私人密件 private & confidential私人密件 private & confidential general circular...

私人密件 PRIVATE & CONFIDENTIAL

General Circular 71/11 To : All Members

From : CIB Secretariat

Date : 11 October 2011

Subject : Draft Guideline on Anti-Money Laundering and Counter-Terrorist Financing

For your information, Under section 7 of the Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance (“AMLO”), the Insurance Authority may publish in the Gazette any guideline that it considers appropriate for providing guidance in relation to the operation of any provision of Schedule 2 of the AMLO. Following this, the Insurance Authority has prepared a draft Guideline on Anti-Money Laundering and Counter-Terrorist Financing (“Guideline”), to assist authorized insurers, appointed insurance agents and authorized insurance brokers carrying on or advising on long term business to comply with the statutory requirements set out in the AMLO. This Guideline, after being finalized, will replace the Guidance Note on Prevention of Money Laundering and Terrorist Financing on 1 April 2012 when the AMLO takes effect. A copy of the draft Guideline can be downloaded from our Login Zone (General Circular). The Insurance Authority would like us to consolidate our members’ comments, therefore, grateful if you would let us know of your comments by 11 November 2011. Thank you for your attention. With best regards, For and on behalf of The Hong Kong Confederation of Insurance Brokers

CIB Secretariat

Guideline on Anti-Money Laundering and Counter-

Terrorist Financing

(For authorized insurers, reinsurers, appointed insurance agents and

authorized insurance brokers carrying on or advising on long term business)

Consultation Document

September 2011

CONTENTS Page Chapter 1 Overview ..................................................................................1 Chapter 2 AML/CFT systems and business conducted outside Hong Kong ...............................................................................7 Chapter 3 Risk-based approach...............................................................12 Chapter 4 Customer due diligence ..........................................................15 Chapter 5 Ongoing monitoring ...............................................................49 Chapter 6 Financial sanctions and terrorist financing.............................52 Chapter 7 Suspicious transaction reports ................................................56 Chapter 8 Record keeping.......................................................................73 Chapter 9 Staff training...........................................................................76 Chapter 10 Wire transfers .........................................................................78 Appendix A Other reliable and independent sources for customer identification purposes ..........................................................85 Appendix B Sample correspondence issued by the JFIU...........................87 Glossary of key terms and abbreviations..........................................................91

Draft for consultation subject to further amendment

1

Chapter 1 – OVERVIEW Introduction 1.1 The Guideline is published under section 7 of the Anti-Money Laundering and

Counter-Terrorist Financing (Financial Institutions) Ordinance, Cap. 615 (the AMLO) and section 4A of the Insurance Companies Ordinance, Cap. 41 (the ICO). .

1.2 Terms and abbreviations used in this Guideline shall be interpreted by reference to the definitions set out in the Glossary part of this Guideline. Interpretation of other words or phrases should follow those set out in the AMLO and the ICO.

1.3 This Guideline is issued by the Insurance Authority for giving guidance to authorized insurers, reinsurers, appointed insurance agents and authorized insurance brokers carrying on or advising on long term business (hereinafter referred to as “insurance institutions (“IIs”)”). In general, the guidance provided in the Guideline in Chapters 1-10 to IIs is not different from the guidance provided by other relevant authorities (RAs) under their respective regulatory regimes. To the extent that the Insurance Authority sees fit to provide supplementary guidance in Chapters 1-10, such will be put in italics for ease of identification.

1.4 The Guideline is intended for use by financial institutions (FIs) and their officers and staff. The purposes of the Guideline are to: (a) provide a general background on the subjects of money laundering and terrorist

financing (ML/TF), including a summary of the main provisions of the applicable anti-money laundering and counter-financing of terrorism (AML/CFT) legislation in Hong Kong; and

(b) provide practical guidance to assist FIs and their senior management in designing and implementing their own policies, procedures and controls in the relevant operational areas, taking into consideration their special circumstances so as to meet the relevant AML/CFT statutory and regulatory requirements.

1.5 The relevance and usefulness of the Guideline will be kept under review and it may

be necessary to issue amendments from time to time.

1.6 Given the significant differences that exist in the organisational and legal structures of different FIs as well as the nature and scope of the business activities conducted by them, there exists no single set of universally applicable implementation measures. It must also be emphasized that the contents of the Guideline is neither intended to, nor should be construed as, an exhaustive list of the means of meeting the statutory and regulatory requirements.

1.7 This Guideline provides guidance in relation to the operation of the provisions of Schedule 2 to the AMLO (Schedule 2). This will assist FIs to meet their legislative and regulatory obligations when tailored by FIs to their particular business risk profile. Departures from this Guidance, and the rationale for so doing, should be documented, and FIs will have to stand prepared to justify departures to the RAs.


2

s.7, AMLO

1.8 A failure by any person to comply with any provision of this Guideline does not by itself render the person liable to any judicial or other proceedings but, in any proceedings under the AMLO before any court, this Guideline is admissible in evidence; and if any provision set out in this Guideline appears to the court to be relevant to any question arising in the proceedings, the provision must be taken into account in determining that question.

1.8a In addition, a failure to comply with any provision of this Guideline by IIs may reflect adversely on the fitness and properness of their directors and controllers1, and may result in disciplinary action taken against IIs.

The nature of money laundering and terrorist financing s.1, Sch. 1, AMLO

1.9 The term "money laundering" is defined in section 1 of Part 1 of Schedule 1 to the AMLO and means an act intended to have the effect of making any property: (a) that is the proceeds obtained from the commission of an indictable offence under

the laws of Hong Kong, or of any conduct which if it had occurred in Hong Kong would constitute an indictable offence under the laws of Hong Kong; or

(b) that in whole or in part, directly or indirectly, represents such proceeds, not to appear to be or so represent such proceeds.

1.10 There are three common stages in the laundering of money, and they frequently involve numerous transactions. An FI should be alert to any such sign for potential criminal activities. These stages are: (a) Placement - the physical disposal of cash proceeds derived from illegal activities; (b) Layering - separating illicit proceeds from their source by creating complex

layers of financial transactions designed to disguise the source of the money, subvert the audit trail and provide anonymity; and

(c) Integration - creating the impression of apparent legitimacy to criminally derived wealth. In situations where the layering process succeeds, integration schemes effectively return the laundered proceeds back into the general financial system and the proceeds appear to be the result of, or connected to, legitimate business activities.

s.1, Sch. 1, AMLO

1.11 The term “terrorist financing” is defined in section 1 of Part 1 of Schedule 1 to the AMLO and means: (a) the provision or collection, by any means, directly or indirectly, of funds –

(i) with the intention that the funds be used; or (ii) knowing that the funds will be used, in whole or in part, to commit one or more terrorist acts (whether or not the funds are actually so used); or

(b) making available funds or financial (or related) services, directly or indirectly, to or for the benefit of a person knowing that, or being reckless as to whether, the person is a terrorist or terrorist associate.

1 For interpretations of the terms “director” and “controller”, please refer to section 2 of ICO.


3

1.12 Terrorists or terrorist organizations require financial support in order to achieve their aims. There is often a need for them to obscure or disguise links between them and their funding sources. It follows then that terrorist groups must similarly find ways to launder funds, regardless of whether the funds are from a legitimate or illegitimate source, in order to be able to use them without attracting the attention of the authorities.

Vulnerabilities in insurance industry

1.12a The insurance industry is vulnerable to ML and TF. The inherent characteristics of insurance products may give rise to ML risks unique to the insurance industry. When a life insurance policy matures or is surrendered, funds become available to the policy holder or other beneficiaries (e.g. an assignee, where the policy has been assigned, or a trustee, where the policy has been placed in trust). The beneficiary to the contract may be changed possibly against payment before maturity or surrender, in order that payments can be made by the insurer to a new beneficiary. A policy might be used as collateral to purchase other financial instruments. These investments in themselves may only be one part of a sophisticated web of complex transactions with their origins elsewhere in the financial system.

1.12b Examples of the type of long term insurance contracts that are vulnerable as a vehicle for laundering money or financing terrorism are products such as:

(a) unit-linked or with profit single premium contracts; (b) single premium life insurance policies that store cash value; (c) fixed and variable annuities; and (d) (second hand) endowment policies.

1.12c ML and TF using reinsurance could occur either by establishing fictitious

(re)insurance companies or reinsurance intermediaries, fronting arrangements and captives or by the misuse of normal reinsurance transactions. Examples include:

• the deliberate placement via the insurer of the proceeds of crime or terrorist funds with reinsurers in order to disguise the source of funds;

• the establishment of bogus reinsurers, which may be used to launder the proceeds of crime or to facilitate terrorist funding;

• the establishment of bogus insurers, which may be used to place the proceeds of crime or terrorist funds with legitimate reinsurers.

1.12d Insurance intermediaries2 are important for distribution, underwriting and claims

settlement. They are often the direct link to the policy holder and therefore, intermediaries should play an important role in AML and CFT. The same principles that apply to insurers should generally apply to insurance intermediaries. The person who wants to launder money or finance terrorism may seek an insurance intermediary who is not aware of or does not conform to necessary procedures, or who fails to recognize or report information regarding possible cases of ML or TF. The intermediaries themselves could have been set up to channel illegitimate funds to

2 Insurance intermediaries refer to appointed insurance agents or authorized insurance brokers carrying on or advising on long term insurance business in Hong Kong.


4

insurers.

Legislation concerned with money laundering and terrorist financing 1.13 The Financial Action Task Force (the FATF) is an inter-governmental body formed in

1989 that sets the international AML standards. Its mandate was expanded in October 2001 to combat the financing of terrorism. In order to ensure full and effective implementation of its standards at the global level, the FATF monitors compliance by conducting evaluations on jurisdictions and undertakes stringent follow-up after the evaluations, including identifying high-risk and uncooperative jurisdictions which could be subject to enhanced scrutiny by the FATF or counter-measures by the FATF members and the international community at large. Many major economies have joined the FATF which has developed into a global network for international cooperation that facilitates exchanges between member jurisdictions. As a member of the FATF, Hong Kong is obliged to implement the AML requirements as promulgated by the FATF, which include the 40 Recommendations and the Nine Special Recommendations (hereafter referred to collectively as “FATF’s Recommendations”)3 and it is important that Hong Kong complies with the international AML standards in order to maintain its status as an international financial centre.

1.14 The four main pieces of legislation in Hong Kong that are concerned with ML/TF are the AMLO, the Drug Trafficking (Recovery of Proceeds) Ordinance (the DTROP), the Organized and Serious Crime Ordinance (the OSCO) and the United Nations Anti-Terrorism Measures) Ordinance (the UNATMO). It is very important that FIs and their officers and staff fully understand their respective responsibilities under the different legislation.

AMLO s.23, Sch. 2

1.15 The AMLO imposes requirements relating to customer due diligence (CDD) and record-keeping on FIs and provides RAs with the powers to supervise compliance with these requirements and other requirements under the AMLO. In addition, section 23 of Schedule 2 requires FIs to take all reasonable measures (a) to ensure that proper safeguards exist to prevent a contravention of any requirement under Parts 2 and 3 of Schedule 2; and (b) to mitigate ML/TF risks.

s.5, AMLO

1.16 The AMLO makes it a criminal offence if an FI (1) knowingly; or (2) with the intent to defraud any RA, contravenes a specified provision of the AMLO. The “specified provisions” are listed in section 5(11) of the AMLO. If the FI knowingly contravenes a specified provision, it is liable to a maximum term of imprisonment of 2 years and a fine of $1 million. If the FI contravenes a specified provision with the intent to defraud any RA, it is liable to a maximum term of imprisonment of 7 years and a fine of $1 million upon conviction.

s.5, AMLO

1.17 The AMLO also makes it a criminal offence if a person who is an employee of an FI or is employed to work for an FI or is concerned in the management of an FI (1) knowingly; or (2) with the intent to defraud the FI or any RA, causes or permits the FI to contravene a specified provision in the AMLO. If the person who is an employee of an FI or is employed to work for an FI or is concerned in the management of an FI

3 The FATF’s Recommendations can be found on the FATF website www.fatf-gafi.org.


5

knowingly contravenes a specified provision he is liable to a maximum term of imprisonment of 2 years and a fine of $1 million upon conviction. If that person does so with the intent to defraud the FI or any RA he is liable to a maximum term of imprisonment of 7 years and a fine of $1 million upon conviction.

s.21, AMLO

1.18 RAs may take disciplinary actions against FIs for any contravention of a specified provision in the AMLO. The disciplinary actions that can be taken include publicly reprimanding the FI; ordering the FI to take any action for the purpose of remedying the contravention; and ordering the FI to pay a pecuniary penalty not exceeding the greater of $10,000,000 and 3 times the amount of profit gained, or costs avoided, by the FI as a result of the contravention.

DTROP 1.19 The DTROP contains provisions for the investigation of assets that are suspected to

be derived from drug trafficking activities, the freezing of assets on arrest and the confiscation of the proceeds from drug trafficking activities upon conviction.

OSCO 1.20 The OSCO, among other things:

(a) gives officers of the Hong Kong Police and the Customs and Excise Department

powers to investigate organized crime and triad activities; (b) gives the Courts jurisdiction to confiscate the proceeds of organized and serious

crimes, to issue restraint orders and charging orders in relation to the property of a defendant of an offence specified in the OSCO;

(c) creates an offence of money laundering in relation to the proceeds of indictable offences; and

(d) enables the Courts, under appropriate circumstances, to receive information about an offender and an offence in order to determine whether the imposition of a greater sentence is appropriate where the offence amounts to an organized crime/triad related offence or other serious offences.

UNATMO 1.21 The UNATMO is principally directed towards implementing decisions contained in

Resolution 1373 dated 28 September 2001 of the United Nations Security Council (UNSC) aimed at preventing the financing of terrorist acts. Besides the mandatory elements of the UNSC Resolution 1373, the UNATMO also implements the more pressing elements of the FATF’s special recommendations on terrorist financing.

s.25, DTROP & OSCO

1.22 Under the DTROP and the OSCO, a person commits an offence if he deals with any property knowing or having reasonable grounds to believe it to represent any person’s proceeds of drug trafficking or of an indictable offence respectively. The highest penalty for the offence upon conviction is imprisonment for 14 years and a fine of $5 million.

s.6, 7, 8, 13 & 14, UNATMO

1.23 The UNATMO, among other things, criminalizes the provision or collection of funds and making funds or financial (or related) services available to terrorists or terrorist associates. The highest penalty for the offence upon conviction is imprisonment for 14 years and a fine. The UNATMO also permits terrorist property to be frozen and subsequently forfeited.


6

s.25A, DTROP & OSCO, s.12 & 14, UNATMO

1.24 The DTROP, the OSCO and the UNATMO also make it an offence if a person fails to disclose, as soon as it is reasonable for him to do so, his knowledge or suspicion of any property that directly or indirectly, represents a person’s proceeds of, was used in connection with, or is intended to be used in connection with, drug trafficking, an indictable offence or is terrorist property respectively. This offence carries a maximum term of imprisonment of 3 months and a fine of $50,000 upon conviction.

s.25A, DTROP & OSCO, s.12 & 14, UNATMO

1.25 “Tipping off” is another offence under the DTROP, the OSCO and the UNATMO. A person commits an offence if, knowing or suspecting that a disclosure has been made, he discloses to any other person any matter which is likely to prejudice any investigation which might be conducted following that first-mentioned disclosure. The maximum penalty for the offence upon conviction is imprisonment for 3 years and a fine.


7

Chapter 2 – AML/CFT SYSTEMS AND BUSINESS CONDUCTED OUTSIDE HONG KONG AML/CFT systems s.23(a) & (b), Sch. 2

2.1 FIs must take all reasonable measures to ensure that proper safeguards exist to mitigate the risks of ML/TF and to prevent a contravention of any requirement under Part 2 or 3 of Schedule 2. To ensure compliance with this requirement, FIs should implement appropriate internal AML/CFT policies, procedures and controls (hereafter collectively referred to as “AML/CFT systems”).

2.2 While no system will detect and prevent all ML/TF activities, FIs should assess the ML/TF risk in order to establish and implement adequate and appropriate AML/CFT systems (including customer acceptance policies and procedures) taking into account factors including products and services offered, types of customers, geographical locations involved.

2.3 To ensure proper implementation of such policies and procedures, FIs should have effective controls covering:

(a) senior management oversight; (b) appointment of a Compliance Officer (CO) and a Money Laundering Reporting

Officer (MLRO)4; (c) compliance and audit function; and (d) staff screening and training5.

Risk factors Product/service risk 2.4 An FI should consider the characteristics of the products and services that it offers

and the extent to which these are vulnerable to ML/TF abuse. In this connection, an FI should assess the risks of any new products and services (especially those that may lead to misuse of technological developments or facilitate anonymity in ML/TF schemes) before they are introduced and ensure appropriate additional measures and controls are implemented to mitigate and manage the associated ML/TF risks.

Delivery/distribution channel risk 2.5 An FI should also consider its delivery/distribution channels and the extent to which

these are vulnerable to ML/TF abuse. These may include sales through online, postal or telephone channels where a non-face-to-face account opening approach is used. Business sold through agencies or intermediaries may also increase risk as the business relationship between the customer and an FI may become indirect.

Customer risk 2.6 When assessing the customer risk, FIs should consider who their customers are, what

they do and any other information that may suggest the customer is of higher risk.

2.7 An FI should be vigilant where the customer is of such a legal form that enables individuals to divest themselves of ownership of property whilst retaining an element

4 The role and functions of an MLRO are detailed at paragraphs 7.18-7.29. For some FIs, the

functions of the CO and the MLRO may be performed by the same staff member. 5 For further guidance on staff training see Chapter 9.


8

of control over it or the business/industrial sector to which a customer has business connections is more vulnerable to corruption. Examples include: (a) companies that can be incorporated without the identity of the ultimate

underlying principals being disclosed; (b) certain forms of trusts or foundations where knowledge of the identity of the true

underlying principals or controllers cannot be guaranteed; (c) the provision for nominee shareholders; and (d) companies issuing bearer shares. An FI should also consider risks inherent in the nature of the activity of the customer and the possibility that the transaction may itself be a criminal transaction. For example, the arms trade and the financing of the arms trade is a type of activity that poses multiple ML and other risks, such as: (a) corruption risks arising from procurement contracts; (b) risks in relation to politically exposed persons (PEPs); and (c) terrorism and TF risks as shipments may be diverted.

Country risk 2.8 An FI should pay particular attention to countries or geographical locations of

operation with which its customers and intermediaries are connected where they are subject to high levels of organized crime, increased vulnerabilities to corruption and inadequate systems to prevent and detect ML/TF. When assessing which countries are more vulnerable to corruption, FIs may make reference to publicly available information or relevant reports and databases on corruption risk published by specialised national, international, non-governmental and commercial organisations (an example of which is Transparency International’s ‘Corruption Perceptions Index’, which ranks countries according to their perceived level of corruption).

Senior management oversight 2.9 The senior management of any FI is responsible for managing its business effectively;

in relation to AML/CFT this includes oversight of the functions described below.

2.10 Senior management should: (a) be satisfied that the FI’s AML/CFT systems are capable of addressing the

ML/TF risks identified; (b) appoint a director or senior manager as a CO who has overall responsibility for

the establishment and maintenance of the FI’s AML/CFT systems; and (c) appoint a senior member of the FI’s staff as the MLRO who is the central

reference point for suspicious transaction reporting.

2.11 In order that the CO and MLRO can discharge their responsibilities effectively, senior management should, as far as practicable, ensure that the CO and MLRO are: (a) subject to constraint of size of the FI, independent of all operational and business

functions; (b) normally resident in Hong Kong; (c) of a sufficient level of seniority and authority within the FI;


9

(d) provided with regular contact with, and when required, direct access to senior management to ensure that senior management is able to satisfy itself that the statutory obligations are being met and that the business is taking sufficiently robust measures to protect itself against the risks of ML/TF;

(e) fully conversant in the FI’s statutory and regulatory requirements and the ML/TF risks arising from the FI’s business;

(f) capable of accessing, on a timely basis, all available information (both from internal sources such as CDD records and external sources such as circulars from RAs); and

(g) equipped with sufficient resources, including staff and appropriate cover for the absence of the CO and MLRO (i.e. an alternate or deputy CO and MLRO who should, where practicable, have the same status).

Compliance officer and money laundering reporting officer 2.12 The principal function of the CO is to act as the focal point within an FI for the

oversight of all activities relating to the prevention and detection of ML/TF and providing support and guidance to the senior management to ensure that ML/TF risks are adequately managed. In particular, the CO should assume responsibility for: (a) developing and/or continuously reviewing the FI’s AML/CFT systems to ensure

they remain up-to-date and meet current statutory and regulatory requirements; and

(b) the oversight of all aspects of the FI’s AML/CFT systems which include monitoring effectiveness and enhancing the controls and procedures where necessary.

2.13 In order to effectively discharge these responsibilities, a number of areas should be

considered. These include: (a) the means by which the AML/CFT systems are managed and tested; (b) the identification and rectification of deficiencies in the AML/CFT systems; (c) reporting numbers within the systems, both internally and disclosures to the Joint

Financial Intelligence Unit (JFIU); (d) the mitigation of ML/TF risks arising from business relationships and

transactions with persons from countries which do not or insufficiently apply the FATF Recommendations;

(e) the communication of key AML/CFT issues with senior management, including, where appropriate, significant compliance deficiencies;

(f) changes made or proposed in respect of new legislation, regulatory requirements or guidance;

(g) compliance with any requirement under Part 2 or 3 of Schedule 2 in overseas branches and subsidiary undertakings and any guidance issued by RAs in this respect; and

(h) AML/CFT staff training.

2.14 The MLRO should play an active role in the identification and reporting of suspicious transactions. Principal functions performed are expected to include: (a) reviewing all internal disclosures and exception reports and, in light of all

available relevant information, determining whether or not it is necessary to


10

make a report to the JFIU; (b) maintaining all records related to such internal reviews; (c) providing guidance on how to avoid “tipping off” if any disclosure is made; and (d) acting as the main point of contact with the JFIU, law enforcement, and any

other competent authorities in relation to ML/TF prevention and detection, investigation or compliance.

Compliance and audit function 2.15 Where practicable, an FI should establish an independent compliance and audit

function which is free of operating responsibilities. This function should have a direct line of communication to the senior management of the FI.

2.16 The compliance and audit function of the FI should regularly review the AML/CFT systems, e.g. sample testing, (in particular, the system for recognizing and reporting suspicious transactions) to ensure effectiveness. The frequency and extent of the review should be commensurate with the risks of ML/TF and the size of the FI’s business. Where appropriate, the FI should seek a review from external sources.

Staff screening 2.17 FIs must establish, maintain and operate appropriate procedures in order to be

satisfied of the integrity of any new directors and employees.

Business conducted outside Hong Kong s.22(1), Sch. 2

2.18 A Hong Kong-incorporated FI with overseas branches or subsidiary undertakings should put in place a group AML/CFT policy to ensure that all branches and subsidiary undertakings that carry on the same business as an FI in a place outside Hong Kong have procedures in place to comply with the CDD and record keeping requirements similar6 to those imposed under Parts 2 and 3 of Schedule 2 to the extent permitted by the law of that place. The FI should communicate the group policy to its overseas branches and subsidiary undertakings.

s.22(2), Sch. 2

2.19 When a branch or subsidiary undertaking of an FI outside Hong Kong is unable to comply with requirements that are similar to those imposed under Parts 2 and 3 of Schedule 2 because this is not permitted by local laws, the FI must: (a) inform the RA of such failure; and (b) take additional measures to effectively mitigate ML/TF risks faced by the branch

or subsidiary undertaking as a result of its inability to comply with the above requirements.

s.25A, OSCO & DTROP

2.20 Suspicion that property in whole, or partly directly or indirectly represents the proceeds of an indictable offence, should normally be reported within the jurisdiction where the suspicion arises and where the records of the related transactions are held. However, in certain cases, e.g. when the account is domiciled in Hong Kong or the business relationship is managed in Hong Kong, reporting to the JFIU7 may be

6 The FATF essential criteria 22.1 requires ‘measures consistent with the home country requirements’. 7 Section 25(4) of the OSCO stipulates that an indictable offence includes conduct outside Hong Kong

which would constitute an indictable offence if it had occurred in Hong Kong. Therefore, where an


11

required in such circumstances, but only if section 25A of OSCO/DTROP applies.

FI in Hong Kong has information regarding money laundering, irrespective of the location, it should consider seeking clarification with and making a report to the JFIU.


12

Chapter 3 – RISK-BASED APPROACH Introduction 3.1 The risk-based approach to CDD and ongoing monitoring (RBA) is recognized as an

effective way to combat ML/TF. The general principle of an RBA is that where customers are assessed to be of higher ML/TF risks, FIs should take enhanced measures to manage and mitigate those risks, and that correspondingly where the risks are lower, simplified measures may be applied. The use of an RBA has the advantage of allowing resources to be allocated in the most efficient way directed in accordance with priorities so that the greatest risks receive the highest attention.

General requirement 3.2 FIs should determine the extent of CDD measures and ongoing monitoring, using an

RBA depending upon the background of the customer, the business relationship with that customer and the product, transaction or service used by that customer, so that preventive or mitigating measures are commensurate to the risks identified. The measures must however comply with the legal requirements of the AMLO. The RBA will enable FIs to subject customers to proportionate controls and oversight by determining: (a) the extent of the due diligence to be performed on the direct customer; the extent

of the measures to be undertaken to verify the identity of any beneficial owner and any person purporting to act on behalf of the customer;

(b) the level of ongoing monitoring to be applied to the relationship; and (c) measures to mitigate any risks identified. For example, the RBA may require extensive CDD for high risk customers, such as an individual (or corporate entity) whose source of wealth and funds is unclear or who requires the setting up of complex structures. FIs should be able to demonstrate to the RAs that the extent of CDD and ongoing monitoring is appropriate in view of the customer’s ML/TF risks.

3.3 There are no universally accepted methodologies that prescribe the nature and extent of an RBA. However, an effective RBA does involve identifying and categorizing ML/TF risks at the customer level and establishing reasonable measures based on risks identified. An effective RBA will allow FIs to exercise reasonable business judgment with respect to their customers. An RBA should not be designed to prohibit FIs from engaging in transactions with customers or establishing business relationships with potential customers, but rather it should assist FIs to effectively manage potential ML/TF risks.

Customer acceptance / risk assessment 3.4 FIs may assess the ML/TF risks of individual customers by assigning a ML/TF risk

rating to their customers.


13

3.5 While there is no agreed upon set of risk factors and no one single methodology to

apply these risk factors in determining the ML/TF risk rating of customers, FIs are suggested to take the following factors into consideration when making the assessment: (i) country risk, (ii) customer risk, (iii) product/service risk and (iv) delivery/distribution channel risk. For the avoidance of doubt, the examples provided are not exhaustive. 1. Country risk Customers with residence in or connection with high-risk jurisdictions8 for example: (a) those that have been identified by the FATF as jurisdictions with strategic

AML/CFT deficiencies; (b) countries subject to sanctions, embargos or similar measures issued by, for

example, the United Nations; (c) countries which are vulnerable to corruption; and (d) those countries that are believed to have strong links to terrorist activities. In assessing country risk associated with a customer, regard should be had to local legislation (United Nations Sanctions Ordinance (UNSO), UNATMO), data available from the United Nations, the International Monetary Fund, the World Bank, the FATF, etc. and the FI’s own experience or the experience of other group entities (where the FI is part of a multi-national group) which may have indicated weaknesses in other jurisdictions. 2. Customer risk The following are examples of customers who might be considered to carry lower ML/TF risks: (a) customers who are employment-based or with a regular source of income from a

known legitimate source which supports the activity being undertaken; and (b) the reputation of the customer, e.g. a well-known, reputable private company,

with a long history that is well documented by independent sources, including information regarding its ownership and control.

However, some customers, by their nature or behaviour might present a higher risk of ML/TF. Factors might include: (a) the public profile of the customer indicating involvement with, or connection to,

PEPs; (b) complexity of the relationship, including use of corporate structures, trusts and

the use of nominee and bearer shares where there is no legitimate commercial rationale;

(c) a request to use numbered accounts or undue levels of secrecy with a transaction; (d) involvement in cash-intensive businesses; (e) nature, scope and location of business activities generating the funds/assets,

8 Guidance on jurisdictions that do not or insufficiently apply the FATF’s Recommendations or

otherwise pose a higher risk is provided at paragraphs 4.15.


14

having regard to sensitive or high-risk activities; and (f) where the origin of wealth (for high risk customers and PEPs) or ownership

cannot be easily verified. 3. Product/service risk The products or services the customer is using should also be considered. Factors presenting higher risk might include: (a) services that inherently have provided more anonymity; (b) ability to pool underlying customers/funds; and (c) ability to use hold mail or mail forwarding facilities. 4. Delivery / distribution channel risk The distribution channel for products may alter the risk profile of a customer. This may include sales through online, postal or telephone channels where a non-face-to-face account opening approach is used. Business sold through agencies or intermediaries may also increase risk as the business relationship between the customer and an FI may become indirect.

Ongoing review 3.6 The identification of higher risk customers, products and services, including delivery

channels, and geographical locations are not static assessments. They will change over time, depending on how circumstances develop, and how threats evolve. In addition, while a risk assessment should always be performed at the inception of a customer relationship, for some customers, a comprehensive risk profile may only become evident once the customer has begun transacting through an account, making monitoring of customer transactions and on-going reviews a fundamental component of a reasonably designed RBA. An FI may therefore have to adjust its risk assessment of a particular customer from time to time or based upon information received from a competent authority, and review the extent of the CDD and ongoing monitoring to be applied to the customer.

3.7 FI’s should keep its policies and procedures under regular review and assess that its risk mitigation procedures and controls are working effectively.

Documenting risk assessment 3.8 An FI should keep records and relevant documents of the risk assessment covered in

this Chapter so that it can demonstrate to the RAs, among others: (a) how it assesses the customer’s ML/TF risk; and (b) the extent of CDD and ongoing monitoring is appropriate based on that

customer’s ML/TF risk.


15

Chapter 4 - CUSTOMER DUE DILIGENCE

4.1 Introduction to CDD 4.1.1 The AMLO defines what CDD measures are (see paragraph 4.1.3) and also prescribes

the circumstances in which an FI must carry out CDD (see paragraph 4.1.9). As indicated in the AMLO, FIs may also need to conduct additional measures (referred to as enhanced customer due diligence (EDD) hereafter) or could conduct simplified customer due diligence (SDD) depending on specific circumstances. This section sets out the expectations of RAs in this regard and suggests ways that these expectations may be met. Wherever possible, the guideline gives FIs a degree of discretion in how they comply with the AMLO and put in place procedures for this purpose.

4.1.2 CDD information is a vital tool for recognising whether there are grounds for knowledge or suspicion of ML/TF.

s.2, Sch. 2 4.1.3 The following measures are CDD measures applicable to an FI: (a) identify the customer and verify the customer’s identity using reliable,

independent source documents, data or information (see paragraphs 4.2); (b) where there is a beneficial owner in relation to the customer, identify and take

reasonable measures to verify the beneficial owner’s identity so that the FI is satisfied that it knows who the beneficial owner is, including in the case of a legal person or trust9, measures to enable the FI to understand the ownership and control structure of the legal person or trust (see paragraphs 4.3);

(c) obtain information on the purpose and intended nature of the business relationship (if any) established with the FI unless the purpose and intended nature are obvious (see paragraphs 4.6); and

(d) if a person purports to act on behalf of the customer: (i) identify the person and take reasonable measures to verify the person’s

identity using reliable and independent source documents, data or information; and

(ii) verify the person’s authority to act on behalf of the customer (see paragraphs 4.4).

4.1.4 The term ‘customer’ is not defined in the AMLO. Its meaning should be inferred

from its everyday meaning and in the context of the industry practice.

4.1.4a For the insurance industry, the term “customer” refers to policy holder.

4.1.5 In determining what constitutes reasonable measures to verify the identity of a beneficial owner and reasonable measures to understand the ownership and control structure of a legal person or trust, the FI should consider and give due regard to the ML/TF risks posed by a particular customer and a particular business relationship. Due consideration should also be given to the measures set out in Chapter 3.

9 For the purpose of this guideline, a trust means an express trust or any similar arrangement (e.g.:

foundation) for which a legal-binding document (i.e. a trust deed or in any other forms) is in place.


16

4.1.6 FIs should adopt a balanced and common sense approach with regard to customers connected with jurisdictions which do not or insufficiently apply the FATF recommendations (see paragraphs 4.15). While extra care may well be justified in such cases, unless a RA has, through a ‘notice in writing’, imposed a general or specific requirement (see paragraph 4.16.1), it is not a requirement that FIs should refuse to do any business with such customers or automatically classify them as high risk and subject them to EDD process. Rather, FIs should weigh all the circumstances of the particular situation and assess whether there is a higher than normal risk of ML/TF.

s.1, Sch. 2 4.1.7 ‘Business relationship’ between a person and an FI is defined in the AMLO as a business, professional or commercial relationship: (a) that has an element of duration; or (b) that the FI, at the time the person first contacts it in the person’s capacity as a

potential customer of the FI, expects to have an element of duration.

s.1, Sch. 2

4.1.8 The term “occasional transaction” is defined in the AMLO as a transaction between an FI and a customer who does not have a business relationship with the FI.10

s.3(1), Sch. 2

4.1.9 CDD requirements should apply: (a) at the outset of a business relationship; (b) before performing any occasional transaction11:

(i) equal to or exceeding an aggregate value of $120,000, whether carried out in a single operation or several operations that appear to the FI to be linked; or

(ii) a wire transfer equal to or exceeding an aggregate value of $8,000, whether carried out in a single operation or several operations that appear to the FI to be linked;

(c) when the FI suspects that the customer or the customer’s account is involved in ML/TF12; or

(d) when the FI doubts the veracity or adequacy of any information previously obtained for the purpose of identifying the customer or for the purpose of verifying the customer’s identity.

4.1.10 FIs should be vigilant to the possibility that a series of linked occasional transactions

could meet or exceed the CDD thresholds of $8,000 for wire transfers and $120,000 for other types of transactions. Where FIs become aware that these thresholds are met or exceeded, full CDD procedures must be applied .

4.1.11 The factors linking occasional transactions are inherent in the characteristics of the transactions – for example, where several payments are made to the same recipient from one or more sources over a short period, where a customer regularly transfers funds to one or more destinations. In determining whether the transactions are in fact linked, FIs should consider these factors against the timeframe within which the transactions are conducted.

10 It should be noted that ‘occasional transactions’ do not apply to the insurance and securities sectors. 11 Occasional transactions may include for example, wire transfers, currency exchanges, purchase of

cashier orders or gift cheques. 12 This criterion applies irrespective of the $120,000 threshold.


17

4.2 Identification and verification of the customer’s identity s.2(1)(a), Sch. 2

4.2.1 The FI must identify the customer and verify the customer’s identity by reference to documents, data or information provided by a reliable and independent source: (a) a governmental body; (b) the RA or any other RA; (c) an authority in a place outside Hong Kong that performs functions similar to

those of the RA or any other RA; or (d) any other reliable and independent source13 that is recognized by the RA.

4.3 Identification and verification of a beneficial owner s.1 & s.2(1)(b), Sch. 2

4.3.1 A beneficial owner is normally an individual who ultimately owns or controls the customer or on whose behalf a transaction or activity is being conducted. In respect of a customer who is an individual (i.e. a natural person who is not acting in an official capacity on behalf of a legal person or trust), the customer himself is normally the beneficial owner. However, FIs should still ask whether the customer is acting on behalf of another person.

4.3.2 Where an individual is identified as a beneficial owner, the FI should endeavour to obtain the same identification information (as for an individual customer) about that beneficial owner, in case this is not possible, at least the individual’s name, nationality, date of birth and address.

4.3.3 The verification requirements under the AMLO are, however, different for a customer and a beneficial owner.

4.3.4 The obligation to verify the identity of a beneficial owner is for the FI to take reasonable measures, based on its assessment of the ML/TF risks, so that it is satisfied that it knows who the beneficial owner is.

s.1 & s.2(2), Sch. 2

4.3.5 FIs should identify all beneficial owners of a customer. In relation to verification of beneficial owners’ identities, except where a situation referred to in section 15 of Schedule 2 exists (‘high risk’), the AMLO requires FIs to take reasonable measures to verify the identity of any beneficial owners owning or controlling 25% or more of the voting rights or shares, etc. of a corporation, partnership or trust. In high risk situations referred to in section 15 of Schedule 2, the threshold for the requirement is 10%.14

4.3.6 In the case of trusts, the beneficiaries may be defined as a class of persons who may benefit from the trust. Where only a class of persons is available for identification, the FI should ascertain and name the scope of the class (e.g. children of a named individual) and measures should be put in place to facilitate the verification of the identity of these individuals when the FI becomes aware of any payment out of the trust account made to the beneficiaries.

13 See Appendix A. 14 In circumstances where an existing customer is reclassified as high-risk under section 15 of Schedule

2, FIs may consider delaying taking reasonable measures to verify the beneficial owner’s identity according to the enhanced threshold (i.e. remediate from 25% to 10%) where a risk of tipping-off exists.


18

4.4 Identification and verification of a person purporting to act on behalf of the customer s.2(1)(d), Sch.2

4.4.1 If a person purports to act on behalf of the customer, FIs must: (i) identify the person and take reasonable measures to verify the person’s identity

on the basis of documents, data or information provided by- (A) a governmental body; (B) the relevant authority or any other relevant authority; (C) an authority in a place outside Hong Kong that performs functions similar

to those of the relevant authority or any other relevant authority; or (D) any other reliable and independent source that is recognised by the relevant

authority; and (ii) verify the person’s authority to act on behalf of the customer.

s.2(1)(d), Sch. 2

4.4.2 FIs should obtain written authority (e.g. the board resolution or similar power of attorney) to verify that the individual purporting to represent the customer is authorized to do so.

4.4.3 In taking reasonable measures to verify the identity of persons purporting to act on behalf of customers (e.g. authorized account signatories and attorneys), the FI should refer to the documents and other means listed in Appendix A wherever possible. As a general rule FIs should verify the identity of those authorized to give instructions for the movement of funds or assets.

4.4a Special requirements for insurance policies

s.11(1), Sch. 2

4.4a 1 An II must, whenever a beneficiary or a new beneficiary is identified or designated by the policy holder of an insurance policy:

(a) if the beneficiary is identified by name, record the name of the beneficiary; (b) if the beneficiary is designated by description (e.g. by characteristics or by

class) or other means (e.g. under a will), obtain sufficient information about the beneficiary to satisfy itself that it will be able to establish the identity of the beneficiary: (i) at the time the beneficiary exercises a right vested in the beneficiary

under the insurance policy; or (ii) at the time of payout or, if there is more than one payout, the time of the

first payout to the beneficiary in accordance with the terms of the insurance policy,

whichever is the earlier.

s.11(2), Sch. 2

4.4a.2 An II must carry out the measures specified in paragraphs 4.4a.3 and 4.4a.4:

(a) at the time a beneficiary exercises a right vested in the beneficiary under an insurance policy; or

(b) at the time of payout or, if there is more than one payout, the time of the first payout to a beneficiary in accordance with the terms of an insurance policy,

whichever is the earlier.


19

s.11(3)(a), Sch. 2

4.4a.3 An II must verify the beneficiary’s identity by reference to documents, data or information provided by a reliable and independent source:

(a) a governmental body; (b) the RA or any other RA; (c) an authority in a place outside Hong Kong that performs functions similar to

those of the RA or any other RA; or (d) any other reliable and independent source that is recognized by the RA.

s.11(3)(b), Sch. 2

4.4a.4 Where the beneficiary is a legal person or trust, an II must:

(i) identify its beneficial owners; and (ii) if there is a high risk of ML or TF having regard to the particular

circumstances of the beneficial owners, take reasonable measures to verify the beneficial owners’ identities so that the II knows who the beneficial owners are.

4.4a.5 Where an II is unable to comply with paragraphs 4.4a.1 to 4.4a.4 above, it should

consider making a suspicious transaction report.

4.4a.6 If payments made under the terms of the policy are to be paid to persons or companies other than the customers or beneficiaries, then the proposed recipients of these monies should also be the subjects of identification and verification.

4.4b Requirements for reinsurance

4.4b.1 Reinsurers are subject to the CDD and record keeping requirements set out in Schedule 2. The customers in relation to whom the reinsurers should carry out the CDD measures are the ceding insurers.

4.5 Characteristics and evidence of identity 4.5.1 It should be appreciated that no form of identification can be fully guaranteed as

genuine or representing correct identity and FIs should recognise that some types of documents are more easily forged than others. If suspicions are raised in relation to any document offered, FIs should take whatever practical and proportionate steps are available to establish whether the document offered is genuine, or has been reported as lost or stolen. This may include searching publicly available information, approaching relevant authorities (such as the Immigration Department through its hotline) or requesting corroboratory evidence from the customer. Where suspicion cannot be eliminated, the document should not be accepted and consideration should be given to making a report to the authorities. Where documents are in a foreign language, appropriate steps should be taken by the FI to be reasonably satisfied that the documents in fact provide evidence of the customer’s identity. Appropriate steps would include ensuring that staff assessing such documents are proficient in the language or obtaining a translation from a suitably qualified person.

4.6 Purpose and intended nature of business relationship s.2(1)(c), Sch. 2

4.6.1 An FI must understand the purpose and intended nature of the business relationship. In some instances, this will be self-evident, but in many cases, the FI may have to obtain information in this regard.


20

4.6.2 Unless the purpose and intended nature are obvious, FIs should obtain satisfactory information from all new customers as to the intended purpose and reason for opening the account or establishing the business relationship, and record the information on the account opening documentation. Depending on the FI’s risk assessment of the situation, information that might be relevant may include: (a) nature and details of the business/occupation/employment; (b) the anticipated level and nature of the activity that is to be undertaken through the

relationship (e.g. what the typical transactions are likely to be); (c) location of customer; (d) the expected source and origin of the funds to be used in the relationship; and (e) initial and ongoing source(s) of wealth or income, for example by obtaining

copies of recent and current statements.

4.6.3 This requirement also applies in the context of non-residents. While the vast majority of non-residents seek business relationships with FIs in Hong Kong for perfectly legitimate reasons, some non-residents may represent a higher risk for ML/TF. An FI should satisfy itself, that there is a bona-fide rationale for a non-resident to seek to establish a business relationship in Hong Kong. Based on its risk assessment, the FI should also consider subjecting accounts maintained by non-residents to EDD and enhanced monitoring.

4.7 Timing of identification and verification of identity General requirement s.3(1), Sch. 2

4.7.1 An FI must complete the CDD process before establishing any business relationship or before carrying out a specified occasional transaction (exceptions are set out at paragraph 4.7.4).

s.3(4), Sch.2

4.7.2 Where the FI is unable to complete the CDD process in accordance with paragraph 4.7.1, it must not establish a business relationship or carry out any occasional transaction with that customer and should assess whether this failure provides grounds for knowledge or suspicion of ML/TF and a report to the JFIU is appropriate.

Delayed identity verification during the establishment of a business relationship 4.7.3 Customer identification information (and information on any beneficial owners) and

information about the purpose and intended nature of the business relationship should be obtained before the business relationship is entered into.

s.3(2), (3) & (4)(b), Sch. 2

4.7.4 However, FIs may, exceptionally, verify the identity of the customer and any beneficial owner after establishing the business relationship, provided that: (a) any risk of ML/TF arising from the delayed verification of the customer’s or

beneficial owner’s identity can be effectively managed; (b) it is necessary not to interrupt the normal course of business with the customer; (c) verification is completed as soon as reasonably practicable; and (d) the business relationship will be terminated if verification cannot be completed as

soon as reasonably practicable.


21

4.7.5 Examples of situations where it may be necessary not to interrupt the normal conduct of business include:

(a) securities transactions – in the securities industry, companies and intermediaries may be required to perform transactions very rapidly, according to the market conditions at the time the customer is contacting them, and the performance of the transaction may be required before verification of identity is completed; and

(b) life insurance business – in relation to identification and verification of the beneficiary under the policy. This may take place after the business relationship with the policyholder is established, but in all such cases, identification and verification should occur at or before the time of payout or the time when the beneficiary intends to exercise vested rights under the policy

4.7.5a Having considered the difficulty for IIs to obtain copies of the identification

documents of individual customers when the sales process occurs outside the office, IIs may obtain and keep copies of the identification documents after having established the business relationship provided that the ML/TF risks are effectively managed. In all such circumstances, copies of identification documents of individual customers should be obtained and copied for retention in the reasonable timeframe as stated in paragraph 4.7.8 or at or before the time of payout, whichever is the earlier.

4.7.6 Where a customer is permitted to utilise the business relationship prior to verification, FIs should adopt appropriate risk management policies and procedures concerning the conditions under which this may occur. These policies and procedures should include: (a) establishing timeframes for the completion of the identity verification measures; (b) requiring senior management to monitor such relationships pending completion

of the identity verification; (c) obtaining all other necessary CDD information; (d) ensuring verification of identity is carried out as soon as it is reasonably

practicable; (e) advising the customer of the FI’s obligation to terminate the relationship at any

time on the basis of non-completion of the verification measures; (f) placing appropriate limits on the number of transactions and type of transactions

that can be undertaken pending verification; and (g) ensuring that funds are not paid out to any third party, (other than to invest or

deposit funds on behalf of the customer until identity verification is completed). Exceptions15 may be made to allow payments to third parties subject to the following conditions:

(i) there is no suspicion of ML/TF; (ii) the risk of ML/TF is assessed to be low; (iii) the transaction is approved by senior management, who should take

account of the nature of the business of the customer before approving the transaction; and

15 It should be noted that the exceptions do not apply to insurance sector.


22

(iv) the names of recipients do not match with watch lists such as those for terrorist suspects and PEPs.

4.7.7 The FI must not use this concession for the circumvention of CDD procedures, in

particular, where it: (a) has knowledge or a suspicion of ML/TF; (b) becomes aware of anything which causes it to doubt the identity or intentions of

the customer or beneficial owner; or (c) the business relationship is assessed to pose a higher risk.

Failure to complete verification of identity s.3(4)(b), Sch. 2

4.7.8 Verification of identity should be concluded within a reasonable timeframe. Where verification cannot be completed within such a period, the FI should as soon as reasonably practicable suspend or terminate the business relationship unless there is a reasonable explanation for the delay. Examples of reasonable timeframe are: (a) the FI completing such verification no later than 30 working days after the

establishment of business relations; (b) the FI suspending business relations with the customer and refraining from

carrying out further transactions (except to return funds to their sources, to the extent that this is possible) if such verification remains uncompleted 30 working days16 after the establishment of business relations; and

(c) the FI terminating business relations with the customer if such verification remains uncompleted 120 working days after the establishment of business relations.

s.25A, DTROP & OSCO, s.12, UNATMO

4.7.9 The FI should assess whether this failure provides grounds for knowledge or suspicion of ML/TF and a report to the JFIU is appropriate.

