Principles and practice of insurance examination (2)

The 'fit and proper' criteria include:

• Ongoing assessment of the individual or entity's suitability to carry on regulated activities.
• For sole proprietorships, the individual must ultimately own or control the regulated activities.
• For partnerships, individuals must control at least 15% of capital or profits, voting rights, or management.
• For companies, individuals must own or control at least 15% of issued share capital, voting rights, or management.

The major conditions include:

1. The applicant can be a sole proprietor, partnership, or company.
2. The applicant and its directors must be fit and proper persons.
3. The controller, if any, must also be fit and proper.
4. The applicant must be appointed as an agent by at least one authorized insurer.
5. The applicant must not hold or apply for other specific licenses (individual insurance agent, insurance broker, etc.).

The requirements include:

1. The individual must be a fit and proper person to carry on regulated activities.
2. The applicant must be appointed as an agent by at least one authorized insurer.
3. The applicant must not hold or apply for other specific licenses (insurance agency, technical representative (agent), or technical representative (broker)).

The conditions include:

1. The individual applicant must be a fit and proper person to carry on regulated activities.
2. The applicant must be appointed as an agent by a holder of or an applicant for an insurance agency license.

The company applicant and its director(s) must be fit and proper persons to carry on regulated activities in the lines of business concerned. Additionally, the controller, if any, must also be a fit and proper person associated with these activities.

The Guidance aims to assist the insurance industry in complying with the relevant requirements of the Ordinance regarding the collection, storage, use, and security of customers' personal data, as well as handling customers' data access requests.

The individual applicant must be a fit and proper person to carry on regulated activities in the lines of business concerned and must be appointed as an agent by at least one licensed insurance broker company or by an applicant for an insurance broker company licence.

The key considerations include:

1. Education or other qualifications or experience
2. Ability to carry on a regulated activity competently, honestly, and fairly
3. Reputation, character, reliability, and integrity
4. Financial status or solvency
5. Any disciplinary action taken against the person by relevant authorities.

The responsible officer must be a licensed technical representative (agent) or (broker), or an applicant for such a licence. They must be fit and proper to discharge responsibilities, have sufficient authority, and be provided with adequate resources and support.

The IA considers any information it possesses that relates to:

• Another company in the group
• A controller or director of the person or another company in the group
• The state of affairs of any other business the person carries on or proposes to carry on.

The 'fit and proper' requirement is ongoing and applies to:

1. Any applicant for an insurance intermediary licence of any type
2. Renewal of such licence
3. Controllers, partners, directors, and responsible officers of the applicant.

The Criteria for Individuals include:

• Matters relevant to the individual's fitness and properness
• Differences in detail depending on whether the individual is an applicant for a licence or a current licensee, or a proposed responsible officer or current responsible officer.

Non-compliance will be taken into account by the IA in considering whether the licensed insurance intermediary is a fit and proper person.

The guideline outlines the criteria and matters the IA will consider in determining whether a person is fit and proper, but it does not constitute legal advice or have the force of law.

The criteria include:

1. Education or qualifications:
   • Level 2 or above in 5 subjects in HKDSE, including Chinese or English Language and Mathematics.
   • Grade E or above in 5 subjects in HKCEE, including Chinese or English Language and Mathematics.
   • Diploma Yi Jin.
   • International Baccalaureate Diploma.
   • A diploma from a recognized higher education institution in Hong Kong.
   • An insurance qualification specified by the IA.
   • Any other equivalent qualification considered acceptable by the IA.

A proposed responsible officer is expected to have:

1. A bachelor degree from a recognized university or tertiary educational institution.
2. An insurance qualification specified by the IA, published on the IA's website.

A proposed responsible officer should possess a minimum of 5 years' experience in the insurance industry, including at least 2 years of management experience.

The IA considers any other qualification to be equivalent to or higher than the specified qualifications set out in the guidelines. Additionally, applicants must have attained specified education or professional qualifications and passed relevant papers, such as the Insurance Intermediaries Qualifying Examinations (IIQE).

A 'specified person' includes:

1. An Individual Agent registered with the IARB
2. A Technical Representative registered with the IARB
3. A Responsible Officer registered with the IARB
4. A Technical Representative registered with the CIB or PIBA
5. A Chief Executive registered with the CIB or PIBA

The transitional period is 3 years beginning from September 2019, during which specified persons can apply for the license and be exempted from certain education or professional qualifications.

An individual's IIQE results may lapse upon cessation of or non-engagement in insurance practice for two or more consecutive years, unless they possess a specified insurance, actuarial, or professional qualification that grants them an exemption.

A proposed responsible officer is exempt if they were:

1. A Responsible Officer registered with the IARB before 23 September 2019.
2. An individual agent or technical representative registered with the IARB before 23 September 2019 with a minimum of 15 years' experience in insurance-related work in Hong Kong on 23 September 2019.

The criteria include:

1. Responsibilities that may create a conflict of interest.
2. Mental capacity, including any court findings of mental incapacity.
3. Evidence of incompetence or negligence, such as dismissal for misconduct.
4. Compliance with continuing professional development (CPD) requirements as per the IA's guidelines.

The factors include:

• Compliance with requirements related to regulated activities.
• Any history of unwillingness to comply with such requirements.

An individual found guilty of fraud, dishonesty, or misfeasance by a court or competent authority may be disqualified from holding positions such as a director of a company, impacting their fit and proper status.

A criminal conviction or unresolved criminal charges relevant to fitness and properness can lead to a negative assessment of an individual's suitability to operate in the insurance industry.

Actions such as being censured by a regulatory body, being dismissed for misconduct, or being involved in bankruptcy proceedings can lead to an individual being deemed unfit for insurance intermediary roles.

The assessment includes whether the individual has entered into a voluntary arrangement with creditors, been adjudicated bankrupt, or failed to satisfy any court judgment debt.

Being a controller or director of a non-compliant business entity can negatively impact an individual's fit and proper status, especially if it involves neglect or misconduct.

An individual licensee must be a Hong Kong permanent resident or hold an appropriate immigration visa or permit that does not restrict them from carrying on regulated activities in Hong Kong.

A responsible officer must possess:

1. Appropriate qualifications and experience as outlined in the relevant criteria.
2. Sufficient authority to discharge responsibilities as per the Insurance Ordinance (IO) and related regulations.
3. Sufficient resources and support to fulfill their responsibilities.
   The IA will assess the sufficiency of authority based on the organizational structure, management responsibilities, and seniority within the licensed insurance agency or broker company.

Responsible officers are required to:

• Supervise the carrying on of regulated activities.
• Ensure proper controls and procedures are in place for compliance with the IO and other regulatory requirements.
• The business entity should appoint at least one responsible officer, with more expected based on the scale of business and nature of services offered.

The IA considers:

• The eligibility of the proposed responsible officer(s) to carry on regulated activities in the relevant line of business.
• The scale of business, nature of insurance services and products, and the number of licensed technical representatives (agents or brokers) within the business entity.

If the business entity is part of a group of companies, it must provide information relating to:

• The group companies and their directors and controllers.
• The nature and state of affairs of any business it carries on or proposes to carry on that is not related to regulated activities.

The key components of corporate governance include:

1. An adequate organizational structure with clear lines of responsibilities and authority.
2. Supervisors of regulated activities possessing appropriate knowledge, skills, and experience.
3. A feasible business strategy that outlines insurance products, services, target market clientele, and sources of business.

A business entity should have:

1. Adequate and effective policies, procedures, and controls for compliance with laws and regulations.
2. Identification of key risks and development of strategies to mitigate those risks.
3. Effective internal controls to protect the interests of policyholders if engaged in non-insurance business.
4. Policies for recruitment, training, and supervision of staff to ensure they are fit and proper for the business.

Factors considered include:

1. Compliance with requirements for regulated activities.
2. Any refusals or restrictions from carrying on trade by regulatory bodies.
3. Censures or public criticisms by professional bodies.
4. Ongoing investigations or disciplinary actions by regulatory authorities.
5. Past involvement of controllers or directors in businesses that faced financial difficulties or ceased trading.

If a business entity has been a controller, director, or partner and failed to comply with legal requirements, it may face scrutiny regarding its fitness and properness. This includes potential convictions for criminal offenses or being adjudicated civilly liable for fraud or misconduct.

Relevant indicators for assessing a business entity's solvency include:

1. Subject to receivership, administration, liquidation, or similar proceedings.
2. Entered into a scheme of arrangement with creditors or failed to satisfy judgment debts.
3. Sufficient resources for compliance with financial requirements (capital, assets, liquidity).

A licensed insurance broker company must comply with the following requirements:

• Capital and net assets requirements.
• Professional indemnity insurance.
• Keeping separate client accounts.
• Maintaining proper books and accounts as per the Insurance Ordinance (IO).

A person can be appointed as a responsible officer of more than one licensed insurance broker company if:

1. The companies belong to the same group of companies.
2. They have common shareholders.
3. There is any other justification acceptable to the Insurance Authority.

The IA can make rules requiring licensed insurance intermediaries to conduct business in a specified manner, prescribe qualifications, experience, and training for them, and publish codes or guidelines for guidance related to its functions. Non-compliance with these codes and guidelines does not lead to judicial proceedings.

A licensed person may be appointed by a maximum of 4 authorized insurers, with no more than 2 being insurers authorized to carry on long term business.

Rule 4 states that:

1. A licensed person is appointed by 1 insurer authorized to carry on general business if appointed as its agent for general business only.
2. A licensed person is appointed by 1 insurer authorized to carry on long term business if appointed as its agent for long term business only.
3. A licensed person is appointed by 1 insurer for general business and 1 for long term business if appointed as an agent for both types of business.

Rule 5 outlines that:

1. When a licensed person is appointed by multiple authorized insurers in the same group, the counting of authorized insurers for Rule 3 is affected.
2. If all appointments are limited to either general or long term business, the licensed person is considered appointed by 1 insurer for that line of business.
3. If appointments are not limited to one type of business, the licensed person is considered appointed by 1 insurer for general business and 1 for long term business.

