2018-03-22

Added · Updated

Guide to Enhanced Competency Framework on Anti-Money Laundering and Counter-Financing of Terrorism

The Hong Kong Monetary Authority issued this guide to establish the Enhanced Competency Framework on AML/CFT, encouraging authorized institutions to adopt it as a benchmark for assessing and developing the skills of AML/CFT practitioners. The framework defines a two-tier qualification structure comprising Core and Professional levels, with certification administered by the Hong Kong Institute of Bankers through accredited training and examinations. It mandates annual continuing professional development requirements and outlines specific grandfathering and exemption pathways for existing staff to ensure a sustainable talent pool for Hong Kong's financial sector.

Hong Kong Monetary Authority logo

Hong Kong

Hong Kong Monetary Authority

Click to view thumbnail

Guide to Enhanced Competency Framework on Anti-Money Laundering and Counter-Financing of Terrorism Hong Kong Monetary Authority March 2018 (This latest version replaces the previous version of December 2016. Updates are shown in blue.)

Table of Contents 1 Introduction ................................................................................................................... 3 2 Objectives ...................................................................................................................... 4 3 Scope of application ...................................................................................................... 4 4 Qualification structure and syllabus ........................................................................... 6 5 Certification ................................................................................................................... 6 6 Grandfathering ............................................................................................................. 7 7 Exemption ...................................................................................................................... 8 8 Continuing professional development ......................................................................... 9 9 Maintenance of relevant records ............................................................................... 10 10 Administration of the ECF-AML/CFT ..................................................................... 10 11 Accreditation ............................................................................................................... 10 Annex 1 – Highlights of Competencies for Key Roles of Relevant Practitioners in AML/CFT Compliance ...................................................................................................... 12 Annex 2 – ECF-AML/CFT: Competency Framework ................................................... 15 Annex 3 – Syllabus for ECF-AML/CFT ........................................................................... 16 Annex 4 – Flowchart illustrating the possible routes to meet the ECF-AML/CFT certifications ....................................................................................................................... 26 Annex 5 – Accreditation Mechanism of ECF-AML/CFT .............................................. 28

  • 3 - 1 Introduction 1.1 The financial services industry accounted for about 17.7% of Hong Kong’s Gross Domestic Product (“GDP”) and employed about 7.9% of the total labour workforce in 20161 . Within the financial services industry, banking is the largest contributor in terms of GDP (about 61%) and employment (about 42%) 2 . According to the HKSAR Government’s projection, the financial services industry is the fastest growing economic sector in terms of manpower requirements, with a projected average annual growth rate of 2.2% between 2012 and 20223 . Having a sustainable talent pool of finance professionals is crucial to the continuous growth and development of the financial services industry and to the maintenance of Hong Kong’s status as an international financial centre. 1.2 To this end, a Steering Committee chaired by the HKMA, comprising representatives from the banking industry and the Hong Kong Institute of Bankers (HKIB), has been set up to advise on the development of an enhanced competency framework (ECF) for banking practitioners in Hong Kong. The aim is to develop competency standards for major functional areas which are central to the safety and soundness of banks and where manpower and skills shortages are more apparent. 1.3 In recent years, the threats posed by money laundering and terrorist financing to market integrity and financial institutions have been increasing. As a result, the international anti-money laundering and counter-financing of terrorism (AML/CFT) standards have been evolving to enable financial institutions to strengthen their controls and procedures and build a stronger compliance culture to combat the pertinent money laundering and terrorist financing risks. To meet with the constant upgrading in the AML/CFT infrastructure, there is a need for the banking sector in Hong Kong to build up a talent pipeline to help meet the growing demand for qualified professionals in AML/CFT area. As a result, AML/CFT is designated as one of the first modules to be developed under the ECF.

1 Census and Statistics Department, Hong Kong Special Administrative Region, Hong Kong Annual Digest Statistics, 2016 and 2017 2 Financial Services Development Council, Developing Hong Kong’s Human Capital in Financial Services, January 2015. 3 Government of The Hong Kong Special Administrative Region, Report on Manpower Projection to 2022, April 2015.

  • 4 - 2 Objectives 2.1 The Enhanced Competency Framework on AML/CFT (hereinafter referred to as “ECF-AML/CFT”) features the common core competences required of AML/CFT practitioners in the Hong Kong banking industry. The objectives of the ECF are twofold: (a) to develop a sustainable talent pool of AML/CFT practitioners for meeting the workforce demand in this sector; and (b) to raise and maintain the professional competence of AML/CFT practitioners in the banking industry. 2.2 Although the ECF is not a mandatory licensing regime, AIs are encouraged to adopt the ECF for the following purposes: (a) to serve as a benchmark to determine the level of competence required and to assess the ongoing competence of individual employees; (b) to support relevant employees to attend training programmes and examinations that meet the ECF benchmark; (c) to support the continuing professional development of individual employees; and (d) to specify the ECF as one of the criteria for recruitment purposes. 3 Scope of application 3.1 The ECF-AML/CFT is targeted at “Relevant Practitioners”, including new entrants and existing practitioners, engaged by an AI to perform AML/CFT compliance roles in its Hong Kong operation. Details of the respective roles are classified by a two-level qualification structure (i.e. Core Level and Professional Level) in Annex 1 for AIs to determine whether a staff member is a Relevant Practitioner and, if applicable, the competency level relevant to the staff member. For avoidance of doubt, a staff member is not required to perform all of the roles specified in Annex 1 in order to be classified as a Relevant Practitioner.

