Hong Kong: Anti Money Laundering Comparative Guide

1 Legal and enforcement framework

1.1 Which legislative and regulatory provisions constitute the anti-money laundering, counter-terrorist financing and general financial crime prevention (collectively, ‘AML') regime in your jurisdiction, from a regulatory (preventive/sanctions) and enforcement (civil/criminal penalties) perspective? Are there any legislative and regulatory requirements that apply below the national level (ie, at a state or regional level)?

Hong Kong's AML regime applies at a single, territory level. It comprises:

• legislation;
• guidelines issued pursuant to legislation (which do not constitute subsidiary legislation); and
• other guidance materials issued by Hong Kong regulators.

Legislation: The main AML-related legislation is:

• the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap 615) (AMLO);
• the Drug Trafficking (Recovery of Proceeds) Ordinance (Cap 405) (DTROP);
• the Organised and Serious Crimes Ordinance (Cap 455) (OSCO);
• the United Nations (Anti-Terrorism Measures) Ordinance (Cap 575) (UNATMO);
• the United Nations Sanctions Ordinance (Cap 537) (UNSO); and
• the Weapons of Mass Destruction (Control of Provision of Services) Ordinance (Cap 526).

Subsidiary legislation exists for some of the legislation – in particular, regulations issued pursuant to UNSO which are the source of sanctions requirements.

Guidelines issued pursuant to legislation: The main AML-related guidelines are as follows.

Issuing authority	Guidelines
Hong Kong Monetary Authority (HKMA)	Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (for Authorized Institutions)
Securities and Futures Commission (SFC)	Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (for Licensed Corporations) Prevention of Money Laundering and Terrorist Financing Guideline (for Associated Entities)
Insurance Authority (IA)	Guideline on Anti-Money Laundering and Counter-Terrorist Financing
Commissioner of customs and excise (CCE)	Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (for Money Service Operators)
Registrar of Companies	Guideline on Compliance of Anti-Money Laundering and Counter-Terrorist Financing Requirements for Trust or Company Service Providers

Licensed money lenders (LMLs) are not regulated under AMLO. However, the Registrar of Money Lenders issued the Guideline on Compliance of Anti-Money Laundering and Counter-Terrorist Financing Requirements for Licensed Money Lenders with reference to the requirements in AMLO. LMLs are encouraged to comply with the guideline; non-compliance may cast doubt on whether:

• the licensee is fit and proper to carry on business as a money lender; and
• its officers are fit and proper to be associated with the business of money lending.

Other guidance materials: Regulators issue other guidance in the form of circulars, guidance papers and FAQs from time to time to:

• inform regulated entities of new legislative requirements and regulatory standards;
• provide updates on important AML developments; and
• provide practical guidance on implementing AML policies and controls.

Such materials are accessible from each regulator's website. Regulated entities and individuals are expected to comply with these guidance materials.

Throughout the following questions, the responses cover anti-money laundering and counter-financing of terrorism (AML/CFT) requirements only and not general financial crime prevention.

1.2 Which bilateral and multilateral instruments on AML have effect in your jurisdiction?

Hong Kong has been a member of the Financial Action Task Force since 1991 and a founding member of the Asia/Pacific Group on Money Laundering since 1997. As a member, Hong Kong implements recommendations promulgated by these bodies through locally enacted legislation and regulatory instruments and guidance.

1.3 Which public sector bodies and authorities are responsible for enforcing the AML laws and regulations? What powers do they have?

The relevant authority responsible for enforcing AMLO depends on the nature of the regulated entity. There are two types of regulated entities under AMLO:

• financial institutions (FIs); and
• designated non-financial businesses and professions (DNFBPs).

FIs include:

• authorised institutions;
• licensed corporations;
• authorised insurers;
• appointed insurance agents;
• authorised insurance brokers;
• stored value facility (SVF) licensees;
• money service operators; and
• the postmaster general.

DNFBPs include:

• solicitors;
• accountants;
• real estate agents; and
• trust and company service providers (TCSPs).

Relevant authority	Regulated entity
HKMA	Authorised institution under the Banking Ordinance (Cap 155) or an SVF licensee
SFC	Licensed corporation under the Securities and Futures Ordinance (Cap 571)
IA	Authorised insurer, appointed insurance agent or authorised insurance broker
CCE	Licensed money service operator or the postmaster general
Registrar of Companies	TCSP licensee

Under AMLO, the relevant authorities have powers of inspection and investigation, including requiring the production of documents and written answers to the regulator's questions. They may also apply for a court warrant to enter and search premises and remove records and documents believed to be relevant to their inquiries.

If a specified provision (defined in Section 5(11) of AMLO) has been contravened, the relevant regulator may take disciplinary action against the regulated entity.

In the event of a suspected criminal offence under OSCO, DTROP or UNATMO, the investigation is led by a multitude of law enforcement departments, including:

• the Hong Kong Police Force (usually in drug trafficking cases);
• the Customs and Excise Department (in smuggling cases);
• the Independent Commission Against Corruption (usually for fraud and corruption related matters); and
• the above relevant authorities.

1.4 Are there any self-regulatory organisations or professional associations? What powers do they have?

The following self-regulatory organisations or professional associations are responsible for formulating and implementing AML/CFT policies for their members:

• the Estate Agents Authority (EAA) for any ‘estate agent';
• the Hong Kong Institute of Certified Public Accountants (HKICPA) under the oversight of the Accounting and Financial Reporting Council (AFRC) for any ‘accounting professional'; and
• the Law Society of Hong Kong (LSHK) for any ‘legal professional'.

The terms in quotation marks above are defined in AMLO Schedule 1, Part 2, Section 1.

