2019-12-23

Added · Updated

HKMA AML/CFT RegTech Forum Record of Discussion December 2019

The Hong Kong Monetary Authority issued this record to document proceedings from its November 2019 AML/CFT RegTech Forum, which convened public and private sector stakeholders to discuss technology adoption in financial crime prevention. The document highlights survey findings that 34% of regulated institutions currently use RegTech, while identifying key barriers such as budget constraints, talent shortages, and data quality issues. It outlines strategic priorities for modernizing supervision and promoting responsible innovation, emphasizing the need for collaborative, intelligence-led approaches and incremental implementation steps to enhance the effectiveness of Hong Kong's AML/CFT regime.

Hong Kong Monetary Authority logo

Hong Kong

Hong Kong Monetary Authority

Click to view thumbnail

HKMA AML/CFT RegTech Forum | Foreword 00 HKMA AML/CFT RegTech Forum Record of Discussion December 2019 HKMA AML/CFT RegTech Forum Record of Discussion December 2019 Supported by

HKMA AML/CFT RegTech Forum | Foreword 01 Since taking up the helm at the Hong Kong Monetary Authority (HKMA), I have had the chance to share some of my views on the major trends that will affect financial services in the coming years, as well as the associated challenges and opportunities. The rapid advancement of technology is one key aspect. Strengthening the collaboration between banks and technology companies is an important part of the response if we are to foster a more diversified ecosystem for regulatory technology (RegTech). As part of these efforts, the HKMA recently hosted its first AML/CFT RegTech Forum which gathered stakeholders from both public and private sectors in the ecosystem. I am now delighted to present here a record of the proceedings of the forum, setting out the key outcomes and sharing them, both with those who participated and more widely with everyone who has an interest in our AML/CFT ecosystem in Hong Kong including our partners overseas. This event also ties in with several points that I made at the 2019 Hong Kong FinTech Week opening. First, that adopting technology can be a bumpy road: things don’t always turn out as you expect. One of our aims at the AML/CFT RegTech Forum was to bring together the banking sector and experts in the technology field to increase our collective understanding of what technologies are capable of today, and the challenges that need to be addressed for the successful adoption of such tools. We hope that our event will help smooth out at least some of the bumps on the road to RegTech adoption. My second point is that it is important to have an agent to drive change. At this forum and at future events, the HKMA is playing that role by bringing the sectors together, and by identifying real-world opportunities for banks to adopt RegTech in AML/CFT work and concrete applications, such as a practical self-assessment framework for institutions adopting RegTech in AML/CFT processes, “lab sessions” for testing more advanced technologies and working on relevant data, analytics, skills and expertise. This leads on to another point: that technology is a means to an end, not an end in itself. In this case, the aim is to further enhance the effectiveness of the AML/CFT regime through the use of technology, and to augment the positive impact of information and intelligence sharing in preventing criminals from getting away with the proceeds from their illegal activities. My final point relates to looking ahead and bracing for new trends, a point that is equally applicable to AML/CFT work. While fast-evolving technology will bring great benefits to consumers, the banking sector and the overall economy, criminals will look for new ways to exploit technological advancement both to commit crime and to move and hide the proceeds. We cannot afford to be complacent, and must be constantly on guard to protect the integrity of our highly efficient financial system. Eddie Yue Chief Executive Hong Kong Monetary Authority Foreword

