Securities & Futures Commission of Hong Kong

Anti-Money Laundering and Counter-Financing of Terrorism

Group-wide anti-money laundering and counter-financing of terrorism (“AML/CFT”) systems

Q1:

Overseas subsidiaries
For the purpose of section 22(1)(b) of Schedule 2 to the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (“AMLO”) and paragraph 2.18 of the Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (For Licensed Corporations) (“AML/CFT Guideline”), is a licensed corporation’s
subsidiary that carries on banking or insurance business outside Hong Kong regarded as “carrying on the same business as a financial institution (“FI”) in a place outside Hong Kong”?

A:

It should be noted that section 22(1)(b) of Schedule 2 states “the same business as an FI”, and the term “FI” refers to an FI as defined in the AMLO, including authorized institution, licensed corporation, authorized insurer, etc. Therefore, so long as the overseas subsidiary carries on the business as any type of FI as defined in the AMLO (not necessarily the same type of FI as the parent company), then this provision will apply.

Key Reference(s): AML/CFT Guideline para. 2.18

Identification and verification of customer’s identity – natural persons

Q2:

Non-Hong Kong residents
What documents would be regarded as “reliable and independent” for verifying the identity information of a natural person customer who is not a Hong Kong resident?

A:

The following are examples of documents that would be considered reliable and independent for non-Hong Kong residents:
(a)  a valid travel document;
(b)  a valid national (ie, government or state-issued) identity card bearing the photograph of the individual; or
(c)  a valid national driving licence incorporating all the required identification information and photographic evidence of the identity of the applicant (issued by a competent national or state authority).

Key Reference(s): AML/CFT Guideline para. 4.2.3

Q3:

Acceptable travel documents
What are acceptable “travel documents” for the purpose of paragraph 4.2.3?

A:

The following documents are examples of travel documents for the purpose of identity verification:
(a)  Passport;
(b)  Mainland Travel Permit for Taiwan Residents;
(c)  Seaman’s Identity Document (issued under and in accordance with the International Labour Organisation Convention/Seafarers Identity Document Convention 1958);
(d)  Taiwan Travel Permit for Mainland Residents;
(e)  Permit for residents of Macau issued by Director of Immigration;
(f)   Exit-entry Permit for Travelling to and from Hong Kong and Macau for Official Purposes; or
(g)  Exit-entry Permit for Travelling to and from Hong Kong and Macau.

Key Reference(s): AML/CFT Guideline para. 4.2.3

Q4:

Retention of a copy of travel documents
What part of the “travel documents” should be kept on file?

A:

An FI should retain a copy of the “biodata” page of the travel documents containing the bearer’s photograph and biographical details for the purpose of the record-keeping requirements in the AMLO and the AML/CFT Guideline.

Key Reference(s): AML/CFT Guideline para. 4.2.3

Identification and verification of customer’s identity – legal persons, trusts or other similar legal arrangements

Q5:

Principal place of business
What is the “principal place of business” of a legal person?

A:

The “principal place of business” means the location where a legal person primarily operates or the place of its main activities. It can be the same as, or differ from, the address of registered office.

Legal persons, depending on their business nature, may operate in various locations or premises of different natures. If the address of the principal place of business of a legal person is not in line with an FI’s understanding of the legal person’s business nature or customer profile, the FI should seek to understand the rationale for why that address is provided to the FI.

Key Reference(s): AML/CFT Guideline para. 4.2.5

Q6:

Address of registered office
Does an FI need to separately ask the customer to provide “address of registered office” information, if such information is included in a document provided by a reliable and independent source that is obtained by (or otherwise available to) the FI?

A:

Paragraph 4.2.5(c) requires FIs to obtain the address of registered office of a legal person. When the address of registered office of a legal person is included in a document provided by a reliable and independent source (eg, certificate of incumbency) that is obtained by (or otherwise available to) the FI for verification of the legal person's identity, an FI may accept the document as an evidence of the address of registered office unless the FI was made aware that such address was out of date.

Key Reference(s): AML/CFT Guideline para. 4.2.5

Q7:

Presence of directors or beneficial owners for the purpose of account opening
Is there any requirement for directors and beneficial owners of a legal person to establish business relationship with an FI and be physically present at account opening?

