Insight,

HKMA releases amended AML/CFT Guideline as revised law comes into force – PEPs, VASPs, trusts and more!

25 May 2023

Our People
HK | EN
Current site :    HK   |   EN
Australia
EN |
China
JP | ZH | EN |
China Hong Kong SAR
ZH | EN |
Japan
JP | ZH | EN |
Singapore
ZH | EN |
United States
EN |
Global
ZH | EN |

On 1 June 2023 the revised Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO) will come into force. Just days ahead, the Hong Kong Monetary Authority (HKMA) has released its regulatory guidance, the Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (For Authorized Institutions) (AML/CFT Guideline). 

Significant changes have been made to the AMLO and Hong Kong banks will no doubt be poring over the content of the revised AML/CFT Guideline to understand what they must now be doing to comply with legal and regulatory obligations.

Having worked closely with the industry for many years on the drafting and evolution of the AML/CFT Guideline, we are delighted to explain the key amendments and what they mean, as set out below.

In summary, the most important changes relate to:

We summarise the key points from this significant update as follows.

1.   Regulating VASPs

We have written extensively on Hong Kong’s new VASP regulatory regime and what it means for VASPs themselves.[1]   

In summary, a VASP providing automated exchange services now requires a licence under the AMLO and must comply with the same (and in many cases higher) customer due diligence (“CDD”), information-sharing, transaction screening and record keeping requirements as other financial institutions in Hong Kong. 

For banks, however, the questions are different:

Should we provide services to VASPs, or is it just too risky?

Ultimately this is a question of proper diligence and overall business appetite.  

We understand that concerns include the fact that certain “crypto-friendly” banks in the United States have collapsed, a crypto-mixing tool has been sanctioned, crypto deposit providers have collapsed, various scams abound and a major exchange has been accused of fraud over client assets.  

On the other side of the virtual coin are some very persuasive arguments that banking the VASP sector can and should be done - particularly in relation to those VASPs that become licensed by the Securities and Futures Commission (SFC) under the newly implemented regime. The reason for this is that the regime is onerous. And we mean, onerous! To become licensed a VASP is required to fulfil a plethora of requirements, as summarised below:

SFC-regulated VASPs will also rely on bank accounts under this new regime as they are mandatory for various purposes.

Support from the HKMA

The HKMA has released a statement making clear that banking services should be provided on a risk-based approach. Some of the key points in the statement include:

  • encouraging banks to “endeavour to support” licensed VASPs;
  • requiring banks to adopt a risk-based approach in AML/CFT efforts, to “deliver effective outcomes consistent with the principles of treating customers fairly and financial inclusion”;
  • requiring banks to put in place processes which “adequately support account applications from specialised industries, such as establishing dedicated teams with appropriate training and knowledge”;
  • encouraging banks to take a “forward-looking approach”; and
  • requiring banks to avoid “a wholesale de-risking approach”.

The HKMA also hosted a roundtable with the banks, VASPs and key industry players in May 2023. Coupled with the statement, this sends a positive market signal of an intent to foster a sensible approach to banking the virtual asset sector. 

In this regard, Hong Kong is taking a very different approach to a number of other markets where a highly frosty banking environment is making fiat on-ramps and off-ramps very difficult. To its credit, Hong Kong is also therefore much better aligning with the expectations of the global AML/CFT standard-setter, the Financial Action Task Force (FATF), which has warned many times that excluding industries and “de-risking” in fact exacerbates global systemic AML/CFT risk rather than bringing it down, by encouraging the proliferation of shadow markets.

How do we conduct CDD on VASPs?

To start, never forget the basics: conduct CDD as required on any corporate.   

For VASPs this includes a few key touchstones:

  • Licensing status. As a starting point, the VASP’s licensing status is key, because that determines which AML/CFT and consumer standards apply and whether any regulator is watching. Not all VASPs need to be licensed under the new AMLO regime, and some may be under transitional protection but still required to meet the relevant standards.   
  • AML/CFT controls that apply. Consideration should also be given to the strength of the VASP’s own AML/CFT controls. In particular, VASPs’ transaction monitoring may be of surprise. VASPs are able to conduct on-chain analytics and trace, cluster and analyse, across different blockchains and protocols, thousands of transactions and monitor virtual assets on a forward-looking basis, monitoring both source and destination. This is simply impossible with cash. The “travel rule”, which requires information to move with transactions (akin to wire transfers) is also a material risk control. The SFC imposes significant requirements on VASPs in this regard.
  • External attestation. On top of this, SFC-regulated VASPs must have all their systems and controls externally reviewed by an independent assessor (eg a large consulting firm) to attest that they meet the relevant standards on paper and in practice. Law firms are also required to provide legal opinions on certain virtual assets.

