Anti-money Laundering : Hong Kong

1. What laws in your jurisdiction prohibit money laundering?

Hong Kong

The main pieces of legislation which prohibit money laundering in the Hong Kong Special Administrative Region (Hong Kong) are the Drug Trafficking (Recovery of Proceeds) Ordinance (Cap 405) (DTROP) and the Organized and Serious Crimes Ordinance (Cap 455) (OSCO).

In addition, the United Nations (Anti-Terrorism Measures) Ordinance (Cap 575) (UNATMO) deals with terrorist financing.

2. What must the government prove to establish a criminal violation of the money laundering laws?

Hong Kong

Money laundering is a criminal offence under sections 25 of OSCO and DTROP respectively. A person commits a money laundering offence if he or she ‘deals’ with ‘property’ knowing or ‘having reasonable grounds to believe’ that such property, in whole or in part, directly or indirectly, represents ‘proceeds of an indictable offence’. Accordingly, the elements that a prosecutor must prove include the following.

Factual elements

‘Dealing’ is defined to include receiving, acquiring, concealing, disguising, disposing of, converting, bringing to or removing from Hong Kong, or using property to borrow money or as security.

‘Property’ means any form of property located in Hong Kong or elsewhere and includes both movable and immovable property.

‘Indictable offence’ is any offence other than an offence that can be tried summarily. Indictable offences generally cover all serious offences.

‘Proceeds’ is defined to include any payments or rewards received, any property directly or indirectly derived or realised, and any pecuniary advantage obtained in connection with the commission of the offence.

Mental elements

‘Having reasonable grounds to believe’ is a two-stage test and will be satisfied where:

• the evaluation of facts or circumstances personal and known to the defendant would have led the defendant to have reason to suspect the property might have been tainted; and
• a reasonable person who shared the defendant’s knowledge would have been bound to believe that the property was tainted. That is, even if the defendant genuinely believes that the property is not tainted, but that belief is proved to be unreasonable by objective standards, the defendant may still be held liable.

3. What are the predicate offences to money laundering? Do they include foreign crimes and tax offences?

Hong Kong

Section 25 of OSCO provides that all indictable offences are predicate offences. ‘Indictable offence’ includes conduct that would constitute an indictable offence if it had occurred in Hong Kong. Tax evasion is an indictable offence in Hong Kong and so is a predicate offence for money laundering.

Drug trafficking is the predicate offence for money laundering under DTROP.

4. Is there extraterritorial jurisdiction for violations of your jurisdiction’s money laundering laws?

Hong Kong

The offence of dealing with proceeds of crime applies only to dealings in property in Hong Kong. However, the predicate offence need not take place in Hong Kong, and the laws apply to both residents and non-residents in Hong Kong.

5. Is there corporate criminal liability for money laundering offences, or is liability limited to individuals?

Hong Kong

Under the Interpretation and General Clauses Ordinance (Cap 1), ‘person’ in any statute includes any public body and any body of persons, corporate or unincorporated. A corporation can, therefore, be subject to liability for an offence including a money laundering offence. Hong Kong law attributes to a company the acts and states of mind of the individuals it employs. It will generally be necessary to invoke the identification principle, by which the acts and states of mind of any directors and managers who represent a company’s ‘directing mind and will’ are imputed to the company.

6. Which government authorities are responsible for investigating violations of the money laundering laws?

Hong Kong

The Hong Kong Police Force and the Customs and Excise Department are responsible for investigating money laundering activities under OSCO and DTRPO. The Independent Commission Against Corruption investigates money laundering offences that are facilitated by bribery and corruption.

7. Which government agencies are responsible for the prosecution of money laundering offences?

Hong Kong

The Prosecution Division of the Department of Justice (DOJ) prosecutes money laundering offences.

8. What is the statute of limitations for money laundering offences?

Hong Kong

There is no statutory time limit for prosecutions of money laundering offences in Hong Kong.

9. What are the penalties for a criminal violation of the money laundering laws?

Hong Kong

The maximum penalty applicable to persons convicted for criminal violation of money laundering upon indictment under OSCO or DTROP is a fine of HK$5 million and imprisonment for 14 years per offence.