HKMA AML/CFT RegTech Forum | Introduction 02 Innovations in technology have created opportunities for addressing collectively and individually common industry challenges in financial crime prevention and detection. At the same time, the speed and scale brought about by technological innovation also exposed the banking industry to new risks. As part of its overall digitalisation program, the HKMA is responding to these challenges by exploring how technology and data can be leveraged to raise the effectiveness of ongoing efforts by Authorized Institutions (AIs), the HKMA and others that comprise Hong Kong's AML/CFT ecosystem. Our vision—in line with international trends in AML/CFT supervision—is to excel as an agile, collaborative, data-driven organisation that applies a technology-enabled and risk-based approach to AML/CFT supervision. We aim to continue building on the positive mutual evaluation results for Hong Kong recently issued by the Financial Action Task Force. We are asking ourselves: is Hong Kong’s AML/CFT system working as well as we need it to be? What tools do we need to meet challenges on the horizon? And, above all else, what collective actions must we take to continue delivering an effective response? The answers to those questions are being developed around two main areas of focus: Modernise supervisory activities Improve data and analytics capabilities, apply supervisory technology, and build a culture and operating model that can sustain these efforts over time. Promote responsible innovation and RegTech adoption Realising our vision means encouraging all AIs to join us on this journey. Advanced analytics are already being applied to detect new threats, such as criminal networks and common vulnerabilities across the banking sector. This relies on AIs having the necessary capacity to consistently and reliably produce, analyse and share relevant data with the HKMA and other competent authorities across the AML/CFT eco-system. Recognising the importance of greater collaboration in improving AML/CFT outcomes, the AML/CFT RegTech Forum, hosted by the HKMA with the support of Deloitte and in collaboration with The FinTech Association of Hong Kong, on 22 and 25 November 2019, brought together banking industry representatives, the RegTech community and various stakeholders of Hong Kong's AML/CFT ecosystem to explore how technology can be applied to make a real impact on our individual and collective AML/CFT efforts. The design of the AML/CFT RegTech Forum also recognised that banks in Hong Kong are at different stages of RegTech adoption. Expert panels were held to inspire as well as share experience on practical execution issues. “There are always new and emerging risks, to which the HKMA and banks have stayed vigilant and agile; criminals are also exploiting new technology and innovations to create terrible harm to consumers and the integrity of the financial system.” Introduction Arthur Yuen | Deputy Chief Executive, HKMA

HKMA AML/CFT RegTech Forum | Introduction 03 The facilitated workshops that followed aimed at supporting those just starting to explore or are at an early stage of AML/CFT RegTech adoption. Discussions were also held with those who are further along the RegTech adoption journey and who play a greater role within the ecosystem. The Forum will lead to several follow-up events and consultations in 2020 and beyond, where we expect to further the dialogue with the industry on both a bilateral and multilateral basis. This report highlights the proceedings of the Forum and sets out the next steps that will take our initiative forward in 2020. “The risk for all of us is being complacent, of carrying on as we have been and not confronting the barriers that may stand between us and progress. We should not be afraid of trying out solutions that we feel will have genuine impact, even if some turn out not to deliver everything they promise.” Arthur Yuen Deputy Chief Executive, HKMA (Opening remarks at the AML/CFT RegTech Forum, 22 November 2019)

HKMA AML/CFT RegTech Forum | Panel I: Innovation and the Future of ML/TF Risk Management 04 In line with how we see collaboration developing across public and private sector participants, Panel 1 brought together a range of industry experts to share their views on how to make the AML/CFT ecosystem more efficient and effective using technology. The panel comprised financial crime domain experts from banking and law enforcement, as well as experts from the fields of machine learning and cloud computing. The panel made the case that building out a more collaborative, intelligence-led approach to financial crime risk management is not only critical for driving the desired outcomes, but also long overdue. Under a more data-driven approach, the panel challenged the perception of compliance as purely a cost centre. Intelligence/information platforms incorporating a much wider variety of internal and external data sources and references are increasingly being leveraged to not only keep criminals from the financial system, but also drive sustainable business growth. Panel I: Innovation and the Future of ML/TF Risk Management The move to a more collaborative, intelligence-led financial crime risk management approach is critical if our AML/CFT ecosystem is to deliver more tangible outcomes against significant operational costs. Panellists (L-R): Stewart McGlynn (Chair); Paul Jevtovic; Zane Moi; Malcolm Wright; Chris Bostock. Technology is a critical enabler that can support the change to a more collaborative, intelligence-led approach that is sustainable over time. All ships rise with the tide. Smaller institutions must be brought along the journey. Access to quality data, both from internal and external sources, is critical to move beyond a rules-based approach and apply intelligence-led methods such as entity resolution and network analytics. Cloud computing is a paradigm shift. It enables scale-able storage and capacity as well as the ability to share, enrich and access data like never before for institutions of all sizes. Getting the people and culture right is just as important as getting the technology right. Collaboration internally and externally could be a significant mindset shift for banks, but a key to realizing this new approach to AML/CFT. Panel Highlights:

