Compliance Convergence: HKMO offering certifications on AML, cyber, to go from ‘good to great’

Enjoy this new ACFCS quick hit feature highlighting compliance convergence!

By Brian Monroe
bmonroe@acfcs.org
January 19, 2017

The Hong Kong Monetary Authority said it will require bankers operating in the city to be trained and certified to deal with cyber security and money laundering, beefing up its regulations to prepare for competition with Singapore to be the Asian hub for financial technology, according to a recent report.

The program, which started last month, will add these financial crime compliance disciplines to the regulator’s Enhanced Competency Framework (ECF) for local bankers in the form of a certification program on cyber security, and anti-money laundering measures (AML), said the Hong Kong Monetary Authority’s chief executive Norman Chan Tak-lam.

While the certification is not a mandatory requirement, according to the report, the programs would allow financial institutions “to ensure that their staff have the adequate expertise to nab hackers who try to steal money from people’s accounts and to ensure that customer accounts are not used for money laundering.”

Total Asia-Pacific investments in fintech – a catch-all term that refers to use of digital technology to make financial services more efficient – has risen to US$4.3 billion in 2015, from US$103 million in 2010, according to the report, citing Accenture.

The decision by the HKMA comes on the heels of the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) in November issuing its clearest and most direct call for banks to enhance collaboration between BSA/AML units and teams responsible for cybersecurity, in an advisory that hones suspicious activity reporting (SAR) expectations related to “cyber-events and cyber-enabled crimes.”

The bulk of FinCEN’s nine-page document and accompanying five-page FAQ sheet were devoted to expanding on when and how institutions should be conducting mandatory and voluntary reporting on suspected, or known, cyberattacks.

Prior to that, in September, FinCEN stated financial institutions needed to more tightly knit together their anti-money laundering, fraud and cybersecurity teams to better thwart an explosion of online attacks against individuals and businesses, a criminal tactic relying on human error to compromise accounts to the tune of billions of dollars.

That was the crux of the advisory and related guidance pushing these teams to break down silos in order to tackle the rising scourge of business email compromise (BEC) and email account compromise attacks (EAC). The advisory amounted to a championing of the virtues of compliance convergence by the country’s arbiter of anti-money laundering (AML) rules.