We encourage our banking clients to talk to VASPs about their controls and review process. You can also request demonstrations from on-chain analytics providers. We find this can often have a transformative effect on understanding the significant AML/CFT controls that are possible and may provide the comfort needed that such client will not necessarily pose an enhanced risk of money laundering or terrorist financing (ML/TF) and indeed be lower than other client sectors.

2.   What about banking the precious metals and precious stones industry?

A two-tier regulatory regime has been implemented for DPMS:

There is a transitional period for those required to register under Category B to do so, up to 1 January 2024.

A reporting obligation has also been imposed on DPMS that are considered “non-HK” DPMS, ie those outside of Hong Kong that sell precious metals and stones in Hong Kong. Such entities are required to file a cash transaction report with the Customs & Excise Department when they engage in a cash transaction at or above HK$120,000 in Hong Kong, and within one day upon completion of the transaction, and in any event before their departure from Hong Kong. Non-compliance is an offence.

For banks offering services to DPMS, the key question will be to check whether such entities are “Category A” or “Category B”. If they are Category B, whether they are registered with the Customs & Excise Department and have properly implemented, or are in the process of implementing, the requisite AML/CFT controls now imposed upon them under the AMLO with expected diligence.

3.   Important updates to PEP definitions and standards

The term Foreign PEP has been replaced by “Non-Hong Kong PEP”. The significance of this is that it means all PEPs outside of Hong Kong (including in Mainland China), are now caught by the definition. This means that enhanced due diligence must be conducted on any customer that is a PEP or is a legal entity with a beneficial owner who is a PEP. This could be a considerable exercise, particularly when bearing in mind the wide definition of a PEP that includes senior officials of state-owned entities (SOEs) (amongst others) and the number of SOEs in Mainland China.

The HKMA has recognised the challenge and responded to industry concerns during the consultation on this point. It has done so by providing time to implement the changes: banks are not expected to begin remediating all files now to identify “non-Hong Kong PEPs” and conduct enhanced due diligence on them. Instead they must do so as part of ongoing monitoring. That is, when the client undergoes trigger event review or periodic review. A Guidance Paper on this point is also being prepared. 

In addition, flexibility has been introduced for “former PEP”. Previously the mandate “once a PEP, always a PEP” applied and enhanced due diligence was required on individuals who had previously held a prominent public function (or where such persons were beneficial owners). Whether this is necessary can now be determined on a risk-based approach by banks. In considering the risks posed by a former PEP the AML/CFT Guideline advises banks to consider:

The HKMA has not drawn a distinction between former non-Hong Kong PEPs and former domestic, or international organisation, PEPs. They are all subject to the same risk-based assessments.

4.   Trusts – a new approach to beneficial owners

The definition of the “beneficial owner” of a trust now extends to the trustee and, more onerously, to all beneficiaries of a trust regardless of vested interest. That is to say, there is no longer a 25% threshold before a beneficiary is a beneficial owner. This caused alarm bells for those that onboard trusts with multiple beneficiaries or trusts with classes of beneficiaries (eg “the relatives of Mrs Chan”). 

The new version of the AML/CFT Guideline, along with the consultation response, offers some comfort:

We understand from industry that there will still be fine-tuning issues with implementing the new rules. For example, banks that provide services to investment vehicles that are domiciled in the Cayman Islands. As it the jurisdiction is currently under increased monitoring by FATF, arguably, a client set up in the Cayman Islands cannot be said to be a low-risk client given the geographical risk factor. The requirement to identify and verify the identity of each and every investor in any situation where simplified due diligence does not apply, is now clearly stated in the amendments paragraph 4.8.16. It will mean funds set up in the Cayman’s will need to have each and every investor identified and verified. 

5.   Introducing recognised digital identity systems

The amended AML/CFT Guideline provides a new way to verify a customer’s identity by introducing the concept of reliance on a “digital identification system that is a reliable and independent source that is recognised by the HKMA” to paragraph 4.3.1 of the AML/CFT Guideline.  

