This page provides links to the key legislation, guidance, supporting publications and templates to help members detect and prevent Money Laundering (“ML”), Terrorist Financing (“TF”) and Proliferation Financing (“PF”). 

Regulatory Framework
  1. Guideline on Anti-Money Laundering and Terrorist Financing for Legal Practitioners 
    1. Practice Direction P (“PDP”) (Revised version: June 2023) 
    2. Circular 23-310 (SD)
  2. Money Laundering Legislation      
    1. Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615) (“AMLO”)
    2. Drug Trafficking (Recovery of Proceeds) Ordinance (Cap. 405) (“DTRPO”)
    3. Organized and Serious Crimes Ordinance (Cap. 455) (“OSCO”)
  3. Terrorist Financing Legislation      
    1. United Nations (Anti-Terrorism Measures) Ordinance (Cap. 575) (“UNATMO”)
    2. United Nations Sanctions Ordinance (Cap. 537) (“UNSO”)
    3. United Nations Sanctions (ISIL and Al-Qaida) Regulation (Cap. 537CB) (the “(ISIL and Al-Qaida) Regulation”)
    4. United Nations Sanctions (Afghanistan) Regulation 2022 (Cap. 537CN) (the “Afghanistan Regulation”) 
  4. Proliferation Financing Legislation      
    1. Weapons of Mass Destruction (Control of Provision of Services) Ordinance (Cap. 526) (“WMDO”)
    2. United Nations Sanctions Ordinance (Cap. 537)
    3. United Nations Sanctions (Joint Comprehensive Plan of Action - Iran) Regulation (Cap.537BV) (the “(JCPOA - Iran) Regulation")
    4. United Nations Sanctions (Democratic People’s Republic of Korea) Regulation (Cap. 537AE) (the “DPRK Regulation”) 
  5. Other 
    1. Cross-boundary Movement of Physical Currency and Bearer Negotiable Instruments Ordinance (Cap.629) (the “Ordinance”)
 
Tools and Templates
AML Policies and Procedures Template
This template was designed to serve as a practical example of key procedures and controls that should be documented by members to assist with the mitigation of money laundering and terrorist financing risks and with meeting regulatory obligations.

There is no ‘one-size-fits-all’ document, as each member firm is different in terms of size, practice areas, type of clients and countries that clients are from or do business in. However, this document highlights some of the key AML, CTF and CPF requirements, with supporting guidance on the level of information that should be included.

Download the document (Revised version: June 2023)
Guidance on Alternative Processes to Verify a Client’s Identity
This guidance on alternative methods to verify a client’s identity was developed for situations where it is neither practical nor possible for a client to meet with a legal practitioner face-to-face before accepting instructions. In such circumstances, members can apply one of the alternative methods set out in this document. 

Download the guidance (Revised version: June 2023)

In relation to Section 5 (Digital identification system) of the guidance, the Law Society provided further clarification on the use of digital identification systems in Circular 23-310 (SD). Section 4 of the Circular 23-310 (SD) stipulates that the iAM Smart, developed and operated by the HKSAR Government, is a digital identification system recognised by the Law Society that can be used for identity verification of natural persons. 

Law firms interested in joining the iAM Smart platform should get in touch with the Law Society which will coordinate the application process to join the iAM Smart Sandbox Programme implemented by the Office of the Government Chief Information Officer (“OGCIO”) and Cyberport. By joining the iAM Smart Sandbox Programme, law firms can have access to the iAM Smart technical documentation to understand the integration requirements, attend training, seek technical support, and conduct mock-up tests and integration tests. Law firms should note that if they decide to use iAM Smart, they will need to engage their own system integration vendor with respect to system development. Law firms should get in touch with the system integration vendors which have experience in iAM Smart adoption projects to understand the IT and audit requirements, as well as costs involved with the deployment of iAM Smart. List of the system integration vendors can be accessed here

In addition, law firms should note that before adoption of iAM Smart, they will need to make application to register with the OGCIO in advance and confirm that their services and information security requirements can comply with the terms of use of iAM Smart.

Click here to download the iAM Smart application program interface to understand the system and technical settings, in order to get prepared for adoption of iAM Smart.

For enquiries on Sandbox Programme and the application procedures, please visit the Sandbox Programme website or contact Cyberport by email at iamsmart@cyberport.hk.

Circular 23-310 (SD)
iAM Smart Information Pack
iAM Smart Sandbox Programme
Sample Client Due Diligence Forms
The CDD forms are designed to provide members with examples and good practice on how CDD, including client risk assessment requirements contained in the PDP and the AMLO, may be met by legal practitioners.

In particular, legal practitioners must have established adequate CDD procedures, including client- and matter-level risk assessments to identify and manage risks associated with ML, TF and PF. There is no prescribed approach to conducting client risk assessments, however, they must be documented. Therefore, the CDD forms were designed to serve as a practical example of how the client risk assessment could be undertaken and documented to determine the extent and quality of information required and the steps needed to meet the requirements.

