Hong Kong: Universal Banking Soldier

The Money Laundering Compliance Officer in the spotlight.
Last Updated: 29 April 2003
Article by Peter Gallo

Part 1. The Financial Battle Lines

The designation of an appropriate person to be the Money Laundering Compliance Officer (MLCO) in a financial institution is not an altogether new legal requirement, but one that has come under increased focus as Money Laundering and Terrorist Financing assume a new importance.

The reporting element of the MLCO’s role is to receive reports from members of staff of their knowledge or suspicions of money laundering, and, unless he decides that it is not, in fact, suspicious, his responsibility is to pass that information to the relevant authority.

When this post was created, different institutions made the appointment according to different criteria, dependent on such internal variables as their internal understanding of a suitable individual profile or competencies, the availability of suitable staff, and their interpretation of whose bailiwick the work fell in. In terms of the latter, some large organisations took the view that it was related to fraud, and consequently it fell to whoever would be responsible for investigation work, wherever that might be. Others allocated it straight to the security function, others to internal audit departments or to the legal or compliance function. In most cases the positioning decision would have been made, or at least strongly influenced, by pre-existing departmental responsibilities. Whatever else may have happened, it is rare to find an example of an entirely new department being created or where the duties of the function were allocated to someone not already busy with other primary responsibilities.

There were no hard and fast rules for how the MLCO had to be selected, and the profile of the person selected was often a reflection of the times and the actual values of the corporate culture.

There was certainly no prohibition against the designated person having any number of other responsibilities, many of which might have had little relevance to the prevention of money laundering.

The position can therefore be found in various functional departments in different organizations, and there is unlikely to be one definitive correct answer as to where it ‘belongs.’. The question is not so much where it should be in terms of left to right on the Organization Chart, as much as it one of top to bottom.

It was, however, originally established as a compliance responsibility; and that meant compliance with the regulations and guidelines as issued by the governing regulatory authorities. There is little to suggest that any thought was ever given to this role having a contribution to make at a strategic level.

Unfortunately, as later events in the UK were to demonstrate, the administrative and reactive nature of the compliance culture proved to be one of its weaknesses. The role of the MLCO was consigned to too junior a level in many organisations, and because the regulatory authorities had their focus elsewhere and did not insist otherwise, in many cases the issue was allowed to slip lower and lower down management’s scale of priorities. There were few prosecutions and little incentive for the matter to be considered at a more senior level. Corporate policy was just to comply, passively, with anything the regulators required.

That, unfortunately, was one of the contributing factors that led to the embarrassment of the Abacha scandal. It is probable that no one really knows for sure exactly how much money Sani Abacha looted from his impoverished country, we only know what was later traced and returned, and that was a lot.

Between them, no fewer than 23 otherwise highly respectable financial institutions in London were found to have handled over US$1.3 Billion connected to Abacha, his family and close associates in Nigeria. If we assume that the money was evenly distributed among those institutions, they would still have handled over US$50 Million each.

Faced with business on this scale, the sad fact is that the institutions involved showed either a naivety that makes a complete mockery of their education or a complete disregard for their legal and moral responsibilities. The Financial Services Authority, although critical of the banks involved, was muted in its condemnation. 15 of the 23 banks were told their anti-money laundering measures were inadequate, so we assume that the remainder did have adequate policies and procedures in place, they just failed to implement them.

The scandal was not so much that it happened, but that the funds were so obviously connected to the President of Nigeria, a notoriously corrupt country where half the population live in abject poverty. Abacha was a military ruler, so without even enquiring as to salary levels in the Nigerian armed forces, the question has to be asked; where did these banks think the money was from?

Did they just assume his wife ran a successful legal practice? Generating over US$50 Million? Perhaps she augmented her income by taking in laundry, or selling cosmetics door to door.

The sad implication remains that the levels of "due diligence" performed was simply inexcusable, replaced by negligence, greed and wilful blindness.

The world has woken up to the question and now wonders why, when the leaders of these African countries have such enormous personal wealth, charities have to raise money for famine relief in their countries. As the legal environment evolves, future Abachas may find the financial community more apprehensive about accepting their wealth.

Smarting from the embarrassment of that case, one of the changes introduced by the newly inaugurated FSA in London was to examine the role of the MLCO. One significant finding was that, all too often, the role was being filled by someone too junior; so one of the most significant changes the FSA introduced was the rule that the person appointed to be the designated compliance officer must be a senior executive who is of sufficient maturity and independence to carry out the role. Additionally, their appointment must be approved by the FSA.