HKMA AML/CFT RegTech Forum | Results from the Industry Survey on AML/CFT RegTech Adoption 05 Industry Survey In June 2019, the HKMA carried out a survey of all 201 AIs and Stored Valued Facility (SVF) licensees to understand how and to what extent AIs and SVF licensees are deploying RegTech tools to manage their ML/TF risks. The online survey employed skip logic and a branching approach to capture information on both self￾identified "adopters" of RegTech, as well as "non-adopters". The 11 questions comprising the survey asked participants, among other areas:  the level of digitisation of their data and processes;  which technologies are being applied to processes that comprise the AML and financial crime risk management lifecycle;  the use of third-party solutions and services; and  the budget and talent resources required for adoption. Out of the 201 AIs and SVF licensees invited to take part in the industry survey, we received responses from 196, or a response rate of 97.5 percent. Level of Adoption Overall, 34 percent of HKMA￾regulated financial institutions are using RegTech currently in their internal AML and financial crime risk programmes. Results from the Industry Survey on AML/CFT RegTech Adoption 34 percent of HKMA-regulated financial institutions reported using RegTech to manage ML/TF risks today. Lower adoption rates do not mean lower maturity or sophistication; some early adopters are leading the field in their use of RegTech for AML/CFT. 9 24 32 1 73 32 15 10 29 15 4 12 6 x<1k 1k<x<5k 5k<x<10k 10k<x<1m x>1m Adopter Non-Adopter 22 (11%) 19 (10%) 47 (24%) (Total: 66) (Total: 130) 102 (52%) 6 (3%) Number of Customers Robotic Process Automation (RPA) Optical Character Recognition (OCR) Cloud Computing Network / Graph Analytics Facial / Voice Recognition Natural Language Processing / Generation (NLP/G) Distributed Ledger Technology (DLT) Artificial Intelligence / Machine Learning Our functional definition was: applications or solutions used within AML/CFT programmes that leverage one or more of the technologies below. What is “RegTech”? Fully Digital (9) Partially Digital (32) Mostly Digital (24) Fully Paper Based (1) Regtech depends on reliable and accessible data. Among self-identified adopters, 33 (or 50%) respondents noted their customer data was fully or mostly digital. Level of Digitisation 34% of AIs and SVF licensees are currently using RegTech in their AML and Financial Crime Risk Management Programmes. Overall Level of Adoption

HKMA AML/CFT RegTech Forum | Results from the Industry Survey on AML/CFT RegTech Adoption 06 As of June 2019, 66 entities across all HKMA regulated entities that responded to the survey identified themselves as adopters. This includes eight SVF licensees (or 53% of SVF licensee respondents), and 58 AIs (or 32% of AI respondents). The level of adoption also differs across the various demographics. Adoption, for example, is higher among AIs that have over 100,000 customers, where 15 out of 20 respondents indicated the use of RegTech for AML/CFT purposes. All Domestic Systemically Important Authorized Institutions (D-SIBs), which feature in this category, are also adopters of RegTech for AML/CFT purposes. In contrast, 29 percent of respondents (51 out of 176) in the category of AIs and SVF licensees with fewer than 100,000 customers were identified as adopters. Technologies in Use A lower level of adoption overall, however, does not imply a lower level of maturity or sophistication. 1 The four stages were defined in the survey as: customer onboarding, screening & monitoring, investigations & reporting, exit management. For example, based on the survey results, around 33 percent of adopters are currently using RegTech solutions that involve more cognitive technologies, such as Machine Learning, a subset of the growing field of Artificial Intelligence (AI). Almost half of this group (41%) have applied RegTech across the first 3 out of the 4 stages of the AML and financial crime risk management lifecycle, and 59 percent use four or more of the technologies that the survey currently uses in its functional definition of RegTech.1 RegTech is no longer a novelty or a tool for marketing for these institutions—the technology, as well as the people and operational foundation that support it, have become a critical mainstay of their AML and financial crime risk management programmes. Challenges and Pain Points In addition to placing a spotlight on the community of AIs leading the charge on RegTech adoption, the survey also highlighted some of the real and perceived challenges that might have stood in the way of broader RegTech adoption. At an aggregate thematic level, adopters and non-adopters alike have voiced challenges around: Budget - the perception that RegTech is prohibitively expensive; Talent – the knowledge and skill demand created by new technologies, evolving roles and responsibilities, institutional resistance to change; Mandate / Priority – the buy-in and support of executive leadership, coordinating across regional and global head offices, competing for attention / budget with other high￾priority initiatives; Data / Infrastructure – accessibility / quality of data, perceived invasiveness of RegTech adoption; and Regulation – data privacy and security considerations, uncertainty around supervisory expectations. The survey results provided a useful backdrop for the discussion in Panel II. 0 5 10 15 20 25 30 35 40 Robotic Process Automation Optical Character Recognition Cloud Computing Network Analytics Distributed Ledger Technology Facial / Voice Recognition Natural Language Processing / Generation Artificial Intelligence / Machine Learning Customer Onboarding Screening & Monitoring Investigation & Escalation Exit Management 1 The four stages were defined in the survey as: (i) customer onboarding; (ii) screening & monitoring; (iii) investigations & reporting; and (iv) exit management. Overall, RegTech applications using RPA and ML are gaining traction within customer onboarding, as well as screening and monitoring processes. AML/CFT Applications