10. Are there civil penalties for violations of the money laundering laws? What are they?

Hong Kong

Money laundering is a criminal offence in Hong Kong. There is no separate civil penalty regime for violations of OSCO or DTROP. However, civil penalties may be imposed under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap 615)  on certain businesses and professions for anti-money laundering compliance breaches.

11. Is asset forfeiture possible under the money laundering laws? Is it part of the criminal prosecution? What property is subject to forfeiture?

Hong Kong

During the investigation stage, proceeds of crime may be frozen or seized, which can be used as evidence as well as being subject to a confiscation application under OSCO and DTROP. All assets, cash and non-cash, may be frozen or seized, including securities, real property, jewellery and other valuables.

Upon conviction of a specified offence or drug trafficking offence, the DOJ may make an application to the Court of First Instance for a confiscation order against a defendant’s realisable property, for the equivalent value of their benefit. Under OSCO, confiscation orders may be made by the Court of First Instance over property of at least HK$100,000 in value. There is no value threshold for a confiscation order against a convicted person under the DTROP.

The confiscation order is treated as a sentence passed on the defendant and is penal in nature. Confiscation in lieu of conviction can also be pursued if the defendant intentionally avoids the service of any court documents, has fled the jurisdiction or has passed away.

In addition, the Hong Kong authorities can apply for a confiscation order upon receipt of a valid request from various foreign jurisdictions pursuant to the Mutual Legal Assistance in Criminal Matters Ordinance (Cap 525).

12. Is civil or non-conviction-based asset forfeiture permitted under the money laundering laws? What property is subject to forfeiture?

Hong Kong

Civil forfeiture does exist but is limited to drug-related offences where the DTROP allows for forfeiture of monies (not less than HK$125,000) seized when being imported into or exported from Hong Kong, which is the proceeds of or is intended for use in drug trafficking. Forfeiture is possible upon proving these elements on the balance of probabilities, irrespective of whether criminal proceedings are brought against any person. 

No similar scheme, however, exists in the OSCO, and the Hong Kong authorities would only be able to apply to the court to exercise its forfeiture powers upon a successful prosecution for the specified offence.

13. Which laws or regulations in your jurisdiction impose anti-money laundering compliance requirements on financial institutions and other businesses?

Hong Kong

The Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap 615) (AMLO) is the main piece of legislation that imposes anti-money laundering requirements on both financial institutions and designated non-financial businesses and professions (DNFBPs). However, there are additional pieces of legislation specific to certain sectors that supplement AMLO.

• In relation to financial institutions and financial services, the following ordinances also contain requirements: the Securities and Futures Ordinance (covering firms such as broker-dealers, asset managers and investment advisers), the Banking Ordinance (covering banks), the Insurance Ordinance (covering insurers and insurance intermediaries (insurance agents and brokers)), the Moneylenders Ordinance, and the Payment Systems and Stored Value Facilities Ordinance (covering both payment systems and services such as electronic wallets and prepaid cards).
• The Companies Ordinance sets out the requirements related to company formation and the beneficial ownership regime.
• Some sector-specific anti-money laundering requirements for DNFBPs are covered in specific legislation such as the Legal Practitioners Ordinance (LPO), the Professional Accountants Ordinance (PAO) and the Estate Agent Ordinance (EAO).

In addition to the anti-money laundering legislation, the various regulatory bodies that supervise the financial institutions and the DNFBPs have enforceable AML/CFT Guidelines, for example, banks must comply with the Hong Kong Monetary Authority’s (the HKMA) ‘Guideline on Anti-Money Laundering and Counter-Terrorist Financing (for Authorized Institutions)’, the Securities and Futures Commission’s (the SFC) ‘Guideline on Anti-Money Laundering and Counter-Terrorist Financing (for Licensed Corporations)’ applies to firms regulated by the SFC and the Insurance Authority has the ‘Guideline on Anti-Money Laundering and Counter-Terrorist Financing (for authorised insurers, reinsurers, appointed insurance agents and authorised insurance brokers carrying on or advising on long term business)’.

