Study Guide: ECF on Anti-Money Laundering and Counter-Financing of Terrorism (Core Level)

Overview of the Enhanced Competency Framework (ECF) on AML/CFT

  • Programme Background: The "ECF on Anti-Money Laundering and Counter-Financing of Terrorism (AML/CFT)" was developed by the Hong Kong Monetary Authority (HKMA) to support capacity building and talent development for banking professionals. It is integrated into Stage I of the Certified Banker (CB) qualification offered by the Hong Kong Institute of Bankers (HKIB).

  • Objectives:

    • To nurture a sustainable talent pool of AML/CFT practitioners to meet workforce demand.

    • To raise and maintain the professional competence of practitioners in the banking industry.

  • Competency Standards: This Core Level (AAMLP) is applicable to new entrants and practitioners with less than 33 years of experience in AML/CFT compliance roles, including:

    • Assisting in risk assessment reviews.

    • Performing periodic compliance tests on the AML/CFT framework.

    • Executing remediation of compliance deficiencies.

    • Reviewing and investigating suspicious transaction alerts and escalating to the Money Laundering Reporting Officer (MLRO).

  • Training and Examination Highlights:

    • Credits: 2020 credits (11 credit = 1010 Learning Hours).

    • Training Hours: 1515 hours (55 sessions).

    • Total Learning Hours: 200200 hours (training + self-study + examination).

    • Examination Format: Paper-based, 2.52.5 hours duration.

    • Question Type: 8080 Multiple-choice Questions (MCQs).

    • Pass Mark: 70%70\%.

    • Coverage: Study Guide/Essential Readings (80%+80\%+) and Market Information (20%20\% max).

Chapter 1: Fighting Money Laundering and Terrorist Financing

  • Definition of Money Laundering (ML): A process designed to conceal the true nature of property obtained from criminal activity (proceeds of crime) so it appears to originate from a legitimate source.

    • Property Scope: Includes cash, digital currencies, real estate, securities, precious metals, and physical assets like cars or boats.

    • Predicate Offences: Underlying crimes such as fraud, tax evasion, market misconduct, trafficking (drugs, arms, humans, wildlife), bribery, and corruption.

  • Three Stages of Money Laundering:

    • Placement: The physical disposal of cash proceeds derived from illegal activity into the financial system.

    • Layering: Separating illicit proceeds from their source by creating complex layers of financial transactions (electronic transfers, multiple accounts, investment products) to disguise the audit trail.

    • Integration: Placing laundered proceeds back into the economy to create the perception of legitimacy (e.g., purchasing real estate or financial instruments).

  • Definition of Terrorist Financing (TF): Financial support to individual terrorists or groups who encourage, plan, or engage in terrorism.

    • Source of Funds: Can be from both legitimate sources and criminal proceeds.

    • Comparison with ML: While ML focuses on concealing the source of "dirty" money, TF often focuses on concealing the destination or purpose of funds, which may be for mundane expenses like food and rent for terrorists.

  • Hong Kong Legal Framework:

    • AMLO (Cap. 615): Imposes Customer Due Diligence (CDD) and record-keeping requirements.

    • DTROP (Cap. 405) & OSCO (Cap. 455): Prohibit dealing with proceeds of drug trafficking and indictable offences; create mandatory reporting obligations and prohibit "tipping off."

    • UNATMO (Cap. 575): Implements UN Security Council Resolution 13731373 to prevent TF and freeze terrorist property.

    • UNSO (Cap. 537): Implements sanctions decided by the UN Security Council.

    • WMD Ordinance (Cap. 526): Prohibits providing services that assist the development of weapons of mass destruction.

  • International Bodies:

    • FATF (Financial Action Task Force): Sets global standards (4040 Recommendations). Hong Kong is a member.

    • Basel Committee on Banking Supervision: Focuses on prudential regulation and sound ML/TF risk management (19741974).

    • Egmont Group: A global network of Financial Intelligence Units (FIUs), including Hong Kong's JFIU.

    • Wolfsberg Group: An association of 1313 global banks (e.g., HSBC, UBS) that develops guidance on financial crime risks.

Chapter 2: Managing ML/TF Risk in Banks

  • Banking Vulnerabilities: Banks are at the forefront as "gatekeepers" because they process global payments and act as intermediaries. Most money laundering schemes involve the banking sector at some stage.

  • Risk Factors (RBA Approach):

    • Product/Service Risk: High-risk features include anonymity (e.g., complex trusts), pooling of funds, and large cash transactions.

    • Delivery/Distribution Channel Risk: Non-face-to-face services (Internet, phone) and the use of intermediaries increase risk.

    • Customer Risk: Involvement of Politically Exposed Persons (PEPs), complex corporate structures (shell companies), and cash-intensive businesses.

    • Country Risk: Connections to jurisdictions with weak AML/CFT controls, high corruption levels (via Transparency International's Corruption Perceptions Index), or areas subject to sanctions.

  • Case Study: Carson Yeung (FACC No. 6 of 2015): A businessman convicted of local ML charges for depositing over HKD 700700 million via 900+900+ individual deposits. The court ruled the prosecution does not need to prove the specific predicate offence, only that the defendant had reasonable grounds to believe the property represented criminal proceeds.

