As of 30 June, 18 out 39 Chinese listed banks have overseas branches across 60 territories (including Hong Kong, Macau and Taiwan), seven of which have branches only in Hong Kong. As newcomers with limited experience in overseas operations, how should these banks effectively manage compliance risks?
Taking Hong Kong as an example, the Hong Kong Monetary Authority (HKMA) revealed that, while banks have generally made efforts to promote a proper culture, they still need to monitor the potential implications of management and staff behaviour.
The HKMA issued a circular on bank culture reform (HKMA, Bank Culture Reform, 2 March 2017) to guide financial institutions to develop and promote a sound corporate culture that supports prudent risk management and contributes towards incentivising proper staff behaviour with the aim of achieving positive customer outcomes and high ethical standards for the industry.
While there is no one-size-fits-all approach, the HKMA’s circular is a good reference for Chinese banks to promote sound bank culture in three areas:
It is commonly observed that Chinese banks tend to send senior management from the domestic market to manage overseas operations. If a senior executive does not demonstrate a sound understanding of operations, regulations and compliance rules, conflicts could arise in management teams and weaken the governance framework. This could also lead to regulators developing an impression that the senior management assigned is not promoting prudent risk management behaviour or striking the balance between business growth and sound risk management. In practice, a dedicated board-level committee should be established and chaired by an independent non-executive director. Its remit should be to advise and assist the board in the build-up of a risk management framework.
2) Incentive schemes
As most senior executives of Chinese banks’ overseas branches are sent from headquarters, there could be frequent changes of leadership and the organisational structure may also be rapidly expanding as the business grows. The board of directors at the head office level should pay special attention to the organisational structures and personnel movement in overseas entities and ensure timely review and appropriate incentive schemes in line with the bank’s desired culture.
3) Assessment and feedback mechanisms
Banks should establish appropriate assessment and feedback mechanisms as part of business units and staff compliance risk monitoring. An effective and confidential whistle blowing channel should be put in place to allow timely reporting of any illegal, unethical or questionable practices.
Anti-money-laundering and counter-terrorist financing (CTF) as global issues
In additional to corporate culture, anti-money laundering (AML) and counter-terrorist financing (CTF) are also sources of compliance risk. These issues are global in nature, and cannot be underestimated by Chinese banks planning for overseas expansion.
In recent years, regulators around the world have taken tougher measures with increasing sanctions. Both the US (New York State Department of Financial Services) and European (Financial Conduct Authority of the UK) regulators have inspected Chinese banks for AML/CTF compliance.
As the number of collegial orders signed with Asian banks continues to increase, it is expected that there could be more enforcement activities and sanctions imposed on Asian banks.
While regulations and laws differ around the world, Chinese banks should consider AML/CTF as part of wider compliance risk management. In particular, they should focus on the following three key areas:
- Effective system monitoring on AML/CFT
AML and CTF risk assessment (on each product inventory list) should be incorporated into the transaction monitoring system, which clearly defines the risks required to be detected. When running IT applications, it is important to ensure model design (i.e. scenario design) is processed, tested and recorded by experienced data analysts. It should also have a proper structure to support the system with the capability to detect and update related scenarios and parameters. In the operation of a transaction monitoring system, periodic checks should be conducted to assess the completeness of system list and database, as well as to ensure a dedicated model design and governance framework in place to detect and approve related scenario changes. Compliance, operation and IT departments need to be given clear roles and responsibilities.
- Three lines of defence with clear roles
Roles and responsibilities need to be properly assigned to each line of defence. In the first line, business heads and relationship officers are responsible for daily compliance of AML and CTF. In the second line, risk management and compliance departments are responsible for reviewing policies and procedures on AML and CTF standards so that management and staff can be compliant. For the third line, the internal audit department shall independently test the internal control over AML and CTF compliance so that the Board can be assured that effective AML/CTF controls are in place. Last but not least, the Board should timely address and resolve any reported compliance issues concerning AML and CTF.
- Understand local business practices
The extent to which management given overseas assignments can familiarise themselves with local business practices and the expectations of regulators will help mitigate the compliance risk arising from overseas operation. It is key to appreciate and address the principles behind the rules of regulation set by the regulators so that required regulations and compliance obligations can be fulfilled.
List of key considerations for compliance risk management
- Can corporate policies catch up with changing laws and regulations?
- Have you well understood the requirements of domestic and overseas regulatory bodies and known how to respond accordingly ?
- •Have the board and senior management set a right tone from the top to ensure a sound risk management practice is adhered to especially on the build up and promotion of proper bank culture in managing overseas operation and risk taking behaviour
- Is enterprise risk assessment regularly performed?
- Is the risk assessment on AML / CTF incorporated and carried out on new products and services?
- How well do you understand your high risk customers?
- Have we continuously monitored customer business relations & transitions so that suspicious activities can be timely identified
- Is the system checked regularly testing on its effectiveness & efficiency so that constant improvement can be made on AML / CTF transactions monitoring
- Are senior management and staff trained appropriately?
- Is the risk management framework periodically reviewed to ensure compliance?
Feel free to contact PwC’s Advisory team to discuss further.
Industry specialists from PwC will address FinanceAsia's Compliance Summit in Hong Kong on November 8.
Partner, Forensic Services
+(852) 2289 2587
Mary is a Partner in PwC’s Forensic Services practice who specialises in Financial Crime. She has extensive in-house experience in the private banking industry. Prior to joining PwC, Mary served, for over five years, as a Vice President in the Hong Kong office of leading global financial institution specialising in Anti-Money Laundering Compliance.