Hong Kong Anti-Money Laundering Guidelines: How to Identify Money Laundering in DeFi, Especially in the Section on Virtual Currencies.

Identifying Money Laundering in DeFi: Hong Kong Anti-Money Laundering Guidelines with a focus on Virtual Currencies.

Link to the original text (Chapter 12): https://www.sfc.hk/-/media/TC/assets/components/codes/files-current/zh-hant/guidelines/guideline-on-anti-money-laundering-and-counter-financing-of-terrorism/AML-Guideline-for-LCs-and-SFC-licensed-VASPs_TC_1-Jun-2023.pdf?rev=77578ce554fb4e45bc8b3006375f1e69

This chapter provides guidance on the money laundering/terrorist financing risks related to virtual assets, as well as the regulatory provisions and standards in place to combat these risks. This includes factors to consider in conducting risk assessments using a risk-based approach, requirements for customer due diligence and ongoing monitoring specific to virtual assets, and rules regarding virtual asset transfers and third-party deposits and payments made in virtual asset form.

For the purposes of this chapter, “virtual assets” refers to (i) any “virtual asset” as defined in section 53ZRA of the Anti-Money Laundering and Counter-Terrorist Financing Ordinance; and (ii) any security token. “Security token” refers to a digitally represented value that constitutes a “security” as defined in Part 1 of Schedule 1 to the Securities and Futures Ordinance.

Money laundering can be divided into three common stages, often involving multiple transactions. Financial institutions should be alert to indicators of possible criminal activity. These stages include: (a) placement – depositing or disposing of cash proceeds from illegal activity or disposing of virtual assets from illegal activity; (b) layering – separating illegal proceeds and their source from funds or virtual assets through complex, multi-layered financial transactions or the use of various technologies (such as enhanced anonymity techniques or mechanisms) to hide the source of funds or virtual assets, obscure audit trails, and achieve anonymity; and (c) integration – creating apparent legitimacy for criminal wealth. When the layering process is successful, the integration plan effectively recirculates laundered proceeds back into the general financial system, making it appear that the proceeds are derived from or related to legitimate business activities.

• Value and Ambition of Worldcoin
• Variant Fund Partner: Asset Priority or Ideology Priority in Web3 Social Network Construction
• Gitcoin COO: How to fight against the “Web3 trolling party”?

Transactions facilitated by virtual asset businesses may be conducted in cash, so such businesses may be used to place cash proceeds derived from criminal activity. In addition, virtual asset businesses may be used to dispose of or place virtual assets related to illegal activity or upstream offenses (such as online fraud, ransomware, and other cyber crimes).

Virtual asset businesses may also be used in the second stage of money laundering, which is the layering process. These businesses provide potential avenues for criminals or money launderers to significantly alter the form of funds (i.e. fiat currency) or virtual assets involved. This can involve converting cash or other funds into virtual assets, or converting one type of virtual asset into another, and then converting the proceeds of illegal activities or virtual assets associated with illicit sources back into cash or other funds, with the aim of obscuring the flow of funds or the identity of the virtual asset holder or beneficial owner.

To obscure the origin of virtual assets derived from illegal activities, criminals or money launderers may transfer assets between different wallet addresses, service providers, categories of virtual assets or blockchains. They may use virtual asset-specific layering techniques, such as peel chains and chain-hopping. Virtual assets are sometimes laundered through enhanced anonymity services, such as mixers or tumblers, and other enhanced anonymity technologies or mechanisms, such as privacy coins or wallets. Virtual asset businesses that are unhosted wallets, decentralized virtual asset exchanges, peer-to-peer platforms, or that are not subject to AML/CFT controls or have lax controls, are particularly attractive to criminals or money launderers.

Before a virtual asset transfer involving an amount equivalent to HKD 8,000 or more takes place, remittance agents are required to obtain and record the following information about the remitter and the beneficiary:

(a) the name or designation of the remitter;

(b) where the virtual asset involved is transferred out of an account held by the remitter with that remittance agent, the account number (or, if there is no such account, a unique reference number generated by that remittance agent for that transaction) of that account used to process the transaction;

(c) the address of the remitter, the customer identification number or identification document number of the remitter, or the remitter’s (if an individual) date of birth and place of birth;

(d) the name or designation of the beneficiary;

(e) The account number (or, if there is no such account, the unique reference number) of the account of the payee which is maintained with the relevant payment service provider and to which the relevant virtual asset transaction is made.

