top of page

Anti-Money Laundering and
Counter-Terrorist Financing Requirements

Application of CDD, SDD and EDD_edited_e

INTRODUCTION

Pursuant to section 7 of the Anti-Money Laundering and Counter-Terrorist Financing Ordinance, Cap. 615 (“the AMLO”), in considering whether an anti-money laundering and counter-terrorist financing (“AML/CTF”) requirement under Schedule 2 has been contravened, the Registrar of Companies (“the Registrar”) will have regard to the relevant provision in the Guideline on Compliance of Anti-Money Laundering and Counter-Terrorist Financing Requirements for Trust or Company Service Providers (“the Guideline”).

 

AML/CTF OBLIGATIONS OF TCSP LICENSEES

To fulfil the AML/CTF obligations, TCSP licensees must assess the money laundering and/or terrorist financing (“ML/TF”) risk of their businesses, develop and implement policies, procedures and controls (hereinafter collectively referred to as “AML/CTF systems”) on:

 

  • risk assessment;

  • customer due diligence (“CDD”) measures;

  • ongoing monitoring of customers;

  • suspicious transactions reporting;

  • record keeping; and

  • staff training.

 

TCSP licensees should establish and implement adequate and appropriate AML/CTF systems (including customer acceptance policies and procedures) taking into account factors including products and services offered, types of customers, geographical locations involved.
 

ASSESSING RISK AND APPLYING A RISK-BASED APPROACH

 

TCSP licensees can apply appropriate control and oversight to new and existing customers by determining:

 

  • the extent of CDD to be performed;

  • the level of ongoing monitoring to be applied to the relationship with customers; and

  • the measures to mitigate any ML/TF risks identified.

The following factors may be considered in determining the ML/TF risk rating of customers:

 

Documenting risk assessment

 

TCSP licensees should keep records and relevant documents of the risk assessment so that they can demonstrate to the Registrar, among others:

  • how the customer’s ML/TF risks are assessed; and

  • the extent of CDD and ongoing monitoring is appropriate based on that customer’s ML/TF risks.

CUSTOMER DUE DILIGENCE (“CDD”)

 

CDD is intended to enable a TCSP licensee to form a reasonable belief that it knows the true identity of each customer and, with an appropriate degree of confidence, knows the type of business and transactions the customer is likely to undertake. The CDD requirements are set out in Schedule 2 to the AMLO. 
 

Depending on specific circumstances, TCSP licensees may also need to conduct additional measures (referred to as enhanced customer due diligence (“EDD”) hereinafter) or, alternatively, may conduct simplified customer due diligence (“SDD”).

APPLYING CDD

 

The CDD measures applicable to TCSP licensees under section 2 of Part 2 of

Schedule 2 to the AMLO are:

  • identifying the customer and verifying the customer’s identity using 
    documents, data or information provided by reliable and independent source;

  • where there is a beneficial owner in relation to the customer,

    identifying  and taking reasonable measures to verify the beneficial

    owner’s identity so that the TCSP licensee is satisfied that it knows

      who the beneficial owner is, including in the case where the customer

      is a legal person or trust, measures to enable the TCSP licensee

      to understand the ownership and control structure of the legal

      person or trust;

  • obtaining information on the purpose and intended nature of

    the business relationship (if any) established with the TCSP licensee

      unless the purpose and intended nature are obvious; and

  • if a person purports to act on behalf of the customer:

    • identifying the person and taking reasonable measures to verify the
      person’s identity using documents, data or information provided by
      reliable and independent source; and​

    • verifying the person’s authority to act on behalf of the customer.

Under section 1 of Part 1 of Schedule 2 to the AMLO, “customer” is defined to include a client. The meaning of “customer” and “client” should be inferred from its everyday meaning and in the context of industry practice.

 

Pursuant to section 3(1) of Part 2 of Schedule 2 to the AMLO, TCSP licensees must apply CDD:

  • before establishing a business relationship with the customer;

  • before carrying out for the customer an occasional transaction that involves an amount equal to or exceeding an aggregate value of HK$120,000, whether carried out in a single operation or several operations that appear to the TCSP licensee to be linked;

  • when the TCSP licensee suspects that the customer or the customer’s account is involved in ML/TF;

  • when the TCSP licensee doubts the veracity or adequacy of any information previously obtained for the purpose of identifying the customer or for the purpose of verifying the customer’s identity.
     

Under section 1 of Part 1 of Schedule 2 to the AMLO,

  • business relationship” is defined to mean a business, professional or commercial relationship between a TCSP licensee and a person that has an element of duration, or at the time when the person first contacts the licensee in the person’s capacity as a potential customer, the licensee expects the relationship to have an element of duration; and

  • occasional transaction” is defined to mean a transaction between a TCSP licensee and a customer who does not have a business relationship with the TCSP licensee.

