Hong Kong’s de facto central banking is asking banks to significantly upgrade suspicious activity monitoring capabilities as it prepares for another FATF review in 2025.
In times past, a Financial Action Task Force (FATF) assessment was the banking and finance equivalent of getting a comprehensive physical.
For unprepared countries and jurisdictions, it could exact an unflinching toll and even end up with them consigned to an unforgiving grey list, along with very public remonstrations of their inadequacies.
Next Up
If not fixed, it could end up clogging up a banking center’s relationship with the outside world, affecting everything from risk ratings to counterparties. As such, Hong Kong, as a city and a jurisdiction, is up for the next one in 2025, and it appears that the nervousness about what is going to be coming down is already here.
Factoring it In
«Hong Kong has undertaken two rounds of jurisdictional risk assessments and is making preparations to undertake a third one in 2025,» the Hong Kong Monetary Authority (HKMA) executive director of Enforcement and AML Raymond Chan said in a keynote speech at the INCLUSION-Conference on the Bund in Shanghai published yesterday.
The first took place in 2008 when Hong Kong was rated partly compliant. At the time, it was considered a severe embarrassment and even a generalized calamity in certain quarters. But it managed to come back from that by enacting a barrage of laws now known as the AMLO in the years after that, and the city came up – mostly – smelling like roses in 2019.
Fertile Ground
The current nervousness, therefore, is warranted – not only because of the past but because of the way the world has changed since the last review. Chan was emphatic about that by saying that tech and digitalization have created «fertile ground» for criminals and that it is already a threat to a «broad spectrum» of society.
Moreover, Hong Kong has had clear difficulties in coping with the onslaught of digital scams, as evidenced by the launch of a government app (Scameter+) this year following several very large incidents, which finews.asia reported on. Beyond that, the Securities and Futures Commission (SFC) noted its concerns in that regard last week.
No Guarantees
Chan’s worries, however, relate to the specific money laundering, terrorism finance, and sanctions risks from this brave new world.
«Existing approaches to AML work can no longer guarantee the integrity of our inter-connected financial systems and a more ambitious approach to data and technology is required, particularly in the area of suspicious activity surveillance,» he said.
More Money
This will not be music to the ears of the city’s banks, particularly those with large-scale retail and commercial operations. Just half a decade back, many of them spent untold billions of dollars upgrading their suspicious activity and transaction monitoring systems - and it now looks like they can go and start again from scratch.
But Chan has an answer as to how to answer the current challenges posed by digital financial crime – and it lies, as in so many other things in our tech-driven world, with AI or artificial intelligence.
Large Volumes
«Consideration should be given to using enriched customer data to enable a much more comprehensive view to be visualized, analyzed, assessed and acted on, by banks, collaborating with law enforcement as part of an ecosystem with shared objectives and priorities. The large volume of valuable intelligence in various public and private platforms must be leveraged,» Chan indicated.
The truth, though, is that the last cycle of upgrades, as mentioned above, was supposed to do exactly that. Instead, the vast internal data pools from different internal IT systems combined with off-the-shelf industry tech only seemed to generate millions of largely useless alerts, which the industry termed false positives.
This Time it Will Be Different
Still, despite that history, all authorized institutions will have to undertake a feasibility study and implementation plan for AI that needs to be signed off by the board and submitted to the HKMA by the end of March 2025 - likely just around the time the FATF walks in the door.
It seems part of a large-scale effort, with a circular and annex on using AI for suspicious activity monitoring issued in conjunction with the speech.
Primary Driver
But will things be different this time? The HKMA thinks so, saying that AI already seems to be a primary driver for banks in getting rid of the overwhelming volume of false positive alerts.
Reading between the lines, the upgraded systems appear able to replace the level 1 and level 2 escalation teams that until recently were responsible for much of that work while AI also doesn’t have the static rules and parameters that conventional transaction monitoring systems have.
Extreme Expense
It all sounds good in practice but there is one clear downside that no one talks about. Implementing it will favor the major names with the broadest IT frameworks and the largest client franchises.
Smaller institutions, including the overseas branches of many Swiss private banks, are going to struggle to get anything done as the deadline creeps closer, as it is more than probable that the large consultancies and IT firms will be booked to capacity until then.