The IA can appoint inspectors to conduct inspections to ascertain compliance with the Insurance Ordinance (IO) and may direct employees or other persons to investigate suspected contraventions or fraud. Inspectors and investigators can require verification of answers and explanations through statutory declarations. If a person fails to comply with their requirements, the IA can apply to the Court of First Instance for compliance and punishment for contempt of court.

Misconduct is defined as:

1. A contravention of a provision of the IO.
2. A contravention of a term or condition of a licence granted under the IO.
3. A contravention of any other condition imposed under the IO.
4. An act or omission in regulated activities that is prejudicial to policyholders' interests or public interest, in the IA's opinion.

The IA may consider a person as not fit and proper based on:

• The person's present or past conduct.
• If the person is a responsible officer or involved in management, and the insurance agency or broker company is guilty of misconduct due to their consent, connivance, or neglect.

An individual or partner may have their license revoked or suspended if:

1. They enter into a voluntary arrangement with creditors or have a bankruptcy order made against them under the Bankruptcy Ordinance (Cap. 6).
2. They are convicted of an offence that impugns their fitness and properness to remain licensed.
3. They are found by a court to be mentally incapacitated or detained in a mental hospital under the Mental Health Ordinance (Cap. 136).

A licensed insurance intermediary that is a company may have its license revoked or suspended if:

1. A receiver or manager of the property or business is appointed.
2. It enters into a scheme of arrangement with its creditors.
3. It goes into liquidation.
4. Any director is convicted of an offence that impugns the fitness and properness to remain licensed.
5. Any director is found by a court to be mentally incapacitated or detained in a mental hospital under the Mental Health Ordinance (Cap. 136).

If a responsible officer of a licensed insurance agency is convicted of an offence, the Insurance Authority (IA) may:

1. Revoke or suspend the person's approval as a responsible officer for a period determined by the IA.
2. Prohibit the person from applying to be licensed or being appointed as a responsible officer for a period determined by the IA.
3. Reprimand the person, either publicly or privately.

The maximum pecuniary penalty that can be imposed is either HK$10,000,000 or 3 times the profit gained or loss avoided by the person due to the misconduct, whichever is greater.

The principal purposes are:

1. To protect existing and potential policyholders and the public interest.
2. To promote and encourage proper standards of conduct of regulated persons.
3. To deter misconduct among regulated persons.
4. To prevent acts that would render persons not fit and proper.
5. To deter licensed agencies from engaging unfit persons.
6. To sanction agencies that engage unfit persons.
7. To prevent misconduct benefits.

The IA regards a pecuniary penalty as a more severe sanction than a reprimand, and a public reprimand is considered more severe than a private reprimand.

The IA considers the following factors:

1. The nature, seriousness, and impact of the conduct.
2. The behavior of the regulated person since the conduct was identified.
3. The previous disciplinary record and compliance history of the regulated person.
4. Other relevant factors.

The IA may publicize its decisions to impose a pecuniary penalty against a regulated person as it thinks fit.

Licensed Insurance Intermediaries must:

1. Act honestly, fairly, in the best interests of the policyholder, and with integrity.
2. Exercise a level of care, skill, and diligence expected of a prudent person.
3. Advise only on matters they are competent to advise.
4. Consider the particular circumstances of the policyholder to ensure appropriateness.
5. Disclose necessary information for informed decision-making.
6. Avoid conflicts of interest and disclose any that arise.
7. Ensure assets of the policyholder are properly accounted for.
8. Comply with IA-prescribed requirements.

A licensed insurance agency must:

1. Establish and maintain proper controls and procedures for compliance with conduct requirements.
2. Use best endeavours to secure observance of these controls by licensed technical representatives.
3. Ensure the responsible officer has sufficient authority for prescribed responsibilities.
4. Provide the responsible officer with adequate resources and support.

The responsible officer must:

1. Use best endeavours to ensure compliance with conduct requirements by the agency and its representatives.

A Licensed Insurance Broker Company must:

1. Establish and maintain proper controls and procedures for compliance with conduct requirements.
2. Use best endeavours to secure observance of these controls by licensed technical representatives.
3. Ensure the responsible officer has sufficient authority for prescribed responsibilities.
4. Provide the responsible officer with sufficient resources and support.
5. Ensure the company maintains proper controls for compliance.
6. Ensure observance of controls by licensed technical representatives.

The Codes of Conduct aim to:

• Provide guidance on practices and standards expected of licensed insurance intermediaries.
• Serve as minimum standards of professionalism for agents and brokers.
• Supplement the duties and obligations owed by licensed insurance agents to their principals.

Failure to comply with the Codes of Conduct does not automatically render an intermediary liable to legal proceedings. However, it may be considered when assessing whether the intermediary is a fit and proper person to remain licensed.

The eight general principles are fundamental principles of conduct that licensed insurance agents should adopt and follow when carrying on regulated activities. The Agents' Code further explains each principle and includes standards and practices related to them.

