Do you know where that money is coming from?

The Hong Kong Securities and Futures Commission (SFC) has issued its largest fine ever for violations of anti-money laundering (AML) and counter-terrorist financing (CFT) regulatory requirements. Last month, the SFC announced that it has fined Guosen Securities (HK) Brokerage Company, Limited (Guosen) HK$15.2 million for its internal control deficiencies and breaches of AML/CFT regulations1.

This is more than double the fine for similar breaches in the past. The SFC's record breaking fine against Guosen appears to be due to an egregious breakdown in its systems and controls to identify and monitor AML/CFT risks, as well as senior management's outright disregard to AML/CFT concerns.

Where Guosen went wrong

Guosen was found by the SFC to have, during the 14-month period between 1 November 2014 and 31 December 2015, failed to implement appropriate internal controls in relation to the handling of third party deposits (TPDs). These failures led to over 2,200 unusual or suspicious TPDs amounting to over HK$2.3 billion.

In particular, the SFC found that:

  1. Guosen accepted 221 TPDs of approximately HK$1 billion into its main accounts. As for its sub accounts2, Guosen accepted over 12,000 deposits (a majority of which were TPDs) of over HK$4.7 billion. No enquiries of the transfers or verification of the TPD identities were made. In fact, Guosen's system would automatically process electronic deposits, regardless of the source or amount.
  2. AML/CFT systems were not regularly reviewed for their effectiveness. Moreover, Guosen's senior management had ignored the internal control deficiencies pointed out to them by a staff member.
  3. Guosen processed 780 TPDs of approximately HK$990 million which were incommensurate with the clients' net worth. Many of these transactions were back-to-back transfers or had unusual patterns. It was apparent that Guosen's accounts were used as a conduit for suspicious transfers. These red flags were undetected as Guosen did not have systems or procedures in place to continuously monitor their client activities to ensure consistency with the clients' profiles.
  4. There was a complete breakdown in Guosen's suspicious transactions reporting procedures. Employees were unclear about the internal AML/CTF policies including procedures for handling TPDs. Employees were also unaware of the trigger events that would warrant a suspicious transaction report and did not know the identity of the Money Laundering Reporting Officer (MLRO). Further, the then MLRO not only failed to actively identify and report suspicious transactions, but turned a blind eye to the TPDs reported by the then Head of Settlement.

As such, the SFC is of the opinion that Guosen has been guilty of misconduct under the SFO and its fitness and properness to remain a licensed corporation has been called into question.

Turning a blind eye to third party deposits risk – what are the consequences?

The record breaking fine is likely due to the large number of transactions and monetary value involved. The message is clear: the SFC will not tolerate weak internal systems and controls and blatant oversight of management's responsibilities to address vulnerabilities of the same.

In the past year or so, Hong Kong has witnessed a downward trend in the number of investigations initiated3, which is attributable to the SFC's shift to focus on larger and higher profile investigations and enforcement actions4. Nonetheless, this should not be seen as a sign of relaxation on its part. The SFC has recognised that money laundering continues to be a persistent risk globally, and has strengthened its enforcement actions against firms with internal control failures related to know-your-client or anti-money laundering requirements5. Financial crime is especially a concern in a market fraught with TPDs.

In light of this, senior management should not just pay lip service to their duties to prevent and address money laundering/counter financing risks and should note the following:

  • TPDs should be afforded heightened scrutiny as they are more susceptible to financial crime. Payment arrangements can be used to disguise identities and the source of funds. If your firm continues to handle TPDs, it must ensure an effective approval and monitoring process in respect of TPDs, including procedures for identity verification of third parties and for keeping a contemporaneous record of the necessary enquiries. It goes without saying that firms should conduct thorough know-your-client and source of wealth analysis of clients prior to on-boarding.
  • Firms should regularly review and update their AML/CFT internal controls and systems. Senior management should properly document their reviews to demonstrate to the SFC that AML/CFT compliance is regularly on their agenda and in the event of an incident, to demonstrate that the firm has taken all reasonable measures to ensure proper safeguards exist to mitigate money laundering/terrorist financing risks.
  • Follow the procedures. An ongoing theme in recent cases is that firms have failed to adhere to their internal policies regarding the applications of TPDs before they are processed. Documentation of proper enquiries and verifications made should be maintained in the event of any incident or challenge to the due diligence done.
  • Staff should be familiar with the AML/CFT procedures and adequate training be given of their compliance-related duties. Staff should be taught to stay vigilant about unusual transactions, and be aware of the procedures for identifying red flags and reporting of suspicious transactions.

  1. enforcement-news/doc?refNo=19PR10
  2. Guosen allowed its clients to deposit funds into its "main accounts" or "sub-accounts". "Main accounts" are the designated client accounts maintained by Guosen with various banks, whereas "sub-accounts" are the sub-accounts maintained by Guosen under one of its master bank accounts. 
  5. Enforcement Reporter February 2018 communication

Author: Stephanie Tsui, Associate, Hong Kong

Download PDF Back To Listing