  • 5 - 3.2 Generally, the scope of Relevant Practitioners can be applicable across different organisational structures (e.g. whether such roles are housed under a business unit solely dedicated to AML/CFT compliance function or as part of a wider legal and compliance function) and the functional roles rather than the functional titles of staff members should be of essence for considering whether the definition of Relevant Practitioners is met. 3.3 The ECF-AML/CFT is not intended to capture staff performing other job functions that are incidental to AML/CFT compliance (e.g. legal counsels, general compliance officers and internal auditors). Specifically, the following categories of staff do not fall within the definition of Relevant Practitioner: (a) Staff in AML/CFT compliance function performing solely clerical and administrative duties. (b) AML/CFT compliance staff in overseas branches and subsidiary undertakings of locally-incorporated AIs. It should however be noted that AIs have a responsibility to ensure relevant staff in overseas branches and subsidiaries receive adequate AML/CFT training, including those applicable in relevant overseas regulatory requirements. (c) Regional AML/CFT compliance staff, whether located in or outside Hong Kong, performing AML/CFT duties in the AI that are “merely incidental” to duties performed in their regional role. AIs are expected to adopt a principles-based approach and to support their decisions with sound justifications in determining whether a regional staff member falls within the definition of Relevant Practitioners or not. Appropriate regard should be given to the significance of the AML/CFT compliance role performed by the relevant staff member in the Hong Kong operations of the AI. 3.4 It is not necessary for a Relevant Practitioner to meet the ECF-AML/CFT benchmark for Core Level or Professional Level before he or she can take up the roles specified for the corresponding level. However, AIs are expected to encourage and support the Relevant Practitioner to achieve the applicable benchmark in order to ensure the overall competency standard in discharging the AML/CFT compliance roles.

  • 6 - 4 Qualification structure and syllabus 4.1 The qualification structure of ECF-AML/CFT comprises two levels: a) Core Level – suitable for entry-level staff with less than three years of relevant work experience in AML/CFT compliance; and b) Professional Level – suitable for staff with three years or above of relevant work experience in AML/CFT compliance. 4.2 The competency framework for the ECF-AML/CFT with details on the qualifications required and continuing professional development requirement for each job role of a Relevant Practitioner is included in Annex 2. 4.3 The Core Level consists of five training areas to equip new entrants and staff in junior AML/CFT roles with the essential fundamentals for performing their AML/CFT duties. The syllabus outline for Core Level is set out at Annex 3. 4.4 The Professional Level, consisting of five training areas, aims to further develop the knowledge of the more experienced practitioners. Please refer to Annex 3 for the syllabus outline for Professional Level. 4.5 The coverage and competency requirements in the syllabus of the ECF￾AML/CFT are referenced to the Hong Kong Qualifications Framework (“QF”), with the Core Level being pitched at QF Level 4 (i.e. equivalent to associate degree or higher diploma level) and the Professional Level at QF Level 5 (i.e. equivalent to bachelor’s degree level). 5 Certification 5.1 Relevant Practitioners may apply to the HKIB for certification as Associate AML Professional (AAMLP) or Certified AML Professional (CAMLP) under the following conditions (please refer to the flowchart at Annex 4): a) AAMLP – A Relevant Practitioner may apply to the HKIB for the professional certification if he or she (1) has completed the accredited training programmes and passed the examination accredited by HKIB (work experience is not a prerequisite for obtaining the certification); or

