The Securities and Futures Commission (SFC) has reprimanded and fined Zhonghui International Futures Company Limited (ZIFC) $5 million for failures in complying with know-your-client, anti-money laundering and counter-terrorist financing (AML/CFT) and other regulatory requirements between May 2017 and July 2018 (1 & 2).
The SFC’s investigation found that ZIFC, which permitted 26 clients to use their designated customer supplied systems (CSSs) for placing orders during the material time, had failed to conduct adequate due diligence on the CSSs. As such, ZIFC was not in a position to properly assess and manage the money laundering and terrorist financing and other risks associated with the use of such CSSs by its clients before allowing them to be connected to its broker supplied system (BSS). In addition, ZIFC had failed to implement two-factor authentication (2FA) for clients to login to their internet trading accounts via CSSs for six months until October 2018 (3 to 5).
The SFC identified that eight clients have authorized multiple third parties to place orders for their accounts via CSSs. However, ZIFC had failed to take reasonable steps to establish the true and full identity of these clients and their ultimate beneficial owners, nor make proper enquiries before approving the clients’ requests to set up the third party operated accounts.
The SFC further found that failure to have in place an effective monitoring system resulted in ZIFC’s failure to detect unusual money movements in three client accounts between January and August 2018 and 1,052 instances of self-matched trades in two client accounts between March and May 2018 (6).
The SFC is of the view that ZIFC’s conduct was in breach of the Anti-Money Laundering and Counter-Terrorist Financing Ordinance, the Guideline on Anti-Money Laundering and Counter-Terrorist Financing (AML Guideline), the Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading and the Code of Conduct (7 & 8).
In deciding the disciplinary sanctions against ZIFC, the SFC took into account that:
- ZIFC’s failures to diligently monitor its clients’ activities and put in place adequate and effective AML/CFT systems and controls are serious as they could undermine public confidence in, and damage the integrity of, the market;
- the necessity of a strong deterrent message that such failures are not acceptable;
- ZIFC has taken remedial measures to enhance its internal systems and controls;
- ZIFC’s financial situation;
- ZIFC cooperated with the SFC in resolving the SFC’s concerns; and
- ZIFC’s otherwise clean disciplinary record.
- ZIFC is licensed under the Securities and Futures Ordinance to carry on Type 2 (dealing in futures contracts) regulated activity.
- The SFC has also prohibited Mr Chu Chun Wai, a former responsible officer and executive director of ZIFC, for seven months. Please see the SFC’s press release dated 30 December 2021.
- CSSs are trading software developed and/or designated by the clients that enable them to conduct electronic trading through the Internet, mobile phones and other electronic channels.
- The CSSs were connected to ZIFC’s BSS through application programming interface (a set of functions that allows applications to access data and interact with external software components or operating systems). BSSs are trading facilities developed by exchange participants or vendors that enable the exchange participants to provide electronic trading services to investors through the Internet, mobile phones, and other electronic channels.
- Paragraph 1.1 of the Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading issued by the SFC on 27 October 2017 requires licensed corporations to implement 2FA for login to clients’ internet trading accounts. This requirement took effect on 27 April 2018.
- Self-matched trades refer to those trades where the client’s order matched with his/her own order in the opposite direction. The AML Guideline specifies the entry of matching buys and sells in particular securities or futures as an example of situations that might give rise to suspicion of money laundering, as it might create the illusion of trading and be an indication of market manipulation.
- Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission.
- Please refer to paragraph 18 of the Statement of Disciplinary Action for the relevant regulatory requirements.
At LS Consultancy, our consultants are industry experts that interpret the rules, regulations and spirit of the industry guidelines by assisting you “the client” in implementing a compliance programme that you can be confident is mitigating the risk of financial crime. What we can do:
- We analyse the relevant jurisdictions legislation, regulation and industry guidance to ensure that your controls adopt the highest standard possible
- Analyse and/ or Enhance your Business Wide Risk Assessment to ensure we consider money laundering and relevant predicate crimes
- Assessment of your Customer Onboarding and/ or Periodic KYC reviews rely on independent documentation and supported by credible information from your customer – as this is key to your compliance programme.
- Robust Transaction Monitoring and Screening whilst utilising your up-to-date KYC documentation/ information are fundamental.
- Greater emphasis on training – why not go through live examples with your RM’s, Operational Teams and Compliance – discuss the areas of concern and come up with compliant solutions.
- Ensuring your Compliance Monitoring Programme is conducted on a regular basis
- Engagement with senior management through relevant committees
For further information please contact us where our industry experts will be happy to answer your questions.