Module 3

sfc.hk

Module 3

Module 3

AML/CFT guidelines

issued by the SFC

(August 2007)

20


Relevant AML/CFT Guidelines

Management, Supervision and Internal Control

Guidelines – Para. V.4

Staff performing the compliance function, in conjunction

with management, are explicitly required to maintain, and

enforce effective compliance procedures covering AML.

Guidance Note on prevention of Money Laundering

and Terrorist Financing

Requires intermediaries to have in place policies and

procedures to discourage and identify any ML or TF

activities.

21


SFC’s Guidance Note on

Prevention of Money Laundering

and Terrorist Financing

22


volution of SFC’s Guidance Note

on Prevention of ML and TF

AML Guidance Note – first issued in 1995 and was updated

from time to time to reflect the latest changes

Revised Guidance Note issued in October 2005 and effective

on 30 April 2006

Revised Guidance Note seeks to :

bring our requirements on AML and CFT on a par with

the latest standards set by Financial Action Task Force

on Money Laundering (“FATF”) and International

Organisation of Securities Commissions (“IOSCO”);

build in a fair degree of flexibility to allow firms to

implement provisions on a risk-sensitive basis; and

provide additional guidance on practical measures.

23


International standards adopted by the

SFC in revising the Guidance Note

FATF 40+9 Recommendations

(website: www.fatf-gafi.org)

IOSCO’s Principles

(website: www.iosco.org)

24


Major requirements of the AML

Guidance Note







AML policies and procedures

Customer due diligence

Record keeping

Staff screening, education and training

Designation of a compliance officer

Recognition and reporting of suspicious transactions

[To have a better understanding of the requirements of the

Guidance Note and to assess your firm’s compliance with the

requirements, please refer to the AML/CFT self assessment

survey issued by the SFC.]

25


AML policies and procedures





Issue statement of policies and procedures, on a group

basis, where applicable for dealing with ML and TF

Ensure that the content of the policies and procedures to

the extent appropriate is understood by all staff

members

Regularly review the policies and procedures to ensure

their effectiveness

Adopt customer acceptance policies and procedures and

undertake customer due diligence measures on a risk

sensitive basis

26


Customer due diligence (“CDD(

CDD”)



Know Your Client (“KYC”)

Guiding principle : Take all reasonable steps

to satisfy yourself as to the true and full

identity of each customer, and of each customer’s financial

situation and investment objective

CDD process should comprise of the following:





Identify the customer (know who the individual or

legal entity is)

Verify the customer’s identity using reliable sources

Identify and verify beneficial ownership and control

Conduct ongoing due diligence and scrutiny

27


Risk-based CDD

Develop polices and procedures to identify higher risk customers.

Factors to be considered:

Who the customer is?

‣ Background or profile of customer (e.g. a politically exposed

person (“PEP”)?)

(“PEPs” is defined as individuals who are or have been

entrusted with prominent public functions, e.g. heads of state

or of government, senior politicians, senior government,

judicial or military officials, senior executives of government

owned corporations and important political party officials.

The definition is not intended to cover middle ranking or

more junior individuals of the foregoing categories.)

‣ Unduly complex structure of ownership for no good reason

‣ Companies that have nominee shareholders or a significant

portion of capital in the form of bearer shares

28


Risk-based CDD

Develop polices and procedures to identify higher risk

customers. Factors to be considered:

What he does?

‣ Occupation or nature of the customer’s business (e.g. casinos?)

Where he comes from and does business?

‣ Origin of the customer and the place of establishment of the

customer’s business (e.g. countries known to your firm to lack

AML or CDD process?) [Note]

How he operates the account?

‣ Means and type of payment (e.g. 3 rd party cheques?)

Any other information that may suggest that the

customer is of higher risk

29


Risk-based CDD

[Note]


The FATF’s list of non co-operative countries and

territories (“NCCTs”) no longer exists. However, under

sections 5.2 and 6.2.7 of the Guidance Note, LCs and

AEs are still required to pay attention to all jurisdictions

known to them to lack proper standards in the

prevention of ML and TF in determining the risk profile

of their customers. You are reminded to pay attention

to this requirement for all references to NCCTs in the

Guidance Note.

30


Risk-based CDD

For high risk accounts:



Should have clear policies setting out the level of

management approval required for establishing

business relationship with such a customer

Adopt enhanced CDD

If the trading pattern of a customer is not in line with

your knowledge of the customer, consider :



Reclassify the customer as high risk

Report suspicious transactions to the JFIU

31


Failure to complete CDD before

commencement of business relationship




Verification can be completed after the establishment of

business relationship where:

• transactions need to be performed very rapidly due to

market conditions

• it is necessary not to interrupt normal conduct of

business

But should adopt clear and appropriate policies and

procedures concerning the conditions and timeframe for

establishing business relationship before verification.

If unable to perform the CDD process within a reasonably

practicable timeframe, discontinue the business relationship

and consider making a suspicious transaction report.

32


Politically exposed persons (“PEPs(

PEPs”)



LCs and AEs are required to put in place appropriate risk

management systems to determine whether a customer is a PEP.

In this regard, you are encouraged to make reference to publicly

available information or commercially available databases.

Below is a list of some commercial databases available in the

market:

World Check (www.world-check.com)

Factiva (www.factiva.com/publicfigures)

Bridger Insight (www.bridgerinsight.choicepoint.com)

Complinet (www.complinet.com)

Integrascreen (www.integrascreen.com)

World Compliance (www.worldcompliance.com)

[The above information is provided for reference only. It does not mean that we have endorsed

the databases listed above.]

33


Record keeping

Maintain recording keeping and retention policy

• Transaction records should be maintained for at

least 7 years

• Customer identification records, account files and

business correspondence should be kept, where

applicable, 5 years after the account is closed

• Records related to on-ongoing investigation or

transactions which have been the subject of a

suspicious transaction reporting – retained until it

is confirmed that the case is closed

34


Staff screening, education and training

Ensure employees taking up key

positions are suitable and competent

Staff should be informed of their own personal legal

obligations to report suspicious transactions

• Drug Trafficking (Recovery of Proceeds) Ordinance

• Organized and Serious Crimes Ordinance

• United Nations (Anti-Terrorism Measures) Ordinance

Provide training for new employees

Provide refresher training at regular intervals

35


Staff screening, education and training

Training should include the following topics :

Current ML and TF techniques, methods and trends

Your firm’s AML/CFT policies and procedures

AML/CFT risk indicators and suspicious activities

Your firm’s procedures for reporting suspicious

transactions

Explanation of all aspects of AML/CFT laws and

obligations, in particular CDD and suspicious

transaction reporting requirements under DTROP,

OSCO and UNATMO

36


Designation of a compliance officer





A person of suitable ranking should be designated for overall

AML/CFT compliance, including acting as a central reference

point.

The compliance officer should not simply receive suspicious

transaction reports, he should proactively identify and report

suspicious transactions.

The specific task of reviewing reports may be delegated to other

staff but the compliance officer or the supervisory management

should maintain an oversight of the review process.

Compliance officer and other appropriate staff should have

timely access to customer identification data and other CDD

information, transaction records, and other relevant information.

37

More magazines by this user
Similar magazines