  • 7 - (2) has been grandfathered pursuant to paragraph 6.1(a) based on the required work experience upon the launch of the Core Level module. b) CAMLP – A Relevant Practitioner may apply to the HKIB for the professional certification if he or she (1) has completed the accredited training programmes and passed the examination accredited by HKIB and have at least 3 years of work experience in AML/CFT compliance; or (2) has been grandfathered pursuant to paragraph 6.1(b) based on the required work experience upon the launch of the Professional Level. 5.2 The ECF-AML/CFT certification is subject to annual renewal by the HKIB. A Relevant Practitioner has to meet the annual continuing professional development (CPD) requirement and pay the annual certification fee to renew the ECF-AML/CFT certification for the applicable calendar year. 6 Grandfathering 6.1 A Relevant Practitioner may be grandfathered on a one-off basis based on his or her years of qualifying work experience upon implementation of the relevant level of qualification. Such work experience need not be continuous. The detailed grandfathering requirements are as follows: a) Core Level – A Relevant Practitioner may apply for grandfathering if he or she has possessed at least 3 years of work experience in AML/CFT compliance as at 31 December 2016. (The grandfathering period for Core Level ended on 30 April 2017.) b) Professional Level – A Relevant Practitioner may apply to the HKIB for grandfathering if he or she has possessed at least 8 years of AML/CFT compliance work experience, of which 3 years is at managerial level or above, as at 31 March 2018. Existing Relevant Practitioners can submit their applications to the HKIB in the grandfathering period (from 3 April 2018 to 31 December 2018). 6.2 For other individuals performing the job roles outlined in paragraph 3.1 but not working in an AI or those staff of an AI as specified in paragraphs 3.3 (a) to (c) during the grandfathering period, they may submit their applications to the HKIB for grandfathering within three months from the date of joining the AML/CFT compliance function of an AI and becoming Relevant Practitioners.

  • 8 - However, they should have met all the applicable grandfathering criteria on or before the applicable dates prescribed in paragraphs 6.1(a) and (b) above. 6.3 Applications for grandfathering are handled and assessed by the HKIB subject to an administration fee. A Relevant Practitioner is required to complete the application form with the relevant work experience verified by the Human Resources Department of his or her existing employer. The HKIB may request the applicant to provide employment records or additional information to substantiate the application for grandfathering. 6.4 Upon grandfathering, the Relevant Practitioner is required to apply for AAMLP or CAMLP and to renew the relevant certification annually with the HKIB unless he/she is a holder of the Certified Anti-Money Laundering Specialist certification or the International Diploma in AML awarded by the Association of Certified Anti-Money Laundering Specialists and the International Compliance Association respectively. 7 Exemption 7.1 Relevant Practitioners who are holders of the Certified Anti-Money Laundering Specialist certification or the International Diploma in AML awarded by the Association of Certified Anti-Money Laundering Specialists and the International Compliance Association respectively are eligible for seeking exemption for both the Core Level and the Professional Level of the ECF-AML/CFT, subject to successful completion of a bridging training programme offered by the HKIB in collaboration with HKU SPACE. 7.2 The bridging training programme covers various topics on local regulatory framework, risk-based approach, AML/CFT specialist risks areas and financial inclusion. Relevant Practitioners are required to fully attend the 6-hour training sessions. 7.3 Upon fulfilling the exemption requirements, obtaining the CAMLP from the ECF administrator is optional. However, Relevant Practitioners who have fulfilled the ECF-AML/CFT benchmark through the exemption route should also fulfil the annual CPD requirements.

  • 9 - 8 Continuing professional development 8.1 To maintain ongoing professionalism and up-to-date knowledge of the latest AML/CFT risks, compliance developments, and local and international regulatory requirements and standards, holders of AAMLP and CAMLP certifications are required to fulfil the following minimum CPD requirements: a) AAMLP – a minimum of 10 hours of verifiable CPD in each calendar year, of which at least 5 hours should be on the topic of AML/CFT while the remaining CPD hours should be on compliance (including financial crime compliance), legal and regulatory requirements, risk management or ethics. b) CAMLP – a minimum of 12 hours of verifiable CPD in each calendar year, of which at least 6 hours should be on the topic of AML/CFT while the remaining CPD hours should be on compliance (including financial crime compliance), legal and regulatory requirements, risk management or ethics. 8.2 The renewals of AAMLP and CAMLP certifications are subject to fulfilment of the annual CPD requirements starting from the calendar year following the year of certification. 8.3 Activities that qualify for CPD include: a) Professional examinations; b) e-learning which requires submission of assignments or completion of test or other verification; c) Attending courses, workshops, roundtables, lectures, seminars, forums and conferences in related disciplines; d) Delivering speeches, presentations and lectures or acting as a panellist in seminars or conferences related to AML/CFT, compliance or risk management; and e) Writing on AML/CFT, compliance, risk management or related disciplines for publication.

