Frequently asked questions on the Institute’s anti-money laundering monitoring regime

Responding to queries about the Institute’s AML monitoring regime

The Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AML Ordinance) has been in effect for accountants for over a year now. Since its introduction the Institute has received a number of questions on the regime. In response, the Institute has published these frequently asked questions. These FAQs will be updated over time on the Institute’s website.

Q1. Does my practice need to appoint a money laundering reporting of cer (MLRO) if (a) it does not have an intention to engage, by way of business, in work to prepare for or carry out specified transactions, or (b) it is an own name practice with no staff?

The Drug Trafficking (Recovery of Proceeds) (Amendment) Ordinance; Organized and Serious Crimes (Amendment) Ordinance; and United Nations (Anti-Terrorism Measures) Ordinance all have requirements to report suspicious transactions, which apply to everybody in Hong Kong. Under the law, employees may disclose their knowledge or suspicion that certain activities may relate to money laundering and terrorist financing to a person designated to receive such reports by their employer. By making appropriate disclosures to the designated person, in accordance with procedures laid down by their employer, employees are regarded as having discharged their obligations under the law. As indicated in Sections 610 and 640 of the Guidelines on Anti-Money Laundering and Counter-Terrorist Financing for Professional Accountants (AML guidelines), practices must appoint an MLRO as a central reference point for reporting suspicious transactions. Therefore, each practice should designate a person of sufficient seniority and authority within the practice as an MLRO in order to discharge its responsibilities. In case of a sole proprietorship or an own name practice, the sole proprietor or sole practitioner can be the MLRO but such designation should be communicated to all staff members, if any, in order to draw their awareness.

Q2. If a CPA rm conducts due diligence work or acts as a reporting accountant for a client in respect of a purchase or a sale of real estate or a business entity, would that constitute a specified transaction and require the relevant AML procedures to be carried out by the CPA firm?

Paragraph 600.2.1 of the AML guidelines provides that when practices, by way of business, prepare for or carry out for a client a transaction involving buying and selling of real estate (point (a)) or business entities (point (f)), specific AML procedures are required to be adopted. In the Institute’s view, due diligence or reporting accountant work on a purchase or a sale of real estate or a business entity assists the client in preparing for those transactions, whether or not they are eventually completed. The nature of those engagements means that the CPA rm to be engaged for such work would normally be sufficiently involved to fall within the scope of paragraph 600.2.1 and hence the relevant AML procedures should apply.

Q3. An entity bought a shelf company and plans to engage a practice to change the company name of and provide secretarial services to the shelf company. Will the services to be provided be considered as falling within the scope of specified services, including services of “creating, operation or management of a legal persons or arrangements” (paragraph 600.2.1(e))/“forming corporations or other legal persons” (paragraph 600.2.2(a))?

Since the shelf company has already been created before a practice is engaged to change the company’s name, the practice will not be involved in creating or forming the company. Accordingly, for the work on the change in name alone, it will not meet the definitions as set out in paragraphs 600.2.1(e) and 600.2.2(a) and therefore will not constitute a specified service. However, this position will not be the same if the practice was also previously involved, by way of business, in helping the entity to set up or acquire the shelf company as such transaction would have caught by paragraphs 600.2.1(e), 600.2.2(a) or probably 600.2.1(f) (buying and selling of business entities) and met the definition of a specified service. Depending on the scope of company secretarial services to be provided by the practice, those services may also meet the definition of other specified services as defined in paragraph 600.2. Accordingly, care should be taken to clearly define the scope of services if the services are not to be treated as specified services. Notwithstanding the above, the practice should always bear in mind its responsibility for making a suspicious transaction report to the Joint Financial Intelligence Unit when an unusual or suspicious event is identified during the course of its work.

Q4. Paragraph 620.10.5 of the AML guidelines requires that verification of identity must be concluded within a reasonable timeframe after the establishment of business relationship. What is a “reasonable” timeframe?

Practices should determine the timeframe that is commensurate to their circumstances. Although there is no defined timeline set out in the AML guidelines, practices may make references to the guideline established by the Companies Registry on compliance with a similar provision in the relevant AML Ordinance. The Companies Registry requires a Trust or Company Service Provider licensee to suspend a business relationship with a client or customer if a verification of identity cannot be completed within 60 working days after the establishment of the business relationship; and to terminate the business relationship if the verification cannot be concluded within 120 working days after the establishment of the business relationship.

Q5. Is it advisable for a practice to adopt T01 (Example policies and procedures) from the Institute’s anti-money laundering procedures manual for accountants (AML procedures manual) without tailoring?

The example policies and procedures in the AML procedures manual only provide general guidance on drawing up an AML/CTF policy manual. The example policies and procedures should be tailored to suit the circumstances of the practice. For example, if a practice chooses not to apply “good practice” on services other than those specified in paragraphs 600.2.1 and 600.2.2 of the AML guidelines, the practice’s AML/CTF policy manual should not state that policies and procedures regarding customer due diligence and ongoing monitoring are applied to all clients. Practices are reminded that since suspicious transaction reporting and financial sanctions (sections 640 and 650 of the AML guidelines) are mandatory regardless of the services provided, every practice should have policies and procedures on suspicious transaction reporting and financial sanctions. In a practice review, an assessment will be made on the practice’s level of compliance with its established policies and procedures and any failure of compliance will be reported as a finding.

Q6. What is the expected frequency of a periodic review of customer due diligence (CDD) information?

Other than an event-driven review, practices should perform a periodic review of all clients to ensure the CDD information remains up to date and relevant. The frequency of a periodic review is dependent on the risk assessment of clients. Clients who are either foreign politically exposed persons (PEP) or high risk domestic PEP should be subjected to an annual review (paragraph 620.12.20) as a minimum. In addition, practices should carry out an annual review of risk category of clients (paragraph 620.10.8) and for material changes in the client’s ownership and/or activities (paragraph 620.10.7(b)). Practices are advised to set out in their AML policy manual the frequency of a periodic review and what constitutes a triggering event for a review of the CDD information held on a particular client, including a pre-existing client (i.e. a client with which the practice had a business relationship before the implementation of the AML Ordinance).

This article was contributed by the Institute’s staff. The answers provided may not give a solution that will be relevant for every practice unit as circumstances differ from case to case. Practice units must apply professional judgement in dealing with compliance issues.

Add to Bookmark
Text size
Related Articles
January 2024
The President of the Institute on tackling the talent shortage issue, and the significance of the Institute’s role as a statutory sustainability standard setter
January 2024
Digital transformation
January 2024
Key insights from the Institute’s study on the current state of technology adoption by small- and medium-sized practices in Hong Kong
BCG & ESG Awards
January 2024
Key highlights based on the awardees of the Institute’s business awards which celebrate achievements in corporate governance and ESG
January 2024


We use cookies to give you the best experience of our website. By continuing to browse the site, you agree to the use of cookies for analytics and personalized content. To learn more, visit our privacy policy page. View more
Accept All Cookies