2016-12-13
Added · Updated
The Hong Kong Monetary Authority issued this guide to establish the Enhanced Competency Framework on Anti-Money Laundering and Counter-Terrorist Financing, encouraging authorized institutions to adopt it for benchmarking and developing AML/CFT practitioners. The framework defines two qualification levels, Core and Professional, with specific syllabus requirements, training programs, and examinations administered by the Hong Kong Institute of Bankers. It mandates annual certification renewal through Continuing Professional Development and outlines grandfathering provisions for existing staff to ensure a sustainable talent pool in the banking sector.
Guide to Enhanced Competency Framework on Anti-Money Laundering and Counter-Terrorist Financing Hong Kong Monetary Authority December 2016
1 Table of Contents
2
1 Financial Services Development Council, Developing Hong Kong’s Human Capital in Financial Services, January 2015. 2 Government of The Hong Kong Special Administrative Region, Report on Manpower Projection to 2022, April 2015.
3 2. Objectives 2.1 The Enhanced Competency Framework on AML/CFT (hereinafter referred to as “ECF-AML/CFT”) features the common core competences required of AML/CFT practitioners in the Hong Kong banking industry. The objectives of the ECF are twofold: (a) to develop a sustainable talent pool of AML/CFT practitioners for meeting the workforce demand in this sector; and (b) to raise and maintain the professional competence of AML/CFT practitioners in the banking industry. 2.2 Although the ECF is not a mandatory licensing regime, authorized institutions (“AIs”) are encouraged to adopt the ECF for the following purposes: (a) to serve as a benchmark to determine the level of competence required and to assess the ongoing competence of individual employees; (b) to support relevant employees to attend training programmes and examinations that meet the ECF benchmark; (c) to support the continuing professional development of individual employees; and (d) to specify the ECF as one of the criteria for recruitment purposes. 3. Scope of application 3.1 The ECF-AML/CFT is targeted at “Relevant Practitioners”, including new entrants and existing practitioners, engaged by an AI to perform AML/CFT compliance roles in its Hong Kong operation. Details of the respective roles are classified by a two-level qualification structure (i.e. Core Level and Professional Level) in Annex 1 for AIs to determine whether a staff member is a Relevant Practitioner and, if applicable, the competency level relevant to the staff member. For avoidance of doubt, a staff member is not required to perform all of the roles specified in Annex 1 in order to be classified as a Relevant Practitioner.
4 3.2 Generally, the scope of Relevant Practitioners can be applicable across different organisational structures (e.g. whether such roles are housed under a business unit solely dedicated to AML/CFT compliance function or as part of a wider legal and compliance function) and the functional roles rather than the functional titles of staff members should be of essence for considering whether the definition of Relevant Practitioners is met. 3.3 The ECF-AML/CFT is not intended to capture staff performing other job functions that are incidental to AML/CFT compliance. Specifically, the following categories of staff do not fall within the definition of Relevant Practitioner: (a) Staff in AML/CFT compliance function performing solely clerical and administrative duties. (b) AML/CFT compliance staff in overseas branches and subsidiary undertakings of locally-incorporated AIs. It should however be noted that AIs have a responsibility to ensure relevant staff in overseas branches and subsidiaries receive adequate AML/CFT training, including those applicable in relevant overseas regulatory requirements. (c) Regional AML/CFT compliance staff, whether located in or outside Hong Kong, performing AML/CFT duties in the AI that are “merely incidental” to duties performed in their regional role. AIs are expected to adopt a principles-based approach and to support their decisions with sound justifications in determining whether a regional staff member falls within the definition of Relevant Practitioners or not. Appropriate regard should be given to the significance of the AML/CFT compliance role performed by the relevant staff member in the Hong Kong operations of the AI. 3.4 It is not necessary for a Relevant Practitioner to meet the ECF-AML/CFT benchmark for Core Level or Professional Level before he or she can take up the roles specified for the corresponding level. However, AIs are expected to encourage and support the Relevant Practitioner to achieve the applicable benchmark in order to ensure the overall competency standard in discharging the AML/CFT compliance roles.