  • 10 - 8.4 Activities which facilitate holders of the AAMLP certification towards attaining the Professional Level will qualify for CPD if proof of attendance and assessment record can be provided. 8.5 The minimum CPD requirements will be subject to periodic review in light of the development in the banking sector. 9 Maintenance of relevant records 9.1 AIs should keep proper training, examination and CPD records of Relevant Practitioners for monitoring purpose. AIs that are current employers of Relevant Practitioners are expected to keep and confirm relevant information of their relevant staff to facilitate the HKIB’s processing of the applications for grandfathering and certification. Regarding information related to a Relevant Practitioner’s previous employment(s), the current employer of the Relevant Practitioner is expected to confirm whether such information is consistent with its records (e.g. curriculum vitae provided by the Relevant Practitioner at the time of job application). 9.2 AIs should keep the training records of all staff (including non-Relevant Practitioners) in accordance with the training record-keeping requirement set out in the HKMA’s Guideline on Anti-Money Laundering and Counter Terrorist Financing (For Authorized Institutions). 10 Administration of the ECF-AML/CFT 10.1 HKIB is the administrator of the ECF-AML/CFT. The major roles of HKIB in this respect include managing the programme content and arrangement and administering examinations for both the Core Level and the Professional Level of ECF-AML/CFT, handling certification and grandfathering applications and maintaining a public register of AAMLP and CAMLP certification holders. 11 Accreditation 11.1 The ECF accreditation mechanism is established for interested AIs or education and training operators to have their learning programmes accredited as meeting the ECF standards (including but not limited to the Qualifications

  • 11 - Framework (QF) Standards) of this ECF module. 11.2 The general criteria for ECF accreditation are as follows: (a) The learning programme meeting the required standards of individual ECF modules including programme objectives and learning outcomes, programme content and structure, and trainer qualifications and learning mode; (b) Accreditation of the learning programme at corresponding QF Levels; and (c) Endorsement by the ECF Steering Committee. 11.3 In order to satisfy criteria 11.2 (a) and (b) outlined above, 11.3.1. For self-accrediting institutions (e.g. institutions funded by the University Grants Committee, including their continuing education arms) / institutions with Hong Kong Council for Accreditation of Academic and Vocational Qualifications (HKCAAVQ) Programme Area Accreditation (PAA) status in related programme areas, they are required to: (i) complete internal quality assurance processes for meeting the relevant ECF standards and the corresponding QF Level and (ii) be assessed by HKCAAVQ as fulfilling the ECF training objectives. 11.3.2. For other institutions, they are required to complete the accreditation by HKCAAVQ to confirm that their learning programmes can meet the ECF training objectives and the corresponding QF Level. 11.4 HKCAAVQ will accept applications for ECF accreditation starting 3 April

11.5 Based on the relevant accreditation or assessment report submitted by the applicant, the ECF Steering Committee will confirm whether the training programme is or is not successful to qualify as an ECF accredited programme. The route for ECF accreditation mechanism is illustrated at Annex 5.

  • 12 - Annex 1 – Highlights of Competencies for Key Roles of Relevant Practitioners in AML/CFT Compliance The tables below are intended to be used by AIs as reference for ongoing development of competency of Relevant Practitioners responsible for various AML/CFT functions. They are by no means exhaustive or tailored to set out requirements on specific job roles of an individual Relevant Practitioner. AIs can therefore make their own adjustments that better suit their practical circumstances. I) Core Level Key Tasks
  1. Assist in AML/CFT risk assessment reviews and communication of results.
  2. Assist management in reviewing the AML/CFT compliance risk management framework by performing periodic compliance tests on the AML/CFT program.
  3. Execute remediation of compliance deficiencies (discovered internally or by regulators) within a bank.
  4. Review and investigate suspicious transaction alerts and prepare appropriate documentation on these investigations and escalate cases of suspicious activity to the appropriate personnel (e.g. Money Laundering Reporting Officer) where further investigation and report filings may be necessary. Technical Skills Professional Knowledge Behaviour and Attitude Be able to: • Understand and apply risk assessment methodology • Conduct customer due diligence / know-your￾customer processes • Implement remediation of compliance deficiencies identified • Collect and document evidence on suspicious transactions; determine if escalation or other follow up action is required

• Conduct investigation on suspicious transactions; report investigation approach and results in writing • Up-to-date knowledge on AML/CFT legal, regulatory requirements from Hong Kong and globally • AML/CFT policies, guidelines and procedures required by the bank • Nature of deficiencies identified by regulators or within the bank • Risk scenarios applicable to the bank • Documentation requirements, including evidence and audit trail tracking, and investigation reports to management • Applies professional knowledge to conduct the risk assessment review with due regard to regulatory requirements and quality standards set by the bank • Review customer and transaction data critically to identify suspicious cases; apply judgement to determine cases for escalation • Analyse data to explore root causes and to derive remedial initiatives • Communicate review findings in an accurate and timely manner • Work collaboratively with internal and external stakeholders of the bank

