译·读 l HKMA:香港在客户尽职调查方面的监管期望

9月8日，香港金融管理局公开表示，日前已向香港的本地银行发函，重申香港反洗钱反恐怖融资方面的监管原则，并提示这些机构，不应因审查可疑的洗钱和恐怖融资活动，而导致正常的企业无法使用香港的银行服务。

为了完整全面理解这份通知函的内容，特将其编译如下，以期与业内分享

De-risking and Financial Inclusion

规避风险与金融普惠

I am writing to draw your attention to concerns about financial inclusion that have arisen from recent actions of some AIs engaged in the process of “de-risking”. 

近期有部分机构在金融普惠过程中，过度地采用“规避风险”这一标准，为此，我局现致函各机构。

The progressive tightening of international standards in combating money laundering (ML) and terrorist financing (TF) in the past few years has led to extensive enhancement of AIs’ anti-money laundering and counter-terrorist financing (AML/CFT) controls, including customer due diligence (CDD) processes for existing and new customers. Apart from the local requirements, some AIs, for a variety of reasons, need to also comply with requirements or standards mandated by their head offices or overseas authorities. While it is important to ensure that AML/CFT controls are sufficiently robust and comply with all the relevant regulatory requirements, the HKMA expects AIs to adopt a risk-based approach (RBA) and refrain from adopting practices that would result in financial exclusion, particularly in respect of the need for bona fide businesses to have access to basic banking services.

过去几年，关于反洗钱反恐怖融资的国际标准日益严格，促使了各机构大力加强相关的管控措施，包括就存量及新客户进行的尽职调查程序。除恪守香港的政策规定以外，部分机构基于各种原因亦遵照其总行或海外有关当局的规定或标准。香港金融管理局重视各机构的反洗钱反恐怖融资管控措施是否足够稳健及遵守相关监管规定，但同时，也期望各机构能够采用风险为本的方法行事，避免采取会导致金融排外的处理程序，尤其应当顾及正常的企业获得基本银行服务的需求。

Guiding principles of RBA  风险为本的主要原则

An effective RBA in the implementation of AML/CFT controls means that AIs should identify, assess and understand the ML/TF risks to which they are exposed and take appropriate measures commensurate with those risks in order to mitigate them effectively. I would like to set out below the guiding principles for the implementation of the RBA in relation to CDD: -

基于风险为本这一准则有效地实施反洗钱反恐怖融资管控措施，指的是各机构应当能够识别、评估及了解自身所面对的洗钱以及恐怖融资风险，并采取与之相吻合的适当措施，以便有效地缓释风险。采用风险为本的方式进行客户尽职调查程序的主要原则如下：

Risk differentiation – The risk assessment processes should be able to differentiate the risks of individual customers within a particular segment or grouping through the application of a range of factors, including country risk, business risk, product/service risk and delivery/distribution channel risk. It is inappropriate for AIs to adopt a one-size-fits-all approach.

风险区分：通过综合考量一系列风险因素（这其中包括了国家风险、业务风险、产品或服务风险，以及交付或分销渠道风险等等方面）的方式进行风险评估，且应当根据评估结果区别对待不同的客户群，而不应采取“一刀切”的做法。

Proportionality – Based on the likely risk level of a customer, AIs should apply proportionate risk mitigating and CDD measures. It is inappropriate for AIs to impose requirements disproportionate to the risk level of the customer, as this would result in undue burden on the customer and the AI concerned.

与风险相符：各机构应当根据客户不同的风险水平实施相应的缓释风险及客户尽职调查程序。而不应当实施与该客户风险水平不符的要求，否则对客户以及各机构自身均会造成过多负担。

Not a “Zero Failure” regime – RBA does not require or expect a “zero failure” outcome. While AIs should take all reasonable measures to identify ML/TF risks at the account opening stage and, for existing customers, on an ongoing basis, it is unrealistic to expect that no ML/TF activities would ever occur through the banking system. AIs are not required to implement overly stringent CDD processes with a view to eliminating, ex-ante, all risks. Otherwise, such an approach would result in a large number of bona fide businesses and individuals not being able to open or maintain accounts. CDD is only one part of an effective AML/CFT regime. AIs are also required to implement a system that can monitor and detect suspicious transactions in order to report them to the relevant authorities and take the necessary mitigating measures, such as enhanced CDD. The HKMA’s supervisory stance is aimed at the effective implementation of AML/CFT systems by AIs and to ensure that there are no material failings in those systems, rather than aiming for nil ML/TF activities in the banking system.