A:

In general, a corporate account is opened in the name of a legal person by a natural person who is authorised to act on behalf of that legal person to establish business relationship with an FI. The AML/CFT Guideline does not mandate whether the natural person should be a director or beneficial owner of a customer so long as the natural person has been properly authorised to act on behalf of the customer to establish business relationship with the FI. The basic requirement in this regard is for an FI to identify and verify the identity of that natural person as well as obtaining the written authority to verify that the natural person has the authorisation of the legal person to establish a business relationship with the FI.

If, in such a case, the business relationship is established through a face-to-face channel, at least one natural person who is authorised to establish the business relationship should be physically present at the time of account opening.

For the avoidance of doubt, if, in such a case, the business relationship is established through a non-face-to-face channel (ie, the natural person acting on behalf of the legal person customer to establish the business relationship is not physically present for identification purpose), the FI should mitigate any increased risk according to paragraph 4.10.6 of the AML/CFT Guideline, such as applying additional due diligence measures set out in paragraph 4.10.2.

Key Reference(s): AML/CFT Guideline para. 4.10.2 and 4.10.6

Reliability of documents, data or information

Q8:

Electronic documents
What measures is an FI expected to take to ensure the reliability of identification documents which are in electronic form?

A:

The AML/CFT Guideline recognises that some commonly used original identification documents can be in electronic form. An FI should take appropriate measures to ensure the reliability of the electronic documents. The appropriateness of the measures to be taken will depend on the type of identification document in question.

For example, an original certificate of incorporation issued by the Hong Kong Companies Registry is available in electronic form. When accepting a print copy of an electronic certificate of incorporation, an FI can corroborate with other identification document or information (eg, record of companies registry) to ensure the reliability of the print copy. 

For the avoidance of doubt, corroboration would not be required for instances where the FI itself has downloaded a particular document (as opposed to having received a print copy of it) from a reliable source (eg, the Hong Kong Companies Registry’s website).

Key Reference(s): AML/CFT Guideline para. 4.5.4

Q9:

Document in foreign language
Does the translation need to be performed by a professional third party (eg, solicitor)?

A:

Paragraph 4.5.5 requires FIs to take appropriate steps to be reasonably satisfied that the documents in foreign language in fact provide evidence of the customer’s identity. The examples of appropriate steps provided in footnote 28 to paragraph 4.5.5, which include obtaining a translation from a suitably qualified person, are illustrative but not exhaustive. There is no requirement that the translation has to be performed by a professional third party (eg, solicitor) or someone who is qualified; an FI may obtain a translation from a reliable source, which may include technology solutions and commonly used translation tools.

Key Reference(s): AML/CFT Guideline para. 4.5.5 and FN28

Q10:

Expired documents
If a previously obtained identity document such as passport of a customer is expired, does the FI need to re-verify any aspect of customer identification by obtaining a current identity document?

A:

The FI does not need to re-verify any aspect of customer identification just because of the expiry of a previously obtained identity document. According to footnote 48 to paragraph 5.2 of the AML/CFT Guideline, once the identity of a customer has been satisfactorily verified, there is no obligation to re-verify identity unless in specified circumstances; however, the FI should take steps from time to time (ie, during a periodic or trigger event customer due diligence (“CDD”) review) to ensure that the customer information that has been obtained is up-to-date and relevant.

Key Reference(s): AML/CFT Guideline para. 5.2 and FN48

Enhanced measures for high risk customers and jurisdictions

Q11:

Source of wealth
Does an FI need to establish source of wealth for every customer?

A:

No. Under a risk-based approach, FIs are required to establish the customer’s source of wealth in high risk situations. Examples of these high risk situations include (a) a customer or whose beneficial owner is a foreign politically exposed person (“PEP”); (b) a high risk business relationship with a customer or whose beneficial owner is a domestic PEP or an international organisation PEP; and, where appropriate, (c) other situations that by its nature presents a high money laundering and terrorist financing risk. Therefore, FIs are not expected to establish source of wealth for each and every customer.

For customers who are non-high risk, some of the information that is obtained by (or otherwise available to) an FI to understand the purpose and intended nature of the business relationship (eg, occupation of individual customers, business nature of corporate customers, etc) should often be sufficient for the FI to have a basic understanding of the customer’s profile and accordingly be able to monitor that the account balance, and value and volume of transactions, is in line with the expected wealth and profile of the customer.