The EAA has issued Guidelines on Compliance of Anti-Money Laundering and Counter-Terrorist Financing Requirements for the Estate Agency Sector (Circular 18-01) pursuant to Section 7 of AMLO. An estate agent's non-compliance with the guidelines may trigger the following provisions in the Estate Agents Ordinance (Cap 511):

• suspension or revocation of licence (Section 27);
• investigation (Section 28); and
• disciplinary actions (Section 30).

As regards accounting professionals, the HKICPA has issued Guidelines on AML/CFT for Professional Accountants (Chapter F of the Code of Ethics for Professional Accountants). The AFRC conducts investigations and disciplinary sanctions against accounting professionals, including with respect to failure to comply with AML/CFT requirements.

For legal professionals, the LSHK has issued Practice Direction P, which comprises guidelines on:

• client identification and verification;
• customer due diligence;
• record keeping; and
• suspicious transaction reporting.

Any law firm, solicitor or foreign lawyer that fails to comply with the mandatory sections of the practice direction may face disciplinary proceedings by the LSHK.

1.5 What is the general approach of the financial services regulators in enforcing the AML laws and regulations?

The financial services regulators – that is, the HKMA, the SFC and the IA – will generally carry out an investigation before taking enforcement action in a manner proportionate to the seriousness of the breach of AML/CFT laws and regulations.

In exercising their power to impose a pecuniary or other penalty, the HKMA, the SFC and the IA will have regard to certain factors to be considered as set out in specific guidelines on this topic.

1.6 What are the statistics regarding past and ongoing AML procedures in your jurisdiction?

The Joint Financial Intelligence Unit (JFIU) has published the following statistics on money laundering and asset confiscation from 2015 to 2021.

	2015	2016	2017	2018
Number of persons convicted of money laundering*	121	100	94	83
Value of assets restrained (HK$)	341,500,028	268,572,436	52,530,659	7,872,136,764
Amount recovered and paid to govt # (HK$)	55,034,982	4,318,367	467,369,569	284,170,799

	2019	2020	2021
Number of persons convicted of money laundering*	103	69	83
Value of assets restrained (HK$)	163,096,565	267,598,817	223,592,475
Amount recovered and paid to govt # (HK$)	19,779,818	164,473,109	192,694,193

* Figures from the Police and Customs and Excise Department
# Figures from the Department of Justice

Source: www.jfiu.gov.hk/en/statistics.html

• From 2015 to October 2022, the HKMA imposed disciplinary actions against 12 authorised institutions, including two SVF licensees and 10 FIs.
• From 2005 to October 2022, the SFC imposed 18 disciplinary actions against licensed corporations or officers of a licensed corporation.
• From 2021 to October 2022, the IA imposed one disciplinary action in January 2022.

With regard to the reporting of suspicious activities, the JFIU reported that each year since 2015, it has received between 42,000 and 93,000 suspicious transaction reports. In 2022, the JFIU received 57,004 suspicious transaction reports between January and October.

1.7 What reporting activities exist for reporting suspicious activities and/or transactions (SARs)? Are there any specific powers to identify the proceeds of crime or to require an explanation as to the source of funds?

Reporting suspicious activities and/or transactions: Under OSCO, DTROP and UNATMO, where a person knows or suspects that any property was used in connection with or represents proceeds of drug trafficking or an indictable offence, or that any property is terrorist property, a report must be made to the JFIU as soon as practicable. These obligations apply to any person, including a company and every officer of a company. Failure to report such knowledge or suspicion is a criminal offence that is liable on summary conviction to a maximum penalty of a fine of HK$50,000 and imprisonment for three months.

Specific powers to identify the proceeds of crime/require an explanation as to the source of funds: No specific powers are granted to the authorities by statute. However, a regulated entity should take appropriate steps to make further enquiries as part of its customer or transaction due diligence procedures if there are suspicions that funds are the proceeds of crime.

1.8 Is there a central authority for reporting (ie, a Financial Intelligence Unit (FIU) responsible for assessing SARs reported from relevant entities subject to AML requirements)? Does this authority work internationally?

The JFIU is the central authority for receiving suspicious transaction reports. The JFIU is a specialised unit jointly operated by the Hong Kong Police Force and the Hong Kong Customs & Excise Department.

The JFIU is a member of the Egmont Group of Financial Intelligence Units. It may exchange information with other jurisdictions' FIUs through the Egmont Group channel and pursuant to formalised channels with certain non-Egmont Group countries.

1.9 What relevant public or private corporate or other registers exist to assist with conducting and/or validating AML information, ultimate beneficial owners etc; and what details must be disclosed?

The Companies Ordinance (Cap 622) requires a company incorporated in Hong Kong to maintain the following registers which assist with validating AML/CFT information of companies and their connected persons:

• a register of members;
• a register of directors;
• a register of company secretaries; and
• a register of significant controllers who hold, directly or indirectly, more than 25% of the issued shares in the company.

The Companies Registry (CR) offers the following searches on companies registered in Hong Kong, which provide the following information.

• Company particulars search:
• • company registration number;
  • company name;
  • date of incorporation;
  • active status;
  • directors of the company;
  • date of dissolution/ceasing to exist and/or winding up mode;
  • name change history;
  • registered address of the company;
  • list of directors;
  • particulars of company secretary; and
  • particulars of receiver and manager/liquidator.
• Directors index search
• • list of all current and reserve directors of a company (company-based search);
  • list of companies of which a person is currently a director or reserve director (director-based search); and
  • particulars of a specified current director or reserve director of a company (director particulars search).
• Document index search.
• List of documents filed by a company and copies of specific documents.