HKMA AML/CFT RegTech Forum | Panel II: RegTech Adoption in AML/CFT – Challenges and Opportunities 07 Underscoring why banks have been getting excited about the transformative potential of RegTech, the panel shared their experiences working with the increasingly wide range of RegTech applications that benefit AML/CFT processes. Panel Highlights:  Institutional mind set change. Adopting new technologies through more open source mediums represents a significant change from thinking of knowledge as intellectual property and a competitive advantage.  The role of fear and misperception in RegTech adoption, especially the fear of failure, and the misperceptions that RegTech is prohibitively expensive to deploy and solely for larger financial institutions.  The challenges and benefits of working with smaller vendors; the increasing pace of change across the technology landscape, and using a safe environment that allows for rapid experimentation. Speaking to the survey results and the real and perceived blockers inhibiting RegTech adoption, the panellists clarified that RegTech did not necessarily need to be a major expenditure or an invasive change to their existing systems and business-as-usual processes. To demonstrate that starting RegTech adoption could be quicker and incur lower cost than commonly perceived, one of the panellist outlined the process to go from an idea, such as "how to on-board customers remotely", to using open source data and technology to build an initial proof of concept. The lesson, other panellists summarized, was to begin small, to try and not tackle everything all at once, and to take incremental steps as quickly as possible. Similar to Panel I, data surfaced as a critical foundational element for those looking to adopt RegTech. The panel shared views on how the cost of data is often misunderstood as a compliance cost, whereas in reality the data and associated skillsets should be articulated as a potential business driver. Responding to questions from the audience, the panellists also shared thoughts on the challenges and opportunities created by a plethora of technologies and vendors in the market. Panel II: RegTech Adoption in AML/CFT – Challenges and Opportunities RegTech adoption does not need to be prohibitively expensive or invasive. Panellists share their experiences of overcoming a fear of failure, starting small and working with third-party vendors and service providers in the marketplace. Panellists (L-R): Anir Bhattacharyya (Moderator); Wendy Ennis; John Collins; Edward Chiu; Brian Tang.

HKMA AML/CFT RegTech Forum | Panel II: RegTech Adoption in AML/CFT – Challenges and Opportunities 08 One panellist shared his view that for smaller institutions, it was often preferable to go with those vendors with a proven track record. Another panellist added that smaller vendors can be more agile, and their technology teams can be often more willing to work toward a tailored solution with their prospective clients. Toward the end, a panellist reiterated the need to act fast and be nimble. Noting the pace at which they saw technologies such as machine learning evolving, the panellist warned the long-term procurement deliberations that often precede investments into new technology could make the solutions themselves irrelevant by the time they arrive. Overall the advice from the panel was clear: identify the pain points to drive use cases, understand and engage all impacted and benefiting parties early in the adoption journey, share and collaborate learnings within and outside of your bank and don't be afraid to fail—it's all about experimentation and getting used to a new approach by not just thinking but doing. “If you haven’t started, do so; take baby steps if need be, but take steps at all costs.”