4.7.10 Wherever possible, when terminating a relationship where funds or other assets have been received, the FI should return the funds or assets to the source from which they were received. In general, this means that the funds or assets should be returned to the customer/account holder but this may not always be possible.

4.7.11 FIs must guard against the risk of ML/TF since this is a possible means by which funds can be “transformed”, e.g. from cash into a cashier order. Where the customer requests that money or other assets be transferred to third parties, the FI should assess whether this provides grounds for knowledge or suspicion of ML/TF and a report to the JFIU is appropriate.

Keeping customer information up-to-date s.5(1)(a), Sch. 2

4.7.12 Once the identity of a customer has been satisfactorily verified, there is no obligation to re-verify identity (unless doubts arise as to the veracity or adequacy of the evidence previously obtained for the purposes of customer identification); however, FIs should take steps from time to time to ensure that the customer information that has been

16 For address proof, this period may be extended to 90 working days.


23

obtained for the purposes of complying with the requirements of sections 2 and 3 of Schedule 2 are up-to-date and relevant. To achieve this, an FI should undertake periodic reviews of existing records of customers. An appropriate time to do so is upon certain trigger events. These include: (a) when a significant transaction17 is to take place; (b) when a material change18 occurs in the way the customer’s account is operated,19; (c) when the FIs customer documentation standards change substantially; or (d) when the FI is aware that it lacks sufficient information about the customer

concerned.

In all cases, the factors determining the period of review or what constitutes a trigger event should be clearly defined in the FIs’ policy and procedures.

4.7.12a Examples of trigger events after establishment of an insurance contract may include:

(a) there is change in beneficiaries (for instance, to include non-family members, request for payments to persons other than beneficiaries);

(b) there is significant increase in the amount of sum insured or premium payment that appears unusual in the light of the income of the policy holder;

(c) there is use of cash and/or payment of large single premiums; (d) there is payment/surrender by a wire transfer from/to foreign parties; (e) there is payment by banking instruments which allow anonymity of the

transaction; (f) there is change of address and/or place of residence of the policy holder

and/or beneficial owner; (g) there are lump sum top-ups to an existing life insurance contract; (h) there are lump sum contributions to personal pension contracts; (i) there are requests for prepayment of benefits; (j) there is use of the policy as collateral/security (for instance, unusual use of

the policy as collateral unless it is clear that it is required for financing of a mortgage by a reputable financial institution);

(k) there is change of the type of benefit (for instance, change of type of payment from an annuity into a lump sum payment);

(l) there is early surrender of the policy or change of the duration (where this causes penalties or loss of tax relief);

(m) there is request for payment of benefits at the maturity date; (n) the II is aware that it lacks sufficient information about the customer and/or

beneficial owner; (o) there is a suspicion of ML and TF; or (p) benefits from one insurance policy are used to fund the premium payments of

the insurance policy of another unrelated person.

17 The word “significant” is not necessarily linked to monetary value. It may include transactions that

are unusual or not in line with the FI’s knowledge of the customer. 18 For example, an existing customer applying to open a new account may constitute a material change. 19 Reference should also be made to section 6 of Schedule 2 ‘Provisions relating to Pre-Existing

Customers’.


24

4.7.13 All high-risk customers (excluding dormant accounts) should be subject to a minimum of an annual review, and more frequently if deemed necessary by the FI, of their profile to ensure the CDD information retained remains up-to-date and relevant. FIs should however clearly define what constitutes a dormant account in their policy and procedures.

4.8 Natural Persons Identification s.2 & 3, Sch. 2

4.8.1 FIs should collect the following identification information in respect of personal customers and other natural persons, including connected parties of a legal person, who need to be identified: (a) legal name, any former names and any other names used; (b) residential address (and permanent address if different); (c) date of birth; (d) nationality; and (e) identity document type and number.

Verification (Hong Kong residents) s.2(1)(a), Sch. 2

4.8.2 For Hong Kong permanent residents, FIs should verify an individual’s name, date of birth and identity card number by reference to their Hong Kong identity card. FIs should retain a copy of the individual’s identity card.

4.8.3 For children born in Hong Kong who are under the age of 12 and not in possession of a valid travel document or Hong Kong identity card, the child’s identity should be verified by reference to their Hong Kong birth certificate. Whenever establishing business relationships with a minor, the identity of the minor’s parent or guardian representing or accompanying the minor should be recorded and verified in accordance with the above requirements.

4.8.4 For non-permanent residents, FIs should verify the individual’s identity, including name, date of birth, identity card number by reference to their Hong Kong identity card. FIs should verify the individual’s nationality by reference to: (a) a valid travel document; (b) a relevant national (i.e. government or state-issued) identity card bearing the

individual’s photograph; or (c) any government or state-issued document which certifies nationality. FIs should retain a copy of the above documents.

Verification (non-residents) s.2(1)(a), Sch. 2

4.8.5 For non-residents who are physically present in Hong Kong for verification purposes, FIs should verify an individual’s name, date of birth, nationality and travel document number and type by reference to a valid travel document (e.g. an unexpired international passport). In this respect the FI should retain a copy of the ‘biodata’ page which contains the bearer’s photograph and biographical details.


25

s.2(1)(a), Sch.2

4.8.6 For non-residents who are not physically present in Hong Kong for verification purposes, FIs should verify the individual’s identity, including name, date of birth, nationality, identity or travel document number and type by reference to: (a) a valid travel document; (b) a relevant national (i.e. government or state-issued) identity card bearing the

individual’s photograph; (c) a valid national driving license bearing the individual’s photograph; or (d) any applicable alternatives mentioned in Appendix A.

s.9, Sch.2 4.8.7 In respect of paragraph 4.8.6 above, where a customer has not been physically present for identification purposes, an FI must also carry out the measures at section 9 of Schedule 2, with reference to the guidance provided at paragraphs 4.12.

Address verification 4.8.8 An FI should verify the address of a direct customer with whom it establishes a

business relationship as this is useful for verifying an individual’s identity and background.

4.8.9 FIs may adopt a risk-based approach to determine the need to verify the address of a beneficial owner, other relevant individuals associated with the relationship or transaction, connected parties and occasional customers. Where the obligation to verify the address of these parties arises, the FI should take reasonable measures to verify the address of these parties, taking account of the number of individuals, the nature and distribution of the interests in the entity and the nature and extent of any business, contractual or family relationship between them.

4.8.10 For avoidance of doubt, it is the trustee of the trust who will enter into a business relationship or carry out a transaction on behalf of the trust and who will be considered to be the customer. The address of the trustee in a direct customer relationship should therefore always be verified.

4.8.11 Methods for verifying residential addresses may include obtaining: (a) a recent utility bill (except mobile telephone bills, as such service has no

connection to the registered address) issued within the last 3 months; (b) recent correspondence from a Government department or agency (i.e. issued

within the last 3 months); (c) bank statements, issued by an authorised institution within the last 3 months; (d) a record of a personal visit to the residential address by a staff member of the FI; (e) a letter from an immediate family member at which the individual resides

confirming that the applicant lives at that address in Hong Kong, setting out the relationship between the applicant and the immediate family member, together with evidence that the immediate family member resides at the same address (for persons such as students and housewives who are unable to provide proof of address of their own name);

(f) a letter from a Hong Kong nursing or residential home for the elderly or


26

disabled, which an FI is satisfied that it can place reliance on, confirming the residence of the applicant;

(g) a letter from a Hong Kong university or college, which an FI is satisfied that it can place reliance on, that confirms residence at a stated address;

(h) a Hong Kong tenancy agreement which has been duly stamped by the Inland Revenue Department;

(i) a current Hong Kong domestic helper employment contract (I.D 407) stamped by an appropriate Consulate and the name of the employer should correspond with the applicant’s visa endorsement in their passport;

(j) a letter from a Hong Kong employer together with proof of employment, which an FI is satisfied that it can place reliance on, that confirms residence at a stated address in Hong Kong, and indicates the expected duration of employment. In the case of a migrant worker, details of the worker’s principal residential address in their country of origin should also be recorded;

(k) a lawyer’s confirmation of property purchase, or legal document recognising title to property;

(l) for non-Hong Kong residents, a government-issued photographic driving license or national identity card containing the current residential address or bank statements issued by a bank in an equivalent jurisdiction where the FI is satisfied that the address has been verified; and

(m) for non-Hong Kong residents, independent overseas electronic data sources, e.g. a search of the relevant electoral register (for high-risk relationships and transactions, performing (m) alone is not sufficient).

4.8.12 It is conceivable that FIs may not always be able to adopt any of the suggested

methods in the paragraph above. Examples include countries without postal deliveries and virtually no street addresses, where residents rely upon post office boxes or their employers for the delivery of mail. Some customers may simply be unable to produce evidence of address to the standard outlined above. In such circumstances FIs may, on a risk sensitive basis, adopt a common sense approach by adopting alternative methods such as obtaining a letter from a director or manager of a verified known overseas employer that confirms residence at a stated overseas address (or provides detailed directions to locate a place of residence). There may also be circumstances where a customer’s address is a temporary accommodation and where normal address verification documents are not available. For example, an expatriate on a short-term contract. FIs should adopt flexible procedures to obtain verification by other means, e.g. copy of contract of employment, or bank’s or employer’s written confirmation. FIs should exercise a degree of flexibility under special circumstances (e.g. where a customer is homeless). For the avoidance of doubt, a post office box address is not sufficient for persons residing in Hong Kong or corporate customers registered and/or operating in Hong Kong.

Other considerations 4.8.13 The standard identification requirement is likely to be sufficient for most situations.

If, however, the customer, or the product or service, is assessed to present a higher ML/TF risk because of the nature of the customer, his business, his location, or because of the product features, etc., the FI should consider whether it should require additional identity information to be provided, and/or whether to verify additional


27

aspects of identity.

4.8.14 Appendix A contains a list of documents recognised by the RAs as independent and reliable sources for identity verification purposes.

4.9 Legal Persons General 4.9.1 This section of the Guideline details the measures FIs should take when establishing a

business relationship, or performing an occasional transaction above the specified thresholds, whether it is a single operation or a series of operations, for customers other than natural persons.

4.9.2 For legal persons, the principal requirement is to look behind the customer to identify those who have ultimate control or ultimate beneficial ownership over the business and the customer’s assets. FIs would normally pay particular attention to persons who exercise ultimate control over the management of the customer.

s.2(1)(b), Sch. 2

4.9.3 In deciding who the beneficial owner is in relation to a legal person (i.e. the customer is not a natural person), the FI’s objective is to know who has ownership or control over the legal person which relates to the relationship, or who constitutes the controlling mind and management of any legal entity involved in the funds. Verifying the identity of the beneficial owner(s) should be carried out using reasonable measures based on a risk-based approach, following the guidance in Chapter 3.

4.9.4 Where the owner is another legal person or trust, the objective is to undertake reasonable measures to look behind that legal person or trust and to verify the identity of beneficial owners. What constitutes control for this purpose will depend on the nature of the institution, and may vest in those who are mandated to manage funds, accounts or investments without requiring further authorisation.

s.2(1)(b), Sch.2

4.9.5 For a customer other than a natural person, FIs should ensure that they fully understand the customer’s legal form, structure and ownership, and should additionally obtain information on the nature of its business, and the reasons for seeking the product or service unless the reasons are obvious.

s.5(1)(a) & s.6, Sch. 2

4.9.6 FIs should conduct reviews from time to time to ensure the customer information held is up-to-date and relevant; methods by which a review could be conducted include conducting company searches, seeking copies of resolutions appointing directors, noting the resignation of directors, or by other appropriate means.

4.9.7 Many entities operate internet websites, which contain information about the entity. FIs should bear in mind that this information, although helpful in providing much of the materials that an FI might need in relation to the customer, its management and business, is not independently verified.

Corporation Identification information


28

4.9.8 The information below should be obtained as a standard requirement; thereafter, on the basis of the ML/TF risk, an FI should decide whether further verification of identity is required and if so the extent of that further verification. The FI should also decide whether additional information in respect of the corporation, its operation and the individuals behind it should be obtained. An FI should obtain and verify the following information in relation to a customer which is a corporation: (a) full name; (b) date and place of incorporation; (c) registration or incorporation number; and (d) registered office address in the place of incorporation and address of principal

place of business/operations (if different from registered office).

4.9.9 In the course of verifying the customer’s information mentioned in paragraph 4.9.8, an FI should also obtain the following information20: (a) a copy of the certificate of incorporation or registration issued by the company

registry in the jurisdiction of incorporation; (b) a copy of the company’s memorandum and articles of association which

evidence the powers that regulate and bind the company; and (c) details of the ownership and structure control of the company, e.g. an ownership

chart.

s.2(1)(d), Sch. 2

4.9.10 FIs should obtain the board resolution or similar written authority (e.g. power of attorney) to verify that the individual purporting to represent the corporation is authorized to do so, in addition to recording and taking reasonable measures to verify the identity of that individual.

4.9.11 An FI should also: (a) identify and record the identity of all directors and verify the identity of at least

one director. Following the FI’s assessment of the ML/TF risks presented by the company, it may decide to verify the identity of additional directors as appropriate, in accordance with the guidance for individuals; and

(b) identify and record the identity of all beneficial owners, and take reasonable measures to verify the identity of: (i) all shareholders holding 25% (for normal risk circumstances) / 10% (for

high risk circumstances) or more of the voting rights or share capital; (ii) any individual who exercises ultimate control over the management of the

corporation; and (iii) any person on whose behalf the customer is acting.

4.9.12 FIs should perform a company registry search and obtain a full company search

report21 in respect of all locally incorporated private (i.e. non-listed) companies and companies incorporated in jurisdictions which have a public company registry to:

20 Examples given are not exhaustive. 21 Alternatively, the FI may obtain from the customer a certified true copy of a full company search

report.


29

(a) confirm the company is still registered and has not been dissolved, wound up,

suspended or struck off; (b) independently identify and verify the names of the directors and shareholders

recorded in the company registry in the place of incorporation; and (c) verify the company's registered office address in the place of incorporation.

4.9.13 In respect of a company incorporated in a jurisdiction that does not have a public company registry (e.g. British Virgin Islands) or has only a partially public registry (e.g. Bermuda), a certificate of incumbency or equivalent issued by the company’s registered agent in the place of incorporation should be obtained22.

Beneficial owners s.1, Sch.2 4.9.14 The AMLO defines beneficial owner in relation to a corporation as:

(i) an individual who –

(a) owns or controls, directly or indirectly, including through a trust or bearer share holding, not less than 10% of the issued share capital of the corporation;

(b) is, directly or indirectly, entitled to exercise or control the exercise of not less than 10% of the voting rights at general meetings of the corporation; or

(c) exercises ultimate control over the management of the corporation; or (ii) if the corporation is acting on behalf of another person, means the other person.

4.9.15 For companies with multiple layers in their ownership structures, an FI may demonstrate that it has an understanding of the ownership and control structure of the company and has fully identified the intermediate layers by obtaining a director’s declaration incorporating or annexing an ownership chart describing the intermediate layers (e.g. company name, place of incorporation, incorporation number, date of incorporation, etc.). The director’s declaration should also fully identify the beneficial owners and detail the rationale behind the particular structure employed.

4.9.16 While FIs need not, as a matter of routine, verify the details of the intermediate companies in the ownership structure of a company, complex ownership structures (structures involving multiple layers, different jurisdictions, trusts, etc.) without an obvious commercial purpose pose an increased risk and may require further steps to ensure that the FI is satisfied on reasonable grounds as to the identity of the beneficial owners.

4.9.17 The need to verify the intermediate corporate layers of the ownership structure of a company will therefore depend upon the FI’s overall understanding of the structure, its assessment of the risks and whether the information available is adequate in the circumstances for the FI to consider if it has taken adequate measures to identify the beneficial owners.

4.9.18 Where the ownership is dispersed, the FI should concentrate on identifying and taking reasonable measures to verify the identity of those who exercise ultimate control over the management of the company.

22 FIs may accept certified true copy of certificate of incumbency that is issued within 6 months.


30

Persons purporting to act on behalf of the customer s.2(1)(d), Sch. 2

4.9.19 Section 2(1)(d) of Schedule 2 requires FIs to identify and take reasonable measures to verify the identity of persons purporting to act on behalf of customers23 (e.g. authorized account signatories). The basic requirement is therefore to verify the identity of such persons by reference to the documents and other means listed in Appendix A wherever possible. According to section 2(1)(d)(i) of Schedule 2, FIs should identify the person and take reasonable measures to verify the person’s identity based on documents, data or information provided for in section 2(1)(d)(i)(A) to (C) of Schedule 2, or any other reliable and independent source that is recognized by the RA. FIs may on occasion encounter difficulties in verifying all signatories of customers such as listed companies that may have very long lists of authorized signatories, particularly if such customers are based outside Hong Kong. In such cases, FIs may adopt a risk-based approach in determining the appropriate measures to verify the person’s identity. For example, in respect of verification of account signatories related to a customer which is an FI or a listed company24, and the risk is considered as low, FIs could adopt a more streamlined approach in verifying the identities of the account signatories. The adoption of a signatory list, in which the identities of the account signatories have been verified by a department or person within that FI or listed company, which is independent to the persons whose identities are being verified (e.g. compliance, audit or human resources) may be sufficient to demonstrate reasonable measures. Another option, mainly relevant to overseas customers and which may be considered in conjunction with or separately from reducing the signatories list, is the use of intermediaries in accordance with section 18 of Schedule 2.

Partnerships and unincorporated bodies 4.9.20 Partnerships and unincorporated bodies, although principally operated by individuals

or groups of individuals, are different from individuals, in that there is an underlying business. This business is likely to have a different ML/TF risk profile from that of an individual.

s.1, Sch. 2 4.9.21 The AMLO defines beneficial owner, in relation to a partnership as: (i) an individual who

(a) is entitled to or controls, directly or indirectly, not less than a 10% share of the capital or profits of the partnership;

(b) is, directly or indirectly, entitled to exercise or control the exercise of not less than 10% of the voting rights in the partnership; or

(c) exercises ultimate control over the management of the partnership; or (ii) if the partnership is acting on behalf of another person, means the other person.

23 This only applies to persons who are able to give instructions concerning transfer of funds or assets

belonging to the customer. 24 Having regard to the advice provided at paragraphs 4.15.


31

s.1, Sch. 2 4.9.22 In relation to an unincorporated body other than a partnership, beneficial owner: (i) means an individual who ultimately owns or controls the unincorporated body;

or (ii) if the unincorporated body is acting on behalf of another person, means the other

person.

4.9.23 The FI should obtain the following information in relation to the partnership or unincorporated body: (a) the full name; (b) the business address; and (c) the names of all partners/principals who exercise control over the management of

the partnership or unincorporated body, and names of individuals who own or control not less than 10% of its capital or profits, or of its voting rights.

In cases where a formal partnership arrangement exists, a mandate from the partnership authorizing the opening of an account and conferring authority on those who will operate it should be obtained.

4.9.24 When establishing a business relationship with a partnership or unincorporated body operating a business in Hong Kong, FIs should verify the identity of the registered owners and operators.

4.9.25 The FI’s obligation is to verify the identity of the customer using evidence from a reliable and independent source. Where partnerships or unincorporated bodies are well-known, reputable organisations, with long histories in their industries, and with substantial public information about them, their partners/principals and controllers, confirmation of the customer’s membership of a relevant professional or trade association is likely to be sufficient to provide such reliable and independent evidence of the identity of the customer. This does not remove the need to take reasonable measures to verify the identity of the beneficial owners of the partnerships or unincorporated bodies.

4.9.26 Other partnerships and unincorporated bodies have a lower profile, and generally comprise a much smaller number of partners/principals. In verifying the identity of such customers, FIs should primarily have regard to the number of partners/principals. Where these are relatively few, the customer should be treated as a collection of individuals; where numbers are larger, the FI should decide whether it should continue to regard the customer as a collection of individuals, or whether it can be satisfied with evidence of membership of a relevant professional or trade association. In either case, FIs should obtain the partnership deed (or other evidence in the case of sole traders or other unincorporated bodies), to satisfy themselves that the entity exists, unless an entry in an appropriate national register may be checked.

4.9.27 In the case of associations, clubs, societies, charities, religious bodies, institutes, mutual and friendly societies, co-operative and provident societies, an FI should satisfy itself as to the legitimate purpose of the organisation, e.g. by requesting sight of the constitution.


32

Trusts General 4.9.28 A trust does not possess a separate legal personality. It cannot form business

relationships or carry out occasional transactions itself. It is the trustee who enters into a business relationship or carries out occasional transactions on behalf of the trust and who is considered to be the customer (i.e. the trustee is acting on behalf of a third party – the trust and the individuals concerned with the trust).

s.1, Sch. 2 4.9.29 The AMLO defines the beneficial owner, in relation to a trust as: (i) an individual who is entitled to a vested interest in not less than 10% of the

capital of the trust property, whether the interest is in possession or in remainder or reversion and whether it is defeasible or not;

(ii) the settlor of the trust; (iii) a protector or enforcer of the trust; or (iv) an individual who has ultimate control over the trust (this would include the

trustee in situations where the trustee is not the direct customer).

4.9.30 FIs should collect the following identification information in respect of a trust on whose behalf the trustee (i.e. the customer) is acting: (a) the name of the trust; (b) date of establishment / settlement; (c) the jurisdiction whose laws govern the arrangement, as set out in the trust

instrument; (d) the identification number (if any) granted by any applicable official bodies (e.g.

tax identification number or registered charity or non-profit organization number);

(e) identification information of trustee(s) - in line with guidance for individuals or corporations);

(f) identification information of settlor(s) (including initial settlors and persons subsequent settling funds into the trust) and any protector(s) or enforcers in line with the guidance for individuals/corporations; and

(g) identification information of known beneficiaries. Known beneficiaries mean those persons or that class of persons who can, from the terms of the trust instrument, be identified as having a reasonable expectation of benefiting from the trust capital or income.

Verifying the trust and placing reliance on the trustees 4.9.31 An FI must verify the name and date of establishment of a trust and should obtain

appropriate evidence to verify the existence, legal form and parties to it, i.e. trustee, settlor, protector, beneficiary, etc. The beneficiaries should be identified as far as possible where defined and measures should be put in place to facilitate the verification of their identity at the time when the FI becomes aware of the distribution of trust property. If the beneficiaries are yet to be determined, the FI should concentrate on the identification of the settlor and/or the class of persons in whose interest the trust is set up. The most direct method of satisfying this requirement is to review the appropriate parts of the trust deed. Verification of the existence, legal form and parties to a trust should therefore,


33

wherever possible, be conducted by means of reviewing a copy of the trust instrument. In such circumstances, a redacted copy should be retained on file to evidence the existence and parties to the trust. Where this is not reasonably available, reasonable measures to verify this information, having regard to the ML/TF risk, may include : (a) a written declaration/confirmation from a trustee acting in a professional

capacity25; or (b) a written declaration/confirmation from a lawyer who has reviewed the relevant

instrument.

The person mentioned in (a) and (b) above should fulfil the requirements of section 18(3) of Schedule 2. For the avoidance of doubt, reasonable measures are still required to be taken to verify the actual identity of the individual parties (i.e. trustee, settlor, protector, beneficiary, etc.).

4.9.32 An FI should verify the identity of the beneficiaries when the FI becomes aware of any payment out of the trust account made to the beneficiaries . This includes where payments are made directly to beneficiaries and when payments are made to the trustees. In the latter case, FIs should establish whether the payment is intended for a beneficiary of a trust and if so obtain verification documents.

4.9.33 Particular care should be taken in relation to trusts created in jurisdictions where there is no money laundering legislation similar to Hong Kong.

Other considerations 4.9.34 Appendix A contains a list of documents recognised by the RAs as independent and

reliable sources for identity verification purposes.

4.10 Simplified customer due diligence (SDD) General 4.10.1 The AMLO defines what CDD measures are and also prescribes the circumstances in

which an FI must carry out CDD. SDD means that application of full CDD measures is not required. In practice, this means that FIs are not required to identify and verify the beneficial owner. However, other aspects of CDD must be undertaken and it is still necessary to conduct ongoing monitoring of the business relationship. FIs must have reasonable grounds to support the use of SDD and may have to demonstrate these grounds to the relevant RA.

s.3(1)(d) & (e), s.4(1), (3), (5) & (6), Sch 2.

4.10.2 Nonetheless, SDD must not be applied when the FI suspects that the customer, the customer’s account or the transaction is involved in ML/TF, or when the FI doubts the veracity or adequacy of any information previously obtained for the purpose of identifying the customer or verifying the customer’s identity, notwithstanding when the customer, the product, and account type falls within paragraphs 4.10.3, 4.10.16

25 “Trustees acting in their professional capacity” in this context means that they act in the course of a

profession or business which consists of or includes the provision of services in connection with the administration or management of trusts (or a particular aspect of the administration or management of trusts).


34

and 4.10.18 below.

s.4(3), Sch 2.

4.10.3 The AMLO defines customers to whom SDD may be applied as follows: (a) an FI as defined in the AMLO; (b) an institution that-

(i) is incorporated or established in an equivalent jurisdiction (see paragraphs 4.20);

(ii) carries on a business similar to that carried on by an FI; (iii) has measures in place to ensure compliance with requirements similar to

those imposed under Schedule 2; and (iv) is supervised for compliance with those requirements by an authority in that

jurisdiction that performs functions similar to those of any of the RAs; (c) a corporation listed on any stock exchange (“listed company”); (d) an investment vehicle where the person responsible for carrying out measures

that are similar to the CDD measures in relation to all the investors of the investment vehicle is- (i) an FI; (ii) an institution incorporated or established in Hong Kong, or in an equivalent

jurisdiction that- i. has measures in place to ensure compliance with requirements similar to

those imposed under Schedule 2; and ii. is supervised for compliance with those requirements.

(e) the Government or any public body in Hong Kong; or (f) the government of an equivalent jurisdiction or a body in an equivalent

jurisdiction that performs functions similar to those of a public body.

s.4(2), Sch 2.

4.10.4 If a customer not falling within section 4(3) of Schedule 2 has in its ownership chain an entity that falls within that section, the FI is not required to identify or verify the beneficial owners of that entity in that chain when establishing a business relationship with or carrying out an occasional transaction for the customer. However, FIs should still identify and take reasonable measures to verify the identity of beneficial owners in the ownership chain that are not connected with that entity.

s.2(1)(a), (c) & (d), Sch 2.

4.10.5 For avoidance of doubt, the FI must still: (a) identify the customer and verify the customer’s identity; (b) if a business relationship is to be established and its purpose and intended nature

are not obvious, obtain information on the purpose and intended nature of the business relationship with the FI; and

(c) if a person purports to act on behalf of the customer, (i) identify the person and take reasonable measures to verify the person’s

identity; and (ii) verify the person’s authority to act on behalf of the customer,

in accordance with the relevant requirements stipulated in this Guideline.

Local and foreign financial institution s.4(3)(a) & (b),

4.10.6 FIs may apply SDD to a customer that is an FI as defined in the AMLO, or an institution that carries on a business similar to that carried on by an FI and meets the


35

Sch. 2 criteria set out in section 4(3)(b) of Schedule 2. If the customer does not meet the criteria, the FI must carry out all the CDD measures set out in section 2 of Schedule 2. FIs may apply SDD to a customer that is an FI as defined in the AMLO that opens an account in the name of a nominee company for holding fund units on behalf of the second-mentioned FI or the underlying customers of the fund, provided that the second-mentioned FI has conducted CDD on the underlying customers and is authorised to operate the account, as evidenced by contractual document or agreement.

4.10.7 For ascertaining whether the institution meets the criteria set out in section 4(3)(a) & (b) of Schedule 2, it will generally be sufficient for an FI to verify that the institution is on the list of authorized (and supervised) FIs in the jurisdiction concerned.

Listed company s.4(3)(c), Sch. 2

4.10.8 FIs may perform SDD in respect of a corporate customer listed on a stock exchange26. This means FIs need not identify the beneficial owners of the listed company. In all other cases, FIs should follow the CDD requirements for a legal person set out in paragraphs 4.9 of this Guideline.

4.10.9 FIs should identify and record the identities of all directors. FIs may adopt a risk-based approach in determining whether it is necessary to verify the identity of any of the directors of a listed company.

Investment vehicle s.4(3)(d), Sch. 2

4.10.10 FIs may apply SDD to a customer that is an investment vehicle if the FI is able to ascertain that the person responsible for carrying out measures that are similar to the CDD measures in relation to all the investors of the investment vehicle falls within any of the categories of institution set out in section 4(3)(d) of Schedule 2.

4.10.11 An investment vehicle may be in the form of a legal person or trust, and may be a collective investment scheme or other investment entity.

4.10.12 An investment vehicle whether or not responsible for carrying out CDD measures on the underlying investors under governing law of the jurisdiction in which the investment vehicle is established may, where permitted by law, appoint another institution (“appointed institution”), such as a trustee, an administrator, a transfer agent, a registrar or a custodian, to perform the CDD. Where the person responsible for carrying out the CDD measures (the investment vehicle or the appointed institution) falls within any of the categories of institution set out in section 4(3)(d) of Schedule 2, an FI may apply SDD to that investment vehicle provided that it is satisfied that the investment vehicle has ensured that there are reliable systems and controls in place to conduct the CDD (including identification and verification of the identity) on the underlying investors in accordance with the requirements set out in the Schedule 2.

4.10.13 For the avoidance of doubt, if neither the investment vehicle nor appointed institution fall within any of the categories of institution set out in section 4(3)(d) of Schedule 2,

26 Reference should be made to paragraphs 4.15.


36

the FI must identify any investor owning or controlling not less than 10% interest of the investment vehicle. Except where the investment vehicle is being operated for “private” use by a specific group of persons, the FI may, if it considers it appropriate to do so under its risk-based approach, rely on a written representation from the investment vehicle or appointed institution (as the case may be) responsible for carrying out the CDD stating, to its actual knowledge, the identities of such investors or (where applicable) there is no such investor in the investment vehicle. Where the FI accepts such a representation, this should be documented, retained, and subject to periodic review. Where investors owning or controlling more than 25% interest are identified, the FI must take reasonable measures to verify their identity itself.

Government and public body s.4(3)(e) & (f), Sch. 2

4.10.14 FIs may apply SDD to a customer that is the Hong Kong government, any public bodies in Hong Kong, the government of an equivalent jurisdiction or a body in an equivalent jurisdiction that performs functions similar to those of a public body.

s.1, Sch. 2 4.10.15 Public body includes: (a) any executive, legislative, municipal or urban council; (b) any Government department or undertaking; (c) any local or public authority or undertaking; (d) any board, commission, committee or other body, whether paid or unpaid,

appointed by the Chief Executive or the Government; and (e) any board, commission, committee or other body that has power to act in a

public capacity under or for the purposes of any enactment.

SDD in relation to specific products s.4(4) & (5), Sch. 2

4.10.16 FIs may apply SDD in relation to a customer if the FI has reasonable grounds to believe that the transaction conducted by the customer relates to any one of the following products: (a) a provident, pension, retirement or superannuation scheme (however described)

that provides retirement benefits to employees, where contributions to the scheme are made by way of deduction from income from employment and the scheme rules do not permit the assignment of a member’s interest under the scheme;

(b) an insurance policy for the purposes of a provident, pension, retirement or superannuation scheme (however described) that does not contain a surrender clause and cannot be used as a collateral; or

(c) a life insurance policy in respect of which: (i) an annual premium of no more than $8,000 or an equivalent amount in any

other currency is payable; or (ii) a single premium of no more than $20,000 or an equivalent amount in any

other currency is payable.

4.10.17 For the purpose of item (a) of paragraph 4.10.16, FIs may treat the employer, the trustee and any other person who has control over the business relationship including the administrator or the scheme manager, as the customer. FIs are not required to apply the provisions of section 2(1)(b) of Schedule 2 where the customer is a scheme falling within item (a) of paragraph 4.10.16. This means that they need not normally


37

identify the beneficial owners of the scheme, i.e. the employees and verify their identities. It is only necessary to conduct CDD on the customer of the FI.

Solicitor’s client accounts s.4(6), Sch. 2

4.10.18 If a customer of an FI is a solicitor or a firm of solicitors, the FI is not required to identify the beneficial owners of the client account opened by the customer, provided that the following criteria are satisfied: (a) the client account is kept in the name of the customer; (b) moneys or securities of the customer’s clients in the client account are mingled;

and (c) the client account is managed by the customer as those clients’ agent.

4.10.19 In addition to performing the normal CDD on the customer, when opening a client account for a solicitor or a firm of solicitors, FIs should establish the proposed use of the account, i.e. whether to hold co-mingled client funds or the funds of a specific client.

4.10.20 FI should obtain evidence to satisfy that the solicitor is authorized to practise in Hong Kong under the Legal Practitioners Ordinance (Cap. 159). FIs may assume that the solicitor has reliable and proper systems in place to identify each client and allocate the funds to the underlying client and apply SDD unless they become aware of any adverse information (e.g. adverse publicity or reprimand by the Law Society) to the contrary.

4.10.21 If a client account is opened on behalf of a single client or there are sub-accounts for each individual client where funds are not co-mingled at the FI, the FI should establish the identity of the underlying client(s) in addition to that of the solicitor opening the account.

4.11 High-risk situations s.15, Sch. 2

4.11.1 Section 15 of Schedule 2 specifies that an FI must, in any situation that by its nature presents a higher risk of ML/TF, take additional measures to mitigate the risk of ML/TF. Examples of higher risk customers may include, having regard to the identified ML/TF risks: (a) non-resident customers; (b) private banking; (c) legal persons or arrangements such as trusts that are personal assets holding

vehicles; and (d) companies that have nominee shareholders or shares in bearer form. Additional measures27 or EDD should be taken to mitigate the ML/TF risk involved, which for illustration purposes, may include: (a) obtaining additional information on the customer (e.g. connected accounts or

relationships) and updating more regularly the customer profile including the identification data;

27 Additional measures should be documented in the FI’s policy and procedures.


38

(b) obtaining additional information on the intended nature of the business relationship (e.g. anticipated account activity), the source of wealth and source of funds;

(c) obtaining the approval of senior management to commence or continue the relationship; and

(d) conducting enhanced monitoring of the business relationship, by increasing the number and timing of the controls applied and selecting patterns of transactions that need further examination.

4.12 Customer not physically present for identification purposes 4.12.1 FIs must apply equally effective customer identification procedures and on-going

monitoring standards for customers not physically present for identification purposes as for those where the customer is available for interview. Where a customer has not been physically present for identification purposes, FIs will generally not be able to determine that the documentary evidence of identity actually relates to the customer they are dealing with. Consequently, there are increased risks.

s.5(3)(a) & s.9, Sch. 2

4.12.2 The AMLO requires an FI to take additional measures to compensate for any risk associated with customers not physically present for identification purposes. If a customer has not been physically present for identification purposes, the FI must carry out at least one of the following measures to mitigate the risks posed: (a) further verifying the customer’s identity on the basis of documents, data or

information referred to in section 2(1)(a) of Schedule 2 but not previously used for the purposes of verification of the customer’s identity under that section;

(b) taking supplementary measures to verify all the information provided by the customer;

(c) ensuring that the first payment made into the customer’s account is received from an account in the customer’s name with an authorized institution or a bank operating in an equivalent jurisdiction that has measures in place to ensure compliance with requirements similar to those imposed under Schedule 2 and is supervised for compliance with those requirements by a banking regulator in that jurisdiction.

Measures which would meet the requirements of paragraph 4.12.2(a) and (b) above include obtaining copies of documents that have been certified by a suitable certifier.

Suitable certifiers and the certification procedure 4.12.3 Use of an independent suitable certifier guards against the risk that documentation

provided does not correspond to the customer whose identity is being verified. However, for certification to be effective, the certifier will need to have seen the original documentation.

s.18, Sch. 2

4.12.4 Suitable persons to certify verification of identity documents may include: (a) an intermediary specified in section 18(3) of Schedule 2; (b) a member of the judiciary in an equivalent jurisdiction; (c) an officer of an embassy, consulate or high commission of the country of issue of

documentary verification of identity; and (d) a Justice of the Peace.


39

4.12.5 The certifier must sign and date the copy document (printing his/her name clearly in capitals underneath) and clearly indicate his/her position or capacity on it and provide his/her contact details. The certifier must state that it is a true copy of the original (or words to similar effect).

4.12.6 FIs remain liable for failure to carry out prescribed CDD and therefore must exercise caution when considering accepting certified copy documents, especially where such documents originate from a country perceived to represent a high risk, or from unregulated entities in any jurisdiction. In any circumstances where an FI is unsure of the authenticity of certified documents, or that the documents relate to the customer, FIs should take additional measures to mitigate the ML/TF risk.

4.13 Politically exposed persons (PEPs) Background s.1 & s.10, Sch. 2

4.13.1 Much international attention has been paid in recent years to the risk associated with providing financial and business services to those with a prominent political profile or holding senior public office. However, PEP status itself does not automatically mean that the individuals are corrupt or that they have been incriminated in any corruption.

4.13.2 However, their office and position may render PEPs vulnerable to corruption. The risks increase when the person concerned is from a foreign country with widely-known problems of bribery, corruption and financial irregularity within their governments and society. This risk is even more acute where such countries do not have adequate AML/CFT standards.

s.15, Sch. 2

4.13.3 While the statutory definition of PEPs in the AMLO (see paragraph 4.13.5 below) only includes individuals entrusted with prominent public function in a place outside the People’s Republic of China, domestic PEPs may also present, by virtue of the positions they hold, a high risk situation where EDD should be applied. FIs should therefore adopt a risk-based approach to determining whether to apply the measures in paragraph 4.13.11 below in respect of domestic PEPs.

s.1, s.15 & s.5(3)(c), Sch. 2

4.13.4 The statutory definition does not automatically exclude sub-national political figures. Corruption by heads of regional governments, regional government ministers and large city mayors is no less serious as sub-national figures in some jurisdictions may have access to substantial funds. Where FIs identify a customer as a sub-national figure holding a prominent public function, they should apply appropriate EDD. This also applies to domestic sub-national figures assessed by the FI to pose a higher risk. In determining what constitutes a prominent public function, FIs should consider factors such as persons with significant influence in general, significant influence over or control of public procurement or state owned enterprises, etc.

(Foreign) Politically exposed person s.1, Sch. 2

4.13.5 A politically exposed person is defined in the AMLO as: (a) an individual who is or has been entrusted with a prominent public function in a

place outside the People’s Republic of China and


40

(i) includes a head of state, head of government, senior politician, senior government, judicial or military official, senior executive of a state-owned corporation and an important political party official;

(ii) but does not include a middle-ranking or more junior official of any of the categories mentioned in subparagraph (i);

(b) a spouse, a partner, a child or a parent of an individual falling within paragraph (a) above, or a spouse or a partner of a child of such an individual; or

(c) a close associate of an individual falling within paragraph (a) (see paragraph 4.13.6).

s.1, Sch. 2

4.13.6 The AMLO defines a close associate as: (a) an individual who has close business relations with a person falling under

paragraph 4.13.5(a) above, including an individual who is a beneficial owner of a legal person or trust of which the first-mentioned individual is also a beneficial owner; or

(b) an individual who is the beneficial owner of a legal person or trust that is set up for the benefit of a person falling under paragraph 4.13.5(a) above.

4.13.7 FIs that handle the proceeds of corruption, or handle illegally diverted government,

supranational or aid funds, face reputational and legal risks, including the possibility of criminal charges for having assisted in laundering the proceeds of crime.

4.13.8 FIs can reduce risk by conducting EDD at the outset of the business relationship and ongoing monitoring where they know or suspect that the business relationship is with a PEP.

s.19(1), Sch. 2

4.13.9 FIs must establish and maintain effective procedures (for example making reference to publicly available information and/or screening against commercially available databases) for determining whether a customer or a beneficial owner of a customer is a PEP. These procedures should extend to the connected parties of the customer using a risk-based approach.

4.13.10 FIs may use publicly available information or refer to relevant reports and databases on corruption risk published by specialised national, international, non-governmental and commercial organisations to assess which countries are most vulnerable to corruption (an example of which is the Transparency International Corruption Perceptions Index, which ranks countries according to their perceived level of corruption). FIs should be vigilant where either the country to which the customer has business connections or the business/industrial sector is more vulnerable to corruption.

s.5(3)(b) & s.10, Sch. 2

4.13.11 When FIs know that a particular customer or beneficial owner is a PEP, it should, before (i) establishing a business relationship or (ii) continuing an existing business relationship where the customer or the beneficial owner is subsequently found to be a PEP, apply all the following EDD measures: (a) obtaining approval from its senior management; (b) taking reasonable measures to establish the customer’s or the beneficial owner’s


41

source of wealth and the source of the funds; and (c) applying enhanced monitoring to the relationship in accordance with the assessed

risks.

4.13.12 It is for an FI to decide which measures it deems reasonable, in accordance with its assessment of the risks, to establish the source of funds and source of wealth. In practical terms, this will often amount to obtaining information from the PEP and verifying it against publicly available information sources such as asset and income declarations, which some jurisdictions expect certain senior public officials to file and which often include information about an official’s source of wealth and current business interests. FIs should however note that not all declarations are publicly available and that a PEP customer may have legitimate reasons for not providing a copy. FIs should also be aware that some jurisdictions impose restrictions on their PEP’s ability to hold foreign bank accounts or to hold other office or paid employment.

Senior management approval 4.13.13 While the AMLO is silent on the level of senior management who may approve the

establishment or continuation of the relationship, the approval process should take into account the advice of the FI’s CO. The more potentially sensitive the PEP, the higher the approval process should be escalated.

Domestic politically exposed persons

4.13.14 For the purposes of this Guideline, a domestic PEP is defined in the same manner as PEP, except the individual will have been entrusted with a prominent public function within the People’s Republic of China or be a family member or close associate of such an individual.

4.13.15 FIs should take reasonable measures to determine whether an individual is a domestic PEP.

s.5(3)(c) & s.15, Sch. 2

4.13.16 If an individual is known to be a domestic PEP, the FI should perform a risk assessment to determine whether the individual poses a higher risk of ML/TF. Domestic PEPs status in itself does not automatically confer higher risk. In any situation that the FI assesses to present a higher risk of ML/TF, it should apply the EDD and monitoring specified in paragraph 4.11.1.

4.13.17 FIs should retain a copy of the assessment for RAs, other authorities and auditors and should review the assessment whenever concerns as to the activities of the individual arise.

Periodic reviews 4.13.18 For foreign PEPs and domestic PEPs assessed to present a higher risk, they should be

subject to a minimum annual review. FIs should review CDD information to ensure that it remains relevant and up-to-date.

4.14 Bearer shares 4.14.1 Bearer shares are an equity security that is wholly owned by whoever holds the

physical stock certificate. The issuing corporate does not register the owner of the stock or track transfers of ownership. Transferring the ownership of the stock


42

involves only delivering the physical document. Bearer shares therefore lack the regulation and control of common shares because ownership is never recorded. Due to the higher ML/TF risks associated with bearer shares the FATF requires countries that have legal persons able to issue bearer shares should take appropriate measures to ensure that they are not misused for money laundering.

s.15, Sch. 2

4.14.2 To reduce the opportunity for bearer shares to be used to obscure information on beneficial ownership, FIs must take additional measures in the case of companies with capital in the form of bearer shares, as it is often difficult to identify the beneficial owner(s). FIs should adopt procedures to establish the identities of the holders and beneficial owners of such shares and ensure that they are notified whenever there is a change of holder or beneficial owner.

4.14.3 FIs should review the memorandum and articles of association to ascertain whether the company has the capacity to issue such shares.

4.14.4 It is a best practice for FIs to understand each jurisdiction’s requirements and practices in respect of bearer shares. For example, a number of jurisdictions require bearer shares to be deposited with a registered custodian (e.g. the British Virgin Islands, the Cayman Islands). This information is available publicly or for easier reference may be sourced in consolidated form, an example of which is OECD’s annual report on tax co-operation, which provides a breakdown of each jurisdiction’s requirements in respect of bearer shares.

4.14.5 Where bearer shares have been deposited with an authorized/registered custodian, FIs should seek independent evidence of this, for example confirmation from the registered agent that an authorized/registered custodian holds the bearer shares, the identity of the authorized/registered custodian and the name and address of the person who has the right to those entitlements carried by the share. As part of the FI’s ongoing periodic review, it should obtain evidence to confirm the authorized/registered custodian of the bearer shares.

4.14.6 Where the shares are not deposited with an authorized/registered custodian, the FI should obtain declarations prior to account opening and annually thereafter from each beneficial owner holding 10% or more of the share capital. Given the higher ML/ TF risks associated with bearer shares, FIs may wish to adopt higher levels of risk mitigation than prescribed in the AMLO and obtain such declarations from each beneficial owner holding 5% or more of the share capital. FIs should also require the customer to notify it immediately of any changes in the ownership of the shares.

4.15 Jurisdictions that do not or insufficiently apply the FATF recommendations or otherwise posing higher risk 4.15.1 FIs should give particular attention to, and exercise extra care in respect of:

(a) business relationships and transactions with persons (including legal persons and

other FIs) from or in jurisdictions that do not or insufficiently apply the FATF Recommendations; and

(b) transactions and business connected with jurisdictions assessed as higher risk. Based on the FI’s assessment of the risk in either case, the special requirements of


43

section 15 of Schedule 2 may apply. In addition to ascertaining and documenting the business rationale for establishing a relationship, an FI should be fully satisfied with the legitimacy of the source of funds of such customers.

4.15.2 In determining which jurisdictions do not apply, or insufficiently apply the FATF Recommendations, or may otherwise pose a higher risk, FIs should consider, among other things: (a) circulars issued to FIs by RAs; (b) whether the jurisdiction is or a significant number of persons or entities in that

jurisdiction are, subject to sanctions, embargoes or similar measures issued by, for example, the United Nations (UN). In addition, in some circumstances where a jurisdiction is subject to sanctions or measures similar to those issued by bodies such as the UN, but which may not be universally recognized, the sanctions or measures may still be given credence by an FI because of the standing of the issuer and the nature of the measures;

(c) whether the jurisdiction is identified by credible sources as lacking appropriate AML/CFT laws, regulations and other measures;

(d) whether the jurisdiction is identified by credible sources as providing funding or support for terrorist activities and has designated terrorist organisations operating within it; and

(e) whether the jurisdiction is identified by credible sources as having significant levels of corruption, or other criminal activity.

