Name
Global FinTech Guide
Country _ Name
China
SectionTitle
KYC requirements
Body
The know your customer or know your client (KYC) guidelines and regulations for financial services require that professionals try to verify the identity, suitability, and risks involved with maintaining a business relationship.

Legal affairs

National regulatory framework regarding AML and effective date of the regulations

National regulatory framework regarding Anti-money Laundering (AML) in China mainly consists of AML law, AML guidelines for banks and AML Measures for financial institutions. Chinese governments have started to put more stress on AML supervision by issuing more specific and detailed rules since 2021. AML supervision would be conducted through the whole process of finance business.

AML law of the PRC was first effective on 1 January 2007. Under the AML law, financial institutions and certain non-financial institutions required to comply with AML requirements must implement preventive and monitoring measures and establish internal AML control systems. These obligations include, but are not limited to, customer due diligence, customer identification, record-keeping of transactions, reporting of large-value and suspicious transactions, and implementation of special AML preventive measures. The State Council anti-money laundering administrative authority is responsible for nationwide anti-money laundering supervision and administration. The newly amended Anti-Money Laundering Law was passed on November 8, 2024. This represents the first significant revision of the AML law since its official implementation in 2007. The revision not only updates the existing legal framework but also signifies a substantial enhancement of national financial security and international financial governance capabilities. The revised AML law strengthens the anti-money laundering obligations of financial institutions based on a risk-based approach. It introduces new requirements for internal anti-money laundering control systems and regular money laundering risk assessment mechanisms, outlines the duties in performing anti-money laundering customer due diligence, emphasizes the establishment of money laundering risk management measures by financial institutions, underscores the application of technology in anti-money laundering management, and establishes mechanisms for anti-money laundering information sharing. The amended AML law also intensifies penalties for violations committed by financial institutions by expanding the scope of prohibited acts and increasing the maximum fines imposed on directors, supervisors, senior management, and other directly liable individuals.

PBOC and State Administration of Foreign Exchange issued the Guidelines for Anti-Money Laundering and Counter-terrorism Financing in Cross-border Services of Banks (for Trial Implementation) on 19 January 2021 (Guidelines). It is aimed to govern the cross-border receipt and payment activities in RMB and foreign currencies and domestic foreign exchange business activities of domestic and foreign institutions and individuals.

The PBOC issued Measures for the Supervision and Administration of Anti-money Laundering and Counter-terrorism Financing of Financial Institutions on 15 April 2021 (Measures
). It applies to every kind of financial institutions in order to establish and improve their internal control system for AML.

The PBOC issued a notice on Strengthening Anti-money Laundering Supervision of Designated Non-financial Institutions in 2018, to specify the anti-money laundering obligations of certain non-financial institutions.
The PBOC, CBIRC (already replaced by NFRA) and CSRC jointly announced Administrative Measures for Client Due Diligence and Preservation of Clients' Identity Information and Transaction Records by Financial Institutions (KYC Measures), effective from March 1, 2022. It sets out the framework requirements and standards for KYC procedures adopted by different types of financial institutions.

National regulator or relevant authority for AML controls

The State Council anti-money laundering administrative authority is responsible for nationwide anti-money laundering supervision and administration. It establishes an anti-money laundering information centre responsible for receiving and analysing reports on transactions with large amounts and suspicious transactions, reporting the analysis results to the State Council anti-money laundering administrative authority. The relevant departments and agencies of the State Council shall carry out anti-money laundering supervision and administration within their respective scope of duties. Meanwhile, PBC and its branches supervise and administer the anti-money laundering and counter-terrorism financing of financial institutions.


Customer Due Diligence

Conduct of a typical KYC identification process

Financial institutions shall establish a system of determining customer identity pursuant to the provisions of AML law. Guidelines have given requirements for banks with high standards on customer due diligence, including the overall principles, information, circumstances of being not approved and continuous identification obligations and measures have stipulated the requirements for financial institutions.

