Hong Kong’s new anti-money laundering regulations take effect, and the compliance requirements are organized comprehensively.

Hong Kong's new anti-money laundering rules are in effect and the requirements for compliance are comprehensive.

On May 23, 2023, the Securities and Futures Commission (SFC) of Hong Kong issued the “Consultation Summary on Proposed Regulatory Guidelines Applicable to Virtual Asset Trading Platform Operators Licensed by the Securities and Futures Commission.” Looking at the regulatory system for virtual asset trading, the regulatory framework in Hong Kong was not built in a day. Since 2017, the SFC has regulated the fundraising through ICOs by recognizing their financial properties, in 2018 it refined the rules for virtual asset investment providers, and in 2019 it included virtual asset trading platforms that provide securities-type tokens in its regulatory system. It is believed that while retail investors’ investments are freed up in the Hong Kong region in 2023, refining the regulatory framework for anti-money laundering for virtual asset trading platforms will help enhance market transparency and promote the long-term development of virtual asset trading.

The three stages of money laundering

1. Possible use of virtual asset business in the process of money laundering

In general, virtual asset transactions are carried out anonymously or with enhanced anonymity functions. However, the nature of virtual assets that is not limited by borders and the almost instant transaction speed can be exploited by criminals or money launderers, as virtual assets are sometimes laundered through technologies that blur the identities of the remitter, payee, and actual owner of the virtual assets, such as anonymizing services (e.g., mixers or tumblers) and other mechanisms or technologies that enhance anonymity (such as virtual assets or privacy coins with enhanced anonymity functions, privacy wallets, etc.).

Given the pseudonymous nature and transaction speed of virtual assets, criminals and designated persons may use multiple wallets for large or structured virtual asset transactions, making the flow of funds easily blurred and the clues more complex, thereby hiding the source and destination of their virtual assets to avoid detection of their money laundering/terrorist funding or other illegal activities.

In addition, since virtual asset transactions can be conducted in a peer-to-peer manner, such transactions can also be exploited by criminals if there is no intermediary involved to carry out customer due diligence and transaction monitoring and other anti-money laundering/counter-terrorist financing measures.

Therefore, customer due diligence is one of the important measures to prevent, combat, and terminate money laundering/terrorist financing. The following will focus on what is customer due diligence, what circumstances will trigger customer due diligence, and additional due diligence investigations required for cross-border agency.

II. Customer Due Diligence (customer due diligence)

Given the high anonymity of virtual asset transactions, identifying and verifying customer identity is the top priority of customer due diligence.

For natural person customers, financial institutions should obtain at least the following information to identify customer identity:

(a) Full name;

(b) Date of birth;

(c) Nationality; and

(d) Unique identification number (such as identity card number or passport number) and document type.

For corporate customers, financial institutions should verify their name, legal form, existence at the time of verification, and powers that regulate and restrict the name of the legal person, including the following information:

(a) Full name;

(b) Date of registration, establishment or registration;

(c) Place of registration, establishment or registration (including the address of the registration office);

(d) Unique identification number (such as registration number or business registration number) and document type; and

(e) Main business location (if different from the address of the registration office).

If the customer is a club, association, charity, religious organization, school, friendly mutual aid society, etc., the legal purpose of such organization must be believed by the financial institution.

SFC has further specified additional customer information to enable financial institutions to identify and manage their establishment of business relationships with customers and/or the methods by which their customers conduct virtual asset transactions:

(a) Internet Protocol (IP) address together with relevant time stamps;

(b) Geolocation data; and

(c) Device identifier.

III. When is Customer Due Diligence Required

Section 4.1.9 of the “Anti-Money Laundering Guidelines” lists the general circumstances in which financial institutions must perform customer due diligence on customers:

(a) Before starting business relationship with the customer;

(b) Before executing the following non-regular transactions, and the transaction:

(i) involves an amount equal to or greater than HKD 120,000 (or the same amount converted into any other currency),

(ii) Involving an amount equivalent to HKD 8,000 or more (or its equivalent in any other currency) and is made via telegraphic transfer, whether executed in a single transaction or in several transactions which appear to be linked;

(c) Where the financial institution has suspicion of money laundering/terrorist financing activities by a customer or an account;

(d) Where the financial institution has doubts about the veracity or adequacy of previously obtained identification data of the customer or verification of the customer’s identity.

