The SFC’s New Approach to Remote Onboarding

At the end of June, the Securities and Futures Commission (SFC) – the independent statutory body set up in 1989 to regulate Hong Kong’s securities and futures markets – introduced a new approach to online onboarding of overseas individual clients, which officially came into force on July 5th, 2019.

The new circular (which you can read in full here) was introduced to address the higher risk of impersonation that naturally occurs in remote client onboarding. As stated in the introduction, “when clients are not physically present for identification purposes, intermediaries will generally not be able to determine that identity documents belong to the client they are dealing with”.

Although fully aware of the array of risks connected to remote onboarding, the new approach aims to introduce a regulated, secure and responsible use of regulatory technology.

Most Important Changes

The new approach requires intermediaries to complete all the following steps in order to verify the identity of an overseas individual client:

1. Identity document authentication

This step requires compliance teams to:

• Access the embedded data in the client’s official ID Document or obtain an electronic copy of the relevant sections of the ID Document (including a high-quality photograph of the client);
• Use appropriate and effective processes and technologies to authenticate the client’s ID Document;
• If account opening procedures are carried out by a third party, obtain prior consent and authorisation from the client and proper protection measures should be put in place to ensure the security and confidentiality of their personal information.

2. Identity verification

To verify a client’s identity, intermediaries are required to:

• Use effective processes and technologies to obtain the client’s biometric data and match it with the authenticated data in the client’s ID Document (or other reliable and independent sources to verify the client’s identity);
• Implement safeguards such as data encryption to protect the client’s biometric data and the integrity of the identity verification process from any potential attacks.

3. Execution of client agreements

Electronic signatures should be used to sign a client agreement.

4. Designated overseas bank accounts

For a remote onboarding procedure to be accepted by the SFC, it is fundamental to:

• Successfully transfer to the intermediary’s bank account an initial deposit of not less than $10,000  from a bank account in the client’s name maintained with a bank which is supervised by a banking regulator in an eligible jurisdiction (Designated Overseas Bank Account);
• Conduct all future deposits and withdrawals for the client’s investment account only through a Designated Overseas Bank Account.

5.   Record keeping

It is essential that compliance teams maintain proper records of the account opening process of each client in a readily accessible way for audit purposes.

6.    Training

Staff should receive adequate training and possess the relevant skills to perform and oversee the online onboarding procedures.

7.    Assessment

Teams should conduct a comprehensive assessment of the adopted processes and technologies prior to implementation, and ensure that such assessments are performed at least once a year thereafter (the SFC generally expects the pre-implementation assessment to be performed by independent assessors).

As a minimum requirement, the assessment and reviews should cover whether the adopted processes and technologies are appropriate and effective to establish the true identities of clients; whether ongoing monitoring and review processes have been appropriately and effectively implemented; whether the adopted processes and technologies have been properly implemented and tested with satisfactory results; and whether all the requirements set out in the new approach have been properly followed. Each review should be accompanied by a detailed assessment report to be submitted to the relevant regulator upon request.

Additionally, the circular highlights how “senior management of intermediaries, including Managers-In-Charge, bear the primary responsibility of ensuring that proper processes and technologies are implemented to verify clients’ identities”. This focus on individuals’ responsibilities of ensuring on-going compliance within their organisation appears very much in line with recent global trends. As personal accountability increases, so does the overall importance of maintaining fully compliant business procedures.

How Know Your Customer can help

Know Your Customer’s range of end-to-end onboarding solutions helps intermediaries meet the new compliance requirements while benefitting from the agile, effective and scalable nature of remote onboarding procedures.

In particular, Know Your Customer’s solutions feature:

1. Military-grade authentication for government issued documents in 180+ jurisdictions;

2. Advanced facial recognition capabilities;

3. E-signatures for the creation of enforceable contracts with strong protection against impersonation;

4. Automated and immutable audit trail functionality for evidence of on-going regulatory compliance;

5. A vast range of reporting tools, including a sophisticated business intelligence tool with the ability to generate regulatory reports on demand and in real time.

If you’d like to discover more about our end-to-end compliance platform, please contact us today.