HKMA on Authorized Payment Scams

Updated on: Apr 15, 2025

Latest Event

  • Apr. 2025 Stored Value Facility Licensees
  • On Apr. 11, 2025, HKMA advised stored value facility (SVF) licensees to critically assess business operations using guidance in circular to identify APS vulnerabilities.
  • Where vulnerabilities are found, SVF licensees shall implement appropriate system enhancements; measures shall be considered when developing products and services.
  • HKMA will monitor, review steps taken by SVF licensees to implement these measures.

On Dec. 20, HKMA issued measures to help protect bank customers.

  • HKMA issued measures to protect customers from authorized payment scams (APS).
  • Follows HKMA Jan. 2024 proposed data sharing among institutions, see #198757.
  • Overview of Measures
  • Authorized institutions (AIs) must establish a framework with policies, procedures, supported by senior management, trained staff, to detect, deter, disrupt APS.
  • They should implement dynamic monitoring systems that consider customer profiles, transactional behavior, scam trends, and intelligence from platforms like FINEST.
  • When high-risk transactions are detected, AIs should promptly alert customers, probe the transaction's purpose, and take follow-up actions based on the risk level.
  • Seek assistance from the Hong Kong Police Force (HKPF) if scams are suspected; temporarily hold transactions if necessary, ensure customer contact for clarification.
  • AIs are encouraged to adopt advanced technologies to enhance detection capabilities.
  • In addition, AIs should actively participate in anti-deception initiatives, including the 24/7 stop payment mechanism, to intercept crime proceeds and assist scam victims.
  • Effectiveness
  • All measures must be implemented as soon as practicable, and before Jun. 30, 2025.
  • Apr. 2025 Stored Value Facility Licensees
  • On Apr. 11, 2025, HKMA advised stored value facility (SVF) licensees to critically assess business operations using guidance in circular to identify APS vulnerabilities.
  • Where vulnerabilities are found, SVF licensees shall implement appropriate system enhancements; measures shall be considered when developing products and services.
  • HKMA will monitor, review steps taken by SVF licensees to implement these measures.
Regulators
HKMA
Entity Types
Bank; MSB
Reference
Cir B10/21C, 4/11/2025; Cir B10/1C B1/15C, 12/20/2024; ESG;
Functions
AML; Compliance; C-Suite; Financial; Fraud; Operations; Product Design; Reporting; Risk; Technology; Treasury
Countries
Hong Kong
Category
State
N/A
Products
AI; Banking; Payments
Rule Type
Final
Regions
AP
Rule Date
Dec 20, 2024
Effective Date
Jun 30, 2025
Rule ID
238119
Linked to
Rule :198757
Reg. Last Update
Apr 11, 2025
Report Section
AML & Enforcement