Current information about members, directors and company secretaries are accessible at the CR through the above searches either physically or online. To enhance the protection of sensitive personal information, ‘protected information' of individuals can only be accessed by specified persons. ‘Protected information' includes the usual residential address and full identification number of directors, company secretaries and other individuals such as liquidators and provisional liquidators. Specified persons (eg, a solicitor, foreign lawyer or legal professional) can access protected information following a one-time paper application to the CR or an online application for a special account with the CR.

The Register of Significant Controllers is only available for inspection by the CR and certain government departments, regulators and law enforcement agencies.

1.10 How do such registers interoperate with one another and do they do so internationally?

The information obtained from searches conducted on the CR database are obtained from company registers (as mentioned in the response to question 1.9) registered at the CR.

The company registers in Hong Kong are not interoperable with foreign registers.

2 Scope of application

2.1 Can both individuals and companies be prosecuted under the AML legislation?

Yes. Under the Interpretation and General Clauses Ordinance (Cap 1), the definition of ‘person' includes both natural persons and legal persons – that is, individuals and corporations. It follows that a company can be subject to criminal liability for an AML/CFT offence. In practice, however, prosecutions of AML/CFT offences are usually against individuals. Companies are more likely to be subject to disciplinary or regulatory enforcement action by the financial regulators.

2.2 Can foreign companies be prosecuted under the AML legislation?

A foreign company may be prosecuted for an AML/CFT offence if the elements of the offence are satisfied.

2.3 Does the AML legislation have extraterritorial reach?

No. AML/CFT offences in relation to the dealing offences under the Organised and Serious Crimes Ordinance (OSCO), the Drug Trafficking (Recovery of Proceeds) Ordinance (DTROP) and the United Nations (Anti-Terrorism Measures) Ordinance (described in the response to question 3.1) apply only to dealings in Hong Kong.

Please also refer to the response to question 2.6.

2.4 Are there restrictions on financial institutions' accounts for foreign shell banks? Which types of firms are subject to such restrictions?

A ‘foreign shell bank' is widely known as a foreign bank without a physical presence in any country. Under Section 17(1), Schedule 2 of the Anti-Money Laundering and Counter-Terrorist Financing Ordinance, a bank shall not establish or maintain a correspondent banking relationship with a corporation that is:

• incorporated outside of Hong Kong;
• authorised to carry on banking business in that place;
• does not have a physical presence in that place; and
• is not an affiliate of a corporation that:
• • is incorporated in a particular jurisdiction;
  • is authorised to carry on banking business in that jurisdiction; or
  • has a physical presence in that jurisdiction.

Therefore, banks are prohibited from establishing or maintaining a correspondent banking relationship with foreign shell banks. There are no AML/CFT prohibitions on normal deposit accounts with foreign shell banks.

2.5 Are there cross-border transaction reporting requirements? If so, what must be reported under what circumstances and to whom?

Yes, for physical currency and negotiable instruments. Under the Cross-boundary Movement of Physical Currency and Bearer Negotiable Instruments Ordinance (Cap 629), if a traveller who arrives at a specified control point from a place outside Hong Kong is in possession of HK$120,000 or more of physical currency or negotiable instruments when entering Hong Kong, he or she must make a written declaration to an authorised officer of the Hong Kong government. If a traveller is leaving Hong Kong, he or she must make a written declaration, upon request of an authorised officer, on whether he or she is in possession of a large quantity of negotiable instruments (ie, of a total value of more than HK$120,000).

2.6 Does money laundering of the proceeds of foreign crimes constitute an offence in your jurisdiction?

Yes. Pursuant to Section 25(4) of OSCO and DTROP, the ‘proceeds of an indictable offence' include the proceeds of a crime committed outside of Hong Kong if the crime would also have constituted an indictable offence had it been committed in Hong Kong. The prosecution need not prove:

• the commission of the indictable offence or drug trafficking; or
• that the property in question is in fact the proceeds of an indictable offence or drug trafficking.

3 AML offences

3.1 What AML offences are recognised in your jurisdiction and what do they involve? Are there any codified or common law defences?

Legislation	AML/CFT offences	Maximum penalty
		Summary conviction	Conviction upon indictment
Section 25 of the Organised and Serious Crimes Ordinance (OSCO)	Dealing with property while knowing or having reasonable grounds to believe that the property either wholly or partly represents proceeds of an indictable offence.	Imprisonment for three years. Fine of HK$500,000.	Imprisonment for 14 years. Fine of HK$5 million.
Section 25 of the Drug Trafficking (Recovery of Proceeds) Ordinance (DTROP)	Dealing with property while knowing or suspecting that the property either wholly or partly represents proceeds of drug trafficking.
Section 8A, Section 14(1A) of the United Nations (Anti-Terrorism Measures) Ordinance (UNATMO)	Dealing, without a licence granted by the secretary for security, with the knowledge of or being reckless as to whether the property is: specified terrorist property (ie, property of specified terrorists or terrorist associates or any property that is intended to be used to finance the travel of individuals for the purpose of perpetration, planning or preparation of, or participation in, terrorist acts, or that was used to finance or assist the commission of a terrorist act); wholly or jointly owned or controlled by a specified terrorist or terrorist associate; or held by a person on behalf of, or at the direction of, a specified terrorist or terrorist associate.	Imprisonment for two years. Fine of HK$100,000.	Imprisonment of 14 years. Fine of unfixed amount.
Section 5(5), Sch 2, Part 2, of the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO)	A financial institution (FI) knowingly contravenes a specified provision as defined in Section 5 of AMLO relating to customer due diligence (CDD) requirements.	Imprisonment for six months Fine of HK$100,000	Imprisonment for two years. Fine of HK$1 million.
Section 5(6), Sch 2, Part 2 of AMLO	An FI, with intent to defraud a relevant authority, contravenes a specified provision as defined in Section 5 of AMLO relating to CDD requirements.	Imprisonment for one year. Fine of HK$500,000.	Imprisonment for seven years. Fine of HK$1 million.
Section 5(7), Sch 2, Part 2 of AMLO	An employee or manager of an FI knowingly causes or permits the FI to contravene a specified provision as defined in Section 5 of AMLO, relating to CDD requirements.	Imprisonment for six months. Fine of HK$100,000.	Imprisonment for two years. Fine of HK$1 million.
Section 5(8), Sch 2, Part 2 of AMLO	An employee or manager of an FI, with intent to defraud the FI or any relevant authority, knowingly causes or permits the FI to contravene a specified provision as defined in Section 5 of AMLO relating to CDD requirements.	Imprisonment for one year. Fine of HK$500,000	Imprisonment for seven years. Fine of HK$1 million.

