Financial institutions are required to conduct extensive due diligence on customers and keep relevant documentation under money laundering and terrorist financing laws. This note looks at the systems and controls which should be put in place under the relevant statutory Guidelines.
Legislative framework & guidelines
The Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance (Cap 615) (AMLO) imposes statutory customer due diligence (CDD) and record-keeping obligations for financial institutions (FIs) in the banking, securities, insurance, remittance and money changing sectors. These requirements are found in Schedule 2 of the AMLO.
There are four regulatory authorities with supervisory and enforcement powers: the Securities and Futures Commission (SFC), the Hong Kong Monetary Authority (HKMA), the Insurance Authority and the Customs and Excise Department. All four regulators have published guidelines on Anti-Money Laundering and Counter-Terrorist Financing to provide guidance with compliance with the AMLO. These guidelines are also found in AMLO, Sch 2.
AMLO, Sch 2
SFC Codes & Guidelines
Guideline on Anti-Money Laundering and Counter-Terrorist Financing (for authorised institutions)
Guideline on Anti-Money Laundering and Counter-Terrorist Financing (for authorised insurers, reinsurers, appointed insurance agents and authorised insurance brokers carrying on or advising on long-term business)
Guideline on Anti-Money Laundering and Counter-Terrorist Financing (for money service operators)
Financial institutions (FIs) are advised to implement appropriate systems (referred to as ‘AML/CTFT systems’). For ease of analysis, we examine the HKMA Guidelines which are largely parallel to the other three, which were revised in October 2018. An overview is as follows.
Reference: Hong Kong Monetary Authority, Guideline on Anti-Money Laundering and Counter-Terrorist Financing (for Authorised Institutions), October 2018
An FI should be alert to the three ‘common stages’ of money laundering. These are:
- placement – the physical disposal of cash proceeds derived from illegal activities;
- layering – separating illicit proceeds from their source by creating complex layers of financial transactions designed to disguise the source of the money, subvert the audit trail and provide anonymity; and
- integration – creating the impression of apparent legitimacy to criminally derived wealth.
An FI should consider which products and services offer may be vulnerable to money laundering or terrorist financing abuse. This includes assessing the risks of any new products and services before they are introduced, and being vigilant to business, industrial sectors, and countries where the customer has business connections that are more vulnerable to corruption.
Reference: Chapter 2, Hong Kong Monetary Authority, Guideline on Anti-Money Laundering and Counter-Terrorist Financing (For Authorised Institutions), October 2018
FIs should have effective controls for the following:
- senior management oversight
- appointment of a Compliance Officer and a Money Laundering Reporting Officer
- independent compliance and audit function, and
- staff screening and training
Customer acceptance or risk assessment
FIs may assign a money laundering or terrorist financing risk rating to their customers. Relevant risk factors to be considered may include the following: country risk, customers with residence in or connection with high-risk jurisdictions. Product or service risk factors might include services that inherently have provided more anonymity, and the ability to pool underlying customers or funds.
Customer due diligence
FIs should identify the customer and verify the customer’s identity using reliable, independent source documents, data or information. This requirement applies at the outset of a business relationship, before performing any occasional transaction which is equal to or exceeding an aggregate value of HK$120,000. Occasional transactions (such as wire transfers, currency exchanges, purchase of cashier orders) do not apply to the insurance and securities sectors.
FIs should be vigilant that a series of linked occasional transactions could meet or exceed the CDD thresholds of HK$8,000 for wire transfers and HK$120,000 for other types of transactions.
Reference: Chapter 4, Hong Kong Monetary Authority, Guideline on Anti-Money Laundering and Counter-Terrorist Financing (For Authorised Institutions), October 2018.
Identification or verification of client’s identity
The FI must identify the customer and verify the customer’s identity by reference to documents, data or information provided by a reliable and independent source. Unlike customer due diligence as depicted above, this criterion applies irrespective of the $120,000 threshold.
Appendix A of the AMLO contains a list of documents recognised by the regulatory authorities as independent and reliable sources.
FIs should identify all beneficial owners of a customer. In relation to verification of beneficial owners’ identities, except in a high risk situation, FIs are required to take reasonable measures to verify the identity of any beneficial owners owning or controlling 25% or more of the voting rights or shares, etc. of a corporation, partnership or trust.
If a person purports to act on behalf of the customer, FIs must identify the person and take reasonable measures to verify the person’s identity.
Additional measures should be taken to mitigate the money laundering or terrorist financing risk involved:
- obtaining additional information on the customer (g., connected parties, accounts or relationships) and updating more regularly the customer profile including the identification data
- obtaining additional information on the intended nature of the business relationship (e,g., anticipated account activity), the source of wealth and source of funds
- obtaining the approval of senior management to commence or continue the relationship
- conducting enhanced monitoring of the business relationship, by increasing the number and timing of the controls applied and selecting patterns of transactions that need further examination. For avoidance of doubt, all high risk customers should be subject to a minimum annual review
Politically exposed persons
When FIs know that a particular customer or beneficial owner is a politically exposed person (PEP), it should apply additional measures before establishing a business relationship or continuing an existing business relationship:
- obtain approval from its senior management;
- take reasonable measures to establish the customer’s or the beneficial owner’s source of wealth and the source of the funds; and
- apply enhanced monitoring to the relationship in accordance with the assessed risks.
There should be ongoing monitoring of client information and activity to identify transactions that are complex, large, unusual, or which have no apparent economic or lawful purpose. These include:
- the size and complexity of its business
- its assessment of the money laundering or terrorist financing risks arising from its business
- the nature of its systems and controls
- the monitoring procedures that already exist to satisfy other business needs
- the nature of the products and services
Suspicious transaction reports
The Drug Trafficking (Recovery of Proceeds) Ordinance (Cap 405), the Organized and Serious Crimes Ordinance (Cap 455), and the United Nations (Anti-Terrorism Measures) Ordinance (Cap 575) require FIs to report any property where an FI knows or suspects that such property represents the proceeds of crime or terrorist property.
Reports to the Joint Financial Intelligence Unit offer a statutory defence to the offence of money laundering or terrorist financing in respect of the acts disclosed in the report, provided:
- the report is made before the FI undertakes the disclosed acts and the acts (transaction(s)) are undertaken with the consent of the Joint Financial Intelligence Unit
- the report is made after the FI has performed the disclosed acts (transaction(s)) and the report is made on the FI’s own initiative and as soon as it is reasonable for the FI to do so
The guidelines set out a non-exhaustive list of examples of circumstances that may give rise to the suspicion of money laundering or terrorist financing.
This covers the retention of records relating to customer identity and transactions. Documents should be kept throughout the business relationship with the customer and for a period of five years after the end of the business relationship.
FIs are expected to have a clear anti-money laundering or counter-terrorist financing training policy. Staff training records must be maintained for a minimum of three years.
ORIGINALLY PUBLISHED ON LEXISNEXIS