The Securities and Futures Commission (“SFC”) has on 5 July 2018 commenced a one-month consultation (the “Consultation Paper”) on proposals to amend (a) the Guideline on Anti-Money Laundering and Counter- Terrorist Financing (the “AML Guideline”), and (b) the Prevention of Money Laundering and Terrorist Financing Guideline issued by the SFC for Associated Entities (collectively, the “Guidelines”). The public is invited to submit comments on or before 9 August 2018.
The SFC expects to conclude the consultation and finalise the amendments by early October 2018, and the revised Guidelines are targeted to become effective on 1 November 2018.
In summary, the Consultation Paper sets out a number of key proposals aimed at:
(a) enhancing the existing requirements in the AML Guideline; for example, expanding the types of politically exposed persons (“PEPs”) and requiring licensed corporations (“LCs”) to implement group-wide AML/CFT systems in all their overseas branches and subsidiary undertakings that carry on the same business. The SFC believes that these enhancements are necessary to bring Hong Kong in line with the standards set by the Financial Action Task Force (“FATF”), of which Hong Kong is a member1;
(b) providing flexibility to LCs, where minimum requirements are met, on complying with some customer due diligence (“CDD”) measures and ongoing monitoring requirements; and
(c) providing guidance on existing requirements in the AML Guideline. Note in particular that the SFC has proposed including some specific guidance on how to handle and respond to requests from enforcement agencies.
Given the wide-ranging nature of the proposals, the industry will need to consider the impact that the proposed changes will have on their business and the actions they will need to take if the Proposals were to be adopted. We recommend that you consider the Proposals carefully.
The SFC indicated in the Consultation Paper that it had been working closely with the Hong Kong Monetary Authority, the Insurance Authority and the Customs and Excise Department, who were also reviewing and revising their respective AML/CFT guidelines, to develop a common standard for compliance. The SFC also noted that, in general, the proposed revised Guidelines were intended to be consistent with the revised guidelines of the other regulators.
In addition to the above key proposed changes, the SFC is also taking the opportunity to make a number of more routine amendments to the Guidelines.
Proposals to enhance the existing requirements in the AML Guideline
The five key Proposals to enhance the existing requirements in the AML Guideline are as follows:
(a) expanding the types of PEP to include persons who have been entrusted with a prominent function by an international organisation2 (“International Organisation PEPs”), and to extend the existing requirements3 in the AML Guideline in relation to foreign PEPs to International Organisation PEPs and domestic PEPs when there is a high-risk business relationship;
(b) requiring: (i) a Hong Kong-incorporated LC to implement AML/CFT systems for all of its overseas branches and subsidiary undertakings that carry on the same business as financial institutions; (ii) such group-wide AML/CFT systems to include information sharing and the provision of information to group-level functions, subject to adequate safeguards; and (iii) if the AML/CFT requirements in the jurisdiction where the branch or subsidiary undertaking of an LC is located differ from those in the AML Guideline, the LC to require that branch or subsidiary undertaking to apply the higher of the two requirements (as far as local laws and regulations permit)4;
(c) requiring LCs to identify and assess the ML/TF risks that may arise in relation to (i) the development of new business practices, including new delivery mechanisms; and (ii) the use of new or developing technologies for new and pre-existing products prior to the launch of the new products, new business practices or the use of new or developing technologies;
(d) allowing an LC to stop pursuing the CDD process if it reasonably believes that performing the process will tip-off the customer concerned, and requiring the LC to make a suspicious transaction report in these circumstances 5; and
(e) requiring an LC to keep all documents and records obtained throughout the CDD and ongoing monitoring process, including the results of any analysis undertaken (for example, to establish the background and purpose of complex, unusually large transactions).