Please see question 5.3 for codified defences. There are no common law defences for AML/CFT offences.

3.2 How are predicate offences defined in your jurisdiction? Is tax evasion a predicate offence for money laundering?

Predicate offences are referred to as ‘indictable offences' in Hong Kong legislation.

According to Section 14A of the Criminal Procedures Ordinance (Cap 221), an offence created by an ordinance is an indictable offence if it is declared to be treason or if the words ‘upon indictment' or ‘on indictment' appear in the wording of the offence.

Tax evasion is an indictable offence and is therefore a predicate offence in the AML/CFT context.

3.3 What reporting offences exist (eg, failure to disclose, tipping-off and prejudicing or obstructing an investigation)?

Under Section 25A(1) and (7) of OSCO and DTROP, and Section 12(1) read with Section 14(5) of UNATMO, where a person knows or suspects that the property represents the proceeds of an indictable offence or drug trafficking, or that any property is terrorist property, his or her failure to disclose this to an authorised officer constitutes an offence. The penalty on conviction is a fine of HK$50,000 and imprisonment of three months.

A disclosure by an employee to the appropriate person in accordance with the procedure established by the person's employer for the making of such disclosures has the same effect as a disclosure to an authorised officer (Section 25A(4) of OSCO and DTROP; Section 12(4) of UNATMO).

Tipping off is an offence. Section 25A(5) of OSCO, Section 25A(5) of DTROP and Section 12(5) of UNATMO provide that it is an offence to, knowingly or while suspecting that a disclosure to an authorised officer has been made, disclose to any other person any matter which may prejudice any investigation which might be conducted following that first-mentioned disclosure. A person who commits such an offence under OSCO and DTROP is liable:

• on conviction upon indictment, to a fine of $500,000 and to imprisonment for three years; or
• on summary conviction, to a fine of HK$100,000 and to imprisonment for one year.

The penalty under UNATMO for a conviction on indictment differs from that under OSCO and DTROP, in that it is a fine of indefinite amount and imprisonment for three years.

3.4 Do any restrictions or thresholds (eg, in terms of parties, asset type or transaction value) serve to limit the types of activities that constitute AML offences?

There are no restrictions or thresholds that serve to limit the types of activities that constitute AML/CFT offences.

4 Compliance

4.1 Is implementing an AML compliance programme a regulatory requirement in your jurisdiction? If so, what aspects must this cover? Are there any criteria and/or conditions that a money laundering reporting officer or any other person responsible for AML must observe?

Financial institutions (FIs) or regulated entities licensed or registered by the Hong Kong Monetary Authority, the Securities and Futures Commission or the Insurance Authority must maintain an AML/CFT compliance programme. A regulated entity should implement adequate and appropriate AML/CFT systems which are commensurate with the nature, size and complexity of its businesses and money laundering or terrorist financing (ML/TF) risks arising from those businesses. Internal AML/CFT systems should include:

• compliance management arrangements;
• an independent audit function;
• employee screening procedures; and
• ongoing employee training programmes.

Senior management of a company should:

• appoint a senior staff member as the money laundering reporting officer; and
• ensure that the money laundering reporting officer satisfies the relevant criteria set out in the regulatory guidelines and performs his or her principal functions.

Companies should also establish and maintain clear policies and procedures on internal reporting to the money laundering reporting officer.

4.2 What customer and business partner due diligence (know your customer/client due diligence) requirements apply in this regard? Do any look-through requirements apply? Are there any simplified or enhanced due diligence requirements for certain types of persons and activities?

The Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO) requires FIs and designated non-financial businesses and professions (DNFBPs) to conduct customer due diligence (CDD) on customers. The term ‘business partner' is not used in AMLO or any other AML/CFT related legislation in Hong Kong.

The CDD requirements for customers are set out in Schedule 2, Part 2, AMLO. These include:

• identifying and verifying customers' identities using documents, data or information provided by a reliable and independent source;
• identifying and taking reasonable measures to verify the identities of beneficial owners;
• obtaining information on the purpose and intended nature of the business relationship;
• if a person purports to act on behalf of the customer:
• • identifying the person and taking reasonable measures to verify the person's identity; and
  • verifying the person's authority to act on behalf of the customer.

CDD must be carried out by FIs and DNFPs:

• before establishing a business relationship with the customer or before carrying out certain transactions for the customer;
• when the customer's account is suspected to be involved in money laundering or terrorism financing; or
• when there is doubt about the veracity or adequacy of CDD information previously obtained.