14. What types of institutions are subject to the AML rules?

Hong Kong

AML rules in AMLO apply to financial institutions such as Authorised Institutions (banks regulated under the Banking Ordinance), Licensed Corporations (firms regulated by the SFC), insurers and insurance intermediaries regulated by the Insurance Authority. Money service operators, a term that generally covers money changers and remittance service providers, are also subject to AML rules in AMLO, as are stored value facility licensees.

There is also a category of DNFBPs that is subject to AML rules under AMLO. This covers legal professionals, accounting professionals, estate agents and trust company service providers (TCSPs). From January 2023, dealers in precious metals and stones (DPMS) will be included in the DNFBPs and are also subject to some AML rules.

Money lenders are not subject to AMLO; however, under the Money Lenders Ordinance (Cap 163) they are subject to the AML/CFT Guideline issued by the Companies Registry and this is enforced as part of their licensing conditions.

15. Must payment services and money transmitters be licensed in your jurisdiction? Are payment services and money transmitters subject to the AML rules and compliance requirements?

Hong Kong

Yes, there are licensing requirements for payment services and money transmitters.

The provision of retail payment systems as well as stored value facilities is covered by the Payment Systems and Stored Value Facilities Ordinance (the PSSVFO). Part of the minimum criteria for a stored value facility to be licensed under the PSSVFO is that it has adequate and appropriate systems of control in place to ensure compliance with AMLO. There is also a Guideline on Anti-Money Laundering and Counter-Financing of Terrorism for Stored Value Facility Licensees, which sets out the relevant statutory and regulatory requirements on AML/CFT. The HKMA supervises compliance with this Guideline.

A licence is required to engage in the services of currency exchange in Hong Kong and money remittance. These activities are covered by the Money Service Operator (MSO) licensing regime, which is set out in AMLO. MSOs are subject to AML rules and compliance requirements and must comply with the Guideline on Anti-Money Laundering and Counter-Financing of Terrorism for Money Service Operators which is issued by the Commissioner of Customs and Excise. This Guideline sets out the statutory and regulatory requirements for MSOs on AML/CFT, including CDD and suspicious transaction reporting, and compliance with this Guideline is enforced through AMLO.

16. Are digital assets subject to the AML rules and compliance requirements?

Hong Kong

From June 2023, the AMLO requires virtual asset service providers (VASPs) to obtain a licence from the SFC. AMLO requires VASPs to comply with AML rules such as customer due diligence and record-keeping requirements.

Until June 2023, only the SFC had a virtual asset-specific regulatory framework for certain virtual asset trading platforms. The framework focused on investor protection and included AML/CFT rules.

Generally, digital assets are not subject to a separate set of AML requirements; rather, the focus for AML rules is on the financial institutions interfacing with clients and providing them with access to digital assets. Financial services regulators such as the HKMA and the SFC take a risk-based approach to the supervision of financial institutions and their interactions with digital assets on the basis of ‘same risk, same rules’.

17. What are the specific AML compliance requirements for covered institutions?

Hong Kong

Covered institutions must establish and maintain effective systems and controls to manage and mitigate the money laundering and terrorist financing risks and ensure that the AMLO requirements on customer due diligence (CDD), record-keeping and business monitoring are being complied with. In addition to AMLO, the enforceable AML/CFT Guidelines published by relevant authorities and regulatory bodies of financial institutions and DNFBPs provide sector-specific standards and guidance.

AMLO requires covered institutions to carry out CDD, and sets out when simplified due diligence may be effected, and which circumstances may require an enhanced approach. Generally, institutions should apply a risk-based approach when carrying out CDD, and the CDD measures should be commensurate with the money laundering and terrorist financing risks associated with the relationship.

AMLO requires the CDD process to identify and verify a client’s identity, as well as identifying and verifying the identity of any beneficial owners. Institutions should also obtain information on the purpose and intended nature of a business relationship with a client. The Guidelines provide guidance on CDD measures and on identifying different types of clients.

