Advisory circular to intermediaries
Client identity verification in account opening process

24 Oct 2016



This circular was superseded by the circular dated 28 June 2019, please refer to here for acceptable account opening approaches.

Further to the circular concerning know your client and account opening procedures issued by the Securities and Futures Commission (“SFC”) on 12 May 2015[1], the SFC is issuing this advisory circular to provide more guidance to the industry for compliance with the regulatory requirements on account opening.

Importance of client identity verification in the account opening process

Client identity verification is an essential element of an effective customer due diligence process which intermediaries need to put in place to guard against reputational, operational, legal and financial risks. Effective client identity verification procedures are also necessary to protect investors and maintain the integrity of the markets by preventing securities fraud, market abuse and illegal use of the securities industry. Since intermediaries could be used as channels to launder criminal proceeds and to finance terrorism, the SFC requires intermediaries to implement effective anti-money laundering measures including proper customer due diligence to prevent and detect these criminal activities[2].

The requirements on account opening are set out in paragraph 5.1 of the Code of Conduct[3] which requires intermediaries to take all reasonable steps to establish the true and full identity of each of its clients. In a face-to-face situation, the signing of the account opening documents (e.g. client agreement) and the sighting of the identity documents can be performed in the presence of an employee of the intermediary.

In a non-face-to-face situation where a client is not physically present, intermediaries will generally not be able to determine the identity documents provided to them belong to the client. Paragraph 5.1 of the Code of Conduct provides specific guidelines to intermediaries on acceptable approaches in performing the client identity verification which could apply to the situation where onboarding of clients is conducted online (A summary is provided in the Appendix).  

Initial client onboarding versus ongoing client authentication

In the past few months, the SFC has considered proposals from the industry to apply the latest financial technology to account opening in a non-face-to-face situation, including the use of facial recognition of the client to match the photo in his or her identity card and the use of service providers to connect to overseas national citizen identity database for checking of client’s identity, the use of overseas certification authorities and other approaches, for cross-border client identity verification.

In our study which covers practices in overseas jurisdictions, we found regulators worldwide have generally adopted a cautious approach in allowing remote or cross-border account opening. Where there is an increased use of biometrics (fingerprint, face and sound recognition) in client authentication, the technology is often being applied to authorise transactions conducted by clients. In such cases, the intermediary is able to collect biometric information from clients into a database it maintains, against which the client identity could be authenticated with the biometric information provided in each transaction.

But this should not be confused with verifying the identity of a client in the initial onboarding process. To verify the identity of the client, his or her identity information should be checked against a reliable and authoritative source of documents or database, such as the national citizen identity database maintained by the government. In many jurisdictions, access to such database is not allowed because of privacy issues, and where it is allowed, the reliability and competency of the service providers connecting to the database needs to be assessed.

Based on our study and feedback from the industry, the SFC considers the requirements set out in the Code of Conduct are adequate and on par with international standards. However, we would like to provide more guidance on how the three approaches set out in paragraph 5.1 are applied in a non-face-to-face situation in today’s environment.

 (1)  Certification services provided by certification authorities

The SFC considers the use of overseas certification authorities a practical means to facilitate cross-border account opening. The Code of Conduct currently allows certification services that are recognized by the Electronic Transactions Ordinance (ETO)[4] to be employed for client identity verification. There are certification authorities outside Hong Kong whose electronic signature certificates (“recognised signing certificates”) have obtained mutual recognition status[5] accepted by the HKSAR government and the electronic signatures generated by these recognised signing certificates shall have the same legal status as that of handwritten signatures within the applicable scope of the ETO in Hong Kong.  The SFC considers that the use of the certification services provided by such certification authorities outside Hong Kong could be accepted for client identity verification. 

Intermediaries onboarding clients online can also allow clients to use the recognised signing certificates to create electronic signatures in executing client agreements.  