FIs and DNFPs must also continuously monitor the business relationship with the customer.

AMLO provides circumstances in which FIs and DNFBPs must undertake simplified or enhanced CDD. To illustrate, this is required for:

• customers who are politically exposed;
• customers who are high risk;
• insurance policies;
• wire transfers;
• remittance transactions; and
• correspondent bank relationships.

In addition, guidelines on AML/CFT have been issued by each relevant authority pursuant to AMLO. These are listed in question 1.1.

4.3 What due diligence requirements apply in relation to ultimate beneficial owners?

Under Schedule 2, Section 1 of AMLO, the definition of ‘beneficial owner' includes an individual who ultimately owns or controls a legal person – that is, an ultimate beneficial owner (UBO).

The CDD requirements under Schedule 2, Part 2 of AMLO generally cover both the customer and its beneficial owners. FIs and DNFBPs should identify the customer and its beneficial owners:

• before establishing a business relationship with the customer; or
• after establishing a business relationship with the customer if this is necessary not to interrupt the normal conduct of business or there is effective management of any ML/TF risk that may arise.

Schedule 2, Part 2, Section 2(1)(b) of AMLO sets out specific CDD requirements for the beneficial owner of a customer. FIs and DNFBPs should take reasonable measures to verify the UBO's identity – for example, by obtaining the name, date of birth, nationality and unique identification number (and document type) of the UBO. If the FI or DNFBP cannot obtain all the identification information of the UBO, it should assess:

• whether the information obtained is sufficient to identify the UBO; and
• whether it understands the ownership and control structure of the UBO.

4.4 Which books and records requirements have relevance in the AML context? What privacy laws apply?

Record keeping: Schedule 2, Part 3 of AMLO sets out record-keeping requirements for FIs and DNFBPs. FIs and DNFBPs must:

• for each transaction that they carry out, keep the original or a copy of the documents, and a record of the data and information. Records must be kept for at least five years after the transaction is completed, regardless of whether the business relationship ends during that period; and
• for each customer, keep:
• • the original or a copy of the documents, and a record of the data and information, obtained during the identifying and verifying the customer or any beneficial owner of the customer; and
  • the original or a copy of the files of the customer's account and business correspondence with the customer and any beneficial owner of the customer.

Records must be kept throughout the continuance of the business relationship with the customer and for a period of at least five years after the business relationship ends.

A relevant authority or regulator may issue a written notice requiring an FI or DNFBP to keep the records relating to a specified transaction or customer for a period specified by the relevant authority or the regulatory body.

Applicable privacy laws: The Personal Data (Privacy) Ordinance (Cap 486) (PDPO) applies. Collecting personal data for the purpose of CDD is permissible under the PDPO. Companies should comply with the PDPO and promote good practices in relation to the collection, accuracy, retention, use, security of and access to customer's personal data, during the CDD process.

4.5 What other compliance best practices should a company implement to mitigate the risk of AML violations?

Regulated entities are encouraged to refer to circulars, guidance papers and FAQs issued by regulators or associations from time to time, in order to stay updated on the best practices and new technology to mitigate ML/TF risks.

Regulated entities should also encourage employees to speak up and notify their supervisors should they spot any irregularities in the course of business that poses ML/TF risks.

4.6 Are companies obliged to report financial irregularities or actual or potential AML violations?

Please see questions 1.7 and 3.3.

4.7 Does failure to implement an adequate AML programme constitute a regulatory and/or criminal violation in your jurisdiction?

No, a failure to implement an adequate AML/CFT programme does not necessarily constitute a regulatory and/or criminal violation. However, under Sections 23(a) and (b) of Part 4, Schedule 2 of AMLO, an FI or DNFBP must take all reasonable measures to ensure that proper safeguards exist to mitigate the ML/TF risks and to prevent a contravention of any requirement under Part 2 or 3 of Schedule 2 of AMLO. Implementation of an adequate AML/CFT programme ensures compliance with this requirement. Failure to do so may potentially lead to contravention of specific requirements on AML/CFT that could result in disciplinary actions, or contravention of a specified provision under AMLO which constitutes an offence.

5 Enforcement

5.1 Can companies that voluntarily report AML violations or cooperate with investigations benefit from leniency in your jurisdiction?

Under Section 25A(2) of the Organised and Serious Crimes Ordinance (OSCO) and the Drug Trafficking (Recovery of Proceeds) Ordinance (DTROP), and Section 12(2) of the United Nations (Anti-Terrorism Measures) Ordinance (UNATMO), filing a suspicious transaction report to the Joint Financial Intelligence Unit (JFIU) is a defence to an ML/TF offence in respect of the acts disclosed in the report, provided that:

• the report is made before the company undertakes the disclosed acts and the acts are undertaken with the consent of the JFIU; or
• the report is made after the company has performed the disclosed acts on the company's own initiative and as soon as it is reasonable for the company to do so.

Aside from this, there are no formal programmes for claiming amnesty or reduced penalties. Instead, leniency and immunity may be determined by the authorities on a case-by-case basis.

If a person voluntarily discloses AML/CFT violations by way of self-reporting or cooperates with the financial regulators, this will operate as a mitigating factor and may result in leniency. For example, the Securities and Futures Commission (SFC) has emphasised that it will recognise and give credit for cooperation during an enforcement investigation; and in December 2017, the SFC published the Guidance Note on Cooperation with the SFC, which provides that cooperation may result in a decision by the SFC to enter into an agreement to resolve disciplinary proceedings at an early stage. Please also see question 5.4.

5.2 Can the existence of an AML compliance programme constitute a defence to charges of AML violations?

No.