The Agents' Code provides guidance on the practices and standards for corporate governance, controls, and procedures that should be adopted by a licensed insurance agency in relation to their regulated activities.

The IA may use the Agents' Code to assess whether there has been an act or omission that is prejudicial to policyholders' interests, to determine if an agent is fit and proper to remain licensed, and to evaluate compliance with statutory conduct requirements.

No, the Agents' Code does not have the force of law, and a failure to comply with it does not render a licensed insurance agent liable to judicial proceedings.

Compliance with the conduct requirements is essential for maintaining trust in the insurance industry, as it reinforces the expectations of buyers regarding professional conduct in their dealings with licensed insurance agents.

1. Absence of fraud: A common obligation on all intermediaries.
2. Fair and reasonable behaviour: Expected standard when considering ethical issues.
3. No unfair advantage: Must not take advantage of clients' deficiencies.
4. No undue influence: Role is to advise, not to persuade or enforce.
5. Legal actions: Must adhere to both the letter and spirit of the law.
6. Legislative duties: Breaches could lead to criminal proceedings with severe penalties.

The insurance broker is normally the agent of the policyholder, meaning all legal obligations and duties within agency law apply to the broker in relation to the insured.

1. Seen as an expert in insurance.
2. Must be independent of any one insurer.
3. Expected to provide impartial advice with the policyholder's interests paramount.
4. Must take reasonable care in the client's interests to avoid professional negligence.

The insurance agent's principal is normally the Insurer, not the Insured. Therefore, the primary responsibilities are to the insurer, although they are still bound by legal and ethical obligations towards the policyholder.

Insurance agents must comply with the relevant provisions of the IO, as well as the rules, codes, and guidelines published by the Insurance Authority (IA) under the IO.

Insurance brokers, who present themselves as experts, have a higher duty of care and are at greater risk of tortious liability. In contrast, insurance agents who do not claim special skills face a lower risk of liability for incompetent performance and are not required to maintain professional indemnity insurance.

The Ordinance governs the handling of personal data, binding all persons and the Government, and establishes the Office of the Privacy Commissioner for Personal Data (OPCPD) to oversee its application.

Personal data is defined as any data relating to a living individual from which their identity can be ascertained, and includes any representation of information, including opinions.

1. Purpose and manner of collection: Lawful and fair collection of personal data, including providing a Personal Information Collection Statement (PICS) to data subjects.
2. Data accuracy: Ensuring personal data is accurate and up to date.
3. Data retention: Retaining personal data only as long as necessary for the purpose.
4. Data security: Protecting personal data against unauthorized access or processing.
5. Transparency: Informing data subjects about the use of their personal data.
6. Access and correction: Allowing data subjects to access and correct their personal data.

The purpose of collecting personal data includes clearly stating the purpose of data collection, the classes of persons to whom the data may be transferred, the consequences of failing to supply the data, and the rights to access and correct the data.

Personal data should be accurate, up-to-date, and kept no longer than necessary. If a data user engages a data processor, they must adopt contractual means to prevent the data from being retained longer than necessary for processing.

Personal data should only be used for the purposes for which it was collected or directly related to those purposes, unless the data subject gives consent for other uses.

Appropriate security measures should be applied to protect personal data against unauthorized or accidental access, processing, erasure, loss, or use, especially when engaging a data processor.

Data users should take practical steps to ensure openness and transparency about their policies and practices regarding personal data, including formulating and maintaining a privacy policy statement.

Data subjects have the rights of access to, and correction of, their personal data. Specifically, a customer has the right to ask an insurer to supply a copy of the personal data contained in their insurance policy.

The primary means is through a contract that defines the respective rights and obligations of the parties involved in the service contract.

1. Security measures to protect personal data.
2. Timely return, destruction, or deletion of personal data when no longer required.
3. Prohibition against unauthorized use or disclosure of personal data.
4. The data user's right to audit and inspect data handling practices.
5. Consequences of breach of the contract.

The Ordinance allows the use of 'other means' of compliance, which may include non-contractual oversight and auditing to protect personal data.

1. Transparency: Data users should clearly inform data subjects that their personal data may be processed by data processors.

2. Contract Enforcement: Ensure contracts with data processors are enforceable in both Hong Kong and the countries where the processors are located, with clear definitions of technical and legal terms.

3. Record Keeping: Both data users and processors must maintain proper records of all personal data transferred for processing.

4. Use of Anonymity: Consider using anonymous or dummy data for system testing instead of personal data.

Direct marketing is defined as the offering or advertising of goods, facilities, or services through direct means, which includes:

1. Sending information or goods addressed to specific persons by mail, fax, electronic mail, or other communication methods.
2. Making telephone calls to specific persons regarding the availability of goods, facilities, or services.

A data user must:

1. Inform the data subject of prescribed information regarding the intended use of their personal data in direct marketing.
2. Provide a response channel for the data subject to indicate any objections to the intended use or provision of their personal data for direct marketing purposes.

