Circular to Licensed Corporations and Associated Entities
Anti-Money Laundering / Counter Financing of Terrorism (“AML/CFT”)
Compliance with AML/CFT Requirements
The SFC has identified compliance with Anti-Money Laundering and Counter Financing of Terrorism (“AML/CFT”) requirements as a focus of supervision of intermediaries. In the past year, AML/CFT compliance was one of the areas that the SFC examined during its routine inspections of licensed corporations (“LCs”) and associated entities (“AEs”). The SFC also conducted in-depth reviews of selected firms’ internal AML/CFT policies, procedures and controls (collectively referred to as “AML/CFT systems”) through thematic inspections.
During 2016, the SFC reviewed the AML/CFT practices in more than 290 firms, and identified more than 200 incidents of non-compliance1 of varying degrees and nature. Among these incidents, the SFC has identified the following key areas of concern where the AML/CFT systems of some LCs had fallen short of compliance with relevant provisions of the AML Guideline2, the Code of Conduct3 and/or the Internal Control Guidelines4:
(a) failure to consider relevant money laundering and terrorist financing (“ML/TF”) risk factors, use relevant available data and keep sufficient documentation in the course of conducting Institutional Risk Assessment5 to identify and assess the ML/TF risks to which the LCs are exposed;
(b) failure to provide adequate internal guidance to staff and perform compliance monitoring to ensure the effectiveness of AML/CFT systems;
(c) deficiencies in the implementation of certain customer due diligence and ongoing monitoring measures; and
(d) inadequate monitoring, evaluation and reporting of suspicious transactions.
The SFC wishes to remind LCs and AEs that they should have appropriate and effective AML/CFT systems in place to mitigate the risks of ML/TF.
With a view to raising the awareness of LCs and AEs about the importance of Institutional Risk Assessment and some key aspects of the implementation process, we set out the key inspection findings and elaborate our regulatory guidance relating to Institutional Risk Assessment in Appendix 1. Case examples of deficiencies or inadequacies other than those in Institutional Risk Assessment found by our inspections and their related guidance are set out in Appendix 2.
LCs and AEs should review their AML/CFT systems against Appendix 1 & 2 and take immediate actions to rectify any similar breaches or deficiencies.
In addition, LCs and AEs are encouraged to consider the examples of good practices6 outlined in Appendix 3 and assess whether any of these measures should be appropriately adopted in their own AML/CFT systems to strengthen management supervision and AML/CFT compliance programs.
AML/CFT compliance will continue to be a focus of the SFC’s supervision of LCs and AEs in the coming year. The SFC will take regulatory actions including enforcement proceedings where appropriate against firms found to have breached AML/CFT requirements, and will continue to monitor compliance by conducting inspections and the use of other supervisory tools. As part of the ongoing effort to improve AML/CFT compliance, particularly in areas where deficiencies and inadequacies are detected, the SFC will continue to provide regulatory guidance through circulars, training seminars, etc. to assist LCs and AEs in enhancing their AML/CFT systems.
Should you have any queries regarding the contents of this circular, please contact Ms Kiki Wong at 2231 1569.
Intermediaries Supervision Department
Securities and Futures Commission