5.3 What other defences are available to companies charged with AML violations?

Dealing offences: It is a defence, under Section 25(2) of OSCO and DTROP and Section 12(2B)(b) of UNATMO, if:

• the person intended to disclose to an authorised officer such knowledge, suspicion or matter in relation to the act in contravention of the dealing prohibition; and
• there is reasonable excuse for that person's failure to make the disclosure.

In addition, if a person does any act in contravention of the dealing offences and makes the appropriate disclosure, an offence is not committed if:

• the disclosure is made before the act and the act is done with the consent of an authorised officer; or
• the disclosure is made after the act on the person's own initiative and as soon as it is reasonable to make it.

Tipping-off offences: It is a defence under Section 25A(6) of OSCO and DTROP, and Section 14(7) of UNATMO, to prove that the person:

• did not know or suspect that the disclosure concerned was likely to be prejudicial; or
• had lawful authority or reasonable excuse for making that disclosure.

Other offences: In relation to employees, under Section 5(7) of the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO), if an employee knowingly causes the company to contravene a specified provision in AMLO relating to customer due diligence requirements and record keeping, the employee is exposed to personal criminal liability. However, under Section 5(9), it is a defence for the employee to have acted in accordance with the policies and procedures established and maintained by the company.

5.4 Can companies negotiate a pre-trial settlement through plea bargaining, settlement agreements or similar?

Companies can only agree to plead guilty to some charges or to reduce charges in exchange for a Hong Kong prosecutor withdrawing remaining or more serious charges. However, there is no bargaining with the Hong Kong prosecution on the penalty which is a matter for the court.

For regulatory enforcement actions, the regulator may enter into an agreement to resolve disciplinary proceedings at an early stage if it considers it appropriate to do so in the interest of the public. The regulated entity or person may approach the regulator for discussions to resolve some or all of regulatory concerns at any time from the detection of the failings or breaches up to the issuance of the regulator's decision notice. Such discussions are normally conducted on a ‘without prejudice' basis.

5.5 What penalties can be imposed for violations of the AML legislation? How are these determined? Can non-exhaustive penalties be imposed for such violations (eg, exclusion from public procurement, exclusion from entitlement to public benefits or aid, disqualification from the practice of certain commercial activities, judicial winding up)?

Please see questions 3.1 and 3.3 for the penalties of specific AML/CFT offences. The exact penalty is determined by the court in accordance with the provision's prescribed maximum penalty and the court's sentencing guidelines.

Whether the offences will be tried summarily at the magistrates courts or on indictment at the magistrates courts, the District Court or the Court of First Instance (CFI) of the High Court is determined by the prosecution, which will consider the complexity of the case and the likely sentence to be imposed on the offender upon conviction.

5.6 Can funds, property and/or proceeds of AML and/or financial crime be subject to asset freezing/confiscation/forfeiture or victim compensation laws? If so, under what circumstances and what types of funds or property may be confiscated/forfeited? Can such actions be taken if there is no criminal conviction?

Confiscation: Section 8 of OSCO empowers the Department of Justice to apply to the CFI for a confiscation order over any realisable property, both movable and immovable, belonging to persons convicted of a specified offence under OSCO. The CFI will grant a confiscation order if the proceeds are valued at HK$100,000 or more. The person must be deemed to have ‘benefited' from the offence. DTROP has a similar provision in Section 3, but there is no value threshold for a confiscation order under DTROP.

Freezing order: The CFI has the power to make freezing orders if it is satisfied that:

• there is a good, arguable case on the substantive claim; and
• there is a real risk of dissipation of assets if the order is not made in time.

In addition, the secretary for security has the power, under Section 6 of UNATMO, to issue a written notice to direct that a person shall not deal with the specified property that is suspected to be terrorist property except under the authority of a licence issued by the secretary for security.

5.7 What is the statute of limitations for prosecuting AML offences in your jurisdiction?

There is no statute of limitations for prosecutions of AML/CFT offences under AMLO, OSCO, DTROP or UNATMO. There is also no statute of limitations for the commencement of a prosecution for an indictable offence.

6 Alternatives to prosecution

6.1 What alternatives to criminal prosecution are available to enforcement agencies that find evidence of AML violations?

As an alternative or in addition to criminal prosecution, the relevant authority may exercise specified powers under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO) or other legislation to take disciplinary actions against ‘regulated persons'. Regulated persons comprise firms and those who perform functions for them which require a licence or registration, including those involved in management.

Besides the legislation and guidelines listed in question 1.1, the financial regulators will also take into account any breaches of the codes of conduct with which regulated persons are expected to comply.

Please see details below.

Regulated entity	Authorities	Potential penalties
Financial institutions	The Hong Kong Monetary Authority, the Insurance Authority and the Securities and Futures Commission	Private or public reprimand. Order to take any action specified by the relevant authority to remedy the contravention. Pecuniary penalty not exceeding the greater of: HK$10 million; or three times the amount of the profit gained, or costs avoided, as a result of the contravention. Suspension or revocation of licence or registration. Prohibition of application for licence or registration. Suspension/revocation of approval to be a responsible officer. Prohibition of appointment to be a responsible officer, executive officer or relevant individual.
Licensed money service operator	Commissioner of customs and excise	Private or public reprimand. Order to take any action specified by the commissioner to remedy the contravention. Pecuniary penalty not exceeding HK$1 million. Suspension or revocation of licence.
Trust and company service provider licensee (part of designated non-financial businesses and professions)	Registrar of Companies	Private or public reprimand. Order to take any action specified by the registrar to remedy the contravention. Pecuniary penalty not exceeding $500,000. Suspension or revocation of licence.

