Management Summary
- Purpose / Background: This guidance reinforces the HKMA’s commitment to financial inclusion. It directs Authorized Institutions (AIs) to balance robust AML/CFT risk management with the necessity of providing banking access to individuals assessed as "higher-risk," ensuring they can meet essential livelihood needs.
- One-line conclusion: AIs must shift from a binary "de-risking" approach to a nuanced risk-mitigation strategy, offering restricted "basic banking services" to higher-risk individuals rather than immediately terminating relationships.
- Key Changes:
- Explicit expectation to maintain banking relationships via risk-based safeguards rather than automatic account closure.
- Provision of "Basic Banking Services" (deposits, withdrawals, payments, transfers) for higher-risk individuals with genuine needs.
- Implementation of granular controls (e.g., source-of-fund restrictions, transaction limits, pre-registered payees).
- Requirement for formal review mechanisms to allow customers to transition back to broader services if their risk profile improves.
- Mandated clear communication protocols regarding service limitations and the rationale for account restrictions/denials.
- Key Dates / Deadlines: Effective immediately. AIs are expected to align current AML/CFT policies and frontline procedures with these expectations.
- Applicability / Impact scope: All Authorized Institutions (AIs) operating in Hong Kong, specifically impacting AML/CFT compliance, customer onboarding, and frontline service operations.
- Recommended management actions:
- Conduct a gap analysis of existing "de-risking" policies against the "reasonable efforts" requirement for basic banking access.
- Develop a standard framework for "safeguards and limitations" (e.g., transaction caps, source-of-fund white-listing).
- Establish a formal "Request for Review" process for higher-risk customers to demonstrate changes in their circumstances.
- Update frontline staff training programs to ensure consistent communication of account restrictions and expectations.
- Implement periodic risk-profile reviews to ensure ongoing proportionality of applied limitations.
Detailed Summary
1) Document overview
The guidance outlines the HKMA’s expectations for AIs in managing "higher-risk" individuals. It emphasizes that risk mitigation must be proportionate, supporting financial inclusion while maintaining stringent AML/CFT compliance.
2) Main requirements
- Access to Services: AIs should provide "basic banking services" (deposits, withdrawals, payments, transfers) for higher-risk individuals residing in HK on a case-by-case basis.
- Risk Mitigation: Use targeted controls rather than account closure. Examples include restricting funds to specific sources (e.g., salary, government payouts), limiting transactions to pre-registered payees, and setting aggregate account balance thresholds.
- Communication: Clearly explain terms, limitations, and expectations to customers. If an account is denied, provide reasons as soon as practicable, unless legally restricted.
3) Key changes
- Shift from reliance on termination to the adoption of "reasonable safeguards."
- Formalization of the "review and transition" lifecycle (moving customers from restricted to broader services upon risk reduction).
- Explicit prohibition against forcing customers to move accounts to other AIs solely due to their high-risk status.
4) Important dates & transition
- Immediate application. AIs must ensure their internal AML/CFT frameworks incorporate these principles into ongoing risk management and customer onboarding operations.
5) Impact and risks
- Operational: Increased complexity in monitoring account usage to ensure adherence to specific "safeguard" limitations.
- Compliance: Potential risk of misclassification; AIs must ensure controls remain "proportionate."
- Reputational/Communication: High requirement for front-line empathy and clarity to explain "denial of service" or "restricted service" decisions.
6) Compliance action checklist
- [ ] Review and revise AML/CFT policy to include "Basic Banking Access" criteria.
- [ ] Designate a standard set of "Safeguards/Limitations" for high-risk segments.
- [ ] Implement a workflow for periodic risk re-evaluation and service upgrading.
- [ ] Update customer communication templates for notification of account limitations.
- [ ] Deliver training to frontline/onboarding staff regarding this guidance.
7) Appendices/attachments summary
- *Note: * The provided document is a single guidance notice and does not contain formal appendices or attachments. All requirements are consolidated within the main text segments (A) through (D).