A data user must provide the prescribed information in writing, which includes:

• The kinds of personal data to be used or provided
• The classes of marketing subjects related to the data usage
• The classes of persons to whom the data will be provided for direct marketing purposes (if applicable).

The grandfathering arrangement allows data users to continue using personal data for direct marketing that was collected and used in compliance with previous regulations before the new provisions came into force. This applies to personal data related to the same class of marketing subjects.

A data user can only use personal data for direct marketing if:

1. They have provided the prescribed information to the data subject.
2. They have received a reply from the data subject indicating consent or no objection.
3. If the reply is oral, the data user must confirm in writing within 14 days the permitted kind of personal data and marketing subjects.

Before providing a data subject's personal data to others for direct marketing, the data user must receive a written reply from the data subject indicating consent or no objection to the provision of their data.

A data user must notify the data subject of his opt-out right when using personal data in direct marketing for the first time.

Data subjects may require data users to cease using their personal data in direct marketing and to stop providing it to others for such use.

The maximum penalty is a fine of HK$1,000,000 and imprisonment for 5 years.

An offence occurs if a person discloses personal data obtained from a data user without consent, intending to gain or cause loss, or if the disclosure causes psychological harm to the data subject.

Defences include: 1. Reasonable belief that disclosure was necessary to prevent or detect crime. 2. Disclosure required or authorized by law. 3. Reasonable belief that the data user consented. 4. Disclosure for public interest in news activities.

Data subjects can complain to the PCPD about a suspected breach and sue the wrongful data users for compensation for damages, including injured feelings, resulting from the contravention of the Ordinance.

The data user is liable as the principal for the wrongful act of its authorized data processor, while the data processor is not directly liable to the data subject.

The contract between the data user and the data processor, which includes specific provisions on data protection, can be admitted as evidence of compliance with data protection principles 2 and 4.

Exemptions include:

1. Personal data held for domestic or recreational purposes.
2. Certain employment-related personal data held by employers.
3. Exemptions where access may prejudice public interests such as security, crime prevention, health, and legal professional privilege.

Insurance practitioners are advised to read guidance notes and information leaflets issued by relevant regulatory bodies for practical guidance on the collection and use of personal data.

1. No collection of excessive data: Only collect data that is relevant to the claim.
2. Lawful and fair means of collection: Personal data should be collected by fair means and not through deception or misrepresentation.

The collection of HKIC numbers and copies is regulated by data protection principle 1 and the Code of Practice on the Identity Card Number and other Personal Identifiers (PI Code) issued by the PCPD. Insurers must only collect HKIC numbers when authorized by law or permitted under specific situations outlined in the PI Code.

An insurer may collect a customer's HKIC number to ensure that an insurance claim is paid to the right person, provided it is authorized by law or permitted under the situations set out in the PI Code.

Collecting a copy of the HKIC is significant for compliance with the Anti-Money Laundering and Counter-Terrorist Financing Ordinance, as it serves as proof of identity for the insurance institution.

Insurers should pay attention to the issue of vicarious liability for the acts of their appointed private investigators.

Obtaining information covertly is generally not considered a fair means of collection of data.

Physical surveillance may be justified if there is reasonable suspicion of a fraudulent insurance claim and no realistic alternatives exist for collecting evidence of the suspected fraud.

Data related to the claimant's private life that is unrelated to the claim should not be collected.

An insurance practitioner should not make copies of the insurance policies or other information of former customers from the records of their former principal/employer.

Using a former customer's personal data for marketing products or services of the new principal/employer would likely be outside the original purpose for which the data was collected.

Insurance institutions should implement security safeguards and precautions to protect customers' personal data held by them or their staff or agents.

Documents should be transmitted in sealed envelopes, ensuring no sensitive data is visible through the envelope window, and marked 'private and confidential' if intended only for the addressee.

Insurance agents should ensure that personal data is not seen and that conversations concerning sensitive customer information are not overheard by unrelated parties.

The four grounds of discrimination addressed by the EOC are:

1. Sex, marital status or pregnancy (Sex Discrimination Ordinance, 1995)
2. Disability (Disability Discrimination Ordinance, 1995)
3. Family status (Family Status Discrimination Ordinance, 1997)
4. Race (Race Discrimination Ordinance, 2008)

'Fair' discrimination in insurance is considered legitimate when it is based on:

1. Actuarial or other reliable data
2. Reasonableness in relation to the data and other relevant factors. Examples include:

• Life insurance premiums may differ based on life expectancy.
• Personal accident insurance may vary based on the presence of disabilities.

Unfair discrimination in insurance occurs when individuals are treated differently in a way that is not justified by actuarial data or reasonable factors. Examples include:

1. Refusing to insure individuals based solely on their disability without valid actuarial justification.
2. Charging higher premiums without a reasonable basis related to risk assessment.

Money laundering (ML) refers to the process of disguising illegally obtained funds to appear as if they come from legitimate sources. It often involves complex transactions to prevent tracing back to the criminal source.

Life insurance policies can be used as collateral for financial instruments, allowing money launderers to create complex transactions during the layering stage. Additionally, beneficiaries can be changed to obscure the source of funds when the policy matures or is surrendered.

