Comment from Steve Hancock, Professional Services Director, AML Analytics:
This guidance paper that was issued by the Banking Supervision Department of the Hong Kong Monetary Authority in December. Whilst aimed at domestic Hong Kong banking sector, it does set an interesting tone, and no doubt one that other regulators are likely to follow.
In our experience, this guidance is the most detailed that we have seen from any regulator around the world. The sections that are of particular interest are 1.3(a), 2.1, 2.3, 2.4, 3.9 (e), 3.11 and 3.12. However, section’s 2.1, 2.6 and 3.9(e) are the most far reaching, and say:
2.1 ‘Authorized Institutions should be conversant with the abilities of the algorithm used in its transaction screening system, with particular attention being paid to the ability of the name screening system to identify names with minor alterations such as reverse order, partial name and abbreviated forms’
2.6 ‘Where an Authorized Institution subscribes to a commercial risk register (where designated entities and jurisdictions that have been added by the relevant authorities, e.g. United Nations Security Council and Office of Foreign Assets Control, would be added automatically to the Authorized Institution’s database), Authorized Institutions should periodically conduct sample testing on the names of newly added designated entities and jurisdictions to ensure the completeness and accuracy of the database’.
3.9 (e)’Authorized Institutions should:
understand how the data, or artificial intelligence, that is entered into the automated system correlates to the Authorized Institution’s requirements and the ML/TF risks to which it is subject’.