Name
Global FinTech Guide
Country _ Name
Hong Kong
SectionTitle
KYC requirements
Body
The know your customer or know your client (KYC) guidelines and regulations for financial services require that professionals try to verify the identity, suitability, and risks involved with maintaining a business relationship.

Legal affairs

National regulatory framework regarding AML and effective date of the regulations

AML laws fall generally into two categories:

  • Prevention of money laundering, under the Organised and Serious Crimes Ordinance (“OSCO”) and Drug Trafficking (Recovery of Proceeds) Ordinance ("DTROP"). OSCO came into effect on 2 December 1994 (with the remaining provisions coming into effect on 28 April 1995), whereas DTROP came into effect on 1 September 1989 (with the remaining provisions coming into effect on 1 December 1989); and
  • Requirements on customer due diligence/ KYC, ongoing monitoring, prevention of terrorist financing, suspicious transaction reporting, record keeping under the Anti-money Laundering and Counter-Terrorist Financing Ordinance ("AMLO"). This came into effect on 1 April 2012 and imposes on financial institutions requirements regarding customer due diligence and record-keeping. In 2018, some of its provisions were extended to certain Designated Non-Financial Professions and Businesses ("DNFPBs").

All financial services regulators in Hong Kong (such as the HKMA and the SFC) have issued AML guidelines.

National regulator or relevant authority for AML controls

There is no central regulator. Each financial services regulator issues its own guidelines for AML compliance. 

In addition, the Joint Financial Intelligence Unit manages the suspicious transaction reporting regime in Hong Kong. 

Customer Due Diligence

Conduct of a typical KYC identification process

A typical KYC identification process involves:

    (i) Identifying the customer and verifying the customer’s identity using documents, data or information provided by a reliable and independent source
    (ii) Identifying and taking reasonable measures to verify the beneficial owner’s identity (for corporate customers or customers under a trust or nominee arrangement)
    (iii) Obtaining information on the purpose and intended nature of the business relationship (if any) established (unless such purpose or intended nature is obvious)
    (iv) Identifying and verifying the identity of persons purporting to act on behalf of a customer

There is no minimum standard per se as the process is typically dictated by the nature of the client and transaction. A risk-based approach can be adopted.

Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations

It depends on the extent of the reliance and the contractual arrangements between the parties. Financial institutions or DNFPBs may rely upon an intermediary to perform certain CDD measures subject to satisfaction of certain requirements under AMLO. The ultimate responsibility of ensuring that for CDD requirements are met remains with the outsourcing entity. 

Possibility to outsource customer due diligence by contract to other third parties who are not obliged by law to meet AML regulations and rely on these (e.g., WebID, IDnow, PostIdent)

Yes, but the responsibility to observe AML/CTF laws rests with the financial institutions or DNFPBs.

Presence of a license or registration requirement for the third party in case of outsourcing customer due diligence

Generally speaking, no.

Further questions

Entities that could be relied on specifically by law as a third p

Authors

Close

Choose country