The two-year circuit-breaker

Banks and other financial institutions are already required to keep their institutional risk assessments up-to-date, but paragraph 2.10 of the Proposed Revised Guideline calls for a periodic review at least once every two years - or perhaps more frequently if "trigger events" happen which affect their exposure to various risks.

Cross-border correspondent banking

FATF Recommendation 13 requires financial institutions to do more background checking than usual and take more risk-mitigating measures that usual when dealing with cross-border correspondent banking and other similar relationships. A typical example of a cross-border correspondent relationship in the securities sector is one between a global securities firm (the correspondent) that executes securities transactions on a stock exchange and the overseas intermediary for which it acts. The overseas respondent intermediary, in turn, operates on behalf of its underlying local HNW customers.

Paragraph 4.20.5 of the Proposed Revised Guideline specifies that the correspondent institution should apply the following "additional due diligence measures" when it establishes a cross-border correspondent relationship with an overseas financial institution (i.e. the respondent institution).

• Collect enough information about the respondent institution to enable it to understand the full nature of the respondent institution’s business.
• Determine from publicly available information the reputation of the respondent institution and the quality of its supervision by authorities in that place which perform functions similar to those of the relevant authorities - in other words, regulators of the financial sectors covered by the Anti-Money-Laundering Ordinance.
• Assess the AML/ATF controls of the respondent institution and be satisfied that they are adequate and effective.
• Obtain approval from its senior management.
• Gain a clear understanding of the respective AML/ATF responsibilities of the licensed firm (or listed corporation, as the regulator calls one of its charges) and the respondent institution as far as the cross-border correspondent relationship is concerned.

Paragraph 4.20.6 sets out some risk factors which the SFC wants to oblige firms to take into account in this regard, for example:

• the purpose of the cross-border correspondent relationship and the nature and expected volume and value of transactions;
• the ways in which the respondent institution performs services for its underlying customers through an account maintained by the licensed corporation for the respondent institution (referred to as correspondent account).
• the types of underlying customers and the extent to which the respondent institution believes the underlying customers and their transactions to be highly risky; and
• the quality and effectiveness of the AML/ATF regulation as well as supervision by authorities in the jurisdictions in which the respondent institution operates or is incorporated.

As an example of the second point, the firm in question should ask itself whether or not some underlying customers of the respondent institution are also its respondent institutions (i.e. downstream respondent institutions) which could use the correspondent account to conduct transactions. As the involvement of downstream respondent institutions is likely to cause fresh uncertainty about whether and how CDD ("customer due diligence") measures were conducted on their respective underlying customers and the possible involvement of shell banks, the ML/TF risks associated with such a nested correspondent relationship become greater. A nested correspondent relationship entails the use of a correspondent account by a number of respondent institutions through their relationships with the listed corporation’s direct respondent institution to conduct transactions and obtain access to other financial services.

When assessing the adequacy of AML/ATF controls at a respondent institution, the licensed firm might want to send it a "due diligence questionnaire" or even, if the risk is especially high, visit it or conduct interviews with its compliance officers or even call for an ad hoc review by a third party.

PPTAs

There are more rules to govern persons purporting to act on behalf of the customer (PPTA). Firms are already obliged to verify the identities of these people/entities. The SFC now says that a firm should generally have regard to whether a person might be considered as instrumental in carrying out the ML/TF scheme should the account or transaction involved be found to be linked with criminal activity. It provides examples of this.

Paragraph 4.4.1 of the Proposed Revised Guideline indicates that every firm should think about the ML/TF risks that pertain to a business relationship with a customer when deciding whom to consider as a PPTA. There may be fewer PPTAs for a relationship which poses lower risks than for one which poses higher risks.

The guideline, when it is complete, will be published under section 399 Securities and Futures Ordinance, Cap 571. Comments must be submitted in writing no later than 18 December.