Securities & Futures Commission of Hong Kong

Anti-Money Laundering and Counter-Terrorist Financing

FAQ applicable to all Financial Institutions 


For a customer which is a company, do we need to identify and verify directors who purport to act on behalf of the company to operate the account?


Paragraph 4.4 of the Guideline specifies the identification and verification requirements for persons purporting to act on behalf of the customer. These requirements apply whether the persons purporting to act on behalf of the customer are directors of the company or not.

Key Reference(s): AMLO s.2(1)(d) Sch 2 and Guideline FN21


Do FIs need to verify the address of beneficial owners, directors or persons purporting to act on behalf of a customer including account signatories?


FIs should obtain the address of a beneficial owner and adopt a risk-based approach to determine the need to verify the address.

For directors and persons purporting to act on behalf of a customer, in high-risk situations, consideration may be given to obtaining and taking reasonable measures to verify the addresses of directors and persons purporting to act on behalf of the customer. 

Key Reference(s): Guideline para 4.3.6 & 4.11.1 and FN34


Can verification of identity be completed in a period of time longer than that specified in paragraph 4.7.8?


The time periods provided in paragraph 4.7.8 are what the RAs consider as reasonable timeframes for completing verification. Where verification takes longer in individual cases, FIs should be prepared to justify the rationale and/or reasons and appropriately document the processes undertaken.

Key Reference(s): Guideline para 4.7.8


Do FIs need to record the names of all directors of a customer who is eligible for SDD?


FIs should record the names of all directors and verify the identity of directors on a risk-based approach whether or not the customer is eligible for SDD.

Key Reference(s): Guideline para 4.9.9 & 4.10


Does public body cover state-owned enterprises (SOE)? Can a subsidiary of a SOE be subject to SDD?


SDD may be applied to state-owned enterprises fully owned by a government of an equivalent jurisdiction.

Where the enterprise is only partially owned by a government, SDD would apply only to the part of the enterprise owned by the government. For the part not owned by the government, FIs should identify and take reasonable measures to verify the identities of beneficial owners along that ownership chain. 

Key Reference(s): AMLO s.4 Sch 2 and Guideline para 4.10.4


Does simplified customer due diligence apply to a wholly/partially owned subsidiary of a listed company?


SDD may be applied to the customers set out in section 4 of the Schedule 2 to the AMLO which do not include wholly/partially owned subsidiaries of a listed company. 

However, the FI is not required to identify or verify the beneficial owners of the listed company in the ownership chain of the wholly/partially owned subsidiary. 

For partially owned subsidiaries, the FI should still identify and take reasonable measures to verify the identity of beneficial owners in the ownership chain that are not connected with the listed company.

Key Reference(s): AMLO s.4(2), s.4(3)(c) Sch 2 and Guideline para 4.10.4


Do the special requirements under section 10 of Schedule 2 to the AMLO apply to PEPs from Hong Kong, Macau and Taiwan?


The special requirements under section 10 of Schedule 2 to the AMLO apply to PEPs in a place outside the People’s Republic of China.

However, domestic PEPs may also present a high risk situation where EDD should be applied. FIs should apply a risk based approach to determine whether to apply EDD measures in respect of domestic PEPs. Domestic PEPs include those from Mainland China, Hong Kong, Macau and Taiwan. 

Key Reference(s): Guideline para 4.13.3


If a previously obtained identity document such as passport of a customer is expired, does the FI need to re-verify any aspect of customer identification by obtaining a current identity document?


FIs do not need to re-verify any aspect of customer identification just because of the expiry of a previously obtained identity document. According to paragraph 4.7.12 of the Guideline on Anti-Money Laundering and Counter-Terrorist Financing, once the identity of a customer has been satisfactorily verified, there is no obligation to re-verify identity unless in specified circumstances; however, FIs should take steps from time to time to ensure that the customer information that has been obtained for the purposes of complying with the requirements of sections 2 and 3 of Schedule 2 of the AMLO are up-to-date and relevant.

Key Reference(s): Guideline para 4.7.12


Do FIs need to carry out any applicable new CDD measures arising from the requirements under section 2 of Schedule 2 to the AMLO on accounts opened prior to 1 April 2012? If so, is there any required deadline for bringing all pre-existing accounts up to the AMLO requirements?


FIs are not required to perform the CDD measures prescribed in section 2 of Schedule 2 to the AMLO on pre-existing customers except in the circumstances specified in section 6(1) of Schedule 2 to the AMLO.

Key Reference(s): AMLO s6 Sch 2


The arrangement for allowing FIs to rely on specified intermediaries under section 18(3)(a) of Schedule 2 to the AMLO to carry out CDD measures will expire 3 years after the implementation of the AMLO. Should FIs cease to use those intermediaries to carry out CDD measures?


The provision of a 3-year period for reliance on specified intermediaries under section 18(3)(a) of Schedule 2 of AMLO is to allow time for the establishment of a formal AML regulatory regime for non-financial businesses and professions. FIs may continue to rely on these intermediaries within the 3-year period up to 31 March 2015. FIs should review the reliance relationship concerned afterwards taking into account the development of the AML regulatory regime for these businesses and professions.

Key Reference(s): AMLO s18 Sch 2 and Guideline para 4.17.9


For cases of unsuccessful application for business, is the FI concerned required to retain the identification records and documents in relation to the unsuccessful applicants?


Under the AMLO, there is no requirement for the FI to maintain records and documents involving unsuccessful applicants. This, however, does not preclude the FI from retaining the relevant records and documents in order to meet its other statutory obligations. 

Key Reference(s): Guideline chapter 8


With reference to section 22(1)(b) of Schedule 2, where a bank incorporated in Hong Kong has a subsidiary that carries on a securities or insurance business outside Hong Kong (or vice versa), will section 22 apply to such a subsidiary i.e. is the subsidiary regarded as “carrying on the same business as a financial institution in a place outside Hong Kong”?


It should be noted that section 22(1)(b) of Schedule 2 states "the same business as an FI" and not "the same business as the FI". Therefore, so long as the overseas subsidiary carries out the business as any type of FI (not necessarily as the same type of the business of the parent company), then this provision will apply.

Key Reference(s): Guideline para 2.19


What is JFIU’s “SAFE” Approach alluded to in paragraph 7.12 of the Guideline?


The "SAFE" Approach recommended by the Joint Financial Intelligence Unit is an effective systemic approach to identify suspicious financial activity which involves the following four steps:

Step one: Screen the account for suspicious indicators: Recognition of a suspicious activity indicator or indicators 
Step two: Ask the customer appropriate questions
Step three: Find out from the customer's records:
Review information already known when deciding if the apparently suspicious activity is to be expected
Step four: Evaluate all the above information: Is the transaction suspicious?

FIs should refer to JFIU’s website for details, which may be updated from time to time. FIs are reminded to browse the website of the JFIU for the latest information.

Key Reference(s): Guideline para 7.12

6.0076 s