  • 13 - II) Professional Level Key Tasks
  1. Develop, implement and periodically review the AML/CFT compliance risk management framework and the related controls for identification, management, monitoring and reporting of AML/CFT compliance risks and issues (including the operation of AML/CFT systems).
  2. Review, analyse and communicate AML/CFT management information such as trends surrounding suspicious transactions / filed Suspicious Transaction Reports (STR) and sanctions screening hits. Report results of AML/CFT risk management reviews and identify key areas of improvements. Monitor remedial actions for identified weak AML/CFT controls that require corrective actions.
  3. Evaluate and communicate new laws and regulations and stay abreast of all legislative and regulatory developments relating to AML/CFT, both at local and international levels.
  4. Review suspicious activity that has been investigated and concluded as reportable and file STRs to the Joint Financial Intelligence Unit (JFIU) in accordance with regulatory requirements.
  5. Plan periodic compliance tests on the bank’s AML/CFT program against compliance testing policies, procedures and regulations.
  6. Provide guidance and training to business units on AML/CFT related matters, including but not limited to transaction monitoring, filtering, sanctions screening, trade based money laundering and correspondent banking. Technical Skills Professional Knowledge Behaviour and Attitude Be able to: • Develop, review and update AML/CFT policies, framework and governance with a risk-based approach, against changing regulatory requirements in Hong Kong and globally and according to risk profile of the bank

• Propose improvements to the governance and oversight arrangements for AML/CFT risks, and actions required to address deficiencies • Perform in-depth due diligence investigation into suspicious activity; exercise appropriate judgement and form a conclusion on whether the suspicious activity is • Up-to-date knowledge and understanding of both the Hong Kong and international regulatory requirements on AML/CFT • Strong working knowledge of all relevant HKMA handbooks and guidance • In-depth understanding of how the regulatory framework interacts with the bank’s own internal policies and procedures • Knowledge of industry benchmark and best practices in developing and managing the AML/CFT practice of the bank • Scenarios, regulatory requirements, process and • Displays in-depth understanding in the business needs of AI, and able to correlate the knowledge with regulatory requirements • Applies skills, knowledge and judgement in making decisions and deriving recommendations, balancing the needs of internal and external stakeholders • Critically review suspicious transactions and investigation outcome; challenge current practices to identify enhancement opportunities on the bank’s AML/CFT practice • Build organisational capability in implementing

  • 14 - reportable to the JFIU based on final due diligence • Reassess the risk rating of the client and consider whether the discontinuance and reputational risks that may arise as a result of the suspicious transaction procedures for conducting final due diligence investigations and for filing STRs to the JFIU or enhancing AI’s AML/CFT framework • Communicate and collaborate with internal and external stakeholders effectively to drive for actions on suspicious transactions and enhancement of AML/CFT practices in the bank

  • 15 - Annex 2 – ECF-AML/CFT: Competency Framework Core Level Professional Level Role description (Please refer to the key tasks set out in Annex 1 for the detailed definitions of each role) • Supporting AML/CFT risk assessment reviews and performing periodic compliance tests on the AML/CFT program • Executing remediation of compliance deficiencies and reviewing suspicious transaction alerts • Developing and implementing AML/CFT compliance risk management framework and analyzing AML/CFT management information • Evaluating new laws and regulations and reviewing suspicious cases for filing to the JFIU • Planning of periodic compliance tests on the bank’s AML/CFT program and providing guidance and training on AML/CFT to business units of the bank Qualification and experience • Completion of Advanced Certificate for ECF on AML/CFT Programme (with examination) of the HKIB • Completion of Professional Certificate for ECF on AML/CFT Programme* of the HKIB; • Having at least 3 years of relevant work experience in AML/CFT compliance; and • Holder of valid AAMLP certification Certification • Associate AML Professional (AAMLP) • Certified AML Professional (CAMLP) CPD requirements • Minimum 10 hours in 1 year

  • at least 5 hours should be on the topic of AML/CFT

  • the remaining CPD hours should be on compliance (including financial crime compliance), legal and regulatory requirements, risk management or ethics • Minimum 12 hours in 1 year

  • at least 6 hours should be on the topic of AML/CFT

  • the remaining CPD hours should be on compliance (including financial crime compliance), legal and regulatory requirements, risk management or ethics *The Professional Certificate for ECF on AML/CFT Programme, offered by HKIB in collaboration with HKU SPACE, consists of the following three components: (1) Training sessions (18 hours): delivered by HKU SPACE under the Certificate for Module (ECF on AML/CFT Professional Level) (2) Tutorial (3 hours): delivered by HKIB (3) Examination (3 hours): administered by HKIB