A covered institution must continuously monitor its business relationships with all customers. Procedures should be in place to:

• periodically review information and documents obtained for CDD purposes to ensure they are up-to-date and relevant;
• monitor transactions to ensure that they are consistent with the institution’s knowledge of the customer, its business and risk profile and the source of customer’s funds; and
• identify transactions that are unusual or complex and examine the background and purposes of transactions and record such findings in writing.

Covered institutions must also have systems and controls in place in order to comply with the requirement to make suspicious transaction reports (STR), and to properly manage and mitigate the risks associated with any customer or transaction involved in an STR. There should be a clear policy for internal reporting which all employees should be made aware of.

Record-keeping is a key requirement of the AML legislation. AMLO requires covered institutions to keep records of transactions, CDD and any other records necessary to ensure there is a clear audit trail for the AML systems and controls in place. The record-keeping procedures should be commensurate with the nature, size and complexity of the business.

Senior management will be responsible for implementing effective AML procedures, systems and controls that can adequately manage the money laundering and terrorist financing risks identified. In particular, senior management will be responsible for appointing a compliance officer to have the overall responsibility for the establishment and maintenance of the AML systems and controls, as well as a Money Laundering Reporting Officer (MLRO) to act as the central reference point for suspicious transaction reporting. There should therefore be governance arrangements in place to enable appropriate senior management oversight. An independent audit function should also be in place to review the AML procedures, systems and controls and report to senior management as necessary.

18. Are there different AML compliance requirements for different types of institutions?

Hong Kong

Generally, the AML compliance requirements are broadly similar to those between financial institutions and DNFBPs. The AML rules do, however, specify certain special situations in which additional requirements will apply, for example, in relation to remittance transactions or correspondent banking relationships. These additional requirements are set out in the AMLO.

AMLO also gives powers to the relevant authorities and regulatory bodies of financial institutions and DNFBPs to publish AML/CFT Guidelines providing guidance on the AML requirements that is relevant to their sector. The authorities and regulators will usually provide further specific detailed guidance for the firms they supervise by way of circulars or other guidance publications.

19. Which government authorities are responsible for the examination and enforcement of compliance with the AML rules?

Hong Kong

There are multiple agencies involved in the examination and enforcement of AML rules, as the AMLO provides relevant authorities and regulatory bodies of financial institutions and DNFBPs with the power to supervise compliance with the requirements under AMLO. These include the HKMA, the SFC, the Insurance Authority and the Money Service Supervision Bureau for financial institutions. DNFBPs are supervised by the Estate Agents Authority, the Hong Kong Institute of Certified Public Accountants, the Law Society of Hong Kong and the Companies Registry.

20. Are there requirements to monitor and report suspicious activity? What are the factors that trigger the requirement to report suspicious activity? What is the process for reporting suspicious activity?

Hong Kong

It is a statutory obligation to make an STR where a person knows or suspects that any property is:

• connected to an indictable offence (section 25A OSCO);
• connected to drug trafficking (section 25A DTROP);
• terrorist property (section 12 UNATMO); or
• related to offences endangering national security under Schedule 3 of the Implementation Rules for article 43 of the Law of the People’s Republic of China on Safeguarding National Security in the Hong Kong Special Administrative Region.

Firms are therefore expected to have AML/CFT systems and controls in place that allow for continuous monitoring of business relationships with customers, and that properly manage and mitigate the risks associated with any customer or transaction involved in an STR. The systems and controls should include the appointment of an MLRO, clear policies and procedures over internal reporting, reporting to the Joint Financial Intelligence Unit, post-reporting risk mitigation and prevention of tipping off, as well as keeping records of internal reports and STRs.

The factors that trigger the requirement to make the STR will depend on the sector and the type of institution involved and guidance is often provided in the sector-specific AML/CTF Guidelines. However, the statutory requirement to make the STR is triggered by knowledge or suspicion of money laundering or terrorist financing activity. Guidance generally describes knowledge as likely to include: (i) actual knowledge; (ii) knowledge of circumstances that would indicate facts to a reasonable person; and (iii) knowledge of circumstances that would put a reasonable person on inquiry. While knowledge is an objective standard, suspicion is more subjective and falls short of proof based on firm evidence. Where activity is unusual or inconsistent with the firm’s knowledge of the customer, the firm would be expected to investigate further to assess if the activity is suspicious.