The key questions that arose from the industry and responses were as follows:

  • Can technology solutions currently being used continue to be used? The answer here is yes, but such solutions are not recognised digital identity systems, so they need to meet the usual remote onboarding rules. It is only when relying on iAM Smart, banks are not required to take additional due diligence measures that otherwise apply when a customer is not physically present for identification purposes.
  • Can systems recognised by other authorities in Hong Kong (eg the SFC) be relied upon? Not in the same way as iAM Smart. The HKMA has not made any amendments to recognise systems that might be accredited by other authorities. The consultation feedback does say that the HKMA has worked closed with other regulators but does not state whether other regulators might take a wider interpretation of what is a recognised system. 
  • Can systems recognised by authorities outside of Hong Kong be relied upon? Not in the same way as iAM Smart. The consultation conclusion states that use of digital identification systems developed and operated by foreign governments is “complicated and involves wider policy considerations”. Banks are encouraged to contact the HKMA directly to discuss the same.

6.   Other key amendments

Other key amendments include the following:

7.   Key actions for banks

The key actions banks need to take are as follows:

  • Update your internal AML/CFT policies and procedures to check that all updates are covered as appropriate.
  • Review your PEP and trust relationships to ensure that the new rules and guidance are factored into those relationships and that the correct CDD approach has been applied.
  • Consider designing an internal checklist for VASP clients to enable serving this sector on a sensible risk-based approach. SFC-regulated VASPs may come and see you for general operational banking services, their client money accounts (held through their TCSP regulated associated entities), compensation fund accounts or bank guarantees. 

We continue to act as one of the leading advisors on AML/CFT matters in Hong Kong. We have a unique and deep understanding of the industry pain points introduced by these changes, and unrivalled market knowledge of how the amendments are being implemented. We also have a very active VASP regulatory practice, so we can assist with building good controls for this sector.

If you require advice, policy support or training, please reach out - we are always happy to help. 

 

In this article:

  • “Hong Kong” or “Hong Kong SAR” should be construed as a reference to “Hong Kong Special Administrative Region of the People’s Republic of China”.
  • The Mainland of China is described as “Mainland China”.

 

Reference:

[1]   See our KWM snapshot on the new regime and KWM alert on the draft VATP Guidelines. Watch this space for our forthcoming alert on the final Guidelines that were issued on 23 May 2023.

Categories

MEET THE AUTHORS

LATEST THINKING
Insight
Updated ILPA Reporting Template, New ILPA Performance Template and what that means for Investors
Investors in private equity funds who are negotiating fund terms with fund managers can improve the transparency of the private equity industry and the commercial terms on which they invest by actively advocating for stringent terms and changes in market standards to protect their own interests. Pro-active efforts by investors during negotiations are essential to maintain high standards of investor protection.

11 March 2025

Insight
Hong Kong Listed Closed-ended Fund – The New Era for Capital Raising in Asia for Alternative Asset Funds
The Securities and Futures Commission of Hong Kong (“SFC”) issued a circular on 17 February 2025, clarifying the requirements for closed-ended funds seeking a listing on the Stock Exchange of Hong Kong Limited (“SEHK”). This marks the latest initiative by the Hong Kong government to broaden distribution channels for private equity funds, following the launch of the New Capital Investment Entrant Scheme (as discussed in our previous article) and the expansion of the tax concession regime for funds and single-family offices.

21 February 2025

Insight
SFC Publishes Fresh Guidance for Virtual Asset Exchange Licensing
Hong Kong has a rigorous licensing and compliance framework for virtual asset exchanges, as we summarised in our KWM 2023 Guide to VATP Licensing. The Securities and Futures Commission (SFC) has recently published fresh guidance on Hong Kong’s virtual asset trading platform (VATP) regime, in three key documents. These are as follows: Announcement: SFC’s extension of the swift licensing process to new VATP applicants (Swift Licensing Process). Circular: Circular to new VATP operators seeking to be licensed: enhanced licensing process and revamped external assessments (Updated Licensing and Assessments Circular). Circular: Circular on findings from inspections on deemed-to-be-licensed VATP applicants and expected standards of conduct for VATP operators (Expectations and Observations Circular). This article sets out a summary of these important materials. Please contact us if you have any questions about the VATP regime. We have supported several applicants and would be delighted to assist you.

14 February 2025

EXPLORE LATEST THINKING
OUR PEOPLE
LOCATIONS
MEDIA CENTRE
CAREERS
ABOUT US
Explore Our Expertise
Explore insights
Explore Our Insights

Advertising and Targeting Cookies