1. Client identification and verification
    Legal practitioners are required to identify and, in “Applicable Circumstances”, verify a client’s identity. 
    • Client identification is required in all situations when acting for or on behalf of the client
    • Client verification is required when a solicitor acts for a client in any of the “Applicable Circumstances” referred to in question 5 (Which legal services are subject to AML / CTF Regulations?). 

    Client identification refers to the basic information a solicitor is required to obtain and record about a client to know who she/he is. Client verification refers to the process of obtaining and checking documents needed to confirm the client’s identity.

    Legal practitioners should refer to Annexure 3 of the PDP for details on the type of information required and methods used to verify a client’s identity.

    In addition, the Law Society has issued guidance entitled Alternative Processes to Verify a Client’s Identity, September 2022 (the “guidance”) which sets out different methods of verifying a client’s identity.

    In relation to Section 5 (Digital identification system) of the guidance, the Law Society provided further clarification on the use of digital identification systems in Circular 23-310 (SD). Section 4 of Circular 23-310 (SD) stipulates that iAM Smart, developed and operated by the HKSAR Government, is a digital identification system recognised by the Law Society that can be used for identity verification of natural persons.   
  2. Client Due Diligence
    Legal practitioners are required to conduct CDD in the “Applicable Situations” referred to in paragraph 2 of Table A of the PDP when:     
    • Establishing business relationships 
    • Carrying out occasional transactions 
    • In exceptional or urgent circumstances where it is not practicable to conduct CDD at the time of instructions, as soon as possible after preliminary client information is obtained.  

    In addition to client identification and verification, the CDD measures carried out by the solicitor must include:
    • obtaining information on the nature and intended purpose of the transaction 
    • identifying when there’s a beneficial owner who is not the client and taking reasonable measures to verify their identity and to understand the ownership and control structure of a legal person, trust, company, foundation or similar legal arrangement
    • obtaining information on the Source of Funds 
    • screening a customer’s name against the Sanctions and terrorist suspects lists.

    When determining the extent of CDD, solicitors are required to adopt a risk-based approach to assess how much information is required, which will depend on the type of client, the business relationship, and the transaction to be undertaken. 

    To determine the risk profile of the client, the following factors should be considered:
    • background and origin of the client
    • nature of the client's business 
    • the complexity and structure of ultimate beneficial ownership 
    • purpose of the transaction to be undertaken
    • delivery channel 
    • Source of Funding 
    • other information suggesting a higher risk of money laundering or terrorist financing.

    Solicitors are required to apply:
    • Enhanced Due Diligence (EDD) for the Applicable Situations listed in paragraph 3 of Table A of the PDP
    • Simplified Due Diligence (SDD) in the Applicable Situations listed in paragraph 9 of Table A of the PDP 
    • “Standard” Due Diligence for all other situations.
  3. Enhanced Due Diligence
    Paragraph 3 of Table A of the PDP sets out a list of circumstances in which EDD measures must be applied. These include any transaction or business relationship involving:
    • a politically exposed person (PEP) or a family member or known associate of a PEP
    • a person, entities or a transaction connected with a higher-risk jurisdiction 
    • complex, unusual transactions or transactions, or an unusual pattern of transactions, which have no apparent economic or lawful purpose 
    • overseas companies where corporate information is not readily accessible or with nominee shareholders or a significant portion of capital in the form of bearer shares 
    • a preliminary interview which leads to suspicion of money laundering or terrorist financing
    • doubt about the veracity or adequacy of previously obtained client identification data 
    • a situation which may present a high risk of money laundering or terrorist financing, as established by the HKSAR Government through a Law Society notice to members.

    Please note that detection of a high-risk factor in respect of a client should not immediately cause the client to be under suspicion of criminal activity.  It should be emphasised that what high-risk means is, simply, that additional measures should be taken for the purpose of the solicitor’s compliance objective which is to ensure that any financial transaction he is involved in does not involve criminal proceeds.

    Examples of suspicious transaction indicators and higher-risk areas are set out in Annexure 4 to the PDP.
  4. Simplified Due Diligence
    SDD is allowed to be carried out where the business relationship or transaction presents a low risk of money laundering or terrorist financing. Paragraph 9 of Table A of the PDP sets out a list of circumstances in which SDD could be applied in accordance with Section 4, Schedule 2, Part 1 to the AMLO. 

    The AMLO states that SDD exempts legal practitioners from the identification and verification of beneficial owner(s) when a client falls within one of the categories specified in Section 4(3), Schedule 2, Part 1 to the AMLO, or when the product related to the transaction is a specified product defined in Section 4(5), Schedule 2, Part 1 to the AMLO.

    The SDD can be applied to the following clients and products:  
    • A government or public institution established in HK or in equivalent jurisdiction that has measures in place to ensure compliance with requirements similar to those imposed under AMLO
    • A financial institution incorporated in Hong Kong or jurisdiction subject to, and supervised in relation to, compliance with AML/CTF consistent with standards set by FATF 
    • A company listed on a regulated market subject to disclosure requirements
    • An investment vehicle fulfilling requirements contained in Section 4 (3) (d) of the AMLO
    • Low risk products such as a provident, pension retirement or superannuation scheme that provides retirement benefits, an insurance policy that does not contain a surrender clause or can be used as collateral for the purpose of the above products, or a life insurance policy as defined in Section 4 (5) (c) of the AMLO.

    SDD measures should not be applied, or continue to be applied, where: 
    • a client or transaction presents a high risk of money laundering/terrorist financing as defined in paragraph 3 of Table A (Enhanced client due diligence)
    • the risk assessment changes during the course of business
    • there is a suspicion of money laundering/terrorist financing 
    • there are doubts about the veracity or accuracy of documents or information previously obtained for the purposes of identification or verification.

    When SDD is applied, a solicitor may: 
    • not need to identify and verify beneficial owner
    • accept other documents, data or information (e.g. proof of FI’s license, listed status or authorization status only etc.)
    • reduce the degree of ongoing monitoring
    • not need to collect specific information or carry out specific measures to understand the purpose and intended nature of the business relationship, but can infer the purpose and intended nature from the type of transactions or business relationship established. 

    The presence of one or more risk factors will usually not allow for the application of SDD.
  5. Ongoing monitoring and record keeping
    Continuous monitoring and screening of clients is required to identify unusual or suspicious activities and to keep clients’ risk assessments up-to-date.

    Paragraph 10 of Table A, paragraph 122.4 and 124.3 of the PDP require legal practitioners to perform ongoing reviews when:
    • a client is categorised as “high risk” (see examples listed in paragraph 3 of Table A)
    • there are changes to instructions or to the relationship between a client and relevant party(ies) which gives rise to suspicion
    • a client or beneficiary owner is a PEP. 

    In addition, a client’s CDD information should be refreshed or reviewed when a transaction / new client matter is:
    • by virtue of the amount or nature of the transaction, unusual or suspicious
    • not consistent with the legal practitioner’s knowledge of the client or the client’s business, risk profile, or the client’s Source of Funds.

    Ongoing monitoring requires a solicitor to:
    • scrutinize transactions and instructions of the client to ensure that they are consistent with the firm’s knowledge of the client and its business, risk profile and Source of Funds
    • undertake reviews of existing records and keep the documents, or information obtained for the purpose of applying CDD, up to date
    • identify transactions that are complex, unusually large or that form an unusual pattern or that have no apparent economic or lawful purpose.