“Credible sources” refers to information that is produced by well-known bodies that generally are regarded as reputable and that make such information publicly and widely available. In addition to the FATF and FATF-style regional bodies, such sources may include, but are not limited to, supra-national or international bodies such as the International Monetary Fund, and the Egmont Group of Financial Intelligence Units, as well as relevant national government bodies and non-government organisations. The information provided by these credible sources does not have the effect of law or regulation and should not be viewed as an automatic determination that something is of higher risk. An FI should be aware of the potential reputation risk of conducting business in jurisdictions which do not or insufficiently apply the FATF Recommendations or other jurisdictions known to apply inferior standards for the prevention of ML/TF. If an FI incorporated in Hong Kong has operating units in such jurisdictions, care should be taken to ensure that effective controls on prevention of ML/TF are implemented in these units. In particular, the FI should ensure that the policies and procedures adopted in such overseas units are equivalent to those adopted in Hong Kong. There should also be compliance and internal audit checks by staff from the head office in Hong Kong.

4.16 Notice in writing from an RA


44

s.15, Sch. 2

4.16.1 Where the requirement is called for by the FATF (which may include mandatory EDD or the application of countermeasures28) or in other circumstances independent of the FATF but also considered to be higher risk, RA may, through a notice in writing: (a) impose a general obligation on FIs to undertake EDD measures; or (b) require FIs to undertake specific countermeasures identified or described in the

notice. The type of EDD / countermeasures would be proportionate to the nature of the risks and/or deficiencies.

4.17 Reliance on CDD performed by intermediaries General s.18, Sch. 2

4.17.1 FIs may rely upon an intermediary to perform any part of the CDD measures specified in section 2 of Schedule 2, subject to the criteria set out in section 18 of Schedule 2. However, the ultimate responsibility for ensuring that CDD requirements are met remains with the FI. For avoidance of doubt, reliance on intermediaries does not apply to: (a) outsourcing or agency relationships, i.e. where the agent is acting under a

contractual arrangement with the FI to carry out its CDD function. In such a situation the outsource or agent is to be regarded as synonymous with the FI (i.e. the processes and documentation are those of the FI itself); and

(b) business relationships, accounts or transactions between FIs for their clients. In practice, this reliance on third parties often occurs through introductions made by another member of the same financial services group, or in some jurisdictions from another FI or third party.

4.17.1a Authorized insurers, appointed insurance agents and authorized insurance brokers all have the responsibility to comply with the requirements relating to CDD as set out in Schedule 2. However, insurance agents and brokers are usually the first line of contacts with the customer, before the customer is known, introduced or referred to an insurer. An insurer may carry out a CDD measure through its appointed insurance agents, although such insurer remains liable for a failure to carry out that CDD measure. The insurer should be satisfied that its appointed agents have adequate procedures in place to prevent ML and TF, namely:

(a) the CDD procedures of the agent should be as rigorous as those which the

insurer would have conducted itself for the customer; and (b) the insurer is satisfied as to the reliability of the systems put in place by the

agent to comply with the CDD requirements of Schedule 2.

28 For jurisdictions with serious deficiencies in applying the FATF’s Recommendations and where

inadequate progress has been made to improve their position, the FATF may recommend the application of counter-measures. .


45

If a customer is introduced to an insurer through an insurance broker, the insurer may rely on the broker to carry out any CDD measures pursuant to s. 18(1) of Schedule 2. In this case, paragraphs 4.17.2 to 4.17.7 are to be observed.

s.18(1) & s.18(4)(b), Sch. 2

4.17.2 The FI must obtain written confirmation from the intermediary that: (a) it agrees to perform the role; and (b) it will provide without delay a copy of any document or record obtained in the

course of carrying out the CDD measures on behalf of the FI upon request.

The FI must ensure that the intermediary will, if requested by the FI within the period specified in the record-keeping requirements of AMLO, provide to the FI a copy of any document, or a record of any data or information, obtained by the intermediary in the course of carrying out that measure as soon as reasonably practicable after receiving the request.

4.17.3 FIs should obtain satisfactory evidence to confirm the status and eligibility of the intermediary. Such evidence may comprise corroboration from the intermediary’s regulatory authority, or evidence from the intermediary of its status, regulation, policies and procedures.

s.18(4)(a), Sch. 2

4.17.4 An FI that carries out a CDD measure by means of an intermediary must immediately after the intermediary has carried out that measure, obtain from the intermediary the data or information that the intermediary has obtained in the course of carrying out that measure, but nothing in this paragraph requires the FI to obtain at the same time from the intermediary a copy of the document, or a record of the data or information, that is obtained by the intermediary in the course of carrying out that measure.

4.17.5 Where these documents and records are kept by the intermediary, the FI should obtain an undertaking from the intermediary to keep all underlying CDD information throughout the continuance of the FI’s business relationship with the customer and for at least six years beginning on the date on which the business relationship of a customer with the FI ends or until such time as may be specified by the RA. FIs should also obtain an undertaking from the intermediary to supply copies of all underlying CDD information in circumstances where the intermediary is about to cease trading or does not act as an intermediary for the FI anymore.

4.17.6 FIs should conduct sample tests from time to time to ensure CDD information and documentation is produced by the intermediary upon demand and without undue delay.

4.17.7 Whenever an FI has doubts as to the reliability of the intermediary, it should take reasonable steps to review the intermediary’s ability to perform its CDD duties. If the FI intends to terminate its relationship with the intermediary, it should immediately obtain all CDD information from the intermediary. If the FI has any doubts regarding the CDD measures carried out by the intermediary previously, the FI should perform the required CDD as soon as reasonably practicable.

Domestic intermediaries s.18(3)(b), 4.17.8 FIs may rely upon an authorized institution, a licensed corporation, an authorised


46

Sch. 2 insurer, an appointed insurance agent or an authorised insurance broker, to perform any part of the CDD measures.

s.18(3)(a), Sch. 2 s. 18(5), Sch. 2

4.17.9 FIs may also rely upon the following categories of domestic intermediaries: (a) a solicitor practising in Hong Kong; (b) a certified public accountant practising in Hong Kong; (c) a current member of The Hong Kong Institute of Chartered Secretaries practising

in Hong Kong; and (d) a trust company registered under Part VIII of the Trustees Ordinance carrying on

trust business in Hong Kong,

provided that the intermediary is able to satisfy the FI that they have adequate procedures in place to prevent ML/TF. The arrangement for allowing FIs to rely on these intermediaries, which are not regulated under the AMLO for AML/CFT compliance, will expire three years after commencement of the AMLO.

Overseas intermediaries 18(3)(c), Sch. 2

4.17.10 FIs may only rely upon an overseas intermediary carrying on business or practising in an equivalent jurisdiction where the intermediary: (a) falls into one of the following categories of businesses or professions:

(i) an institution that carries on a business similar to that carried on by an FI mentioned in paragraph 4.17.8;

(ii) a lawyer or a notary public; (iii) an auditor, a professional accountant, or a tax advisor; (iv) a trust or company service provider; and (v) a trust company carrying on trust business;

(b) is required under the law of the jurisdiction concerned to be registered or licensed or is regulated under the law of that jurisdiction;

(c) has measures in place to ensure compliance with requirements similar to those imposed under Schedule 2; and

(d) is supervised for compliance with those requirements by an authority in that jurisdiction that performs functions similar to those of any of the RAs.

4.17.11 Compliance with the requirements set out above for both domestic or overseas

intermediaries may entail the FI: (a) reviewing the intermediary’s AML/CFT policies and procedures; (b) making enquiries concerning the intermediary’s stature and regulatory track

record and the extent to which any group’s AML/CFT standards are applied and audited; or

(c) seeking an independent review of the intermediary’s procedures by external auditors or other experts.

4.18 Pre-existing customers Application of AMLO and guideline to pre-existing customers


47

s.6, Sch. 2 4.18.1 FIs must perform the CDD measures prescribed in Schedule 2 and this Guideline in respect of pre-existing customers (with whom the business relationship was established before the AMLO came into effect on 1 April 2012), when: (a) a transaction takes place with regard to the customer, which is, by virtue of the

amount or nature of the transaction, unusual or suspicious; or is not consistent with the FI’s knowledge of the customer or the customer’s business or risk profile, or with its knowledge of the source of the customer’s funds;

(b) a material change occurs in the way in which the customer’s account is operated; (c) the FI suspects that the customer or the customer’s account is involved in

ML/TF; or (d) the FI doubts the veracity or adequacy of any information previously obtained

for the purpose of identifying the customer or for the purpose of verifying the customer’s identity.

4.18.2 Trigger events may include the re-activation of a dormant account or a change in the

beneficial ownership or control of the account but FIs will need to consider other trigger events specific to their own customers and business.

4.18.2a Examples of trigger events after establishment of an insurance contract are provided in paragraph 4.7.12a.

s.5, Sch. 2 4.18.3 FIs should note that requirements for on-going monitoring under section 5 of Schedule 2 also apply to pre-existing customers (see Chapter 5).

4.19 Prohibition on anonymous accounts s.16, Sch. 2

4.19.1 FIs must not keep anonymous accounts or accounts in fictitious names for any new or existing customer. Where numbered accounts exist, FIs must maintain them in such a way that full compliance can be achieved with the AMLO. FIs must properly identify and verify the identity of the customer in accordance with the Guideline. In all cases, whether the relationship involves numbered accounts or not, the customer identification and verification records must be available to the CO, other appropriate staff, RAs, other authorities and auditors upon appropriate authority.

4.20 Jurisdictional equivalence General s.4(3)(b)(i), s.4(3)(d)(iii), s.4(3)(f), s.9(c)(ii), s.18(3)(c), Sch. 2

4.20.1 Jurisdictional equivalence and the determination of equivalence is an important aspect in the application of CDD measures under the AMLO. For example, section 4 of Schedule 2 restricts the application of SDD to overseas institutions that carry on a business similar to that carried on by an FI that are incorporated or established in an equivalent jurisdiction and section 18 of Schedule 2 restricts reliance upon intermediaries outside Hong Kong for CDD measures to those practising or carrying on business in an equivalent jurisdiction.

4.20.2 Equivalent jurisdiction is defined in the AMLO as meaning: (a) a jurisdiction that is a member of the FATF; other than Hong Kong; or (b) a jurisdiction that imposes requirements similar to those imposed under Schedule

2.


48

Determination of jurisdictional equivalence 4.20.3 FIs may therefore be required to evaluate and determine for themselves which

jurisdictions other than FATF members apply requirements similar to those imposed under Schedule 2 for jurisdictional equivalence purposes. When doing so an FI should document its assessment of the jurisdiction, which may include consideration of the following factors: (a) membership of a regional group of jurisdictions that admit as members only

jurisdictions that have demonstrated a commitment to the fight against ML/TF, and which have an appropriate legal and regulatory regime to back up this commitment. Where a jurisdiction is a member of such a group, this may be taken into account as a supporting factor in the FI’s assessment of whether the jurisdiction is likely to be ‘equivalent’;

(b) mutual evaluation reports. Particular attention should be paid to assessments that have been undertaken by the FATF, FATF-style regional bodies, the International Monetary Fund and the World Bank. FIs should bear in mind that mutual evaluation reports are at a ‘point in time’, and should be interpreted as such;

(c) lists of jurisdictions published by the FATF with strategic AML/CFT deficiencies through the International Co-operation Review Group processes;

(d) advisory circulars issued by RAs from time to time alerting FIs to such jurisdictions with poor AML/CFT controls;

(e) lists of jurisdictions, entities and individuals that are involved, or that are alleged to be involved, in activities that cast doubt on their integrity in the AML/CFT area that are published by specialised national, international, non-governmental and commercial organisations. An example of such is the Transparency International Corruption Perceptions Index, which ranks countries according to their perceived level of corruption; and

(f) guidance provided at paragraphs 4.15 ‘Jurisdictions that do not or insufficiently apply the FATF’s recommendations or otherwise posing a higher risk’.

4.20.4 The judgment on equivalence is one to be made by each FI in the light of the

particular circumstances and senior management is accountable for this judgment. It is therefore important that the reasons for concluding that a particular jurisdiction is equivalent (other than those jurisdictions that are FATF members) are documented at the time the decision is made, and that the decision is made on relevant and up-to-date information. A record of the assessment performed and factors considered should be retained for regulatory scrutiny and periodically reviewed to ensure it remains up-to-date and valid.


49

Chapter 5 - ONGOING MONITORING General s.5(1), Sch. 2

5.1 Effective ongoing monitoring is vital for understanding of customers’ activities and an integral part of an effective AML/CFT systems. It helps FIs to know their customers and to detect unusual or suspicious activities. An FI must continuously monitor its business relationship with a customer by: (a) reviewing from time to time documents, data and information relating to the

customer and obtained pursuant to sections 2 and 3 of Schedule 2 to ensure that they are up to date and relevant;

(b) monitoring the activities (including cash and non-cash transactions) of the customer to ensure that they are consistent with the nature of business, the risk profile and source of funds. An unusual transaction may be in the form of activity that is inconsistent with the expected pattern for that customer, or with the normal business activities for the type of product or service that is being delivered; and

(c) identifying transactions that are complex, large or unusual or patterns of transactions that have no apparent economic or lawful purpose and which may indicate ML/TF.

5.2 Failure to conduct ongoing monitoring could expose an FI to potential abuse by

criminals, and may call into question the adequacy of systems and controls, or the prudence and integrity or fitness and properness of the FI’s management.

5.3 Possible characteristics FIs should consider monitoring include: (a) the nature and type of transactions (e.g. abnormal size or frequency); (b) the nature of a series of transactions (e.g. a number of cash deposits); (c) the amount of any transactions, paying particular attention to particularly

substantial transactions; (d) the geographical origin/destination of a payment or receipt; and (e) the customer’s normal activity or turnover.

5.4 FIs should be vigilant for changes on the basis of the business relationship with the customer over time. These may include where: (a) new products or services that pose higher risk are entered into; (b) new corporate or trust structures are created; (c) a change in a customer’s employment or other circumstances takes place; (d) the stated activity or turnover of a customer changes or increases; or (e) the nature of transactions changes or their volume or size increases etc.

5.5 Where the basis of the business relationship changes significantly, FIs should carry out further CDD procedures to ensure that the ML/TF risk involved and basis of the relationship are fully understood. Ongoing monitoring procedures must take account of the above changes.


50

5.6 FIs should conduct an appropriate review of a business relationship upon the filing of a report to the JFIU and should update the CDD information where appropriate; this will enable FIs to assess appropriate levels of ongoing review and monitoring.

5.7 FIs should ensure that any information obtained through meetings, discussions, or other methods of communication with the customer that is material to the updating of CDD records required under sections 2 and 3 of Schedule 2 is recorded and retained with the customer’s records.

Risk-based approach to monitoring 5.8 The extent of monitoring should be linked to the risk profile of the customer which

has been determined through the risk assessment required in Chapter 3. To be most effective, resources should be targeted towards business relationships presenting a higher risk of ML/TF.

s.5(3), Sch. 2

5.9 FIs must take additional measures when monitoring business relationships that pose a higher risk. High-risk relationships, for example those involving PEPs, will require more frequent and intensive monitoring. In monitoring high-risk situations, an FI should: (a) determine whether it has adequate procedures or management information

systems in place to provide relevant staff (e.g. CO, MLRO, front line staff, relationship managers and insurance agents) with timely information that might include, as a result of EDD or other additional measures undertaken, any information on any connected accounts or relationships;

(b) determine how it will monitor the sources of funds, wealth and income for higher risk customers and how any changes in circumstances will be recorded; and

(c) conduct an annual independent review of CDD information, activities and transactions.

Methods and procedures 5.10 When considering how best to monitor customer transactions and activities, an FI

should take into account the following factors: (a) the size and complexity of its business; (b) its assessment of the ML/TF risks arising from its business; (c) the nature of its systems and controls; (d) the monitoring procedures that already exist to satisfy other business needs; and (e) the nature of the products and services (which includes the means of delivery or

communication). The methods to be considered include: (i) exception reports to advise supervisors/operations managers of large transactions

for their review; (ii) exception reports to advise the CO, MLRO or other appropriate staff, of

customers and transactions meeting certain predetermined criteria; and (iii) computerised transaction monitoring systems.

s.5(1)(c), 5.11 Where transactions that are complex, large or unusual, or patterns of transactions


51

Sch. 2

which have no apparent economic or lawful purpose are noted, FIs should examine the background and purpose, including where appropriate the circumstances, of the transactions. The findings and outcomes of these examinations should be properly documented in writing and be available to assist the RAs, other competent authorities and auditors. Proper records of decisions made, by whom, and the rationale for them will help an FI demonstrate that it is handling unusual or suspicious activities appropriately.

s. 25A(5), DTROP & OSCO, s.12(5), UNATMO

5.12 Such examinations may include asking the customer questions, based on common sense, that a reasonable person would ask in the circumstances. Such enquiries, when conducted properly and in good faith, do not constitute tipping off (see : < http://www.jfiu.gov.hk/eng/suspicious_ask.html>). These enquiries are directly linked to the CDD requirements, and reflect the importance of “knowing your customer” in detecting unusual or suspicious activities. Such enquiries and their results should be properly documented and be available to assist the RAs, other authorities and auditors. Where there is any suspicion, a report must be made to the JFIU.

5.13 Where cash transactions (including deposits and withdrawals) and transfers to third parties are being proposed by customers, and such requests are not in accordance with the customer’s known reasonable practice, FIs must approach such situations with caution and make relevant further enquiries. Where the FI has been unable to satisfy itself that any cash transaction or third party transfer is reasonable, and therefore considers it suspicious, it should make a suspicious transaction report (STR) to the JFIU.


52

Chapter 6 – FINANCIAL SANCTIONS AND TERRORIST FINAN CING Financial sanctions & proliferation financing 6.1 The obligations under the Hong Kong’s financial sanctions regime apply to all

persons, and not just FIs.

s.3(1), UNSO

6.2 The UNSO gives the Chief Executive the authority to make regulations to implement sanctions decided by the Security Council of the United Nations and to specify or designate relevant persons and entities.

6.3 These sanctions normally prohibit making available or dealing with, directly or indirectly, any funds or economic resources for the benefit of or belonging to a designated party.

6.4 RAs circulate to all FIs designations published in the government Gazette under the UNSO.

6.5 While FIs will not normally have any obligation under Hong Kong law to have regard to lists issued by other organisations or authorities in other jurisdictions, an FI operating internationally will need to be aware of the scope and focus of relevant financial/trade sanctions regimes in those jurisdictions. Where these sanctions may affect their operations, FIs should consider what implications exist for their procedures, such as the consideration to monitor the parties concerned with a view to ensuring that there are no payments to or from a person on a sanctions list issued by an overseas jurisdiction.

Applicable UNSO Regulation

6.6 The Chief Executive can licence exceptions to the prohibitions on making funds and economic resources available to a designated party under the UNSO. An FI seeking such a licence should write to the Commerce and Economic Development Bureau.

Terrorist financing 6.7 Terrorist financing generally refers to the carrying out of transactions involving funds

that are owned by terrorists, or that have been, or are intended to be, used to assist the commission of terrorist acts. This has not previously been explicitly covered under the money laundering regime where the focus is on the handling of criminal proceeds, i.e. the source of funds is what matters. In terrorist financing, the focus is on the destination or use of funds, which may have derived from legitimate sources.

UNSCR 1373 (2001)

6.8 The UN Security Council has passed United Nations Security Council Resolution (UNSCR) 1373 (2001), which calls on all member states to act to prevent and suppress the financing of terrorist acts. Guidance issued by the UN Counter Terrorism Committee in relation to the implementation of UNSCRs regarding terrorism can be found at: www.un.org/Docs/sc/committees/1373/.

UNSCR 1267 (1999); 1390 (2002);

6.9 The UN has also published the names of individuals and organisations subject to UN financial sanctions in relation to involvement with Usama bin Laden, Al-Qa’ida, and the Taliban under relevant UNSCRs (e.g. UNSCR 1267 (1999), 1390 (2002) and 1617 (2005)). All UN member states are required under international law to freeze the funds and economic resources of any legal person(s) named in this list and to


53

1617 (2005)

report any suspected name matches to the relevant authorities.

6.10 The United Nations (Anti-Terrorism Measures) Ordinance, Cap. 575 (UNATMO) was enacted in 2002 to give effect to the mandatory elements of UNSCR 1373 and the Special Recommendations of the FATF.

s. 6, UNATMO

6.11 The Secretary for Security (S for S) has the power to freeze suspected terrorist property and may direct that a person shall not deal with the frozen property except under the authority of a licence. Contraventions are subject to a maximum penalty of 7 years imprisonment and an unspecified fine.

6.12 Section 6 of the UNATMO essentially confers the S for S an administrative power to freeze suspected terrorist property for a period of up to two years, during which time the authorities may apply to the court for an order to forfeit the property. This administrative freezing mechanism will enable the S for S to take freezing action upon receiving intelligence of suspected terrorist property in Hong Kong.

s.8 & 14, UNATMO

6.13 It is an offence for any person to make any funds or financial services available to or for the benefit of a terrorist or terrorist associate except under the authority of a licence granted by S for S. Contraventions are subject to a maximum sentence of 14 years imprisonment and an unspecified fine.

6.14 Section 8 of the UNATMO does not affect a freeze per se; it prohibits a person, in the absence of a licence granted by S for S, from making available, directly or indirectly, any funds or financial services to or for the benefit of a person he knows or has reasonable grounds to suspect is a terrorist or terrorist associate.

s.6(1), UNATMO

6.15 The S for S can licence exceptions to the prohibitions to enable frozen funds and economic resources to be unfrozen and to allow payments to be made to or for the benefit of a designated party under the UNATMO. An FI seeking such a licence should write to the Security Bureau.

s.4(1), UNATMO

6.16 Where a person is designated by a Committee of the United Nations Security Council as a terrorist and his details are subsequently published in a notice under section 4 of the UNATMO in the Government gazette, RAs will circulate the designations to all FIs.

s.4, WMD(CPS)O

6.17 It is an offence under section 4 of the Weapons of Mass Destruction (Control of Provision of Services) Ordinance (WMD(CPS)O), Cap. 526, for a person to provide any services where he believes or suspects, on reasonable grounds, that those services may be connected to WMD proliferation. The provision of services is widely defined and includes the lending of money or other provision of financial assistance.

6.18 FIs may draw reference from a number of sources including relevant designation by overseas authorities, such as the designations made by the US Government under relevant Executive Orders. The RA may draw the FI’s attention to such designations from time to time. All FIs will therefore need to ensure that they should have appropriate system to conduct checks against the relevant list for screening purposes and that this list is up


54

to date.

Database maintenance and screening (customers and payments) 6.19 FIs should take measures to ensure compliance with the relevant regulations and

legislation on terrorist financing. The legal obligations of FIs and those of its staff should be well understood and adequate guidance and training should be provided to the latter. FIs are required to establish a policy and procedure for combating terrorist financing. The systems and mechanisms for identification of suspicious transactions should cover terrorist financing as well as money laundering.

6.20 It is particularly vital that an FI should be able to identify and report transactions with terrorist suspects and designated parties. To this end, the FI should ensure that it maintains a database of names and particulars of terrorist suspects and designated parties which consolidates the various lists that have been made known to it. Alternatively, an FI may make arrangements to access to such a database maintained by third party service providers.

6.21 FIs should ensure that the relevant designations are included in the database. Such database should, in particular, include the lists published in the Gazette and those designated under the US Executive Order 13224. The database should also be subject to timely update whenever there are changes, and should be made easily accessible by staff for the purpose of identifying suspicious transactions.

6.22 Comprehensive ongoing screening of an FI’s complete customer base is a fundamental internal control to prevent terrorist financing and sanction violations, and should be achieved by: (a) screening all customers against current terrorist and sanction designations at the

establishment of the relationship; and (b) thereafter, as soon as practicable after new terrorist and sanction designations are

published by the RAs that these new designations, screening against their entire client base.

6.23 FIs need to have some means of screening payment instructions to ensure that

proposed payments to designated parties are not made. FIs should be particularly alert for suspicious wire transfers.

6.24 Enhanced checks should be conducted before establishing a business relationship or processing a transaction, where possible, if there are circumstances giving rise to suspicion.

6.25 In order to demonstrate compliance with the provisions of paragraphs 6.22 to 6.24 above, the screening and any results should be documented, or recorded electronically.

6.26 Where an FI freezes funds under Hong Kong’s financial sanctions legislation or where it has suspicions of terrorist financing or sanction violations, it must make a report to the JFIU. If an FI suspects that a transaction is terrorist-related, it should also make a report to the JFIU. Even if there is no evidence of a direct terrorist connection, the transaction should still be reported to the JFIU if it looks suspicious


55

for other reasons, as it may emerge subsequently that there is a terrorist link.


56

Chapter 7 – SUSPICIOUS TRANSACTION REPORTS General issues s.25A(1), DTROP & OSCO, s.12(1), UNATMO

7.1 Sections 25A of the DTROP and the OSCO make it an offence to fail to disclose where a person knows or suspects that property represents the proceeds of drug trafficking or of an indictable offence respectively. Likewise, section 12 of the UNATMO makes it an offence to fail to disclose knowledge or suspicion of terrorist property. Under the DTROP and the OSCO failure to report knowledge or suspicion is subject to and is liable for a maximum penalty of three months imprisonment and a fine of $50,000.

s.25A(2), DTROP & OSCO, s.12(2), UNATMO

7.2 Filing a report to the JFIU provides FIs with a statutory defence to the offence of ML/TF in respect of the acts disclosed in the report, provided: (a) the report is made before the FI undertakes the disclosed acts and the acts

(transaction(s)) are undertaken with the consent of the JFIU; or (b) the report is made after the FI has performed the disclosed acts (transaction(s))

and the report is made on the FI’s own initiative and as soon as it is reasonable for the FI to do so.


7.3 It is an offence (“tipping off”) to reveal to any person any information which might prejudice an investigation; if a client is told that a report has been made, this would prejudice the investigation and an offence would be committed.

7.4 Once knowledge or suspicion has been formed the following general principles should be applied: (a) in the event of suspicion of ML/TF, a disclosure should be made even where no

transaction has been conducted by or through the FI29; (b) disclosures must be made as soon as is reasonably practical after the suspicion

was first identified; and (c) FIs must ensure that they put in place internal controls and systems to prevent

any directors, officers and employees committing the offence of tipping off the customer or any other person who is the subject of the disclosure. FIs should also take care that their line of enquiry with customers is such that tipping off cannot be construed to have taken place.

7.5 CDD and ongoing monitoring provide the basis for recognising unusual and

suspicious transactions and events. An effective way of recognising suspicious activity is knowing enough about customers, their circumstances and their normal expected activities to recognise when a transaction or instruction, or a series of transactions or instructions, is unusual.

29 The reporting obligations require a person to report suspicions of ML/TF, irrespective of the amount

involved. The reporting obligations of s25A(1) DTROP and OSCO and s12(1) UNATMO apply to ‘any property’. These provisions establish a reporting obligation whenever a suspicion arises, without reference to transactions per se. Thus, the obligation to report applies whether or not a transaction was actually conducted and also covers attempted transactions.


57

7.6 FIs must ensure sufficient guidance is given to staff30 to enable them to form suspicion or to recognise when ML/TF is taking place, taking account of the nature of the transactions and instructions that staff is likely to encounter, the type of product or service and the means of delivery, i.e. whether face to face or remote. This will also enable staff to identify and assess the information that is relevant for judging whether a transaction or instruction is suspicious in the circumstances.

Knowledge vs. suspicion 7.7 FIs have an obligation to report where there is knowledge or suspicion of ML/TF.

Generally speaking, knowledge is likely to include: (a) actual knowledge; (b) knowledge of circumstances which would indicate facts to a reasonable person;

and (c) knowledge of circumstances which would put a reasonable person on inquiry.

7.8 Suspicion is more subjective. Suspicion is personal and falls short of proof based on firm evidence.

7.9 As the types of transactions which may be used for criminal activity are almost unlimited, it is difficult to determine what will constitute a suspicious transaction.

7.10 The key is knowing enough about the customer's business to recognise that a transaction, or a series of transactions, is unusual and, from an examination of the unusual, whether there is a suspicion of ML/TF. Where a transaction is inconsistent in amount, origin, destination, or type with a customer’s known, legitimate business or personal activities, etc., the transaction should be considered as unusual and the FI should be put on alert.

JFIU ‘SAFE’ Approach

7.11 Where the FI conducts enquiries and obtains what it considers to be a satisfactory explanation of the activity or transaction, it may conclude that there are no grounds for suspicion, and therefore take no further action. However, where the FI’s enquiries do not provide a satisfactory explanation of the activity or transaction, it may conclude that there are grounds for suspicion, and must make a disclosure (see : < http://www.jfiu.gov.hk/eng/suspicious_ask.html>).

7.12 For a person to have knowledge or suspicion, he does not need to know the nature of the criminal activity underlying the money laundering, or that the funds themselves definitely arose from the criminal offence.

7.13 The following is a (non-exhaustive) list of examples of situations that might give rise to suspicion in certain circumstances: (a) transactions or instructions which have no apparent legitimate purpose and/or

appear not to have a commercial rationale; (b) transactions, instructions or activity that involve apparently unnecessary

complexity or which do not constitute the most logical, convenient or secure way to do business;

30 In the context of Chapter 7, staff includes appointed insurance agents.


58

(c) where the transaction being requested by the customer, without reasonable explanation, is out of the ordinary range of services normally requested, or is outside the experience of the financial services business in relation to the particular customer;

(d) where, without reasonable explanation, the size or pattern of transactions is out of line with any pattern that has previously emerged;

(e) where the customer refuses to provide the information requested without reasonable explanation or who otherwise refuses to cooperate with the CDD and/or ongoing monitoring process;

(f) where a customer who has entered into a business relationship uses the relationship for a single transaction or for only a very short period without a reasonable explanation;

(g) the extensive use of trusts or offshore structures in circumstances where the customer’s needs are inconsistent with the use of such services;

(h) transfers to and from high risk jurisdictions31 without reasonable explanation, which are not consistent with the customer’s declared business dealings or interests; and

(i) unnecessary routing of funds or other property from/to third parties or through third party accounts.

Further examples of what might constitute suspicious transactions are provided in Annexes I and II. These are not intended to be exhaustive and only provide examples of the most basic ways in which money may be laundered. However, identification of any of the types of transactions listed above or in paragraphs Annexes I and II should prompt further investigations and be a catalyst towards making at least initial enquiries about the source of funds. FIs should also be aware of elements of individual transactions that could indicate funds involved in terrorist financing. The FATF has issued guidance for FIs in detecting terrorist financing32. FIs should be familiar with the characteristics in that guidance, which are grouped under the headings of (i) accounts; (ii) deposits and withdrawals; (iii) wire transfers; (iv) characteristics of the customer or his/her identity; and (v) transactions linked to locations of concern.

7.14 The OSCO, DTROP and UNATMO prohibit FIs, their directors, officers and employees from disclosing the fact that an STR or related information is being reported to the JFIU. A risk exists that customers could be unintentionally tipped off when the FI is seeking to perform its CDD obligations during the establishment or course of the business relationship, or when conducting occasional transactions. The customer’s awareness of a possible STR or investigation could compromise future efforts to investigate the suspected ML/TF operation. Therefore, if FIs form a suspicion that transactions relate to ML/TF, they should take into account the risk of tipping off when performing the CDD process. FIs should ensure that their employees are aware of and sensitive to these issues when conducting CDD.

Timing and manner of reports

31 Guidance on determining high risk jurisdictions is provided at paragraphs 4.15. 32 Available on the FATF website at http://www.fatf-gafi.org/dataoecd/39/21/34033955.pdf.


59

7.15 When an FI knows or suspects that property represents the proceeds of crime or terrorist property, a disclosure must be made to the JFIU as soon as practicable33. The use of a standard form or the use of the e-channel ‘STREAMS’34 by registered users is strongly encouraged. Further details of reporting methods and advice may be found at www.jfiu.police.gov.hk In the event that an urgent disclosure is required, particularly when the account is part of an on-going investigation, it should be indicated in the disclosure. Where exceptional circumstances exist in relation to an urgent disclosure, an initial notification by telephone may be considered.

7.16 Disclosures can be made either before a suspicious transaction or activity occurs in circumstances where an intended transaction appears suspicious (whether the intended transaction ultimately takes place or not), or after a transaction or activity has been completed if the transaction appears suspicious only with the benefit of hindsight. Disclosures that are made after the activity or transaction has taken place are not intended as alternatives to reports that should have been made prior to the transaction or activity being processed or completed.


7.17 FIs must make the submission of a disclosure a priority, whilst at the same time ensuring that the disclosure itself is comprehensive and meaningful. The law requires the disclosure to be made together with any matter on which the knowledge or suspicion is based. The need for prompt disclosures is especially important where a customer has instructed the FI to move funds or other property, close the account, make cash available for collection, or carry out significant changes to the business relationship. In the case of significant movement of funds or other property or the collection of cash, FIs should contact the JFIU urgently, before funds or the other property are/is moved or cash is collected.

Internal reporting 7.18 An FI should appoint a Money Laundering Reporting Officer (MLRO) as a central

reference point for reporting suspicious transactions. More generally, the MLRO should have the responsibility of checking on an ongoing basis that the FI has policies and procedures to ensure compliance with legal and regulatory requirements and of testing such compliance. The type and extent of the measures to be taken in this respect should be appropriate having regard to the risk of ML/TF and the size of the business.

7.19 The FI should ensure that the MLRO is of sufficient status within the organisation, and has adequate resources, to enable him to perform his functions.

s.25A(4), DTROP & OSCO, s12(4), UNATMO

7.20 It is the responsibility of the MLRO to consider all internal disclosures he receives in the light of full access to all relevant documentation and other parties. However, the MLRO should not simply be that of a passive recipient of ad hoc reports of suspicious transactions. Rather, the MLRO should play an active role in the identification and reporting of suspicious transactions. This should also involve regular review of exception reports or large or irregular transaction reports as well as ad hoc reports

33 The purpose of disclosure is to fulfil the legal obligations set out in paragraph 7.1. Where FIs want

to make a crime report, a report should be made directly to the Hong Kong Police. 34 STREAMS (Suspicion Transaction Report and Management System) is a web-based platform to

assist in the receipt, analysis and dissemination of STRs. Use of STREAMS is recommended, especially for FIs who make frequent reports. Further details may be obtained from the JFIU.


60

made by staff. To fulfil these functions all FIs must ensure that the MLRO receives full co-operation from all staff and full access to all relevant documentation so that he is in a position to decide whether attempted or actual ML/TF is suspected or known.

7.21 Failure by the MLRO to diligently consider all relevant material may lead to vital information being overlooked and the suspicious transaction or activity or suspicious attempted transaction or activity not being disclosed to the JFIU in accordance with the requirements of the legislation. Alternatively, it may also lead to vital information being overlooked which may have made it clear that a disclosure would have been unnecessary.

7.22 FIs should establish and maintain procedures to ensure that: (a) all staff are made aware of the identity of the MLRO and of the procedures to

follow when making an internal disclosure report ; and (b) all disclosure reports must reach the MLRO without undue delay.

7.23 While FIs may wish to set up internal systems that allow staff to consult with supervisors or managers before sending a report to the MLRO, under no circumstances should reports raised by staff be filtered out by supervisors or managers who have no responsibility for the money laundering reporting/compliance function. The legal obligation is to report as soon as practicable, so reporting lines should be as short as possible with the minimum number of people between the staff with the suspicion and the MLRO. This ensures speed, confidentiality and accessibility to the MLRO.

7.24 All suspicious activity reported to the MLRO must be documented (in urgent cases this may follow an initial discussion by telephone). The report must include the full details of the customer and as full a statement as possible of the information giving rise to the suspicion.


7.25 The MLRO must acknowledge receipt of the report and at the same time provide a reminder of the obligation to do nothing that might prejudice enquiries i.e. tipping off the customer or any other third party. The tipping-off provision includes circumstances where a suspicion has been raised internally, but has not yet been reported to the JFIU.

7.26 The reporting of a suspicion in respect of a transaction or event does not remove the need to report further suspicious transactions or events in respect of the same customer. Further suspicious transactions or events, whether of the same nature or different to the previous suspicion, must continue to be reported to the MLRO who should make further reports to the JFIU if appropriate.

7.27 When evaluating an internal disclosure, the MLRO must take reasonable steps to consider all relevant information, including CDD and ongoing monitoring information available within or to the FI concerning the entities to which the report relates. This may include: (a) making a review of other transaction patterns and volumes through connected

accounts;


61

(b) any previous patterns of instructions, the length of the business relationship and reference to CDD and ongoing monitoring information and documentation; and

(c) appropriate questioning of the customer per the systematic approach to identifying suspicious transactions recommended by the JFIU35.

7.28 As part of the review, other connected accounts or relationships may need to be

examined. The need to search for information concerning connected accounts or relationships should not delay making a report to the JFIU. MLROs should document the evaluation process that they follow in each case and their reasons for their conclusions.

7.29 If after completing the evaluation, the MLRO decides that there are grounds for knowledge or suspicion, he should disclose the information to the JFIU as soon as practicable after his evaluation is complete together with the information on which that knowledge or suspicion is based. Providing they act in good faith in deciding not to file a suspicious transaction report with the JFIU, it is unlikely that there will be any criminal liability for failing to report if a MLRO concludes that there is no suspicion after taking into account all available information. It is however vital for MLROs to keep proper records of their deliberations and actions taken to demonstrate they have acted in reasonable manner.

Recording internal reports 7.30 FIs must establish and maintain a record of all ML/TF reports made to the MLRO.

The record should include details of the date the report was made, the staff members subsequently handling the report, the results of the assessment, whether the report resulted in a disclosure to the JFIU, and information to allow the papers relevant to the report to be located.

Records of reports to the JFIU 7.31 FIs must establish and maintain a record of all disclosures made to the JFIU. The

record must include details of the date of the disclosure, the person who made the disclosure, and information to allow the papers relevant to the disclosure to be located. This register may be combined with the register of internal reports, if considered appropriate.

Post reporting matters 7.32 FIs should note that:

(a) filing a report to the JFIU only provides a statutory defence to ML/TF in relation

to the acts disclosed in that particular report. It does not absolve an FI from the legal, reputational or regulatory risks associated with the account’s continued operation;

(b) a ‘consent’ response from the JFIU to a pre-transaction report should not be construed as a ‘clean bill of health’ for the continued operation of the account or an indication that the account does not pose a risk to the FI;

(c) FIs should conduct an appropriate review of a business relationship upon the filing of a report to the JFIU, irrespective of any subsequent feedback provided by the JFIU;

35 For details, please see www.jfiu.gov.hk


62

(d) once an FI has concerns over the operation of a customer’s account or a particular business relationship, it should take appropriate action to mitigate the risks. Filing a report with the JFIU and continuing to operate the relationship without any further consideration of the risks and the imposition of appropriate controls to mitigate the risks identified is not acceptable;

(e) relationships reported to the JFIU should be subject to an appropriate review by the MLRO and if necessary the issue should be escalated to the FI’s senior management to determine how to handle the relationship to mitigate any potential legal or reputational risks posed by the relationship in line with the FI’s business objectives, and its capacity to mitigate the risks identified; and

(f) FIs are not obliged to continue business relationships with customers if such action would place them at risk. It is recommended that FIs indicate any intention to terminate a relationship in the initial disclosure to the JFIU, thereby allowing the JFIU to comment, at an early stage, on such a course of action.

s.25A(1)(c) & (2)(a), DTROP & OSCO, s.1 & 12(2)(a), UNATMO

7.33 The JFIU will acknowledge receipt of a disclosure made by an institution under section 25A of both the DTROP and the OSCO, and section 12 of the UNATMO. If there is no need for imminent action e.g. the issue of a restraint order on an account, consent will usually be given for the institution to operate the account under the provisions of section 25A(2) of both the DTROP and the OSCO. An example of such a letter is given at Appendix B to this guideline. For disclosures submitted via e-channel “STREAM”, e-receipt will be issued via the same channel. The JFIU may, on occasion, seek additional information or clarification with an FI of any matter on which the knowledge or suspicion is based.

7.34 Whilst there are no statutory requirements to provide feedback arising from investigations, the Police and Customs Excise Department recognise the importance of having effective feedback procedures in place. The JFIU provides feedback both in its quarterly report36 and upon request, to a disclosing FI in relation to the current status of an investigation.

7.35 After initial analysis by the JFIU, reports that are to be developed are allocated to financial investigation officers for further investigation. Where additional information is required from a reporting institution following a suspicious transaction report, it will be obtained pursuant to a search warrant or production order. FIs must ensure that they respond to all production orders within the required time limit and provide all of the information or material that falls within the scope of such orders. Where an FI encounters difficulty in complying with the timeframes stipulated, the MLRO should at the earliest opportunity contact the officer-in-charge of the investigation for further guidance.

s.10 & 11, DTROP, s.15 & 16, OSCO,

7.36 During a law-enforcement investigation, an FI may be served with a Restraint Order, designed to freeze particular funds or property pending the outcome of an investigation. An FI must ensure that it is able to freeze the relevant property that is the subject of the order. It should be noted that the Restraint Order may not apply to

36 The purpose of the quarterly report, which is relevant to all financial sectors, is to raise AML/CFT

awareness. It consists of two parts, (i) analysis of STR’s and (ii) matters of interest and feedback. The report is available through the JFIU’s website at www.jfiu.gov.hk A password is required, details may be found under the typologies and feedback section of the website or by contacting the JFIU directly.


63

s.6, UNATMO

all funds or property involved within a particular business relationship and FIs should consider what, if any, funds or property may be utilised subject to having obtained the appropriate consent from the JFIU.

s.3, DTROP, s.8, OSCO, s13, UNATMO

7.37 Upon the conviction of a defendant, a court may order the confiscation of his criminal proceeds and an FI may be served with a Confiscation Order in the event that it holds funds or other property belonging to that defendant that are deemed by the Courts to represent his benefit from the crime. A court may also order the forfeiture of property where it is satisfied that the property is terrorist property.


64

Annex I - Indicators of suspicious transactions 1. A request by a customer to enter into an insurance contract(s) where the source

of the funds is unclear or not consistent with the customer’s apparent standing. 2. A sudden request for a significant purchase of a lump sum contract with an

existing client whose current contracts are small and of regular payments only. 3. A proposal which has no discernible purpose and a reluctance to divulge a

“need” for making the investment. 4. A proposal to purchase and settle by cash. 5. A proposal to purchase by utilizing a cheque drawn from an account other than

the personal account of the proposer. 6. The prospective client who does not wish to know about investment performance

but does enquire on the early cancellation/surrender of the particular contract. 7. A customer establishes a large insurance policy and within a short period of time

cancels the policy, requests the return of the cash value payable to a third party. 8. Early termination of a product, especially in a loss. 9. A customer applies for an insurance policy relating to business outside the

customer’s normal pattern of business. 10. A customer requests for a purchase of insurance policy in an amount considered

to be beyond his apparent need. 11. A customer attempts to use cash to complete a proposed transaction when this

type of business transaction would normally be handled by cheques or other payment instruments.

12. A customer refuses, or is unwilling, to provide explanation of financial activity,

or provides explanation assessed to be untrue. 13. A customer is reluctant to provide normal information when applying for an

insurance policy, provides minimal or fictitious information or, provides information that is difficult or expensive for the institution to verify.

14. Delay in the provision of information to enable verification to be completed. 15. Opening accounts with the customer’s address outside the local service area. 16. Opening accounts with names similar to other established business entities. 17. Attempting to open or operating accounts under a false name.


65

18. Any transaction involving an undisclosed party. 19. A transfer of the benefit of a product to an apparently unrelated third party. 20. A change of the designated beneficiaries (especially if this can be achieved

without knowledge or consent of the insurer and/or the right to payment could be transferred simply by signing an endorsement on the policy).

21. Substitution, during the life of an insurance contract, of the ultimate beneficiary

with a person without any apparent connection with the policy holder. 22. The customer accepts very unfavourable conditions unrelated to his health or

age. 23. An atypical incidence of pre-payment of insurance premiums. 24. Insurance premiums have been paid in one currency and requests for claims to

be paid in another currency. 25. Activity is incommensurate with that expected from the customer considering the

information already known about the customer and the customer’s previous financial activity. (For individual customers, consider customer’s age, occupation, residential address, general appearance, type and level of previous financial activity. For corporate customers, consider type and level of activity.)

26. Any unusual employment of an intermediary in the course of some usual

transaction or financial activity e.g. payment of claims or high commission to an unusual intermediary.

27. A customer appears to have policies with several institutions. 28. A customer wants to borrow the maximum cash value of a single premium

policy, soon after paying for the policy. 29. The customer who is based in jurisdictions which do not or insufficiently apply

the FATF Recommendations designated by the FATF from time to time or in countries where the production of drugs or drug trafficking may be prevalent.

30. The customer who is introduced by an overseas agent, affiliator or other

company that is based in jurisdictions which do not or insufficiently apply the FATF Recommendations designated by the FATF from time to time or in countries where corruption or the production of drugs or drug trafficking may be prevalent.

31. A customer who is based in Hong Kong and is seeking a lump sum investment

and offers to pay by a wire transaction or foreign currency. 32. Unexpected changes in employee characteristics, e.g. lavish lifestyle or avoiding

taking holidays. 33. Unexpected change in employee or agent performance, e.g. the sales person


66

selling products has a remarkable or unexpected increase in performance. 34. Consistently high activity levels of single premium business far in excess of any

average company expectation. 35. The use of an address which is not the client’s permanent address, e.g.

utilization of the salesman’s office or home address for the despatch of customer documentation.

36. Any unusual or disadvantageous early redemption of an insurance policy.

Important Note

The International Association of Insurance Supervisors (IAIS) has published relevant examples and indicators involving insurance in a document called “Examples of money laundering and suspicious transactions involving insurance”. The document can be downloaded from IAIS website at http://www.iaisweb.org. The list will be updated periodically to include additional examples identified. IIs are advised to regularly browse the website for latest information


67

Annex II - Examples of money laundering schemes37 Life Insurance Case 1

In 1990, a British insurance sales agent was convicted of violating a money laundering statute. The insurance agent was involved in a money laundering scheme in which over US$1.5 million was initially placed with a bank in England. The “layering process” involved the purchase of single premium insurance policies. The insurance agent became a top producer at his insurance company and later won a company award for his sales efforts. This particular case involved the efforts of more than just a sales agent. The insurance agent’s supervisor was also charged with violating the money laundering statute. This case has shown how money laundering, coupled with a corrupt employee, can expose an insurance company to negative publicity and possible criminal liability. Case 2 A company director from Company W, Mr. H, set up a money laundering scheme involving two companies, each one established under two different legal systems. Both of the entities were to provide financial services and providing financial guarantees for which he would act as director. These companies wired the sum of US$1.1 million to the accounts of Mr. H in Country S. It is likely that the funds originated in some sort of criminal activity and had already been introduced in some way into the financial system. Mr. H also received transfers from Country C. Funds were transferred from one account to another (several types of accounts were involved, including both current and savings accounts). Through one of these transfers, the funds were transferred to Country U from a current account in order to make payments on life insurance policies. The investment in these policies was the main mechanism in the scheme for laundering the funds. The premiums paid for the life insurance policies in Country U amounted to some US$1.2 million and represented the last step in the laundering operation. Case 3 Customs officials in Country X initiated an investigation which identified a narcotics trafficking organization utilized the insurance sector to launder proceeds. Investigative efforts by law enforcement agencies in several different countries identified narcotic traffickers were laundering funds through Insurance firm Z located in an off-shore jurisdiction. Insurance firm Z offers investment products similar to mutual funds. The rate of return is tied to the major world stock market indices so the insurance policies were able to perform as investments. The account holders would over-fund the policy, moving monies into and out of the fund for the cost of the penalty for early

37 Majority of the examples of money laundering schemes in this annex are extracted from the IAIS document “Examples of money laundering and suspicious transactions involving insurance”. The document can be downloaded at http://www.iaisweb.org/.


