Third-party payments: SFC gives industry control measures

Third-party deposits and payments can be used to disguise the true beneficial owner or source of funds so the Securities and Futures Commission (SFC) has asked firms to “give serious consideration to refusing [them]”.

Where a firm is willing to allow a client to use a third party to pay for or receive the proceeds of an investment transaction, great care needs to be taken by the firm, both at the time of payment and on an ongoing basis to address the risk of misappropriation of client assets, money laundering and other misconduct.

There have been several enforcement cases where the SFC determined that the policies, procedures and controls which the firm had put in place for handling third-party deposits and payments were found to be inadequate.

Links to the SFC’s Statements of Disciplinary Action can be found here: 27 May 2019, 18 February 2019 and 9 July 2018. See also our 2017 article relating to enforcement action taken for anti-money laundering failures including third-party payments.

In its 31 May 2019 circular the SFC summarised 20 key control measures with examples of effective practices for third-party payments. Those firms which decide not to heed the SFC’s advice to always refuse such requests, should study this circular very carefully and set up robust controls and systems in order to try and protect senior management members (including the AML Manager-in-Charge (MIC) and the Money Laundering Reporting Officer (MLRO)) from enforcement actions.

The SFC emphasised its position by stating in the Appendix to the Circular: Firms which are unable to put in place adequate control measures to mitigate the inherently high risk and meet the relevant compliance requirements should not accept any third-party deposits or payments.

Asset managers and other intermediaries which do not generally prohibit third-party deposits and payments need to adopt tight control measures and implement robust ongoing monitoring systems. These are briefly summarised below:

1) 

clear and detailed policies and procedures (to be approved by senior management) including:

 
  • a statement of principle discouraging third-party deposits and payments and only permitting them under exceptional and legitimate circumstances having regard to the client’s profile and normal commercial practices
  • examples of acceptable third-party payees / payors, e.g. immediate family members
  • the need to critically evaluate the reasons and need for the third-party deposit / payment
  • that third-party payments should be even more rare than third-party deposits
  • “scrutinisation” of all third-party arrangements
  • “stringent” senior management, i.e. AML MIC or MLRO approval (and in higher risk cases dual approval) for any third-party payment or deposit
  • sufficient documentation of the process and reasons for approval
  • name-screening of and due diligence on the third party and their relationship with the investor
  • a statement that requests that third-party deposits/payments should be refused if the risks cannot be adequately mitigated
  • an obligation to report any suspicious transactions internally to the MLRO, who may make a report  to the Joint Financial Intelligence Unit

2)

effective implementation of the written policies and procedures

3)

“robust” ongoing monitoring of client accounts involving third-party deposits with special attention to the red flags in the AML Guideline

It would seem that rather than prohibiting third-party payments and deposits other than in extreme cases (like the death of the investor), the SFC wants to be seen to be giving firms a choice. However, in light of the onerous control measures which the SFC expects firms to have in place, it now seems unlikely that a firm making an informed choice would accede to an investor’s request in this regard: the personal burden on senior management may simply not be worth the risk.