  • 16 - Annex 3 – Syllabus for ECF-AML/CFT I. Core Level Programme Outcomes • Explain what money laundering/terrorist financing (ML/TF) is and how to relate it to the banking and finance sector and the work of Relevant Practitioners in Hong Kong • Specify the importance of ML/TF related to Hong Kong banking and finance sector • Describe the Anti-Money Laundering and Counter-Financing of Terrorism (AML/CFT) International Standards and the related Hong Kong legal and regulatory framework • Identify key elements of AML/CFT risk management framework in system design and assess the related risks • Assess the transaction patterns and apply customer due diligence requirements for identifying suspicious transactions for reporting • Apply and assess the ongoing AML/ CFT monitoring system and investigation process Chapter Learning Outcomes and Syllabus Chapter 1 A) Chapter title Fighting money launching / terrorist financing – Why it is important and what is the legal / regulatory framework B) Chapter objectives Articulate and apply to workplace scenarios AML/CFT principles, and key aspects of the local and international AML/CFT regulatory framework C) Learning outcomes At the end of the chapter, learners will be able to:  Apply key concepts relevant to ML and TF  Recognise the relationship between ML and TF and the importance to combat ML/TF  Apply the international standards on AML/CFT  Recognise the international AML/CFT environment along with the key international and regional bodies  Apply to workplace scenarios the HK AML/CFT framework, and how it can be applied in a banking organisation D) Chapter outline 1. What are money laundering and terrorist financing? 1.1 What is money laundering? • Key principles • Stages of money laundering • Common predicate offences 1.2 What is terrorist financing? 1.3 How terrorist financing compares with money laundering 1.4 Relationship between money laundering and bribery and corruption