HKMA AML/CFT RegTech Forum | Breakout Sessions 09 Breakout Session 1 "Accelerators" Session 1 involved a number of institutions, including international private banks, Asia-Pacific retail & corporate banks and Hong Kong￾incorporated banks which are starting to adopt RegTech into their AML/CFT environments. The session was facilitated by representatives from the HKMA, Deloitte and the RegTech sector. The scope and purpose was to identify opportunities and try to address barriers for RegTech adoption in AML/CFT; road test a self-assessment tool that can assist AIs to identify processes for RegTech adoption; share practical insights from those within and outside regulated institutions with relevant and topical knowledge from the industry; and set the expectation that participants should take these insights and begin, or continue, to assess potential and/or further adoption of RegTech. In order to maximize quality interaction between the participants and the subject-matter experts in the rooms, the participating AIs were grouped into four rooms. Each room was assigned a lead facilitator and a group of subject matter experts who led participants through a process to identify and address pain points across the four general stages of the AML/CFT life cycle, namely: (i) customer on boarding, (ii) screening and monitoring, (iii) investigations and reporting, and (iv) exit management. In the first half of the session, participants were asked to identify and describe the pain points they see within their institutions:

  1. Describe to us what doesn't work as well as it should today? (e.g. "identification of customers at onboarding takes too much time.")
  2. In an ideal world, how do you see this process working better? (e.g. "information on ID documents automatically entered into our systems.")
  3. What is preventing your institution from operating in this optimal way? (e.g. "we don't have anyone who understands the required technology.") After consolidating the inputs from the first half, in the second half of the session, the subject matter experts presented back RegTech solutions that have been applied to some of the more common pain points raised by the participants. They facilitated a discussion on tactical challenges to implementation faced by early adopters, and also how the benefits of RegTech adoption can be articulated to the AIs’ leadership to secure necessary support and steer. A key aspect of the session was not only to identify the opportunities for RegTech adoption, which could address specific pain points, but also to think about the benefits for RegTech in a more holistic manner, which could help facilitate business case discussions and secure critical leadership support to take the ideas forward. Breakout Session 2 "Enablers" Session 2 focused on machine learning and addressing the perennial challenge of excessive false positive alerts, particularly how false positives draw scarce resources away from the critical task of identifying and preventing genuine risks. Participants in Session 2 included larger international retail, corporate and institutional banks that are further down the path of RegTech adoption in terms of maturity and sophistication. As with Session 1, participants in Session 2 were organised into four groups to maximize time with the subject matter experts. Breakout Sessions Customer Onboarding Screening & Monitoring Investigations & Reporting Exit Management Identification and Verification Customer Due Diligence Account / Profile Creation Name Screening Transaction Screening Transaction Monitoring Alert Investigation & Research Internal Reporting & Management Information External Reporting & Management Information Decision Making Account Closure Maintenance of Exit List (Session 1: illustration of facilitation aid used during the session to help participants organize their pain points.)

HKMA AML/CFT RegTech Forum | Breakout Sessions 10 Across the four groups, facilitators opened the session by providing context and background, emphasizing the HKMA's desire to accelerate RegTech adoption in Hong Kong, and its commitment to tailor industry engagement to reflect the reality that not all AIs are at the same stage in their RegTech adoption journeys. Session 2 required participants to work through a simulation where they played the role of the compliance officer in charge of AML/CFT at the Hong Kong branch of a global bank. The first part of the simulation was built around something familiar to all participants: preparing for an HKMA thematic review on transaction monitoring. From the resourcing and credentials of the AI's TM team to data samples and methodologies used for selecting and validating scenarios and rules, participants created a framework including various criteria that would demonstrate to the HKMA the effectiveness of the AI's approach to TM under the simulation. In the second half of the simulation, the participants were informed that the AI's group head office had introduced a new machine learning￾enabled solution that performed triage on alerts generated by the bank's TM system. Other overseas branches had already received approval from their home regulators to use the machine learning-enabled tool, and the Hong Kong branch was instructed by head office to approach the HKMA and secure its approval. In this part of the simulation, the participants were asked: how would you now demonstrate to the HKMA the effectiveness of your AI's approach to TM? Working with machine learning experts in the rooms, the participants used the framework built in the first half of the simulation to document elements critical to the responsible use of machine learning in a TM environment. This session used a familiar construct, a regulator review of TM, and actual machine learning use cases to help participants think through in an organized manner the changes that their teams and institutions would need to potentially undergo in order to interact with solutions that employ more advanced technologies such as machine learning. Breakout Session 3 "Collaborators" Member banks of the Fraud and Money Laundering Intelligence Taskforce (“FMLIT”) as well as observers from law enforcement, regulators and academia discussed opportunities to increase the effectiveness of AIs' contributions into the AML/CFT ecosystem in Hong Kong. Participants discussed the key elements and tangible actions that would be required to capture these opportunities, including the use of technology (such as tools to visualise relationships between customers and counterparties) to advance a more proactive data and knowledge sharing approach to AML/CFT. Session 2: Scope & Purpose Encourage further RegTech adoption, focusing on the potential application of machine learning in transaction monitoring/ transaction screening (TM/TS). Unpack perceived fears / challenges that are holding back participants from leveraging more advanced RegTech applications. Identify areas where existing AML/CFT organisations and operations need to evolve to effectively experiment with and ultimately deploy more sophisticated RegTech applications to address TM/TS pain points (starting with people and capabilities, and moving to areas such as data and infrastructure). Share success stories and challenges coordinating with regional or group head office on technology initiatives.