5 4. Qualification structure and syllabus 4.1 The qualification structure of ECF-AML/CFT comprises two levels: (a) Core Level – suitable for entry-level staff with less than three years of relevant work experience in AML/CFT compliance; and (b) Professional Level – suitable for staff with three years or above of relevant work experience in AML/CFT compliance. 4.2 The Core Level consists of five training areas to equip new entrants and staff in junior AML/CFT roles with the essential fundamentals for performing their AML/CFT duties. The syllabus outline for Core Level is set out at Annex 2. 4.3 The Professional Level, consisting of seven training areas, aims to develop further the knowledge of the more experienced practitioners. Apart from the focus on AML/CFT, the Professional Level also covers anti-bribery and corruption and fraud prevention given they are inextricably intertwined with AML. The syllabus outline for Professional Level will be available in 2017. 4.4 The coverage and competency requirements in the syllabus of the ECF-AML/CFT is referenced to the Hong Kong Qualifications Framework (“QF”), with the Core Level being pitched at QF Level 4 (i.e. equivalent to an associate degree or higher diploma) and the Professional Level at QF Level 5 (i.e. equivalent to a bachelor’s degree). 5. Training programmes and examinations 5.1 Relevant Practitioners can attain the ECF-AML/CFT qualifications by completing accredited training programmes and passing examinations. HKIB is the initial provider of the accredited training programmes and examinations under the ECF-AML/CFT. 5.2 The sit-in examination for the Core Level is set at 2.5 hours. The examination is conducted in English and consists of multiple choice questions only. The passing mark is 70%.
6 5.3 The training programme and examination arrangements for the Professional Level will be announced in 2017. 6. Grandfathering 6.1 A Relevant Practitioner may be grandfathered on a one-off basis based on his or her years of qualifying work experience upon implementation of the relevant level of qualification. Such work experience need not be continuous. The detailed grandfathering requirements are as follows: (a) Core Level – A Relevant Practitioner may apply for grandfathering if he or she has possessed at least 3 years of work experience in AML/CFT compliance as at 31 December 2016. Existing Relevant Practitioners can submit their applications to the HKIB, administrator of ECF-AML/CFT, from 3 January 2017. The deadline for application for grandfathering falls on 30 April 2017 and late submission will not be accepted. Other Relevant Practitioners may submit applications to the HKIB for grandfathering within 3 months from joining the AML/CFT function of an AI. (b) Professional Level – A Relevant Practitioner may apply to the HKIB for grandfathering if he or she has possessed at least 8 years of AML/CFT compliance work experience, of which 3 years is at managerial level or above. The applicable date for counting of years of experience and the application arrangements will be announced when the Professional Level qualification is launched next year. 6.2 Applications for exemption are handled by the HKIB subject to a fee (charged on a cost-recovery basis). A Relevant Practitioner is required to complete the application form with the relevant work experience verified by his or her existing employer. If required, the HKIB may request the applicant to provide additional information to substantiate the application for grandfathering. 7. Certification 7.1 Relevant Practitioners may apply to the HKIB for certification as Associate AML Professional (AAMLP) or Certified AML Professional (CAMLP) under the following conditions (please refer to the flowchart at Annex 3):
7 (a) AAMLP – A Relevant Practitioner may apply to the HKIB for the professional certification if he or she (1) has completed the training programmes and passed the examination for the Core Level (work experience is not a prerequisite for obtaining the certification); or (2) has been grandfathered pursuant to paragraph 17(a) based on the required work experience upon the launch of the Core Level module. (b) CAMLP – A Relevant Practitioner may apply to the HKIB for the professional certification if he or she (1) has completed the training programme and passed the examination and have at least 3 years of work experience in AML/CFT compliance; or (2) has been grandfathered pursuant to paragraph 17(b) based on the required work experience upon the launch of the Professional Level module. 7.2 A Relevant Practitioner may also apply to the HKIB for certification as AAMLP or CAMLP through the exemption path, where applicable. 7.3 The ECF-AML/CFT certification is subject to annual renewal by HKIB. A Relevant Practitioner has to meet the annual continuing professional development (CPD) requirement and pay the annual certification fee to renew the ECF-AML/CFT certification. 8. Continuing professional development 8.1 To maintain ongoing professionalism and up-to-date knowledge of the latest AML/CFT risks, compliance developments, and local and international regulatory requirements and standards, holders of AAMLP and CAMLP certifications are required to undertake the following minimum CPD requirements: (a) AAMLP – a minimum of 10 hours of verifiable CPD in each calendar year, of which at least 5 hours should be on the topic of AML/CFT while the remaining CPD hours should be on compliance (including financial crime compliance), legal and regulatory requirements, risk management or ethics. (b) CAMLP – a minimum of 12 hours of verifiable CPD in each calendar year, of which at least 6 hours should be on the topic of AML/CFT while the remaining CPD hours should be on compliance (including financial crime compliance), legal and regulatory requirements, risk management or ethics.