The primary purpose of money laundering is to facilitate criminal enterprises such as drug trafficking, human trafficking, arms trafficking, and corrupt practices, allowing criminals to use illicit funds without attracting law enforcement attention.

Terrorist financing (TF) refers to the act of collecting, soliciting, or providing property with the intention of supporting terrorist organizations or carrying out terrorist acts.

Life insurance policies can be misused by designating conspirators as beneficiaries, allowing funds to be accessed when the policy matures or is surrendered, thus supporting terrorist activities.

Proliferation financing (PF) involves providing funds or financial services for the manufacture, acquisition, possession, development, export, trans-shipment, brokering, transport, transfer, stockpiling, or use of nuclear, chemical, or biological weapons, in violation of national laws or international obligations.

The three common stages of money laundering are:

1. Placement: The disposal of cash proceeds from illegal activities into the financial system.
2. Layering: Creating complex layers of financial transactions to disguise the source of the money and provide anonymity.
3. Integration: Creating the appearance of legitimacy for criminally derived wealth, allowing laundered proceeds to re-enter the financial system as if they were from legitimate business activities.

Criminals may purchase insurance products with illicit proceeds and then withdraw funds to obtain a 'clean' cheque from the insurer, which serves as a layering process in money laundering.

The counter proliferation financing regime in Hong Kong is implemented through legislation such as:

• United Nations Sanctions Ordinance (UNSO): Specific to Democratic People's Republic of Korea (DPRK) and Iran.
• Weapons of Mass Destruction (Control of Provision of Services) Ordinance (WMDCPSO): Prohibits providing services that may be related to proliferation financing.

Insurance intermediaries serve as a direct link to policyholders, involved in distribution, underwriting, and claims settlement of long-term insurance products. They are crucial in preventing money laundering (ML) and terrorist financing (TF) by adhering to necessary procedures and recognizing/reporting suspicious activities.

Hong Kong must implement the Anti-Money Laundering and Counter Terrorist Financing Ordinance to comply with FATF recommendations and maintain its status as an international financial center.

FIs and DNFBP must understand their obligations under the Anti-Money Laundering and Counter Terrorist Financing Ordinance, which includes conducting Customer Due Diligence (CDD) and maintaining records for specified periods to prevent ML and TF activities.

Customer Due Diligence (CDD) is significant as it requires insurance institutions to verify the identity of their customers and assess the risks of ML and TF, thereby supporting the prevention and detection of such activities.

The maximum penalty for the most serious offence under the AMLO is a fine of HK$1 million and imprisonment for 7 years.

Disciplinary actions that may be imposed on an II include:

1. Public reprimand
2. Order for remedial action
3. Pecuniary penalty not exceeding the greater of HK$10 million or three times the amount of profit gained (or cost avoided) due to the contravention.

The maximum penalty for money laundering offences under the OSCO and DTROP is imprisonment for 14 years and a fine of HK$5 million.

The penalty for failing to disclose knowledge or suspicion of property related to indictable offences or drug trafficking is a maximum term of imprisonment of 3 months and a fine of HK$50,000 upon conviction.

A person commits the offence of 'tipping off' if, knowing or suspecting that a disclosure has been made, he discloses to any other person that a disclosure has been made.

The UNATMO criminalizes the provision or collection of any property to commit terrorist acts, as well as making any property or financial services available to or for the benefit of a terrorist or terrorist associate.

The maximum penalty for offences under the UNATMO related to terrorist acts is 14 years of imprisonment and a fine of unlimited amount.

The penalty for failing to disclose knowledge or suspicion of terrorist property under the UNATMO is a maximum term of imprisonment of 3 months and a fine of HK$50,000 upon conviction.

The offence of 'tipping off' occurs when a person, knowing or suspecting that a disclosure has been made, discloses to any other person any matter likely to prejudice any investigation that might follow that disclosure.

The UNATMO was amended in 2018 to prohibit any person from dealing with specified terrorist property and property of specified terrorists or terrorist associates, and to criminalize the financing of travel for the purpose of terrorist acts or training.

The UNSO empowers the Chief Executive to make regulations to implement sanctions imposed by the United Nations Security Council (UNSC) against persons and places outside the PRC, including targeted financial sanctions against designated persons and entities.

The maximum penalty for contravening targeted financial sanctions under the United Nations Sanctions Regulations is imprisonment for 7 years and a fine of unlimited amount.

The WMD(CPS)O prohibits a person from providing any services if they believe or suspect, on reasonable grounds, that those services may be connected to proliferation financing (PF).

The provision of services is widely defined and includes the lending of money or other provision of financial assistance.

It is an offence to make available, directly or indirectly, any funds or other financial assets or economic resources to designated persons or entities without a licence granted by the Chief Executive.

The GL3 guideline aims to provide a general background on money laundering (ML) and terrorist financing (TF), summarize the main provisions of applicable AML/CFT legislation in Hong Kong, and offer practical guidance for insurance intermediaries (IIs) to develop and implement their own policies, procedures, and controls to meet statutory and regulatory requirements.