(2)  Client identity verification through professional persons or affiliates

Intermediaries can rely on their affiliates which are regulated financial institutions, certified professional accountants or notary public to witness the signing of the client agreement and the sighting of the identity document. Intermediaries have been reminded in the SFC’s circular of 12 May 2015 that they are strongly discouraged from appointing any affiliate which is not a regulated financial institution to conduct the client identity verification process for account opening because such affiliate may not possess the necessary knowledge and experience to properly carry out the process.

Given the importance of client identity verification as explained above, the SFC expects that in future any affiliate performing client identity verification for account opening purpose should be a regulated financial institution. The SFC is minded to closely review and follow up on any potential non-compliance in this area and take appropriate regulatory actions. 

Intermediaries when onboarding clients overseas should also be mindful of the requirements imposed by the domestic regulatory authorities in this regard.  

(3)  Client identity verification by provision of client agreements, identity documents and drawing on a Hong Kong bank account

Intermediaries can continue to verify the client’s identity by obtaining a signed physical copy of the client agreement together with a copy of the client’s identity document for verification of the client’s signature and identity against a cheque drawn from the client’s Hong Kong bank account as set out in the procedural steps under paragraph 5.1 of the Code of Conduct (please refer to the Appendix). 

The SFC hopes that the above explanatory information could assist intermediaries to comply with the Code of Conduct’s requirements on account opening. The SFC will keep in view technology development and continue to communicate with the industry on any suggestions regarding the use of technology for reliable and effective client identity verification for account opening purpose. Should intermediaries have any questions regarding the contents of this circular, please contact Ms Denise Chan at 2231 1188.

Intermediaries Supervision Department
Intermediaries Division
Securities and Futures Commission

End

SFO/IS/034/2016

Appendix - Requirements on client identity verification for account opening

Paragraph 5.1 of the Code of Conduct requires a licensed or registered person to take all reasonable steps to establish the true and full identity of each of its clients, and of each client’s financial situation, investment experience, and investment objectives. It allows both face-to-face and non-face-to-face approaches for account opening. Where a non-face-to-face approach is adopted, it should be one that satisfactorily ensures the identity of the client.

Face-to-face approach
This refers to the execution of account opening documents in the presence of an employee of the licensed or registered person.  

Non-face-to-face approach
Where the account opening documents are not executed in the presence of an employee of the licensed or registered person, the Code of Conduct stipulates that the identity of the client may be verified by any of the following means:

  1. The signing of the client agreement and sighting of related identity documents are certified by any other licensed or registered person, an affiliate of a licensed or registered person, a JP (Justice of the Peace), or a professional person such as a branch manager of a bank, certified public accountant, lawyer or notary public.

  2. Certification services that are recognized by the ETO, such as the certification services available from the Hongkong Post, may be employed for client identification purpose. As clarified above, the use of the certification services provided by certification authorities outside Hong Kong whose electronic signature certificates have obtained mutual recognition status in Hong Kong could also be accepted for client identity verification purpose.

  3. Alternatively, the identity of the client may be properly verified if the licensed or registered person complies with the following procedural steps:



[1] Circular concerning Know Your Client and Account Opening Procedures dated 12 May 2015 http://www.sfc.hk/edistributionWeb/gateway/EN/circular/doc?refNo=15EC28
[2]
Please refer to the news release of SFC titled “SFC notifies the industry of anti-money laundering concerns” and dated 21 September 2016 on http://www.sfc.hk/edistributionWeb/gateway/EN/news-and-announcements/news/doc?refNo=16PR95
[3]
Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission (“Code of Conduct”)
[4]
Electronic Transactions Ordinance (Cap.553) (“ETO”)
[5]
Please refer to the website of Office of the Government Chief Information Officer http://www.ogcio.gov.hk/en/business/mainland/cepa/mr_ecert/index.htm
[6]
Please refer to paragraph 6.2 of the Code of Conduct for the minimum content of a client agreement.
[7]
The minimum cheque amount required is subject to periodic review and will be revised when appropriate.


Click here to download the document


Page last updated : 5 Jul 2019