The Law Society has developed two versions of CDD forms, one that may be more suitable for smaller firms and one that may be more suitable for larger firms. The CDD forms are a learning tool only and are not a prescribed requirement or a formal guideline, the examples stated in the templates may differ from the existing practices of law firms, especially those with an established AML framework. Depending on the firm’s complexity and operations, the templates can be adopted or modified to reflect the firm’s AML procedures.

All CDD forms contain the required steps for the identification and verification of the client, its representatives and beneficial owner(s), as well as key considerations set out in the client risk assessment to identify potential ML, TF and PF risks, and finally measures to manage those risks in the context of a new client relationship or matter. 

The enhanced version of the CDD forms provide further practical examples on how the AML / CTF / CPF requirements could be met and provides an alternative method for completing the client risk assessment, based on a risk scoring methodology. The risk scoring methodology entails allocating points against different risk factors, to produce an overall AML risk rating which informs the level of CDD required (i.e. Simplified / Standard / Enhanced). 

When weighting risk factors, legal practitioners should take a holistic approach and make an informed judgement about the relevance of different risk factors in the context of a particular customer relationship or occasional matter.  The weight given to each factor is likely to vary across practices, clients and matters, and can be adjusted by lowering the scoring if there are valid reasons for it. Similarly, there may be risk(s) that outweigh other risks, which would suggest that an Enhanced, as opposed to a Standard, CDD is more appropriate.  

The enhanced version of the CDD forms further expands and includes:
  • methods of verification of a client’s identity
  • examples of higher risk sectors, businesses, products and services 
  • examples of supporting documents to corroborate a client’s Source of Wealth 
  • examples of measures applied to meet the EDD requirements and ongoing monitoring of high-risk relationships 
  • examples of parties subject to name screening requirements which may vary depending on client risk and the firm’s procedures 
  • an additional section where CDD reliance is placed on third parties
Simplified version (Revised version: June 2023)
CDD Form for Natural Persons 
CDD Form for Legal Persons 
Enhanced version (Revised version: June 2023)
CDD Form for Natural Persons 
CDD Form for Legal Persons  
AML Leaflet for Clients
Legal practitioners, are often challenged by clients, and sometimes third parties, on the level of information that must be provided to confirm a client’s identity, and on the supporting documents relating to the particulars of the transaction. Clients may also not be aware of the strict AML obligations applicable to the legal sector, and can question the need for such information.

To assist legal practitioners with such situations, the AML Leaflet has been designed to be shared with clients. It explains the anti-money laundering responsibilities applicable to legal practitioners, and the identification documents required to prove a client’s identity.  

The AML Leaflet is not a prescribed requirement or a formal guideline.

AML Leaflet – English version
AML Leaflet – Chinese version
Conveyancing and Related Transactions – Key Risks and Best Practice Leaflet 
The Independent Commission Against Corruption (ICAC), in collaboration with the Law Society, has developed a comprehensive set of corruption prevention good practices specifically tailored to assist law firms in identifying and preventing risks associated with corruption and related malpractice, including money laundering. These informative leaflets aim to raise awareness about major corruption risks and red flags commonly encountered in conveyancing and related transactions. In addition, the leaflets provide a practical guidance on internal control measures that can effectively assist legal practitioner to mitigate such risks. Finally, the resources serve as a valuable guide for law firms in promoting integrity and ethical practices within the legal profession. The below leaflets can be also accessed on the ICAC website at https://cpas.icac.hk/Info/Lib_List?cate_id=3&id=2768.

Conveyancing Best Practice – English version
Conveyancing Best Practice – Chinese version
Hong Kong’s ML and TF Risk Assessment Report

The Hong Kong Risk Assessment (“HKRA”) of money laundering and terrorist financing sets out the key ML / TF risks for Hong Kong, and mitigating measures. The HKRA examines the ML / TF threats and vulnerabilities facing various sectors in Hong Kong and the city as a whole. The Report also identifies areas for further work and the follow-up actions already taken.

This report is therefore central to understand and estimate the ML / TF risks that firms are exposed to and should be considered as part of a firm's firm-wide risk assessment. 

HK AML / CTF Risk Assessment 2022 
HK AML / CTF Risk Assessment 2018

 

Mutual Evaluation Report of Hong Kong 2019

The Financial Action Task Force (“FATF”) published the Mutual Evaluation Report of Hong Kong (the “Report”) on 4 September 2019, commending Hong Kong's efforts in combating ML and TF.

The Report, which assesses the compliance and effectiveness of Hong Kong's AML and CTF regime against the international standards, confirms that Hong Kong has a strong legal foundation and effective system for combating ML and TF. The Report notes that the system is particularly effective in the areas of risk identification, law enforcement, asset recovery, counter-terrorist financing and international co-operation. 

Hong Kong's AML / CTF regime is assessed to be compliant and effective overall, making it the first jurisdiction in the Asia-Pacific region to have achieved an overall compliant result in the fourth round of FATF evaluation. 

Click here to access the Report. 

Follow-up Report and Technical Compliance Re-Rating 2023

On 17 February 2023, FATF published its evaluation report on Hong Kong’s progress in addressing the technical compliance deficiencies identified in the Mutual Evaluation Report of Hong Kong 2019 (“the Report”) relating to Recommendation 28 (Supervision of DNFBPs) (“R.28”).