  • 17 -

  1. Why combating ML/ TF is important? 2.1 International AML/CFT environment 2.2 ML/TF in Hong Kong
  2. International AML/CFT regime 3.1 Financial Action Task Force (FATF) and FATF Recommendations 3.2 FATF-style regional bodies 3.3 Basel Committee on Banking Supervision 3.4 Other AML/CFT-related international organisations • The United Nations Convention • Egmont Group of Financial Intelligence Units • Wolfsberg Group of International Financial Institutions • World Bank • International Monetary Fund 3.5 Other relevant overseas bodies or standards
  3. Hong Kong AML/CFT regime 4.1. Introduction 4.2. AML/CFT-related legislations • AMLO • DTROP and OSCO • UNATMO • UNSO • WMD Ordinance 4.3. Government agencies • Hong Kong Monetary Authority • Other financial regulators • Joint Financial Intelligence Unit • Law enforcement agencies • Government committee, bureaux and departments 4.4. Industry associations • The Hong Kong Association of Banks • The DTC Association Chapter 2 A) Chapter title Managing the risk of ML/TF in banks in Hong Kong – How does ML/TF take place? B) Chapter objectives To have a basic understanding of the nature of ML/TF risks, and how they can happen within a bank in Hong Kong C) Learning outcomes At the end of the chapter, participants will be able to:  Describe the inherent risks of ML and TF in a banking organisation  Identify the most common circumstances when banks are exposed to ML/TF risks
  • 18 -  Evaluate the nature of ML/TF risks and apply to workplace scenarios  Articulate the banking services, products and delivery channels that are subject to ML/TF risks  Explain and apply the relevant regulatory requirements to manage ML/TF risks D) Chapter outline 1. How are the three stages of money laundering relevant to banks?
  1. How is the banking sector vulnerable to ML/TF? 2.1. Product/service risk 2.2. Delivery/distribution channel risk 2.3. Customer risk 2.4. Country risk 2.5. Other risks related to ML/TF 2.6. Case studies
  2. ML/TF vulnerabilities when dealing with particular types of customers or in specific bank services, products and delivery channels 3.1. Customers/Counterparts Politically Exposed Persons Correspondent banking Intermediaries Clients involved in cash intensive businesses Charity/foundation accounts 3.2. Bank Accounts General bank accounts Structuring and smurfing of transactions Payable through accounts Multi-currency or cross border accounts Special use/ concentration accounts 3.3. Bank Products Deposit-related products Investment- and insurance-related products Trade-related products Products prone to tax evasion risk 3.4. Banking Services Private banking Off-shore international activity Wire transfers 3.5. Delivery Channels Non-face-to-face account opening/transactions
  • 19 - Chapter 3 A) Chapter title How can banks combat ML/TF through establishing an AML/CFT risk management framework B) Chapter objectives To acquire an understanding on the systems and approaches adopted by banks in combating ML/TF C) Learning outcomes At the end of the chapter, learners will be able to:  Describe the objectives of a compliance system in AML/CFT  Understand the role of risk-based approach in ML/TF risk management  Recognise the respective roles and responsibilities within the AML/CFT compliance system  Analyse the design of a bank’s AML/CFT risk management framework in terms of policies, procedures, recordkeeping and on-going staff training  Understand core elements of a bank’s ML/TF risk management framework  Correlate AML/CFT risk management with the bank’s overall risk management and corporate governance D) Chapter outline 1. Objectives of AML/CFT risk management
  1. Risk-based approach to AML/CFT 2.1 What is the risk-based approach? 2.2 Why is the risk-based approach important? 2.3 Risk appetite
  2. Core elements of ML/TF risk management system 3.1 Assessment and understanding of risk (at institutional and customer level) 3.2 Risk governance 3.3 Three lines of defence 3.4 Policies and procedures 3.5 Customer acceptance policies and procedures 3.6 Ongoing monitoring 3.7 Record-keeping requirements and information management • Why is record-keeping important? • Records about customer identity • Records about transactions • Records kept by intermediaries 3.8 Ongoing staff training • Importance and key areas for staff awareness
  • 20 - Chapter 4 A) Chapter title Knowing your customer – Customer due diligence B) Chapter objectives To build the knowledge and skills in conducting customer due diligence (CDD) C) Learning outcomes At the end of the chapter, participants will be able to:  Explain what is meant by CDD  Explain under what circumstances CDD must be undertaken  Outline the basis of customer risk assessment  Describe and apply to workplace scenarios the CDD requirements  Articulate and apply the specific requirements for CDD purpose under different scenarios  Explain the grounds for periodic and event-triggered reviews D) Chapter outline 1. Customer due diligence (CDD) and why it is important 1.1. What is CDD? • CDD requirements • Definition of customers • When CDD measures should be carried out • Importance of CDD policies and procedures 1.2. Customer risk assessment 1.3. Customer acceptance policy 1.4. Enhanced due diligence (EDD) 1.5. Simplified due diligence (SDD)
  1. Identification and verification requirements 2.1 Common types of customers 2.1.1 Individuals 2.1.2 Corporations 2.1.3 Partnerships and unincorporated bodies 2.1.4 Trusts 2.2 Beneficial owners 2.3 Persons purporting to act on behalf of customers 2.4 Reliance on intermediaries to perform CDD on customers 2.5 Insufficient information, or information giving rise to suspicion
  2. Purpose and intended nature of business relationship
  3. Specific types of customers 4.1 Politically exposed persons (PEPs) 4.2 Customers not physically present for identification purposes 4.3 Correspondent banking 4.4 Private banking 4.5 Customers with bearer shares
  • 21 - 4.6 Customers with use of nominees accounts 4.7 Shell companies
  1. Ongoing review and monitoring 5.1 Ongoing monitoring 5.2 Periodic reviews 5.3 Event-triggered reviews Chapter 5 A) Chapter title Monitoring, sanctions compliance and suspicious transaction reporting B) Chapter objectives To build the knowledge and skills in mitigating ML/TF risks through understanding the principles of monitoring, sanctions compliance and suspicious transaction reporting C) Learning outcomes At the end of the chapter, participants will be able to:  Describe the principles and apply steps on transaction monitoring system with red-flagging  Explain what is meant by sanction programs and the relevant Hong Kong ordinances  Elaborate how to maintain a sanction filtering system and to clear sanction hit case  Describe how to comply with sanctions requirements  Assess STR reporting to JFIU with SAFE approach  Describe the internal and external processes for making suspicious transaction reports D) Chapter outline 1. Ongoing monitoring 1.1. What is ongoing monitoring? 1.2. Transaction monitoring 1.2.1 How is transaction monitoring related to CDD? 1.2.2 The application of the RBA to transaction monitoring 1.2.3 Development and implementation of a transaction monitoring system
  2. Customer and transaction screening 2.1. Sanctions regime in Hong Kong 2.2. How to comply with sanctions requirements 2.3. Components of an effective screening system
  3. Suspicious transaction reporting 3.1. Obligation to file an STR 3.2. Internal reporting framework 3.3. Reporting to the JFIU 3.4. Post-reporting matters