8 8.2 The renewals of AAMLP and CAMLP certifications are subject to fulfilment of the annual CPD requirements starting from the calendar year following the year of certification. 8.3 Activities that qualify for CPD include: (a) Professional examinations; (b) e-learning which requires submission of assignments or completion of test or other verification; (c) Attending courses, workshops, roundtables, lectures, seminars, forums and conferences in related disciplines; (d) Delivering speeches, presentations and lectures or acting as a panellist in seminars or conferences related to AML/CFT, compliance or risk management; and (e) Writing on AML/CFT, compliance, risk management or related disciplines for publication. 8.4 Activities which facilitate holders of the AAMLP certification towards attaining the Professional Level will qualify for CPD if proof of attendance and assessment record can be provided. 8.5 The minimum CPD requirements will be subject to periodic review in light of the development in the banking sector. 9. Exemption 9.1 The exemption arrangements will be announced when the Professional Level is launched. Preliminarily, the granting of full or partial exemption of comparable qualifications awarded by the Association of Certified Anti-money Laundering Specialist and the International Compliance Association will be considered for meeting the competency standards of both the Core Level and Professional Level of the ECF-AML/CFT. 9.2 Details of the exemption, and bridging arrangements where appropriate, will be announced when the ECF-AML/CFT Professional Level is rolled out next year.
9 10. Maintenance of relevant records 10.1 AIs should keep proper training, examination and CPD records of Relevant Practitioners for monitoring purpose. AIs that are current employers of Relevant Practitioners are expected to keep and confirm relevant information of their relevant staff to facilitate the HKIB’s processing of the applications for grandfathering and certification. Regarding information related to a Relevant Practitioner’s previous employment(s), the current employer of the Relevant Practitioner is expected to confirm whether such information is consistent with its records (e.g. curriculum vitae provided by the Relevant Practitioner at the time of job application). 10.2 AIs should keep the training records of all staff (including non-Relevant Practitioners) in accordance with the training record-keeping requirement set out in the HKMA’s Guideline on Anti-Money Laundering and Counter Terrorist Financing (For Authorized Institutions). 11. Administration of the ECF-AML/CFT 11.1 The Hong Kong Institute of Bankers (HKIB) is the administrator of the ECF-AML/CFT. The major roles of HKIB in this respect include administering examinations, handling certification and grandfathering applications and maintaining a public register of AAMLP and CAMLP certification holders. 12. Accreditation 12.1 An accreditation mechanism will be put in place in the third quarter of 2017 to assess whether training programmes offered by AIs, other professional bodies or training institutes, can meet the standards under the ECF-AML/CFT and thus qualify for accreditation.
