AML/CFT Regulations of Hong Kong: Paper Over Cracks?

On September 15, 2021, Hong Kong’s Securities and Futures Commission issued consultation conclusion on the proposed amendments on anti-money Laundering and counter-financing of terrorism guidelines. The amendment will align the AML/CFT policy of Hong Kong with the recommendations of the Financial Action Task Force.  This legislation came into effect on 30 September 2021, but the new guidelines for international correspondent payment will come into effect after a six-month transition period i.e. 30, March 2022.

Here we will cover an overview of updated anti-money laundering regulations of Hong Kong and how businesses can comply with them.

Institutional Risk Assessment

All financial institutions are obliged to adhere to anti-money regulations established by the Hong Kong Monetary Authority, which is responsible for overseeing the implementation of AML policies.

Financial institutions have to devise sufficient and appropriate anti-money laundering laws, procedures and policies. They are required to take into account the following:

• Products or service they offer
• Type of customers
• Geographical region
• Other factors advised in AML/CFT guidelines

At least once in every two years, financial service providers have to perform institutional risk assessment.in case of any trigger or red flag that can become a risk to the business, they are required to perform the risk management process more than once. International financial businesses that have branches in various states or countries have to conduct a group-wide AML risk assessment to  help design an overall AML system.

Due Diligence for International Correspondent Relationships

Although the new legislation receives a wide endorsement, it also received  a number of comments and critical analysis on international correspondent relationship requirements. Replying to that, SFC provided clarity and loosened the strictness of the international correspondent banking, by rendering a smooth approach for international transactions with associated businesses. 

In accordance with this approach, financial institutions have been advised to have been advised to perform enhanced due diligence on customers and associated businesses by measuring their risk level aligning with the FATF standards.  As these requirements are relatively new, SFC has given a. six-month grace period to implement policies and procedures for new and existing corporate relationships. 

Risk Indicators for Institutional and Customer Risk Assessment

While conducting risk assessment at institutional or customer level, financial institutions are required to exercise comprehensive assessment procedures for the risk associated with customers and their corporate relationships. When specifying the overall risks that businesses are exposed to, financial institutions universally consider a wide range of factors that can influence the process. These include geographical risks, individual risks, transaction risks, and delivery channel risks. They refer to the methods of identifying money laundering threats, potential risks and vulnerabilities of mitigating the illicit flow of transactions

Standard and Enhanced Procedures of Risk-based Approach

The SFC’s scope of customer due diligence procedures for identity verification of low-risk customers is very limited. SFC advised financial institutions to reduce the cycle of reviewing the previous CDD records and ongoing monitoring of transactions below the specified threshold of low-risk customers. But for high-risk customers, Politically Exposed Persons (PEPs) and suspicious transactions, financial institutions have to implement the enhanced due diligence process.

Risk-based approach involves continuous ongoing monitoring of high-risk customers to mitigate risks. First, the risks are identified, then a risk assessment approach is built and the certain steps to address these risks are implemented.

Red Flags for Suspicious Transactions 

Financial institutions have to ask customers congruent questions, evaluate answers given by them and verify their records as part of the suspicious activity identification process. In case of any possible suspicious transaction, financial institutions are required to acknowledge it and perform further verification and screening processes. In the revised AML/CFT requirements, the SFC has eased suspicious transactions identification process by providing them with a list of causal explanatory indicators. 

Normally, customers or transactions originating from high-risk countries are referred to as red flags and in most cases, they are verified by enhanced due diligence where customer identity as well as business relations are analysed. Through anti-money laundering screening, they are also screened against global PEPs, watchlist and sanction lists.

Third-party Payments and Relations

Under this legislation, financial institutions are required to take all the necessary steps to combat money laundering and terrorist financing risks linked with third-party transactions. Moreover, they have to accept payments only from customers when they are in line with the AML/CFT requirements. Before processing third-party payments or accepting deposits, financial institutions have to ensure adequate verification, screening and due diligence procedures to mitigate the potential risks of financial crimes. 

Financial Institutions have to meet all the legal obligations (financial and non-financial) of regulatory authorities of Hong Kong. The law also addressed the businesses’ concerns about practically implementing AML/CFT policies and due diligence before processing any third-party payment. They are allowed to skip the due diligence processes only in special conditions, such as, when standard risk management procedures are applied and there is a minimal money laundering risk.

Person Purporting to Act on Behalf of Customer 

Businesses have to assess the AML/CFT risks associated with the person’s business relations and activities, it is confirmed whether the person is legally allowed to conduct the transaction or not. They have to make clear policies for identifying PPTA and list down all the requirements. 

What Shufti Offers

Shufti offers identity verification and anti-money laundering solutions that comply with global financial and data privacy regulations, including Hong Kong’s. It verifies the customers’ identity by analysing the ID documents and performs real-time facial recognition on photo ID and live clicked selfie. Shufti performs identity verification with 98.67% accuracy and takes only 30 seconds to complete the process.

Want to know how can your business comply with the AML/CFT regulations?