Once knowledge or suspicion has been formed, firms should make an STR as soon as reasonably practical after the suspicion was first identified. There is no requirement that a transaction must have been conducted before an STR can be made. The MLRO of the firm will be the central reference point for making STRs, so firms should have policies in place which set out how staff should submit reports on potential or actual money laundering or terrorist financing activities to the MLRO. The AML legislation does not specify the detail of how firms should report suspicious activity internally. The MLRO must then assess whether an STR should be made to the Joint Financial Intelligence Unit (JFIU).

21. Are there confidentiality requirements associated with the reporting of suspicious activity? What are the requirements? Who do the confidentiality requirements apply to? Are there penalties for violations of the confidentiality requirements?

Hong Kong

Under the AML legislation, disclosing information relating to suspicious activity is permitted when following the procedures a firm has in place for reporting suspicious activity. This will include reporting information to the firm’s authorised officer, such as the MLRO. Indeed, where an employee discloses their knowledge or suspicion to the authorised officer they will have discharged their responsibility under the law. The AML/CTF Guidelines note that internal systems can be set up that allow employees to consult with managers before sending a report to the MLRO; however, managers should not filter out any money laundering or terrorist financing reports.

However, it is an offence to reveal to any person any information which might prejudice an investigation that might be carried out following the making of an STR. This is often referred to as the ‘tipping off’ offence. A person who commits the ‘tipping off’ offence can be subject to a fine or imprisonment of up to three years depending on the severity of the conviction.

Disclosure of suspicious activity by the authorised officer is only permitted to the JFIU, and law enforcement agencies departments responsible for investigating and prosecuting any criminal activities linked to the suspicious activity, for example, the Department of Justice, the Hong Kong Police Force, Customs and Excise and the Independent Commission Against Corruption.

Under both the DTROP and OSCO it is an offence to broadcast or publish any information that reveals that a report has been made to JFIU or the identity of anyone who has made a report. This includes a prohibition on court proceedings revealing that a report was made, and on revealing the details of the report and people interviewed in relation to the report.

22. Are there requirements for reporting large currency transactions? Who must file the reports, and what is the threshold?

Hong Kong

AMLO does not generally require the reporting of large currency transactions. However, from January 2023, a cash transaction report must be filed with the Commissioner of Customs and Excise when a non-Hong Kong precious metals and stones dealer carries out a cash transaction for precious metals and stones business to the value of at least HK$120,000.

23. Are there reporting requirements for cross-border transactions? Who is subject to the requirements and what must be reported?

Hong Kong

AMLO does not require the reporting of cross-border transactions. However, there is a requirement to report the cross-border movement of physical currency and bearer negotiable instruments the total value of which is more than HK$120,000 under the Cross-boundary Movement of Physical Currency and Bearer Negotiable Instruments Ordinance (Cap 629).

24. Is there a financial intelligence unit (FIU) or other government agency responsible for analysing the information reported under the AML rules?

Hong Kong

The JFIU is an independent FIU responsible for analysing the information received under the suspicious transaction reporting regime. The JFIU receives and assesses suspicious transaction reports. It will then share the information as necessary with the necessary bodies for further investigation or prosecution in Hong Kong or in other jurisdictions.

The JFIU is run jointly by the Hong Kong Police Force and the Hong Kong Customs & Excise Department. In the past three years, the JFIU received over 50,000 STRs each year, 80 per cent of which were submitted by banks.

25. What are the penalties for failing to comply with your jurisdiction’s AML rules, and are they civil or criminal?

Hong Kong

AMLO imposes both civil and criminal penalties for failure to comply with ‘specified provisions’, which is defined to mean certain provisions under Schedule 2 (Requirements Relating to Customer Due Diligence and Record-keeping) to AMLO. 

