Frequently Asked Questions

Customer Due Diligence

The Anti-Money Laundering and Counter-Terrorist Financing Ordinance, Cap. 615 (AMLO) came into operation on 1 April 2012. Under AMLO, any person who wishes to operate a remittance and / or money changing service is required to apply for a license from the Commissioner of Customs & Excise, who is the authority to administer the licensing regime for Money Service Operators (MSOs) (i.e. Remittance Agents and Money Changers / RAMC) and supervise licensed MSO’s compliance with the customer due diligence and record-keeping obligations and other licensing requirements.

Definition of Customer Due Diligence
Customer Due diligence was mainly conducted by professional consultants as a procedure to measure the ratings of company operations in any given markets. Due diligence is usually performed during merger and acquisition and issuance of bonds or securities. During merger and acquisitions, the acquiring company will perform due diligence on the target company in order to verify the condition/risks of various significant aspects of the target company. The AMLO defines what customers due diligence measures are and also prescribes the circumstances in which a financial institution must carry out customer due diligence. As indicated in the AMLO, financial institutions may also need to conduct additional measures (referred to as enhanced customer due diligence) or could conduct simplified customer due diligence depending on specific circumstances.

According to Chapter 4 of the Guideline on Anti-Money Laundering and Counter-Terrorist Financing (July 2012), customers due diligence procedures include:

– Identify customer (HKID or passport)
– Verify identify of customer (face-to-face verification)
– Identify beneficial owner(s) (companies)
– Verify identity of the beneficial owner (company registry)
– Request for business or residential address proof issued within the past 3 months
– Request for contact person telephone number
– Make use of "SAFE" to understand customers’ occupations and business operations
– Obtain approval from Compliance Officer
– Perform risk assessment and background check (can make use of third party due diligence tools)
– Formulate account opening criteria based on risk indicators in company’s handbook
Q1: What are Customer Due Diligence (CDD) Measures?
A1: Measures mainly include:
(1) identifying the customer and verifying the customer’s identity; and
(2) identifying the beneficial owner and taking reasonable measures to verify the beneficial owner’s identity.
Q2: When CDD Measures Must Be Carried Out?
A2: (1) Before establishing a business relationship with the customer
(2) Before carrying out an occasional transaction involving an amount equal to or above HK$120,000
(3) Before carrying out an occasional wire transfer involving an amount equal to or above HK$8,000
(4) Suspects the customer or the customer's account is involved in money laundering or terrorist financing
(5) Doubts the veracity or adequacy of any information previously obtained for the purpose of identifying the customer or verifying the customer’s identity
Q3: What should I do if verification of identity remains uncompleted 30 working days after the establishment of business relations?
A3: According to Chapter 4.7.8 of the Guideline on Anti-Money Laundering and Counter-Terrorist Financing, the financial institution should suspend business relations with the customer and refrain from carrying out further transactions.
Q4: MSOs should have risk-sensitive measures in place to recognise Politically Exposed Persons ('PEPs'). What is a PEP?
A4: In accordance with Schedule 2 of the AMLO, PEP means (a) an individual who is or has been entrusted with a prominent public function in a place outside the People’s Republic of China and (i) includes a head of state, head of government, senior politician, senior government, judicial or military official, senior executive of a state-owned corporation and an important political party official; but (ii) does not include a middle-ranking or more junior official of any of the categories mentioned in subparagraph (i); (b) a spouse, a partner, a child or a parent of an individual falling within paragraph (a), or a spouse or a partner of a child of such an individual; or (c) a close associate of an individual falling within paragraph (a).
FATF defines PEPs as 'individuals who are or have been entrusted with prominent public functions in a foreign country, for example Heads of State or of government, senior politicians, senior government, judicial or military officials, senior executives of state owned corporations, important political party officials. Business relationships with family members or close associates of PEPs involve reputational risks similar to those with PEPs themselves. The definition is not intended to cover middle ranking or relatively junior individuals in the foregoing categories'.
FATF Recommendation 6 states that FIs should, in relation to PEPs, in addition to performing normal due diligence measures:
  • Have appropriate risk management systems to determine whether the customer is a politically exposed person;
  • Obtain senior management approval for establishing business relationship with such customers;
  • Take reasonable measures to establish the source of the wealth and source of funds; and
  • Conduct enhanced ongoing monitoring of the business relationship
Q5: How many times of annual review should be performed to high-risk customers?
A5: According to Chapter 4.7.13 of the Guideline on Anti-Money Laundering and Counter-Terrorist Financing, all high-risk customers should be subject to a minimum of an annual review, and more frequently if deemed necessary by the financial institution, of their profile to ensure the CDD information retained remains up-to-date and relevant.
Q6: What is Office of Foreign Assets Control (OFAC) and what does it do?
A6: OFAC administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals against targeted foreign countries, terrorists, international narcotics traffickers and those engaged in activities related to the proliferation of weapons of mass destruction. OFAC rules prohibit transactions and require the blocking of assets of persons and organizations that appear on one of a series of lists that OFAC issues periodically. The agency has the power to impose significant penalties on those who are found to be in violation of the blocking orders.
Q7: What is the relationship between financial sanctions and money services sector?
A7: The obligations under the Hong Kong’s financial sanctions regime apply to all persons, and not just financial institutions. MSOs are reminded that in accordance with the provisions of Chapter 6 of the Guideline on Anti-Money Laundering and Counter-Terrorist Financing, they should maintain a database of individuals and entities designated under the United Nations (Anti-Terrorism Measures) Ordinance, United Nations Sanctions Ordinance and US Executive Order 13224 for client and transaction screening purposes. Members of this Association can get latest information through HKC&ED News or Hong Kong Customs and Excise Department website.
Q8: Which institutions are defined as financial institution under Chapter 615? What is the implication to Customer Due Diligence?
A8: Under Chapter 615, financial institution means:
(a) an authorized institution;
(b) a licensed corporation;
(c) an authorized insurer;
(d) an appointed insurance agent;
(e) an authorized insurance broker;
(f) a licensed money service operator; or
(g) the Postmaster General.
The Chapter 615 defines customers to whom Simplified Customer Due Diligence ("SDD") may be applied if your customer is an financial institution as defined in the Chapter 615. SDD means that application of full CDD measures is not required. In practice, this means that MSOs are not required to identify and verify the beneficial owner.
Q9: Does public body cover state-owned enterprises (SOE)? Can a subsidiary of a SOE be subject to SDD?
A9: SDD may be applied to state-owned enterprises fully owned by a government of an equivalent jurisdiction. Where the enterprise is only partially owned by a government, SDD would apply only to the part of the enterprise owned by the government. For the part not owned by the government, FIs should identify and take reasonable measures to verify the identities of beneficial owners along that ownership chain.
Q10: Does simplified customer due diligence apply to a wholly/partially owned subsidiary of a listed company?
A10: SDD may be applied to the customers set out in section 4 of the Schedule 2 to the AMLO which do not include wholly/partially owned subsidiaries of a listed company. However, the FI is not required to identify or verify the beneficial owners of the listed company in the ownership chain of the wholly/partially owned subsidiary. For partially owned subsidiaries, the FI should still identify and take reasonable measures to verify the identity of beneficial owners in the ownership chain that are not connected with the listed company.
Please note: (1) Please proceed to our Forum of more discussions in relation to Customer Due Diligence; (2) The above information is for reference only.