Private banks and other wealth managers in Hong Kong have been using temporary - and not so temporary - AML control measures in response to the Coronavirus, according to the Hong Kong Monetary Authority.

Customer due diligence (CDD) involving social distancing and travel restrictions

Hong Kong is gradually easing its 'lockdown' measures against the Coronavirus but the process is a bumpy one. On Monday last week, the jurisdiction extended its social distancing rules for the next seven days because the epidemic remained, in the government's words, "severe."

Against this backdrop, disruptions due to the virus have affected wealth management firms' efforts to use  traditional methods to deal with customers and in many cases have halted the physical processes by which they verify customers’ identities. Firms have, however, offered more remote on-boarding initiatives to retail customers and a few of them, including some virtual banks, are expediting various pre-existing plans of their to onboard corporate customers remotely by using the technology that they have been using to on-board HNW retail customers and drawing on the experience that they have already gained from it. These initiatives are being, or will be, tested in the HKMA's Fintech Supervisory Sandbox.

Some firms are using video conferencing as a stopgap measure to deal with customers during the on-boarding process and in the course of CDD reviews. To offset any assessed risks, they have generally confined the service to specific groups of customers who meet certain criteria and have added more layers of control, perhaps dictating that the initial source of funds must come from same-name accounts at other banks, with no third-party payments allowed to occur before a face-to-face meeting happens.

Under the current exceptional circumstances, some firms use the option of “delayed verification” to be found in the Anti-Money-Laundering and Counter-Terrorist-Financing Ordinance when they establish new relationships while following appropriate risk-management policies and procedures. For example, some of them accept scanned copies of identifying documents from prospective overseas customers when establishing business relationship as a stopgap measure, with an intention of verifying physical identifying documents as soon as this is possible. These firms apply a range of measures to offset the risks that they run when taking this approach, such as:

• limiting these stopgap measures to customers who have met their staff before the pandemic began;
• monitoring their activities on their accounts far more stringently; and
• limiting the things that they are allowed to do on their accounts.

Continuing CDD

It comes as no surprise that firms have experienced delays in, or have been unable to complete, continuing (or, as the HKMA puts it, 'ongoing') CDD reviews because customers were unavailable (e.g. unable to travel, quarantined, ill or unable to obtain the requisite documents because of their restricted mobility). Some firms have taken a good risk-based approach, sometimes by placing greater emphasis on reviewing their riskier customers and making more exceptions for the less risky, keeping copious notes of their assessments and evolving plans for clearing any backlogs as soon as possible.

Most retail banks are still looking for adverse news about their customers as part of their "ongoing monitoring," as the HKMA puts it. One firm has temporarily lowered the amount of "screening for lower-risk business segments" because it is the only way to keep directing adequate resources at the more risky of its relationships or its more crucial functions. It assessed the risks involved and made its decision accordingly while keeping adequate records and gaining the regulator's approval by "staying agile to respond to any changes to its risk assessment."

Dwindling AML resources

Most firms are trying to ward off fresh infections by using work-from-home or split-team arrangements (e.g. splitting teams at different offices on alternating schedules) as part of their business continuity plans.

Transaction monitoring and screening systems

The labour-intensive work of clearing alerts generated by transaction monitoring and screening systems has posed many problems during the pandemic, especially at firms that normally rely on service centres in overseas, heavily-locked-down jurisdictions.

Some firms have risen to the challenge by paying more attention to the highest-risk alerts and letting the others slide somewhat. The HKMA is always pleased when it sees them drawing up plans to clear their backlogs as soon as the situation permits.

A number of firms have also expedited the exploration of regulatory technology or RegTech (e.g. which the HKMA defines, rather narrowly, as "machine  learning") to deal with high numbers of so-called "false positives," although the HKMA does not say why these should be a particular problem because of the pandemic. Firms have, broadly speaking, done their best not to compromise their controls or risk appetites.

Emerging threats and changes in customers’ behaviour

The HKMA has drawn its subject firms’ attention to a report entitled COVID-19-related Money Laundering and Terrorist Financing Risks and Policy Responses which the Financial Action Task Force, the world's AML standard-setter, published on 4 May, so those firms are well aware of the scams – some new, some old – that the pandemic has brought to the fore. Some firms have observed an increase in digital payments and online transactions, along with a rising number of fraud cases. Some have provided specific guidelines and/or reminders to members of staff to raise their awareness offraud, scams and cyber-security in relation to the Coronavirus. One firm of which the HKMA approves has started to demand further information from customers or confirmation from correspondent banks before processing transactions for accounts with specific features.

The HKMA's grasp of English is not what it could be, so some of the actions of which it approves remain obscure even after it has written about them. In one part of its assessment it hints darkly that firms have been collaborating with each other by setting up "platforms" - a catch-all term - that use "advanced analytics" to detect new threats such as criminal networks and various weaknesses that they all share. It only mentions one example which involves no collaboration – that of an international bank or other financial institution that wanted to understand a customer’s global network and did so by building a global analytic platform that looks for signs of financial crime by analysing data that pertains to customers, transactions and publicly available data. In the eternal "build or buy" debate about AML software, the HKMA seems here to be endorsing the former approach.

The regulator drops more dark hints about "industry-led initiatives established for the purposes of sharing good practices relating to prevention, detection and mitigation measures across the industry." On a less opaque note, it points out that many firms have reminded their customers to stay alert about scams or frauds that are associated with the pandemic, while others have shared specific risk indicators and typologies (case studies, often anonymised) with their peers. Of this, the HKMA approves wholeheartedly.