非“零风险”：风险为本这一准则并非要求或期望达到“零风险”的结果。各机构固然应当采取所有合理措施，在开户时识别洗钱及恐怖融资风险，并针对存量客户持续进行此程序，但若是期望洗钱及恐怖融资活动在整个银行体系内完全绝迹却是不切实际的。各机构无需实施过严的客户尽职调查程序，试图事前杜绝所有风险，否则会令大量正常的企业及个人无法开立或维持原有账户。客户尽职调查只是有效对抗洗钱及恐怖融资风险制度的一部分；各机构户亦须实施有关制度来监测可疑交易，以便向有关当局报告，并采取所必需的风险缓释措施，例如实施更严格的客户尽职调查等。香港金融管理局的监管期望是各机构应当实施有效的反洗钱反恐怖融资制度，并确保有关制度不会出现重大的缺失，而并非以达到银行体系内绝无洗钱及恐怖融资活动为目的。

We note from cases that have been drawn to our attention that recently some AIs may have applied stringent CDD measures that are disproportionate to the likely risk level of the customers, resulting in many unsuccessful account opening applications and/or unpleasant customer experiences. Some requirements that are often quoted in the feedback conveyed to the HKMA are provided at Annex.

我局从获取到的意见中发现，部分机构近期可能采取了与客户潜在风险水平不相称的严格尽职调查程序，导致不少开户申请失败及/或客户的不快体验。附件所列便是金融管理局获取意见中某些过于严格的常见规定。

Interface with customers  与客户的沟通

In applying appropriate and effective CDD measures, AIs should be mindful not to take steps that would undermine financial inclusion. Moreover, it is also important for AIs to ensure that customers are being treated fairly, in the following aspects: -

当实施适当且有效的客户尽职调查程序时，各机构应当注意不要采取可能削弱金融普惠成效的措施。此外，各机构还须在以下方面确保公平对待客户：

Transparency – Information and documentation requirements for CDD purposes should be clearly set out and easily accessible to new and existing customers. All retail banks are required to enhance the transparency of account opening processes by uploading basic information about the relevant procedures and information and documentation requirements on their websites. AIs should explain to customers the rationale for the information requested and endeavor to assist customers in taking steps or providing alternatives that can help satisfy the CDD processes and introduce review mechanisms for unsuccessful applicants.

透明度：各机构应当清晰地列明客户尽职调查程序所需的资料及文件要求，方便存量及新客户查阅。所有零售银行均须提高开户过程的透明度，并在网站上发布开户过程及有关的资料与文件。各机构向客户解释要求提供有关资料的理由时，应当尽力协助客户采取或提供其他有助于完成客户尽职调查程序的方法，并为未能成功开户的申请者提供适当的重审机制。

Reasonableness – CDD processes and documentation requirements of AIs should be relevant and pragmatic with respect to the customers’ background and circumstances. Furthermore, AIs should not use AML/CFT as the ground for closing or rejecting an account when it is actually for other considerations.

合理性：各机构应当根据客户的背景及状况，做出相应且务实的客户尽职调查程序和文件要求。此外，各机构不应以打击洗钱或恐怖融资为名，实际上却基于其他因素关闭或拒开账户。

Efficiency – AIs should have appropriate arrangements in place to facilitate customers’ initiation of the account opening process. AIs are encouraged to introduce online applications if practicable. AIs should also maintain adequate communication with customers throughout the account opening process by, for example, providing interim updates about the progress of their applications (such as whether any documents remain outstanding), timely feedback of the results of their applications, and where an application is rejected, the reason for rejection as appropriate.

效率：各机构应当有适当的安排，以便与客户进行银行帐户的开立申请。本局鼓励各机构在切实可行的情况下设立网上申请渠道。各机构也应当在整个开户过程期间与客户始终保持足够的沟通。例如，通知客户有关申请进度（是否尚欠缺某些文件）、适时告知其申请结果，以及当开户申请被拒绝时，根据适当的情况及时地向客户解释拒绝开户的理由。

Actions to be taken  应采取的行动

AIs’ senior management should review their existing processes and practices to ensure that they are consistent with the principles outlined above. Where there are inconsistencies, the HKMA should be informed of the plans and timeline by which remediation measures will be taken. Where any requirements or standards mandated by an AI’s head office or overseas authority might conflict with the application of these principles, these should be reported to the HKMA with a view to resolving the issue. AIs should also provide adequate training to their front line staff to ensure clear understanding and consistent implementation.