For non-regulated persons, alternatives to criminal prosecution are generally not available.

6.2 What procedures are involved in concluding an investigation in this way?

Please see question 6.3.

6.3 What factors will determine whether such an alternative to prosecution is to be offered by an enforcement agency to those who have been involved in AML violations?

If the relevant authority determines that the regulated entity or individual has contravened provisions of AMLO, the relevant authorities may take regulatory enforcement actions that are proportionate to the deficiencies found in their investigations. The more serious the findings, the more likely that the relevant authority will use enforcement actions with a greater deterrent effect.

Relevant factors that may be taken into account include:

• the nature, seriousness and impact of the contravention;
• the conduct of the regulated entity after the contravention;
• the previous disciplinary record and compliance history of the regulated entity; and
• other factors, including:
• • whether the regulated entity acted in accordance with any guidelines issued by the relevant authority with respect to the conduct in question;
  • the approach taken by the relevant authority in previous similar cases (in general, a consistent approach should be taken for similar cases);
  • the amount of any benefits gained or costs avoided by the regulated entity, or its directors or employees, as a result of the contravention; and
  • whether the regulated entity has promptly, effectively and completely brought the contravention to the attention of the relevant authority.

In the most serious cases, where there is sufficient evidence to establish that an offence under AMLO has been committed and it is in the public interest to do so, the relevant authority may exercise its power under Section 79 of AMLO to prosecute the offence.

6.4 How common are these alternatives to prosecution?

It is relatively common for the financial regulators to deal with AML/CFT violations by way of disciplinary action rather than by way of prosecution.

6.5 What reasons, if any, could lead to an increase in the use of such alternatives?

As mentioned in question 6.4, it is relatively common for the alternatives to prosecution to be used by the financial regulators. We are not aware of any reasons that could lead to an increase in the use of such alternatives.

7 Private AML enforcement

7.1 Are private enforcement actions for AML offences available in your jurisdiction? If so, where can they be brought and what process do they follow?

Private enforcement actions for AML offences are not available in Hong Kong.

7.2 What types of relief may be sought and what types of relief are most commonly awarded? How is the relief awarded determined?

Not applicable.

7.3 Can the decision in a private enforcement action be appealed? If so, to which reviewing authority?

Not applicable.

8 AML, cyber and crypto-assets

8.1 How does the AML regime dovetail with other cyber law in your jurisdiction?

AML/CFT offences committed through cyberspace are covered by the existing AML/CFT legislation.

8.2 What specific considerations, concerns and best practices should companies be aware of with regard to AML prevention in the cyber sphere?

Companies should keep up to date with the guidelines and publications issues by the relevant regulators in this area. On 28 January 2022, Hong Kong's financial services regulators issued the following guidance related to virtual assets which demonstrated an increased focus on regulating crypto assets in Hong Kong:

• The Hong Kong Monetary Authority (HKMA) issued a circular to banks entitled "Regulatory approaches to Authorized Institutions' interface with Virtual Assets and Virtual Asset Service Providers". In the circular:
• • the HKMA acknowledged the risks involved in activities relating to virtual assets, and stated that it will focus on three areas: prudential supervision, AML/CFT and financial crime risk and investor protection; and
  • in particular, financial institutions should establish and implement effective AML/CFT policies, procedures and controls to manage and mitigate money-laundering/terrorist financing risks taking into account any relevant guidance issued by the HKMA and the Financial Action Task Force.
• The Insurance Authority has issued a circular entitled "Regulatory Approaches of the Insurance Authority in Relation to Virtual Assets and Virtual Asset Service Providers". The circular states that:
• • authorised insurers intending to engage in virtual assets or with virtual asset service providers (VASPs) should keep up to date with regulatory changes. They should also comply with all regulatory requirements insofar as these apply to virtual asset-related activities; and
  • authorised insurers that carry on long-term business should evaluate virtual asset-related activities or interactions with VASPs according to their obligations under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance and the Guideline on AML/CFT.

8.3 Does the AML regime extend to crypto-asset activity and if so, how?

While Hong Kong's AML/CFT legislation does not expressly reference virtual assets, Hong Kong's AML/CFT regime extends to crypto-asset activities because crypto-assets are a form of property. For example, under the Organised and Serious Crimes Ordinance, a party commits an offence if it deals with any property knowing or having reasonable grounds to believe that such property in whole or in part directly or indirectly represents any person's proceeds of an indictable offence.

9 Trends and predictions

9.1 How would you describe the current AML enforcement landscape and prevailing trends in your jurisdiction? Are any new developments anticipated in the next 12 months, including any proposed legislative reforms?

AML/CFT enforcement remains a priority for law enforcement agencies and financial regulators in Hong Kong. This is likely to continue for the foreseeable future.

On 7 February 2022, the Anti-Money Laundering and Counter-Terrorist Financing (Amendment) Bill 2022 was submitted to the Legislative Council for discussion, which proposed to amend the Anti-Money Laundering and Counter-Terrorist Financing Ordinance to include:

• a licensing regime for virtual asset service providers; and
• a registration regime for dealers in precious metals and stones, which will impose statutory AML/CFT obligations on these two sectors.

This bill was gazetted on 24 June 2022 and read for the first time in the Legislative Council on 6 July 2022. The amendments are expected to come into effect on 1 January 2023, but this will be delayed if the second reading of the bill is not completed before the end of 2022.

9.2 Has your jurisdiction's AML regime been evaluated by an international organisation, such as the Financial Action Task Force (FATF), the Council of Europe (Moneyval) or the International Monetary Fund; and if so, when?

