Late last week, the Hong Kong Insurance Authority (IA) published a circular setting out its key findings from anti-money laundering and counter-financing of terrorism (AML/CFT) onsite inspections of authorised insurers carrying on long term business.
The IA conducted visits of more than 20 insurers to review their AML/CFT policies, procedures and controls and their compliance with the relevant legislative and regulatory requirements.
This is consistent with the focus by financial services regulators on AML/CFT, particularly in the last one to two years, as we approach the AML/CFT review of Hong Kong by the Financial Action Task Force (FATF). An onsite evaluation by the FATF is scheduled to take place in October/November this year.
The IA has also since mid-June 2017 conducted onsite inspections of insurance brokers, and published a circular on 27 April 2018 to provide its key findings and good practices observed from the inspections, including findings and good practices relating to AML/CFT compliance by insurance brokers engaged in long term insurance business.


In its recent onsite inspections of authorised insurers carrying on long term business, the IA identified the following key areas in which improvement is required:

  • Senior management oversight – adequate resources for regular compliance reviews, timely rectification of AML/CFT issues, accurate and complete policies and procedures, and enhanced due diligence measures for high risk customers.
  • Compliance function – regular and accurate reporting by the compliance function to senior management.
  • Customer risk assessment – appropriate and effective risk assessment processes, including consideration of all relevant risk factors and ongoing monitoring.
  • Customer due diligence process – obtaining customer due diligence information and documents on a timely basis and upon any changes to policy ownership, obtaining evidence on financial status, and keeping of clear records.
  • Screening of politically exposed persons, terrorists and sanction designations – screening of policyholders and any beneficial owners at the time business relationships are established and on an ongoing basis.
  • Ongoing monitoring – effective ongoing monitoring of customer transactions and activities, capture of information on nationalities, countries of residence and places of incorporation, annual review of high risk customers, and defining trigger events for review and undertaking those reviews.
  • Suspicious transactions reporting – keeping of complete records of reports filed as well as the rationale for not filing, filing reports on a timely basis, and reminding staff of the statutory obligation not to tip off the reporting.
  • Staff/insurance agent training – ensuring that staff members and agents have received adequate training and that the training materials are comprehensive and complete.

Further details in relation to the above areas are set out in the annex to the circular of 31 May 2018. Where issues have been identified, the insurers in question have been requested to take remedial action and will be subject to further follow-up reviews by the IA.


In its onsite inspections of insurance brokers, the IA reviewed the insurance brokers’ compliance with various requirements, including those relating to AML/CFT (as they apply to brokers engaging in long term insurance business).

The IA set out its key findings in relation to AML/CFT compliance in the following areas, including the good practices observed:

  • Policies and procedures;
  • Risk assessment;
  • Record keeping;
  • Screening of politically exposed persons, terrorists and sanction designations;
  • Suspicious transactions monitoring and reporting; and
  • AML/CFT training.

The above key findings cover similar areas as the key findings in relation to the inspection of authorised insurers. Further details of the key findings are set out in section B of the annex to the circular of 27 April 2018.

The insurance brokers in respect of which issues were identified have been requested to take remedial action. Matters involving potential non-compliance will be subject to further follow-up by the IA.


In both circulars, the IA stressed that senior management is responsible for the oversight of the AML/CFT function, including ensuring that adequate internal controls and procedures are properly established and maintained at all times.

Under section 2.11 of the GL3: Guideline on Anti-Money Laundering and Counter-Terrorist Financing, senior management is required to:

  • be satisfied that AML/CFT systems are capable of addressing the money laundering and terrorist financing risks identified;
  • appoint a director or senior manager as a Compliance Officer who has overall responsibility for the establishment and maintenance of AML/CFT systems; and
  • appoint a senior member of staff as the Money Laundering Reporting Officer who is the central reference point for suspicious transaction reporting.


The IA has indicated that it will continue its focus on AML/CFT compliance and assess compliance through further inspections and the use of other supervisory tools. It will also continue to provide guidance to the industry, such as through seminars/briefings and circulars.

As mentioned above, AML/CFT compliance will continue to be high on the priority of the IA as well as other financial services regulators in Hong Kong, especially in the lead up to the FATF’s review. Senior management of authorised insurers and authorised insurance brokers engaged in long term business should review the following and assess whether any enhancements are required to their AML/CFT systems and controls:

The IA’s circulars referred to above.

The report issued by the Hong Kong government in April 2018 detailing the money laundering and terrorist financing risk assessment of Hong Kong. The report examines the threats and vulnerabilities facing Hong Kong as a whole as well as to specific sectors, including the insurance sector. The key aspects of the report as they relate to the insurance and other financial services sectors are highlighted in our bulletin of 11 May 2018. The IA issued a circular on 2 May 2018 to authorised insurers carrying on long term business regarding the report and its expectations on institutional risk assessment.

For more see Conventus Law.