“Non-occasional transactions” refer to transactions between a financial institution and a customer with whom the financial institution has no business relationship. However, licensed virtual asset trading platforms should not conduct such transactions (4.1.11).

Regarding virtual assets, non-occasional transactions may also include virtual asset transfers and virtual asset exchanges. Therefore, 4.1.9 (b) should cover virtual asset transfers and virtual asset exchanges. However, before non-occasional transactions involving virtual assets transfers equivalent to no less than HKD 8,000, the SFC requires financial institutions to perform customer due diligence on such customers in paragraph 12.3, whether executed in a single transaction or in several transactions which appear to be linked.

IV. Cross-border Agency: Additional Due Diligence, Ongoing Monitoring and Shell Virtual Asset Service Providers

Cross-border agency relationships specifically refer to a financial institution (“agency institution”) providing services to another virtual asset service provider or financial institution located outside of Hong Kong (“receiving agency institution”) in the process of providing virtual asset services, and the relevant transactions executed in such business relationship are initiated by the receiving agency institution as the principal or agent. For example, a financial institution located in Hong Kong (as an agency institution) executing a buy/sell virtual asset transaction for a virtual asset service provider operating outside of Hong Kong and acting as the receiving agency institution for its local customers will constitute cross-border agency.

Note: Virtual asset services here include (1) offers to buy/sell virtual assets or (2) people regularly introducing or identifying each other to negotiate or complete the purchase/sale of virtual assets, and transactions formed by such negotiations or completions are binding.

Given the high anonymity and instant nature of virtual asset transactions, cross-border agents may lead to risks such as transaction authenticity identification, money laundering, and capital outflow. Therefore, it is especially important for the SFC to impose additional due diligence measures to control the control: financial institutions should understand whether the agency has engaged in transactions involving virtual assets that provide higher anonymity, and the degree to which it carries out such activities or transactions for non-resident clients of the agency. In addition, financial institutions need to interview compliance officers, conduct on-site visits, or review the results of internal or external auditor reports to further evaluate the anti-money laundering/terrorist financing control measures implemented for virtual asset transfers, whether the screening of virtual asset transactions and related wallet addresses is sufficient and effective.

Moreover, in cross-border transactions, virtual asset transactions and related wallet addresses will also be continuously monitored by financial institutions.

As for empty shell virtual asset service providers, that is:

(a) established as a corporation outside Hong Kong;

(b) approved to operate virtual asset business in that place;

(c) there is no entity in that place; and

(d) not a person connected to a regulated financial group subject to effective supervision throughout the group.

It is explicitly prohibited from establishing and implementing cross-border agents, and financial institutions are not allowed to establish cross-border agent relationships with them.

Final Words

In recent years, as the scale of virtual asset business worldwide continues to expand, the use of virtual assets to conceal and launder criminal proceeds has also increased. FATF has issued virtual asset anti-money laundering alerts to various countries/regions and provided corresponding anti-money laundering regulatory recommendations. The newly revised “Anti-Money Laundering and Counter-Terrorist Financing Ordinance” in Hong Kong, China, also specifically regulates the anti-money laundering compliance issues of virtual assets. This Ordinance will be effective on June 1 this year. The SAJ team hereby reminds all old friends that when engaging in relevant businesses in the Hong Kong region, especially those involving virtual asset cross-border trading, it is necessary to attach importance to anti-money laundering compliance construction, fulfill due diligence review, and continuous monitoring obligations to avoid legal risks.

An empty HTML document containing only an empty paragraph tag.“`html


We will continue to update Blocking; if you have any questions or suggestions, please contact us!


Was this article helpful?

93 out of 132 found this helpful

Discover more