Five key takeaways from the SFC’s consultation on revisions to its AML guidelines

1. 

The streamlined approach in connection with verifying the identity of authorized persons has been re-instated. The approach of obtaining a letter from a corporate customer with many authorized persons (or in the SFC’s terms, “persons purporting to act on behalf of the customer” or “PPTAs”) confirming the PPTAs’ identities and authority to act was removed from the last revision of the SFC’s Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (For Licensed Corporations) (AML Guideline). The SFC has now helpfully clarified that a risk-based approach can be adopted and where the business relationship is assessed to present low money laundering/terrorist financing risk, such confirmation letter is acceptable from a department independent from the PPTAs (for example, compliance, audit or human resources) (see the footnote 30 to 4.4.3 of the clean copy of the proposed AML Guideline).

2. 

Licensed firms will need to review their Institutional Risk Assessment (IRA) at least once every two years. The SFC currently requires licensed entities to conduct an IRA, taking into account factors including the products and services offered, types of customers and geographical locations involved. However the SFC does not prescribe the IRA’s timing or frequency. As the RBA Guidance highlighted that IRAs should be properly documented, regularly updated and communicated to the senior management, the SFC has incorporated these factors into the proposed AML Guideline including a requirement for the IRA to be reviewed at least once every two years or more frequently where required (2.10 of the proposed AML Guideline).

3. 

Manager-In-Charge for Anti-Money Laundering and Counter-Terrorist Financing (MIC of AML/CFT) can take up more responsibilities. In the current AML Guideline, the MIC of AML/CFT appears only once, under the definition of “senior management”. The proposed AML Guideline now expressly sets out that the MIC for AML/CFT:

• can act as the AML Compliance Officer (3.5 and its footnote 7)

• should be designated to oversee the proper design and implementation of third party deposit and payment policies and procedures (11.3)

• can approve third-party deposits or payments (in addition to the Money Laundering Reporting Officer) (11.5(c)) 

4. 

If your firm permits third-party deposits and payments and/or wishes to allow delayed due diligence in exceptional circumstances on the source of a third-party deposit, it must comply with the new Chapter 11 of the proposed AML Guideline. The SFC has incorporated its guidance from previous circulars into the proposed AML Guideline. Licensed firms will need to establish and maintain adequate policies and procedures relating to third-party deposits and payments. 

5. 

New due diligence will be required for cross-border correspondent relationships. If a Hong Kong financial institution (correspondent FI) executes transactions for a cross-border financial institution (respondent FI) acting for their underlying customers, which constitutes Type 1 (dealing in securities), Type 2 (dealing in futures contracts) or Type 3 (leveraged foreign exchange trading) regulated activities, the correspondent FI should conduct additional due diligence measures on the cross-border correspondent relationship on a risk-based approach (4.20 of the proposed AML Guideline).

The reasons for due diligence in this area can be illustrated in an example: where a Hong Kong securities broker executes trades for an overseas broker who acts for or on behalf of their own customers, the Hong Kong broker does not have any direct relationship with those underlying customers and if the overseas broker does not have adequate AML/CFT controls in place, the Hong Kong financial system may be exposed to heightened money laundering or terrorist financing risks.