68

withdrawal. The funds would then emerge as a wire transfer or cheque from an insurance company and the funds were apparently clean. To date, this investigation has identified that over US$29 million was laundered through this scheme, of which over US$9 million has been seized. Additionally, based on joint investigative efforts by Country Y (the source country of the narcotics) and Country Z customs officials, several search warrants and arrest warrants were executed relating to money laundering activities involved individuals associated with Insurance firm Z. Case 4 An attempt was made to purchase life policies for a number of foreign nationals. The underwriter was requested to provide life coverage with an indemnity value identical to the premium. There were also indications that in the event that the policies were to be cancelled, the return premiums were to be paid into a bank account in a different jurisdiction to the assured. Case 5 On a smaller scale, local police authorities were investigating the placement of cash by a drug trafficker. The funds were deposited into several bank accounts and then transferred to an account in another jurisdiction. The drug trafficker then entered into a US$75,000 life insurance policy. Payment for the policy was made by two separate wire transfers from the overseas accounts. It was purported that the funds used for payment were the proceeds of overseas investments. At the time of the drug trafficker’s arrest, the insurer had received instructions for the early surrender of the policy. Case 6 A customer contracted life insurance of a 10 year duration with a cash payment equivalent to around US$400,000. Following payment, the customer refused to disclose the origin of the funds. The insurer reported the case. It appears that prosecution had been initiated in respect of the individual’s fraudulent management activity. Case 7 A life insurer learned from the media that a foreigner, with whom it had two life-insurance contracts, was involved in Mafia activities in his/her country. The contracts were of 33 years duration. One provided for a payment of close to the equivalent of US$1 million in case of death. The other was a mixed insurance with value of over half this amount. Case 8


69

A client domiciled in a country party to a treaty on the freedom of cross-border provision of insurance services, contracted with a life-insurer for a foreign life insurance for 5 years with death cover for a down payment equivalent to around US$7 million. The beneficiary was altered twice: 3 months after the establishment of the policy and 2 months before the expiry of the insurance. The insured remained the same. The insurer reported the case. The last beneficiary - an alias - turned out to be a PEP.

Reinsurance

Case 1 An insurer in country A sought reinsurance with a reputable reinsurance company in country B for its directors and officer cover of an investment firm in country A. The insurer was prepared to pay four times the market rate for this reinsurance cover. This raised the suspicion of the reinsurer which contacted law enforcement agencies. Investigation made clear that the investment firm was bogus and controlled by criminals with a drug background. The insurer had ownership links with the investment firm. The impression is that - although drug money would be laundered by a payment received from the reinsurer - the main purpose was to create the appearance of legitimacy by using the name of a reputable reinsurer. By offering to pay above market rate the insurer probably intended to assure continuation of the reinsurance arrangement.

Intermediaries

Case 1 A person (later arrested for drug trafficking) made a financial investment (life insurance) of US$250,000 by means of an insurance broker. He acted as follows. He contacted an insurance broker and delivered a total amount of US$250,000 in three cash instalments. The insurance broker did not report the delivery of that amount and deposited the three instalments in the bank. These actions raise no suspicion at the bank, since the insurance broker is known to them as being connected to the insurance branch. The insurance broker delivers, afterwards, to the insurance company responsible for making the financial investment, three cheques from a bank account under his name, totalling US$250,000, thus avoiding the raising suspicions with the insurance company. Case 2 Clients in several countries used the services of an intermediary to purchase insurance policies. Identification was taken from the client by way of an ID card, but these details were unable to be clarified by the providing institution locally, which was reliant on the intermediary doing the due diligence checks. The policy was put in place and the relevant payments were made by the intermediary to the local institution. Then, after a couple of months had elapsed, the institution would receive notification from the client stating that there was now a change in circumstances, and they would have to close the policy suffering the losses, but


70

coming away with a clean cheque from the institution. On other occasions the policy would be left to run for a couple of years before being closed with the request that the payment be made to a third party. This was often paid with the receiving institution, if local, not querying the payment as it had come from another reputable local institution. Case 3 An insurance company was established by a well-established insurance management operation. One of the clients, a Russian insurance company, had been introduced through the management of the company’s London office via an intermediary. In this particular deal, the client would receive a “profit commission” if the claims for the period were less than the premiums received. Following an on-site inspection of the company by the insurance regulators, it became apparent that the payment route out for the profit commission did not match the flow of funds into the insurance company’s account. Also, the regulators were unable to ascertain the origin and route of the funds as the intermediary involved refused to supply this information. Following further investigation, it was noted that there were several companies involved in the payment of funds and it was difficult to ascertain how these companies were connected with the original insured, the Russian insurance company. Case 4 A construction project was being financed in Europe. The financing also provided for a consulting company’s fees. To secure the payment of the fees, an investment account was established and a sum equivalent to around US$400,000 deposited with a life-insurer. The consulting company obtained powers of attorney for the account. Immediately following the setting up of the account, the consulting company withdrew the entire fee stipulated by the consulting contract. The insurer reported the transaction as suspicious. It turns out that an employee of the consulting company was involved in several similar cases. The account is frozen.

Other examples

Single premiums An example involves the purchase of large, single premium insurance policies and their subsequent rapid redemption. A money launderer does this to obtain payment from an insurance company. The person may face a redemption fee or cost, but this is willingly paid in exchange for the value that having funds with an insurance company as the immediate source provider. In addition, the request for early encashment of single premium policies, for cash or settlement to an individual third party may arouse suspicion. Return premiums


71

There are several cases where the early cancellation of policies with return of premium has been used to launder money. This has occurred where there have been: (a) a number of policies entered into by the same insurer/intermediary for small

amounts and then cancelled at the same time; (b) return premium being credited to an account different from the original

account; (c) requests for return premiums in currencies different from the original

premium; and (d) regular purchase and cancellation of policies. Overpayment of premiums Another simple method by which funds can be laundered is by arranging for excessive numbers or excessively high values of insurance reimbursements by cheque or wire transfer to be made. A money launderer may well own legitimate assets or businesses as well as an illegal enterprise. In this method, the launderer may arrange for insurance of the legitimate assets and ‘accidentally’, but on a recurring basis, significantly overpay his premiums and request a refund for the excess. Often, the person does so in the belief that his relationship with his representative at the company is such that the representative will be unwilling to confront a customer who is both profitable to the company and important to his own success. The overpayment of premiums, has been used as a method of money laundering. Insurers should be especially vigilant where: • the overpayment is over a certain size (say US$10,000 or equivalent); • the request to refund the excess premium was to a third party; • the assured is in a jurisdiction associated with money laundering; and • where the size or regularity of overpayments is suspicious. High brokerage / third party payments / strange premium routes High brokerage can be used to pay off third parties unrelated to the insurance contract. This often coincides with example of unusual premium routes. Assignment of claims In a similar way, a money launderer may arrange with groups of otherwise legitimate people, perhaps owners of businesses, to assign any legitimate claims on their


72

policies to be paid to the money launderer. The launderer promises to pay these businesses, perhaps in cash, money orders or travellers cheques, a percentage of any claim payments paid to him above and beyond the face value of the claim payments. In this case the money laundering strategy involves no traditional fraud against the insurer. Rather, the launderer has an interest in obtaining funds with a direct source from an insurance company, and is willing to pay others for this privilege. The launderer may even be strict in insisting that the person does not receive any fraudulent claims payments, because the person does not want to invite unwanted attention.

Important Note

Apart from the above examples of money laundering schemes, the FATF has also published annually detailed typologies involving insurance supported by useful case examples in documents called “Money Laundering & Terrorist Financing Typologies”. The documents can be downloaded at the publications section of FATF website at http://www.fatf-gafi.org. IIs are advised to regularly browse the website for latest information.


73

Chapter 8 – RECORD KEEPING General legal and regulatory requirements 8.1 Record keeping is an essential part of the audit trail for the detection, investigation

and confiscation of criminal or terrorist funds. Record keeping helps the investigating authorities to establish a financial profile of a suspect, trace the criminal or terrorist property or funds and assists the Court to examine all relevant past transactions to assess whether the property or funds are the proceeds of or relate to criminal or terrorist offences.

8.2 FIs should prepare and maintain customer, transaction and other records that are necessary and sufficient to meet the record keeping requirements under the AMLO, this guideline and other regulatory requirements, that are appropriate to the scale, nature and complexity of their businesses. This is to ensure that: (a) the audit trail for funds moving through an FI that relate to any customer and,

where appropriate, the beneficial owner of the customer, account or transaction is clear and complete;

(b) any customer and, where appropriate, the beneficial owner of the customer can be properly identified and verified;

(c) all customer and transaction records and information are available on a timely basis to RAs, other authorities and auditors upon appropriate authority; and

(d) FIs are able to comply with any relevant requirements specified in other sections of this guideline and other guidelines issued by the RAs, including, among others, records of customer risk assessment (see paragraph 3.8), registers of suspicious transaction reports (see paragraph 7.31) and training records (see paragraph 9.9).

Retention of records relating to customer identity and transactions s.20(1)(b)(i), Sch. 2 s.2(1)(c), Sch. 2 s.20(1)(b)(ii), Sch. 2

8.3 FIs should keep:

(a) the original or a copy of the documents, and a record of the data and information, obtained in the course of identifying and verifying the identity of the customer and/or beneficial owner of the customer and/or beneficiary and/or persons who purport to act on behalf of the customer and/or other connected parties to the customer;

(b) any additional information in respect of a customer and/or beneficial owner of the customer that may be obtained for the purposes of EDD or ongoing monitoring;

(c) where applicable, the original or a copy of the documents, and a record of the data and information, on the purpose and intended nature of the business relationship;

(d) the original or a copy of the records and documents relating to the customer’s account (e.g. account opening form; insurance application form; risk assessment form) and business correspondence with the customer and any beneficial owner of the customer (which at a minimum should include correspondence concerning the establishment of the business relationship and ongoing correspondence material to CDD measures or significant changes to the operation of the account).


74

s.20(3), Sch. 2

8.4 All documents and records mentioned in paragraph 8.3 should be kept throughout the business relationship with the customer and for a period of six years after the end of the business relationship.

s.20(1)(a), Sch. 2

8.5 FIs should maintain the original or a copy of the documents, and a record of the data and information, obtained in connection with the transaction. These should include the following: (a) the identity of the parties (including beneficiary where appropriate) to the

transaction; (b) the nature and date of the transaction; (c) the type and amount of currency involved; (d) the origin of the funds (if known); (e) the form in which the funds were offered or withdrawn, e.g. cash, cheques, etc; (f) the destination of the funds; (g) the form of instruction and authority; and (h) the type and identifying number of any account involved in the transaction

(where applicable). In any event, FIs should ensure the records retained are sufficient to permit reconstruction of individual transactions so as to provide, if necessary, evidence for prosecution of criminal activity.

s. 20(2), Sch. 2

8.6 All documents and records mentioned in paragraph 8.5 should be kept for a period of six years after the completion of a transaction, regardless of whether the business relationship ends during the period.

8.6a Documents and records that IIs may keep include:

(a) initial proposal documentation such as the customer financial assessment,

analysis of needs, details of the payment method, illustration of benefits,

and copy of documentation in support of verification by the IIs;

(b) records associated with the maintenance of the contract post sale, up to and

including maturity of the contract; and

(c) “Discharge documentation” with details of the maturity processing and/or

claim settlement.

s. 21, Sch. 2

8.7 If the record consists of a document, either the original of the document should be retained or a copy of the document should be kept on microfilm or in the database of a computer. If the record consists of data or information, such record should be kept either on microfilm or in the database of a computer.

s. 20(4), Sch. 2

8.8 An RA may, by notice in writing to an FI, require it to keep the records relating to a specified transaction or customer for a period specified by the RA that is longer than those referred to in paragraphs 8.4 and 8.6, where the records are relevant to an on-going criminal or other investigation, or to any other purposes as specified in the


75

notice.

Records kept by intermediaries s. 18(4)(b), Sch. 2

8.9 Where customer identification and verification documents are held by an intermediary on which the FI is relying to carry out CDD measures, the FI concerned remains responsible for compliance with all record keeping requirements. FIs should ensure that the intermediaries being relied on have systems in place to comply with all the record keeping requirements under the AMLO and this guideline (including the requirements of paragraphs 8.3 to 8.8), and that documents and records will be provided by the intermediaries as soon as reasonably practicable after the intermediaries receive the request from the FIs.

s. 18(4)(a), Sch. 2

8.10 For the avoidance of doubt, FIs that rely on intermediaries for carrying out a CDD measure should immediately obtain the information that the intermediary has obtained in the course of carrying out that measure, for example, name and address.

8.11 An FI should ensure that an intermediary will pass the documents and records to the FI, upon termination of the services provided by the intermediary.

Part 3, Sch. 2

8.12 Irrespective of where identification and transaction records are held, FIs are required to comply with all legal and regulatory requirements in Hong Kong, especially Part 3 of Schedule 2. This may involve the FIs retaining a copy of the underlying records of identity and transaction in Hong Kong.

Record keeping obligations by individual insurance agents

8.13a Individual insurance agents who are appointed agents of an insurer are usually required to provide all customer and transaction related documentation to the insurer directly, and they do not have the capacity to maintain such documents. Under this arrangement, and from the perspective of meeting the record-keeping requirements set out in Part 3 of Schedule 2, these individual agents are considered to have deposited the required records and documents at the premises of the insurer.

As the individual insurance agents remain responsible for compliance with all record keeping requirements, they should ensure that: (a) the insurer to which they provide the records and documents has systems in

place to comply with all the record keeping requirements under the AMLO; and

(b) such records and documents are accessible from the insurer without delay upon request by a RA.

This guidance applies to individual insurance agents only and does not apply to insurance agencies.


76

Chapter 9 – STAFF TRAINING 9.1 Staff training is an important element of an effective system to prevent and detect

ML/TF activities. The effective implementation of even a well-designed internal control system can be compromised if staff using the system is not adequately trained.

9.2 Staff38 should be trained in what they need to do to carry out their particular roles in the FI with respect to AML/CFT. This is particularly important before new staff commence work.

9.3 FIs should implement a clear and well articulated policy for ensuring that relevant staff receive adequate AML/CFT training.

9.4 The timing and content of training packages for different groups of staff will need to be adapted by individual FIs for their own needs, with due consideration given to the size and complexity of their business and the type and level of ML/TF risk.

9.5 FIs should provide appropriate AML/CFT training to their staff. The frequency of training should be sufficient to maintain the AML/CFT knowledge and competence of the staff.

9.6 Staff should be made aware of: (a) their FI’s and their own personal statutory obligations and the possible

consequences for failure to report suspicious transactions under the DTROP, the OSCO and the UNATMO;

(b) any other statutory and regulatory obligations that concern their FIs and themselves under the DTROP, the OSCO, the UNATMO, the UNSO and the AMLO, and the possible consequences of breaches of these obligations;

(c) the FI’s policies and procedures relating to AML/CFT, including suspicious transaction identification and reporting; and

(d) any new and emerging techniques, methods and trends in ML/TF to the extent that such information is needed by the staff to carry out their particular roles in the FI with respect to AML/CFT.

9.7 In addition, the following training modules may be appropriate for certain groups of

staff: (a) all new staff, irrespective of seniority, should be given an introduction to the

background to ML/TF, the need for identifying and reporting of any suspicious transactions to the MLRO, and the offence of “tipping-off”. They should understand the importance placed on ML/TF issues by the FI;

(b) members of staff who are dealing directly with the public (e.g. front-line personnel, appointed insurance agents who act on behalf of authorized insurers) should be made aware of the FI’s policies and procedures in relation to CDD and record keeping requirements that are relevant to their job responsibilities. They are the first point of contact with potential money launderers and their efforts are

38 In the context of Chapter 9, staff include appointed insurance agents.


77

vital to the FIs strategy in the fight against money laundering. They should be provided training on areas that may give rise to suspicions and on the procedures to be adopted when a transaction is deemed to be suspicious. They should know the FI’s policies and procedures, including the line of reporting, for dealing with particular situations such as those where large transactions are involved, and the need for extra vigilance in these cases;

(c) back-office staff, depending on their roles, should receive appropriate training on customer verification and relevant processing procedures as well as training on how to recognise unusual activities including abnormal settlements, payments or delivery instructions;

(d) managerial staff including internal audit officers and COs should receive a higher level of training covering all aspects of AML/CFT procedures, in addition to specific training in relation to their responsibilities for supervising or managing staff, auditing the system and performing random checks as well as reporting of suspicious transactions to the JFIU; and

(e) AML COs should have a thorough working knowledge of all relevant legislation, regulatory guidance and the FI’s policies and procedures on the prevention of ML/TF. They should know the procedures for handling production and restraint orders and ensure relevant staff also possess such knowledge. They should be equipped with the knowledge and skills in assessing suspicious transaction reports submitted to them. Opportunities should be provided to enable them to keep abreast of all new developments and requirements in relation to AML/CFT.

9.8 FIs are encouraged to consider using a mix of training techniques and tools in

delivering training, depending on the available resources and learning needs of their staff. These techniques and tools may include on-line learning systems, focused classroom training, relevant videos as well as paper- or intranet-based procedures manuals. FIs may consider including available FATF papers and typologies as part of the training materials. All materials should be up-to-date and in line with current requirements and standards.

9.9 No matter which training approach is adopted, FIs should monitor and maintain records of who have been trained, when the staff received the training and the type of the training provided.

9.10 FIs should monitor the effectiveness of the training. This may be achieved by: (a) testing staff’s understanding of the FI’s policies and procedures to combat

ML/TF, the understanding of their statutory and regulatory obligations, and also their ability to recognise suspicious transactions; and

(b) monitoring the compliance of staff with the FI’s AML/CFT systems as well as the quality and quantity of internal reports so that further training needs may be identified and appropriate action can be taken.


78

Chapter 10 – WIRE TRANSFERS General requirements 10.1 This chapter primarily applies to authorized institutions and money service

operators. Other FIs should also comply with section 12 of Schedule 2 and the guidelines provided in this Chapter if they act as an ordering institution or beneficiary institution as defined under the AMLO. Where an FI is the originator or recipient/beneficiary of a wire transfer, it is not acting as an ordering institution or beneficiary institution and thus is not required to comply with the requirements under section 12 of Schedule 2 or this Chapter in respect of that transaction.

s.1(4) & s.12(11), Sch. 2

10.2 A wire transfer is a transaction carried out by an institution (the ordering institution) on behalf of a person (the originator) by electronic means with a view to making an amount of money available to that person or another person (the recipient/beneficiary) at another institution (the beneficiary institution), which may be the ordering institution or another institution, whether or not one or more other institutions (intermediary institutions) participate in completion of the transfer of the money.

s.12(2), Sch. 2

10.3 This chapter does not apply to the following wire transfers: (a) a wire transfer between two FIs if each of them acts on its own behalf; (b) a wire transfer between an FI and a foreign institution if each of them acts on its

own behalf; (c) a wire transfer if:

(i) it arises from a transaction that is carried out using a credit card or debit card (such as withdrawing money from a bank account through an automated teller machine with a debit card, obtaining a cash advance on a credit card, or paying for goods or services with a credit or debit card), except when the card is used to effect a transfer of money; and

(ii) the credit card or debit card number is included in the message or payment form accompanying the transfer.

10.4 For SWIFT users, the above exemption will apply to MT 200 series payments, MT

400 and MT 700 series messages when they are used to settle cheque collection and trade finance obligations between banks. Where the originator is an FI, as will sometimes be the case even for SWIFT MT 102 and MT 103 messages, supplying the Bank Identifier Code39 (BIC) of the FI constitutes complete originator information for the purposes of the AMLO, although it is also preferable for the account number to be included where available. This also applies to Business Entity Identifiers40 (BEIs), although in such case the account number should always be included. There may however be requests from beneficiary institution for address information.

39 BIC (“Business Identifier Code”) is also known as SWIFT Code. 40 When BIC assigned to a non-financial organisation, e.g. a corporate, the code is called a BEI

(“Business Entity Identifier”).


79

10.5

The FATF issued Special Recommendation VII (SR VII) in October 200141, with the objective of enhancing the transparency of all domestic and cross-border wire transfers to make it easier for law enforcement to track funds transferred electronically by terrorists and criminals. The Basel Committee on Banking Supervision guidance paper “Due diligence and transparency regarding cover payment messages related to cross-border wire transfers” (May 2009) also describes supervisory expectations in this area.

Ordering institutions s.12(3), Sch. 2

10.6 Ordering institutions must ensure that all wire transfers of amount equal to or exceeding HK$8,000 (or an equivalent amount in any other currency) are accompanied by complete and verified originator information as required under section 12(3) of Schedule 2 which includes: (a) the originator’s name; (b) the number of the originator’s account maintained with the FI and from which

the money for the wire transfer is paid, or a unique reference number42 (for non-account holders); and

(c) the originator’s address or, in the absence of an address, the originator’s customer identification number or identification document number (e.g. HKID card number for a customer who is a natural person, or business registration number for a customer who is a legal person), or, if the originator is an individual, the originator’s date and place of birth.

There is also a concession for domestic wire transfers set out below (see paragraph 10.17 below).

10.7 It is acceptable for an ordering institution to include the “correspondence address” of the originator in the wire transfer message provided that the ordering institution is satisfied that the address has been verified.

s.12(4), Sch. 2

10.8 Ordering institutions must ensure that all the originator information accompanying the payment has been verified. The verification requirement is deemed to be met for account holding customers of the FI whose identity has been verified in compliance with the AMLO and this Guideline. No further verification of such account holder’s information is normally required, although ordering institutions may exercise their discretion to do so in individual cases.

s.3(c), 12(3)& (4), Sch. 2

10.9 For transactions with non-account holders, the ordering institution must verify the identity of the customer and all originator information to accompany the wire transfer involving an amount equal to or exceeding the equivalent of HK$8,000. For an occasional wire transfer below HK$8,000 (or the equivalent), ordering institutions are in general not required to verify the originator’s identity, except when several transactions are carried out which appear to the ordering institution to be linked and are equal to or exceed the equivalent of HK$8,000. Evidence of verification must be retained with the customer information in accordance with the

41 A revised Interpretative Note to this special recommendation was issued by the FATF on 29

February 2008 and is available on the FATF website. 42 The unique reference number assigned by the ordering institution should permit the wire transfer to

be traced back to the originator.


80

record keeping requirements of the AMLO (see Chapter 8).

10.10 Ordering institutions may choose not to include all the required information in the wire transfer message accompanying a wire transfer of less than HK$8,000 or equivalent in foreign currencies. However, the relevant information about the originator should be recorded and retained by the ordering institution and should be made available within three business days on request by the beneficiary institution or the appropriate authorities. In considering whether to apply the threshold of HK$8,000, ordering institutions should take into account the business and operational characteristics of their wire transfer activities. Ordering institutions are encouraged to include, as far as practicable, the relevant originator information in the messages accompanying all wire transfer transactions.

10.11 For wire transfers conducted by an account holder as the originator, the originator’s name and address (or permitted alternative) should correspond to the account holder. Any request to override customer information should not be entertained and any suspicion of improper motive by a customer should be reported to the ordering institution’s MLRO.

10.12 In particular, an ordering institution should exercise care if there is suspicion that a customer may be effecting a wire transfer on behalf of a third party. If a wire transfer carries the name of a third party as the ordering person or otherwise does not appear to be consistent with the usual business/activity of the customer, the customer should be asked to provide further explanation of the nature of the wire transfer.

10.13 The relevant originator information should be recorded and retained in respect of both account holders and non-account holders.

10.14 Ordering institutions should adopt an RBA to check whether certain wire transfers may be suspicious taking into account such factors as the name of the beneficiary, the destination and amount of the wire transfer etc.

10.15 Ordering institutions should establish clear policies on the processing of cross-border and domestic wire transfers. The policies should address the following: (a) record keeping; (b) the verification of originator’s identity information43; (c) the message format and the circumstances in which the formats should be used;

and (d) the information to be included in messages.

10.16 Ordering institutions should include wire transfers in their ongoing due diligence on the business relationship with the originator and in their scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with their knowledge of the customer, its business and risk profile. Ordering institutions may adopt an RBA in their ongoing due diligence process. The process should be subject to regular audits to ensure its effectiveness.

43 Where an originator is a non-account holder, institutions should follow the customer identification,

verification and record keeping requirements prescribed for wire transfers in this Chapter.


81

Domestic wire transfers s.12(6), Sch. 2

10.17 Where both the ordering and beneficiary institutions are located within Hong Kong, the originator’s information accompanying the wire transfer can simply be the originator’s account number or a unique reference number which permits the transaction to be traced back to the originator.

s.12(6), Sch. 2

10.18 However, if requested by the beneficiary institution or the RA, complete originator information (see paragraph 10.6) must be provided by the ordering institution within 3 business days after the request is received.

Beneficiary Institutions 10.19 In respect of a wire transfer of any value for a beneficiary who is not an account

holder, the beneficiary institution should record the identity and address of the recipient. For wire transfers equal to or exceeding HK$8,000, the beneficiary institution should verify the recipient’s identity by reference to his identity card or travel document.

Batch file transfers s.12(7), Sch. 2

10.20 An ordering institution may bundle a number of transfers into a batch file for transmission to an overseas beneficiary institution. In such cases, the individual transfers within the batch file need only carry the originator’s customer account number (or unique reference number if there is no account number), provided that the batch file itself contains complete originator information.

Intermediary institutions s.12(8), Sch. 2

10.21 If an FI acts as an intermediary institution in a wire transfer, it must ensure that all originator information which accompanies the wire transfer is retained with the transfer and is passed to the next institution in the payment chain.

s.19(2), Sch. 2

10.22 The requirement to detect the lack of complete originator information applies to intermediaries in the same way as for transfers of funds received directly by the beneficiary institution.

10.23 It is preferable for an intermediary institution to forward payments through a system which is capable of carrying all the information received with the transfer. However, where an intermediary institution is technically unable to onward transmit originator information with transfers originating outside Hong Kong, it must advise the beneficiary institution of the originator information by another form of communication, whether within a payment or messaging system or otherwise.

Missing, incomplete or meaningless originator information s.19(2), Sch. 2

10.24 FIs must establish and maintain effective procedures for identifying and handling incoming wire transfers in compliance with the relevant originator information requirements.


82

s.12(9)(a) & s.12(10)a, Sch.2

10.25 If the domestic or cross border wire transfer is not accompanied by the originator’s information, the FI must as soon as reasonably practicable, obtain the information from the institution from which it receives the transfer instruction. If the information cannot be obtained, the FI should either consider restricting or terminating its business relationship with that institution, or take reasonable measures to mitigate the ML/TF risk involved.

s.12(9)(b) & s.12(10)(b), Sch.2

10.26 If the FI is aware that the accompanying information that purports to be the originator’s information is incomplete or meaningless, it must as soon as reasonably practicable take reasonable measures to mitigate the risk of ML/TF involved. FIs may demonstrate compliance by implementing effective risk-based procedures and systems to subject incoming payment traffic to an appropriate level of post-event random sampling to identify wire transfers that contain incomplete or meaningless originator’s information. This sampling may be weighted towards transfers: (a) from institutions located in non-FATF member jurisdictions, particularly those

that are known to have failed to adequately implement international messaging standards (i.e. SR VII);

(b) from institutions located in high-risk jurisdictions; (c) that are higher value transfers; and (d) from institutions that are identified by such sampling as having previously

failed to comply with the relevant information requirement.

s.12(9)(b)& s.12(10)(b), Sch. 2

10.27 If a beneficiary institution becomes aware in the course of processing a payment that it contains meaningless or incomplete information, it must request complete originator information. Beneficiary institutions should set appropriate deadlines for the remediation of deficient transfers.

s.12(9)(b)& s.12(10)(b), Sch. 2

10.28 If the complete and meaningful information cannot be obtained by the beneficiary institution within the deadline set, it must either consider restricting or terminating its business relationship with the institution from which it receives the transfer instruction or take reasonable measures to mitigate the ML/TF risk posed, taking into account such factors as the name of the beneficiary, the origin and amount of the transfer, etc.

10.29 Other specific measures should also be considered by the beneficiary institutions, for example, checking, at the point of payment delivery, that originator information is complete and meaningful on all transfers that are collected in cash by recipients/beneficiaries on a “pay on application and identification” basis.

10.30 FIs should also consider whether incomplete or meaningless information of which it becomes aware on a funds transfer constitutes grounds for suspicion and a report to the JFIU is appropriate.

10.31 If an ordering institution in Hong Kong regularly fails to supply the required originator information for a wire transfer involving an amount equal to or exceeding the equivalent of HK$8,000, the beneficiary institution should report the matter to the RA. Where an ordering institution is identified as having regularly failed to


83

comply with these information requirements, the beneficiary institution should consider taking steps, which may initially include issuing warnings and setting deadlines, prior to either refusing to accept further transfers from that institution or deciding whether to restrict or terminate its relationship with that institution either completely or in respect of funds transfers.

10.32 For incoming wire transfers below HK$8,000 containing incomplete payment information (i.e. below the SRVII threshold where the requirement becomes mandatory), FIs are not precluded from requesting the complete information; however, an RBA is suggested in such circumstances.

s.20(1) Sch. 2

10.33 Records of all electronic payments and messages must be retained in accordance with the AMLO.

Cover payment messages related to cross-border wire transfers 10.34 The processing of cross-border wire transfers usually involves several institutions.

In addition to the ordering institution and the beneficiary institution, additional institutions (cover intermediary institutions) which provide correspondent banking services to the originating institution or the beneficiary institution are often involved in the settlement of cross-border wire transfers. Cover payment messages are messages used by these institutions for the purpose of arranging funding to settle the interbank payment obligations created by cross-border wire transfers.

10.35 For wire transfers involving cover payment messages, ordering institutions should ensure that the message they send to cover intermediary institutions contains originator and beneficiary information. The originator and beneficiary information included in the cover payment message should be identical to that contained in the corresponding direct cross-border wire transfer message sent to the beneficiary institution. Ordering institutions are encouraged, where possible, to include other identity information about the beneficiary in cover payment messages, where this is necessary to limit the risk of customer assets being incorrectly frozen, blocked or rejected, or of the cover payment being unduly delayed.

10.36 Cover intermediary institutions should establish clear policies and procedures to ensure, in real time, that the relevant fields for storing originator and beneficiary information in cross-border cover payment messages are not blank. In addition, they should develop and implement policies and procedures to monitor if the originator and beneficiary information in the cross-border cover payment messages is manifestly meaningless or incomplete, and the monitoring may be done on a risk sensitive basis, subsequent to the processing of the transactions. Cover intermediary institutions should also implement other measures including screening the originator and beneficiary names against their database of terrorists and terrorist suspects.

10.37 Beneficiary institutions should identify the beneficiary and verify its identity. They should also have effective risk-based procedures in place to identify and handle wire transfers lacking complete originator information.

10.38 More detailed guidance for AIs, particularly the responsibilities of cover intermediary institutions is provided in the “Guidance Paper on Cover Payment Messages Related to Cross-border Wire Transfers” issued by the HKMA dated 8


84

February 2010.


85

APPENDIX A Other reliable and independent sources for customer identification purposes s.2(1)(a)(iv) & s.2(1)(d)(i)(D), Sch. 2

1 The identity of an individual physically present in Hong Kong should be verified by reference to their Hong Kong identify card or travel document. FIs should always identify and or verify a Hong Kong resident’s identity by reference to their Hong Kong identity card, certificate of identity or document of identity. The identity of a non-resident should be verified by reference to their valid travel document.

2 For non-resident individuals who are not physically present in Hong Kong, FIs may identify and or verify their identity by reference to the following documents:

(a) a valid international passport or other travel document; or (b) a current national (i.e. Government or State-issued) identity card bearing the

photograph of the individual; or (c) current valid national (i.e. Government or State-issued) driving license44

incorporating photographic evidence of the identity of the applicant, issued by a competent national or state authority.

3 Travel document means a passport or some other document furnished with a

photograph of the holder establishing to the satisfaction of an immigration officer the identity and nationality, domicile or place of permanent residence of the holder. The following documents constitute travel documents for the purpose of identity verification:

(a) Permanent Resident Identity Card of Macau Special Administrative Region; (b) Mainland Travel Permit for Taiwan Residents; (c) Seaman’s Identity Document (issued under and in accordance with the

International Labour Organisation Convention / Seafarers Identity Document Convention 1958);

(d) Taiwan Travel Permit for Mainland Residents; (e) Permit for residents of Macau issued by Director of Immigration; (f) Exit-entry Permit for Travelling to and from Hong Kong and Macau for Official

Purposes; and (g) Exit-entry Permit for Travelling to and from Hong Kong and Macau.

4 For minors born in Hong Kong who are not in possession of a valid travel document or Hong Kong identity card45, their identity should be verified by reference to the minor’s Hong Kong birth certificate. Whenever establishing relations with a minor, the identity of the minor’s parent or guardian representing or accompanying the minor should also be recorded and verified in accordance with the above requirements.

44 For avoidance of doubt international drivers permits and licences are not acceptable for this purpose. 45 All residents of Hong Kong who are aged 11 and above are required to register for an identity card.

Hong Kong permanent residents will have a Hong Kong Permanent Identity Card. The identity card of a permanent resident (i.e. a Hong Kong Permanent Identity Card) will have on the front of the card a capital letter “A” underneath the individual’s date of birth.


86

5 An FI may identify and or verify a corporate customer by performing a company registry search in the place of incorporation and obtaining a full company search report, which confirms the current reference to a full company particulars search (or overseas equivalent) which, in addition to confirming the company’s continued registration, contains: (a) the current basic information of the company; (b) a list of the name(s) (with identification information) of current director(s) and

reserve director (if any); (c) particulars of the secretary; (d) address of registered office (for local companies); (e) address of principal place of business in Hong Kong; (f) particulars of authorized representatives (for non-Hong Kong companies); (g) share capital; and (h) particulars of receiver, manager and liquidators (if any).

6 For jurisdictions that do not have national ID cards and where customers do not have a travel document or driving licence with a photograph, FIs may, exceptionally and applying a risk-based approach, accept other documents as evidence of identity. Wherever possible such documents should have a photograph of the individual.

APPENDIX B

CONFIDENTIAL 機密

87

Joint Financial Intelligence Unit

G.P.O. Box No. 6555, General Post Office, Hong Kong

Tel : 2866 3366 Fax : 2529 4013 Email : [email protected]

Date: 2011-XX-XX

Money Laundering Reporting Officer, XXXXXXX. Fax No. : XXXX XXXX Dear Sir/Madam,

Suspicious Transaction Report (“STR”)

JFIU No. Your Reference Date Received

XX XX XX

I acknowledge receipt of the above mentioned STR made in accordance with the provisions of section 25A(1) of the Drug Trafficking (Recovery of Proceeds) Ordinance (Cap 405) / Organized and Serious Crimes Ordinance (Cap 455) and section 12(1) of the United Nations (Anti-Terrorism Measures) Ordinance (Cap 575).

Based upon the information currently in hand, consent is given in accordance with the provisions of section 25A(2) of the Drug Trafficking (Recovery of Proceeds) Ordinance and Organized / Serious Crimes Ordinance, and section 12(2) of United Nations (Anti-Terrorism Measures) Ordinance.

Should you have any queries, please feel free to contact Senior Inspector Mr. XXXXX on (852) 2860 XXXX.

Yours faithfully, (XXXXX)

for Head, Joint Financial Intelligence Unit

CONFIDENTIAL 機密

88

PERSONAL DATA

Joint Financial Intelligence Unit

G.P.O. Box No. 6555, General Post Office, Hong Kong

Tel : 2866 3366 Fax : 2529 4013 Email : [email protected]

Our Ref. : Your Ref :

2011-XX-XX Money Laundering Reporting Officer, XXXXXX Fax No. : XXXX XXXX Dear Sir/Madam,

Drug Trafficking (Recovery of Proceeds) Ordinance/ Organized and Serious Crimes Ordinance

I refer to your disclosure made to JFIU under the following reference:

JFIU No. Your Reference Dated

XX XX XX

Your disclosure is related to an investigation of ‘XXXXX’ by officers of XXXXX under reference XXXXX.

In my capacity as an Authorized Officer under the provisions of section

25A(2) of the Organized and Serious Crimes Ordinance, Cap. 455 (“OSCO”), I wish to inform you that you do NOT have my consent to further deal with the funds in the account listed in Annex A since the funds in the account are believed to be crime proceeds.

As you should know, dealing with money known or reasonably believed

to represent the proceeds of an indictable offence is an offence under section 25 of OSCO. This information should be treated in strict confidence and disclosure of the contents of this letter to any unauthorized person, including the subject under investigation which is likely to prejudice the police investigation, may be an offence under section 25A(5) OSCO. Neither the accounts holder nor any other person should be notified about this correspondence.

----

CONFIDENTIAL 機密

89

If any person approaches your institution and attempts to make a transaction involving the account, please ask your staff to immediately contact the officer-in-charge of the case, and decline the transaction. Should the account holder or a third party question the bank as to why he cannot access the funds in the accounts he should be directed to the officer-in-charge of the case, without any further information being revealed.

Please contact the officer-in-charge, Inspector XXXXX on XXXX XXXX or the undersigned should you have any other query or seek clarification of the contents of this letter.

Yours faithfully,

( XXXXXXX ) Superintendent of Police

Head, Joint Financial Intelligence Unit

c.c. OC Case

CONFIDENTIAL 機密

90

Annex A

S/N Account holder

Account Number

1.


91

GLOSSARY OF KEY TERMS AND ABBREVIATIONS Terms / abbreviations Meaning AMLO Anti-Money Laundering and Counter-Terrorist Financing (Financial

Institutions) Ordinance (Cap. 615)

AML/CFT Anti-money laundering and counter financing of terrorism

BO Banking Ordinance (Cap. 155)

CDD Customer due diligence

CO Compliance officer

Connected parties Connected parties to a customer include the beneficial owner and any natural person having the power to direct the activities of the customer. For the avoidance of doubt the term connected party will include any director, shareholder, beneficial owner, signatory, trustee, settlor/grantor/founder, protector(s), or defined beneficiary of a legal arrangement.

DTROP Drug Trafficking (Recovery of Proceeds) Ordinance (Cap. 405)

EDD Enhanced customer due diligence

FATF Financial Action Task Force

FI(s) Financial institution(s)

ICO Insurance Companies Ordinance (Cap. 41)

Individual Individual means a natural person, other than a deceased natural person

II(s) Insurance institution(s), referring to authorized insurers, reinsurers, appointed insurance agents and authorized insurance brokers carrying on or advising on long term business

IAIS

International Association of Insurance Supervisors

JFIU Joint Financial Intelligence Unit

Minor Minor means a person who has not attained the age of 18 years; [Interpretation and General Clauses Ordinance (Cap. 1) - section 3]

MLRO Money laundering reporting officer

ML/TF Money laundering and/or terrorist financing


92

OSCO Organized and Serious Crime Ordinance (Cap. 455)

PEP(s) Politically exposed person(s)

RA(s) Relevant authority (authorities)

RBA Risk-based approach to CDD and ongoing monitoring

Schedule 2 Schedule 2 to the AMLO

SDD Simplified customer due diligence

Senior management Senior management means directors (or board) and senior managers (or equivalent) of a firm who are responsible, either individually or collectively, for management and supervision of the firm’s business. This may include a firm's Chief Executive Officer, Managing Director, or other senior operating management personnel (as the case may be).

SFO Securities and Futures Ordinance (Cap. 571)

STR(s)

Suspicious transaction report(s); also referred to as reports or disclosures

Trust For the purposes of the guideline, a trust means an express trust or any similar arrangement for which a legal-binding document (i.e. a trust deed or in any other form) is in place.

UNATMO United Nations (Anti-Terrorism Measures) Ordinance (Cap. 575)

UNSO United Nations Sanctions Ordinance (Cap. 537)

1

打擊洗錢

及

恐怖分子資金籌集指引

(適用於經營長期業務或就長期業務提供

意見的獲授權保險人、再保險人、獲委

任保險代理人及獲授權保險經紀)

諮詢文件

2011年9 月

2

目錄

頁

第1章概覽 ......................................................................................... 3 第2章打擊洗錢/恐怖主義資金籌集制度及在香港以外進行的業務 .. 11

第3章風險為本的方法...................................................................... 19

第4章客户盡職審查 ....................................................................... 24

第5章持續監察................................................................................. 81

第6章金融制裁及恐怖分子資金籌集 ............................................... 86

第7章可疑交易報告 ......................................................................... 91

第8章備存紀錄............................................................................... 113

第9章職員培訓............................................................................... 118

第10章電傳轉帳............................................................................... 122

附錄 A 可用於客戶身分識別的其他可靠及獨立來源 ....................... 131

附錄 B 財富情報組發出的通訊樣本 ............................................. 134 主要用語及縮寫詞彙 ...................................................................................... 139

3

第第第第1111章章章章 –––– 概覽概覽概覽概覽

引言

1.1 本指引是根據《打擊洗錢及恐怖分子資金籌集（金融機構）條例》（第615

章）（「打擊洗錢條例」）第7條及《保險公司條例》（第41章）第4A條公

布。

1.2 本指引中的用語及縮寫應參照本指引詞彙部分載列的釋義。其他詞語或短

語的詮釋則應按照打擊洗錢條例及《保險公司條例》所載列的釋義。

1.3 本指引由保險業監督公布，為經營長期業務或就長期業務提供意見的獲授

權保險人、再保險人、獲委任保險代理人及獲授權保險經紀(以下統稱“保

險機構”)提供導引。一般來說，本指引第1-10章為保險機構提供的導引與

其他有關當局根據各自的監管制度所提供的導引並無差異。如保險業監督

認為適合在第1-10章提供補充導引，則會以斜體字加入其中，以便識別。

1.4 本指引旨在供金融機構及它們的主管人員和職員使用。本指引的目的在於：

(a) 提供有關洗錢及恐怖分子資金籌集(「洗錢/恐怖分子資金籌集」)的一般

背景資料，包括適用於香港的打擊洗錢及恐怖分子資金籌集(「打擊洗

錢/恐怖分子資金籌集」)法例的主要條文的概要；及

(b) 提供實際導引，以助有關金融機構及其高級管理層在考慮其特別情況

後，去制訂及執行相關經營領域的政策、程序及管控措施，以符合打

擊洗錢/恐怖分子資金籌集的法定及監管規定。

4

1.5 有關當局會不時檢討本指引的相關性及適用性，並在有需要時作出修訂。

1.6 鑑於不同金融機構的組織及法律結構，以及它們的業務活動的性質與範疇

均存在重大差異，故並無單一普遍適用的執行措施。此外，必須強調的是，

本指引的內容並非，亦不應被詮釋為已無遺地包羅所有符合法定及監管規

定的途徑。

1.7 本指引為執行打擊洗錢條例附表2（「附表2」）所列條文提供導引。這有

助金融機構以切合其特定業務風險狀況的方式去履行它們的立法及監管責

任。與本指引不相符及其依據，應記錄在案，而金融機構亦須作好準備向

有關當局說明與本指引不相符的依據。

打擊洗錢

條例第 7

條

1.8 如任何人沒有遵守本指引的任何條文，此事本身不會令致該人可在任何司

法或其他法律程序中被起訴，但在根據打擊洗錢條例提起而於任何法院進

行的法律程序中，本指引可獲接納為證據；及如該法院覺得本指引內所列

條文，攸關該法律程序中產生的任何問題，該法院在裁斷該問題時，須考

慮該條文。

1.8a 此外，如保險機構不遵從本指引的條文，則可能會對其董事和控權人7的適

當人選資格產生負面影響，及可能導致處分。

洗錢及恐怖分子資金籌集活動的性質

打擊洗錢

條例附表

1第1條

1.9 打擊洗錢條例附表1第1部第1條界定了「洗錢」一詞的涵義，該詞指出於達

致下述效果的意圖的行為：

使 —

(a) 屬干犯香港法律所訂可公訴罪行或作出假使在香港發生即屬犯香港法

律所訂可公訴罪行的作為而獲取的收益的任何財產，看似並非該等收

7就董事和控權人的釋義，請參閱《保險公司條例》第2條。

5

益；或

(b) 全部或部分、直接或間接代表該等收益的任何財產，看似不如此代表該

等收益。

1.10 洗錢可分為3個常見階段，當中經常涉及多宗交易。金融機構應留意可能涉

及犯罪活動的徵兆。這些階段包括：

(a) 存放－以實物方式處置來自非法活動的現金得益；

(b) 分層交易－透過複雜多層的金融交易，將非法得益及其來源分開，從而

隱藏款項的來源、掩飾審計線索和隱藏擁有人的身分；及

(c) 整合－為犯罪得來的財富製造表面的合法性。當分層交易的過程成

功，整合計劃便實際地把經清洗的得益回流到一般金融體系，令人以

為有關收益來自或涉及合法的商業活動。

打擊洗錢

條例附表

1第1條

1.11 打擊洗錢條例附表1第1部第1條界定了「恐怖分子資金籌集」一詞的涵義，

該詞指：

(a) 在下述情況以任何方法直接或間接地提供或籌集資金—

(i) 懷有將該等資金的全部或部分用於作出一項或多於一項恐怖主

義行為的意圖(不論該等資金實際上有否被如此使用)；或

(ii) 知道該等資金的全部或部分將會用於作出一項或多於一項恐怖

主義行為(不論該等資金實際上有否被如此使用 )；或

(b) 明知某人是恐怖分子或與恐怖分子有聯繫者、或罔顧某人是否恐怖分子

或是否與恐怖分子有聯繫者，而作出以下行為：直接或間接地向該人提

供任何資金或金融(或有關的)服務、或為該人的利益，而直接或間接地

提供該等資金或服務。

1.12 恐怖分子或恐怖組織需要財政支援來達到目的。他們往往需要隱藏或掩飾

他們與資金來源的連繫。因此，恐怖分子集團同樣必須尋找清洗資金的途

6

徑(不論有關的資金來源是否合法)，以便在不被當局發現的情況下使用資

金。

保險業所面對的風險保險業所面對的風險保險業所面對的風險保險業所面對的風險

1.12a 保險業面對洗錢和恐怖分子資金籌集活動的風險。保險產品蘊含的特點，

可能會帶來一些於保險業獨有的洗錢風險。在人壽保險單到期或退保時，

保險單持有人或其他受益人(例如保險單已被受讓的受讓人、或保險單已列

入信託的受託人)便可獲得款項。在保險單到期或退保前，投保人亦可更改

保險單的受益人，讓保險人把款項付給新的受益人。保險單亦可作為抵押

品，用以購買其他金融產品。這些投資本身可能只是複雜而精密的交易的

一部分，資金源自金融體系的其他部分。

1.12b 在各類長期保險合約中，易被利用進行洗錢和恐怖分子資金籌集活動的產

品例子如下：

( a ) 單位相連或可分紅的整付保費合約；

(b ) 可儲存現金價值的整付保費壽險保險單；

(c ) 固定及變額年金；以及

(d) (二手)儲蓄壽險保險單。

1.12c 此外，成立虛假的(再)保險人或再保險中介人、掛名的保險人和專屬自保保

險人，或不當使用一般的再保險交易，都是利用再保險去洗錢和為恐怖分

子資金籌集的方法。例子包括：

• 故意經保險人把犯罪得益或恐怖活動資金存放於再保險人，以掩飾資金

的來源；

• 成立虛假的再保險人，以清洗犯罪得益或協助進行恐怖分子資金籌集等

活動；

• 成立虛假的保險人，藉此把犯罪得益或恐怖活動資金存放於合法的再保

險人。

1.12d 在保險的分銷、承保和理賠方面，保險中介人8擔當重要的角色。他們往往

是保險單持有人的直接聯絡人，因此在防止洗錢和打擊恐怖分子資金籌集

8保險中介人意指經營長期業務或就長期業務提供意見的獲委任保險代理及獲授權保險經紀。

7

活動方面，中介人應肩負重要的職責。在一般情況下，適用於保險人的原

則，應同樣適用於保險中介人。擬進行洗錢或恐怖分子資金籌集活動的人，

可能會利用不知道或不遵從必要程序，或沒有察覺或舉報可能屬洗錢或恐

怖分子資金籌集活動個案的保險中介人，把不法資金交予保險人。

與洗錢及恐怖分子資金籌集活動有關的法例

1.13 財務特別行動組織（「特別組織」）是在1989年成立，就打擊洗錢制定國

際標準的跨政府組織。在2001年10月它的權責擴大至打擊恐怖分子資金籌

集活動。為確保其標準在全球全面而有效地執行，特別組織會透過評核來

監察各司法管轄區的合規情況，並在評核後進行嚴格的跟進程序，其中包

括識別高度風險及不合作的司法管轄區。特別組織可能會加強對這些地區

的審查工作，而特別組織的成員及國際社會也可能對這些司法管轄區採取

針對措施。很多大型經濟體系都已加入特別組織，形成國際合作的全球網

絡，促進成員司法管轄區之間的交流。作為特別組織的成員，香港有責任

實施特別組織所訂立的打擊洗錢規定，包括40項建議及9項特別建議（下文

統稱「特別組織的建議」）1。香港必須符合國際打擊洗錢標準，以維持它

作為國際金融中心的地位。

1.14 在香港，與洗錢/恐怖分子資金籌集有關的四項主要法例為打擊洗錢條例、

《販毒（追討得益）條例》、《有組織及嚴重罪行條例》及《聯合國（反

恐怖主義措施）條例》。金融機構及它們的主管人員和職員均須充分了解

他們在不同法例之下的各種責任，這點至為重要。

打擊洗錢條例

條例附表2

第23條

1.15 打擊洗錢條例將關於客戶盡職審查(「盡職審查」)及備存紀錄的規定施加

於金融機構，以及賦予有關當局監督該等規定及打擊洗錢條例下的其他規

定的合規情況的權力。此外，附表2第23條規定金融機構須採取所有合理措

施，以(a)確保有適當的預防措施存在，以防止附表2第2或3部的任何規定遭

違反；及(b)減低洗錢/恐怖分子資金籌集的風險。

1可在特別組織的網站www.fatf-gafi.org查閱特別組織的建議。

8

打擊洗錢

條例第5條

1.16 根據打擊洗錢條例，金融機構如(1)明知；或(2)出於詐騙任何有關當局的意

圖而違反打擊洗錢條例指明的條文，即屬犯罪。「指明的條文」載列於打

擊洗錢條例第5(11)條。金融機構如明知而違反指明的條文，最高可被判監

禁2年及罰款一百萬元。金融機構如出於詐騙任何有關當局的意圖而違反指

明的條文，一經定罪，最高可被判監禁7年及罰款一百萬元。

打擊洗錢

條例第5條

1.17 根據打擊洗錢條例，任何金融機構的僱員、或受僱為金融機構工作、或關

涉金融機構的管理的人，如(1)明知；或(2)出於詐騙該金融機構或任何有關

當局的意圖，而致使或准許該金融機構違反打擊洗錢條例指明的條文，即

屬犯罪。任何金融機構的僱員、或受僱為金融機構工作、或關涉金融機構

的管理的人，如明知而違反指明的條文，一經定罪，最高可被判監禁2年及

罰款一百萬元。該人如出於詐騙該金融機構或任何有關當局的意圖而違反

指明的條文，一經定罪，最高可被判監禁7年及罰款一百萬元。

打擊洗錢

條例第21

條

1.18 有關當局可向違反打擊洗錢條例的任何指明的條文的金融機構採取紀律行

動。可採取的紀律行動包括公開譴責有關金融機構、命令該金融機構採取

任何行動以糾正有關的違反，以及命令該金融機構繳付最高數額10,000,000

元或因有關的違反而令該金融機構獲取的利潤或避免的開支的金額的3倍

的罰款（以金額較大者為準）。

《販毒（追討得益）條例》

1.19 《販毒（追討得益）條例》載有可對涉嫌從販毒活動所得的資產進行調查、

在逮捕涉嫌罪犯時將資產凍結，以及在定罪後沒收販毒得益的條文。.