Criminal penalties are imposed upon financial institutions that contravene (either knowingly or with intent to defraud any relevant authority) a specified provision under the AMLO. Upon conviction, such penalties range from a fine of HK$100,000 and to imprisonment for six months, to a fine of HK$1 million and to imprisonment for seven years.

Individuals who are employees of a financial institution, who knowingly cause or permit the financial institution to contravene a specified provision, or does so with the intent to defraud the financial institution or relevant authority, are also liable under the AMLO. Criminal penalties on such individuals, upon conviction, range from a fine of HK$500,000 and imprisonment for ne year to a fine of HK$1 million and to imprisonment for seven years.

Civil penalties may be imposed upon financial institutions that contravene a specified provision under the AMLO. AMLO grants the regulatory authorities for financial institutions the power to take any of the following civil disciplinary actions:

• to publicly reprimand the financial institution;
• to order the financial institution to take any action it may specify to remedy the contravention; and
• to order the financial institution to pay a penalty up to an amount that is the greater of HK$10 million or three times the amount of the profit gained, or costs avoided, by the financial institution as a result of the contravention.

DNFBPs are not subject to civil or criminal penalties under AMLO. However, the regulatory bodies responsible for them will monitor and ensure their compliance with requirements specific to their sector, including AML requirements. The regulatory bodies can take action against DNFBPs. These powers are not set out in AMLO, rather they are covered in LPO, PAO and EAO.

TCSPs and, from January 2023, DPMS are classed as DNFPBs; however, the regimes covering TCSP licensing and DPMS registration are set out in AMLO. The Companies Registry is the relevant authority for TCSPs and the Commissioner for Customs and Excise will administer the DPMS regime. These bodies are given powers under AMLO to impose a range of disciplinary and financial penalties on TCSPs, DPMS and their directors for failing to comply with the licensing and registrations regimes and applicable AML/CFT requirements under AMLO as follows:

• public reprimand;
• pecuniary penalty not exceeding HK$500,000;
• order to take specific action to remedy a contravention; or
• revocation or suspension of the TCSP licence or DPMS registration.

26. Are compliance personnel subject to the AML rules? Can an enforcement action be brought against an individual for violations?

Hong Kong

Yes, enforcement action can be brought against an individual for violations of the specified provisions under Schedule 2 (Requirements Relating to Customer Due Diligence and Record-keeping) to AMLO, but only in respect of serious violations that carry criminal penalties. Employees of a financial institution who knowingly cause or knowingly permit the financial institution to contravene a specified provision will have committed an offence under AMLO and will be liable to criminal penalties. However, AMLO provides that it would be a defence if such individuals can prove that they acted in accordance with the policies and procedures established and maintained by the financial institution for the purpose of ensuring compliance with the relevant specified provision.

The regulatory authorities can bring civil enforcement actions against individuals, and this could include compliance personnel. In recent years, the Securities and Futures Commission has taken enforcement action against compliance personnel for AML failings.

27. What is the statute of limitations for violations of the AML rules?

Hong Kong

Under AMLO, the limitation period for offences other than an indictable offence is 12 months from when the offence is discovered (section 53, AMLO). There is no specified limitation period for indictable offences or for the civil penalties under the AMLO. 

28. Does your jurisdiction have a beneficial ownership registry or an entity or office that collects information on the beneficial ownership of legal entities?

Hong Kong

Hong Kong incorporated companies are required to maintain their own up-to-date beneficial ownership information by way of keeping a ‘significant controllers register’ (the SCR).

Companies are required to take reasonable steps to identify their significant controllers and to give notice to the significant controllers that they have been identified as such. Companies must obtain the required details on the significant controllers and enter them on the company SCR. This information must be kept up to date.

The SCR must be kept at the company’s registered office or a place in Hong Kong, either in hard copy or electronic form. The Companies Registry has the power to ensure that companies are in compliance with this requirement. A company’s SCR is not open to the public, but it is open to law enforcement authorities upon demand.

Companies that have their shares listed on the Stock Exchange of Hong Kong are exempted from the requirement.