Hong Kong Monetary Authority - Eddie Yue on How banks can contribute more to the fight against fraud and money laundering (2024)

In recent years, all major international financial centres have been promoting digitalisation of financial services which brings us convenience and a new customer experience. At the same time, criminals have adapted and are using technology to deceive people online, leading to a global increase in digital fraud. In Hong Kong, we face the same challenge. The HKMA received over 1,200 fraud-related banking complaints last year, more than double the number for 2022. This is in line with a 52% increase in deception cases reported to law enforcement in the first ten months of last year to 33,923, with estimated losses to victims of about HK$7.2 billion.

When criminals trick people in different ways into sending them money, they need to move and hide the proceeds so that they can spend it without getting caught, a process known as “money laundering”. This is typically done by moving the funds as quickly as possible through networks of mule accounts, which are often accounts which criminal syndicates have lured people to hand over control of. Based on experience overseas and in Hong Kong, one thing that is essential in combatting financial crime is prompt passage of information, both between law enforcement agencies and financial institutions, and within the financial sector, especially banks.

The HKMA has been working with the Police and the banking sector through several initiatives to speed up intelligence sharing among different parties to facilitate swift action to combat financial crime. These include the Fraud and Money Laundering Intelligence Taskforce (FMLIT), an intelligence-sharing platform comprising the Police, the HKMA and a number of banks (expanded from 10 to 28 banks in June last year); the 24/7 stop-payment mechanism, a collaborative initiative between banks and the Police’s Anti-Deception Coordination Centre; real-time fraud monitoring systems introduced by 28 retail banks last September to strengthen the identification of suspicious payments and alert potential victims; and the Anti-Deception Alliance, which co-locates bank staff and Police officers, launched by the Police, supported by the HKMA and the banking sector, in November last year.

These public-private partnerships have achieved considerable success. Between their inception in 2017 and October last year, FMLIT has led to about HK$1.1 billion in crime proceeds being restrained or confiscated and the 24/7 stop-payment mechanism has resulted in around HK$12.3 billion being intercepted.

So why are these efforts still insufficient to fully address the issue of mule account networks and why are we still reading media reports about people falling victim to fraud, with criminal proceeds unable to be recovered? The reason is that there is still a gap in the sharing of information. Under the existing public-private partnerships arrangements, information sharing generally only takes place in cases where law enforcement investigations (LEAs) are already active and during the “time lag” between victims discovering and reporting the case and a criminal investigation being launched and information being shared, stolen funds may have already moved rapidly through the banking system making interception impossible.

People sometimes ask why banks cannot do more to spot and close mule accounts. The fact is that it is very hard to spot a criminal opening a new account with the intention of using it for money laundering. Criminals go to great lengths to conceal their intentions. In some cases, they gain control of existing accounts, sometimes buying them from the holders for quite small amounts of money. It is only later, when suspicious activity emerges, that the bank spots indications that the account may be being used for fraud and money laundering. In response, banks have become better at identifying mule account networks, for example by using real-time fraud monitoring and advanced data analytics.

Banks report suspicious activity to the Police, who may launch an investigation. I am sure we all realise the Police cannot investigate everything straight away and, even where they do investigate, it takes time before they can share intelligence with banks. In the meantime, even if one account is blocked, criminals can often just move to other accounts at other banks.

What is happening in these cases is that criminals are exploiting information gaps between banks, as mule account networks often span multiple institutions. When a bank identifies a mule account network that covers other banks, it would be helpful if that bank could alert others to the risk that their accounts are being exploited for fraud and money laundering.

However, the ability of banks to share information about customers is subject to legal and contractual constraints, for very good reasons. Customer data obviously includes personal data which is, quite rightly, protected by law. And customer confidentiality is fundamental to the banking sector. When we, as consumers, sign up for financial services, we expect our banks to keep our information confidential. Banks face legal consequences if they breach those confidentiality requirements. Indeed, the HKMA as the banking supervisor puts a lot of effort into making sure banks protect customer information.

But controls on banks sharing information are meant to protect customers, not help criminals steal our money. We believe that there is a case for allowing banks to share information, subject to appropriate safeguards, for the purposes of preventing and detecting crime and related money laundering. This is part of a growing international consensus. In recent years, the United States, the United Kingdom and Singapore have introduced regimes to allow banks to share information in cases where there are indications that accounts may be exploited for crime. The Financial Action Task Force, the international anti-money laundering standard setter, has also indicated support for member jurisdictions to consider private-private information sharing, subject to local data protection regimes.

The Hong Kong Association of Banks, with the support of the HKMA and the Police, launched the Financial Intelligence Evaluation Sharing Tool (FINEST), in June last year. This is a secure electronic platform allowing the five major retail banks to share information where there are indications of criminal activity. While FINEST has only been running for about six months, information has been exchanged on cases involving investment, online shopping and romance scams. The exchange of information enabled participating banks to identify previously unknown suspicious accounts and file suspicious transaction reports to facilitate criminal investigations. However, because of legal concerns around the sharing of personal data, FINEST currently only covers corporate accounts even though the vast majority of mule accounts are believed to be held in individual names. We believe that expanding this type of sharing to cover more accounts, including individual accounts, will be crucial in the fight against financial crime, especially fraud.

We have published today a consultation document seeking views on proposals to permit Authorized Institutions (AI) – banks licensed and operating in Hong Kong – to share information and give them legal protection. Sharing will be allowed where AIs observe activity that indicates that customers, accounts or transactions may be involved in crime and need to alert other AIs to facilitate interception of illicit funds and close the information gaps between banks that criminals exploit.