《有組織及嚴重罪行條例》

1.20 除其他事項外，《有組織及嚴重罪行條例》：

9

(a) 賦予香港警方及香港海關人員調查有組織罪行及三合會活動的權力；

(b) 賦予法院司法管轄權，沒收來自有組織及嚴重罪行的得益，以及就被

控觸犯《有組織及嚴重罪行條例》所指罪行的被告人的財產發出限制

令及押記令；

(c) 增訂一項有關來自可公訴罪行得益的洗錢罪行；及

(d) 容許法院在適當的情況下收取有關違法者及有關罪行的資料，以決定

當有關罪行構成有組織／與三合會有關的罪行或其他嚴重罪行時，是

否適宜作出更重的判刑。

《聯合國（反恐怖主義措施）條例》

1.21 《聯合國（反恐怖主義措施）條例》主要旨在實施聯合國安全理事會（「安

理會」）2001年9月28日第1373號決議中關於防止向恐怖主義行為提供資金

的決定。除了安理會第1373號決議中須強制執行的措施外，《聯合國(反恐

怖主義措施)條例》亦實施特別組織的特別建議中某些與恐怖分子資金籌集

有關的較具逼切性的建議。

《販毒（追

討得益）條

例》及《有

組織及嚴

重罪行條

例》第25條

1.22 根據《販毒（追討得益）條例》及《有組織及嚴重罪行條例》的規定，如

有人知道或有合理理由相信任何財產代表任何人的販毒或來自可公訴罪行

的得益而仍處理該財產，即屬犯罪。若犯此罪，經定罪後的最高刑罰為監

禁14年及罰款五百萬元。

《聯合國

（反恐怖

主義措施）

條例》第

6、7、8、

13及14條

1.23 除其他事項外，《聯合國（反恐怖主義措施）條例》訂明，向恐怖分子或

與恐怖分子有聯繫者提供或籌集資金及向他們提供資金或金融(或有關的)

服務，均屬違法。若犯此罪，一經定罪，最高刑罰為監禁14年及罰款。《聯

合國（反恐怖主義措施）條例》亦容許將恐怖分子財產凍結，然後充公有

關財產。

10

《販毒（追

討得益）條

例》及《有

組織及嚴

重罪行條

例》第25A

條、《聯合

國（反恐怖

主義措施）

條例》第12

及14款

1.24 根據《販毒（追討得益）條例》、《有組織及嚴重罪行條例》及《聯合國

（反恐怖主義措施）條例》，任何人如知悉或懷疑任何財產是直接或間接

代表任何人的販毒或可公訴罪行的得益、曾在與販毒或可公訴罪行有關的

情況下使用、或擬在與販毒或可公訴罪行有關的情況下使用或為恐怖分子

財產，而未能在合理範圍內盡快作出披露，即屬犯罪。若犯此罪，一經定

罪，最高刑罰為監禁3個月及罰款50,000元。

《販毒（追

討得益）條

例》及《有

組織及嚴

重罪行條

例》第25A

條、《聯合

國（反恐怖

主義措施）

條例》第12

及14條

1.25 根據《販毒（追討得益）條例》、《有組織及嚴重罪行條例》及《聯合國

（反恐怖主義措施）條例》，「通風報訊」也屬犯罪行為。任何人如知道

或懷疑已有任何披露作出，而仍向其他人披露任何相當可能損害或為跟進

首述披露而或會進行的調查的事宜，即屬犯罪。若犯此罪，一經定罪，最

高刑罰為監禁3年及罰款。

11

第第第第2222章章章章 ———— 打擊洗錢打擊洗錢打擊洗錢打擊洗錢////恐怖分子恐怖分子恐怖分子恐怖分子資金籌集制度及在香港以外進行的業務資金籌集制度及在香港以外進行的業務資金籌集制度及在香港以外進行的業務資金籌集制度及在香港以外進行的業務

打擊洗錢打擊洗錢打擊洗錢打擊洗錢////恐怖分子恐怖分子恐怖分子恐怖分子資金籌集制度資金籌集制度資金籌集制度資金籌集制度

附表 2

第 23(a)

及(b)條

2.1 金融機構必須採取一切合理措施，確保設有合適的保障措施，以減低洗

錢/恐怖分子資金籌集的風險，以及防止違反附表2第2或3部的任何規

定。為確保符合此項規定，金融機構應執行適當的內部打擊洗錢/恐怖分

子資金籌集政策、程序及管控措施（下文統稱「打擊洗錢/恐怖分子資金

籌集制度」）。

2.2 雖然並無一套制度可偵測及防止所有洗錢/恐怖分子資金籌集活動，金融

機構應在顧及所提供的產品及服務、客戶的類別及地理位置等因素後，

對洗錢/恐怖分子資金籌集的風險作出評估，藉以設立及執行充分及適當

的打擊洗錢/恐怖分子資金籌集制度(包括接納客戶的政策及程序)。

2.3 為確保妥善執行該等政策及程序，金融機構應設有有效的管控措施，涵

蓋範圍包括：

(a) 高級管理層的監督；

(b) 委任合規主任及洗錢報告主任2；

(c) 合規及審核職能；及

(d) 職員甄選及培訓3。

風險因素

產品/服務風險

2 洗錢報告主任的職責及職能詳載於第7.18-7.29段。就某些金融機構而言，合規主任及洗錢報告

主任的職能可由同一職員履行。 3 有關職員培訓的其他導引，請參閱第9章。

12

2.4 金融機構應考慮所提供產品及服務的特性，以及它們所面對的洗錢/恐怖

分子資金籌集風險程度。就此而言，金融機構應在推出任何新產品及服

務前評估該產品及服務的風險（特別是那些可引致科技發展被不當使

用，或於洗錢/恐怖分子資金籌集的計劃方便匿藏身分），以及確保執行

適當的額外措施及管控程序，以減低及管理相關的洗錢/恐怖分子資金籌

集的風險。

交付╱分銷渠道的風險

2.5 金融機構亦應考慮在交付╱分銷渠道方面可能面對的洗錢/恐怖分子資

金籌集風險的程度。這些可包括採用非面對面的開戶方法的網上、郵寄

或電話銷售渠道。透過代理或中介人進行的業務促銷也可能會增加風

險，因為客戶與金融機構之間的業務關係會變得間接。

客戶風險

2.6 當評估客戶風險時，金融機構應考慮客戶是誰人、從事哪些業務，以及

任何其他可能顯示客戶涉及較高風險的資料。

2.7 如客戶的法律形式容許個人卸除本身的財產擁有權，但同時可保留對該

財產的某種控制權，或與客戶有業務聯繫的業務╱行業界別較容易涉及

貪污事宜，則金融機構應提高警覺。例子包括：

(a) 能在最終的相關主事人的身分可不作披露的情況下而成立為法團的

公司；

(b) 不能保證可知悉其真正相關主事人或控制人的身分的某些形式的信

託或基金；

(c) 容許代名人股東；及

13

(d) 發行持票人股份的公司。

金融機構亦應考慮客戶活動性質所蘊含的風險，以及有關交易本身可能

就是一宗犯罪交易。舉例來說，軍火買賣及軍火買賣資金籌集就是一種

引致多重洗錢及其他風險的業務活動，例如：

(a) 採購合約產生的貪污風險；

(b) 與政治人物有關的風險；及

(c) 恐怖主義及恐怖分子資金籌集的風險，因付運貨物可能會被轉移他

處。

國家風險

2.8 與客戶及中介人有聯繫的業務經營所在國家或地理位置如牽涉大量有組織

罪行、貪污情況惡化及缺少制度防止及偵察洗錢/恐怖分子資金籌集的情

況，金融機構應倍加關注。金融機構可參照公開資料或由專門的國家、國

際、非政府及商業組織所公布的有關貪污風險的相關報告及資料庫（例如

Transparency International按各國被認知的貪污水平排名的Corruption

Perceptions Index ，以評估哪些國家最容易涉及貪污情況)。

高級管理層的監督

2.9 任何金融機構的高級管理層都有責任有效管理業務；就打擊洗錢/恐怖分

子資金籌集而言，這包括監督下文所述職能。

2.10 高級管理層應：

14

(a) 信納金融機構的打擊洗錢/恐怖分子資金籌集制度能夠應付風險評估

所識別的洗錢/恐怖分子資金籌集風險；

(b) 委任一名董事或高級經理擔任合規主任，全面負責建立及維持金融機

構的打擊洗錢/恐怖分子資金籌集制度；及

(c) 委任金融機構一名高級職員擔任洗錢報告主任，作為報告可疑交易的

中央聯絡點。

2.11 為使合規主任及洗錢報告主任能有效地履行他們的職責，高級管理層應

在切實可行的範圍內，確保合規主任及洗錢報告主任：

(a) 獨立於所有營運及業務職能(視乎金融機構規模的限制)，；

(b) 通常居於香港；

(c) 在該金融機構具有一定的資歷及權力；

(d) 與高級管理層能夠保持定期聯絡，並在有需要時能直接聯絡高級管理

層，以確保高級管理層信納本身已符合各項法定責任，以及機構亦

已採取充分有力的保護措施抵禦洗錢/恐怖分子資金籌集風險；

(e) 完全熟悉適用於金融機構的法定及監管規定，以及金融機構的業務所

產生的洗錢/恐怖分子資金籌集風險；

(f) 能夠及時取得一切可取得的資料（來自內部來源如盡職審查紀錄及外

部來源如有關當局通函）；及

(g) 配備充足資源，包括職員及合規主任及洗錢報告主任的適當替補人選

（如切實可行的話，即替代或代理合規主任及洗錢報告主任，而他

們應具有相同地位）。

合規主任及洗錢報告主任

15

2.12 合規主任的主要職能是作為金融機構的一個中心點，監督一切防止及偵

察洗錢/或恐怖分子資金籌集的活動，以及向高級管理層提供支援及導

引，確保洗錢/恐怖分子資金籌集風險得到充分的管理。合規主任尤其應

負責：

(a) 制訂及╱或持續覆核金融機構的打擊洗錢/恐怖分子資金籌集制度，

以確保制度反映現況及符合當前的法定及監管規定；及

(b) 全方位監督金融機構的打擊洗錢/恐怖分子資金籌集制度，包括監察

成效及在有需要時執行更嚴格的管控及程序。

2.13 為了有效地履行這些職責，合規主任應考慮多個方面，包括：

(a) 管理及測試打擊洗錢/恐怖分子資金籌集制度的方法；

(b) 識別及矯正打擊洗錢/恐怖分子資金籌集制度中的不足之處；

(c) 報告制度內的數字，包括內部報告及向聯合財富情報組(「財富情報

組」)作出的披露；

(d) 減低與來自沒有執行或沒有充分執行特別組織建議的國家的人的業

務關係及交易所引致的洗錢/恐怖分子資金籌集風險；

(e) 與高級管理層就打擊洗錢/恐怖分子資金籌集的主要問題進行溝通，

包括（如適用）重大的合規不足情況；

(f) 有關新法例、監管規定或導引的變更或變更建議；

(g) 符合附表2第2或3部列述的外地分行或附屬企業的規定，以及有關當

局就此方面發出的任何導引；及

(h) 打擊洗錢/恐怖分子資金籌集方面的職員培訓。

16

2.14 洗錢報告主任應在識別及報告可疑交易方面擔當積極的角色。所履行的

主要職能預計包括：

(a) 覆核所有內部披露及例外情況報告，並根據一切知悉的資料，決定是

否有需要向財富情報組作出報告；

(b) 備存該等內部覆核的所有紀錄；

(c) 如已作任何披露，提供有關如何避免「通風報訊」的導引；及

(d) 就防止及偵察洗錢/恐怖分子資金籌集、調查或合規事宜作為與財富

情報組、執法當局及任何其他主管當局的主要聯絡點。

合規及審核職能

2.15 在切實可行的情況下，金融機構應設立獨立的合規及審核職能。這職能

並不附帶經營責任，並應能與金融機構的高級管理層直接溝通。

2.16 金融機構的合規及審核職能應包括定期對打擊洗錢/恐怖分子資金籌集

制度（特別是辨識及報告可疑交易的制度）作出覆核，例如抽樣測試，

以確保成效。覆核的頻密程度及範圍應與洗錢/恐怖分子資金籌集風險及

金融機構的業務規模相稱。在適當情況下，金融機構應尋求外界資源進

行覆核。

職員甄選

2.17 金融機構必須設立、維持及操作適當程序，確保信納任何新董事及僱員

的誠信。

在香港以外進行的業務在香港以外進行的業務在香港以外進行的業務在香港以外進行的業務

17

附表 2

第 22(1)

條

2.18 在香港成立為法團的金融機構應確保它們在外地的分行或附屬企業設有

集團的打擊洗錢/恐怖分子資金籌集政策，以確保所有外地分行及在香港

以外地方經營與金融機構相同業務的附屬企業設有程序，使它們能在該

地方法律准許的範圍內遵守與根據附表2第2及3部施加的盡職審查及備

存紀錄規定相類似4的規定。金融機構應將集團政策通知外地的分行及附

屬企業。

附表 2

第 22(2)

條

2.19 金融機構在香港以外地方的分行或附屬企業如因當地法律不准許而未能

遵守與根據附表2第2及3部施加的規定相類似的規定，金融機構必須 —

(a) 將有關不能遵從規定的情況通知有關當局；及

(b) 採取額外措施，以便有效地減低該分行或附屬企業因不能遵從該等規

定而面對的洗錢/恐怖分子資金籌集風險。

《有組

織及嚴

重罪行

條例》

及《販

毒（追

討得

益）條

例》第

2.20 如懷疑全部或部分財產直接或間接代表可公訴罪行的得益，一般應在產

生有關懷疑及在備存相關交易紀錄的司法管轄區內作出報告。不過，在

某些情況下（例如戶口設在香港或業務關係在香港接受管理），可能須

向財富情報組報告該等情況5，但只在《有組織及嚴重罪行條例》及《販

毒（追討得益）條例》第25(A)條適用的情況下才適用。

4 特別組織第22.1條重要準則規定「措施與本國規定協調一致」。 5 《有組織及嚴重罪行條例》第25(4)條指出可公訴罪行包括若在香港發生即會構成可公訴罪行的

外地行為。故此，在香港的金融機構如有關於洗錢的資料，不論該行為在哪裏發生，都應該

考慮要求財富情報組作出澄清及向該組報告。

18

25(A)條

19

第第第第3 3 3 3 章章章章 –––– 風險為本的方法風險為本的方法風險為本的方法風險為本的方法

引言

3.1 藉著風險為本的方法進行盡職審查及持續監察，是公認的打擊洗錢/恐怖分

子資金籌集的有效方法。風險為本的方法的一般原則是如客戶經評估為屬

於較高洗錢/恐怖分子資金籌集風險的客戶，金融機構應採取更嚴格的措施

去管理及減低該等風險，但如客戶屬於較低風險，則可相應地執行簡化措

施。

採用風險為本的方法的優點在於可以按照優先次序，以最具效益的方式分

配資源，從而令最大的風險可以得到最高度的關注。

一般規定

3.2 金融機構應視乎客戶的背景、與該客戶的業務關係及該客戶使用的產品、

交易或服務，採用風險為本的方法來決定盡職審查措施及持續監察程序的

應用程度，藉以令防止及減低洗錢/恐怖分子資金籌集的措施與已識別的風

險相稱。不過，該等措施必須符合打擊洗錢條例的法定規定。

採用風險為本的方法能使金融機構判斷對客戶採取相稱的管控及監督措

施中：

(a) 對直接客戶執行盡職審查的程度；用以核實任何實益擁有人及看似代

表客戶行事的任何人的身分的措施的程度；

(b) 對關係進行持續監察的程度；及

(c) 減低任何已識別風險的措施。

舉例來說，風險為本的方法可能需要對高度風險客戶（例如財產及資金來

源不清楚或需要設立複雜架構的個人（或法人實體））執行廣泛的盡職審

查。

20

金融機構應能夠向有關當局證明盡職審查及持續監察的應用程度，就客戶

的洗錢/恐怖分子資金籌集風險而言是合適的。

3.3 並無普遍接受的方法可用來訂明風險為本的方法的性質及應用程度。不

過，一個有效的風險為本的方法定必涉及在客戶層面對客戶的洗錢／恐怖

分子資金籌集風險進行識別及歸類，以及根據已識別風險設立合理措施。

一個有效的風險為本的方法可讓金融機構對它的客戶作出合理的業務判

斷。

風險為本的方法不是要阻止金融機構與客戶進行交易或與準客戶建立業

務關係，而是要協助金融機構有效地管理潛在的洗錢/恐怖分子資金籌集的

風險。

客戶接納/風險評估

3.4 金融機構可利用洗錢／恐怖分子資金籌集風險評級來評估個別客戶的洗

錢／恐怖分子資金籌集風險。

3.5 雖然沒有一組普遍接受的風險因素，以及沒有應用這些風險因素的單一種

方法，可用來斷定客戶的洗錢／恐怖分子資金籌集的風險評級，但亦建議

金融機構在評估時考慮以下因素：(i)國家風險、(ii)客戶風險、(iii)產品╱

服務風險及(iv)交付╱分銷渠道的風險。為免生疑問，下文所提供的例子

並非詳盡無遺。

1.1.1.1.國家風險國家風險國家風險國家風險

客戶居住在高風險的司法管轄區6或與該等司法管轄區有關連，例如：

6 有關沒有執行或沒有充分執行特別組織建議，或在其他方面面對較高風險的司法管轄區的導引

載於第4.15段。

21

(a) 被特別組織識別為缺乏執行打擊洗錢/恐怖分子分子資金籌集策略的

司法管轄區；

(b) 受到例如聯合國制裁、禁制或受制於其他類似措施的國家；

(c) 容易涉及貪污的國家；及

(d) 被認為與恐怖分子活動有密切聯繫的國家。

在評估與客戶有關的國家風險時，金融機構應考慮本地法例(《聯合國制

裁條例》、《聯合國（反恐怖主義措施）條例》)，及從聯合國、國際貨

幣基金組織、世界銀行、特別組織等取得的資料，以及金融機構本身或其

他集團實體（如金融機構隸屬某跨國集團）的經驗，這些經驗可能顯示其

他司法管轄區的弱點。

2.2.2.2.客戶風險客戶風險客戶風險客戶風險

以下例子中的客戶可能被認為涉及較低洗錢／恐怖分子資金籌集風險：

(a) 受僱或有來自合法來源的定期收益來源以支持所從事的業務活動的

客戶；及

(b) 客戶信譽，例如眾所周知、歷史悠久及有信譽的私人公司，並可從獨

立來源查核有關公司的紀錄，包括擁有權及控制權等資料。

不過，某些客戶基於本身性質及行為可能代表較高的洗錢／恐怖分子資金

籌集風險。這些因素可能包括：

(a) 客戶的公開概況顯示他們與政治人物或有聯繫；

(b) 關係的複雜程度，包括在無合法商業理由下使用法人架構、信託及使

用代名人及持票人股份；

(c) 要求使用保密號碼戶口或交易的保密程度不必要地高；

22

(d) 參與現金密集型業務；

(e) 產生資金╱資產的業務活動的性質、範疇及地點（考慮敏感或高風險

活動）；及

(f) 不輕易核實財富來源或擁有權(適用於高度風險客戶及政治人物)。

3.3.3.3.產品產品產品產品////服務風險服務風險服務風險服務風險

客戶所使用的產品或服務亦應加以考慮。高風險因素可能包括：

(a) 服務本身提供較多機會以匿名行事；

(b) 有能力匯集相關客戶╱資金；及

(c) 使用代存郵件或郵件轉發設施的能力。

4.4.4.4.交付交付交付交付╱╱╱╱分銷渠道的風險分銷渠道的風險分銷渠道的風險分銷渠道的風險

產品分銷渠道可能會改變客戶的風險狀況。這可能包括採用非面對面的開

戶方法的網上、郵寄或電話銷售渠道。透過代理或中介人進行的業務銷售

也可能會增加風險，因為客戶與金融機構之間的業務關係會變得間接。

持續覆核

3.6 識別較高風險客戶、產品及服務，包括交付渠道及地理位置，均非固定的

評估。評估將取決於情況怎樣發展，以及威脅如何演變，這些因素會隨時

間而改變。此外，雖然在開始建立客戶關係時就應進行風險評估，但就某

些客戶而言，必須待客戶已開始透過戶口進行交易，其全面的風險狀況才

會變得清晰，監察客戶交易及持續覆核遂成為一個設計合理的風險為本的

方法的基本元素。故此，金融機構可能需要不時或根據從主管當局獲取的

資料調整它對某個別客戶的風險評估，以及覆核適用於該客戶的盡職審查

及持續監察程度。

23

3.7 金融機構應定期覆核它的政策及程序，以及評估它的減低風險程序及管控

措施正有效運作。

記錄風險評估

3.8 金融機構應就本章涵蓋的風險評估備存紀錄及相關文件，以便向有關當局

證明（其中包括）：

(a) 它如何評估客戶的洗錢／恐怖分子資金籌集風險；及

(b) 基於該客戶的洗錢／恐怖分子資金籌集風險，所執行的盡職審查及持

續監察程度是合適的。

24

第第第第4444章章章章 ———— 客戶盡職審查客戶盡職審查客戶盡職審查客戶盡職審查

4.14.14.14.1 引言引言引言引言 ———— 客戶盡職審查客戶盡職審查客戶盡職審查客戶盡職審查

4.1.1 打擊洗錢條例對盡職審查措施加以界定(請參閱第4.1.3段) ，並且訂

明金融機構在何種情況下須執行盡職審查措施(請參閱第4.1.9段) 。

打擊洗錢條例指出金融機構可按具體情況從而採取額外措施(請參

考下文的更嚴格的盡職審查)或採取簡化的盡職審查措施。本章臚列

有關當局在這方面的期望，以及就達致此等期望的方法作出建議。

在切實可行的範圍內，本指引就如何遵守打擊洗錢條例規定和相關

的落實程序賦予金融機構一定程度的酌情權。

4.1.2 在盡職審查中所獲得的資料是一項重要工具，用以識辨是否有理據

去支持洗錢/恐怖分子資金籌集活動的知悉或懷疑。

附表2

第2條

4.1.3 以下是適用於金融機構的盡職審查措施：

(a) 利用從可靠及獨立來源取得的文件、數據或資料，去識別和核

實客戶的身分(請參閱第4.2段)；

(b) 如就客戶而言，有某實益擁有人，識別及採取合理措施去核實

該實益擁有人的身分，從而使該金融機構信納它知道該實益擁

有人為何人；如客戶屬法人或信託9，該等措施包括可使該金融

機構了解有關法人或信託的擁有權及控制權結構(請參閱第4.3

段)；

(c) 取得與該金融機構建立業務關係的目的及擬具有的性質（如有）

9 就本指引而言，信託是指明示信託或附有具法律約束力文件(例如信託契據或任何其他形式)的

任何類似安排(例如基金)。

25

的資料，除非有關目的及擬具有的性質是顯而易見的(請參閱第

4.6段)；及

(d) 如某人看似是代表客戶行事：

(i) 識別該人的身分，及採取合理措施，根據可靠及獨立來源

取得的文件、數據或資料，核實該人的身分；及

(ii) 核實該人代表客戶行事的授權(請參閱第4.4段) 。

4.1.4 打擊洗錢條例並無就「客戶」一詞的定義作出界定。其定義應根據

慣常意思及按業界的運作方式作出推斷。

4.1.4a 就保險業而言，“客戶”一詞指保險單持有人。

4.1.5 在決定甚麼才是核實實益擁有人的身分及甚麼才是了解法人或信

託的擁有權和控制權結構的合理措施時，金融機構應考慮和顧及個

別顧客本身及其業務關係在洗錢/恐怖分子資金籌集方面引致的風

險。金融機構應適當地考慮第3章所列述的措施。

4.1.6 對於來自沒有執行或沒有充分執行特別組織建議(請參閱第4.15段)

的司法管轄區的客戶，金融機構應採取均衡而合乎常理的做法。雖

然金融機構在該等情況下應格外謹慎，除非有關當局透過「書面通

知」施加一般或特定規定(請參閱第4.16.1段)，否則金融機構毋須拒

絕與該等客戶的業務往來，或是自動將他們歸類為高風險客戶，因

而使該等客戶接受更嚴格的盡職審查程序。反之，金融機構應衡量

個別處境下的所有情況，並且評估是否存在高於正常的洗錢/恐怖分

子資金籌集風險。

26

附表2

第1條

4.1.7 打擊洗錢條例對某人與金融機構之間的「業務關係」一詞的定義作

出界定，意思是指符合以下說明的業務、專業或商業關係:

(a) 延續一段時間是該關係的元素；或

(b) 在該人首次以該金融機構的準客戶身分接觸該機構時，該機構

期望延續一段時間是該關係的元素。

附表2

第1條

4.1.8 打擊洗錢條例對某人與金融機構之間的「非經常交易」一詞的定義

作出界定，意思是指金融機構與該機構沒有業務關係的客戶之間的

交易10。

附表2

第3（1）條

4.1.9 盡職審查規定適用於以下情況:

(a) 在建立業務關係之前；

(b) 在執行以下非經常交易之前11；

(i) 非經常交易總值涉及相等於120,000元或以上的款額，而不

論交易是以單一次操作執行，或是以該金融機構覺得是有

關連的若干次操作執行；或

(ii) 屬電傳轉帳的非經常交易總值涉及相等於8,000元或以上的

款額，而不論交易是以單一次操作執行，或是以該金融機

構覺得是有關連的若干次操作執行；

(c) 當金融機構懷疑客戶或客戶的戶口涉及洗錢/恐怖分子資金籌集

時12；或

(d) 當金融機構懷疑過往為識別客戶的身分或核實客戶的身分而取

得的資料是否真實或充分時。

10 請注意｢非經常交易｣不適用於保險及證券界。 11 舉例來說，非經常交易可包括電傳轉帳、貨幣兌換、購買銀行本票或禮劵。 12 此準則適用但不須考慮120,000元的門檻。

27

4.1.10 金融機構應提高警覺，留意一連串有關連的非經常交易達至或超越

電傳轉帳的8,000元的盡職審查門檻和其他各類交易的120,000元門

檻的可能性。如金融機構知悉交易款額達至或超越此等門檻，必須

執行全面盡職審查程序。

4.1.11 與非經常交易有聯連的因素取決於交易本身的特徵，舉例來說，如

在一段短時間內，支付數筆付款給予同一收款人，而該數筆款項的

資金是來自同一個或多個來源，或客戶定期將款項轉帳至一個或多

個目的地。在決定交易事實上是否有關連，金融機構應將此等因素

與進行交易的時間一併加以考慮。

4.2 4.2 4.2 4.2 識別和核實客戶身分識別和核實客戶身分識別和核實客戶身分識別和核實客戶身分

附表2

第2（1）（a）

條

4.2.1 金融機構必須參考由以下可靠及獨立來源提供的文件、數據或資

料，以識別和核實客戶的身分：

(a) 政府機構﹔

(b) 有關當局或任何其他有關主管當局﹔

(c) 在香港以外地方執行與有關當局或任何其他有關主管當局職能

相類似的職能的主管當局﹔或

(d) 有關當局認可的任何其他可靠及獨立來源13。

4.3 4.3 4.3 4.3 識別和核實實益擁有人的身分識別和核實實益擁有人的身分識別和核實實益擁有人的身分識別和核實實益擁有人的身分

附表2

第1及2（1）

4.3.1 實益擁有人通常是指最終擁有、控制客戶或由客戶代其進行交易或

活動的個人。關於個人客戶(即是並非以職務身分代表法人或信託

13 請參閱附錄A

28

（b）條

的自然人)，客戶本身通常就是實益擁有人。但是，金融機構仍須向

客戶查詢他是否代表他人行事。

4.3.2 當個人被識別為實益擁有人時，金融機構應設法向該實益擁有人收

集與個人客戶資料等同的資料。如這並非切實可行，最低限度應取

得該個人的姓名、國籍、出生日期及地址的資料。

4.3.3 根據打擊洗錢條例，客戶與實益擁有人的身分核實規定並不相同。

4.3.4 金融機構有責任依據它對洗錢/恐怖分子資金籌集風險作出的評估，

採取合理措施去核實實益擁有人的身分，從而使有關機構信納它知

道該實益擁有人為何人。

附表2

第1及2（2）

條

4.3.5 金融機構應識別客戶的所有實益擁有人的身分。在核實實益擁有人

的身分方面，除非存在附表2第15條提述的情況(「高度風險」)，打

擊洗錢條例規定金融機構採取合理措施去核實擁有或控制法團、合

夥或信託25%或以上投票權或股本的任何實益擁有人的身分。在附

表2第15條提述的高度風險的情況下，有關規定的門檻為10%14。

4.3.6 在信託方面，受益人可界定為可從信託中受益的某一類別人。如只

有某一類人可加以識別，有關金融機構應確立及指明該類人所涵蓋

的範圍(例如一名已知其姓名的個人的子女)，以及應制訂措施，在

金融機構知悉款項由信託戶口支付給受益人時，方便核實此等個人

的身分。

14 如根據附表2第15條，現有客戶被重新分類為高度風險客戶，倘存在通風報訊的情况，金融機

構可考慮延遲按照已提高的門檻(即由25%修改為10%)採取核實實益擁有人身分的合理措施。

29

4.4 4.4 4.4 4.4 識別及核實識別及核實識別及核實識別及核實看似代表客戶行事的人看似代表客戶行事的人看似代表客戶行事的人看似代表客戶行事的人的身分的身分的身分的身分

附表2

第2（1）（d）

條

4.4.1 如某人看似是代表客戶行事，金融機構必須：

(i) 識別該人的身分，及採取合理措施，根據以下來源所提供的文

件、數據或資料，核實該人的身分 ————

(A) 政府機構；

(B) 有關當局或任何其他有關主管當局；

(C) 在香港以外地方執行與有關當局或任何其他有關主管當局

職能相類似的職能的主管當局；或

(D) 有關當局認可的任何其他可靠及獨立來源；及

(ii) 核實該人代表客戶行事的授權。

附表2

第2（1）（d）

條

4.4.2 金融機構應取得書面授權（例如董事會的決議案及類似的授權書），

藉以核實看似代表客戶行事的個人獲授權這樣做。

4.4.3 有關金融機構應採取合理措施核實看似代表客戶行事的人的身分

（例如獲授權的帳戶簽署人及受委託人）。在可能範圍內，參考附

錄A所列的文件及其他方法。一般而言，金融機構應核實獲授權指

令調動資金或資產的人的身分。

4.44.44.44.4aaaa 關於保險單的特別規定關於保險單的特別規定關於保險單的特別規定關於保險單的特別規定

附表2

第11（1）條

4.4a 1 凡某保險單的保險單持有人指明或指定一名受益人或一名新受益

人，則保險機構須 —

(a) (如該受益人是藉姓名或名稱被指明的)記錄該受益人的姓名

或名稱；

(b) (如該受益人是藉描述(例如按特徵或類別)或其他方式(例如

按遺囑)被指定的)取得關於該受益人的足夠資料，以使本身

信納它可於下列時間(以較早者為準)確立該受益人的身分

30

—

(i) 在該受益人行使根據該保險單歸屬於該受益人的權益

時；或

(ii) 在該受益人按照該保險單的條款獲得付款( 如有多於一

次的付款，則指第一次付款) 時。

附表2

第11（2）條

4.4a.2 保險機構須在以下時間(以較早者為準)執行第4.4a.3及4.4a.4指明的

措施 —

(a) 在有關受益人行使根據該保險單歸屬於該受益人的權益時；

或

(b) 在按照該保險單的條款該受益人獲得付款(如有多於一次的

付款，則指第一次付款)時。

附表2

第11（3）（a）

條

4.4a.3 保險機構必須參考由可靠及獨立來源提供的文件、數據或資料，以

核實受益人的身分：

指明措施為 —

(a) 政府機構；

(b) 有關當局或任何其他有關主管當局；

(c) 在香港以外地方的主管當局，而它執行的職能，與有關當局

或任何其他有關主管當局的職能相類似；或

(d) 有關當局認可的任何其他可靠及獨立來源

附表2

第11（3）（b）

條

4.4a.4 如有關受益人為法人或信託 —

(i) 識別其實益擁有人；及

(j) (如在顧及該等實益擁有人的特別情況後，有高度的洗錢或恐

怖分子資金籌集風險)採取合理措施核實該等實益擁有人的

身分，以使有關金融機構知道該等實益擁有人為何人。

4.4a.5 如保險機構未能符合第4.4a.1至4.4a.4段所列明的規定，應考慮向財

富情報組提交可疑交易報告。

4.4a.6 保險機構如須根據保險單條款向客戶或受益人以外的人士或公司

支付款項，則亦須識別和核實獲建議收受這些款項的人士的身分。

31

4.4b4.4b4.4b4.4b關於關於關於關於再保險業的規定再保險業的規定再保險業的規定再保險業的規定

4.4b.1 再保險人應遵從載於附表 2 所指明有關客戶盡職審查及備存紀錄的

規定。再保險人應就其客戶，即分出保險人，進行客戶盡職審查措

施。

4.54.54.54.5身分的特徵及證據身分的特徵及證據身分的特徵及證據身分的特徵及證據

4.5.1 金融機構應明白無論是任何形式的身分證明文件，都不能完全保證

是真確的或是代表有關人士的真正身分，亦應明白某類文件較其他

文件易於偽造。如對任何獲得的文件有任何懷疑，金融機構應採取

切實可行及適當的步驟，以確定所獲得的文件是否真確，或曾否已

被報稱遺失或被竊。有關措施可包括搜尋可供大眾查閱的資料、與

有關部門接觸（例如透過入境處的熱線電話與該部門接觸），或是

要求有關客戶提供佐證。如仍未能消除疑慮，則不應接受該文件，

並且考慮應否向有關當局舉報。

如文件是以外語書寫，則金融機構應採取適當的步驟，從而令其有

合理理由信納該文件是有關客戶身分的證據。適當的步驟包括確保

評估該等文件的職員精通有關外語，或向合資格人士取得該等文件

的譯本。

4.4.4.4.6666 業務關係的目的及擬具有的性質業務關係的目的及擬具有的性質業務關係的目的及擬具有的性質業務關係的目的及擬具有的性質

附表2

第2（1）（c）

條

4.6.1 金融機構必須了解業務關係的目的及擬具有的性質。在某些情況

下，這是不言而喻的，但在許多情況下，有關金融機構或須取得這

方面的資料。

32

4.6.2 除非目的及擬具有的性質屬顯而易見，否則金融機構就開立戶口或

建立業務關係的擬有目的及理由方面，向所有新客戶索取令其滿意

資料，並把該等資料記錄在開戶文件內。視乎有關金融機構對該情

況的風險評估而定，可能有關連的資料包括:

