Hong Kong eases info-sharing in banks’ anti-fraud push

The changes let banks share more information without fear of liability.

Hong Kong has amended its banking ordinance to give financial institutions stronger legal backing to share information on suspected scams, money laundering, and terrorist financing—an upgrade regulators say will improve efficiency in tackling financial crime and reduce costly system breakdowns caused by fraud.

The Banking (Amendment) Ordinance 2025 introduces a “safe harbour” that protects authorized institutions when exchanging data aimed at detecting or preventing prohibited conduct. The change is expected to encourage banks to take more action in flagging suspicious accounts and intercepting illicit funds.

“The ordinance also gives authorized institutions a measure of legal protection… whilst also imposing requirements on authorized institutions to maintain confidentiality and safeguard information,” said Raymond Chan, executive director for enforcement and anti-money laundering at the Hong Kong Monetary Authority, told Asian Banking & Finance.

He said the legal cover would let institutions share a broader range of information without fear of liability. “I very much hope that we will see increases in suspicious accounts identified, illicit funds intercepted and, wherever possible, stolen funds returned to victims,” he said in an emailed reply to questions.

Stronger sharing could also help the police prosecute criminals exploiting Hong Kong’s banking system, Chan said.

The ordinance allows data sharing when banks observe activity indicating involvement in prohibited conduct. “The thresholds are actually a bit higher than just suspicion, which is a fairly low bar,” he said. “We don’t envisage artificial intelligence (AI)-to-AI sharing without suspicion in this context.”

The change builds on the Financial Intelligence Evaluation Sharing Tool, launched in 2023 by Hong Kong’s central bank with the Hong Kong Police Force and Hong Kong Association of Banks. That platform has supported more than 1,200 reports on suspicious corporate accounts.

However, Chan noted that corporate accounts represent only part of the problem. “Around 90% of accounts used in moving and concealing proceeds of crime, so-called mule accounts, are held by individuals rather than corporations,” he said.

The tool is now being upgraded to cover individual accounts, with the rollout planned later this year.

Participation in the expanded system will remain voluntary. Chan warned that making information sharing mandatory could backfire. “It could lead to high volumes of requests and reports, many of which would be of low quality and impose a very high processing workload on the banks,” he said.

He also cited problems with suspicious transaction reports (STR). Because banks face sanctions if they fail to file, many adopt “defensive” reporting whenever there is doubt. “We want sharing to be more focused, leading to actionable intelligence in the form of higher-quality STRs. Loading another obligation onto AIs does not seem to be the best way to achieve this.”

The central bank is also stepping up consumer safeguards. In December 2024, it launched Money Safe, a feature similar to Singapore’s “money lock,” which lets customers ring-fence part of their deposits until banks complete anti-fraud verification.

Other measures include an in-app authentication system that defaults to bound devices instead of SMS one-time passwords; the option to deactivate higher-risk online banking functions; real-time alerts to cancel suspicious payments; and tools to detect deepfakes.

Chan said sector-wide sharing, coupled with these measures, would help banks respond faster to fraud and money laundering.