COVID-19 Related Circulars Or Guidance (Non-Exhaustive) Published By Financial Services Regulators Of Hong Kong (Last Updated: 16 September 2022)
Published date | 20 September 2022 |
Subject Matter | Finance and Banking, Coronavirus (COVID-19), Financial Services, Financing, Insurance Claims |
Law Firm | Mayer Brown |
Author | Ms Sara Or |
We have compiled the following chronology table which serves as a quick reference point to track the circulars and guidance published by HK financial services regulators in relation to COVID-19. We will update the table regularly. Kindly note that the table is not intended to capture all regulatory publications on an exhaustive basis.
Securities and Futures Commission (SFC) Circulars/Guidelines |
|||||
TITLE |
SUMMARY |
DATE |
LINK |
REMARKS |
|
1 | Circular to Licensed Corporations and Associated Entities - Anti-Money Laundering / Counter-Financing of Terrorism Publication of the Latest Hong Kong's Money Laundering and Terrorist Financing Risk Assessment Report |
Background The Government published on 8 July 2022 the latest Hong Kong's Money Laundering and Terrorist Financing Risk Assessment Report ("the Report"). The Report examines the money laundering and terrorist financing ("ML/TF") threats and vulnerabilities facing various sectors in Hong Kong and the city as a whole in recent years, as well as assesses the risk of proliferation financing faced by Hong Kong. The updated assessment results facilitate the Government in implementing mitigating measures against the identified risks to ensure that Hong Kong's anti-money laundering and counter-financing of terrorism ("AML/CFT") regime can address challenges brought by the ever-changing market developments. The assessment concludes the ML risk of the securities sector remains at medium level, taking into account the ML threat and vulnerability levels for the securities sector which are both assessed to remain at medium level. The Report notes that the securities sector continues to be exposed to transnational, cross-border as well as domestic ML threats. In particular, it is also exposed to ML threats from social media investment scams in recent years. "Nominee" and dubious investment arrangements which have been exploited for use in schemes to facilitate market misconduct or in concealing the actual beneficial ownership for other illegal purposes are newly identified as key ML vulnerabilities. Furthermore, the increased use of online and mobile trading as well as remote office arrangements during the COVID-19 pandemic also provide opportunities for criminals to abuse the sector for online fraud and theft and related ML activities. Actions taken and will be taken by the SFC The SFC has strengthened its risk-based AML/CFT supervision which enables the monitoring of firms' AML/CFT compliance in a more risk-sensitive and effective manner. These include implementing the Manager-In-Charge regime for eight-core functions including AML/CFT, and launching a revamped Business and Risk Management Questionnaire which gathers more information about firms' business operations and AML/CFT controls. The SFC will reinforce its capacity building and outreach programmes to enhance the AML/CFT compliance capability of the securities sector to help mitigate the ML/TF risks. The SFC's Expectations of LCs and AEs Licensed corporations ("LCs") and associated entities ("AEs") are reminded to identify and assess ML/TF risks to which the firms are exposed and to keep the assessment up-to-date, having regard to the key ML/TF threats and vulnerabilities identified in the Report that are relevant to their own circumstances. LCs and AEs should design and implement adequate and appropriate AML/CFT policies, procedures and controls that are commensurate with the ML/TF risks identified in order to properly manage and mitigate them. |
8 July 2022 | Click here |
For the latest Hong Kong's Money Laundering and Terrorist Financing Risk Assessment Report published on 8 July 2022, please see here. The above report has been covered in item 8 in the HKMA circulars/guidelines below and item 3 of the IA circulars/guidelines below. |
2 | Circular to Licensed Corporations Updated Technical Specifications for OTC Derivatives Trade Reporting |
The SFC published a Circular on 29 March 2022 to inform licensed corporations (LCs) of the HKMA's notice (the "Notice") about updated technical specifications for over-the-counter (OTC) derivatives trade reporting under the Hong Kong Trade Repository (HKTR) and the postponement of the implementation date of updates to coding schemes to cover "Proprietary rates" due to the current pandemic situation. LCs that may be subject to mandatory reporting obligation are advised to refer to the Notice. |
29 March 2022 | Click here | Please refer to the HKMA notice "OTC Derivatives Trade Repository of the HKMA Updated Technical Specifications for Reporting" dated 29 March 2022 here (covered in item 18 of the HKMA circulars/guidelines below). |
3 | Circular to licensed corporations - Managing the risks of business email compromise |
The SFC published a Circular on 24 March 2022 to indicate their expectations to licensed corporations (LCs) in relation to business email compromise (BEC) risks, especially at times when remote working arrangements are commonplace. Background The SFC has recently received reports from LCs about BEC, a type of cyber fraud whereby fraudsters posing as known business contacts dupe unwary staff into sending them money or sensitive information. These incidents resulted in the leakage of client information which undermined client interests and, in some cases, significant financial losses which the LCs had to bear. Business email compromise A BEC scheme typically involves one or more of the following actions by the fraudsters:
In most cases where fraudsters succeeded, the identities of the email senders were either not verified or were checked improperly. For example, an LC staff simply called the phone number provided by the fraudster and followed the confirmation to process the fund transfer instructions. In addition, many red flags were ignored by the LCs. In one incident, fund transfers were rejected or withheld by some banks. Instead of promptly investigating the irregularities, the LC proceeded to act on the transfer instructions to other banks. Eventually, a number of fund transfers were effected, inflicting financial losses on the LC. LCs should take note of the examples of BEC provided in the Annex. The SFC's expectations The SFC expects LCs to have internal control procedures and financial and operational capabilities which can be reasonably expected to protect their operations and clients from financial losses arising from theft, fraud and other dishonest acts, professional misconduct or omissions. The SFC reminds LCs of its circular titled "Circular to licensed corporations Management of cybersecurity risks associated with remote office arrangements" dated 29 April 2020 (item 19 below), to vigilantly monitor and effectively manage BEC risks, especially at times when remote working arrangements are commonplace. Control mechanisms LCs should establish effective policies and procedures to provide guidance to their staff for managing BEC risks. In addition, LCs should strengthen internal controls in the following aspects: (a) Client contact information
(b) Amendment of client particulars
(c) Email requests for order placing or fund transfer
(d) Red flags
Senior management responsibility It should be noted that the above control measures and techniques are by no means exhaustive. The SFC suggests that each LC review its own circumstances and ensure that appropriate and effective control procedures are put in place and effectively enforced. It is the responsibility of the senior management to oversee LCs' implementation of internal control policies and procedures for the effective management of BEC risks, and ensure that adequate resources for such control functions are allocated and proper checks and balances are in place. LCs should provide regular... |
To continue reading
Request your trial