(a) 業務/職業/僱傭的性質及詳情﹔

(b) 預期透過有關業務關係進行的活動的程度及性質(例如可能作

出的典型交易)﹔

(c) 客戶的所在地﹔

(d) 業務關係上所使用的資金的預期來源及源頭﹔及

(e) 最初及持續的財富及收入來源，例如取得近期及目前結單。

4.6.3 這項規定亦適用於非香港居民。雖然大部分非香港居民均基於完全

合法的理由與香港的金融機構建立業務關係，但有些非香港居民卻

可能存在較高的洗錢/恐怖分子資金籌集風險。金融機構應令其信納

有關非香港居民確有真誠的理由在香港建立業務關係。根據其風險

評估，金融機構應考慮對非香港居民持有的戶口採取更嚴格的盡職

審查及監察。

4.7 4.7 4.7 4.7 識別和核實身分的識別和核實身分的識別和核實身分的識別和核實身分的時間時間時間時間

一般規定

附表2

第3（1）條

4.7.1 金融機構必須在建立任何業務關係前或執行指明非經常交易前完

成盡職審查程序（例外情況載於第4.7.4段）。

附表2 4.7.2 如金融機構未能根據第4.7.1段完成盡職審查程序，則不可與有關客

33

第3（4）條戶建立業務關係或執行非經常交易，並且應評估其未能提供資料的

理據，以便知悉或懷疑是否有洗錢/恐怖分子籌集活動，並向財富情

報組提交報告。

在建立業務關係時延遲進行身分核實

4.7.3 在建立業務關係前應先取得客戶的識別資料（包括任何實益擁有人

的資料），以及關於業務關係的目的及擬具有的性質的資料。

附表2

第 3 （ 2 ） ,

（3）及（4）

（b）條

4.7.4 但是，在例外的情況下，金融機構可在建立業務關係後核實客戶及

任何實益擁有人的身分，只要：

(a) 所有延遲核實客戶或實益擁有人的身分而可能引致的任何洗錢

/恐怖分子資金籌集風險，已獲有效管理；

(b) 為對客戶的業務正常運作不造成干擾，如此行事是必需的；

(c) 在合理地切實可行的範圍內盡快完成有關核實；及

(d) 如未能在合理地切實可行的範圍內盡快完成有關核實，將會結

束該業務關係。

4.7.5 有需要對客戶的業務正常運作不造成干擾的情況現列舉如下：

(a) 證劵交易 — 證劵業內的公司或中介人可能須在與客戶聯

絡後十分短的時間內根據市況執行交易，因而須在完成身分核

實前執行交易；及

(b) 人壽保險業務 — 就識別和核實保險單內受益人而言，可能

須在與保險單持有人建立業務關係之後才識別及核實保險單

34

內受益人的身分。但在所有該等情況下，必須在付款時或之前，

或受益人擬行使根據該保險單歸屬於該受益人的權益時識別

及核實其身分。

4.7.5a 如保險合約是在辦公室以外的地方簽訂，則保險機構可能難以取得

個人客戶的身分證明文件副本。在這情況下，只要保險機構能有效

管理洗錢和恐怖分子資金籌集活動的風險，就可在建立業務關係後

才取得並保留該客戶的身分證明文件副本。在所有情況下，保險機

構都應在第4.7.8段所述的合理時限內，或在付款時或之前，以較早

者為準，取得並保留個人客戶的身分證明文件副本。

4.7.6 如客戶獲准在核實身分前運用業務關係，金融機構必須採取與延遲

核實身分的條件有關的適當風險管理政策及程序。此等政策及程序

應包括：

(a) 制定完成身分核實措施的時限﹔

(b) 規定高級管理層在等候完成身分核實措施期間監察該等業務關

係；

(c) 取得其他必需的盡職審查資料；

(d) 確保在合理地切實可行的情況下盡快核實身分﹔

(e) 告知客戶，金融機構在責任上因身分核實措施未能完成而終止

業務關係；

(f) 適當地限制在等候完成身分核實措施期間的交易次數及類別；

及

35

(g) 確保不支付客戶的資金予任何第三者（在完成身分核實前代表

客戶投資或存款除外）。在下述情況下，或可獲豁免15而可付款

予第三者：

(i) 沒有洗錢/恐怖分子資金籌集活動的懷疑；

(ii) 洗錢/恐怖分子資金籌集的風險評定屬於低度；

(iii) 交易經高級管理層批准，而高級管理層在批准進行交易前

已對業務性質作出考慮；及

(iv) 收款人的姓名/名稱與監察名單不吻合，例如恐怖分子嫌疑

人物及政治人物。

4.7.7 金融機構不得利用此等寬免措施去規避盡職審查程序，尤其是在以

下情況：

(a) 知悉或懷疑或有洗錢/恐怖分子資金籌集活動的情況；

(b) 察覺到令它們對客戶或實益擁有人的身分或意向有懷疑的事

宜；或

(c) 有關業務關係被評定屬較高風險。

未能完成身分核實

附表2

第3（4）（b）

條

4.7.8 身分核實應在一段合理時限內完成。如未能在該段時間內完成核

實，除非能合理解釋延遲核實的原因，否則金融機構應在合理地切

實可行的情況下盡快暫停或終止有關業務關係。合理時限的例子

是：

15 應注意有關例外情況不適用於保險業。

36

(a) 金融機構應在建立業務關係後不少於 30 個工作天內完成有關

核實；

(b) 如有關核實在建立業務關係後 30 個工作天內16仍未能完成，金

融機構應暫時中止與客戶的業務關係及避免進行進一步交易

(將資金在可行情況下退回資金來源則不在此限)；及

(c) 如有關核實在建立業務關係後 120 個工作天內仍未能完成，金

融機構應終止與客戶的業務關係。

《販毒 ( 追

討得益) 條

例》及《有

組織及嚴重

罪行條例》

第 25A 條及

《聯合國

( 反恐怖主

義措施) 條

例》第12條

4.7.9 金融機構應評估未能完成核實是否有理據令其知悉或懷疑有洗錢/

恐怖分子資金籌集情況，並考慮是否宜向財富情報組提交報告。

4.7.10 如在終止業務關係時已收到客戶的資金或其他資產，在可行的情況

下，金融機構應將有關資金或資產退回該等資金或資產的來源。一

般來說，這是指把資金或資產退回客戶/戶口持有人，可是這方法並

非經常可行。

4.7.11 金融機構應慎防洗錢/恐怖分子資金籌集的風險，因為這是可將資金

16 如屬地址證明，此期限可延長至90個工作天。

37

「轉變」的方法之一 (例如把現金轉為銀行本票)，。如客戶要求將

有關金錢或其他資產轉移給第三者，金融機構應評估此舉是否有理

據令其知悉或懷疑有洗錢/恐怖分子資金籌集情況，並考慮是否宜向

財富情報組提交報告。

確保客戶資料反映現況

附表2

第5（1）（a）

條

4.7.12 客戶的身分一經圓滿地核實，金融機構就沒有責任再執行身分核實

（除非對過往為識別客戶的身分而取得的資料是否真實或充分有

所懷疑）。但是，金融機構亦應不時採取步驟，以確保為遵從附表

2第2及第3條的規定而取得的客戶資料能反映現況及仍屬相關的。

為達此目的，金融機構應定期覆核客戶的現有資料。

若遇有觸發事件時，便是金融機構採取上述行動的適當時機。這些

觸發事件包括：

(a) 將進行一項重大交易17；

(b) 客戶戶口的操作模式18出現重大轉變

19；

(c) 金融機構對客戶文件的標準作出頗大的修訂；或

(d) 金融機構知悉有關客戶的資料並不足夠。

在所有情況下，金融機構應在其政策及程序中就決定覆核週期的因

素或何為觸發事件作出清晰界定。

17 ｢重大｣一詞並非必要與金錢的款額有關，可包括不尋常的交易或與有關金融機構對客戶的認

識不一致的交易。 18 應參考附表2第6條｢關於先前客戶的條文｣。 19 舉例來說，現有客戶申請開立新戶口可構成重大轉變。

38

4.7.12a • 在合約訂立後可能出現一些交易或事件，促使保險

機構仔細查證客戶的身分，例子如下：

(a ) 受益人有所更改 (例如加入非家庭成員，以及要

求把有關款項支付給並非受益人的人士 )；

(b ) 保額或保費顯著增加，以保險單持有人的收入

而言，增幅看來並不尋常；

(c ) 以現金交易及／或繳付大額整付保費；

(d ) 海外的有關方面以電匯方式繳款／辦理退保手

續；

(e ) 以銀行票據繳款，使進行交易人士的姓名可以

保密；

( f ) 保險單持有人及／或實益擁有人的地址及／或

居住地有所更改；

(g ) 就現有人壽保險合約進行一次性加保；

(h ) 一次過繳交個人退休金合約的供款；

( i ) 客戶要求保險機構預付有關的保險利益；

( j ) 以保險單作為抵押品／保證 ( 例如不尋常地把

保險單用作抵押品，除非清楚知道這是為向某

家聲譽良好的金融機構借取按揭貸款而須採取

的做法 )；

(k ) 保險利益的類別有所更改 ( 例如把繳款類別由

年金改為一次過繳款 )；

( l ) 提早退保或更改保險年期 ( 這樣做會招致罰款

或失去稅項寬減優惠 )；

(m) 在合約期滿時要求保險機構支付有關的保險利

益；

(n ) 保險機構知道其所持有的客戶及／或實益擁有

人的資料並不足夠；

(o ) 懷疑客戶進行洗錢及恐怖分子資金籌集活動；

或

(p ) 如客戶以來自某保險單的利益支付另一名與其

無關連的人士所持保險單的保費。

4.7.13 金融機構最低限度應每年對所有高度風險客戶（不動戶除外）的狀

況進行一次覆核，並在認為有需要時對有關狀況進行更頻密的覆

39

核，以確保備存紀錄反映現況及相關的盡職審查資料。但是，金融

機構應在其政策及程序中，清晰界定甚麼是不動戶。

4.4.4.4.8888 自然人自然人自然人自然人

識別

附表2

第2及第3條

4.8.1 就識別個人客戶及其他自然人的身分，包括法人的有關連者，金融

機構應收集以下資料以作識別：

(a) 法定姓名、任何從前使用的姓名及所使用的其他姓名；

(b) 住址（及永久地址，如兩者並不相同）；

(c) 出生日期；

(d) 國籍；及

(e) 身分證明文件的類別及號碼。

核實（香港居民）

附表2

第2（1）（a）

條

4.8.2 就香港永久居民，金融機構應參考他們的香港身份證，以核實個人

的姓名、出生日期及身份證號碼。金融機構應保存一份個人的身份

證副本。

4.8.3 至於在香港出生而年齡在12歲以下及無持有有效旅遊證件或香港

身份證的兒童，在核實身分時可參考他們的香港出生證明書。

每當與未成年人士建立業務關係時，應按照以上規定記錄及核實該

未成年人士的父母或代表或陪同該未成年人士的監護人的身分。

40

4.8.4 至於非永久居民，金融機構應參考他們的香港身份證，以核實他們

的身分，包括姓名、出生日期、身份證號碼。

金融機構應參考以下資料，以核實他們的國籍：

(a) 有效旅遊證件；

(b) 載有個人照片的相關國民(即由政府或國家發出)身份證；或

(c) 任何由政府或國家發出而可證實國籍的文件。

金融機構應保存上述文件的複本。

核實（非香港居民）

附表2

第2（1）（a）

條

4.8.5 至於有為身分核實目的而現身香港的非香港居民，金融機構應參考

他們的有效旅遊證件（例如未過期的國際護照），以核實他們的個

人姓名、出生日期、國籍及旅遊證件的類別及號碼。在此方面，金

融機構應保存一份載有持證人照片及個人資料的「個人資料頁」的

副本。

附表2

第2（1）（a）

條

4.8.6 至於沒有為身分核實目的而現身香港的非香港居民，金融機構應參

考以下資料，以核實有關人士的身分，包括姓名、出生日期、國籍、

身分證明文件或旅遊證件的號碼及類別：

(a) 有效旅遊證件；

(b) 載有有關個人照片的相關國民（即由政府或國家簽發）身分證；

或

(c) 載有個人照片的有效國家駕駛執照；或

41

(d) 附錄A所列載的任何其他證件。

附表2

第9條

4.8.7 關於以上第4.8.6段，如客戶沒有為身分識別目的而現身，金融機構

必須參考第4.12段的導引及執行附表2第9條的措施。

核實地址

4.8.8 由於地址是核實有關個人身分及背景的有用資料，金融機構應核實

與其建立業務關係的直接客戶的地址。

4.8.9 金融機構可採取風險為本的方法去決定是否需要核實實益擁有人、

與業務關係或交易攸關的相關個人、有關連者及非經常交易客戶的

地址。如有責任核實有關各方的地址，金融機構在顧及有關個人的

數目、實體的性質及當中的利益分布、任何業務的性質及範疇，以

及各人之間的合約或家族關係後，應採取合理措施去核實有關各方

的地址。

4.8.10 為免生疑問，代表信託建立業務關係或執行交易的信託受託人方視

為客戶，因此在直接客戶關係中的受託人的地址應加以核實。

4.8.11 核實住址的方法可包括取得以下資料：

(a) 在最近三個月內發出的公用事業帳單（流動電話帳單除外，因

該等服務與登記地址無關）；

(b) 最近由政府部門或機構發出的通訊（即最近三個月內發出

的）；

42

(c) 最近三個月內由認可機構發出的銀行結單；

(d) 金融機構的職員親自到訪該住址的紀錄；

(e) 與有關個人同住的直系家庭成員發出的信件，證實申請人居於

該香港地址、列示該直系家庭成員與申請人之間的關係，並且

連同該成員居於同一地址的證據（適用於無法提供用其本身姓

名的住址證明的人士，例如學生及家庭主婦）；

(f) 由香港的護養院、安老院或殘疾人士護理院發出而令金融機構

信納屬可靠及可證實申請人的居所的信件；

(g) 由香港的大學或學院發出而令金融機構信納屬可靠及可證實申

請人的居所的信件；

(h) 由稅務局適當加蓋釐印的香港租約；

(i) 由合適領事館蓋章的有效海外家庭傭工僱傭合約（I.D. 407），

當中的僱主姓名與申請人護照內的批註所載者相同；

(j) 由香港的僱主發出的信件及受僱證明。有關信件及證明令金融

機構信納屬可靠及可證實申請人的香港居所地址及可顯示預計

的受僱期限。如屬外來工人，則另須記錄有關工人在原居國家

的主要居所詳情；

(k) 律師的認購樓宇確定書或確認業權的法律文件；

(l) 非香港居民: 由政府發出的附有照片的駕駛執照或載有目前

居住地址的國民身分證或對等司法管轄區的銀行發出而令金融

機構信納當中的地址已獲核實的銀行結單﹔ 及

(m) 非香港居民: 獨立的海外電子數據源，例如搜尋海外的相關電

子選民登記冊（高度風險的業務關係及交易，只執行（m）項

規定並不足夠）。

43

4.8.12 金融機構或許未能經常採取上一段建議的任何方法，這點是可以理

解的。有關例子包括有些國家沒有郵遞服務，或是實際上並無街名，

而它們的居民是要依靠郵政信箱或僱主傳遞郵件的。有些客戶可能

無法提供符合上述標準的地址證明。在此等情況下，金融機構可因

應其風險程度，採取合乎常理的其他方法，例如向一位經核實為其

海外僱主的董事或經理索取信件，以證實所述客戶的海外住址（或

提供可找到當地住址的詳細指示）。

此外，亦有一些情況是客戶的住址只是臨時居所，因此無法提供正

常地址核實所需的文件，例如按短期合約聘用的外籍僱員。金融機

構應採取富彈性的程序，利用其他方法取得核實所需的資料，例如

僱傭合約的副本，或銀行或僱主的書面確認。在特別情況下，金融

機構應採取富彈性的手法（例如客戶是無家可歸者）。為免生疑

問起見，居於香港的人士或公司在香港註冊及/或營運的公司客戶，

只提供郵政信箱地址是不足夠的。

其他考慮因素

4.8.13 在大多數情況下，根據標準的核實規定行事是足夠的。但是，如基

於客戶的性質、業務、所在地或產品的特點等，客戶或產品或服務

被評為屬高度洗錢/恐怖分子資金籌集的風險，則金融機構應考慮是

否要求有關客戶提供額外的身分資料及/或須否採取額外的身分核

實措施。

4.8.14 附錄A載列一份獲有關當局認可供身分核實之用的獨立及可靠來源

的文件清單。

44

4.4.4.4.9999 法人法人法人法人

一般條文

4.9.1 這部分指引詳列金融機構在與除自然人外的客戶建立業務關係，或

執行高於指定門檻的非經常交易時應採取的措施，不論該交易是以

單一次操作執行，或是以多次操作執行。

4.9.2 至於法人，主要規定是要識別在客戶背後最終控制或實益擁有業務

或客戶的資產的人。金融機構一般會對該客戶的管理行使最終控制

權的人士倍加留意。

附表2

第2（1）（b）

條

4.9.3 在決定誰是法人的實益擁有人時（即客戶並非一名自然人），金融

機構的目標是要得知誰是擁有或控制法人的業務關係的人，或誰是

控制及管理基金內的任何法律實體的主腦。核實實益擁有人的身分

時，須依從第3章的指引使用風險為本的方法執行核實。

4.9.4 如擁有人是另一名法人或信託，則目標是要執行合理的措施，以識

別背後的法人或信託及核實實益擁有人的身分。就此而言，甚麽才

構成控制權須視乎有關機構的性質而定，可能是指毋須進一步獲授

權而受命管理基金、帳戶或投資的人。

附表2

第2（1）（b）

條

4.9.5 至於除自然人外的客戶，金融機構應確保它們充分了解客戶的法律

形式、結構及擁有權，並且應額外取得關於其業務性質的資料，以

及尋求有關產品或服務的理由，除非該等理由屬顯而易見。

45

附表2

第5（1）（a）

及6 條

4.9.6 金融機構應不時進行覆核，以確保所持有的客戶資料反映現況及屬

相關的。進行覆核的方法包括進行公司查冊、設法取得委任董事的

決議案副本、留意董事辭職，或是採取其他適當方法。

4.9.7 許多實體的互聯網址載有關於該等實體的資料。金融機構應留意有

關資料雖然有助提供它們可能需要的客戶、其管理層及業務方面的

資料，但該等資料是未經獨立核實的。

法團

識別資料

4.9.8 金融機構須按照以下基本規定取得資料，繼而根據洗錢/恐怖分子資

金籌集的風險，決定是否需要作進一步身分核實，並如有需要，決

定進一步核實身分的程度。金融機構亦應決定是否需要取得有關法

團的額外資料、其營運情況及其背後的個人的資料。

金融機構應取得及核實法團客戶的以下資料：

(a) 全名﹔

(b) 註冊日期及地點﹔

(c) 登記或註冊號碼；及

(d) 在註冊地點的註冊辦事處地址及主要業務/營運地點（如與註冊

辦事處地址不同）。

4.9.9 在核實第4.9.8段提及的客戶資料的過程中，金融機構亦應取得以下

46

資料20：

(a) 由在註冊地點的司法管轄區的公司註冊處簽發的公司註冊證書

或登記證書的複本；

(b) 公司組織章程大綱及細則的複本，以證明規管及約束公司的權

力；及

(c) 公司的擁有權及控制權結構詳情，例如擁有權架構表。

附表2

第2（1）（d）

條

4.9.10 除了記錄及採取合理措施核實該人的身分外，金融機構應取得董事

會的決議案或類似的書面授權（例如授權書），以核實看似代表

法團行事的個人確實獲授權如此行事。

4.9.11 金融機構亦應:

(a) 識別及記錄所有董事的身分及核實最少一名董事的身分。在金

融機構對有關公司的洗錢/恐怖分子資金籌集風險作出評估後，

有關金融機構可根據就自然人提供的導引，視乎情況而決定核

實更多董事的身分；及

(b) 識別及記錄所有實益擁有人的身分，以及採取合理措施核實以

下人士的身分：

(i) 所有持有25% 或以上（適用於正常風險的情況）/10%或以

上（適用於高度風險的情況）投票權或股本的股東﹔

(ii) 對法團的管理層作出最終控制的任何個人；及

(iii) 客戶代表的任何人。

20 所提供例子並非詳盡無遺。

47

4.9.12 金融機構應為在本港註冊的私人（即非上市）公司及在設有公眾公

司登記處的司法管轄區註冊的公司進行公司查冊及取得完整的查

冊報告21，藉以:

(a) 證實有關公司仍有註冊及未解散、清盤、停業或被除名﹔

(b) 獨立地識別及核實記錄在公司註冊地點的公司登記冊內的董事

及股東姓名﹔及

(c) 核實公司在公司註冊地點的公司註冊辦事處地址。

4.9.13 至於在未設有公眾公司登記冊的司法管轄區（例如英屬維爾京群

島）或只設有部分公眾公司登記冊的司法管轄區（例如百慕達）成

立的法團公司，金融機構則應取得一份由有關公司的當地註冊代理

人簽發的職權證明書（現任職位證明書）或等同文件22。

實益擁有人

附表2

第1條

4.9.14 就法團而言，打擊洗錢條例將實益擁有人的定義界定為：

(i) 符合以下說明的個人 —

(a) 直接或間接地擁有或控制(包括透過信託或持票人股份持有)

該法團已發行股本的不少於10%；

(b) 直接或間接地有權行使在該法團的成員大會上的投票權的

不少於10%，或支配該比重的投票權的行使；或

(c) 行使對該法團的管理最終的控制權；或

(ii) 如該法團是代表另一人行事是指該另一人。

21 另一辦法是金融機構向客戶取得一份公司的完整查冊報告的認證副本。 22 金融機構可接納在6個月內簽發的職權證明書（現任職位證明書）。

48

4.9.15 至於有多層擁有權結構的公司，金融機構可藉著取得的董事聲明，

顯示它們了解有關公司的擁有權及控制權結構及可完全識別有關

公司的中介層。該董事聲明已納入或附加擁有權圖表，而有關圖表

描述中介層的資料(例如公司名稱、註冊地點、註冊號碼、註冊日期

等)。此外，該董事聲明應能夠完全識別有關公司的實益擁有人，以

及詳述採用該公司結構的原因。

4.9.16 雖然核實有關公司的擁有權結構內中介公司的詳情並非金融機構

需例行執行的工作，但如公司的複雜擁有權結構(涉及多層擁有權、

不同司法管轄區、信託等的結構)並沒有明顯商業目的，則會提高風

險，金融機構因而可能需要採取進一步行動，以確保其有合理理由

信納實益擁有人的身分。

4.9.17 故此，是否需要核實有關公司擁有權結構內的中介公司層，主要視

乎金融機構對有關結構的全面了解、風險評估，以及在有關情況下

所取得的資料是否足夠令金融機構認為已採取充分措施去識別實

益擁有人的身分而定

4.9.18 如因擁有權太分散，金融機構應集中識別對該公司的管理行使最終

控制權的人士，並且採取合理措施核實該等人士的身分。

看似是代表客戶行事的人

附表 2 第

2(1)(d)條

4.9.19 附表2第2(1)(d)條規定金融機構須識別並採取合理措施來核實看似

是代表客戶行事的人23（例如獲授權的戶口簽署人）的身分。故基

23 這只適用於可發出指令調動屬於客戶的資金或資產的人士。

49

本要求是盡可能參照附錄A所載文件及其他方法核實該人的身分。

根據附表2第2(1)(d)(i)條，金融機構應識別該人及採取合理措施，依

照附表2第2(1)(d)(i)(A)至(C)條所提供的文件、數據或資料或有關當

局認可的可靠及獨立來源來核實該人的身分。金融機構有時會難以

核實客戶的全部簽署人，例如上市公司的獲授權簽署人名單可能頗

長（尤其是客戶的所在地不在香港）。在該等情況下，金融機構可

採取風險為本的方法，決定核實該人的身分的適當措施。舉例來說，

如要核實身為金融機構或上市公司24的客戶戶口的簽署人，而所涉

風險屬低度，金融機構可採取較簡化的方法來核實戶口簽署人的身

分。採取經金融機構或上市公司的部門或人士(例如合規、審計或人

力資源)核實的戶口簽署人的名單，而有關部門或人士是獨立於身分

須被核實的人，或足以顯示屬合理措施。

另一選擇就是按照附表2第18條使用中介人，這方法主要適用於境

外客戶，並可與縮短簽署人名單一併或分開考慮。

合夥及非法團團體

4.9.20 合夥及非法團團體雖然主要由個人或一組個人運作，但仍與個人有

別，因為當中涉及業務。此業務的洗錢/恐怖分子資金籌集風險狀況

很可能與個人的不同。

附表2第1條 4.9.21 就合夥而言，打擊洗錢條例將實益擁有人界定為：

(i) 符合以下說明的個人

24 應顧及第4.15段的建議。

50

(a) 直接或間接地有權攤分或控制該合夥的資本或利潤的不少

於10%；

(b) 直接或間接地有權行使在該合夥的投票權的不少於10%，或

支配該投票權的行使；或

(c) 行使對該合夥的管理最終的控制權；或

(ii) 如該合夥是代表另一人行事，指該另一人。

附表2第1條 4.9.22 就除合夥外的非法團團體而言，實益擁有人：

(i) 指最終擁有或控制該非法團團體的個人；或

(ii) 如該非法團團體是代表另一人行事，指該另一人。

4.9.23 金融機構應取得該合夥或非法團團體的以下資料：

(a) 全名；

(b) 業務地址；及

(c) 可對該合夥或非法團團體的管理行使控制權的全體合夥人╱主

事人的姓名，以及擁有或控制其資本或利潤或其投票權不少於

10%的個人的姓名。

如已存在正式的合夥安排，應取得合夥授權開立戶口及賦權有關人

士操作戶口的委託書。

4.9.24 與在香港經營業務的合夥或非法團團體建立業務關係時，金融機構

應核實註冊擁有人及經營者的身分。

51

4.9.25 金融機構有責任根據來自可靠及獨立來源的證據來核實客戶的身

分。如有關合夥或非法團團體為眾所周知、有信譽的組織，並在業

內歷史悠久，而且有大量有關其本身、其合夥人╱主事人及控制人

的公開資料，則確認該客戶是否具有相關專業或行業協會會員身

分，可能足以作為該客戶身分的可靠及獨立的證據。但金融機構仍

必須採取合理措施核實有關合夥或非法團團體的實益擁有人的身

分。

4.9.26 其他合夥及非法團團體會較為低調，其合夥人╱主事人的人數通常

亦不多。要核實該等客戶的身分，金融機構應首先考慮合夥人╱主

事人的人數。人數如相對較少，該客戶應被視為一集體；如人數較

多，金融機構須決定是否應繼續將該客戶視為一集體，或是否視相

關專業或貿易協會會員身分為可信納的證據。除非有適當的國家登

記冊記項可供查核，否則在上述任何一種情況下，金融機構均須取

得合夥契約（或如客戶為獨資經營者或其他非法團團體，則其他證

據），使其信納該實體的存在。

4.9.27 如客戶為會社、會所、社團、慈善組織、宗教組織、院校、友好互

助社團、合作社或公積金社團，金融機構應要求閱覽該等機構的組

織章程，藉以令其信納該等機構的合法目的。

信託

一般條文

4.9.28 信託並不具備獨立的法人資格。其本身無法與他人建立業務關係或

52

進行非經常交易。受託人會代表信託訂立業務關係或進行非經常交

易的受託人並被視為客戶（即受託人代表第三者 ———— 信託及與信託

有關的個人行事)。

附表2第1條 4.9.29 就信託而言，打擊洗錢條例將實益擁有人界定為：

(i) 有權享有信託財產的資本的既得權益的不少於10%的任何個

人，而不論該人是享有該權益的管有權、剩餘權或復歸權，亦

不論該權益是否可予廢除；

(ii) 該信託的財產授予人；

(iii) 該信託的保護人或執行人；或

(iv) 對該信託擁有最終控制權的個人（在受託人並非直接客戶的情

況下，則包括受託人）。

4.9.30 金融機構應收集由受託人（即客戶）代表其行事的信託的下列識別

身分資料：

(a) 信託名稱﹔

(b) 成立╱結算日期﹔

(c) 信託文書所載的司法管轄區，有關安排受該司法管轄區的法律

監管﹔

(d) 任何官方機構授予的識別號碼（如有）（例如報稅識別號碼或

慈善或非牟利團體登記號碼）﹔

(e) 受託人的身分證明資料 — 須符合有關的個人及法團導引﹔

(f) 財產授予人（包括最初的財產授予人及其後對信託授予資金的

53

人士）及任何保護人或執行人的身分證明資料 — 須符合有關

的個人及法團導引﹔及

(g) 已知受益人的身分證明資料。已知受益人指根據信託文書的條

款，被識別為在合理預期中可從信託資金或收益中獲益的人士

或該類別人士。

核實信託及倚賴受託人

4.9.31 金融機構應核實信託的名稱及成立日期，並取得適當證據，以核實

信託的存在、法律形式及參與各方，即受託人、財產授予人、保護

人和受益人等。如受益人已被界定，金融機構應盡可能識別其身

分，並制定措施，以便金融機構在知悉信託財產被分配時能核實受

益人的身分。如受益人尚未確定，金融機構應集中於識別財產授

予人及╱或信託為其利益而設立的該類別人士的身分。符合此要求

的最直接方法是覆核信託契據的適當部分。

核實信託的存在、法律形式及參與各方應盡可能透過覆核信託文書

的複本來進行。在該等情況下，金融機構應將證明信託存在及參與

各方的文書的刪節本存檔。如這並非合理地可行，在顧及所涉及的

洗錢/恐怖分子資金籌集風險後，可採取以下的合理措施來核實有關

資料，包括：

(a) 由以專業身分行事的受託人25簽發的書面聲明/確認書；或

(b) 由已覆核相關契約的律師發出的書面聲明/確認書。

上文(a) 及(b) 款所提及的人士必須符合附表2第18(3)條的規定。

25 就此而言，「以專業身分行事的受託人」是指他們在包含或包括提供信託管理服務(或某方面

的信託管理服務)的行業或業務的過程中管理信託。

54

為免生疑問，採取合理措施核實個別各方(即受託人、財產授予人、

保護人、受益人等)的真正身分仍是必要的。

4.9.32 金融機構應在知悉款項從信託戶口給予受益人時核實受益人的身

分。這包括直接付款予受益人及付款予受託人兩種情況。如情況為

後者，金融機構應確定有關款項是否擬支付予信託的受益人，若然，

則應蒐集核實該受益人身分的文件。

4.9.33 假如設立信託的司法管轄區沒有等同香港的打擊洗錢法例，金融機

構便應加倍留意。

其他考慮因素

4.9.34 附錄A載列一份獲有關當局認可供身分核實之用的的獨立及可靠來

源的文件清單。

4.10 4.10 4.10 4.10 簡化的客戶盡職審查簡化的客戶盡職審查簡化的客戶盡職審查簡化的客戶盡職審查（（（（簡化盡職審查簡化盡職審查簡化盡職審查簡化盡職審查））））

一般條文

4.10.1 打擊洗錢條例界定了何謂盡職審查措施，並訂明在何種情況下金融

機構必須執行盡職審查。簡化盡職審查是指無需執行全面盡職審查

措施，實際指金融機構無需識別及核實實益擁有人的身分。但是，

盡職審查的其他程序方面必須執行，而持續監察業務關係仍然是必

要的。金融機構必須有合理理據支持才可採用簡化盡職審查措施，

並可能須向有關當局證明這些理據。

55

附表 2 第

3(1)(d) 及 (e)

條、第4(1)、

(3)、(5)及(6)

條

4.10.2 不過，當金融機構懷疑客戶、客戶的戶口或其交易涉及洗錢/恐怖分

子資金籌集的活動，或當該金融機構懷疑過往為識別客戶的身分或

核實客戶的身分而取得的資料是否真實或充分時，均不得進行簡化

盡職審查，而不論有關客戶、產品及戶口類別是否屬下文第4.10.3、

4.10.16及4.10.18段所指者。

附表 2 第

4(3)條

4.10.3 打擊洗錢條例界定可對以下客戶進行簡化盡職審查：

(a) 打擊洗錢條例所界定的金融機構﹔

(b) 符合以下說明的機構 —

(i) 在對等司法管轄區成立或設立為法團或設立（請參閱第

4.20段）；

(ii) 經營的業務與金融機構所經營者相類似﹔

(iii) 設有措施，以確保與附表2所施加的規定相類似的規定

獲遵從﹔及

(iv) 在有否遵從該等規定方面，受到在該司法管轄區執行

與任何有關當局職能相類似的職能的主管當局監管﹔

(c) 在任何證券市場上市的法團（「上市公司」）﹔

(d) 投資公司，而負責就該投資公司的所有投資者執行與客戶盡職

審查措施相類似的措施的人屬 —

(i) 金融機構﹔

(ii) 符合以下說明的在香港或對等司法管轄區成立或設立

為法團的機構 —

i. 設有措施，以確保與根據附表2所施加的規定相類似的

56

規定獲遵從﹔及

ii. 在有否遵從該等規定方面，受到監管；

(e) 政府或香港的公共機構﹔或

(f) 對等司法管轄區的政府或在對等司法管轄區執行與公共機構

的職能相類似職能的機構。

附表2第4(2)

條

4.10.4 如在金融機構的客戶（不屬附表2第4(3)條所指者）在其擁有權結構

當中，有屬附表2第4(3)條所指的法律實體，該金融機構在與該客戶

建立業務關係或為其進行非經常交易時，無需識別或核實該法律實

體的實益擁有人的身分。但是，金融機構仍須識別在擁有權結構中

與該法律實體無關連的實益擁有人的身分，以及採取合理措施核實

其身分。

附表 2 第

2(1)(a)、 (c)

及(d)條

4.10.5 為免生疑問，金融機構仍必須按照本指引訂明的相關規定：

(a) 識別客戶的身分及核實該客戶的身分；

(b) 如將要與金融機構建立業務關係而有關目的及擬具有的性質

並不明顯，取得與金融機構建立業務關係的目的及擬具有的性

質的資料﹔及

(c) 如某人看似是代表客戶行事 —

(i) 識別該人的身分及採取合理措施核實該人的身分；及

(ii) 核實該人是否獲客戶授權代其行事。

本地及外地金融機構

附表 2 第 4.10.6 金融機構可對打擊洗錢條例所界定的金融機構客戶，或經營類似金

57

4(3)(a) 及 (b)

條

融機構所經營的業務的機構，並且符合附表2第4(3)(b)條所載列準則

的客戶進行簡化盡職審查。如客戶並不符合有關準則，金融機構必

須執行附表2第2條載列的所有盡職審查措施。

金融機構可對打擊洗錢條例所界定的金融機構客戶進行簡化盡職

審查。倘該客戶以代名人公司開立戶口，以代表第二名提述的金融

機構或資金的相關客戶持有資金，只要第二名提述的金融機構已對

相關客戶進行盡職審查，並根據合約文件或協議獲授權操作有關戶

口。

4.10.7 為確定有關機構已符合附表2第4(3)(a)及(b)條的準則，金融機構一般

只需核實該機構是否在有關司法管轄區的獲認可（及受監管）金融

機構名單內，便已足夠。

上市公司

附表 2 第

4(3)(c)條

4.10.8 金融機構可對在證券市場上市26的公司客戶執行簡化盡職審查。意

指金融機構無需識別上市公司的實益擁有人的身分。在所有其他情

況下，金融機構應遵循本指引第4.9段所載的法人盡職審查規定。

4.10.9 金融機構應識別及記錄全體董事的身分。金融機構可採用風險為本

方法，決定是否需要核實上市公司的任何董事的身分。

投資公司

附表 2 第 4.10.10 如金融機構能確定負責對投資公司的所有投資者執行與盡職審查

26 應參考第4.15段。

58

4(3)(d)條措施相類似措施的人屬附表2第4(3)(d)條所載的任何機構類別，金融

機構可對有關投資公司進行簡化盡職審查。

4.10.11 投資公司可為法人或信託形式，亦可為一集體投資計劃或其他投資

實體。

4.10.12 不論該投資公司是否根據其成立所在司法管轄區的管治法律，負責

對相關投資者執行盡職審查，如法律許可的話，投資公司可委任另

一機構（「獲委任機構」），例如受託人、管理人、過戶代理、過

戶登記處或保管人執行客戶盡職審查。如負責執行盡職審查的有關

人士(投資公司或獲委任機構)屬附表2第4(3)(d)條所載列的任何機構

類別，金融機構可對該投資公司進行簡化盡職審查，只要其信納該

投資公司已保證設有可靠的制度及管控措施，並以按照附表2所載

列規定對相關投資者執行盡職審查（包括識別及核實身分）。

4.10.13 為免生疑問，如投資公司或獲委任機構均不屬附表2第4(3)(d)條所載

列的任何機構類別，金融機構必須識別任何擁有或控制該投資公司

不少於10%權益的投資者的身分。除非該投資公司是由另一指定組

別人士為了私人用途而運作，如金融機構已恰當地考慮採取風險為

本的方法，可藉著負責執行盡職審查的投資公司或獲委任機構（視

情況而定）發出的書面陳述，列明據其實際所知，該投資者的身分

或該投資者並不存在(如適用)。如金融機構接納此等陳述，有關情

況須記錄下來、保存及定期作出覆核。根據陳述內容，如有投資者

擁有或控制超過25%權益，金融機構本身必須採取合理措施核實該

投資者身分。

59

政府及公共機構

附表 2 第

4(3)(e) 及 (f)

條

4.10.14 如客戶為香港政府、香港的任何公共機構、對等司法管轄區的政府

或在對等司法管轄區執行類似公共機構職能的機構，金融機構可對

該客戶進行簡化盡職審查。

附表2第1條 4.10.15 公共機構包括：

(a) 任何行政、立法、市政或市區議會﹔

(b) 政府的任何部門或政府承擔的任何事業﹔

(c) 任何地方或公共主管當局或任何地方或公共事業﹔

(d) 由行政長官或政府委任而不論有酬或無酬的各類委員會或其他

團體﹔及

(e) 根據或為施行任何成文法則而有權力以執行公務身分行事的各

類委員會或其他團體。

特定產品的簡化盡職審查

附表2第4(4)

及(5)條

4.10.16 如金融機構有合理理由相信客戶進行的交易與下列任何產品有關，

金融機構可對該客戶進行簡化盡職審查：

(a) 向僱員提供退休福利的公積金計劃、退休金計劃、退休計劃或

離職金計劃 (不論實際如何稱述)，而計劃的供款是從受僱工作

獲得的入息中扣減而作出的，且計劃的規則並不准許轉讓計劃

下的成員利益﹔

(b) 為公積金計劃、退休金計劃、退休計劃或離職金計劃(不論實際

60

如何稱述)的目的而購買、不載有退回條款及不可用作抵押品的

保險單﹔或

(c) 符合以下說明的人壽保險單 —

(i) 須繳付的每年保費不多於 8,000 元(或折算為任何其他

貨幣的相同款額 ) ﹔或

(ii) 須繳付的一筆整付保費不多於 20,000 元 (或折算為任

何其他貨幣的相同款額 )。

4.10.17 就第4.10.16段(a)項而言，金融機構可視僱主、受託人及可對業務關

係行使控制權的任何其他人士（包括管理人或計劃經理）為客戶。

如客戶為第4.10.16段(a)項所指的計劃，金融機構無需執行附表2第

2(1)(b)條的規定。意指金融機構一般無需識別該計劃實益擁有人(即

僱員)的身分及核實其身分。金融機構只需對本身客戶執行盡職審

查。

律師的當事人戶口

附表2第4(6)

條

4.10.18 如金融機構的客戶為律師或律師行，則金融機構無需識別該客戶所

開設的當事人戶口的實益擁有人的身分，但必須符合以下準則：

(a) 該當事人戶口以客戶的名義開設﹔

(b) 該戶口內客戶的當事人的金錢或證券已混合在一起﹔及

(c) 該戶口是由客戶以其當事人的代理人身分管理。

4.10.19 除對客戶執行正常的盡職審查外，當為律師或律師行開設當事人戶

口時，金融機構應確立該戶口的擬議用途，即用以持有匯集的客戶

61

資金或是某特定客戶的資金。

4.10.20 金融機構應取得證據以信納律師乃根據《法律執業者條例》（第159

章）有權在香港執業。金融機構可假設該律師設有可靠及適當的制

度去識別每名客戶的身分，以及可向相關客戶分配資金，從而對其

執行簡化盡職審查，除非他們知悉與律師或律師行的相反或負面資

料(例如負面的消息或受到律師會譴責)。

4.10.21 如當事人戶口是代表單一客戶開設，或每名個別客戶都開有一個附

屬戶口，以及資金並沒有匯集在金融機構內，則金融機構除了核實

開設戶口的律師的身分外，亦應識別相關當事人的身分。

4.11 4.11 4.11 4.11 高度風險的情況高度風險的情況高度風險的情況高度風險的情況

附表 2 第 15

條

4.11.1 附表2第15條指出金融機構在任何以性質而論屬可引致洗錢/恐怖分

子資金籌集的高度風險的情況下，必須採取額外措施以減低洗錢/

恐怖分子資金籌集的風險。考慮到已識別的洗錢/恐怖分子資金籌集

風險後，高度風險客戶的例子包括：

(a) 非香港居民客戶；

(b) 私人銀行服務；

(c) 法人或法律安排，例如用以擁有個人資產的公司作為信託；及

(d) 設有代名人股東或股本以持票人股份形式持有的公司。

應採取額外措施27或更嚴格的盡職審查措施，以減低洗錢/恐怖分子

27 額外措施應記錄在金融機構的政策及程序內。

62

資金籌集的風險。就說明目的而言，有關措施包括：

(a) 取得客戶的額外資料（例如有關連戶口或關係）及更頻密地更

新客戶狀況，包括身分證明的資料﹔

(b) 取得業務關係擬具有的性質(例如預期的戶口活動)、財富來源及

資金來源的額外資料﹔

(c) 取得高級管理層批准開展或繼續該關係﹔及

(d) 藉著增加執行管控措施的次數及時間，以及篩選需要進一步查

驗的交易模式，以加強監察業務關係。

4.124.124.124.12客戶沒有為身分識別的目的而現身客戶沒有為身分識別的目的而現身客戶沒有為身分識別的目的而現身客戶沒有為身分識別的目的而現身

4.12.1 金融機構必須對沒有為身分識別的目的而現身的客戶，進行相等於

其與客戶直接會面的同樣有效的客戶身分識別程序及持續監察標

準。如客戶不曾為身分識別的目的而現身，金融機構通常無法判斷

身分證明文件是否確實與相關客戶有關，因而存在更大的風險。

附表 2 第

5(3)(a) 及 9

條

4.12.2 打擊洗錢條例要求金融機構採取額外措施，以抵銷不曾為身分識別

目的而現身的客戶所涉及的風險。如客戶不曾為身分識別的目的而

現身，金融機構須執行以下最少一項措施以減低風險：

(a) 以附表2第2(1)(a)條提述的但不曾用於根據該條核實該客戶身分

的文件、數據或資料為基礎，進一步核實該客戶的身分，；

(b) 採取增補措施，核實該客戶提供的所有資料﹔

(c) 確保存入該客戶的戶口的第一次的存款，是來自以該客戶名義，

在認可機構或在對等司法管轄區經營的境外銀行開設的戶口；

63

而該司法管轄區須已設有措施確保與根據附表2施加的規定相

類似的規定獲遵從，以及在有否遵從該等規定方面，受到在該

司法管轄區的銀行監管局監管。

符合以上第4.12.2(a)及(b)段規定的措施包括取得經適合的證明人所

證明文件的複本。

適合的證明人及認證程序

4.12.3 金融機構可委聘適合的獨立證明人，以防範所提供的文件與正接受

身分核實的客戶不相符的風險。但是，為確使認證有效，證明人須

查閱文件正本。

附表 2 第 18

條

4.12.4 認證身分核實文件的適合證明人選可包括：

(a) 附表2第18(3)條指明的中介人﹔

(b) 在對等司法管轄區的司法人員﹔

(c) 發出身分核實文件的國家的大使館、領使館或高級專員公署的

人員﹔及

(d) 太平紳士。

4.12.5 證明人必須在文件的複本上簽署並寫上日期（在下方以大楷清楚列

示其姓名），並於當中清楚註明其職位或身分，以及提供其聯絡資

料。證明人必須說明該複本文件為正本文件的真確複本(或具類似效

力的字詞)。

64

4.12.6 金融機構仍須就未有執行訂明的盡職審查負有法律責任，所以在考

慮接納經認證的複本時必須審慎行事，特別是當有關文件來自被視

為涉及高風險的國家或來自任何司法管轄區的不受監管的實體。

在任何情況下，當金融機構未能確定認證文件的真確性，或懷疑有

關文件與客戶無關，金融機構應採取額外措施，以減低洗錢/恐怖分

子資金籌集的風險。

4.13 4.13 4.13 4.13 政治人物政治人物政治人物政治人物

背景

附表2第1及

10條

4.13.1 近年來國際間一直高度重視向擁有重要政治背景的人物或擔任重

要公職人員提供金融及商業服務所涉及的風險。然而，政治人物的

地位並不一定表示有關個人涉及貪污或曾因任何貪污行為而導致

入罪。

4.13.2 但是，該等政治人物的職務及職位使他們容易涉及貪污。如有關人

士來自外地國家，而當地政府及社會普遍存在賄賂、貪污及金融違

規的問題，風險便會更大。該等國家如沒有足夠的打擊洗錢/恐怖主

義資金籌集標準，風險形勢會更為險峻。

附表 2 第 15

條

4.13.3 根據打擊洗錢條例的法定釋義（參閱下文第4.13.5段），政治人物

只包括在中華人民共和國以外地方擔任主要公職的個人。至於本地

政治人物，憑藉他們所擔任的職位，亦可能出現高風險情況，故亦

應執行更嚴格的盡職審查。故此，金融機構應採用風險為本的方法，

以決定是否對本地政治人物執行下文第4.13.11段的措施。

65

附表2第1、

15 及 5(3)(c)

條

4.13.4 政治人物的法定釋義當然不排除國家次級政要。地區政府首長、地

區政府部長及大城市市長的貪污情況並非較不嚴重，因為某些司法

管轄區的國家級次人員可能接觸大量資金。如某客戶被識別為擔任

重要公職的國家次級人員，金融機構應適當地執行更嚴格的盡職審

查。這亦適用於經金融機構評估為具有較高風險的本地國家次級人

員。金融機構在判斷甚麼是重要公職時應考慮多項因素，例如具有

一般重大影響力的人士、對公共採購或國有企業等有重大影響力或

控制權的人士。

（（（（外地外地外地外地））））政治人物政治人物政治人物政治人物

附表2第1條 4.13.5 打擊洗錢條例將政治人物界定為：

(a) 在中華人民共和國以外地方擔任或曾擔任重要公職的個人 —

(i) 包括國家元首、政府首長、資深從政者、高級政府、司法

或軍事官員、國有企業高級行政人員及重要政黨幹事﹔

(ii) 但不包括第(i)節所述的任何類別的中級或更低級官員﹔

(b) 上文(a)段所指的個人的配偶、伴侶、子女或父母，或該名個人

的子女的配偶或伴侶﹔或

(c) 與(a)段所指的個人關係密切的人（請參悶第4.13.6段）。

附表2第1條

4.13.6 打擊洗錢條例將關係密切界定為 —

(a) 該人是與上文第4.13.5(a)段所述某人有密切業務關係的個人(在

首述個人屬某法人或信託的實益擁有人的情況下，包括同樣屬

66

該法人或信託的實益擁有人的個人) ﹔或

(b) 該人是屬某法人或信託的實益擁有人的個人，而該法人或信託

是為上文第4.13.5 (a)段所述某人的利益而成立的。

4.13.7 凡金融機構處理貪污所得款項，或處理非法轉移的政府、超國家或

援助資金的須面對聲譽及法律風險，包括可能因協助清洗犯罪所得

的得益而遭刑事檢控。

4.13.8 金融機構若知悉或懷疑將與某政治人物建立業務關係，可在業務關

係一開始的時候執行更嚴格的盡職審查並進行持續監察，以減低風

險。

附表 2 第

19(1)條

4.13.9 金融機構須設立及維持有效的程序(例如參考公開資料及/或與可得

知的商業資料庫核對)，以斷定某客戶或某客戶的實益擁有人是否政

治人物。這些程序應透過風險為本的方法，擴大至與客戶有關連的

人士。

4.13.10 金融機構可利用或參考某些專門化的國家、國際、非政府及商業組

織所發布的貪污風險的公開資料或相關的報告及資料庫，（例如

Transparency International按各國被認知的貪污水平排名的Corruption

Perceptions Index）以評估哪些國家最容易涉及貪污情況。

如客戶與之有業務聯繫的國家或該客戶之業務界別較容易涉及貪

污，金融機構應特別提高警覺。

附表 2 第 4.13.11 當金融機構知悉某客戶或某客戶的實益擁有人屬政治人物，則應(i)

67

5(3)(b) 及 10

條

在與該客戶建立業務關係之前或(ii)在維持現有的業務關係之前（如

其後才發現該客戶或實益擁有人屬政治人物，），執行下列更嚴格

的盡職審查措施：

(a) 取得其高級管理層的批准﹔

(b) 採取合理措施，確立該客戶或該實益擁有人的財富來源及資金

來源﹔及

(c) 按照所評估的風險就該段關係執行更嚴格的監察措施。

4.13.12 金融機構須按照所評估的風險決定採取其認為合理的措施，以確立

資金來源及財富來源。實際上，這一般涉及向政治人物取得資料，

並將有關資料與公開資料來源（例如資產與入息聲明）對照核實；

部分司法管轄區要求某些高級公職人員提交這類聲明，內容通常包

括官員的財富來源及當前商業利益等資料。但是，金融機構應注意，

並非所有聲明均為公開資料，而某政治人物客戶可基於合法理由拒

絕提供有關資料複本。金融機構亦應知悉，某些司法管轄區會對其

政治人物持有外地銀行戶口或擔任其他職務或受薪工作施加限制。

高級管理層的批准

4.13.13 打擊洗錢條例並無述明哪一個級別的高級管理層可批准建立或維

持與政治人物的業務關係，但金融機構應在審批過程中考慮金融機

構合規主任的意見，而政治人物的潛在敏感度越高，審批過程涉及

的人員級別就越應提高。

本地政治人物

68

4.13.14 就本指引而言，本地政治人物與政治人物所採用的釋義相同，但本

地政治人物是指在中華人民共和國擔任重要公職的個人或該個人

的家庭成員或與該個人關係密切的人。

4.13.15 金融機構應採取合理措施以斷定某個人是否屬本地政治人物。

附表 2 第

5(3)(c) 及 15

條

4.13.16 如知悉某個人屬本地政治人物，金融機構應進行風險評估，以斷定

該人是否涉及較高的洗錢/恐怖分子資金籌集風險。本地政治人物的

地位本身並非必然附帶較高風險。如金融機構評定某人士涉及較高

的洗錢/恐怖分子資金籌集風險，則應執行第4.11.1段所指明的更嚴

格的盡職審查及監察措施。

4.13.17 金融機構應為有關當局、其他主管當局及核數師保留評估複本；如

對該個人的活動一旦產生懷疑，當即覆核該人的有關評估。

定期覆核

4.13.18 關於經評估為涉及較高風險的外地政治人物及本地政治人物，他們

須最少每年接受覆核一次。金融機構應覆核客戶盡職審查資料，以

確保資料的相關性及能反映現況。

4.14.14.14.14444 持票人股份持票人股份持票人股份持票人股份

4.14.1 持票人股份指由持有實物股票的人所全資擁有的股本證券。發行法

團並無登記股份擁有人或追蹤擁有權的轉讓情況。股份擁有權的轉

讓只涉及交付實物文件。故此，持票人股份缺乏普通股的監管及管

控，因為其擁有權從來不作記錄。鑑於持票人股份涉及較高的洗錢

69

/恐怖分子資金籌集風險，特別組織要求容許法人可發行持票人股

份的國家採取適當措施，以確保有關股份不會被濫用作洗錢用途。

附表 2 第 15

條

4.14.2 爲了減低持票人股份被利用來隱藏實益擁有權資料的機會，金融機

構必須對股本中有持票人股份的公司採取額外措施，因為在此情況

下通常難以識別實益擁有人的身分。金融機構應採取程序以確立

該等股份的持有人及實益擁有人的身分，並確保即時獲得知會有關

持有人或實益擁有人的變動情況。

4.14.3 金融機構應覆核公司組織章程大綱及細則，以確定該公司是否可以

力發行該等股份。

4.14.4 最佳做法是金融機構去了解各個司法管轄區在持票人股份方面的

規定及慣例。舉例來說，許多司法管轄區要求將持票人股份存放於

註冊保管人（例如英屬維爾京群島、開曼群島）。這些資料可來自

公開資料，或便於參考的綜合形式，例如經濟合作與發展組織關於

稅務合作的年報，這提供了一個有關各司法管轄區對持票人股份規

定的分析。

4.14.5 持票人股份如已存放於認可╱註冊保管人，金融機構應尋求這方面

的獨立證據（例如註冊代理發出的認可╱註冊保管人持有持票人股

份的確認書、認可╱註冊保管人身分，以及有權享有股份所附帶權

利的人士的名稱及地址）。金融機構應取得證據以確定持票人股份

的認可╱註冊保管人，作為其持續定期覆核的一部。

70

4.14.6 股份如非存放於認可╱註冊保管人，金融機構應在開立戶口前及其

後每年取得每名持有相關股本10%或以上的實益擁有人發出的聲

明。鑑於持票人股份涉及較高的洗錢/恐怖分子資金籌集風險，金融

機構或可選擇採取較打擊洗錢條例所訂明者更高程度的減輕風險

措施，並取得每名持有相關股本5%或以上的實益擁有人發出的聲

明。金融機構亦應要求客戶即時知會有關股份擁有權的任何變動情

況。

4.14.14.14.15555 沒有執行或沒有充分執行特別組織的建議或引致較高風險的司法管轄區沒有執行或沒有充分執行特別組織的建議或引致較高風險的司法管轄區沒有執行或沒有充分執行特別組織的建議或引致較高風險的司法管轄區沒有執行或沒有充分執行特別組織的建議或引致較高風險的司法管轄區