The overall principle of KYC is to ensure that the customers are qualified to engage in relevant businesses by presenting integrity and accuracy of their identity information. When a financial institution establishes a business relationship with a customer or provides one-off financial services such as cash remittance, currency exchange, bill discounting etc., or financial institutions have reasonable doubts about a customer's transactions potentially being involved in money laundering, the financial institution shall conduct verification and registration by requiring the customer to provide true and valid identification documents or any other form of identification document. The KYC Measures stipulates the following general due diligence procedures:
  • identifying the identity of the client and verifying the identity through supporting materials, data or information from reliable and independent sources;
  • understanding the purpose and nature of the business relationship and transaction established by the client and obtaining the relevant information based on the risk status;
  • understanding the source and purpose of the funds of the client and taking enhanced due diligence measures based on the risk status for circumstances containing high money laundering or terrorist financing risks;
  • carrying out ongoing due diligence on the client throughout the existence of the business relationship, examining the client's status and transactions so as to confirm that the various services and transactions provided to the client are consistent with the financial institution's knowledge of the client's identity background, business demands, risk status, as well as the source and use of the client's funds; and
  • identifying and taking reasonable measures to verify the beneficial owner of the client if the client is an incorporated entity (legal person) or unincorporated organization.
Notwithstanding the above, the financial institution shall determine the specific scope and methods of due diligence measures based on the differentiation of risk status and shall not take due diligence measures which are obviously inconsistent with the risk status, so as to achieve a balance between risk prevention and service optimization)

For cross-border transaction, banks shall identify the background information of customers, including but not limited to, the customers' money laundering and terrorism financing risk levels; violation records and bad records with relevant regulatory authorities and the banks; the customers' operating conditions; shareholders or actual controllers; beneficial owners, main affiliated enterprises and counterparties; credit records; financial indicators; sources and purposes of funds; intentions and nature of business relations; transaction intent and logic; foreign-related operations and cross-border receipts and payments; and whether they are political public figures.

By performing cross-border services, banks and financial institutions shall continuously identify and re-identify customers in accordance with laws and regulations.
Certain non-financial institutions shall follow up all of the above regulations to perform anti-money laundry and anti-terrorist financing obligations.

While there is no fundamental conflict between the KYC measures and the new AML Law, competent authorities may update the KYC measures to align with the risk-based approach introduced by the new AML law.

Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations

Yes, but financial institutions shall bear the ultimate liability for the KYC requirements themselves.
According to the Guidelines, banks could rely on a third-party organisation to identify customers, while they shall specify in contracts, agreements, or other written documents the duties of the third-party organisation for identifying customers and monitoring anti-money laundering and counter-terrorism financing. The third-party organisation is also required to develop qualified customer identification measures and implement such measures. Where a third party is relied on to identify customers, banks bear the liability arising from its failure to perform the obligation of identifying customers. Where a financial institution determines the identity of a customer through a third party, it shall ensure that the third party has adopted measures for determining customer identity which comply with the requirements of AML laws; where the third party has not adopted measures for determining customer identity which comply with the requirements of AML Law, the financial institution bears the liability of not fulfilling the obligation of determining customer identity

Possibility to outsource customer due diligence by contract to other third parties who are not obliged by law to meet AML regulations and rely on these (e.g., WebID, IDnow, PostIdent)

Yes, but financial institutions still bear the ultimate liability to comply with the KYC requirements. Please see the above section 4. d. for further information. In addition, the outsourced third parties shall also comply with the following requirements:

  • the third party shall be subject to anti-money laundering and anti-terrorism financing supervision or monitoring;
  • the financial institution shall assess the third party's risk status and its ability to perform anti-money laundering and anti-terrorism financing obligations and ensure that the third party has taken due diligence on clients and measures to keep clients' identities and transaction records in accordance with laws and regulations on anti-money laundering and anti-terrorism financing and the relevant requirements of the KYC Measures; if the third party has a relatively high risk situation or does not have the ability to perform anti-money laundering and anti-terrorism financing obligations, the financial institution shall not identify the clients through the third party;
  • the financial institution can immediately obtain necessary information for due diligence on clients from the third party; and
  • if necessary, the financial institution can immediately obtain copies or photocopies of the identity certificate or other identity documents and other materials obtained by the third party through due diligence on clients.
If the third party fails to cooperate with the financial institution in performing due diligence on clients, it shall assume the corresponding liability.

Presence of a license or registration requirement for the third party in case of outsourcing customer due diligence
At the moment, there is no requirement for obtaining a license or registration. KYC service providers who are involved in the developing of software, application of cloud computing, and other technology application need to list the business scope during the registration process or apply for the license of SAAS, ICP, and other internet service-related licenses subject to requirements of market regulatory departments.


Further questions

Entities that could be relied on specifically by law as a third party to comply with AML regulations (regardless of outsourcing)


Yes credit institutions
Yes financial institutions
Yes auditors, external accountants, and tax advisors
Yes notaries and other independent legal professionals
Yes other trust or company service providers
Yes estate agents
Yes other persons trading high-value goods
  providers of gambling services


Authors

Close

Choose country