Hong Kong Guideline on Anti-Money Laundering – An Overview and Summary of Requirements

• By: Staff Editor
• Date: June 14, 2013

1. Anti Money Laundering Ordinance (AMLO)
2. Drug Trafficking (Recovery of Proceeds) Ordinance (DTROP)
3. Organized and Serious Crimes Ordinance (OSCO)
4. United Nations (Anti-Terrorism Measures) Ordinance (UNATMO)

• FIs should implement appropriate internal AML/CFT policies, procedures and controls (referred to as “AML/CFT systems”) to mitigate the risks of ML/TF
• While implementing appropriate AML/CFT systems, FIs should taking into account factors including products and services offered, types of customers, geographical locations involved.
• FIs should have effective controls covering
  • senior management oversight;
  • appointment of a Compliance Officer (CO) and a Money Laundering Reporting Officer (MLRO);
  • compliance and audit function; and
  • staff screening and training
• A Hong Kong-incorporated FI with overseas branches or subsidiary undertakings should put in place a group AML/CFT policy

• Using an RBA, FIs should determine the extent of customer due diligence (CDD) and ongoing monitoring.
• The RBA should enable FIs to subject customers to proportionate controls and oversight by determining:

1. Extent of the due diligence to be performed on the direct customer
2. Level of ongoing monitoring to be applied to the relationship
3. Measures to mitigate any risks identified

• FIs should assess the ML/TF risks of individual customers by assigning a ML/TF risk rating to their customers. For this purpose, FIs should consider –

1. Country risk
2. Customer risk
3. Product/service risk
4. Delivery/distribution channel risk

• FIs should conduct an ongoing review to
  • Adjust its risk assessment of a particular customer
  • Keep its policies and procedures up to date
  • Assess that its risk mitigation procedures and controls are working effectively
• FI should maintain records and relevant documents of the risk assessment.

• Following CDD measures are applicable to a FI:

1. Identification and verification of the customer’s identity
2. Identification and verification of a beneficial owner
3. Purpose and intended nature of business relationship
4. Identification and verification of a person purporting to act on behalf of the customer

• The CDD requirements should apply:

1. At the outset of a business relationship
2. Before performing any occasional transaction
   • Equal to or exceeding an aggregate value of $120,000,
   • Wire transfer equal to or exceeding an aggregate value of $8,000
   • When FI suspects that the customer or the customer’s account is involved in ML/TF
   • When FI doubts the veracity or adequacy of any information previously obtained for the purpose of identifying the customer or for the purpose of verifying the customer’s identity.

• The extent of monitoring should be linked to the risk profile of the customer
• Resources should be targeted towards business relationships presenting a higher risk of ML/TF
• High-risk relationships require more frequent and intensive monitoring
• In monitoring high-risk situations, relevant considerations should include:

1. Whether adequate procedures or management information systems are in place to provide relevant staff with timely information
2. How to monitor the sources of funds, wealth and income for higher risk customers and how any changes in circumstances should be recorded.

• FI should consider following factors when deciding how to monitor customer transactions and activities:

1. Size and complexity of business
2. Assessment of the ML/TF risks arising from business
3. Nature of its systems and controls
4. Monitoring existing procedures to satisfy other business needs
5. Nature of the products and services

• AIs should monitor both cash transactions and non-cash transactions (e.g. inter-account transfers or inter-bank transfers).

• FIs should ensure compliance with the relevant regulations and legislation on terrorist financing.
• FIs should provide adequate guidance and training to its staff to ensure they understand its legal obligations and responsibilities. 
• FIs should establish policies and procedures for combating terrorist financing.
• FI should be able to identify and report transactions with terrorist suspects and designated parties.
• FI should conduct comprehensive ongoing screening of its complete customer base to prevent terrorist financing and sanction violations,

• It is an offence to fail to disclose knowledge or suspicion of terrorist property.
• Failure to report such knowledge or suspicion carries a maximum penalty of three months imprisonment and a fine of $50,000.
• An FI should appoint a Money Laundering Reporting Officer (MLRO) as a central reference point for reporting suspicious transactions.
• In the event of suspicion of ML/TF, a disclosure should be made even where no transaction has been conducted by or through the FI
• Disclosures should be made as soon as it is reasonably practical
• FIs should put in place internal controls and systems to prevent any directors, officers and employees committing the offence of tipping off the person who is the subject of the disclosure.

• FIs should maintain customer, transaction and other records that are necessary and sufficient to meet the recordkeeping requirements that are appropriate to the scale, nature and complexity of their businesses.
• FIs should keep:

1. Original or a copy of the documents and a record of the data and information obtained in the course of identifying and verifying the identity of the customer/beneficial owner/beneficiary/persons who purport to act on behalf of the customer/other connected parties to the customer
2. Any additional information that may be obtained for the purposes of EDD or ongoing monitoring
3. Original or a copy of the documents, and a record of the data and information, on the purpose and intended nature of the business relationship
4. Original or a copy of the records and documents relating to the customer’s account
5. Business correspondence with the customer and any beneficial owner of the customer

• All documents and records mentioned above should be kept throughout the business relationship with the customer and for a period of six years after the end of the business relationship.
• FIs should maintain the original or a copy of the documents, and a record of the data and information, obtained in connection with the transaction. All such documents and records should be kept for a period of six years after the completion of a transaction, regardless of whether the business relationship ends during the period.

• Staff training is an important to prevent and detect ML/TF activities
• Staff should be trained in what they need to do to carry out their particular roles in the FI with respect to AML/CFT.
• FIs should implement a clear and well articulated policy for ensuring that relevant staff receive adequate AML/CFT training
• The timing and content of training packages should be customized by individual FIs for their own needs.

• This primarily applies to authorized institutions and money service operators.
• Ordering institutions should ensure that all wire transfers of amount equal to or exceeding HK$8,000 are accompanied by complete and verified originator information.
• Ordering institution can include the correspondence address of the originator in the wire transfer message
• Ordering institutions should establish clear policies on the processing of cross-border and domestic wire transfers

• Correspondent banking refers to the provision of banking services by an AI to another institution (the respondent) to enable the latter to provide services and products to its own customers.
• Correspondent banking activity can include establishing accounts, exchanging methods of authentication of instructions, etc.
• The scope of a relationship and extent of products and services supplied depends on the needs of the respondent bank, and the AI’s ability and willingness to supply them.
• AI should also consider credit, operational and reputational risks.
• Before establishing a correspondent banking relationship with a proposed respondent bank, the AI should:

1. Collect sufficient information about the proposed respondent bank to understand fully nature of its business.
2. Determine from publicly available information the reputation of the proposed respondent bank and the quality of its supervision by authorities in that place that perform functions similar to the HKMA
3. Assess the AML/CFT controls of the proposed respondent bank.

• AIs must document their responsibilities and the responsibilities of the proposed respondent bank relating to AML/CFT.

• Private banking relationships represent an increased risk of money laundering.
• AIs should ensure that they understand and manage the risks and make special provisions for private banking customers in their customer acceptance and due diligence procedures and monitoring programs.
• AIs should not accept private banking customers without a referral.
• To facilitate customers’ referral from overseas offices AIs should consider maintaining global CDD policies
• AIs should obtain comprehensive customer profile information for each of their private banking customers.
• The AI should be satisfied that a customer’s use of complex business structures and/or the use of trust and private investment vehicles has a genuine and legitimate purpose.

Additional Resources

Read the Hong Kong Guideline on Anti-Money Laundering in full.