  • Case Study: HSBC (20122012): Paid US1.91.9 billion penalty for failing to maintain an effective AML programme, leading to the laundering of at least US881881 million in drug proceeds through Mexico and violating sanctions for entities in Iran and Cuba.

  • Case Study: Westpac (2020/20232020/2023): Paid AU1.31.3 billion in Australia and HKD 44 million in Hong Kong for failing to report over 19.519.5 million international transfers and delays in high-risk customer reviews.

Chapter 3: AML/TF Risk Management Framework

  • Risk-Based Approach (RBA): Banks must identify, assess, and understand risks to allocate resources effectively. RBA is NOT a "zero failure" approach.

    • Inherent Risk: Risk before applying controls.

    • Residual Risk: Risk remaining after implementation of controls.

  • Institutional Risk Assessment (IRA): Must be conducted every 22 years or upon trigger events. Tailored to the bank's size, complexity, and geographical diversity.

  • Risk Governance: Boards and senior management must set the "Tone from the Top," promoting a compliance culture of ethics and integrity.

  • Three Lines of Defence:

    • First Line: Business units (front-line staff) responsible for daily risk identification and executing controls.

    • Second Line: Compliance Function (Compliance Officer (CO) and Money Laundering Reporting Officer (MLRO)) to monitor compliance and establish systems.

    • Third Line: Internal Audit for independent evaluation of the entire framework.

  • Record-Keeping: Essential for audit trails and investigations. Records of customer identity and transactions must be kept for at least 55 years after the relationship ends or the transaction is completed (Cap.615Cap. 615).

  • Staff Training: Required for new joiners and existing staff on a regular basis to ensure awareness of legal obligations, internal policies, and emerging ML/TF trends.

Chapter 4: Customer Due Diligence (CDD)

  • CDD Steps: Identifying and verifying the customer, identifying the beneficial owner (BO), and obtaining information on the purpose of the business relationship.

  • Timing of Verification: Must be completed before establishing a relationship. Delayed verification is permitted only exceptionally and must be completed within a "reasonable timeframe" (usually no later than 3030 working days). If uncompleted by 120120 working days, the relationship must be terminated.

  • Beneficial Owner (BO) Thresholds:

    • Corporations: Individuals owning/controlling over 25%25\% of shares or voting rights.

    • Partnerships: Individuals entitled to over 25%25\% of profits or capital.

  • Politically Exposed Persons (PEPs):

    • Non-HK PEPs: High risk by nature, requiring Senior Management approval, source of wealth/funds establishment, and enhanced monitoring.

    • HK PEPs / International Organisation PEPs: Subject to RBA; EDD is applied if assessed as high risk.

  • Enhanced Due Diligence (EDD): Required for high-risk situations (e.g., shell companies, bearer shares, private banking, or jurisdictions called for by FATF).

  • Simplified Due Diligence (SDD): Permitted for low-risk customers (e.g., public bodies, certain listed companies), but does not exempt the bank from ongoing monitoring.

  • Correspondent Banking: Additional measures include gathering information on the respondent bank's business, reputation, and AML/CFT controls. Dealing with "Shell Banks" (banks with no physical presence or affiliation with a regulated group) is prohibited.

Chapter 5: Monitoring, Sanctions, and Reporting

  • Transaction Monitoring: Scrutinizing transactions to ensure consistency with the customer's profile. Identifies unusual patterns (size, frequency, geography).

  • Sanctions Compliance: Banks must screen customers and transactions against UN and local lists. Compliance is not subject to RBA (mandatory for matches).

    • Alert Handling: Requires investigation of "hits" to determine if they are "False Positives" or "Genuine Matches."

  • Suspicious Transaction Reporting (STR): Obligation to report knowledge or suspicion to the JFIU as soon as reasonable.

    • SAFE Approach: Screen, Ask, Find, Evaluate.

    • Legal Protection: Filing an STR provides a statutory defence against ML offences but does not mean the account should remain open for banking indefinitely.

  • Regtech Adoption: Use of Technology (Robotic Process Automation, Network Analytics, Machine Learning) to enhance the efficiency of monitoring and reduce false positives.

Chapter 6: Latest Regulatory Updates

  • Virtual Assets (VA): Cryptographically secured digital representation of value (e.g., Bitcoin) used as a medium of exchange or for investment.

    • Licensing: Virtual Asset Trading Platform Operators (VATPs) in HK must be licensed by the SFC.

    • AMLO Requirements: CDD required for occasional VA transfers of HKD 8,0008,000 or more.

    • VA Case Studies: Collapse of FTX (20222022), Binance and CEO guilty pleas (20232023), and JPEX scandal (20232023).

  • Dealers in Precious Metals and Stones (DPMS): New two-tier registration regime with Customs & Excise starting 11 April 20232023.

    • Category A: Non-cash transactions over HKD 120,000120,000.

    • Category B: Cash transactions over HKD 120,000120,000, subject to AML/CFT supervision.

  • Digital Identification: HKMA recognizes "iAM Smart" as a valid digital identification system for non-face-to-face onboarding.