For high risk customers, there is no expectation to apply the same source of wealth procedures to all these customers in the same manner, or collect evidence dating back decades when the risk does not justify doing so, as it is often impractical.

Key Reference(s): AML/CFT Guideline para. 4.9.2, 4.11.12 and 4.11.22

Q12:

Jurisdictions subject to a call by the Financial Action Task Force (“FATF”)
Which jurisdictions are subject to a call by the FATF?

A:

Only jurisdictions listed in the FATF statement: “The FATF Public Statement” should be regarded as “jurisdictions for which this is called for by the FATF” under paragraph 4.14.1 of the AML/CFT Guideline.  Additional measures that are proportionate to the risks should be conducted on business relationships and transactions with customers from these jurisdictions.

For the avoidance of doubt, conducting additional measure is not mandatory for customers connected to jurisdictions listed in the FATF statement: “Improving Global AML/CFT Compliance: On-going Process”. However, the fact that a customer is connected to such a jurisdiction should be taken into account in determining the overall risk profile of the customer.

Key Reference(s): AML/CFT Guideline para. 4.14

Ongoing monitoring

Q13:

Using intermediaries for ongoing monitoring
If an FI relies on an intermediary to carry out CDD measures when onboarding a customer, can the FI further rely on the intermediary to conduct ongoing monitoring?

A:

No. Section 18 of Schedule 2 only allows an FI to carry out any CDD measures set out in section 2 of Schedule 2 by means of an intermediary but does not allow an FI to rely on an intermediary to continuously monitor relevant business relationships as required by section 5 of Schedule 2. Therefore, an FI cannot rely on an intermediary to continuously monitor its business relationships with a customer (ie, ongoing CDD and transaction monitoring).

However, an FI may use an intermediary to collect further documents, data and information, and provide or coordinate relevant updates, to assist the FI in ensuring that the CDD records maintained by the FI remain up-to-date and relevant.

Key Reference(s): AMLO s.2, 5 and 18 of Sch. 2 and AML/CFT Guideline FN41

Q14:

Independent validation of transaction monitoring systems
Who can independently validate an FI’s transaction monitoring systems and processes?

A:

Such validation can be performed by an external party or an internal audit function of the FI. Subject to appropriate segregation of duties, the internal audit function should have sufficient expertise and resources to enable it to carry out an independent review of the FI’s AML/CFT systems (see paragraph 2.15 of the AML/CFT Guideline).

Key Reference(s): AML/CFT Guideline para. 2.15 and 5.8

Others

Q15:

Certification
If an FI decides to use certification as a supplementary measure to fulfil the requirement of section 9 of Schedule 2, what documents should be certified?

A:

In general, the identification document used for the purpose of identity verification (eg, official document such as an identity card, passport, certificate of incorporation, or certificate of incumbency etc) should be subject to certification.

There is no expectation to require certification for all other CDD information or documents provided by the customer; or to require certification if an FI is able to check the documents against public sources.

As a general principle, customers should always be provided with the opportunity, if they wish to do so, to present their original documents to the staff of the FI.

Key Reference(s): AML/CFT Guideline para. 4.10.4, and para. 7 of Appendix A

Q16:

Sanctions screening of parties involved in payments
In a cross-border wire transfer, who must be screened as a “relevant party”?

A:

An FI should, at a minimum, screen the following relevant parties in a cross-border wire transfer:
(a)  originator;
(b)  recipient;
(c)  ordering institution;
(d)  intermediary institution;
(e)  beneficiary institution; and
(f)   named parties (eg, individuals, companies, banks etc) in the payment message.

Key Reference(s): AML/CFT Guideline para. 6.16(c)

Q17:

Record-keeping of unsuccessful applicants
For cases of unsuccessful application for business, is an FI required to retain the identification records and documents in relation to the unsuccessful applicants?

A:

Under the AMLO, there is no requirement for an FI to maintain records and documents involving unsuccessful applicants. This, however, does not preclude the FI from retaining the relevant records and documents in order to meet its other statutory obligations.

Key Reference(s): AML/CFT Guideline ch. 8

4.2873 s