資訊洞見
The UK’s Financial Conduct Authority (FCA) recently published the results of its thematic review of a sample of 22 asset management firms and service providers on the effectiveness of their anti-money laundering (AML) and anti-bribery and corruption (ABC) systems and controls.
FCA’s findings and what they mean for SFC licensed corporations
The FCA found that the strength of the AML and ABC policies of the firms sampled varied to a large degree. Generally, firms were better prepared to identify and deal with money laundering risks than bribery and corruption risks. Here we look at some of the FCA’s key findings, which may be instructive as to the regulatory focus of Hong Kong’s Securities and Futures Commission (SFC) in this area going forward.
1. Governance, culture, and management reporting
As expected, most firms had in place AML and ABC policies and procedures that were administered by clearly identified departments and individuals. However, it was not always clear how senior management, who are ultimately responsible for risk management, provided effective monitoring. The FCA found that to the extent that firms produced regular reports to their senior management on AML and ABC, some of these reports did not provide sufficient details or were not submitted in a timely manner, thus rendering them less meaningful.
What does this mean for SFC licensees?
Under the Code of Conduct, senior management is expected to manage the risks of a licensed corporation, which includes evaluating its risk management processes. Senior management should therefore allocate sufficient time to risk management and keep in close contact with the departments/individuals primarily responsible for risk management. They should also initiate follow-up action if required and review any reports on AML and ABC in a timely manner.
2. Risk assessments
The FCA report indicated that some firms failed to conduct adequate assessment of their money laundering and bribery and corruption risks. They also failed to classify risks consistently and act on the outcomes of such assessments. These deficiencies hinder the extent to which those risks may be mitigated.
What does this mean for SFC licensees?
The SFC requires licensed corporations to:
Assessment follows a risk-based approach and is determined on a case-by-case basis. Licensed corporations should therefore ensure that their internal policies cover all facets of money laundering and bribery and corruption risks. They should also clearly set out how those risks are to be classified and followed up. It is also critically important to be able to demonstrate that staff members are thoroughly trained on the internal policies.
3. AML controls
The FCA identified shortcomings in customer identification and verification at some firms, especially in respect of screening for politically exposed persons (PEPs) and keeping client information up to date. Some firms relied on their service providers to conduct customer due diligence but failed to exercise adequate oversight of the external parties. The monitoring of transactions was also poorly documented at some firms, particularly where the operation of transaction monitoring controls was performed by an intra-group function.
What does this mean for SFC licensees?
The SFC has comprehensive guidelines on AML and know-your-client requirements. Licensed corporations should ensure that their staff members are familiar with these. They should also promote a culture of keeping client information up to date and ensuring timely reporting of suspicious transactions to the responsible departments/individuals. Where external service providers are engaged to assist with customer due diligence, licensed corporations should review their standard of service on a regular basis (e.g. by site visits). All of these activities should be documented.
4. ABC controls
The FCA found that the ABC monitoring at most firms predominantly focused on the receipt of gifts and entertainment but failed to adequately consider other forms of bribery and corruption such as third party relationships and payments. In addition, some third party contractual agreements did not include appropriate clauses in relation to bribery and corruption.
What does this mean for SFC licensees?
The SFC has rules which require the disclosure of conflicts of interest and ensure that transactions are conducted at arm’s length. Licensed corporations should review their ABC policy to ensure that it covers not only gifts and entertainment but also third party relationships and payments. Specifically, in relation to third party relationships and payments, the ABC policy should clearly set out the approach to the selection and oversight of third party relationships, as well as controls over payments to third parties. They should also conduct staff training on a regular basis to keep abreast of regulatory changes and new developments.
What now?
Licensed corporations should adopt a proactive approach in managing money laundering and bribery and corruption risks. In the current regulatory environment, the SFC may take on board the findings of the FCA in routine on-site inspections.