10 Annex 1 – Highlights of Competencies for Key Roles of Relevant Practitioners in AML/CFT Compliance The tables below are intended to be used by AIs as reference for ongoing development of competency of Relevant Practitioners responsible for various AML/CFT functions. They are by no means exhaustive or tailored to set out requirements on specific job roles of an individual Relevant Practitioner. AIs can therefore make their own adjustments that better suit their practical circumstances. I) Core Level Key Tasks
11 • Collect and document evidence on suspicious transactions; determine if escalation or other follow up action is required
• Conduct investigation on suspicious transactions; report investigation approach and results in writing • Risk scenarios applicable to the bank • Documentation requirements, including evidence and audit trail tracking, and investigation reports to management escalation • Analyse data to explore root causes and to derive remedial initiatives • Communicate review findings in an accurate and timely manner • Work collaboratively with internal and external stakeholders of the bank
12 II) Professional Level Key Tasks
• Propose improvements to the governance and • Up-to-date knowledge and understanding of both the Hong Kong and international regulatory requirements on AML/CFT • Strong working knowledge of all relevant HKMA handbooks and guidance • In-depth understanding of how the regulatory • Displays in-depth understanding in the business needs of AI, and able to correlate the knowledge with regulatory requirements • Applies skills, knowledge and judgement in making decisions and deriving recommendations, balancing the needs of internal and
13 oversight arrangements for AML/CFT risks, and actions required to address deficiencies • Perform in-depth due diligence investigation into suspicious activity; exercise appropriate judgement and form a conclusion on whether the suspicious activity is reportable to the JFIU based on final due diligence • Reassess the risk rating of the client and consider whether the discontinuance and reputational risks that may arise as a result of the suspicious transaction framework interacts with the bank’s own internal policies and procedures • Knowledge of industry benchmark and best practices in developing and managing the AML/CFT practice of the bank • Scenarios, regulatory requirements, process and procedures for conducting final due diligence investigations and for filing STRs to the JFIU external stakeholders • Critically review suspicious transactions and investigation outcome; challenge current practices to identify enhancement opportunities on the bank’s AML/CFT practice • Build organisational capability in implementing or enhancing AI’s AML/CFT framework • Communicate and collaborate with internal and external stakeholders effectively to drive for actions on suspicious transactions and enhancement of AML/CFT practices in the bank
14 Annex 2 – Syllabus for ECF-AML/CFT Core Level Programme Outcomes • Explain what money laundering/terrorist financing (ML/TF) is and how to relate it to the banking and finance sector and to their work of Relevant Practitioners in Hong Kong • Specify the importance of ML/TF related to Hong Kong banking and finance sector • Describe the anti-money laundering and counter-terrorist financing (AML/CFT) International Standards and related Hong Kong legal and regulatory framework • Identify key elements of AML/CFT risk management framework in system design and assess the related risks • Assess the transactions pattern and apply customer due diligence requirements for identifying suspicious transactions for reporting • Execute and evaluate the ongoing AML/ CFT monitoring system and investigation process Chapter Learning Outcomes and Syllabus Chapter 1 A) Chapter title Fighting ML/FT – why it is important and what is the legal / regulatory framework B) Chapter objectives Articulate and apply to workplace scenarios AML/CFT principles, and its legal/regulatory framework from both Hong Kong and international lens C) Learning outcomes At the end of the module, learners will be able to: Apply key concepts relevant to ML and TF Recognise the relationship between ML and TF and the importance to combat ML/TF Apply the international standards on AML/CFT Recognise the international AML/CFT environment along with the key international and regional bodies Apply to workplace scenarios the HK AML/CFT framework, and how it can be applied in a banking organisation D) Chapter outline 1. What is ML/TF? 1.1 What is ML? 1.2 What is TF? 1.3 Relationship between ML and TF 1.4 Relationship between ML and Anti-bribery and corruption (ABC) 1.5 Relationship between ML and fraud prevention
15 1.6 Designated categories of offence 2. Why combating ML/ TF is important? 2.1 International AML/CFT environment 2.2 ML/TF in Hong Kong and Banking context 3. International AML/CFT Standards Setting and Advisory Bodies 3.1 Key international and regional bodies