Additional information includes: internet protocol (IP) address together with relevant time stamps; geographical data; and device identifier.

Before conducting any virtual asset transfers involving an amount equivalent to HKD 8,000 or above, the remittance agents must obtain and record the following information of the remitter and the payee:

(a) The name or the name of the remitter;

(b) The account number (or, if there is no such account, the unique reference number) of the account from which the relevant virtual assets are transferred by the remitter with the remittance agent;

(c) The name or the name of the payee; and

(d) The account number (or, if there is no such account, the unique reference number) of the account of the payee which is maintained with the relevant payment service provider and to which the relevant virtual asset transaction is made.

Some potential indicators of money laundering risks are:

(a) Customers who have no apparent reason to use the services of a financial institution (e.g. customers open accounts for virtual asset trading services but only deposit legal tender or virtual assets and withdraw all the balances or most of the assets deposited without conducting any other activities; or customers outside Hong Kong open accounts with financial institutions for buying and selling virtual assets whose services providers are also providing virtual assets outside the places where they are located);

(b) Customers requesting virtual asset trading services or conducting virtual asset transfers with funds of unknown sources or which do not correspond to the customer’s status and apparent position;

(c) Customers accessing the platform of a financial institution and/or giving transaction instructions from IP addresses that may have higher risks (e.g. IP addresses meeting the following descriptions):

(i) from jurisdictions with higher risks;

(ii) not corresponding to the customer’s status (e.g. the jurisdiction of the IP address is not the customer’s place of residence or principal place of business);

(iii) previously identified as suspicious by the financial institution; or

(iv) Associated with software that enhances anonymity or allows for anonymous communication in relation to “dark web” markets (e.g. proxy servers, unverifiable IP geolocation, virtual private networks and The Onion Router routers);

(d) A client enters a financial institution’s platform from the same IP or MAC address as other clearly unrelated clients;

(e) A client frequently changes contact information, such as email addresses and phone numbers, especially disposable or short-term email addresses and phone numbers;

(f) A client frequently or within a short period of time (e.g. within a few hours) changes IP addresses or devices used to access a financial institution’s platform and/or to make transactions.

(a) The buying and selling of virtual assets does not have an obvious purpose, or the nature, scale or frequency of transactions appears unusual. For example, if a client repeatedly trades virtual assets with a particular individual or group and earns substantial profits or incurs substantial losses from it, this may indicate that the transaction is part of a money laundering/terrorist financing scheme and is being used to obscure the transfer of value or that the account may be taken over;

(b) Mirror buying and selling or trading of virtual assets for illegal purposes or for use as currency exchanges without an obvious business purpose;

(c) Converting virtual assets into fiat currency without logical or obvious reason, despite (for example) price fluctuations or high commission fees, in circumstances where losses may be incurred;

(d) Converting a large amount of fiat currency or virtual assets into other or multiple virtual assets, making the flow of funds obscure.

(a) Accounts held by the same beneficial owner or by a client’s related parties trading the same virtual assets with each other in immediate succession;

(b) Within a short period of time, the same individual refers multiple new clients to open accounts to trade the same virtual assets;

(c) Clients participating in pre-arranged or other non-competitive trades, especially where this may also indicate that the client’s account may be taken over (i.e. fraudsters posing as genuine clients and obtaining control of the account and then conducting unauthorized transactions).

(d) Carrying out equal buy-sell transactions of specific virtual assets (“wash trades”) to create a false impression of active trading, while the actual beneficial ownership of the virtual asset remains unchanged. Such wash trades do not reflect the true market situation and may provide a “cover” for money laundering;

(e) Accumulating virtual assets at small, incremental prices, gradually raising the price of the virtual assets over time;

(f) Clients buying a large amount of virtual assets in a short period of time, especially for thinly traded virtual assets, where the trading volume is disproportionate to the client’s condition;

(g) A group of clients with the same trading pattern (e.g., buying the same virtual assets at the same or similar times or at the same or similar prices) – especially for thinly traded virtual assets – authorizing the same person or a third party to operate their accounts and/or transferring fiat currency or virtual assets between their accounts.