HKMA AML/CFT RegTech Forum | Breakout Sessions 11 The discussion yielded a number of insights, including:  international benchmark on data and knowledge sharing, against which Hong Kong would be measured, and which will also give rise to risk displacement if Hong Kong does not keep up;  acknowledgment of common ground and commitment required to pursue a shared objective: reducing overall financial crime risk in the banking system;  sharing of practical experience, such as the effective reallocation of resources through automation, and the positive impact of analytics on public-private partnerships and intelligence sharing; and  the importance of integrating internal and external data, and the role of entity resolution and contextual monitoring in helping AIs make informed decisions about anomalous behaviour quicker and more consistently. A discussion then outlined the fundamental requirements / criteria for a more pro-active, intelligence￾led approach to succeed, namely: data, analytics, information delivery, collaboration and skills and expertise, as well as the key goals and benefits of each AI. It was agreed that, as a pilot, FMLIT banks would work to address gaps in the fundamental requirements and how these contribute to the identification and mitigation of networks of mule accounts. (Session 3: example of fundamental requirements / criteria for achieving a more proactive, intelligence-led approach to AML/CFT.)

HKMA AML/CFT RegTech Forum | Next steps 12 Forthcoming activities Enabling AIs to use RegTech for AML/CFT purposes will be a key supervisory area of focus in 2020 as we continue to explore how data and technology can be leveraged to enhance Hong Kong's AML/CFT ecosystem. The 2019 AML/CFT RegTech Forum represents a great start, and in the next phase of work we will maintain the positive momentum generated by the event by focusing on the following efforts in the next six to twelve months: Knowledge-sharing remains key Since the conclusion of the online survey, the HKMA have engaged 22 AIs to begin developing a richer understanding of both industry best practices and common challenges. Follow-up conversations with respondents to the survey are ongoing, and will produce a series of case studies that will be shared with the industry in due course. We will also conduct further surveys to inform changes in adoption rates and trends. This work will be supplemented by peer-to-peer knowledge exchange among AIs, commencing with the first discussion in early 2020 about leveraging a wider data set (e.g. IP addresses) to enable bank analysts to better identify and understand the full extent of evolving ML/TF risks. More sharing sessions on emerging trends and industry practices are expected in the coming months. We will also continue to engage international standard setters and peer regulators and conduct international comparative research into the role of RegTech in AML/CFT efforts and share these learnings with the banking industry and stakeholders from time to time. Next steps Carmen Chu | Executive Director (Enforcement & AML), HKMA “Enablers” Hosting interactive “lab sessions” with AIs to experiment with machine learning methods for TS/TM. Introducing an appropriate assessment framework that helps AIs to review their existing AML/CFT processes and identify opportunities for RegTech adoption; performing a follow-up industry survey on RegTech adoption in mid-2020. “Accelerators” “Collaborators” Working with FMLIT banks to further build out a common set of fundamental requirements around data, analytics, information delivery, collaboration as well as skills and expertise; further enhancing the effectiveness of the AML/CFT ecosystem and the positive impacts of information and intelligence sharing.

For more information, please contact us at aml@hkma.iclnet.hk Supported by Hong Kong Monetary Authority 55/F Two International Finance Centre, 8 Finance Street, Central, Hong Kong Telephone: (852) 2878 8196 Fax: (852) 2878 8197 E-mail: hkma@hkma.gov.hk www.hkma.gov.hk