4.15.1 金融機構應特別注意下述情況，並應格外審慎：

(a) 與來自沒有執行或沒有充分執行特別組織建議的司法管轄區的

人士(包括法人及其他金融機構)的業務關係及交易﹔及

(b) 與評估為較高風險的司法管轄區有關連的交易及業務。

基於金融機構就上述任何一種情況的風險評估，附表2第15條的規

定可能適用。除確定及記錄建立業務關係的商業理據外，金融機構

亦須完全信納該等客戶的資金來源的合法性。

4.15.2 在斷定哪個司法管轄區沒有執行或沒有充分執行特別組織的建議

或可能在其他方面存在較高風險時，金融機構應考慮（其中包括）：

(a) 有關當局向金融機構發出的通函；

(b) 是否該司法管轄區或在其區內有大量的個人或實體是否受到

例如由聯合國等組織所實施的制裁、禁令或類似措施的約束。

71

此外，基於某些組織的地位或某些措施的性質，金融機構亦可

能需要在某些情況下相信一些由與聯合國相似但未被全球公

認的組織所實施的制裁或措施；

(c) 該司法管轄區是否被一些可靠消息來源識別為缺乏適當打擊洗

錢/恐怖主義資金籌集活動的法律、法規和其他措施；

(d) 該司法管轄區是否被一些可靠消息來源識別為向恐怖分子提供

資金或支持恐怖活動，以及有指定恐怖主義組織在其境內運作；

及

(e) 該司法管轄區是否被一些可靠消息來源識別為有嚴重程度的貪

污或其他犯罪活動。

「可靠資料來源」是指由一些廣為人知和有良好聲譽的組織所提供

及被廣泛流傳的資訊。除特別組織及其區域性組織以外，這些來源

可包括（但並不限於）超國家或國際組織例如國際貨幣基金組織，

由不同的財富情報組所組成的埃格蒙特集團及有關的政府組織和

非政府機構。由這些可靠消息來源提供的資訊並沒有相同於法律或

規例的效用，亦不應被視為決定風險較高的當然因素。

金融機構應注意在沒有執行或沒有充分執行特別組織建議的司法

管轄區，或已知在防止洗錢/恐怖分子資金籌集方面標準較低的其他

司法管轄區開展業務時潛在的信譽風險。

如在香港成立為法團的金融機構於該等司法管轄區設有營運單位，

該金融機構便應特別謹慎，確保這些營運單位實施有效的防止洗錢

/恐怖分子資金籌集的管控措施。金融機構尤其應確保這些境外營運

72

單位採用等同香港的政策及程序。此外，香港總辦事處的職員亦應

對境外營運單位進行合規及內部審計查核。

4.14.14.14.16666 有關當局的書面通知有關當局的書面通知有關當局的書面通知有關當局的書面通知

附表 2 第 15

條

4.16.1 如特別組織提出要求（可能包括強制執行更嚴格的盡職審查或採取

針對措施28）或在其他獨立於特別組織但卻被視為屬較高風險的情

況下，有關當局可透過書面通知：

(a) 對金融機構施加一般責任，要求採取更嚴格的盡職審查措施；

或

(b) 要求金融機構採取書面通知內所指或所述的特定針對措施。

更嚴格的盡職審查╱針對措施的類別與風險性質及╱或缺乏程度

是相稱的。

4.14.14.14.17777 依賴中介人執行依賴中介人執行依賴中介人執行依賴中介人執行客戶盡職審查客戶盡職審查客戶盡職審查客戶盡職審查

一般條文

附表 2 第 18

條

4.17.1 在不抵觸附表2第18條所載列的準則下，金融機構可藉著中介人執

行附表2第2條所指明的任何部分的盡職審查措施。但是，確保符合

盡職審查規定的最終責任仍由金融機構承擔。

為免生疑問，在以下情況不宜倚賴中介人：

(a) 外判或代理關係，即代理人按照合約安排代金融機構執行其

28 關於嚴重缺乏執行特別組織建議的司法管轄區，以及如改善進度未如理想，特別組織可能建

議執行針對措施。

73

盡職審查職能。在該情況下，該外判或代理乃視作等同於金

融機構（即有關過程及文件均屬於金融機構本身）；及

(b) 金融機構之間代客戶處理的業務關係、戶口或執行的交易。

實際上，對第三者的倚賴往往來自同一金融服務集團裏的另一成員

的介紹，或在某些司法管轄區則透過另一金融機構或第三者介紹。

4.17.1a 獲授權保險人、獲委任保險代理人及獲授權保險經紀，均有責任遵

從載於附表２所指明有關客戶盡職審查的規定。然而，保險代理人

及經紀，通常是在保險人認識、獲介紹或獲轉介客戶前，最先與客

戶接觸的人士。

保險人可透過其獲委任保險代理人執行客戶盡職審查措施，然而這

保險人仍然就未有執行客戶盡職審查措施負有法律責任。保險人應

信納其獲委任保險代理人有充分程序以防止洗錢及恐怖分子資金

籌集，即是：

(a) 保險代理人的客戶盡職審查程序，應與保險人為客戶進行的程

序同樣嚴格;及

(b) 保險人必須信納該保險代理人所設立的制度是可靠的，以遵從

載於附表2所指明有關客戶盡職審查的規定。

如果客戶是通過保險經紀介紹予保險人，保險人可以根據附表2第

18(1) 條，藉著該經紀進行任何客戶盡職審查措施。在這種情況下，

第4.17.2至4.17.7段都必須遵守。

附表 2 第

18(1) 及

18(4)(b)條

4.17.2 金融機構必須取得中介人的書面確認，表示：

(a) 它同意履行該職責；及

(b) 它將應要求沒有延誤地提供它在代表金融機構執行盡職審查

74

措施過程中取得的任何文件或紀錄的複本。

金融機構必須確保如其在打擊洗錢條例的備存紀錄規定中所列明

的期間對該中介人作出要求時，會在接獲該要求後，在合理地切實

可行的範圍內，盡快向金融機構提供該中介人在執行該盡職審查措

施時取得的任何文件的複本、數據或資料的紀錄。

4.17.3 金融機構須取得令人信納的證據，以確認中介人的地位及資格。該

等證據可包括中介人監管機構所提供的佐證或中介人所提供有關

其地位、規定、政策及程序的證據。

附表 2 第

18(4)(a)條

4.17.4 藉著中介人執行盡職審查措施的金融機構須在該中介人執行該措

施之後，立刻從該中介人取得該中介人在執行該措施時取得的數據

或資料，但本段並沒有規定金融機構須同時從該中介人取得該中介

人在執行該措施時取得的文件的複本、數據或資料的紀錄。

4.17.5 這些文件及紀錄如由中介人備存，金融機構須向中介人取得承諾，

在金融機構與有關客戶的業務關係持續期間，以及由有關業務關係

終止的日期起計的6年期間內，或直至有關當局可能指明的有關時

間，備存所有相關的盡職審查資料。金融機構亦須向中介人取得承

諾，在中介人即將結業或不再以中介人身分代金融機構行事的情況

下，提供所有相關的盡職審查資料的複本。

4.17.6 金融機構應不時進行抽樣測試，以確保中介人會應要求盡快提供盡

職審查的資料及文件。

75

4.17.7 金融機構如對中介人的可靠性產生懷疑，當即採取合理步驟覆核該

中介人履行其盡職審查職責的能力。金融機構如欲終止與中介人的

關係，則應立即向中介人取得所有的盡職審查資料。如金融機構對

中介人先前執行的盡職審查措施有任何懷疑，則須在合理地切實可

行的範圍內，盡快執行所需的盡職審查措施。

本地中介人

附表 2 第

18(3)(b)條

4.17.8 金融機構可倚賴認可機構、持牌法團、獲授權保險人、獲委任保險

代理人或獲授權保險經紀執行任何部分的盡職審查措施。

附表 2 第

18(3)(a)條

附表 2 第

18(5)條

4.17.9 金融機構亦可倚賴以下類別的本地中介人：

(a) 在香港執業的律師；

(b) 在香港執業的執業會計師；

(c) 在香港執業的香港特許秘書公會的現行會員；及

(d) 根據《受託人條例》第VIII部註冊並在香港經營信託業務的信

託公司，

只要該中介人可令金融機構信納其本身有充分程序以防止洗錢/恐

怖分子資金籌集的活動。

讓金融機構倚賴這些中介人的安排（並未在符合打擊洗錢/恐怖主義

資金籌集規定方面受監管），在打擊洗錢條例的生效日期起計的 3

年後失效。

76

海外中介人

附表 2 第

18(3)(c)條

4.17.10 金融機構只可倚賴符合以下說明的在對等司法管轄區經營業務或

執業的海外中介人：

(a) 屬下列任何一類業務或職業：

(i) 經營與第4.17.8段所述的金融機構所經營的業務相類似的

業務的機構﹔

(ii) 律師或公證人；

(iii) 核數師、專業會計師或稅務顧問；

(iv) 信託或公司服務提供者；及

(v) 經營信託業務的信託公司；

(b) 按該司法管轄權的法律規定，須根據該司法管轄權的法律註冊

或領牌或受規管；

(c) 已有措施確保遵從與附表2所施加的規定相類似的規定；及

(d) 在遵從該等規定方面，受到該司法管轄權主管當局監管，而該

主管當局所執行的職能，與有關當局的職能相類似。

4.17.11 要符合上述本地及海外中介人的規定，金融機構或須：

(a) 覆核該中介人在打擊洗錢/恐怖主義資金籌集方面的政策及程

序；

(b) 查詢該中介人的聲譽及監管紀錄，以及任何集團的打擊洗錢/

恐怖主義資金籌集標準的應用及審核程度；或

(c) 尋求外聘核數師或其他專家對該中介人之獨立覆核的程序。

77

4.14.14.14.18888 先前客戶先前客戶先前客戶先前客戶

對先前客戶應用打擊洗錢條例及指引

附表2第6條 4.18.1 當有以下情況，金融機構必須對先前客戶（於2012年4月1日打擊洗

錢條例生效前與之建立業務關係的客戶）執行附表2及本指引所指

明的盡職審查措施：

(a) 有關乎該客戶的交易發生而該交易憑藉其款額或性質屬異乎尋

常或可疑的；或該交易不符合金融機構對該客戶、客戶的業務

或風險狀況或客戶的資金來源的認知；

(b) 該客戶的戶口的操作模式出現相當程度的轉變；

(c) 金融機構懷疑該客戶或該客戶的戶口涉及洗錢/恐怖分子資金籌

集；或

(d) 金融機構懷疑過往為識別客戶的身分或核實客戶的身分而取得

的資料是否真實或充分。

4.18.2 觸發事件可包括把不動戶重新活躍起來或某戶口的實益擁有權或

控制權有變，但金融機構將需考慮其本身客戶及業務特有的其他觸

發事件。

4.18.2a 就合約訂立後可能出現一些交易或事件，促使保險機構仔細查證客

戶的身分的例子，可參考第4.7.12a段。

附表2第5條 4.18.3 金融機構須注意，附表2第5條所述的持續監察規定亦適用於先前客

戶（請參閱第5章）。

78

4.14.14.14.19999 禁用匿名戶口禁用匿名戶口禁用匿名戶口禁用匿名戶口

附表 2 第 16

條

4.19.1 金融機構不得為任何新客戶或現有客戶開立或維持匿名戶口或以

虛構的姓名或名稱開立或維持戶口。如存在設有保密號碼的戶口，

金融機構必須以完全符合打擊洗錢條例規定的方式維持有關戶口。

金融機構必須按照本指引妥為識別及核實該客戶的身分。在所有情

況下，不論關係是否牽涉保密號碼戶口，金融機構必須向已獲適當

授權的合規主任、其他適當的人員、有關當局、其他主管當局及核

數師提供識別及核實客戶身分的紀錄。

4.4.4.4.20202020 司法管轄司法管轄司法管轄司法管轄區的區的區的區的對等對等對等對等

一般條文

附表 2 第

4(3)(b)(i) 、

4(3)(d)(iii)、

4(3)(f) 、

9(c)(ii) 、

18(3)(c)條

4.20.1 司法管轄區的對等及斷定是否對等是在打擊洗錢條例下採取盡職

審查措施的一個重要環節。舉例來說，附表2第4條限制對在對等司

法管轄區成立或設立為法團及經營的業務與金融機構所經營者相

類似的外地機構採取簡化盡職審查。第18條則限制金融機構只可藉

著在對等司法管轄區執業或經營業務的境外中介人執行盡職審查

措施。

4.20.2 根據打擊洗錢條例，對等司法管轄區是指：

(a) 屬特別組織的成員的司法管轄區（香港除外）；或

(b) 施加與類似附表2所施加的規定的司法管轄區。

斷定司法管轄權是否對等

4.20.3 故此，就司法管轄區的對等目的而言，金融機構或須自行評估及斷

79

定，除特別組織成員以外，哪個司法管轄區其規定與附表2所施加

的規定相類似。這樣做時，金融機構須將其對該司法管轄區的評估

記錄在案，有關評估或包括下列考慮因素：

(a) 是否某司法管轄區地區小組成員表明承諾打擊洗錢/恐怖分子

資金籌集，並備有適當的法律和監管制度以支持該承諾的司法

管轄區方獲接納為成員。如某司法管轄區為該小組的成員，金

融機構在評估該司法管轄區是否可能「對等」時可視之為一項

支持因素；

(b) 相互評估報告 — 倍加注意特別組織、執行與特別組織相類似

職能的地區組織、國際貨幣基金組織及世界銀行所進行的評估

工作。金融機構應注意相互評估報告只在有關「時間點」適用，

並應如此詮釋；

(c) 特別組織透過國際合作觀察小組 (International Co-operation

Review Group)程序發布的缺乏執行打擊洗錢/恐怖主義資金籌集

策略的司法管轄區名單；

(d) 有關當局不時發出的忠告通函，提醒金融機構哪些司法管轄區

在管控打擊洗錢/恐怖主義資金籌集方面表現欠佳；

(e) 專門化的國家、國際、非政府及商業機構發布的司法管轄區、

實體及個人名單，而名單內的司法管轄區、實體及個人所牽涉

或據稱牽涉的活動令人對於它們在打擊洗錢/恐怖主義資金籌

集方面的誠信產生懷疑，例如Transparency International按各國被

認知的貪污水平排名的Corruption Perceptions Index；及

(f) 第4.15段就「沒有執行或沒有充分執行特別組織建議或在其他方

面面對較高風險的司法管轄區」提供的導引。

80

4.20.4 金融機構各自根據特定情況作出有關司法管轄區的對等與否的判

斷，而高級管理層亦須就該判斷負責。故此，斷定某一司法管轄區

是否屬對等的理由（屬特別組織成員的司法管轄區除外）必須在作

出決定時記錄在案，且有關決定是根據相關及最新的資訊作出。評

估紀錄及所考慮因素應予以保留，供監管審查及定期覆核之用，以

確保反映現況及有效。

81

第第第第5555章章章章 ———— 持續監察持續監察持續監察持續監察

一般條文

附表 2

第 5(1)

條

5.1 有效的持續監察措施對了解客戶的活動至為重要，它不但是有效的打擊

洗錢/恐怖主義資金籌集系統中一個不可缺少的部分，亦有助金融機構了

解客戶及偵察異常或可疑活動。

金融機構須藉以下措施，持續監察與客戶的業務關係：

(a) 不時覆核根據附表2第2及第3條取得的關於客戶的文件、數據及資

料，以確保該等文件、數據及資料反映現況及仍屬相關的；

(b) 監察客戶的交易活動(包括現金及非現金交易)，以確保它們與客戶的

業務性質、風險狀況及資金來源相符。異乎尋常的交易活動模式可

能與該客戶的預期交易模式不相符，或與所提供產品或服務類別應

涉及的正常業務活動不相符；及

(c) 識辨複雜、大額或異乎尋常的交易，或無明顯經濟或合法目的之交

易模式；這些都可能顯示洗錢及／或恐怖分子資金籌集的活動。

5.2 未能執行持續監察可能會導致金融機構被罪犯利用，也會令人對該金融

機構的制度及管控措施，或對其管理層的審慎程度、誠信或是否合適及

妥當產生疑問。

5.3 金融機構應考慮監察的可能特徵包括：

(a) 交易性質及類別(例如不尋常金額或頻密程度)；

82

(b) 一連串交易的性質(例如多次現金存款)；

(c) 任何交易的金額，尤其須關注特別大額的交易；

(d) 付款╱收款的地點；及

(e) 該客戶的正常活動或營業額。

5.4 與客戶的業務關係基礎隨時間過去會發生變化，金融機構對此應提高警

覺。這些變化可在以下情況下發生：

(a) 推出較高風險的新產品或服務；

(b) 客戶設立新法團或信託架構；

(c) 客戶的僱傭情況或其他情況發生變化；

(d) 客戶的既定活動或營業額有變或增多；或

(e) 交易性質轉變、交易量或交易規模變大等。

5.5 業務關係如發生重大的基本變化，金融機構應採取進一步的盡職審查程

序，以確保充分了解所涉及的洗錢/恐怖分子資金籌集風險及業務關係的

基本情況。持續監察程序必須考慮到上述的變化。

5.6 金融機構向財富情報組提交報告時應對業務關係進行適當覆核，以及視

乎情況更新盡職審查資料。這有助金融機構評估合適的持續覆核及監察

水平。

5.7 金融機構應確保任何從客戶會議、討論或其他通訊方式取得的資料在客

戶紀錄中記錄及備存，而該等資料是更新附表2第2及第3條所規定的盡

職審查紀錄所需的重要資料。

83

採用風險為本的方法進行監察

5.8 監察程度應與客戶的風險狀況掛鈎，而有關風險狀況是按照第3章所述

的風險評估作出判斷。最有效的做法是將資源集中於洗錢／恐怖分子資

金籌集風險較高的業務關係上。

附表 2

第 5(3)

條

5.9 金融機構必須採取額外措施以監察涉及較高風險的業務關係。金融機構

須對高風險關係（例如涉及政治人物的業務關係）進行更頻密及加強的

監察。在監察高風險情況時，金融機構應：

(a) 判斷本身是否備有足夠的程序或管理資訊系統，為相關人員（例如

合規主任、洗錢報告主任、前線職員、客戶經理及保險代理人）提

供適時的資訊，包括因執行更嚴格的盡職審查措施或其他額外措施

而取得的任何關連戶口或客戶關係的資訊；

(b) 判斷如何監察較高風險客戶的資金、財富及收益來源，以及如何記

錄有關情況的任何變化；及

(c) 就盡職審查資料、活動及交易每年進行獨立覆核。

方法及程序

5.10 在考慮甚麼是監察客戶的交易及活動的最佳方法時，金融機構應考慮下

列本身的因素包括：

(a) 業務的規模及複雜程度；

(b) 就業務所產生的洗錢／恐怖分子資金籌集風險的評估；

(c) 系統及管控措施的性質；

84

(d) 滿足其他業務需要的現存監察程序；及

(e) 產品及服務的性質（包括交付或溝通途徑）。

金融機構可考慮的以下方法：

(i) 透過特殊報告，通知主管╱營業經理對大額交易進行覆核；

(ii) 透過特殊報告，通知合規主任、洗錢報告主任或其他合適人員

與某些預定準則吻合的客戶及交易；及

(iii) 使用電腦化的交易監察系統。

附表 2

第

5(1)(c)

條

5.11 如發現複雜、大額或異乎尋常的交易，或並無明顯經濟或合法目的之交

易模式，金融機構應查驗該等交易的背景、目的及情況（如適合）。這

些查驗的發現及結果應以書面方式記錄在案，藉以為有關當局、其他主

管當局及核數師提供協助。備存有關決策、決策人，以及決策理由的妥

善紀錄，將有助金融機構證明已適當地處理異常或可疑活動。

《販毒

（追討得

益）條例》

及《有組

織及嚴重

罪行條

例》第

25A(5) 及

《聯合國

5.12 該等查驗可包括詢問客戶問題 — 即一個合理的人在該等情況下憑常

識會提出的問題。該等憑誠信適當地進行的查詢並不構成通風報訊（參

閱：< http://www.jfiu.gov.hk/eng/suspicious_ask.html>）。這些查詢直接與

盡職審查的規定掛鈎，並反映出在偵察異常或可疑活動中「認識你的客

戶」的重要性。該等查詢及查詢結果應以書面方式記錄在案，藉以為有

關當局、其他主管當局及核數師提供協助。如有任何懷疑情況，必須向

財富情報組報告。

85

（反恐怖

主義措

施）條例》

第 12(5)

條

5.13 客戶如提出現金交易（包括存款及提款）及轉帳給第三者，而該等要求

與該客戶的已知合理慣例並不相符，金融機構必須審慎處理有關情況，

並作出進一步的相關查詢。如金融機構未能信納任何現金交易或第三者

轉帳為合理交易，並因此認為有可疑，則應向財富情報組作出可疑交易

報告。

86

第第第第6666章章章章 –––– 金金金金融制裁及恐怖分子資金籌集融制裁及恐怖分子資金籌集融制裁及恐怖分子資金籌集融制裁及恐怖分子資金籌集

金融制裁及擴散資金籌集

6.1 香港的金融制裁制度適用於所有人，而非只限於金融機構。

《聯合國

制裁條

例》第3(1)

條

6.2 《聯合國制裁條例》授權行政長官訂立規例，以執行聯合國安全理事會

所決定的制裁，並指明或指定相關的人及實體。

6.3 這些制裁通常禁止直接或間接為某指定人士的利益或財物提供任何資金

或經濟資源或處理屬於該指定人士的任何資金或經濟資源。

6.4 有關當局向所有金融機構分發根據《聯合國制裁條例》刊登於政府憲報

的指定名單。

6.5 雖然根據香港法律，金融機構一般並無任何責任關注其他司法管轄區的

其他組織或主管當局發出的名單，但經營國際業務的金融機構仍須注意

該等司法管轄區的相關金融╱貿易制裁制度的範疇及重點。如這些制裁

可能對金融機構的業務構成影響，則金融機構應考慮這會對其程序引致

甚麼影響，例如考慮監察有關人士，以確保不會向名列某外地司法管轄

區制裁名單的人士支付款項或接收來自該等人士的款項。

《聯合國

制裁條

例》下的

適用規例

6.6 行政長官可就禁令批予特許，准許向《聯合國制裁條例》的指定人士提

供資金及經濟資源。尋求有關特許的金融機構應向商務及經濟發展局提

出書面申請。

恐怖分子資金籌集

6.7 恐怖分子資金籌集一般指進行牽涉資金的交易，而有關資金由恐怖分子

擁有或曾經或意圖用於協助作出恐怖主義行為。打擊洗錢制度先前並無

87

明確涵蓋這點，該制度著重處理犯罪得益，即資金來源才是重點關注所

在。在恐怖分子資金籌集方面，重心在於資金的終點或用途，而有關資

金可以是從合法來源取得的。

安理會第

1373(2001

)號決議

6.8 聯合國安全理事會已通過聯合國安全理事會(「安理會」)第1373(2001)號

決議，要求全體成員國採取行動，防止和遏制恐怖分子資金籌集行為。

安理會反恐怖主義委員會就實施關於恐怖主義的安理會決議發出的指引

載於www.un.org/Docs/sc/committees/1373/，供各方查閱。

安理會

第

1267(1999

)號決議；

第 1390

(2002) 號

決議；第

1617(2005

)號決議

6.9 聯合國亦已根據相關的安理會決議 (例如安理會第1267(1999)號、第

1390(2002)號及第1617(2005)號決議)公布因涉及烏薩馬本拉登、亞蓋達組

織和塔利班組織而遭受聯合國金融制裁的個人及組織的名單。聯合國全

體成員國根據國際法律均須凍結名列該名單的任何法人的資金及經濟資

源，並且就任何與該名單吻合的可疑姓名/名稱向有關當局報告。

6.10 《聯合國（反恐怖主義措施）條例》(第575章) 於2002年制定，以實施安

理會第1373號決議的強制性內容及特別組織的特別建議。

《聯合國

（反恐怖

主義措

施）條例》

第6條

6.11 保安局局長獲權凍結懷疑是恐怖分子的財產，並可指示除根據特許的授

權外，任何人不得處理該已凍結的財產。如違反此項規定，最高可被判7

年監禁及未指定金額的罰款。

6.12 《聯合國（反恐怖主義措施）條例》第6條主要賦予保安局局長行政權力，

凍結懷疑恐怖分子的財產，凍結期可長達兩年，期間有關當局可向法院

申請法令沒收該財產。這項行政凍結機制令保安局局長一旦接到在香港

88

的懷疑恐怖分子財產的情報，即可採取凍結行動。

《聯合國

（反恐怖

主義措

施）條例》

第 8 及 14

條

6.13 除根據保安局局長批予的特許的授權外，任何人不得向恐怖分子或與恐

怖分子有聯繫者提供任何資金或金融服務，亦不得為該人的利益而提供

該等資金或服務。如違反此項規定，最高可被判14年監禁及未指定金額

的罰款。

6.14 《聯合國（反恐怖主義措施）條例》第8條對凍結本身並無影響。除根據

保安局局長批予的特許的授權外，該條文禁止任何人在知道某人是或有

合理理由懷疑某人是恐怖分子或與恐怖分子有聯繫者的情況下，向該人

直接或間接提供任何資金或金融服務，以及禁止為該人的利益而直接或

間接提供該等資金或金融服務。

《聯合國

（反恐怖

主義措

施）條例》

第6(1)條

6.15 保安局局長可就禁令批予特許，准許將已凍結的資金及經濟資源解凍，

並容許根據《聯合國（反恐怖主義措施）條例》，向指定人士支付款項，

或為該人的利益而支付款項。尋求有關特許的金融機構須向保安局提出

書面申請。

《聯合國

（反恐怖

主義措

施）條例》

第4(1)條

6.16 如某人被聯合國安全理事會委員會指定為恐怖分子，而他的資料詳情其

後根據《聯合國（反恐怖主義措施）條例》第4條在政府憲報公告中刊登，

有關當局會向所有金融機構分發該指定名單。

《大規模

毀滅武器

(提供服務

的管制)條

例》第4條

6.17 根據第526章《大規模毀滅武器(提供服務的管制)條例》第4條，如某人向

他人提供任何服務，而該人基於合理理由相信或懷疑該等服務可能與大

規模毀滅武器擴散有關，即屬犯罪。提供服務被廣泛界定為及包括借出

款項或以其他方式提供金融資助。

89

6.18 金融機構有不少途徑可以借鑒參考，包括海外主管當局的相關指定名

單，例如美國政府根據相關行政命令制訂的指定名單。有關當局可不時

促請金融機構注意該等指定名單。

金融機構故應確定其有適當系統，藉以與相關名單核對及確保名單反映

現況，以達篩查的目的。

數據庫備存及篩查（客戶及付款）

6.19 金融機構應採取措施，確保遵守打擊恐怖分子資金籌集的相關法規及法

例。金融機構及它們的職員應充分了解本身的法律責任，以及職員應獲

提供充足導引及培訓。金融機構須設立打擊恐怖分子資金籌集的政策及

程序。識別可疑交易的制度及機制應涵蓋恐怖分子資金籌集及洗錢事宜。

6.20 金融機構應能夠識別涉及恐怖分子嫌疑人物及指定人士的交易，以及就

該等交易作出報告，這點至為重要。為此，金融機構須確保備存記錄恐

怖分子嫌疑人物及指定人士名稱及詳細資料的數據庫，綜合所知的各種

名單的資料。金融機構亦可另作安排，查閱由第三者服務供應商備存的

數據庫。

6.21 金融機構須確保數據庫已收錄相關的指定名單。該數據庫尤其應收錄政

府憲報刊登的名單及根據美國行政命令第13224號指定的名單。每當資料

有變化時，該數據庫亦應及時更新，讓職員易於查閱，從而識別可疑交

易。

6.22 對金融機構的整個客戶群持續進行全面篩查，是防止恐怖分子資金籌集

及違反制裁規定的一項基本的內部管控措施。篩查方式應如下：

a) 在建立關係當時，根據當時的恐怖分子及制裁指定名單對客戶進行篩

查；及

90

b) 其後當有關當局刊登新的恐怖分子及制裁指定名單後，應在切實可行

的範圍內，盡快根據新的指定名單對整個客戶群進行篩查。

6.23 金融機構需設有若干篩查付款指示的措施，以確保不會向指定人士支付

款項。金融機構對於可疑的電傳轉帳指示尤須提高警覺。

6.24 如出現值得懷疑的情況，金融機構應在建立業務關係或處理交易前，盡

可能執行更嚴格的查核。

6.25 有關篩查及任何結果應記錄在案或以電子方式記錄，顯示已符合上文第

6.22至6.24段的規定。

6.26 如金融機構根據香港的金融制裁法例，或因懷疑有恐怖分子資金籌集或

違反制裁規定的情況而凍結資金，則必須向財富情報組作出報告。如金

融機構懷疑某項交易與恐怖分子有關，也須向財富情報組作出報告。如

該項交易因其他理由看似可疑，即使沒有證據證明與恐怖分子直接有

關，也應該向財富情報組作出報告，因該項交易其後可能會顯露出與恐

怖分子有關連。

91

第第第第7777章章章章 ———— 可疑交易報告可疑交易報告可疑交易報告可疑交易報告

一般事項

《販毒

（追討得

益）條例》

及《有組

織及嚴重

罪行條

例》第

25A(1)條

及《聯合

國（反恐

怖主義措

施）條例》

第12(1)

條

7.1 根據《販毒（追討得益）條例》及《有組織及嚴重罪行條例》第25A條，

任何人如知悉或懷疑財產是代表販毒得益或可公訴罪行的得益而沒有

作出披露，即屬犯罪。同樣地，根據《聯合國（反恐怖主義措施）條例》

第12條，任何人如知悉或懷疑某財產是恐怖分子財產而沒有就該等財產

作出披露，亦屬犯罪。根據《販毒（追討得益）條例》及《有組織及嚴

重罪行條例》，任何人如沒有就其所知悉或懷疑作出報告，最高可被

判監禁3個月及罰款50,000元。

《販毒

（追討得

益）條例》

及《有組

織及嚴重

罪行條

例》第

25A(2)條

7.2 向財富情報組提交報告，可就報告中所披露的洗錢／恐怖分子資金籌集

罪行的作為，為金融機構提供法定免責辯護，只要：

(a) 該報告是在金融機構作出所披露作為之前作出，而該作為（交易）

是得到財富情報組的同意的；或

(b) 該報告是在金融機構作出所披露作為（交易）之後，由金融機構主

動及在合理範圍內盡快作出的。

92

及《聯合

國（反恐

怖主義措

施）條例》

第12(2)

條

《販毒

（追討得

益）條例》

及《有組

織及嚴重

罪行條

例》第

25A(5)條

及《聯合

國（反恐

怖主義措

施）條例》

第12(5)

條

7.3 向任何人士透露任何可能會對調查工作有影響的資訊(通風報訊) ，即屬

犯罪。如告之客戶已作出報告，這會影響調查工作，因而已犯罪。

7.4 知悉或懷疑一旦確立，下列一般性原則應予應用：

(a) 如懷疑存在洗錢／恐怖分子資金籌集的情況，即使金融機構沒有進

行交易，亦沒有交易透過金融機構進行，也必須作出披露27；

27 舉報責任要求任何人舉報懷疑洗錢／恐怖分子資金籌集的情況，而不論所涉金額。《販毒（追

討得益）條例》及《有組織及嚴重罪行條例》第25A(1)條及《聯合國（反恐怖主義措施）條例》

93

(b) 在首次確定有關懷疑後，必須在切實可行範圍內盡快作出披露；及

(c) 金融機構必須確保已設有內部管控及制度，以防止任何董事、高級

人員及僱員觸犯向涉及披露的有關客戶或任何其他人通風報訊的罪

行。金融機構亦應該小心，向客戶作出的查詢不能理解為已發生通

風報訊的情況。

7.5 盡職審查及持續監察措施提供了辨認異常與可疑交易及事宜的基礎。識

別可疑活動的一個有效方法是去充分了解客戶、他們的情況及預期的正

常活動；一旦某項交易或指令，或連串交易或連串指令變得異常，即可

識別出來。

7.6 金融機構必須確保已為職員28提供充足導引，在顧及職員可能遇到的交

易及指令性質、產品或服務類別及交付方式（即不論為當面或遙控交

付），讓職員在發生洗錢／恐怖分子資金籌集情況時即產生懷疑或能辨

別出來。這也使職員能識別及評估相關資料，以判斷某項交易或指令在

該等情況下是否可疑。

知悉與懷疑的比較

7.7 金融機構有責任在知悉或懷疑存在洗錢／恐怖分子資金籌集情況下作

出舉報。一般而言，知悉可能包括：

(a) 實際知悉；

第12(1)條所述的舉報責任適用於「任何財產」。根據這些條文，只要產生懷疑即確立舉報責任，

而無需考慮交易本身。因此，不論某項交易事實上有否進行（並涵蓋試圖進行的交易），舉報

責任亦都適用。 28 就第7章而言，職員包括獲委任保險代理人。

94

(b) 知悉一個合理的人會認為是事實的情況；及

(c) 知悉某些會令合理的人提出查詢的情況。

7.8 懷疑是較為主觀。懷疑是個人的，並且缺乏確鑿的證據作證明。

7.9 因可用於犯罪活動的交易類別不勝其數，故難以斷定甚麼會構成可疑交

易。

7.10 關鍵在於充分了解該客戶的業務，從而辨別某項交易或連串交易是否異

常，以及透過查驗有關異常狀況，辨別是否有可疑的洗錢／恐怖分子資

金籌集情況。如某項交易在金額、來源、目的地或類別方面與已知的客

戶合法業務或其個人活動等不一致，該項交易應視為異常，金融機構因

而應提高警覺。

[[[[財富情財富情財富情財富情

報組報組報組報組

「「「「SAFESAFESAFESAFE」」」」

方法方法方法方法]]]]

7.11 如金融機構就某項活動或交易進行查詢並取得它認為屬可信納的解

釋，則可斷定沒有懷疑的理由，故不再採取進一步行動。但是，如金融

機構進行的查詢未能取得有關該活動或交易的可信納的解釋，則可斷定

為有懷疑的理由，並必須作出披露（請參閱： <

http://www.jfiu.gov.hk/eng/suspicious_ask.html>）。

7.12 對知悉或懷疑的人而言，他無需知道涉及洗錢的相關犯罪活動的性質，

或資金本身是否確實從犯罪而來。

7.13 以下列出在某些情況下可能會產生可疑交易的例子（非詳盡無遺）：

95

(a) 無明顯合法目的及╱或看來沒有商業理據的交易或指令；

(b) 明顯過於繁複或不構成最合理、方便或安全的商業方式的交易、指

令或活動；

(c) 如客戶要求的交易，在沒有合理解釋的情況下，超出一般要求的正

常服務範圍，或超出有關該特定客戶的金融服務業務的經驗；

(d) 在沒有合理解釋的情況下，交易規模或模式與先前已建立的任何模

式不相符；

(e) 如客戶拒絕提供所要求的資料而沒有合理解釋，或拒絕配合盡職審

查及╱或持續監察程序；

(f) 在沒有合理解釋的情況下，已建立業務關係的客戶只為某單一交易

或在某段極短的期間利用該段關係；

(g) 廣泛使用信託或離岸結構產品，而在當時情況下該客戶使用該等服

務並不切合其本身需要；

(h) 在沒有合理解釋的情況下，在高風險司法管轄區29進行轉帳往來，

與該客戶已宣布的業務交易或權益並不相符；及

(i) 與第三者或透過第三者戶口進行不必要的資金或其他財產的調度

往來。

有關甚麼可能構成可疑交易的其他例子載於附件I及附件II。這些例子並

非詳盡無遺，僅旨在提供一些有關洗錢的最基本方法的例子。但是，識

別上文或附件I及附件II所列示的任何一類交易之後，金融機構應及時作

進一步調查，這至少可促使對有關資金來源作出初步查詢。

29 有關斷定何謂高風險司法管轄區的導引載於第4.15段。

96

金融機構也應注意到，個別交易當中的環節可能顯示資金涉及恐怖分子

資金籌集活動。特別組織已就金融機構如何偵察恐怖分子資金籌集事宜

發出導引30。金融機構要熟悉該導引中所載的特點，按標題歸類為：(i)

戶口；(ii)存款及提款；(iii)電傳轉帳；(iv)客戶或其身分的特色；以及(v)

與值得關注的地點掛鈎之交易。

7.14 《販毒（追討得益）條例》、《有組織及嚴重罪行條例》及《聯合國（反

恐怖主義措施）條例》禁止金融機構、其董事、人員及僱員就某份正向

財富情報組報告的可疑交易報告或相關資料作出披露。金融機構在與客

戶建立關係或進行非經常交易的過程中，其作出盡職審查職責時存在著

無意中向客戶通風報訊的風險。

客戶察覺到可能作出可疑交易報告或調查的情況，會對日後進行的可疑

洗錢／恐怖分子資金籌集調查有所影響。故此，如金融機構懷疑有洗錢

／恐怖分子資金籌集的交易，在執行盡職審查程序時必須考慮通風報訊

的風險。金融機構應確保其僱員在進行盡職審查時必須察覺此等敏感性

問題。

舉報時間及方式

7.15 當金融機構知悉或懷疑某財產代表犯罪得益或恐怖分子財產，必須在切

實可行情況下盡快向財富情報組作出披露31。現強烈推薦有關金融機構

使用標準表格，或註冊用戶可使用電子渠道「STREAMS」32。有關報告

方法及建議的其他詳情，可於www.jfiu.police.gov.hk查閱。如須作出緊急

30 可在特別組織網站查閱，網址為http://www.fatf-gafi.org/dataoecd/39/21/34033955.pdf。 31 披露的目的是要履行第7.1段所列述的責任。如金融機構欲舉報罪行，應直接向香港警務處舉

報。 32 STREAMS是一個協助接收、分析及發放可疑交易報告的網絡平台，尤其推薦須頻繁作報告的

金融機構使用STREAMS。其他詳情可向財富情報組索取。

97

披露，特別是當有關戶口是一宗正在進行的調查的一部分，這必須在披

露中述明。如情況特殊而須作出緊急披露，可考慮初步以電話通知。

7.16 在擬作交易看似可疑的情況下，可在可疑交易或活動發生前作出披露

（而不論該擬作交易最終有否成事），或如某項交易或活動僅在事後才

看似可疑，則可在該交易或活動完成後始作披露。於活動或交易完成後

作出的披露，不可作為取代原應於該交易或活動處理或完成前作出的報

告。

《販毒

（追討得

益）條例》

及《有組

織及嚴重

罪行條

例》第

25A(1)

條、《聯

合國（反

恐怖主義

措施）條

例》第

12(1)條

7.17 金融機構必須視提交披露為當務之急，並同時確保有關披露本身為全面

及有意義。法律規定金融機構須將該項知悉或懷疑所根據的任何事宜連

同披露一併提交。客戶如已指示金融機構移動資金或其他財產、結束戶

口、安排現金備取或對業務關係作出重大變動，則尤其需要立即作出披

露。如為大量移動資金或其他財產或收取現金，金融機構應在資金或其

他財產被移走或現金被取走前，緊急聯絡財富情報組。

內部報告

7.18 金融機構應委任一名洗錢報告主任作為報告可疑交易的中央聯絡點。一

98

般來說，洗錢報告主任有責任以持續形式查核金融機構是否備有政策及

程序，以確保符合法律及法規的規定，以及負責檢測有關合規情況。在

此方面採取的措施的類別及範圍，應與洗錢／恐怖分子資金籌集風險及

業務規模配合。

7.19 金融機構應確保洗錢報告主任在機構內有足夠的地位及充足資源來履

行職能。

《販毒

（追討得

益）條例》

及《有組

織及嚴重

罪行條

例》第

25A(4)

條、《聯

合國（反

恐怖主義

措施）條

例》第

12(4)條

7.20 鑑於洗錢報告主任可充分查閱所有相關文件及接觸其他各方，他有責任

考慮所接收到的一切內部披露。但是，洗錢報告主任不應僅被動地接收

可疑交易的專案報告。反之，洗錢報告主任應積極參與識別及報告可疑

交易。這也應該包括定期覆核特殊報告、大額或非常規交易報告，以及

職員作出的專案報告。為履行該等職能，所有金融機構必須確保洗錢報

告主任得到全體職員的充分合作及可完全查閱所有相關文件，讓他能夠

判斷是否存在值得懷疑或知悉的任何試圖進行或實質的洗錢／恐怖分

子資金籌集情況。

7.21 洗錢報告主任如未能盡職地考慮所有相關材料，可導致重要資料被忽

略，以致未能按照法例規定向財富情報組披露可疑交易或活動或試圖進

99

行的可疑交易或活動。。另一方面，此亦可導致重要資料被忽略，以致

所披露其實是不必要的。

7.22 金融機構應設立及維持程序以確保：

(a) 全體職員均知悉洗錢報告主任的身分及作出內部披露報告時應依

循的程序；及

(b) 所有披露報告必須送達洗錢報告主任，不得出現無故延誤。

7.23 即使金融機構可能有意建立內部制度，讓職員向洗錢報告主任發送報告

前先諮詢其主管或經理的意見，但在任何情況下，非負責洗錢報告╱

合規職能的主管或經理均不得過濾職員所提交的報告。金融機構的法律

責任是在切實情況下盡快作出報告，故報告流程應盡可能縮短，令發現

可疑交易的職員與洗錢報告主任之間涉及的人數越少越好，從而確保報

告能迅速、保密及無障礙地送到洗錢報告主任。

7.24 所有向洗錢報告主任作出的可疑活動報告均必須以文件記錄（如為緊急

情況，可在通過電話進行初步討論後再作記錄）。該報告必須包括有關

客戶的全部詳情，以及盡可能完整陳述導致產生懷疑的全部資料。

《販毒

（追討得

益）條例》

及《有組

7.25 洗錢報告主任必須確認收到有關報告，並同時提醒有關人士他們有責任

不要作出任何可能影響查詢的事情（即向客戶或任何其他第三者通風報

訊）。有關通風報訊的條文包括已於內部作出可疑交易但尚未向財富情

報組報告的情況。

100

織及嚴重

罪行條

例》第

25A(5)

條、《聯

合國（反

恐怖主義

措施）條

例》第

12(5)條

7.26 就某交易或事件的可疑情況作出報告，並不代表再無需要就同一客戶的

更多可疑交易或事件作出報告。更多可疑交易或事件，不論是否屬同一

性質或有別於先前的可疑情況，均必須繼續向洗錢報告主任報告，如恰

當，他將向財富情報組作進一步報告。

7.27 當評估某項內部披露時，洗錢報告主任必須採取合理步驟以考慮所有相

關資料，包括金融機構內部使用或提供予金融機構的有關報告所牽涉實

體的盡職審查及持續監察資料。這可包括：

(a) 覆核透過有關連戶口進行之其他交易模式及交易量；

(b) 任何先前的客戶指示模式、業務關係年期及查閱盡職審查及持續監

察資料和文件；及

(c) 按照財富情報組33推薦的有系統方法來適當地查問客戶，藉以識別

可疑交易。

33 有關詳情，請瀏覽 www.jfiu.gov.hk。

101

7.28 作為覆核的一部分，可能需要查核其他關連戶口或關係。即使需要搜尋

關連戶口或關係的資料，這亦不應延誤向財富情報組作出報告。洗錢報

告主任應將其跟進每個個案的評估過程，以及作出結論的理由記錄在

案。

7.29 完成評估後，洗錢報告主任若判定有知悉或懷疑的理由，則應於評估完

成後盡快及切實地將有關資料連同有關該項知悉或懷疑所根據的任何

事宜的資料向財富情報組披露。假使他們憑誠信而決定不向財富情報組

提交可疑交易報告，而洗錢報告主任是在考慮過所有可獲取的資料後作

出沒有可疑情況的結論，則金融機構不大可能會因沒有報告而負上刑事

法律責任。但是，最重要的是洗錢報告主任必須就他們的慎重考慮和採

取的行動妥為備存紀錄，證明他們是以合理的方式行事。

記錄內部報告

7.30 金融機構必須設有及保存向洗錢報告主任作出的所有洗錢／恐怖分子

資金籌集報告的完整紀錄。該紀錄應收錄作出報告日期、其後處理報告

的人員、評估結果、報告有否導致須向財富情報組作出披露，以及報告

的相關文件存放何處等詳情。

向財富情報組作出報告的紀錄

7.31 金融機構必須設立及保存向財富情報組作出的披露的完整紀錄。該紀錄

必須收錄有關披露日期、作出披露的人，以及披露的相關文件存放何處

等詳情。如果認為恰當，這紀錄冊可與內部報告紀錄冊合併處理。

102

報告後續事宜

7.32 金融機構應注意：

(a) 向財富情報組提交報告可作為洗錢／恐怖分子資金籌集的法定免

責辯護僅限於該特定報告中所披露的作為。這不會免除金融機構因

該帳戶的持續運作而涉及的法律、聲譽或監管風險；

(b) 財富情報組就交易前的報告作出「同意」的回應，不應被解釋為該

戶口持續運作的「健康證明」或顯示該帳戶不會令金融機構涉及風

險；

(c) 向財富情報組提交報告後，金融機構應立即對業務關係進行適當覆

核，而不論財富情報組其後有否給予任何反饋意見；

(d) 金融機構對某客戶的戶口運作或某段業務關係一旦表示關注，應立

即採取合理行動減輕風險。向財富情報組提交報告後繼續運作該業

務關係，而不再進一步考慮有關風險及施加適當的管控措施以減輕

所發現的風險，是不可接受的做法；

(e) 已向財富情報組報告的關係應由洗錢報告主任進行適當覆核。如有

需要，有關問題應上報至金融機構的高級管理層，並配合金融機構

的業務目標及減輕所發現風險的能力，以斷定如何處理該段關係，

從而減輕該段關係所帶來的任何潛在的法律或聲譽風險；及

(f) 如金融機構因與客戶繼續維持業務關係而蒙受風險，則它並無義務

維持該等關係。建議金融機構在初次向財富情報組披露之時即表明

任何終止關係的意向，讓財富情報組得以在初期階段就有關行動提

供意見；及

《販毒 7.33 財富情報組會確認收到機構根據《販毒（追討得益）條例》及《有組織

103

（追討得

益）條例》

及《有組

織及嚴重

罪行條

例》第

25A(1)(c)