(a) Clients using financial institutions to make payments on their behalf or to hold money or other property, but the money or property is rarely or not used to buy or sell virtual assets, and the account appears to be used as a custody account or a channel for transfers;

(b) Transferring positions or funds, virtual assets or other property between accounts of individuals who are seemingly not controlled by or not obviously related to each other;

(c) Frequent transfer of funds, virtual assets or other property or cheque payments to third parties who have no relationship or whose identity is difficult to verify;

(d) In the absence of reasonable explanation, transferring funds or virtual assets back and forth between financial institutions or virtual asset service providers located in jurisdictions with higher risks or not matching the customer’s declared residence, business, trading or interests;

(e) In the absence of reasonable explanation, funds or virtual assets are transferred from different individuals to the same person or from the same person to different individuals. For example, the jurisdiction in which the virtual asset service provider is located does not prohibit or regulate virtual asset-related activities or services.

(f) Frequently changing the details or information of the bank account or wallet address used to receive funds or virtual assets;

(g) Multiple transactions involving high-value virtual assets, where the nature, frequency or pattern of the transactions appears unusual, such as trades conducted within a short period of time (e.g., within 24 hours), or conducted in segments with a regular pattern after a long period of inactivity; transferring virtual assets to another wallet, especially a new wallet or a wallet that has been inactive for a period of time, which may indicate that a ransomware attack or other cybercrime has occurred.

(h) Virtual assets transferred from a wallet address known to hold stolen virtual assets or known to be associated with the holder of stolen virtual assets;

(i) Transactions involving virtual assets (including virtual assets deposited by new customers) that have no apparent legitimate purpose or business rationale and that will incur additional or unnecessary costs or fees (such as converting the deposited virtual assets to other or multiple virtual assets, making transaction traces unclear, and/or immediately withdrawing all or part of the deposited virtual assets to a non-custodial wallet);

(j) Transferring virtual assets in small amounts from multiple wallets (particularly virtual assets held by third parties) and then transferring them to another wallet, or converting all virtual assets into fiat currency;

(k) Transactions involving virtual assets with a high degree of anonymity (such as virtual assets with enhanced anonymity) (such as depositing virtual assets that operate on public blockchains and then immediately converting them to virtual assets with a high degree of anonymity);

(l) Customers using financial institutions to convert unusual amounts of virtual assets (measured in transaction volume or number) from peer-to-peer platforms (such as peer-to-peer platforms with lax anti-money laundering/counter-terrorist financing controls) into fiat currency for no logical or apparent reason;

(m) Transfers of virtual assets to wallet addresses with a higher risk profile (such as wallet addresses directly and/or indirectly associated with illegal or suspicious activities/sources or designated persons);

(n) Transfers of virtual assets associated with chain hopping;

(o) Frequent and/or large transactions involving virtual assets conducted through virtual asset automated teller machines or self-service machines (especially those located in jurisdictions with a higher risk profile);

(p) Information or messages accompanying virtual asset transfers that indicate that the transactions may be used to fund or assist illegal activities;

(q) Customers who are financially unstable and/or who have no prior knowledge of virtual assets engaging in frequent and/or large transactions (particularly in the deposit and/or withdrawal of funds and/or virtual assets), which may be indicative of being a money mule or a victim of a scam;

(r) Depositing a large amount of virtual assets and then converting them into fiat currency, with unclear sources of funds and transactions that do not match the customer’s background, may indicate that the deposited virtual assets are stolen assets;

(s) The client’s funds or virtual assets originate from or are sent to a financial institution or virtual asset service provider that (i) is not registered or licensed in the jurisdiction where it operates (or where its customers who receive its products and/or services reside);

(ii) operates in a jurisdiction that does not prohibit or regulate virtual asset-related activities or services, or where its customers who receive its products and/or services reside;

(t) The information required for virtual asset transfers is inaccurate or incomplete. For example, for a remittance institution, the payee information provided by its customer is inconsistent with the information stored by the payee institution, resulting in the required information for virtual asset transfer being inaccurate or incomplete. The payee institution may therefore refuse the virtual asset transfer request, return the virtual assets, or the payee information provided by its customer is inconsistent with the information noticed when screening the payee wallet address related to the virtual asset transfer;

(u) Clients with limited assets placed in financial institutions receive a large amount of transferred virtual assets with low transaction volume;

(v) Clients deposit virtual assets and request that they be recorded in multiple seemingly unrelated accounts, and sell or otherwise transfer ownership of the relevant virtual assets.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!