A TCSP licensee must complete the CDD process before establishing any business relationship or before carrying out a specified occasional transaction. Where the TCSP licensee is unable to complete the CDD process, it must not establish a business relationship or carry out any occasional transaction with that
customer and should assess whether this failure provides grounds for knowledge or suspicion of ML/TF and filing a suspicious transaction report ("STR") with the Joint Financial Intelligence Unit ("JFIU").

 

However, TCSP licensees may, exceptionally, verify the identity of the customer and any beneficial owner after establishing the business relationship, provided that:

  • any risk of ML/TF arising from the delayed verification of the customer’s or beneficial owner’s identity can be effectively managed;

  • this is necessary not to interrupt the normal conduct of business with regard to the customer;

  • the verification is completed as soon as reasonably practicable; and

  • the business relationship will be terminated if verification cannot be completed as soon as reasonably practicable.


The TCSP licensee must not apply the exception above where:

  • the TCSP licensee has knowledge or a suspicion of ML/TF;

  • the TCSP licensee becomes aware of anything which causes it to doubt the identity or intentions of the customer or beneficial owner; or

  • the business relationship is assessed to pose a higher risk.
     

Verification of identity should be concluded within a reasonable timeframe. Where verification cannot be completed within such a period, the TCSP licensee should, as soon as reasonably practicable, suspend or terminate the business relationship unless there is a reasonable explanation for the delay. In this regard:

  • if a TCSP licensee cannot complete identity verification within 60 working days after the establishment of a business relationship with a customer, the TCSP licensee should suspend the business relationship and refrain from carrying out further transactions (except to return funds to their sources, to the extent that this is possible); and

  • if a TCSP licensee cannot complete identity verification within 120 working days after the establishment of the business relationship, the TCSP licensee should terminate the business relationship with the customer.

 

TCSP licensees should take steps from time to time to ensure that customers’ information obtained for the purposes of complying with the requirements of sections 2 and 3 of Part 2 of Schedule 2 to the AMLO is up-to-date and relevant.

TCSP licensees must identify the customer and verify the customer’s identity by reference to documents, data or information provided by a reliable and independent source:

  • a governmental body;

  • the Registrar or any other relevant authority ("RA");

  • an authority in a place outside Hong Kong that performs functions similar to those of the Registrar or any other RA; or

  • any other reliable and independent source that is recognized by the Registrar.

APPLYING SDD
 

Where SDD applies, the TCSP licensee is not required to identify and verify the beneficial owner. However, other aspects of CDD must be undertaken and it is still necessary to conduct ongoing monitoring of the business relationship. TCSP licensees must have solid grounds to support the use of SDD and may have to
demonstrate these grounds to the Registrar.

Pursuant to section 4(3) of Part 2 of Schedule 2 to the AMLO, customers to whom SDD may be applied are:

  • a financial institution;

  • an institution that-

    • ​is incorporated or established in an equivalent jurisdiction (e.g. member of the Financial Action Task Force);

    • carries on a business similar to that carried on by a financial institution;

    • has measures in place to ensure compliance with requirements similar to those imposed under Schedule 2; and

    • is supervised for compliance with those requirements by an authority in that jurisdiction that performs functions similar to those of any of the RAs;

  • a corporation listed on any stock exchange;

  • an investment vehicle where the person responsible for carrying out measures that are similar to the CDD measures in relation to all the investors of the investment vehicle is-

    • a financial institution;​

    • an institution incorporated or established in Hong Kong, or in an equivalent jurisdiction that-

      • has measures in place to ensure compliance with requirements similar to those imposed under Schedule 2; and​

      • is supervised for compliance with those requirements.

  • the Government or any public body in Hong Kong; or

  • the government of an equivalent jurisdiction or a body in an equivalent jurisdiction that performs functions similar to those of a public body.

 

A TCSP licensee may also apply SDD in relation to a customer if the TCSP licensee has reasonable grounds to believe that the transaction conducted by the customer relates to any one of the following products:

  • a provident, pension, retirement or superannuation scheme (however described) that provides retirement benefits to employees, where contributions to the scheme are made by way of deduction from income from employment and the scheme rules do not permit the assignment of a member’s interest under the scheme;

  • an insurance policy for the purposes of a provident, pension, retirement or superannuation scheme (however described) that does not contain a surrender clause and cannot be used as a collateral; or

  • a life insurance policy in respect of which:

    • ​an annual premium of no more than HK$8,000 or an equivalent amount in any other currency is payable; or

    • a single premium of no more than HK$20,000 or an equivalent amount in any other currency is payable.


 

​​

business relationship
occasional transaction
bottom of page