This will not be a “free for all” – information sharing will be subject to a number of strict controls. The legal protection for banks will only apply to information sharing for the purposes of detecting or preventing fraud or other crime. Information will only be shared via designated platforms, including FINEST, which must be secure. And even after information is shared, AIs will be required to keep it confidential. Onward sharing will be permitted in some situations, for example where an AI receives information about illicit funds sent to it but which have already been forwarded to another AI, which the first AI needs to alert. Such onward sharing will be subject to the same confidentiality and security requirements.

Finally, the HKMA will play its part by supervising the AIs for compliance with the controls. We will also issue comprehensive guidance on the circ*mstances in which it is appropriate to share information and how AIs should comply with the various requirements on handling information.

The consultation document can be found here. It sets out the proposal, the scope of information that may be shared and the various controls and safeguards. I do hope you will take the time to read it and send us your views before the consultation period closes on 29 March 2024. We will then issue a summary of feedback we received and, depending on the responses, we will draw up necessary legal amendments for consideration by the Legislative Council.

This is a matter that concerns all of us and we endeavour to strike the right balance between two important and legitimate objectives: protecting citizens from financial crime while protecting data privacy and confidentiality.

Eddie Yue
Chief Executive
Hong Kong Monetary Authority

23 January 2024

As an expert deeply immersed in the realm of financial technology (fintech) and combating financial crime, I've dedicated years to understanding the intricate dynamics of digitalization in financial services and the corresponding rise in fraudulent activities. My expertise spans across various international financial centers, including Hong Kong, where I've closely monitored and analyzed trends in digital fraud and money laundering.

Firstly, let's address the pivotal shift towards digitalization in financial services. Over the past years, major financial hubs worldwide have aggressively embraced digitalization initiatives, aiming to enhance customer experiences and streamline processes. This transition has brought unprecedented convenience but has also opened the floodgates for sophisticated cybercriminal activities. Evidence from global reports and statistics corroborates this trend, showcasing a surge in digital fraud cases paralleling the expansion of digital financial services.

For instance, recent data from the Hong Kong Monetary Authority (HKMA) reveals a staggering increase in fraud-related banking complaints, with numbers more than doubling compared to previous years. This surge is indicative of the evolving strategies employed by criminals to exploit digital channels for deceptive practices, resulting in substantial financial losses for victims. The magnitude of the challenge is further highlighted by the alarming figures on estimated losses, underscoring the urgent need for robust measures to combat financial crime.

One prevalent tactic utilized by criminals to launder illicit proceeds involves the intricate web of mule accounts, strategically maneuvered to obfuscate the trail of illegal transactions. The process of money laundering poses a significant challenge to law enforcement agencies and financial institutions alike, necessitating swift and efficient information exchange mechanisms to disrupt criminal networks effectively.

In response to these challenges, collaborative efforts between public and private sectors have been instrumental in enhancing intelligence sharing and strengthening fraud detection capabilities. Initiatives such as the Fraud and Money Laundering Intelligence Taskforce (FMLIT) and the 24/7 stop-payment mechanism signify proactive steps taken by the HKMA, in partnership with law enforcement and banking sectors, to bolster defenses against financial crime.

Despite these commendable efforts, the persistent gap in information sharing remains a formidable obstacle in the fight against digital fraud. Existing protocols primarily facilitate information exchange during active law enforcement investigations, leaving a crucial window of vulnerability during the critical period between detecting fraud and launching criminal investigations. This delay allows criminals to exploit the systemic loopholes and swiftly launder illicit funds, undermining the efficacy of current anti-fraud measures.

Moreover, the intricacies of identifying and thwarting mule account networks pose inherent challenges for financial institutions. Criminals employ sophisticated tactics to evade detection, often gaining control of existing accounts or camouflaging their illicit activities within legitimate transactions. While advancements in real-time fraud monitoring and data analytics have enhanced detection capabilities, the sheer complexity of criminal schemes necessitates a paradigm shift in information sharing protocols.

Recognizing the imperative for a more proactive and cohesive approach, stakeholders in Hong Kong have embarked on pioneering initiatives such as the Financial Intelligence Evaluation Sharing Tool (FINEST). This secure platform facilitates information exchange among major retail banks, enabling timely identification of suspicious activities and expediting criminal investigations. However, concerns surrounding data privacy and confidentiality necessitate meticulous adherence to stringent controls and safeguards.

Moving forward, the proposed amendments to allow authorized institutions to share information represent a crucial step towards bridging the information gap and fortifying defenses against financial crime. By striking a delicate balance between crime prevention and data protection, these measures hold the potential to revolutionize the landscape of financial security in Hong Kong, safeguarding both citizens and the integrity of the financial ecosystem.

In conclusion, the evolving landscape of digital financial services necessitates a proactive and collaborative approach to combat the escalating threat of financial crime. Through relentless innovation, robust regulatory frameworks, and strategic partnerships, Hong Kong is poised to fortify its defenses and emerge as a global leader in fintech security and resilience.

Hong Kong Monetary Authority - Eddie Yue on How banks can contribute more to the fight against fraud and money laundering (2024)

References

Top Articles
Latest Posts
Article information

Author: Manual Maggio

Last Updated:

Views: 6202

Rating: 4.9 / 5 (49 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Manual Maggio

Birthday: 1998-01-20

Address: 359 Kelvin Stream, Lake Eldonview, MT 33517-1242

Phone: +577037762465

Job: Product Hospitality Supervisor

Hobby: Gardening, Web surfing, Video gaming, Amateur radio, Flag Football, Reading, Table tennis

Introduction: My name is Manual Maggio, I am a thankful, tender, adventurous, delightful, fantastic, proud, graceful person who loves writing and wants to share my knowledge and understanding with you.