News & Insights

Five key takeaways from the HK SFC’s consultation conclusions on revisions to its AML guidelines

On 15 September 2021, the SFC issued a press release relating to the Consultation Conclusions (Conclusions) on proposals to amend its anti-money laundering and counter-financing of terrorism (AML/CFT) guidelines, approximately one year after the SFC issued the consultation paper (Consultation) on 18 September last year.

All changes will come into effect soon on 30 September 2021 except for the changes relating to cross-border correspondent relationships, which have been given an additional six months for implementation. We encourage licensed firms to review their existing AML/CFT framework and implement appropriate policies, procedures and controls to comply with the new requirements.

In this article, we will cover whether the five takeaways from the Consultation which were outlined our article of 28 October 2020, will be implemented as proposed or with additional guidance from the SFC.

1.The streamlined approach in connection with verifying the identity of authorized persons has been re-instated

The streamlined approach will be implemented as proposed (footnote 38 to 4.4.3 in the tracked-changes version of the Revised Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (For Licensed Corporations) (Revised AML Guideline) in Appendix 2A of the Conclusions). This means a risk-based approach can be adopted and where the business relationship is assessed to present low money laundering and terrorist financing risk, a confirmation letter is acceptable from a department independent from the persons purporting to act on behalf of the customers (for example, compliance, audit or human resources).

2. Licensed firms will need to review their Institutional Risk Assessment (IRA) at least once every two years

The SFC has commented that a “holistic” approach can be adopted when conducting the IRA (2.6 and 2.7 of the Revised AML Guideline). When assessing customer risk, the SFC has added a new example in the Conclusions: a customer who is a natural person who enters into a discretionary management agreement via their investment vehicle but gives instructions to the manager to buy and sell specific securities is a red flag.

As proposed in the Consultation, firms can conduct IRAs commensurate with the nature, size and complexity of their business. The SFC has given further examples of what types of firms would be considered as having businesses smaller in size or less complex in nature. For example, where the range of products and services offered by the firm is very limited or its customers have a homogeneous risk profile. In such cases, a “simpler” risk assessment approach can be taken (2.5 of the Revised AML Guideline).

There is no change as to the prescribed minimum frequency of IRAs, i.e. at least once every two years or upon trigger events.

3. Manager-In-Charge of Anti-Money Laundering and Counter-Terrorist Financing (MIC of AML/CFT) can take on more responsibilities

As proposed, the Revised AML Guideline now expressly sets out that the MIC of AML/CFT:

  • can act as the AML Compliance Officer (3.5 and its footnote 8)
  • should be designated to oversee the proper design and implementation of third party deposit and payment policies and procedures but the SFC has added in the Conclusions that the MIC of Compliance and other senior management personnel can also take on this duty (11.3)
  • can approve third-party deposits or payments (in addition to the Money Laundering Reporting Officer), but the SFC has added that other senior management personnel with AML responsibilities can also take on this duty (11.5(c)) 

4. If your firm permits third-party deposits and payments and/or wishes to allow delayed due diligence in exceptional circumstances on the source of a third-party deposit, it must comply with the new Chapter 11 of the Revised AML Guideline

The substantive changes in the Consultation, including the requirement to establish and maintain adequate policies and procedures relating to third-party deposits and payments, will be implemented as proposed.

In the Conclusions, the SFC has:

  • clarified what is meant by a third party: “any person other than the customer” (footnote 88 to 11.1)
  • incorporated the useful guidance that certain third parties are considered relatively lower risk, for example, immediate family members, beneficial owners or affiliated companies of the clients (see paragraph 8 of the Appendix to the SFC Circular entitled “Third-party deposits and payments” of 31 May 2019)
  • reminded the industry that delayed due diligence in third-party deposits should be allowed only when there is no suspicion of money laundering or terrorist financing (footnote 91 to 11.3(d))

5. New due diligence will be required for cross-border correspondent relationships

The proposals in the Consultation have been implemented in the Revised AML Guideline. Our 2020 article addresses what constitutes cross-border correspondent relationships. It is however worth noting that the SFC reiterates that cross-border correspondent relationship provisions do not apply to delegated asset management relationships between a domestic asset management firm (which acts as a delegated asset manager) and an overseas delegating management company (see paragraph 27 of the Conclusions). 

Related Services and Sectors:

Investment Funds

Portfolio Builder

Select the legal services that you would like to download or add to the portfolio

Download    Add to portfolio   
Title Type CV Email

Remove All


Click here to share this shortlist.
(It will expire after 30 days.)