Failure to comply with the GL3 may reflect adversely on the fitness and properness of the directors and controllers of the authorized insurer or reinsurer, potentially leading to disciplinary action against the concerned entity.

The RBA is central to the effective implementation of an AML/CFT regime as it requires insurance intermediaries to identify, assess, and understand the ML/TF risks they face, allowing them to take appropriate AML/CFT measures that are commensurate with those risks to manage and mitigate them effectively.

The IRA enables an II to understand its vulnerabilities to money laundering (ML) and terrorism financing (TF) by identifying, assessing, and understanding its ML/TF risks related to customers, jurisdictions, products/services, and delivery channels.

An II should conduct its IRA every two years and upon trigger events that are material to the II's business and risk exposure.

The CRA should consider customer risk factors, country risk factors, product/service/transaction risk factors, and delivery/distribution channel risk factors.

The RBA in the CRA framework means that the extent of Customer Due Diligence (CDD) measures applied should be proportional to the ML/TF risks associated with the business relationship, increasing for higher risks and potentially simplifying for lower risks.

The key components include:

1. Compliance management arrangements
2. Independent audit function
3. Employee screening procedures
4. Ongoing employee training programme

The senior management of the II is responsible for implementing effective AML/CFT Systems that can adequately manage the identified ML/TF risks.

The Compliance Officer (CO) is appointed at the management level and has the overall responsibility for the establishment and maintenance of the II's AML/CFT Systems.

Group-wide AML/CFT systems refer to the application of AML/CFT requirements set out in the GL3 to all overseas branches and subsidiary undertakings of a Hong Kong-incorporated II, ensuring compliance with CDD and record-keeping requirements similar to those in the AMLO.

The RBA involves conducting CDD measures that are commensurate with the ML/TF risks associated with a business relationship. Enhanced due diligence (EDD) measures are required for high-risk situations, while simplified due diligence (SDD) measures may be applied in low-risk situations.

The initial CDD measures include:

1. Identify the customer and verify the customer's identity using reliable documents, data, or information.
2. If there is a beneficial owner, identify and take reasonable measures to verify the beneficial owner's identity to ensure the II knows who the beneficial owner is.

An II should implement measures to enable understanding of the ownership and control structure of the legal person or trust, including obtaining relevant information about the purpose and intended nature of the business relationship established with the II.

1. Identify the person and verify their identity using reliable documents, data, or information.
2. Verify the person's authority to act on behalf of the customer.

An II should:

1. Obtain approval from senior management for establishing or continuing business relationships with a non-Hong Kong PEP.
2. Take reasonable measures to establish the source of wealth and source of funds of the customer or beneficial owner.

1. Ongoing Customer Due Diligence (CDD): Regularly review documents, data, and information related to the customer to ensure they are up-to-date.
2. Transaction Monitoring: Scrutinize transactions to ensure consistency with the II's knowledge of the customer and identify any complex or unusual transactions for further examination.

The UNSC imposes sanctions on countries, entities, and individuals involved in activities like terrorism and corruption, which are implemented in Hong Kong under the UNSO and UNATMO. Insurance Intermediaries must comply with these sanctions as part of their regulatory obligations.

The IA provides links to notices regarding UNSC sanctions resolutions in its circulars and email alerts issued to Insurance Intermediaries (IIs), requiring them to screen all new designations against their customer lists as soon as practicable.

Inclusion in a UNSC sanctions list may trigger statutory obligations under money laundering and terrorist financing laws, requiring IIs to establish effective policies, procedures, and controls to identify terrorist suspects and detect prohibited transactions.

IIs should implement an effective screening mechanism that includes:

1. Screening customers and beneficial owners against the current database at the establishment of the relationship.
2. Screening against all new and updated designations as soon as practicable.
3. Extending screening to connected parties and payees to prevent payments to terrorist suspects or sanctioned parties.

When possible name matches are identified, IIs should conduct enhanced checks to determine if the matches are genuine. If there are suspicions of terrorist financing, proliferation financing, or sanctions violations, they must report to the JFIU and document the results of enhanced checks and screening records.

Under sections 25A(1) of the DTROP, OSCO, and section 12(1) of the UNATMO, if a person knows or suspects that any property represents proceeds of crime, was used in connection with drug trafficking or an indictable offence, or is terrorist property, they must report this suspicion as soon as possible.

The maximum penalty is imprisonment for three months and a fine of $50,000.

The key components include:

1. Appointment of a Money Laundering Reporting Officer (MLRO)
2. Clear policies and procedures for internal reporting, reporting to the JFIU, post-reporting risk mitigation, and prevention of tipping off.
3. Keeping proper records of internal reports and Suspicious Transaction Reports (STRs).

The II should take appropriate steps to further examine the transactions and identify if there is any suspicion, especially if the transaction is unusual or has no apparent economic or lawful purpose.

An II should provide sufficient guidance to its staff to enable them to form suspicion or recognize signs of money laundering or terrorist financing (ML/TF).

The MLRO should take reasonable steps to consider all relevant information, including Customer Due Diligence (CDD) and ongoing monitoring information, and document the review process along with any conclusions drawn.

Insurance intermediaries must maintain Customer Due Diligence (CDD) information, transaction records, and other necessary documents to meet statutory and regulatory requirements. These records should be kept throughout the business relationship and for at least five years after its termination.

Individual insurance agents must ensure that the insurer has systems in place to comply with record-keeping requirements under the AMLO. They should also ensure that the records are accessible from the insurer without delay upon request by the Insurance Authority.

An insurance intermediary is responsible for providing adequate training to its staff on AML/CFT systems. The training should be tailored to the specific risks faced by the intermediary and aligned with the job functions, responsibilities, and experience of the staff.

Refresher training is crucial for reminding staff of their responsibilities and keeping them informed of new developments related to Money Laundering (ML) and Terrorist Financing (TF). It ensures compliance with statutory obligations and enhances the effectiveness of AML/CFT measures.

Failure to comply with Customer Due Diligence (CDD) and record-keeping under the Anti-Money Laundering Ordinance (AMLO) can lead to legal repercussions for the staff, including penalties, disciplinary actions, and damage to the institution's reputation.

Staff should be trained on:

1. Policies and procedures related to AML/CFT.
2. Suspicious transaction identification and reporting.
3. New and emerging techniques, methods, and trends in ML/TF relevant to their roles.

The POBO prohibits agents from soliciting or accepting any advantage without the permission of their principal while conducting the principal's business or affairs. Violating this can lead to legal penalties.

The ICAC, through the POBO, helps maintain a corruption-free environment, ensuring efficiency and fair competition in the insurance sector. It protects stakeholders' interests and prevents agents from abusing their authority for personal gain.

Offering or accepting any advantage constitutes an offence under section 9(2) of the POBO. For example, a client who offers an advantage to an insurance agent commits this offence.

The maximum penalty for committing offences under the POBO is imprisonment for 7 years and a fine of HK$500,000.

An 'agent' includes any person employed by or acting for his/her 'principal', such as a licensed individual insurance agent or a licensed technical representative. Agents owe both contractual and fiduciary obligations to their principals.

The term 'advantage' is broadly defined to include money, gifts, loans, rewards, commissions, office, employment, contracts, services, favors, and even tips or 'red packet money', but excludes entertainment consumed on the spot.

No, customs in any profession do not constitute a defense for bribery under Section 19 of the POBO. Both the offeror and recipient of a bribe commit an offence regardless of whether the act requested was carried out.

Accepting or offering bribes indirectly through a third party is illegal. Both the offeror and recipient commit an offence if the purpose is to induce the agent to act in relation to his principal's business.

Insurance intermediaries should refrain from offering any advantage to a public servant while having business dealings with the organization that employs the public servant, regardless of intent.

If any part of the act of bribery, including offering, soliciting, or accepting a bribe, can be proved to have taken place in Hong Kong, both the offeror and recipient may be pursued under Section 9 of the POBO.

Insurance intermediaries should report corruption to the ICAC to protect the company's and their own interests.

The ICAC provides anti-corruption and ethics training, dedicated resources for the insurance industry, and an online learning course for new practitioners.

Insurance fraud can include dishonest claims, such as exaggerating the value of stolen items, elaborate swindles like arson, faked death certificates, and even murder for insurance money.

Fraud in insurance involves the deliberate falsification of material information or knowingly hiding negative features. This is a breach of utmost good faith and can be difficult to prove later.

A secondary participant, or accessory, aids, abets, consoles, or procures the commission of an offence. They may not be equally responsible as the principal perpetrator but can still be liable for their actions.

An insurance intermediary who misappropriates premiums can face prosecution for theft and civil action from the principal to recover the stolen money and damages for loss of interest.

An insurance intermediary can be considered an aider and abettor if they assist or encourage the commission of a crime, such as issuing an inflated premium receipt for fraudulent claims, regardless of their indifference to the client's intentions.

To prove the mens rea of a defendant in aiding a crime, it must be shown that the defendant had the intention to aid or encourage the commission of the crime, knowing their conduct would assist in it, without needing an intention to gain from the crime itself.

An insurance intermediary should not omit or misrepresent adverse information about an insurance application, as doing so with the intention to mislead the insurer constitutes fraud.

Insurance intermediaries are legally and ethically bound to exercise the duty of utmost good faith in all matters related to proposed insurance, regardless of the practical consequences.

Insurance intermediaries are not responsible for investigating fraud but have a common duty to not assist fraud and to report any evidence or suspicions of it. Their role is to assist the insurer and resist attempts at fraud.

Practical steps include:

1. Vigilance: Be alert to suspicious actions, such as sudden increases in sums insured without explanation.
2. Diligence: Maintain accurate records and avoid unnecessary delays to prevent opportunities for fraud.
3. Communication: Keep close contact with the insurer regarding any suspicious circumstances.
4. Integrity: Uphold the highest moral standards to guide behavior against fraud.