This page provides links to the key legislation, guidance, supporting publications and templates to help members detect and prevent Money Laundering (“ML”), Terrorist Financing (“TF”) and Proliferation Financing (“PF”).
|AML Policies and Procedures Template|
|This template was designed to serve as a practical example of key procedures and controls that should be documented by members to assist with the mitigation of money laundering and terrorist financing risks and with meeting regulatory obligations.
There is no ‘one-size-fits-all’ document, as each member firm is different in terms of size, practice areas, type of clients and countries that clients are from or do business in. However, this document highlights some of the key AML, CTF and CPF requirements, with supporting guidance on the level of information that should be included.
Download the document (Revised version: June 2023)
|Guidance on Alternative Processes to Verify a Client’s Identity|
|This guidance on alternative methods to verify a client’s identity was developed for situations where it is neither practical nor possible for a client to meet with a legal practitioner face-to-face before accepting instructions. In such circumstances, members can apply one of the alternative methods set out in this document.
Download the guidance (Revised version: June 2023)
In relation to Section 5 (Digital identification system) of the guidance, the Law Society provided further clarification on the use of digital identification systems in Circular 23-310 (SD). Section 4 of the Circular 23-310 (SD) stipulates that the iAM Smart, developed and operated by the HKSAR Government, is a digital identification system recognised by the Law Society that can be used for identity verification of natural persons.
Law firms interested in joining the iAM Smart platform should get in touch with the Law Society which will coordinate the application process to join the iAM Smart Sandbox Programme implemented by the Office of the Government Chief Information Officer (“OGCIO”) and Cyberport. By joining the iAM Smart Sandbox Programme, law firms can have access to the iAM Smart technical documentation to understand the integration requirements, attend training, seek technical support, and conduct mock-up tests and integration tests. Law firms should note that if they decide to use iAM Smart, they will need to engage their own system integration vendor with respect to system development. Law firms should get in touch with the system integration vendors which have experience in iAM Smart adoption projects to understand the IT and audit requirements, as well as costs involved with the deployment of iAM Smart. List of the system integration vendors can be accessed here.
Click here to download the iAM Smart application program interface to understand the system and technical settings, in order to get prepared for adoption of iAM Smart.
For enquiries on Sandbox Programme and the application procedures, please visit the Sandbox Programme website or contact Cyberport by email at firstname.lastname@example.org.
Circular 23-310 (SD)
iAM Smart Information Pack
iAM Smart Sandbox Programme
|Sample Client Due Diligence Forms|
The CDD forms are designed to provide members with examples and good practice on how CDD, including client risk assessment requirements contained in the PDP and the AMLO, may be met by legal practitioners.
In particular, legal practitioners must have established adequate CDD procedures, including client- and matter-level risk assessments to identify and manage risks associated with ML, TF and PF. There is no prescribed approach to conducting client risk assessments, however, they must be documented. Therefore, the CDD forms were designed to serve as a practical example of how the client risk assessment could be undertaken and documented to determine the extent and quality of information required and the steps needed to meet the requirements.
The Law Society has developed two versions of CDD forms, one that may be more suitable for smaller firms and one that may be more suitable for larger firms. The CDD forms are a learning tool only and are not a prescribed requirement or a formal guideline, the examples stated in the templates may differ from the existing practices of law firms, especially those with an established AML framework. Depending on the firm’s complexity and operations, the templates can be adopted or modified to reflect the firm’s AML procedures.
All CDD forms contain the required steps for the identification and verification of the client, its representatives and beneficial owner(s), as well as key considerations set out in the client risk assessment to identify potential ML, TF and PF risks, and finally measures to manage those risks in the context of a new client relationship or matter.
The enhanced version of the CDD forms provide further practical examples on how the AML / CTF / CPF requirements could be met and provides an alternative method for completing the client risk assessment, based on a risk scoring methodology. The risk scoring methodology entails allocating points against different risk factors, to produce an overall AML risk rating which informs the level of CDD required (i.e. Simplified / Standard / Enhanced).
When weighting risk factors, legal practitioners should take a holistic approach and make an informed judgement about the relevance of different risk factors in the context of a particular customer relationship or occasional matter. The weight given to each factor is likely to vary across practices, clients and matters, and can be adjusted by lowering the scoring if there are valid reasons for it. Similarly, there may be risk(s) that outweigh other risks, which would suggest that an Enhanced, as opposed to a Standard, CDD is more appropriate.
The enhanced version of the CDD forms further expands and includes:
| Simplified version (Revised version: June 2023)
CDD Form for Natural Persons
CDD Form for Legal Persons
| Enhanced version (Revised version: June 2023)
CDD Form for Natural Persons
CDD Form for Legal Persons
|AML Leaflet for Clients|
|Legal practitioners, are often challenged by clients, and sometimes third parties, on the level of information that must be provided to confirm a client’s identity, and on the supporting documents relating to the particulars of the transaction. Clients may also not be aware of the strict AML obligations applicable to the legal sector, and can question the need for such information.
To assist legal practitioners with such situations, the AML Leaflet has been designed to be shared with clients. It explains the anti-money laundering responsibilities applicable to legal practitioners, and the identification documents required to prove a client’s identity.
The AML Leaflet is not a prescribed requirement or a formal guideline.
AML Leaflet – English version
AML Leaflet – Chinese version
The Hong Kong Risk Assessment (“HKRA”) of money laundering and terrorist financing sets out the key ML / TF risks for Hong Kong, and mitigating measures. The HKRA examines the ML / TF threats and vulnerabilities facing various sectors in Hong Kong and the city as a whole. The Report also identifies areas for further work and the follow-up actions already taken.