Proposals to provide flexibility to LCs to facilitate compliance under the existing requirements
The three key proposals to provide flexibility to LCs to facilitate compliance under the risk-based approach are as follows:
(a) so long as the principal aspects of a natural customer’s identity (at a minimum, the person’s full name and date of birth) are verified against a document provided by a reliable and independent source, LCs will be allowed to adopt reasonable risk-based measures and to determine whether to verify other identification data;
(b) allowing LCs to determine the types of documents to be obtained for the purpose of verifying the name of a customer which is a legal person, its legal form, its existence and the powers that regulate and bind the legal person, so long as the documents containing the relevant information are provided by a reliable and independent source; and
(c) providing flexibility to LCs to determine whether a natural person is a person purporting to act on behalf of a customer6 having regard to the person’s roles, the activities which he or she is authorised to conduct and the ML/TF risks associated with these roles and activities. In addition, the SFC has proposed that dealers and traders in an investment bank or an asset manager who are authorised to act on behalf of the investment bank or asset manager would not ordinarily be considered as a person purporting to act on behalf of a customer.
Proposals to provide additional guidance to LCs on existing requirements
The six key proposals to provide additional guidance to LCs on existing requirements in the AML Guideline are as follows:
(a) where customers are not physically present for identification purposes, LCs may adopt other measures to verify information relating to that customer for example, checking relevant data against reliable databases or registries, or using appropriate technology. The SFC also provided additional guidance to facilitate the application of these measures in relation to situations posing similar risks (for example, persons acting on behalf of a customer who is a legal person in opening an account through a non-face-to-face channel)7;
(b) the SFC proposed to include a list of illustrative, non-exhaustive examples of possible simplified measures (e.g. reducing the degree of ongoing monitoring and scrutiny of transactions based on a reasonable monetary threshold) or enhanced measures (e.g. obtaining information on the reasons for intended or performed transactions) which LCs could adopt for CDD and ongoing monitoring of customers assessed under a risk-based approach to be lower or higher risk, respectively;
(c) allowing LCs to adopt a risk-based approach to determine whether a customer should continue to be treated as a domestic PEP or an International Organisation PEP if the person is no longer entrusted with a prominent public function, taking into account various risk factors;
(d) where no natural person ultimately owns or controls a customer who is a legal person, LCs should identify the natural persons holding the position of senior managing official in the legal person and take reasonable measures to verify their identities;
(e) the SFC has proposed to provide further examples of areas which should be covered in the regular reviews of AML/CFT systems by an LC’s audit function; and
(f) the SFC has proposed to provide guidance on the handling of various requests from law enforcement agencies (for example, search warrants, production orders, restraint orders or confiscation orders) to assist LCs in handling such requests promptly and effectively.
Next steps and how we can help
Should the proposals be of interest to you or affect your business, you have until 9 August 2018 to submit feedback to the SFC. We have represented many industry groups and individual clients in responding to regulatory consultations and assisting them in effectively presenting feedback on them.
Please don’t hesitate to get in touch with us if you would like to discuss any aspects of the above with you; we would be delighted to assist.
1 The FATF is scheduled to conduct, later in 2018, an on-site mutual evaluation assessment of the effectiveness of Hong Kong’s AML/CFT regime and the implementation of the FATF standards in Hong Kong.
2 An international organisation, as defined by the FATF, is an entity established by formal political agreements between their member states which have the status of international treaties; whose existence is recognised by law in their member countries; and which is not treated as resident institutional units of the countries in which they are located. Examples include the United Nations, the World Trade Organization and the North Atlantic Treaty Organization.
3 The existing requirements in relation to foreign PEPs are: (a) obtaining approval from the senior management of the LC for establishing or continuing such a business relationship; (b) taking reasonable measures to establish the customer’s or beneficial owner’s source of wealth and its source of the funds; and (c) conducting enhanced ongoing monitoring of the business relationship.
4 The existing AML Guideline only requires LCs to put in place a group AML/CFT policy and does not specify that LCs should implement group-wide AML/CFT systems. Moreover, the existing AML Guideline does not specify that LCs should require overseas branches and subsidiary undertakings to apply the stricter requirements where the requirements of the jurisdiction where the overseas branch or subsidiary undertaking is located are different from those in the AML Guideline.
5 The existing AML Guideline only specifies that when an LC fails to complete the verification of identity, the LC should assess whether this failure provides grounds for knowledge or suspicion of ML/TF and whether making a suspicious transaction report is appropriate.
6 The existing AML Guideline requires an LC to identify and verify all persons purporting to act on behalf of a customer.
7 The AML Guideline currently provides only one type of measure for verifying information when a customer is not physically present for identification purposes.