The FATF’s evaluation was undertaken in 2022 and resulted in re-rating of R.28 from “Partially Compliant” to “Largely Compliant” as Hong Kong addressed the deficiencies identified in the Report, to a large extent. The Follow-up Report and Technical Compliance Re-Rating 2023 (“Follow-up Report”) affirms Hong Kong's progress and efforts in implementing risk-based AML / CTF supervision for most Designated Non-Financial Businesses and Professions sectors (“DNFBPs”), in particular Trust or Company Service Providers, Real Estate Agents and Accountants. The FATF has also assessed Hong Kong's compliance with the FATF's requirements for Virtual Asset Service Providers (“VASPs”) and Dealers in Precious Metals and Stones (“DPMS”); and noted that Hong Kong was undergoing, at the time of assessment in 2022, a legislative process for introducing a regulatory regime for VASPs and DPMS. The FATF also noted that risk-based supervision of the legal sector has commenced but has not yet been fully implemented.

The Follow-up Report also analyses Hong Kong’s progress in implementing new requirements relating to FATF Recommendation 15 (VASPs) (“R.15”) that have changed since the on-site visit of Hong Kong in October and November 2018. The FATF downgraded the original rating for R.15 from “Largely Compliant” to “Partially Compliant” as only centralized virtual assets (“VA”) exchanges which offer the trading of at least one security token (and all VA-related activities of the centralized VA exchanges) are subject to supervision at the time of assessment, which means that the scope of entities covered is limited. The proposed changes to the Anti-Money Laundering and Counter-Terrorist Financing Ordinance, Cap. 615 regime will extend supervision to centralized VA exchanges trading non-security tokens in June 2023, but it was not yet in force at the time of the analysis.

Click here to access the Follow-up Report.

FATF Guidelines and Supporting Publications
Link to the Financial Actions Task Force (“FATF”) guidance and best practice publications: https://eurasiangroup.org/en/fatf-guidances
Topic Publication Title Issue Date
Horizontal Review of Gatekeepers’ Technical Compliance Related to Corruption Horizontal Review of Gatekeepers’ Technical Compliance Related to Corruption July 2024
Beneficial Ownership and Transparency of Legal Arrangements Guidance on Beneficial Ownership and Transparency of Legal Arrangements March 2024
Beneficial Ownership of Legal Persons Guidance on Beneficial Ownership of Legal Persons March 2023
AML Group-Wide Programmes (R.18) The Application of Group-Wide Programmes by DNFBPs October 2021
Money Laundering through the Real Estate sector Webinar on Money Laundering through the Real Estate sector November 2022
Risk Based Approach for Legal Professionals Risk Based Approach Guidance for Legal Professionals 2019 June 2019
ML / TF vulnerabilities and typologies Money Laundering and Terrorist Financing Vulnerabilities of Legal Professionals June 2013
TF Risk Assessment Terrorist Financing Risk Assessment Guidance July 2019
PF Risk Assessment Guidance on Proliferation Financing Risk Assessment and Mitigation June 2021
Guidance on PEPs Guidance on Politically Exposed Persons June 2013
Beneficial Ownership Best Practices On Beneficial Ownership for Legal Persons October 2019 
Transparency and Beneficial Ownership Guidance on Transparency and Beneficial Ownership October 2014
Digital ID Verification methods Guidance on Digital ID March 2020
COVID-19 ML / TF Risks COVID-19-Related Money Laundering and Terrorist Financing Risks December 2020
Trade-Based ML Trade-Based Money Laundering: Trends and Developments December 2020
Higher Risk Jurisdictions

Legal practitioners are required to apply Enhanced Client Due Diligence (“EDD”) measures when acting for clients, persons or entities from or in non-cooperative countries and territories identified by the Financial Actions Task Force (“FATF”) (PDP, Table A, paragraph 3(ii)).

FATF identifies jurisdictions with weak measures to combat money laundering and terrorist financing in two FATF public documents: the High-Risk Jurisdictions subject to a Call for Action (Black List) and Jurisdictions under Increased Monitoring (Grey List).

Click here to access FATF Lists:  here

Click here to access latest updates of the FATF Lists: here

Generally, legal practitioners should consider the jurisdiction in which services will be delivered, the location of the client, beneficial owners and the client’s counterparties, as well as the source and destination of funds. 

FATF does not maintain lists of all high-risk jurisdictions, countries with a high risk of corruption, tax evasion, drug trafficking, or that are subject to sanctions. Legal practitioners should determine whether a country is a high-risk or not, to decide whether EDD should be applied.

Here are some of the resources that may help legal practitioners to decide whether a country is high risk:  

Latest Updates to FATF Lists
Click here
Disclaimer
The contents are intended to provide a general guide to the subject matter only and should not be treated as a substitute for specific advice concerning individual situations. While every effort has been made to ensure the accuracy of the content provided, it does not constitute legal advice and cannot be relied upon as such. The Law Society does not accept responsibility for liabilities arising from reliance upon the content provided.