Corporate politics being what they are, it would be naïve to expect that this will insulate and protect the MLCO from operational and business pressures, but the rule was introduced so that senior management cannot abdicate their responsibilities in this area.

There are different aspects to the role. In addition to having a designated compliance officer, an anti-money laundering programme must include policies and procedures at both the prevention and the discovery stages, as well as a staff training programme. In some institutions, the role is largely restricted to the reporting function. The account opening due diligence procedures are left entirely to the marketing or operations staff, with little practical consideration of the money laundering implications, and similarly, the training function is often not considered a compliance responsibility either.

The problem is that no matter how well qualified, how senior and how diligent the MLCO might be, it is patently unreasonable to expect any one individual to keep an entire financial institution free from involvement in money laundering scandals. This would not even be possible with a large compliance department behind him. There are simply never going to be enough compliance personnel to be everywhere at once, looking over the shoulder of every other employee in the organization, policing every transaction.

The only way to build effective defences to keep money laundering out of the organization is for every member of staff, from the lowliest trainee clerk up to the Boardroom, to be alert in conducting their due diligence procedures in the first place, and to be vigilant in handling business on a daily basis. The MLCO cannot do this alone, nor can it be left to the compliance department. There is a need for Policies and Procedures that strike a balance between protecting the institution from exploitation by criminal elements yet do not undeservedly impede the flow of business, and it is of paramount importance that all staff are properly trained to be alert for signs of possibly suspicious transactions.

One of the MLCO’s most important management functions, therefore, should be to act as a catalyst for change in the organization, protecting the institution by raising the general awareness of the threat and fostering an environment where anyone intent on laundering the proceeds of crime is simply deterred and denied access.

The problem remains that some senior management appear to be living in the past, and cling to the old concept that anti-money laundering is just one more minor burden to be shouldered; not unlike the obligation to provide handicapped parking, a smoke-free workplace, RSI breaks or any number of other bureaucratic procedures that must be complied with. In many cases, the implications have not sunk home – that preventing money laundering is now a pre-requisite for staying in business, and the role of the MLCO must evolve with the times.

There is a widespread belief among senior staff throughout the finance industry that they have "enough" compliance already, and although there may be a perfectly understandable reluctance to allocate resources to something that is a cost-centre not a profit-centre, they forget that the price of liberty went up on 11 September 2001.

Although this was certainly not the only factor, it was certainly the most dramatic, and the most public signal that money laundering is being forced higher up the corporate agenda. The drive to identify and freeze terrorist financing may have been the spark that brought about the PATRIOT Act, but the greater effect of the fire will be felt against financial crime and the conventional use and abuse of the international financial system for money laundering.

The effect, not only of the PATRIOT Act, but of the EU Second Directive, the Proceeds of Crime Act and the new unitary regulatory environment under the FSA in the UK, and various other factors that have focused international attention on money laundering, has been to push an increasing burden on to the private sector.

Investigating money laundering is no longer something that can be dismissed as the responsibility of the police. In this brave new world it is the private sector, the financial institutions themselves who are being forced to assume responsibility for their own protection. The previous model was that compliance was a passive issue; the obligation was just that – compliance - meaning to do what we are told by the regulatory authority. The reality, however, is that it has evolved from a passive compliance role to a proactive preventative role; and the MLCO has been pushed forward to stand in the front rank; facing an enemy that is the proceeds of every crime ever motivated by financial gain.

Part 2: Fighting The New Fight

The battle lines drawn, with the gnawing realization that the consequences of losing even one battle might prove terminal, the MLCO’s orders are simple; he has to protect and defend against the infiltration of a subversive threat.

There is widespread consensus that money laundering is a terrible blight on the international finance industry and that terrorist financing is a scourge to be eradicated, and in the current climate, it would be a foolhardy man who said otherwise. Talk, of course, is cheap. The real question is how seriously committed the financial industry really is, and whether or not anyone is prepared to show their commitment to the battle by actually committing resources to it.

