The SFC Reprimands Responsible Officer And Manager-In-Charge For AML/CFT Management Failures

The SFC reprimands a responsible officer of a licensed corporation and suspended his license for 8 months for management failures relating to anti-money laundering and counter-financing of terrorism (AML/CFT) compliance.  In this article, we provide a summary of this SFC enforcement action and consider its wider implications for the senior management of licensed corporations, including responsible officers and managers-in-charge. If you have specific concerns about a potential or ongoing SFC investigation or SFC enforcement action or you wish to know more about AML/CFT requirements, please contact one of our SFC Investigations & Prosecution or anti-money laundering lawyers.

In December, 2021, the Securities and Futures Commission (“SFC”) reprimanded a responsible officer (“RO”) and suspended his license for 8 months on the basis of a management failure, amongst other things, to put in place an effective ongoing monitoring system to ensure compliance with the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (“AMLO”), the Guideline on Anti-Money Laundering and Counter-Terrorist Financing (“AML Guideline”) and the Code of Conduct of Persons Licensed by or Registered with the SFC (“Code of Conduct”). The reprimand and suspension takes place in conjunction with a reprimand and an HK$8 million fine of the licensed corporation, Grand International Futures Co., Limited (“GIFCL”).

As there was no finding that the RO had actively participated in any wrongdoing, the reprimand and suspension of the RO underlines the responsibility of responsible officers to supervise the regulated activities of a licensed corporation. It represents an ongoing shift in the SFC’s approach to place greater disciplinary focus on responsible officers for management failures.

Basis for SFC Reprimand of Responsible Officer

In taking disciplinary action against an individual responsible officer, the SFC found that GIFCL’s breaches were attributable specifically to the RO’s failure to discharge his supervisory duties as a responsible officer and a member of GIFCL’s senior management, including the following:

• General Principle 9 (GP 9) of the Code of Conduct – The RO failed to ensure the maintenance of appropriate standards of conduct and adherence to proper procedures by the firm.

• Para. 14.1 of the Code of Conduct – The RO failed to properly manage the risks associated with GIFCL’s business.

In this case, the RO was GIFCL’s Manager-In-Charge (“MIC”) for Overall Management Oversight, Operational Control and Review, Compliance and Information Technology functions and the Key Business Line function. It is unclear whether the SFC would have taken disciplinary action if the RO were simply an MIC rather than a responsible officer in addition to being an MIC.

AML/CFT Supervisory Failures

In determining that GIFCL breached regulatory requirements in respect of AML/CFT, the SFC made the following findings:

• Failure to Conduct Due Diligence on CSSs – GIFCL had failed to conduct proper due diligence on customer supplied systems (“CSSs”) that enabled clients to connect through an API to GIFCL’s own systems to place trades. The CSSs enabled GIFCL clients to open sub-accounts for third parties without GIFCL conducting client onboarding procedures for those third parties.

• Failure to Monitor Client Fund Movements – The SFC further found that clients using the CSSs had made deposits into their accounts with GIFCL that were inconsistent with the financial profile established with GIFCL and that GIFCL either had not conducted due diligence to monitor fund movements or had failed to keep adequate records of such due diligence.

In light of the foregoing, the SFC took the view that GIFCL’s systems and controls were inadequate and ineffective. Amongst others, the SFC relied upon breaches of the following regulatory requirements in reaching its conclusion:

• General Principles 2 and 3 of the Code of Conduct – require a licensed corporation to act with due skill, care and diligence and to have and employ effectively the resources and procedures which are needed for the proper performance of its business activities.

• Para. 4.3 of the Code of Conduct – requires a licensed person to have internal control procedures and operational capabilities which can be reasonably expected to protect its operations and clients from financial loss.

• Para. 5.1 of the Code of Conduct – requires a licensed corporation to take all reasonable steps to establish the true and full identity of each of its clients.

• Schedule 2 of the AMLO and the AML Guidelines – require a licensed corporation to mitigate the risks of ML/TF, establish client due diligence and record keeping requirements and obligate a licensed corporation to monitor client activities and to identify transactions that are complex, large or unusual and that have no apparent economic or lawful purpose.