各机构高级管理层应审视现有政策及操作流程，以确保符合上述原则；若有不符之处，则应当通知金融管理局有关纠正措施的计划及时间表。若各机构的总行或海外有关当局所指定的规定或标准与上述原则有所矛盾，那么，则应当向金融管理局报告，以期妥善解决。各机构亦应为前线员工提供必要的培训，使得其清晰理解与掌握以及贯彻执行。

This circular should also be brought to the attention of the board of directors in the case of a locally incorporated AI and the head of the regional/head office in charge of the governance and compliance functions in the case of a non-locally incorporated AI. The boards of locally incorporated AIs and senior management of regional/head offices of branches of foreign banks in Hong Kong should take a proactive role in ensuring that CDD processes comply with the principles of RBA and customer interface requirements as elucidated in this circular.

本函应当提交告知贵机构董事会（若为本港注册）及区域总部或总行的管理与合规部门主管（若为非本港注册）。本港注册机构的董事会以及香港境外银行分行的区域总部或总行高级管理层应当采取积极主动的措施，以确保客户尽职调查程序符合本函所载的风险为本原则及与客户沟通方面的规定。

The HKMA will work with the banking industry on how identification of ML/TF risks and the implementation of AML/CFT requirements can be made more consistent and effective so as to lessen the side effects of de-risking. We are also working with the industry association and international standard setting bodies to reduce some of the burden associated with compliance with AML/CFT requirements through innovation and technology, including but not limited to the use of know-your-customer utilities.

香港金融管理局将会继续与银行业商讨如何识别洗钱及恐怖融资风险，并落实打击洗钱及恐怖融资等金融犯罪更为一致的有效措施，从而减少“规避风险”过程中产生的副作用。本局亦会与业界公会及制定标准的国际组织合作，通过创新科技降低因遵守反洗钱反恐怖融资规定所涉及的负担，其中包括但不限于利用“专业信息机构”提供的平台协助完成客户尽职调查程序。

Enquiries on this circular may be addressed to Mr Stewart McGlynn (smcglynn@hkma.gov.hk) (on implementation of RBA) and Ms Sarah Kwok (sarah_sn_kwok@hkma.gov.hk) (on customer interface requirements) respectively.

有关本函的咨询，请联络麦敬德先生(smcglynn@hkma.gov.hk)(有关风险本文的方法)或郭士雅女士(sarah_sn_kwok@hkma.gov.hk)(有关客户沟通方面的规定)

Yours faithfully, 

Norman Chan 

Chief Executive

总裁

陈德霖

2016年9月8日

Annex  附件

CDD requirements applied by AIs often quoted in the feedback conveyed to the HKMA that are disproportionate to the likely risk level of the customers include: -

1）requiring all directors and beneficial owners of an overseas corporate to be present at account opening; 

2）mandating that all documents of an overseas corporate are certified by a certifier in Hong Kong; 

3）requesting a start-up to provide the same degree of detail on its track record, business plan and revenue projections as a long-established company; 

4）expecting a Hong Kong business registration certificate for all applicants or evidence of a Hong Kong office for all overseas corporates, irrespective of business model or mode of operation; 

5）requiring voluminous or very detailed information on source of wealth sometimes going back decades irrespective of the risks presented by the relationship or type of service offered (e.g. MPF account, basic banking services with small balances) which is difficult or impossible for the customer to provide; and 

6）rejecting account opening based on unreasonably high benchmarks such as expected or actual sales turnover.

在金融管理局获取到的意見中，实施与客户潜在风险水平不符的尽职调查程序有一些案例，包括：

1）要求境外机构的所有董事及实益所有人于开户时在场；

2）规定境外机构的所有文件都应在香港完成见证； 

3）要求初创机构提供于建立已久的公司相同详细程度的业绩、业务计划及预计收入； 

4）要求所有申请人，无论企业经营或运作模式，都须具有香港商业登记证，或所有境外机构均须提供香港办事处证明； 

5）不考虑有关的业务关系或服务类别 (例如强制性公积金计划账户、小额账户的基本银行服务)涉及的不同风险，却一律要求就资金来源提供大量或极详细的资料作证，往往涉及过去数十年时间，而客户实际上难以甚至无法提供这些资料；及

6）基于一些不合理的标准(例如预期或实际营业额)而拒绝为客户开立账户。