16 D) Chapter outline 1. How the three stages of money laundering link to banks? 1.1. Placement 1.2. Layering 1.3. Integration 2. How is the banking sector vulnerable to ML/TF? 2.1. Customer risk 2.2. Product/service risk 2.3. Delivery/distribution channel risk 2.4. Country risk 2.5. Other risks related to ML/TF 2.6. Case studies 3. ML/TF vulnerabilities when dealing with particular types of customers or in specific bank services, products and delivery channels 3.1. Customers/Counterparts Politically Exposed Persons Correspondent banking Intermediaries Clients dealing with cash intensive businesses 3.2. Bank Accounts General bank accounts Charity/ foundation accounts Payable through accounts Multi-currency or cross border accounts Money services banking accounts Special use/ concentration accounts 3.3. Bank Products Deposit-related products Investment-related products Trade-related products Products prone to tax evasion risk Prepaid cards 3.4. Banking Services Private banking Off-shore international activity Wire transfers 3.5. Delivery Channels Non-face-to-face account opening/transactions Chapter 3 A) Chapter title How can banks combat ML/TF through establishing an AML/CFT risk management framework
17 B) Chapter objectives To acquire an understanding on the systems and approaches adopted by banks in combating ML/TF C) Learning outcomes At the end of the module, learners will be able to: Describe the objectives of a compliance system in AML/CFT Recognise and apply the principles to adopt a risk-based approach to AML/CFT Recognise the respective roles and responsibilities within the AML/CFT compliance system Analyse the design of a bank’s AML/CFT risk management framework in terms of policies, procedures, recordkeeping and on-going staff training Correlate AML/CFT risk management with the bank’s overall risk management and corporate governance Apply steps to manage conflict and conduct issues D) Chapter outline 1. Objectives of AML/CFT risk management 2. Risk-based approach to AML/CFT 2.1 What is risk-based approach? 2.2 Why risk-based approach is important? 2.3 Assessment and understanding of risk (both at institutional and customer level) 2.4 Determination of risk appetite 3. Core elements in risk management system design 3.1 Three lines of defense 3.2 Roles and responsibilities of relevant parties 3.3 Policies and procedures 3.4 Record keeping requirements 3.5 Ongoing staff training 3.6 Culture building on ethics, integrity and compliance 4. Continuing monitoring 5. Managing conflict and conduct issues Chapter 4 A) Chapter title Knowing your customer – Customer due diligence B) Chapter objectives To build the knowledge and skills in conducting customer due diligence (CDD) C) Learning outcomes At the end of the module, participants will be able to: Explain what is meant by CDD
18 Outline the basis of customer risk assessment Describe and apply to workplace scenarios the list of basic documents required for customer identity verification Articulate and apply the data requirements for CDD purpose under different scenarios Explain the grounds for periodic and event-triggered reviews D) Chapter outline 1. What is CDD and why it is important? 1.1. What is CDD? 1.2. When should CDD be undertaken? 1.3. Customer risk assessment 1.4. Customer acceptance policy 2. Identification and verification requirements 2.1. General customers 2.2. High risk customers 2.3. Lower risk customers 2.4. Intermediaries 2.5. Correspondent banking 2.6. Private banking 3. Beneficiary owners 4. Types of structures used to hide beneficial owners i. Shell companies ii. Trusts (on-shore vs. off-shore) iii. Bearer shares iv. Nominees 5. Persons purporting to act on behalf of the customer 6. Differences between identifying documentation for personal vs. business accounts 7. Specific CDD requirements 7.1. Customer information required under CDD 7.2. Enhanced customer due diligence 7.3. Simplified customer due diligence 7.4. On-boarding customer screening 7.5. Ongoing CDD obligations including periodic and event-triggered reviews 8. CDD requirements in cross-border context
19 Chapter 5 A) Chapter title Monitoring your customer by screening, monitoring and reporting suspicious transaction B) Chapter objectives Chapter objectives: To build the knowledge and skills in mitigating ML/TF risks through screening, monitoring and reporting suspicious transactions C) Learning outcomes At the end of the module, participants will be able to: Describe the principles and apply steps on transaction monitoring system with red-flagging Explain what is meant by sanction programs and the relevant Hong Kong ordinances Elaborate how to maintain a sanction filtering system and to clear sanction hit case Describe the responsibilities of Money Laundering Reporting Officer (MLRO) Assess STR reporting to JFIU with SAFE approach D) Chapter outline 1. Customer screening & transaction screening 1.1. Purpose of customer & transaction screening 1.2. Differences between customer screening vs. transaction screening 1.3. Ongoing customer screening 2. Sanctions programmes 2.1. Requirements for an effective sanctions compliance regime 2.2. Handling of sanction alerts 2.3. Sanctions lists applicable to banks in Hong Kong 3. Ongoing monitoring 3.1. Use of CDD information and external sourced information 3.2. Behaviour patterns 3.3. Unusually high volume/value of cash transactions 3.4. Atypical wire transactions 3.5. Frequent use of a safe deposit box 4. Screening/monitoring systems 4.1. IT solutions 4.2. Scenarios 4.3. Thresholds 4.4. Adjustments based on risk profile 5. Internal and external suspicious transaction reporting 5.1. Factors triggering the obligation to file a STR
20 5.2. Internal reporting to MLRO 5.3. Information to be reported in the STR 5.4. Post-STR filing action 5.5. Tipping-off offence 6. AML/CTF investigation process 6.1. Risk review of financial investigations and decision-making process 6.2. Liaison and engagement with senior management and enforcement agencies 7. Reacting to law enforcement/regulatory requests and JFIU responses
21 Annex 3 - Flowchart illustrating the possible routes to meet the ECF-AML/CFT certifications
22