We are now starting to see signs of momentum building on AML/CTF enforcement cases in Hong Kong. With it, there are some useful practical examples for securities firms.
The SFC this week reprimanded Zhongtai International Securities Limited (“Zhongtai”) and fined it HKD2.6million for AML/CTF failures connected to third party deposits.
Similar to the AML/CTF enforcement action we reported on recently, Zhongtai failed to sufficiently monitor third party payments and failed to establish adequate and implement appropriate controls. It also failed to maintain proper and accurate records of internal assessments of the third party deposits.
This article summarises the key facts and findings – as well as some useful guidance that can be drawn from this case.
Some more details of what happened
Zhongtai had documented internal processes in respect of the receipt and approval of third party payments, including an established documentation and approval process in the event that a third party payment was made to a client account. However, in practice, numerous deficiencies were identified in the implementation of controls. This included:
- insufficient controls – inadequate procedures to review, scrutinise and identify third party payments in practice;
- misunderstanding of roles – a fundamental lack of mutual understanding between Compliance staff and responsible officers in their respective roles – the responsible officers claimed that they signed relevant compliance forms as a matter of procedure, not necessarily as approval; and
- poor internal communication – inadequate communication between internal staff and lack of procedure in place.
These failures were demonstrated by its treatment of certain third party deposits.
Specifically, Zhongtai established client sub-accounts with a third party bank (“Sub-Accounts”) and allowed third party payments to be made through these Sub-Accounts without following its own internal processes. This included allowing third parties to make deposits to the Sub-Accounts without completing Zhongtai’s documentation or notifying Zhongtai of the deposits. Furthermore, no compliance or senior management monitoring or scrutiny of the payments was undertaken.
Curiously, the SFC noted some particularly unusual deposits including one company making deposits of over HK$70milion to three Zhongtai clients over two weeks with vague descriptions attached to the payments such as “friend” and “friend helping to deposit”. However, the payments were processed without monitoring or scrutiny.
The following chart illustrates the scenario in simple terms:
Lessons learned (…actually, some pretty useful guidance)
The SFC has a clear interest in processes surrounding the acceptance and monitoring of third party payments. In our 7 March alert, we described its expectations, which (crudely put) basically prohibit third party payments except with very stringent controls and approval mechanics.
If you allow third party payments to be received, consider the following:
No individual action…yet
The SFC has not yet announced any action against specific individuals, although it hints at some degree of individual culpability in its Statement of Disciplinary Action. You might recall that the SFC imposed a 9 month ban recently on the responsible officer of a regulated brokerage, as we reported here.
More action to come?
We knew that the SFC was focussing on AML/CTF and were expecting enforcement action to be announced this year (see our predictions on 2017 SFC enforcement trends here). It remains to be seen whether these recent announcements precede a slew of enforcement to come or whether we have seen the SFC’s action on AML/CTF for the time being.
Another question is whether or not we’ll start to see more significant fines, as well as any formal prosecutions under the Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance (Cap. 615) in relation to firms or individuals. Criminal penalties and personal liability loom large.