HKMA fines JPMorgan Chase HK$12.5 million over bad AML controls
Chris Hamblin, Editor, London, 10 January 2019
The Hong Kong Monetary Authority has reprimanded and fined the local branch of JPMorgan Chase Bank for failing to apply anti-money-laundering controls to wire transfers and private banking customers.
The fine has come as a result of the bank breaking ss19(2) and 19(3) Schedule 2 Anti-Money-Laundering Ordinance for its ineffective procedures for spotting and handling wire transfers that did not comply with the ordinance and for failing to discharge its duties under ss3 and 5 of that schedule in respect of "customer due diligence" or CDD, i.e. "know your customer" or KYC controls, and for failing to monitor business relationships continuously. Remediation of these shortcomings is to be backed up by a report prepared by an independent external advisor.
The disciplinary action springs from an investigation by the HKMA which found that JPMorgan broke ss3(1), 5(1), 12(5), 19(1), 19(2) and 19(3) of Schedule 2 to the ordinance between April 2012 and February 2014. Section 3(1) obliges every bank to carry out CDD on a customer before striking up a business relationship with him or performing a transaction for him that involves HK$120,000 or more. Schedule 2 is entitled Requirements Relating to Customer Due Diligence and Record-keeping.
Before the current AMLO came into force in 2012, JPMorgan Hong Kong conducted a gap analysis to see if it complied with the ordinance. The analysis, however, did not cover certain customers. The bank's CDD procedures did not insist on the production of certificates of incumbency (COIs) or comparable documents for the purpose of verifying the existence of those customers. The procedures, moreover, called for the verification of the identities of some beneficial owners, but not all. To compound this, the bank often failed to collect identifying documents or obtain information about the purposes for which customer were setting up accounts.
According to the bank’s procedures and practice, certain related customers were managed in groups. When the bank conducted a periodic review of any one of the customers in a relationship group to ensure that the documents, data and information relating to the customer were up-to-date and relevant, it counted the periodic reviews of the other customers in the same group as complete. Among 495 highly risky customers in such relationship groups, JPMorgan Hong Kong failed to conduct an annual periodic review in respect of 259.
There were also some instances in which JPMorgan failed to notice that its customers were politically exposed persons or PEPs.