HKSIPapers HKSIPapers HKSI LE practice and regulatory notes
Applied regulation Paper 1 · Topic 6

Business Operations and Practices

Covers management and internal controls, risk-based AML/CFT, suspicious transactions, electronic trading and ALPs, personal data, compliance governance and insurance.

HKSI Paper 1 study notes: Business Operations and Practices

1 Controls, AML and data duties

Separate control design, internal escalation and statutory reporting instead of memorising acronyms.

Risk-based AML/CFT

AMLO and SFC AML/CFT Guideline
  • A risk-based approach is not a one-off CDD exercise; monitoring must reflect client, product, channel and geographic risks. Definition
  • Where ML/TF suspicion arises, follow the procedure to report to the Joint Financial Intelligence Unit and avoid tipping off. Exam

常見誤區

High risk does not automatically mean rejection; it normally calls for enhanced due diligence, closer monitoring and senior approval.

Electronic trading and personal data

ICG / PDPO
  • Electronic-trading controls should cover authentication, access, capacity, transaction records, audit trails, incident handling and backup. Exam
  • The PDPO data protection principles cover collection purpose, accuracy and retention, use, security, openness, and access/correction. Definition

措辭陷阱

A mandatory named encryption method is not itself a data protection principle; the law requires all practicable security steps.

Practise with 2,195 original Paper 1 questions

These notes are distilled from the 10min HKSI1 app. Use them alongside bilingual questions, reasoned explanations, chapter practice and error review.

Need other learning tools? We recommend: