SFC fine exposes AML risk from customer supplied systems

The SFC’s HK$4.8m fine of Jinui Futures highlighted the broker’s failure to carry out due diligence on customer supplied trading software. With several licensed corporations recently reprimanded for the same weakness, it’s important to understand the functionality of these systems to effectively assess potential financial crime risks.

Routine SFC inspections have focused heavily on controls around anti-money laundering and counter-terrorist financing (AML/CFT) and many licensed corporations (LCs) have fallen short on meeting the AML/CFT Ordinance and the Guideline on AML/CFT, the SFC’s Code of Conduct and Internal Control Guidelines.

Jinrui Futures (Hong Kong) Limited, a Type 2 LC dealing in future contracts, failed to comply with the KYC, AML/CFT and other regulatory requirements between April 2015 and June 2018 according to the SFC’s findings.

The investigation found that Jinrui Futureshad allowed clients to use customer supplied systems (CSSs) for placing orders during the material time and failed to conduct adequate due diligence on those systems. As a result, it was not able to properly assess and manage the AML/CFT and other risks associated with the use of such systems by its clients.

CSSs are trading software developed or designated by clients to conduct electronic trading via the internet, mobile phones and other electronic channels. The CSSs were connected to Jinrui Futures’ broker supplied systems through an application programming interface, a set of functions allowing applications to access data and interact with external software components or operating systems.

In addition, Jinrui Futures’ account opening procedures didn’t include screening the company’s clients before they opened accounts and failed to make proper enquiries to clients’ deposits, which were inconsistent with their nature of business, risk profile and source of funds.

To send a strong deterrent message, the SFC reprimanded and fined the LC HK$4.8 million and suspended the relevant executive director and responsible officers from re-entering the industry.

In the past couple of years the SFC has penalised various LCs for failures to conduct proper due diligence or testing on the CSSs. Those LCs failed to understand the features and functions of the CSSs and, as such, couldn’t properly assess the AML/CFT and other risks associated with the use of CSSs. This exposed them to the risks of improper conduct such as unlicensed activities, money laundering, nominee account arrangement and unauthorised access to client accounts.  When reviewing your AML/CTF risk framework, use of these CSSs is certainly an area to look at in detail.

How can we help

Our dedicated team in Hong Kong can help you draft policies and procedures on conducting due diligence on CSSs. We also advise on KYC and ongoing transaction monitoring procedures and perform mock inspections on LCs’ internal controls in relation to AML/CFT requirements.

Get in touch if you’d like to discuss any tailored support or advice options with us.