1 Controls, AML and data duties
Separate control design, internal escalation and statutory reporting instead of memorising acronyms.
Risk-based AML/CFT
AMLO and SFC AML/CFT Guideline- A risk-based approach is not a one-off CDD exercise; monitoring must reflect client, product, channel and geographic risks. Definition
- Where ML/TF suspicion arises, follow the procedure to report to the Joint Financial Intelligence Unit and avoid tipping off. Exam
常見誤區
High risk does not automatically mean rejection; it normally calls for enhanced due diligence, closer monitoring and senior approval.
Electronic trading and personal data
ICG / PDPO- Electronic-trading controls should cover authentication, access, capacity, transaction records, audit trails, incident handling and backup. Exam
- The PDPO data protection principles cover collection purpose, accuracy and retention, use, security, openness, and access/correction. Definition
措辭陷阱
A mandatory named encryption method is not itself a data protection principle; the law requires all practicable security steps.