It would be helpful, of course, if we knew what the enemy looked like. The problem, unfortunately, is that it is a compulsive and dynamic shape-shifter that could be disguised in any ostensibly legitimate account or transaction. Money Launderers cannot and should not be thought of as stereotypes; they come in all shapes and sizes, of every creed and colour, from every walk of life. At the higher and most profitable levels of criminal endeavour, where sophisticated schemes will be utilised, sophisticated and highly educated professionals will invariably be involved. The traditional tick-the-box clerical approach, therefore, may leave gaps in the barbed wire wide enough to march an entire Colombian drug cartel through in parade order to the accompaniment of a Mariachi band.

All organizations depend on rules, of course, and it is one of the most important Compliance functions to assess the risks pertaining to different activities, and to devise and implement operating procedures so that staff understand their responsibilities and remain alert to potentially suspicious behaviour. Those rules and regulations are fundamentally important, and they provide the foundation on which the MLCO can do his job.

From the criminal law perspective, the MLCO’s primary concern must be the company’s system for receiving reports of suspicious transactions, and, where necessary, passing that information on to the relevant law enforcement agency.

The amount of work involved in that effort, of course, is connected with the number of suspicious transaction reports generated by staff, and that is dependent on the nature of the bank’s business. Staff training also has a bearing on the diligence with which transactions are scrutinised and staff’s sensitivity to the risk, thus impacting on the number of reports generated.

The paradox, unfortunately, is that the more successful the MLCO is in training staff, the more time will be consumed with Suspicious Transactions Reports (STRs) and hence the less time will be available for him to engage in any other investigation work. These reports will always take priority.

Accordingly, one suggestion is that in addition to the compliance staff engaged to handle STRs, large financial institutions should appoint an additional team of proactive investigators, unburdened with STR duties, specifically to investigate, in depth, potentially suspicious activity within the customer base. This simple but innovative suggestion probably represents the most effective model available to an institution serious about weeding out criminal funds, and defending itself from the associated litigation.

The analogy is that rather than just employing a guard dog, it is also becoming necessary to have a bloodhound, to ‘sniff out’ potentially suspicious activity before the guard dog has seen the intruder or even knows to bark. The role of such an investigation unit would essentially be to supplement the more reactive efforts of their colleagues whose primary concern is the legal duty relating to STRs from staff. The investigation role would be a proactive one, to try to stay one step ahead of whatever money laundering strategies might be encountered, and to look for suspicious activity where it has not yet been identified or reported. This will generate valuable corporate intelligence for the senior Compliance Officer so that the institution might pre-empt any problems by initiating action early.

In smaller or lower risk operations, one person might be able to cover both these roles, but larger and more departmentally structured institutions might consider creating a new position, thus strengthening their existing structure to reflect the increased risk. Whether these two functions should be split will be dependent on a number of factors, not least of which are the size of the operation and the compliance resources available. However it is structured, the underlying principle is that the primarily ‘reactive’ compliance environment must evolve into a more proactive one. That being the case, the skills required in the position are also changing.

The priority is no longer simply to comply with the regulations and guidelines as issued by the governing regulatory authorities, but to take the initiative and identify problems before they arise. That takes the "Know Your Customer" ethic to a new level, and entails a degree of familiarization that might even be considered intrusive, particularly as it is so closely affiliated with the erosion of the traditional concepts of banking secrecy and the right to privacy.

Sincerity is always subject to proof, and information that customers may share about their background and the source of their wealth may not always be totally reliable. It therefore becomes necessary, in certain cases, to conduct discreet enquiries to determine if the institution should have grounds for concern. This cannot be done in every case, but it has become a requirement in the case of individuals or accounts deemed to be high risk.

Many management traditionalists might be inclined to keep such a new activity hidden so as not to risk upsetting sensitive customers. The contrary view, however, would be to give it a very high profile, making the presence of such a department widely known. Cynical as though it may be, one of the advantages of doing is not simply to identify evidence of crime, but to satisfy the regulatory authority! The importance of been seen to be doing all that is reasonably possible to defend against money laundering cannot be under-estimated, not just in order to keep the regulators at bay but to establish a defence for the inevitability of the legal challenge.

Reference was made above to how the anti-money laundering function can be found in different institutions departments of different institutions; ranging from Security to Internal Audit to Legal, but when recruiting for the position from external candidates, many institutions naturally looked to the ranks of ex-policemen.

The rationale for such appointments was usually related to the candidate’s knowledge of who the local criminal fraternity actually were, and their personal relationships with former colleagues still on the Force. In reality, however, these attributes come with a relatively short shelf life, and life in the private sector often calls for a different set of investigative skills, where the lack of executive authority entails more emphasis on analysis rather than criminal investigation skills, or interviewing technique. More important than an encyclopaedic knowledge of the local villains is an understanding of the dynamic nature of the money laundering risk, with the ability to analyze financial products for their potential vulnerabilities.

It is a rare banker whose career has been built on seeing vulnerability as quickly as others see opportunity. Where such individuals have the mental dexterity to assemble a multi-dimensional jigsaw pieces in his head, it should be rarer still, we hope, that one would have the thought processes, not so much of a Sherlock Holmes as that of his arch-rival, the criminal Professor Moriarty.

Unfortunately for the HR Department, these rare animals are now needed.

In addition to these qualifications, the greater challenge is in the implementation of counter-measures, and advising on anti-money laundering measures which are effective, but do not interfere with the primary role of the organisation, which is to do business and make money.

The problem with the anti-money laundering function in any financial institution, unfortunately, is that it is counter-profitable if not actually counter-productive. In an expansion-minded organisation whose stock-in trade is money, the movement of money and finding profitable investments for money, the corporate culture has to promote business expansion and the accumulation of more money to manage.

Against that, the anti-money laundering effort demands that somebody stand in the face of this, and, in the worst case, draw a line in the sand and forbid certain transactions. This calls for one of two things, therefore, either such seniority that he can neither be easily intimidated nor over-ruled in a confrontation, or considerable strength of character, with the moral fibre and thick-skinned tenacity of an alligator who would rather be right than President.

Much of the job should involve being a strategic advisor to senior management, nurturing and shaping the operations of the organisation, and steering them away from potential problem areas. However, when push comes to shove, although the Chief Executive should have enough savvy and faith not to get into such a drama in the first place, when the MLCO squares off against him in a Mexican Stand-off, with guns drawn at twenty paces; the Compliance Officer’s job is to protect the institution, from itself if necessary - he cannot be the one to flinch.

In almost any other situations, this would be absolute and certain career suicide. Even to contemplate the prospect might be signs of certifiable madness, but there is method in this particular strain of madness. The reporting element of the MLCO’s role involves receiving reports from staff and passing that information on in the form of a Suspicious Transaction Report. Of course, if the staff’s concerns are deemed to be unfounded, no further action is necessary, but if it transpires that the activity was, indeed, related to the proceeds of crime, but that no report was made to the authorities - either through error or negligence - the liability for the oversight rests on the shoulders on the MLCO. ‘Failing to report’ is a criminal offence. In Hong Kong it is punishable with a HK$500,000 fine and a three month prison sentence.

Moreover, in the UK, in addition to the ultimate threat of criminal prosecution, failure to perform these duties adequately can now lead to disciplinary procedures and personal fines being imposed by the FSA.

Admittedly, convictions for ‘failing to report’ may be notoriously difficult to obtain, but law enforcement authorities are only too well aware of two simple facts. The first is that they cannot investigate or prosecute serious criminal conspiracies or complex financial crimes without the support and co-operation of the financial community. The second is that unless and until senior executives and board members of major financial institutions appreciate the gravity of this obligation, and the real risk that they themselves might face a stiff sentence on money laundering charges, there is little incentive for real change.

Without such a threat over them, the financial community can be relied upon to resist each and every meaningful increase in their compliance duties.

In all wars, much depends on the vigilance of the soldier on sentry duty. The war against Money Laundering and Terrorist Financing is no different, but the sentry is no longer the man in uniform, armed with a rifle and bayonet, the role has been passed to every member of staff who is involved with a financial institutions customers and their business. It is a collective responsibility.

Staff must be trained to be mindful of the risk and they must be encouraged to report any suspicions they may have, because a policy of "Don’t ask, don’t tell" is a recipe for certain disaster for senior management and for the institutions itself.

The MLCO himself has an ‘HQ job.’ He does not interact with customers in the normal course of business so it is unlikely that he will be the one in the front line position who first flags a potentially suspicious transaction. He will, however, be the one person standing in front of the Chief Executive if the institution fails in its responsibilities in this area and the Firing Squad is assembled. His incentive should be to make sure that that day never comes.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Related Topics
Related Articles
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Registration (you must scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions