis externally via an FMLIT alert circulated to all AIs and SVF licensees.
- AIs which are less mature in their use of technology are actively exploring the adoption of more advanced technology for mitigating ML/TF risks. AIs which had increased the level of external information and data integration into their AML/CFT systems, supported by more advanced and dedicated technology such as network analytics, demonstrated stronger capabilities to identify higher-risk relationships, suspicious transactions and networks of mule accounts.
Take note of success factors for integrating external information and data to enhance effectiveness of AML/CFT systems
- Senior management support – This includes strong direction by senior management to strengthen and better support the integration of external information and data for enhancing AML/CFT systems, as well as to contribute to the ongoing strategic development of the FMLIT for the benefit of the AI as well as the wider ecosystem.
- Appropriate technology tools – These include data analytics tools to monitor fraud trends and technology tools to monitor digital footprints (for example, to identify mule account networks), to extract and gather data, and to visualise connectivity of data such as common behaviours or attributes.
- Internal collaboration and awareness – This includes sharing intelligence (such as FMLIT alerts) and investigative approaches across internal teams within the AI and with other group entities to enhance awareness and better manage ML/TF risks.
- Other factors highlighted in the January 2021 Report, including data and process readiness (see pages 32-34).
Further collaborate and contribute case-specific and typological information into AML/CFT ecosystem
- To effectively tackle ML/TF risks on an industry-wide basis, it is important for all stakeholders to collaborate. The thematic review has seen AIs collaborating and sharing intelligence in a number of ways, including via the FMLIT and an HKMA knowledge sharing event.
- Some AIs have also proactively shared observations and analyses (such as identification of accounts relating to fraud cases based on common attributes) with law enforcement agencies, which in turn shared the information in the form of case-specific intelligence on the FMLIT platform.
Develop performance measurements to analyse efficiency and effectiveness of integration of external information and data into AML/CFT systems
- The ability to define and measure the value and benefits for integration of external information and data into AML/CFT systems will enable internal and external stakeholders to assess how this contributes to a more effective framework, and should better inform the allocation of resources.
- An AI under review has maintained statistics on the intelligence received from the FMLIT, such as the number of customers with a nexus to case-specific information, the number of STRs filed, and the amount of assets held by the AI subject to a “no consent” decision by the JFIU due to intelligence received from FMLIT.
- Another AI maintained a framework to measure the tangible value (such as the number of STRs filed and the amount of customer losses prevented) as well as intangible value (such as the impact on its customers and the benefits to its staff and the ecosystem by increasing collective awareness) as a result of integrating external information and data into its AML/CFT system.
- Further information about performance measurement can be found in the January 2021 Report (see pages 42-43).