  • 22 - II. Professional Level Programme Outcomes • Assess and analyze the compliance risk of different operations by applying a risk-based approach, taking current and emerging AML/CFT trends, regulatory requirements, techniques and typologies into account • Develop compliance programme, control measures assessment tools and internal standards to manage compliance and fraud risk to align with laws and regulations particularly related to AML/CFT • Track and monitor activities critical to AML/CFT compliance and detect non-compliance issues, suspicious and illegal transactions based on observation, data analysis and regulatory requirements • Manage and investigate incidents of non-compliance and develop mitigation strategies to minimize the impacts of breaches of regulations • Build an effective AML/CFT risk management system with risk-based approach to ensure regulatory changes and related compliance programme and measures are well communicated to the employees Chapter Learning Outcomes and Syllabus Chapter 6 A) Chapter title Application of the risk-based approach B) Chapter objectives To build the knowledge and skills in applying risk-based approach for banks C) Learning outcomes At the end of the chapter, learners will be able to:  examine and understand what the risk-based approach is, the views on the risk-based approach from different standard setters, and its application to the banking sector  design and implement a tailored risk-based approach for the institution, regarding risk identification, assessment and mitigation, with reference to the institution’s policies on internal controls, monitoring and governance, financial inclusion, etc.  implement the risk-based approach, including CDD requirements in cross-border context, managing ML/TF high risk situations and banking relationships, handling and reporting of suspicious transactions, post-reporting measures, and dealing with the authorities D) Chapter outline 1. Formulating a tailored risk-based approach
  1. Implementing the risk-based approach (risk identification, assessment and mitigation)
  2. Internal controls, monitoring and governance
  • 23 -
  1. Training and awareness
  2. CDD requirements in cross-border context
  3. Managing high risk situations and relationships
  4. Handling and reporting of suspicious transactions
  5. Post-reporting measures
  6. Dealing with the authorities Chapter 7 A) Chapter title Building an effective AML/CFT risk management system B) Chapter objectives To develop the capability in building an effective risk management system on AML/CFT C) Learning outcomes At the end of the chapter, learners will be able to:  examine the underlying purpose and desired outcomes of an effective ML/TF risk management system  analyse the key elements of an ML/TF risk management system  demonstrate and apply the essential elements of an effective AML/CFT risk management system, considering the key risk indicators (KRIs) and key processes which include sanctions, risk monitoring, regulatory updates and on-going quality assurance, rectification actions monitoring, and risk managing across a banking institution D) Chapter outline 1. Essential elements of an effective risk management system
  7. Development of KRIs for AML/CFT and sanctions risk monitoring
  8. Making use of financial intelligence from internal and external sources (e.g. adverse news or FIU reports)
  9. Adopting AML/CFT technologies
  10. System testing and validation
  11. Tracking regulatory changes, identifying gaps or vulnerabilities and on-going quality assurance
  12. Monitoring rectification actions
  13. Managing risk across bank groups
  • 24 - Chapter 8 A) Chapter title The risk-based approach and AML/CFT risks in specialist topics B) Chapter objectives To consider the application of the risk-based approach specifically to address AML/CFT risks in the broader banking context. This chapter will only focus on components directly related to AML/CFT in respect of these subject areas. C) Learning outcomes At the end of the chapter, learners will be able to:  apply knowledge to identify and assess the respective risk(s), with a focus on ensuring criminal proceeds do not enter the banking institution through these areas  apply risk-based approach to identify and assess specific ML/TF risks with the objective of ensuring sound management of ML/TF risk  develop and critically assess methods to detect, deal with and mitigate risks once criminal proceeds are identified as having originated from these areas D) Chapter outline 1. Sanctions
  1. Anti-bribery and corruption (ABC) and politically exposed persons (PEPs)
  2. Transaction monitoring
  3. Trade based money laundering
  4. Tax/ fiscal risk Chapter 9 A) Chapter title Ensuring financial inclusion B) Chapter objectives To build knowledge and awareness of means to facilitate and promote financial inclusion C) Learning outcomes At the end of the chapter, leaners will be able to:  demonstrate an awareness of balancing the often competing interests of applying the risk-based approach alongside the principle of financial inclusion  design and implement a risk-based approach, rather than a rule￾based approach, to promote and facilitate financial inclusion D) Chapter outline 1. Ensuring customers are treated fairly (and are seen to be)
  5. De-risking
  6. Emerging technologies
  7. Alternative forms of value exchange
  • 25 -
  1. Innovative approaches – using the internet etc.
  2. Providing services to the marginalised/unbanked
  3. Keeping financial services in the regulated sector Chapter 10 A) Chapter title Managing stakeholders effectively B) Chapter objectives To build knowledge and skills in balancing and managing the interests of various stakeholders while ensuring and maintaining an effective risk￾based approach throughout the institution C) Learning outcomes At the end of the chapter, learners will be able to:  work collaboratively with internal and external stakeholders of the bank to balance and manage all interests of various stakeholders  build and encourage organisation capability for the purposes of implementing and enhancing the bank’s AML/CFT framework  formulate and articulate strategies to achieve optimal outcomes in the respective circumstance D) Chapter outline 1. The balance of risk and responsibility between management, business and compliance
  4. Personal liability / institutional liability
  5. Negotiable and non-negotiable issues
  6. Sharing of data – inter-bank data sharing, sharing information with regulator (and whether there are any issues under the data privacy laws - appropriate, possible and lawful)
  7. Budgets, costs, risk/reward, investment, minimum and optimal requirements
  8. Business strategies for dealing with AML/CFT risk; for example proactive investment versus reactive fines
  9. Making appropriate choices
  • 26 - Annex 4 – Flowchart illustrating the possible routes to meet the ECF-AML/CFT certifications

  • 27 -

  • 28 - Annex 5 – Accreditation Mechanism of ECF-AML/CFT Subject to re-accreditation/re-assessment by HKCAAVQ Endorsement by ECF Steering Committee Applicant to notify HKMA the intention of obtaining accreditation with programme objectives & learning outcomes, programme syllabus, training materials, and trainers’ profile for record Obtain ECF and QF accreditation through HKCAAVQ Submit proof on ECF and QF accreditation Training programme accredited for ECF Register on the QR Submit proof on ECF assessment

  1. Complete internal quality assurance processes for meeting ECF objectives and QF standards
  2. Obtain ECF assessment through HKCAAVQ Non self-accrediting institutions Self-accrediting institutions / institutions with HKCAAVQ PAA Status