Hong Kong's AML/CFT system has been assessed by the FATF and the International Monetary Fund.

The last Mutual Evaluation Report by FATF and the Asia/Pacific Group on Money Laundering on Money Laundering (FATF Mutual Evaluation Report 2019) was published on 4 September 2019.

The Financial System Stability Assessment Report issued by the International Monetary Fund, which contains findings on Hong Kong's AML/CFT system, was issued on 8 June 2021.

9.3 Does your jurisdiction meet the recommendations of the Financial Action Task Force; and if not, what are the barriers to meeting these?

In the FATF Mutual Evaluation Report 2019, Hong Kong's AML/CFT regime was found to be overall compliant and effective. Hong Kong was found to have a strong legal and institutional framework to combat associated risks.

The report did not identify any barriers to meeting the FATF's recommendations. However, the FATF noted some deficiencies relating to:

• the transparency of legal arrangements;
• preventive measures for politically exposed persons; and
• supervision of designated non-financial businesses and professions.

9.4 What noteworthy technology developments have you observed in your jurisdiction over the past 12 months in the growth of regtech and suptech solutions, as well areas where blockchain and digital assets or online-based communities are used as an enabler (eg, money laundering using video games or online forums)?

The Hong Kong Monetary Authority (HKMA) has continued to encourage financial institutions to enhance the effectiveness of their AML/CFT control systems by harnessing external information and using new technologies, including regtech.

A Regtech Adoption Practice Guide series was launched by the HKMA in July 2021 to:

• promote the adoption of regtech; and
• provide banks with detailed guidance on the implementation of cloud-based regtech solutions to support their risk management and compliance with regulatory obligations.

The latest eighth issue of the Regtech Adoption Practice Guide on regtech solutions for sales practices and suitability was issued in October 2022. This complemented the HKMA's launch of a Regtech Skills Framework in October 2021 to promote regtech talent development in Hong Kong.

In addition, on 21 July 2022, the HKMA held the second AML Regtech Lab (AMLab) to further encourage the use of regtech. AMLab provides a collaborative platform for banks and the fintech community to promote the use of data and technology, and aims to:

• enhance banks' capabilities to protect customers from fraud and financial crime losses;
• reduce risk displacement; and
• improve the overall effectiveness of the AML/CFT ecosystem.

These developments demonstrate the HKMA's strong commitment to promote AML/CFT technology adoption in line with its ‘Fintech 2025' strategy to drive fintech development in Hong Kong.

10 Tips and traps

10.1 What are your top tips for the smooth implementation of a robust AML compliance programme and what potential sticking points would you highlight?

A robust AML/CFT compliance programme should be holistic: investment in people, training and culture should work hand in hand with systems and controls that are reviewed periodically for updates.

A potential sticking point is diffidence on the part of front-line employees in requesting the customer due diligence information that is required by AML/CFT legislation and guidelines.

10.2 What are the key threats and trends that you have seen in your jurisdiction with respect to money-laundering techniques during the COVID-19 pandemic?

There has been a rise in money-laundering activities involving virtual currencies in recent years as restrictions in international travel during the COVID-19 pandemic have prevented illegal syndicates from moving physical cash across borders.

10.3 Are your jurisdiction's relevant AML legislative and rulemaking instruments available in online; and if so, are they publicly available and in English?

Hong Kong's AML/CFT legislation and related guidelines are available online to the public. The AML/CFT legislation is in both English and Chinese. The related guidelines are mostly in English but some have a Chinese version:

• Hong Kong e-legislation (eg, the Anti-Money Laundering and Counter-Terrorist Financing Ordinance, the Organised and Serious Crimes Ordinance, the Drug Trafficking (Recovery of Proceeds)): www.elegislation.gov.hk/
• Hong Kong Monetary Authority AML/CFT publications:
• • English:
    www.hkma.gov.hk/eng/key-functions/banking/anti-money-laundering-and-counter-financing-of-terrorism/
  • Chinese:
    www.hkma.gov.hk/chi/key-functions/banking/anti-money-laundering-and-counter-financing-of-terrorism/
• Securities and Futures Commission AML/CFT publications:
• • English:
    www.sfc.hk/en/Rules-and-standards/Anti-money-laundering-and-counter-financing-of-terrorism
    https://apps.sfc.hk/edistributionWeb/gateway/EN/circular/aml/
  • Chinese:
    www.sfc.hk/TC/Rules-and-standards/Anti-money-laundering-and-counter-financing-of-terrorism
    https://apps.sfc.hk/edistributionWeb/gateway/TC/circular/aml/
• Insurance Authority AML/CFT publications:
• • English:
    www.ia.org.hk/en/enforcement/anti_money_laundering_and_counter_terrorist_financing/index.html
    www.ia.org.hk/en/legislative_framework/circulars/antimoney_laundering/circulars_on_anti-money_laundering_matters.html
    www.ia.org.hk/en/supervision/antimoney_laundering/AML_CTF_introduction.html
  • Chinese:
    www.ia.org.hk/tc/enforcement/anti_money_laundering_and_counter_terrorist_financing/index.html
    www.ia.org.hk/tc/supervision/antimoney_laundering/AML_CTF_introduction.html
• Commissioner of Customs and Excise AML/CFT publications:
• • English:
    https://eservices.customs.gov.hk/MSOS/common/notices
  • Chinese:
    https://eservices.customs.gov.hk/MSOS/common/notices?request_locale=zh_TW
• Companies Registry (AML/CFT publications:
• • English:
    www.cr.gov.hk/en/amlctf/publications.htm
  • Chinese:
    www.cr.gov.hk/tc/amlctf/publications.htm

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.