This report is therefore central to understand and estimate the ML / TF risks that firms are exposed to and should be considered as part of a firm's firm-wide risk assessment.
The Financial Action Task Force (“FATF”) published the Mutual Evaluation Report of Hong Kong (the “Report”) on 4 September 2019, commending Hong Kong's efforts in combating ML and TF.
The Report, which assesses the compliance and effectiveness of Hong Kong's AML and CTF regime against the international standards, confirms that Hong Kong has a strong legal foundation and effective system for combating ML and TF. The Report notes that the system is particularly effective in the areas of risk identification, law enforcement, asset recovery, counter-terrorist financing and international co-operation.
Hong Kong's AML / CTF regime is assessed to be compliant and effective overall, making it the first jurisdiction in the Asia-Pacific region to have achieved an overall compliant result in the fourth round of FATF evaluation.
Click here to access the Report.
On 17 February 2023, FATF published its evaluation report on Hong Kong’s progress in addressing the technical compliance deficiencies identified in the Mutual Evaluation Report of Hong Kong 2019 (“the Report”) relating to Recommendation 28 (Supervision of DNFBPs) (“R.28”).
The FATF’s evaluation was undertaken in 2022 and resulted in re-rating of R.28 from “Partially Compliant” to “Largely Compliant” as Hong Kong addressed the deficiencies identified in the Report, to a large extent. The Follow-up Report and Technical Compliance Re-Rating 2023 (“Follow-up Report”) affirms Hong Kong's progress and efforts in implementing risk-based AML / CTF supervision for most Designated Non-Financial Businesses and Professions sectors (“DNFBPs”), in particular Trust or Company Service Providers, Real Estate Agents and Accountants. The FATF has also assessed Hong Kong's compliance with the FATF's requirements for Virtual Asset Service Providers (“VASPs”) and Dealers in Precious Metals and Stones (“DPMS”); and noted that Hong Kong was undergoing, at the time of assessment in 2022, a legislative process for introducing a regulatory regime for VASPs and DPMS. The FATF also noted that risk-based supervision of the legal sector has commenced but has not yet been fully implemented.
The Follow-up Report also analyses Hong Kong’s progress in implementing new requirements relating to FATF Recommendation 15 (VASPs) (“R.15”) that have changed since the on-site visit of Hong Kong in October and November 2018. The FATF downgraded the original rating for R.15 from “Largely Compliant” to “Partially Compliant” as only centralized virtual assets (“VA”) exchanges which offer the trading of at least one security token (and all VA-related activities of the centralized VA exchanges) are subject to supervision at the time of assessment, which means that the scope of entities covered is limited. The proposed changes to the Anti-Money Laundering and Counter-Terrorist Financing Ordinance, Cap. 615 regime will extend supervision to centralized VA exchanges trading non-security tokens in June 2023, but it was not yet in force at the time of the analysis.
Click here to access the Follow-up Report.
|Topic||Publication Title||Issue Date|
|Beneficial Ownership of Legal Persons||Guidance on Beneficial Ownership of Legal Persons||March 2023|
|AML Group-Wide Programmes (R.18)||The Application of Group-Wide Programmes by DNFBPs||October 2021|
|Money Laundering through the Real Estate sector||Webinar on Money Laundering through the Real Estate sector||November 2022|
|Risk Based Approach for Legal Professionals||Risk Based Approach Guidance for Legal Professionals 2019||June 2019|
|ML / TF vulnerabilities and typologies||Money Laundering and Terrorist Financing Vulnerabilities of Legal Professionals||June 2013|
|TF Risk Assessment||Terrorist Financing Risk Assessment Guidance||July 2019|
|PF Risk Assessment||Guidance on Proliferation Financing Risk Assessment and Mitigation||June 2021|
|Guidance on PEPs||Guidance on Politically Exposed Persons||June 2013|
|Beneficial Ownership||Best Practices On Beneficial Ownership for Legal Persons||October 2019|
|Transparency and Beneficial Ownership||Guidance on Transparency and Beneficial Ownership||October 2014|
|Digital ID Verification methods||Guidance on Digital ID||March 2020|
|COVID-19 ML / TF Risks||COVID-19-Related Money Laundering and Terrorist Financing Risks||December 2020|
|Trade-Based ML||Trade-Based Money Laundering: Trends and Developments||December 2020|
Legal practitioners are required to apply Enhanced Client Due Diligence (“EDD”) measures when acting for clients, persons or entities from or in non-cooperative countries and territories identified by the Financial Actions Task Force (“FATF”) (PDP, Table A, paragraph 3(ii)).
FATF identifies jurisdictions with weak measures to combat money laundering and terrorist financing in two FATF public documents: the High-Risk Jurisdictions subject to a Call for Action (Black List) and Jurisdictions under Increased Monitoring (Grey List).
Click here to access FATF Lists: here
Click here to access latest updates of the FATF Lists: here
Generally, legal practitioners should consider the jurisdiction in which services will be delivered, the location of the client, beneficial owners and the client’s counterparties, as well as the source and destination of funds.
FATF does not maintain lists of all high-risk jurisdictions, countries with a high risk of corruption, tax evasion, drug trafficking, or that are subject to sanctions. Legal practitioners should determine whether a country is a high-risk or not, to decide whether EDD should be applied.
Here are some of the resources that may help legal practitioners to decide whether a country is high risk:
The contents are intended to provide a general guide to the subject matter only and should not be treated as a substitute for specific advice concerning individual situations. While every effort has been made to ensure the accuracy of the content provided, it does not constitute legal advice and cannot be relied upon as such. The Law Society does not accept responsibility for liabilities arising from reliance upon the content provided.