What should legal practitioners do?
Client identification and verification
Legal practitioners are required to identify and, in “Applicable Circumstances”, verify a client’s identity.
- Client identification is required in all situations when acting for or on behalf of the client
- Client verification is required when a solicitor acts for a client in any of the “Applicable Circumstances” referred to in question 5 (Which legal services are subject to AML / CTF Regulations?) above.
Client identification refers to the basic information a solicitor is required to obtain and record about a client to know who she/he is. Client verification refers to the process of obtaining and checking documents needed to confirm the client’s identity.
Legal practitioners should refer to Annexure 3 to Practice Direction P for details on the type of information required and methods used to verify a client’s identity.
In addition, the Law Society has issued guidance entitled Alternative Processes to Verify a Client’s Identity which provides legal practitioners with different ways of verifying the identity of the client.
Client Due Diligence
Legal practitioners are required to conduct CDD in the “Applicable Situations” referred to in question 5 (Which legal services are subject to AML / CTF Regulations?) above, namely:
- Establishing business relationships
- Carrying out occasional transactions
- In exceptional or urgent circumstances where it is not practicable to conduct CDD at the time of instructions, as soon as possible after preliminary client information is obtained
- Whenever there is a suspicion of money laundering or terrorist financing
- Whenever there are doubts regarding the accuracy or adequacy of documents or information previously obtained from the client.
In addition to client identification and verification, the CDD measures carried out by the solicitor must include:
- obtaining information on the nature and intended purpose of the transaction
- identifying when there’s a beneficial owner who is not the client and taking reasonable measures to verify their identity and to understand the ownership and control structure of a legal person, trust, company, foundation or similar legal arrangement
- obtaining information on the Source of Funds
- screening a customer’s name against the Sanctions and terrorist suspects lists.
When determining the extent of CDD, solicitors are required to adopt a risk-based approach to assess how much information is required, which will depend on the type of client, the business relationship, and the transaction to be undertaken.
To determine the risk profile of the client, the following factors should be considered:
- background and origin of the client
- nature of the client's business
- the complexity and structure of ultimate beneficial ownership
- purpose of the transaction to be undertaken
- delivery channel
- Source of Funding
- other information suggesting a higher risk of money laundering or terrorist financing.
Solicitors are required to apply:
- Enhanced Due Diligence (EDD) for the Applicable Situations listed in paragraph 3 of Table A of the PDP
- Simplified Due Diligence (SDD) in the Applicable Situations listed in paragraph 4 of Table A of the PDP
- “Standard” Due Diligence for all other situations
Enhanced Due Diligence
Paragraph 3 of Table A sets out a list of circumstances in which EDD measures must be applied. These include any transaction or business relationship involving:
- a politically exposed person (PEP) or a family member or known associate of a PEP
- a person, entities or a transaction connected with a higher-risk jurisdiction
- when handling complex, unusual transactions or transactions, or an unusual pattern of transactions, which have no apparent economic or lawful purpose
- overseas companies where corporate information is not readily accessible or with nominee shareholders or a significant portion of capital in the form of bearer shares
- a preliminary interview which leads to suspicion of money laundering or terrorist financing
- doubt about the veracity or adequacy of previously obtained client identification data
- a situation which may present a high risk of money laundering or terrorist financing, as established by the HKSAR Government through a Law Society notice to members.
Please note that detection of a high-risk factor in respect of a client should not immediately cause the client to be under suspicion of criminal activity. It should be emphasised that what high-risk means is, simply, that additional measures should be taken for the purpose of the solicitor’s compliance objective which is to ensure that any financial transaction he is involved in does not involve criminal proceeds.
Examples of suspicious transaction indicators and higher-risk areas are set out in Annexure 4 to the PDP.
Simplified Due Diligence
SDD is allowed to be carried out where the business relationship or transaction presents a low risk of money laundering or terrorist financing. The presence of one or more high-risk factors will usually not allow for the application of SDD.
Paragraph 4 of Table A sets out a list of circumstances in which SDD could be applied, including when dealing with:
- public companies that are subject to regulatory disclosure requirements
- financial institutions regulated by competent authorities, e.g. the Securities and Futures Commission, the Hong Kong Monetary Authority or any authority in an equivalent jurisdiction that is member of the Financial Action Task Force, or that have measures in place to ensure compliance with requirements similar to those imposed under the AMLO.
When applying the SDD measures, it is not necessary to verify the identity of shareholders of publicly listed companies (paragraph 89 of the PDP).
In addition, the AMLO states that SDD exempts legal practitioners from the identification and verification of identity of beneficial owner(s) when a client falls within one of the categories specified in s. 4(3), Schedule 2 to the AMLO, or when the product related to the transaction is a specified product defined in s. 4(5), Schedule 2 to the AMLO.
Ongoing monitoring and record keeping
Continuous monitoring and screening of clients is required to identify unusual or suspicious activities and to keep clients’ risk assessments up-to-date.
Paragraph 5 of Table A and paragraph 107.3 of the PDP require legal practitioners to perform ongoing reviews when:
- a client is categorised as “high risk” (see examples listed in paragraph 3 of Table A)
- there are changes to instructions or to the relationship between a client and relevant party(ies) which gives rise to suspicion.
In addition, a client’s CDD information should be refreshed or reviewed when a transaction / new client matter is:
- by virtue of the amount or nature of the transaction, unusual or suspicious
- not consistent with the legal practitioner’s knowledge of the client or the client’s business, risk profile, or the client’s Source of Funds.
Ongoing monitoring requires a solicitor to:
- scrutinize transactions and instructions of the client to ensure that they are consistent with the firm’s knowledge of the client and its business, risk profile and Source of Funds
- undertake reviews of existing records and keep the documents, or information obtained for the purpose of applying CDD, up to date
- identify transactions that are complex, unusually large or that form an unusual pattern or that have no apparent economic or lawful purpose.