On 7 March 2023, the Hong Kong Monetary Authority (HKMA) released an advisory statement on Balanced and Effective Anti-Money Laundering and Counter-Financing of Terrorism (AML/CFT) Measures in Private Banking, providing private banks with further guidance on key AML/CFT requirements.1
Despite the high potential exposure to money laundering and terrorism financing (ML/TF) faced by private banks, due to the nature of their client base, the size of the transactions they handle, and the complexity of the financial products they offer, the majority of their client base consists of legitimate customers. This means conducting the required level of due diligence tends to put an unnecessary strain on the banks’ operations while simultaneously inconveniencing their customers.
To balance operational and business requirements and customer experience with the need for risk mitigation, the HKMA’s new circular calls for the adoption of a risk-based approach (RBA) in the business practices of authorised institutions (AIs) and emphasises the need to prevent undue burden on legitimate businesses. This new circular aligns with the Financial Action Task Force (FATF) recommendations and HKMA FAQ regarding AML/CFT and coincided with the release of the Monetary Authority of Singapore (MAS) circular on ML/TF Risks in the Wealth Management Sector.
The quantum of customer due diligence (CDD) required to protect AIs from ML/TF risks has seen a significant increase. This corresponds to the complexity of know-your-customer (KYC) policies (as recommended by regulators) and the rapid growth of the HNWI customer base. Through recent customer feedback, the HKMA has recognised the burden such a level of scrutiny places on legitimate customers and concluded that the use of RBA in line with FATF recommendations would be the prudent course of action for AIs.
The guiding principles for RBA include:
AIs should review their existing policies to ensure compliance with RBA. The HKMA is urging AIs to adopt RBA in their AML/CFT policies to reduce the burden on private banks and customers during onboarding, ongoing monitoring, and adoption of new AML/CFT regulations.
Certain scenarios where the application of RBA should be considered, as recommended by the HKMA, include:
The HKMA requires AIs to treat customers fairly while implementing RBA. This entails transparent, reasonable, and efficient procedures for account opening and operations. By promoting RBA, the regulator is taking a proactive role in promoting regtech adoption. It also advocates for a comprehensive AML/CFT approach that goes beyond due diligence and leverages technology to identify customer risks.
Recognising the challenges that AIs face, we recommend that private banks:
Senior management oversight is required to establish a strong control framework around RBA. Implement a balanced and risk targeted approach to optimise CDD measures.
Segment the risks into categories, such as customer risk, geographical risk, product and business vulnerability risk, and channel risk, to effectively manage them. Additionally, we recommend that you identify fiscal and tax risks for your clients.
Formulate controls not only to meet the regulatory requirements but also to curb ML/TF risks. Map your existing processes, identify the gaps, and implement risk-based control nodes.
Integrating KYC and transaction monitoring processes with advanced monitoring systems that use artificial intelligence and network link analysis (NLA) can improve money laundering detection and ongoing monitoring of customer activity.
Speak with our experts to find out more about the industry’s best practices and what your organisation should do to ensure adherence to regulatory requirements and effective risk management.
1. Balanced and effective AML/CFT measures in private banking (HKMA, 7 March 2023).