及(2)(a)

條、《聯

合國（反

恐怖主義

措施）條

例》第1

及

12(2)(a)

條

及嚴重罪行條例》第25A條，以及《聯合國（反恐怖主義措施）條例》

第12條作出的披露。如無需立即採取行動，例如就有關帳戶發出限制

令，財富情報組一般會「同意」有關機構根據《販毒（追討得益）條例》

及《有組織及嚴重罪行條例》第25A(2)條運作該戶口。本指引的附錄B

載有該信件的樣本。至於透過電子渠道「STREAM」作出的披露，則會

經由同一渠道收到電子收據。財富情報組間中會就該項知悉或懷疑所根

據的任何事宜，要求金融機構提供更多資料或要求作出澄清。

7.34 雖然並無法定規定必須就調查提供回應，警方及香港海關對設立有效的

回應程序頗為重視。財富情報組在每季的報告34或應要求向作出披露的

金融機構作出回應，闡述調查的當時狀況。

7.35 經財富情報組初步分析後，將予編製的報告會交由財務調查人員作進一

步調查。作出可疑交易報告後如需要報告機構提供更多資料，則可通過

34 作出與金融業相關的每季報告的目的是要提高該行業對打擊洗錢／恐怖主義資金籌集的認識。每

季報告包括兩部分: (i) 對可疑交易報告的分析及(ii) 關注事項及意見。可從財富情報組的網址

(www.jfiu.gov.hk) 取得該該報告。取閱該報告須使用密碼。可到上述網址的個案分析及意見項目之

下查閱有關詳情，或直接聯絡財富情報組。

104

搜查令或提交令取得。金融機構必須確保在規定期限內就所有提交令作

出回應，並提供一切屬該等提交令範圍的資料或材料。金融機構在遵守

規定時限方面如遇到困難，洗錢報告主任應第一時間聯絡調查的主管人

員，尋求進一步導引。

《販毒

（追討得

益）條例》

第10及11

條、《有

組織及嚴

重罪行條

例》第15

及16條、

《聯合國

（反恐怖

主義措

施）條例》

第6條

7.36 在執法調查期間，金融機構可能會獲送達限制令，以便在調查結果出來

之前凍結某些資金或財產。金融機構必須確保它能夠凍結該限制令涉及

的相關財產。應注意該限制令不一定適用於某業務關係中涉及的全部資

金或財產，而金融機構應考慮在已取得財富情報組的適當同意下，可動

用哪些資金或財產（如有）。

《販毒

（追討得

益）條例》

第3條、

《有組織

7.37 被告一經定罪，法院可下令沒收其犯罪所得，而金融機構如持有屬於該

被告的資金或其他財產（法院認為代表其犯罪得益），則可能會獲送達

沒收令。如法院信納某些財產屬恐怖分子財產，亦可下令充公有關財產。

105

及嚴重罪

行條例》

第8條、

《聯合國

（反恐怖

主義措

施）條例》

第13條

106

附件附件附件附件IIII ----可疑交易的識別指標可疑交易的識別指標可疑交易的識別指標可疑交易的識別指標

1. 客戶要求訂立保險合約，但其資金來源不明或與其表面的身分地位不符。

2. 一向只訂立小額合約並以定期繳款方式繳付保費的現有客戶，突然要求購買

一次過繳付保費的大額合約。

3. 客戶提出購買保險，但沒有明顯目的，而且不願透露為了什麼“需要”作出

該投資。

4. 客戶提出購買保險，並以現金繳款。

5. 客戶提出購買保險，但以其個人帳戶以外的帳戶所開出的支票繳款。

6. 有意投保的客戶無意了解保險機構的投資業績，但卻查詢提早取消該合約／

退保的手續。

7. 客戶訂立大額保險單，並在短期內取消保險單，以及要求把應付現金價值退

還給第三者。

8. 客戶提早終止保險產品，特別是在有損失的情況下這樣做。

9. 客戶申購與其日常業務無關的保險單。

10. 客戶要求購買的保險單，金額被視為超出其表面需要。

11. 客戶試圖以現金完成擬議交易，但這類業務交易通常都以支票或其他支付票

據進行。

12. 客戶拒絕或不願就有關的金融活動作出解釋，又或作出被評定為虛假的解

釋。

13. 客戶申購保險時，不願提供一般的資料，或只提供極少或虛假的資料，又或

提供保險機構難以或需要高昂費用方可核實的資料。

14. 客戶拖延提供資料，以致無法完成核實工作。

15. 客戶以本地郵政服務地區以外的地址開設帳戶。

16. 客戶以一個與其他現有商業實體類似的名稱開設帳戶。

17. 客戶試圖以虛假姓名或名稱開設或操作帳戶。

18. 客戶所進行的交易涉及身分不明人士。

19. 客戶把產品的利益轉讓給一名顯然沒有任何關係的第三者。

20. 客戶更改指定受益人(特別是客戶無須通知保險公司或取得其同意，便可這

樣做，以及／或客戶只須在保險單上批註，即可把獲付款的權益轉讓給另一

人)。

21. 在保險合約有效期內，把最終受益人更改為一名與保險單持有人沒有明顯關

連的人。

22. 客戶接受一些極為不利的條款，而有關條款與其健康狀況或年齡無關。

23. 客戶有異尋常地提早繳付保費。

24. 客戶以某種貨幣繳付保費，但要求以另一種貨幣支付賠償金。

25. 考慮到已知的客戶資料及客戶過往的金融活動，客戶現時的金融活動與保險

機構所預期的不符。( 如屬個人客戶，可考慮客戶的年齡、職業、住址、外

表、過往金融活動的類別及數量；如屬公司客戶，可考慮金融活動的類別及

107

數量。)

26. 客戶在進行某種日常交易或正式金融活動時，不尋常地聘請中介人，例如支

付賠償金或大筆佣金予該名中介人。

27. 客戶似乎向幾家保險機構投保。

28. 客戶在一次過繳清保費後，隨即想借取該保險單的最高現金價值。

29. 客戶是以特別組織不時所指明沒有執行或充分執行該組織建議的司法管轄

區作為活動基地，又或是來自一些製毒或販毒活動可能很猖獗的國家及地

區。

30. 客戶經由海外代理人、聯號或其他公司介紹，而介紹人是以特別組織不時所

指明沒有執行或充分執行該組織建議的司法管轄區作為活動基地，又或是來

自一些貪污、製毒或販毒活動可能很猖獗的國家及地區。

31. 以香港作為活動基地的客戶尋求作出一筆過的投資，並提出以電匯方式或

外幣繳款。

32. 僱員突然改變作風，例如生活奢華或刻意不放假。

33. 僱員或代理人的表現突然改變，例如售賣產品的營業員的業績有顯著或令人

意外的增幅。

34. 僱員所進行的整付保費業務持續處於高水平，遠超公司的一般期望。

35. 客戶所使用的地址並非其永久住址，例如以營業員的辦事處地址或住址作為

送遞客戶文件的地址。

36. 任何不尋常或不利的提早贖回保險單行動。

重要事項重要事項重要事項重要事項

國際保險監督聯會 (“保監聯會”)發表了一份題為“涉及保險業的洗黑錢及可

疑交易例子”的文件，載述涉及保險業的有關案例和指標。該文件可於保監聯會

的網站下載，網址為：http://www.iaisweb.orghttp://www.iaisweb.orghttp://www.iaisweb.orghttp://www.iaisweb.org。保監聯會會定期更新文件所載例子，

以加入其他經查證的案例。保險機構應定期瀏覽該網站，以獲取最新的資料。

108

附件附件附件附件IIIIIIII ---- 洗錢計劃的例子洗錢計劃的例子洗錢計劃的例子洗錢計劃的例子29292929

人壽保險人壽保險人壽保險人壽保險

個案1

一九九零年，一名英國保險代理人被裁定違反洗黑錢法例罪名成立。該保險代理

人參與一項在開始時已有超過150萬美元存入一家英國銀行的洗錢計劃。“掩藏

過程”涉及購買整付保費的保險單。該保險代理人成為全公司業績最好的營業

員，後來更獲公司頒發獎項以嘉許其推銷成績。這宗案件不只涉及一名代理人，

該保險代理人的上司亦被控違反洗黑錢法例。案件顯示，保險公司如涉及洗黑錢

活動，加上有職員受賄，定會招致負面報道，而且可能須負上刑事責任。

個案2

W公司一名董事H先生訂立一項洗黑錢計劃，涉及兩家在不同法律制度下成立的

公司。兩個實體都會提供金融服務和財務擔保，並由他出任董事。這兩家公司把

110萬美元電匯至H先生在S國的帳戶。有關資金可能是來自某類犯罪活動，而且

已循某種途徑流入金融體系。H先生亦接獲由C國轉帳過來的款項。資金由一個

帳戶轉至另一個帳戶(當中涉及數類帳戶，包括往來及儲蓄帳戶)。其中一次轉帳

是把資金透過往來戶口調往U國，以繳付人壽保險的保費。投資於人壽保險是這

項洗黑錢計劃的主要機制，而購買U國人壽保險則是這次洗黑錢行動的最後一

步，所繳交的保費約為120萬美元。

個案3

X國的海關人員展開調查，發現一個販毒組織利用保險業洗黑錢。幾個國家的執

法機關在調查後發現，毒販透過設於離岸司法管轄區的Z保險公司洗黑錢。

Z保險公司提供類似互惠基金的投資產品，其回報率與全球主要股票市場的指數

掛，因此保險單可作投資用途。帳戶持有人會繳付多於保險單指定的款額，然

後把款項轉進及轉出帳戶，作為提前退保的罰款。有關款項隨後轉為保險公司以

電匯或支票方式支付的款項，因此不會惹人懷疑。

迄今，調查發現該計劃清洗了逾2,900萬美元，當中900多萬美元已被檢獲。此外，

執法機關已根據Y國(毒品來源國)及Z國海關人員的聯合調查，就涉及與Z保險公

司有聯繫人士的洗黑錢活動數度執行搜查令及拘捕令。

個案4

29本附件所載述的洗黑錢計劃例子，大部分摘錄自保監聯會的文件“ 涉及保險業的洗黑錢及可

疑交易例子”。該文件可從http://www.iaisweb.org這個網址下載。

109

有人試圖為多名外國公民購買人壽保險，要求承保人提供賠償額與保費相同的人

壽保險保障，並且表示，假如保險單被取消，退還的保費須存入投保人在另一個

司法管轄區開設的銀行帳戶。

個案5

在一項規模較小的行動中，當地警方曾調查一名毒販存放現金的情況。有關款項

存入數個銀行帳戶，然後轉至設於另一司法管轄區的帳戶。該毒販接訂立一份

75,000美元的壽險保險單，從海外帳戶分兩次以電匯方式繳交保費。投保人聲稱

有關款項是海外投資收益。在毒販被捕時，保險公司已接獲提前退保的指示。

個案6

一名客戶以相等於約40萬美元的現金，投購10年期的人壽保險。在繳款後，客戶

拒絕透露有關資金的來源。最後，保險公司舉報該個案，而當局似已就該人的欺

詐管理活動提出檢控。

個案7

一家人壽保險公司從傳媒得知，一名與該公司簽訂兩份人壽保險合約的外國人在

其國內參與黑手黨活動。該兩份合約為期33年，其中一份訂明，如投保人死亡，

受益人可獲得約相等於100萬美元的賠償，另一份是混合保險，價值超過這個款

額的一半。

個案8

一名以自由提供跨境保險服務條約締約國為居籍的客戶，在外地與一家人壽保險

公司簽訂為期五年、有死亡賠償的人壽保險合約，並繳付相等於約700萬美元的

首期。該保險合約的受益人曾經兩度更改︰一次是在訂立保險單後三個月，另一

次則是在保險期屆滿前兩個月，而投保人仍為同一人。有關的保險公司舉報該案

件，結果發現最後的受益人(使用假名)是一名政界人士。

再保險再保險再保險再保險業業業業

個案1

A國某保險公司向B國一家聲譽良好的再保險公司，就其承保A國某投資公司的董

事及人員投購再保險。該保險公司擬就該份再保險付出市價四倍的保費。再保險

公司因此生疑，於是通知執法機關。調查結果證實，該投資公司是虛假的，並且

由有販毒背景的罪犯所操控。該保險公司亦與該投資公司有擁有權方面的連繫。

該案件給人的印象是：販毒所得的款項會透過從再保險公司收取的款項清洗，這

樣做的主要目的是利用再保險公司的良好聲譽，使人以為有關款項是合法得來

的。保險公司擬付出高於市價的保費，很可能是想確保日後可以延

續有關的再保險安排。

110

中介人中介人中介人中介人

個案1

某人 (其後以販毒罪名被捕)透過保險經紀作出25萬美元的金融投資(人壽險)。他

的做法是聯絡一名保險經紀，分三期以現金繳付共25萬美元。該名保險經紀並未

有報告該筆款項的交付，並把三次分期繳交的款項存入銀行。這些行動並無引起

銀行的懷疑，因為銀行知道該保險經紀與有關的保險公司分行有連繫。其後，該

保險經紀向負責作出金融投資的保險公司交付三張由其個人銀行帳戶發出、總額

為25萬美元的支票，藉此避免引起保險公司的懷疑。

個案2

來自數個國家的客戶透過中介人的服務購買保險。客戶提供身份證以證明他們的

身分，但有關資料無法由當地提供保險服務的機構澄清，因為該機構倚賴中介人

進行盡職審查。在保險單訂立後，中介人向當地機構支付有關款項。數個月後，

該機構收到客戶通知，表示因情況有變而須結束保險單並蒙受損失；結果有關客

戶最終取得一張由該機構發出、不會惹人懷疑的支票。在其他情況下，投保人會

在投保後數年才結束保險單，並要求保險公司向第三者支付款項。由於款項是來

自另一家聲譽良好的當地機構，故收款機構(如屬當地機構)通常不會對此有所質

疑。

個案3

一家成立已久的保險管理機構設立了一家保險公司。一家俄羅斯保險公司由一名

中介人透過該保險公司駐倫敦辦事處的管理層介紹，成為該公司的客戶。在這宗

特定交易中，若有關期間的索賠款額低於所收到的保費，客戶會獲發“盈利佣

金”。保險業監管機構對該公司進行實地視察後發現，該保險公司支付盈利佣金

的途徑與存入該保險公司帳戶的款項流轉情況不符。此外，由於所涉及的中介人

拒絕提供資料，監管機構無法確定有關款項的來源及支付途徑。經進一步調查

後，監管機構發現所繳款項涉及數家公司，但難以確定該等公司與原來投保人(即

俄羅斯保險公司)有何關連。

個案4

一個建築工程項目在歐洲進行融資。融資款項亦同時用以支付一筆顧問公司費

用。為確保有足夠款項以應付開支，有關方面開立了一個投資帳戶，在某家人壽

保險公司存入相等於約40萬美元的款項。該顧問公司獲得管理該帳戶的授權書。

在開立該帳戶後，該顧問公司隨即提取顧問合約所訂明的全數費用。保險公司認

為這宗交易可疑，因此作出舉報。調查結果發現，該顧問公司的某名職員涉及數

111

宗同類個案。有關帳戶已被凍結。

其他例子其他例子其他例子其他例子

整付保費

案例涉及購買整付保費的大額保險後迅速贖回保險單。洗黑錢分子這樣做的目

的是要獲取來自保險公司的款項。該人可能須支付贖回費用或成本，但他仍願意

這樣做以換取在保險公司所存款項作為直接資金來源。此外，提早兌現整付保

費保險單為現金，或把結算的金額支付給第三者的要求，可能會引起懷疑。

退回保費

有數宗案件是藉提早取消保險單及退回保費來洗黑錢。有關情況如下：

( a ) 與同一保險公司／中介人訂立多份小額保險單，然後同一時間取消保險單；

( b ) 把退回的保費存入另一個帳戶；

( c ) 在取回保費時要求以不同於繳付保費的貨幣支付；以及

( d ) 定期購買和取消保險單。

多繳保費

另一個簡單的洗黑錢方法，是作出安排以取得保險公司用支票或電匯方式退還多

筆或巨額保費。洗黑錢分子除擁有非法企業外，也很可能擁有合法的資產或業

務。使用這方法的洗黑錢分子可安排為其合法資產投保，並“ 偶然地” ( 但

持續地) 大幅多繳保費和要求退還多繳的費用。採用這方法的人通常認為，他

與有關保險公司代表的關係可以令保險公司獲利，而且對該代表本身的前途也

很重要，因此該代表不會願意與他作對。

多繳保費一直被利用作為一種洗黑錢的方法。保險公司在下述情況下應特別提高

警覺：

• 多繳的保費超出某個數額(例如一萬美元或相等的數額) ；

• 客戶要求把多繳的保費退還給第三者；

• 受保人身處與洗黑錢有關的司法管轄區；以及

• 多繳保費所涉及的金額或頻密程度很可疑。

經紀費偏高／支付款項予第三者／繳付保費途徑不尋常

偏高的經紀費可用以收買與保險合約無關的第三者。這通常與不尋常

的繳付保費途徑的事例一起出現。

賠償金的轉讓

112

同樣，原本合法的一群人(可能是某些企業的擁有人)，可能會被安排把他們就保

險單取得的任何合法賠償金轉讓給洗黑錢分子，而洗黑錢分子則承諾，若實際收

到的賠償金高於索賠面值，便會向該等企業(或許以現金、匯票或旅行支票方式)

支付差額的某個百分比。在這情況下，洗黑錢策略並非對保險公司採用傳統的詐

騙手段。洗黑錢分子其實是有意取得直接來自保險公司的款項，而且願意為此向

他人支付款項。洗黑錢分子甚至可能嚴格要求有關人士不得作出任何欺詐性索

賠，以免引起不必要的注意。

重要事項重要事項重要事項重要事項

除上述洗錢計劃的例子外，特別組織每年都會在題為“Money Laundering &

Terrorist Financing Typologies”的文件內，公布涉及保險業的典型案件，並以有用

的案例作為佐證。有關文件可從特別組織的網站(http://www.fatfhttp://www.fatfhttp://www.fatfhttp://www.fatf----gafi.orggafi.orggafi.orggafi.org)的刊物部

分下載。保險機構應定期瀏覽該網站，以獲取最新的資料。

113

第第第第8888章章章章 ———— 備存紀錄備存紀錄備存紀錄備存紀錄

一般法律及監管規定一般法律及監管規定一般法律及監管規定一般法律及監管規定

8.1 備存紀錄是審計線索中重要的一環，可藉以偵察、調查及沒收罪犯或恐怖

分子的資金。備存紀錄有助調查當局確定疑犯的財政狀况、追查罪犯或恐

怖分子的財產或資金，以及協助法院審查所有相關的過往交易，以評估有

關財產或資金是否刑事或恐怖分子罪行的收益，或是否與該等罪行有關連。

8.2 金融機構應按照本身的業務規模、性質及複雜程度，制備及保存所需及充

分的客戶、交易及其他紀錄，以符合打擊洗錢條例、本指引及其他監管規

定，藉以確保：

(a) 就經由金融機構提存的任何與客戶及客戶的實益擁有人（如適用）有

關的資金，戶口或交易，備存清晰及完備的審計線索；

(b) 可適當地識別及核實任何客戶及客戶的實益擁有人（如適用）；

(c) 及時地為有適當授權的有關當局、其他機構及審計人員提供所有客戶

及交易的紀錄及資訊；以及

(d) 金融機構符合本指引其他章節指明的任何相關規定，以及有關當局發

出的其他指引。除其他事宜外，紀錄應包括客戶風險評估紀錄（參閱

第3.8段）、可疑交易報告登記冊（參閱第7.31段）及培訓紀錄（參閱

第9.9段）。

114

備存備存備存備存關於客關於客關於客關於客戶戶戶戶身分及交易的紀錄身分及交易的紀錄身分及交易的紀錄身分及交易的紀錄

附表2

第20（1）（b）

（i）條

附表2

第2（1）（c）

條

附表2第20

（1）（b）

（ii）條

8.3 金融機構應備存：

(a) 在識別及核實任何客戶及／或客戶的實益擁有人及／或受益人及／或

看似是代表客戶行事的人及／或客戶的其他有關連者的身分時取得的

文件的正本或複本，及如此取得的數據及資料的紀錄；

(b) 為執行更嚴格的盡職審查或持續監察，而取得的客戶及／或客戶的實

益擁有人的任何額外資料；

(c) （如適用）業務關係的目的及擬具有的性質的文件的正本或複本，及

有關數據及資料的紀錄；

(d) 關乎客戶的戶口（例如開戶表格、保險申請表格、風險評估表格），

以及與客戶和客戶的實益擁有人的業務通訊（最低限度應包括與建立

業務關係有關的通訊，以及與盡職審查措施或戶口的運作有顯著改變

有重要關連的持續通訊）的紀錄及文件的正本或複本。

附表2

第20（3）

8.4 第8.3段提述的所有文件及紀錄應在與客戶維持業務關係的期間內備存，及

在有關業務關係終止後的6年期間內備存。

附表2

第20（1）（a）

條

8.5 金融機構應保存在交易所取得的有關文件的正本或複本，以及有關數據及

資料的紀錄。這應包括以下資料：

(a) 進行交易各方（在適當情况下包括受益人）的身分；

115

(b) 交易的性質及日期；

(c) 涉及的貨幣種類及金額；

(d) 資金的來源（如知道）；

(e) 存入及提取資金的方式，例如以現金、支票等；

(f) 資金的目的地；

(g) 指示及授權的方式；以及

(h) 交易涉及的戶口種類及戶口的識別號碼（如適用）。

在任何情况下，金融機構應確保所備存的紀錄足以重組個別交易，藉以在

有需要情況下，為刑事檢控提供證據。

附表2

第20（2）條

8.6 所有在第8.5段提述的文件及紀錄應在自有關交易完成的日期起計的6年期

間內備存，不論有關的業務關係是否在該段期間內終止。

8.6a 保險機構可以備存的文件和紀錄包括：

(a) 最初投保書的文件紀錄，如客戶財務狀況評估、需要分析、繳款方法細

則、利益說明，以及協助保險機構進行身分核實程序的文件副本；

(b) 在合約簽立後至合約屆滿期間，與履行合約有關的紀錄；及

(c) 包括合約期滿的結算及／或理賠詳情的“解除責任文件”。

附表2

第21條

8.7 如該紀錄包含文件，應備存該文件的正本，或以微縮影片或電腦數據庫備

存該文件的複本。如該紀錄包含數據或資料，該紀錄應以微縮影片或電腦

數據庫備存。

附表2

第20（4）條

8.8 如該紀錄與正在進行的刑事或其他調查或與在書面通知中指定的任何其他

目的有關，在此等情況下，有關當局可藉給予金融機構的書面通知，要求

有關機構在有關當局指明的、較第8.4及8.6段提述的期間為長的期間，備存

116

與指定交易或客戶有關的紀錄。

中介人保存的紀錄中介人保存的紀錄中介人保存的紀錄中介人保存的紀錄

附表2

第18 （4）

（b）條

8.9 如金融機構藉著中介人執行客戶盡職審查措施，並由中介人持有客戶的識

別及核實文件，有關金融機構仍有責任遵守所有備存紀錄的規定。金融機

構應確保執行該等措施的中介人已設立系統，遵從打擊洗錢條例及本指引

下所有備存紀錄的規定（包括第8.3至8.8段提述的規定），以及中介人會在

收到金融機構的要求後，盡快在合理地切實可行的範圍內提供有關文件及

紀錄。

附表2

第18 （4）

（a）條

8.10 為免生疑慮起見，藉著中介人執行客戶盡職審查措施的金融機構應立刻取

得該中介人在執行該措施時取得的資料，例如姓名／名稱及地址。

8.11 金融機構應確保中介人在終止提供服務後會將文件及紀錄交回機構。

附表2

第3部

8.12 不論在何處備存識別及交易紀錄，金融機構必須符合香港的所有法律及監

管規定，特別是打擊洗錢條例附表2第3部的規定。金融機構可能須將身分

及交易的基本紀錄的複本保留在香港。

個人個人個人個人保險代理人保險代理人保險代理人保險代理人備存紀錄備存紀錄備存紀錄備存紀錄責任責任責任責任

8.13

a

保險人所委任為代理的個人保險代理人，通常需要向保險人直接提交所有

與客戶和交易相關的文件，而且他們亦沒有足夠資源備存這些文件。根據

這項安排，並從符合附表 2 第 3 部所指明有關保存紀錄規定的觀點來看，

這些個人保險代理人可視為已將所需要的紀錄和文件存放於保險人的處

所。

由於個人保險代理人仍然就遵從所有備存紀錄的要求負有責任，他們應確

保：

(a) 其保險人有系統，以遵從載於打擊洗錢條例所指明有關備存紀錄的規

117

定；及

(b) 在有關當局提出要求時，該等紀錄及文件可沒有延誤地從保險人取得。

本導引只適用於個人保險代理人，並不適用於保險代理機構。

118

第第第第9999章章章章 ———— 職員培訓職員培訓職員培訓職員培訓

9.1 職員培訓是有效防止及偵察洗錢／恐怖分子資金籌集活動系統內的重要

一環。如沒有為使用系統的職員提供充分培訓，則即使是一個設計精湛的

內部監控系統，其有效執行也會受到影響。

9.2 金融機構應為職員35提供執行打擊洗錢／恐怖分子資金籌集職務方面的培

訓，在新職員開始執行職務前，培訓工作尤其重要。

9.3 金融機構應實施清晰及明確的政策，確保在打擊洗錢／恐怖分子資金籌集

方面，讓有關職員得到充分培訓。

9.4 個別金融機構在適當考慮本身業務的規模及複雜性和洗錢／恐怖分子資

金籌集的類別和風險程度後，可因應本身的需要，調整不同組別職員的培

訓計劃的時間表和內容。

9.5 金融機構應在打擊洗錢／恐怖分子資金籌集方面，為職員提供適當的培

訓。培訓的頻密程度應足以保持職員在打擊洗錢／恐怖分子資金籌集方面

的知識和能力。

9.6 金融機構應讓職員留意：

(a) 其機構及職員本身的法定責任，以及根據《販毒（追討得益）條例》、

《有組織及嚴重罪行條例》及《聯合國（反恐怖主義措施）條例》下

35 就第9章而言，職員包括獲委任保險代理人。

119

就未能舉報可疑交易而可能需要承擔的後果；

(b) 根據《販毒（追討得益）條例》、《有組織及嚴重罪行條例》、《聯

合國（反恐怖主義措施）條例》、《聯合國制裁條例》及打擊洗錢條

例，任何與金融機構及職員本身職責有關的其他法定及監管責任，以

及違反此等責任而可能需要承擔的後果；

(c) 其機構在打擊洗錢／恐怖分子資金籌集方面的政策及程序，包括識別

及舉報可疑交易；及

(d) 在職員履行打擊洗錢／恐怖分子資金籌集的特定職責所需的情況下，

任何洗錢／恐怖分子資金籌集的嶄新及新興技巧、方法及趨勢。

9.7 此外，以下的培訓單元或適用於特定類別的職員：

(a) 應向所有新職員（不論資歷）簡介洗錢／恐怖分子資金籌集的背景、

讓他們明白向洗錢報告主任舉報可疑交易及識別該等交易的需要，以

及「通風報訊」的罪行。他們應理解其機構是重視洗錢／恐怖分子資

金籌集的問題；

(b) 應促使與公眾有直接接觸的職員（例如前線工作人員、代表獲授權保

險人行事的獲委任保險代理人）知悉其機構所訂立的，並與其職責有

關的客戶在盡職審查及備存紀錄方面的政策及程序上的規定。這些職

員是接觸有可能洗錢的人的第一個接觸點，他們的工作在金融機構就

打擊洗錢策略方面至為重要。金融機構應就可能出現可疑交易的情

況，及交易被視為可疑時所應採取的程序，為他們提供培訓。他們應

得悉其機構的政策及程序（包括舉報的途徑），以處理特殊情况（例

如交易涉及大量款項），以及在此等情况下應額外提高警覺的需要；

120

(c) 視乎職責，後勤職員應接受客戶核實、相關處理程序，以及如何識別

不尋常活動（包括不正常的結算、付款及交付指示方面）的培訓；

(d) 經理級人員包括內部審計人員及合規主任應接受更高層次的培訓，培

訓範圍應涵蓋打擊洗錢／恐怖分子資金籌集的各方面；除此之外，特

定培訓範圍亦應涵蓋監督及管理職員的職責、系統審查、進行隨機抽

查，以及向財富情報組舉報可疑交易；及

(e) 打擊洗錢的合規主任應徹底熟悉其工作範團內的所有相關法例、監管

導引，及其機構在防止洗錢／恐怖分子資金籌集活動方面的政策及程

序。他們應該知道處理交出令及限制令的程序，及確保相關人員也具

備該等知識。他們應具備評估所收接到的可疑交易報告的知識和技

巧。金融機構應提供機會，確保他們認識有關打擊洗錢／恐怖分子資

金籌集方面的所有新發展及規定。

9.8 金融機構應視乎可運用的資源及職員的培訓需要，考慮在提供培訓時混合

使用各種培訓技巧及工具。這些技巧及工具可包括網上學習系統、課堂上

的集思培訓、相關錄影帶及紙張形式或以內聯網為本的程序手冊。金融機

構可考慮使用特別組織的文章及典型案件作為培訓材料。所有培訓材料應

是最新的，並且應符合現行規定及標準。

9.9 無論使用哪種培訓方法，金融機構應備存紀錄，監察誰已接受培訓、職員

何時接受培訓，以及所提供培訓的類別。

9.10 金融機構應監察培訓的效用。這可透過以下方法達致：

(a) 測試職員對其機構在打擊洗錢／恐怖分子資金籌集方面的政策及程

121

序、對他們法定及監管責任的理解，以及他們辨認可疑交易的能力；

及

(b) 監察職員在其機構就打擊洗錢／恐怖分子資金籌集制度的合規情

况，和內部報告的質和量，以找出進一步的培訓需要，並且採取適當

的行動。

122

第第第第10101010章章章章－－－－電傳轉帳電傳轉帳電傳轉帳電傳轉帳

一般規定

10.1 本章主要適用於認可機構及金錢服務經營者。如其他金融機構以打擊洗

錢條例中界定的匯款機構或收款機構的身分處理電傳轉帳交易，它們亦

應遵守附表2第12條的規定及本章提供的導引。如金融機構是電傳轉帳

的匯款人或收款人，而並非以匯款機構或收款機構的身分進行交易，它

們則無需在該交易方面遵守附表2第12條的規定及本章提供的導引。

附表 2 第

1(4) 條及

第 12(11)

條

10.2 電傳轉帳是由一間機構(匯款機構) 代表某人(匯款人)藉電子方式進行

的交易，目的是將某筆金錢轉往某間機構(收款機構) ( 該機構可以是匯

款機構或另一機構)以提供予該人或另一人 (收款人)，而無論是否有一

間或多於一間機構(中介機構) 參與完成有關金錢轉帳。

附表 2 第

12(2)條

10.3 本章不適用於以下電傳轉帳：

(a) 在兩間金融機構之間的電傳轉帳，而每間機構均只代表本身行事；

(b) 在一間金融機構與一間外地機構之間的電傳轉帳，而每間機構均

只代表本身行事；

(c) 符合以下說明的電傳轉帳 —

(i) 因使用信用咭或扣帳咭(例如以扣帳咭經由自動櫃員機從銀行

户口提取金錢，以信用咭取得現金墊支，或以信用咭或扣帳咭

就貨品及服務付款)進行的交易而引致的，但如該咭是用以完

成金錢轉帳則除外，及

(ii) 該信用咭或扣數咭的號碼，已包括在附隨該項轉帳的信息或

付款表格內。

123

10.4 至於SWIFT使用者，上述豁免適用於MT200系列的付款，以及MT 400及

MT700系列的信息，如它們是用於支票託收及履行認可機構間的貿易融

資責任。

如匯款人為金融機構，就打擊洗錢條例而言，提供金融機構的銀行識別

代號36已構成提供匯款人的完整資料。這種情況有時甚至適用於SWIFT

的MT 102及MT 103的信息，雖然在可行情況下亦宜同時提供帳戶號

碼。此項豁免亦適用於(商業個體)識別代號37，但在該種情況下一般仍

須附上帳戶號碼。但是，收款機構仍可能要求匯款人提供地址資料。

10.5

特別組織於2001年10月發出第七項特別建議38，旨在提高所有本地及跨

境電傳轉帳的透明度，以便更易執法，藉以追蹤恐怖分子及罪犯以電子

方式轉帳的資金。巴塞爾銀行監管委員會指引文件《跨境電匯直接撥付

訊息的盡職審核及透明度》（2009年5月）亦表明監管此方面的意向。

匯款機構

附表 2 第

12(3)條

10.6 匯款機構必須確保金額相等於或多於8,000港元（或同等價值的其他貨

幣）的所有電傳轉帳，必須隨附附表2第12(3)條所規定的完整及經核實

的匯款人資料，包括：

(a) 匯款人的姓名或名稱；

(b) 該匯款人在金融機構開立的户口 (該户口為電傳轉帳所支付金錢的

來源) 的號碼，或獨特參考編號39(適用於非帳户持有人）；及

36 銀行識別代號亦稱為SWIFT代號。 37 編配給非金融機構（例如企業）的銀行識別代號稱為商業實體識別代號。 38 此項特別建議的經修訂說明由特別組織於2008年2月29日發出，並可於特別組織的網站查閱。 39 由匯款機構編配的獨特參考編號可用以追蹤電傳轉帳的匯款人。

124

(c) 匯款人的地址或（如沒有地址）匯款人的客户識別號碼或識別文件

號碼(（如客户為自然人，則提供香港身份證號碼，或如匯款人為法

人，則提供商業登記號碼）或如匯款人為個人，則該匯款人的出生

日期及地點。

下文（請參閱第10.17段）載有一項本地電傳轉帳的特惠條文。

10.7 只要匯款機構信納地址經已核實，則可於電傳轉帳信息內加入匯款人的

「通訊地址」。

附表 2 第

12(4)條

10.8 匯款機構必須確保轉帳信息隨附的所有匯款人資料經已核實。如匯款人

是匯款機構的帳户持有客户，並已經根據打擊洗錢條例及本指引的核實

要求核實其身分，則在一般情況下無需再對該帳户持有人的資料作進一

步核實，然而匯款機構亦可就個別個案行使酌情權。

附表 2 第

3(c) 條、

12(3) 條及

(4)條

10.9 對於非帳户持有人的交易，匯款機構必須核實隨附於相等於或超過

8,000港元等值款額的電傳轉帳的客户身分及匯款人的所有資料。至於

少於8,000港元（或等值金額）的非經常電傳轉帳，匯款機構一般無需

核實匯款人的身分，除非匯款機構認為數項電傳轉帳交易似乎有關連，

且涉及的金額相等於或超過8,000港元的等值金額。根據打擊洗錢條例

的備存紀錄規定（請參閱第8章），核實的證據必須與客户資料一併保

留。

10.10 少於8,000港元或同等價值外幣的電傳轉帳，匯款機構可選擇不將一切

所需匯款人的資料加入電傳轉帳信息內。但是，匯款機構需記錄及保留

匯款人的相關資料，並須在收款機構或有關當局提出要求後3個營業日

125

內提交。在考慮是否採用8,000港元的門檻時，匯款機構應考慮其電傳

轉帳業務的業務及營運特色。在切實可行的情況下，有關方面鼓勵匯款

機構應盡量將相關匯款人資料加入隨附於所有電傳轉帳交易的信息內。

10.11 對於帳户持有人為匯款人的電傳轉帳，匯款人的姓名／名稱及地址（或

獲批准的其他資料）應與帳户持有人的資料相符。任何凌駕客户資料規

定的要求應不予理會；如懷疑客户有任何不恰當的動機，應向匯款機構

的洗錢報告主任報告。

10.12 匯款機構如懷疑客户可能代表第三者進行電傳轉帳時，亦應謹慎。如以

第三者的姓名／名稱作為電傳轉帳的匯款人，或該電傳轉帳似乎與客户

的日常業務／活動不符，應要求客户提供有關電傳轉帳性質的進一步解

釋。

10.13 帳户持有人及非帳户持有人的相關匯款人資料均應予以記錄及保留。

10.14 匯款機構應採用風險為本的方式，透過考慮多項因素，如收款人的姓名

／名稱、電傳轉帳的目的地及金額等，檢查某些電傳轉帳是否可疑。

10.15 匯款機構應就如何處理跨境及本地電傳轉帳制訂明確的政策。有關政策

應涵蓋以下範疇：

a) 備存紀錄；

b) 核實匯款人身分的資料40

40 如匯款人為非帳户持有人，機構應遵循本章就電傳轉帳所訂明有關識別和核實客户身分及備

存記錄方面的規定，

126

c) 信息的格式及在何種情況下應使用有關格式；及

d) 信息所包含的資料。

10.16 匯款機構應將電傳轉帳納入持續盡職審查程序。匯款機構應對與匯款人

建立的業務關係進行持續盡職審查，以及審察在該整個業務關係中的交

易過程以確保所進行的交易與它對客户、其業務及風險概況的認知一

致。匯款機構可在持續盡職審查的程序中採用風險為本的方式。有關過

程應定期進行審核，以確保其成效。

本地電傳轉帳

附表 2 第

12(6)條

10.17 如匯款及收款機構均位於香港，隨附於電傳轉帳的匯款人資料只需包括

匯款人的帳户號碼或用作追蹤該筆電傳轉帳交易匯款人的獨特參考編

號。

附表 2 第

12(6)條

10.18 不過，如收款機構或有關當局提出要求，匯款機構須於接獲要求後3個

營業日內提供匯款人的完整資料（請參閱第10.6段）。

收款機構

10.19 不論任何金額的電傳轉帳，如它的收款人並非帳户持有人，收款機構應

記錄收款人的身分及地址。對於金額相等於或超過8,000港元的電傳轉

帳，收款機構應憑藉收款人的身份證或旅遊證件，核實收款人的身分。

群組檔案轉帳

附表 2 第

12(7)條

10.20 匯款機構可將多項轉帳集合在一個群組檔案中，以整批方式轉帳至海外

的收款機構。在該等情況下，在群組檔案中的個別轉帳僅須附帶匯款人

127

的客户帳户號碼（或如沒有帳户號碼，則獨特參考編號），但群組檔案

內必須載有匯款人的完整資料。

中介機構

附表 2 第

12(8)條

10.21 如金融機構在電傳轉帳中以中介機構的身分處理交易，必須確保電傳轉

帳保留隨附的所有匯款人資料，並將有關資料轉交在連串付款中的下一

間機構。

附表2第

19(2)條

10.22 檢查有否缺少完整的匯款人資料的規定適用於中介機構，情況一如有關

資金的轉帳直接由中介機構收取。

10.23 中介機構在進行電傳轉帳過程時，宜採用某種系統使其能將所有在轉帳

過程中所接收的資料轉發至收款機構。但是，如中介機構在技術上無法

傳送來自香港以外地區的轉帳的匯款人資料，則必須以其他溝通方式將

匯款人的資料通知收款機構，不論是在付款內說明有關資料或透過信息

系統或其他方式傳達有關資料。

遺漏、不完整或不具意義的匯款人資料

附表 2 第

19(2)條

10.24 金融機構必須制訂及維持有效的程序，以識辨及處理匯入的電傳轉帳，

藉以遵從匯款人資料的相關規定。

附表 2 第

12(9)(a)

及 12(10)a

條

10.25 如有關的本地或跨境電傳轉賬並無附隨匯款人的資料，該金融機構須在

合理地切實可行的範圍內，盡快向發出轉帳指示予它的機構，取得有關

資料。如未能取得有關資料，該金融機構須考慮限制或結束它與該機構

的業務關係，或採取合理措施，減低所涉及的洗錢/恐怖分子資金籌集

的風險。

128

附表 2 第

12(9)(b)

及

12(10)(b)

條

10.26 如該金融機構察覺到附隨看似是匯款人的資料並不完整或不具意義，它

須在合理地切實可行的範圍內，盡快採取合理措施，減低所涉及的洗錢

/恐怖分子資金籌集的風險。

金融機構可實施有效的風險為本的程序及系統，對接收的付款進行適當

程度的事後隨機抽查，以識別載有不完整或不具意義的匯款人資料的電

傳轉帳，藉此證明已符合識辨不合規格轉帳的規定。有關金融機構可對

下列電傳轉帳進行較嚴謹的抽查：

(a) 來自特別組織成員地區以外的司法管轄區的機構的轉帳，尤其是已

知是未有採用足夠國際信息準則（即特別組織的第七項特別建議）

的地區；

(b) 來自高風險司法管轄區的機構的轉帳；

(c) 金額較高的轉帳；及

(d) 於先前抽查中被發現沒有遵守相關資料規定的機構的轉帳。

附表2第

12(9)(b)條

及第

12(10)(b)

條

10.27 如收款機構在處理付款的過程中，察覺到轉帳載有不具意義或不完整的

資料，則必須要求提供完整的匯款人資料。收款機構須就糾正資料不全

的轉帳定下適當的限期。

附表2第

12(9)(b)條

及第

12(10)(b)

條

10.28 如收款機構未能於限期內取得完整及具意義的資料，則必須在顧及相關

因素（如收款人的姓名/名稱、轉帳款項的來源及金額等）後，考慮是

否限制或結束與發出轉帳指示予它的機構的業務關係，或採取合理措

施，減低所涉及的洗錢/恐怖分子資金籌集的風險。。

129

10.29 收款機構亦應考慮採用其他特定措施，例如在交付匯款時，按「申報及

識別」基準，檢查收款人以現金收取的所有轉帳中的匯款人資料是完整

及具意義的。

10.30 金融機構亦應考慮在電傳轉帳中察覺到的不完整及不具意義資料，是否

構成懷疑的理據，以及就此向財富情報組舉報是否合適。

10.31 如在香港的匯款機構經常未能就涉款相等於或超過8,000港元等值金額

的電傳轉帳提供所需的匯款人資料，收款機構應向有關當局報告有關情

況。如匯款機構被發現經常未能遵守有關資料方面的規定，收款機構應

考慮採取行動，包括在拒絕接納有關機構日後的轉帳，或決定是否全面

限制或終止與該機構的關係或轉帳業務前，先作出警告及定下限期。

10.32 即使匯入的電傳轉帳所載的付款資料並不完整而其款額少於8,000港元

（即低於特別組織第七項特別建議中，強制金融機構執行有關規定時

的門檻標準），並不代表金融機構可排除向對方要求提供完整資料的

情況；然而，建議在有關情況下可採用風險為本的方法行事。

附表 2 第

20(1)條

10.33 應按照打擊洗錢條例保留所有電子付款及信息的紀錄。

與跨境電傳轉帳有關的直接撥付信息

10.34 跨境電傳轉帳的過程通常涉及多間機構。除匯款機構及收款機構外，跨

境電傳轉帳的結算通常涉及向匯款的機構或收款機構提供代理銀行服

務的其他機構（直接中介機構）。直接撥付信息是該等機構為安排資金，

以結算跨境電傳轉帳所產生的銀行同業付款責任而使用的信息。

130

10.35 對於涉及直接撥付信息的電傳轉帳，匯款機構應確保向直接中介機構發

出的信息載有匯款人及收款人的資料。載於直接撥付信息內的匯款人及

收款人資料，應與發給收款機構的相應直接跨境電傳轉帳信息所載者相

同。匯款機構在可行情況下，應在直接撥付信息中盡量加入收款人的其

他身分資料，這在減輕錯誤凍結、封阻或拒收客户資產，或不恰當延誤

直接撥付的風險是有需要的。

10.36 直接中介機構應制訂清晰的政策及程序，以確保即時得知直接撥付信息

中用以儲存匯款人及收款人資料的相關欄目並無遺漏。此外，有關機構

亦要制訂及執行多項政策及程序，以監管跨境電傳轉帳直接撥付信息內

的匯款人及收款人資料是否明顯地不具意義或不完整；而這監管程序可

於處理交易後根據風險敏感基準進行。直接中介機構亦應執行其他措

施，包括將匯款人及收款人的名字與恐怖分子及恐怖分子嫌疑人物的資

料庫進行核對。

10.37 收款機構應識別收款人及核實其身份，亦應設立有效的風險為本的程

序，以識別及處理欠缺完整匯款人資料的電傳轉帳。

10.38 至於有關認可機構的詳盡指引，尤其是直接中介機構的責任，可參考香

港金融管理局於2010年2月8日頒佈的《有關處理跨境電匯直接撥付信息

的指引文件》。

131

附錄附錄附錄附錄AAAA

可用於客戶身分識別的其他可靠及獨立來源

附表 2 第

2(1)(a)(iv)

及

2(1)(d)(i)

(D)條

1 金融機構應根據實際身在香港的個人的香港身份證或旅遊證件來核實他們的身

分。金融機構應經常根據香港居民的香港身份證、身分證明書或簽證身分書來識

別及或核實他們的身分。非居民的身分則應根據他們的有效旅遊證件作出核實。

2 至於沒有現身香港的非香港居民，金融機構應根據以下資料來識別及/或核實有

關人士的身分：

(a) 有效的國際護照或其他旅遊證件；或

(b) 有有關個人照片的有效國民（即由政府或國家簽發）身分證；或

(c) 由主管的國家或政府機構簽發的有效國家（即由政府或國家簽發）駕駛執

照41，執照上有照片證明申請人的身分。

3 旅遊證件是指附有持有人照片，可令移民局官員信納持有人的身分及國籍、原居

地或永久居留地的護照或其他證件。可作身分核實用的旅遊證件包括：

(a) 澳門特別行政區永久居民身分證；

(b) 台灣居民往來內地通行證；

(c) 海員身分證明文件（根據《國際勞工組織公約》╱《1958年海員身分證件公

約》簽發）；

(d) 內地居民的台灣旅遊許可證；

41 為免生疑問，國際駕駛許可證及執照不能用於此目的

132

(e) 由入境事務處處長簽發澳門居民往來香港特別行政區旅遊證的旅遊證；

(f) 因公往來香港澳門特別行政區通行證；及

(g) 往來港澳通行證。

4 至於在香港出生而並非持有有效旅遊證件或香港身份證42的未成年人，則可根據

他們的香港出生證明書來核實他們的身分。每當與未成年人建立業務關係時，金

融機構應同時按照以上規定記錄及核實該未成年人士的父母或代表或陪同該未

成年人士的監護人的身分。

5 金融機構如要識別及或核實公司客戶的身分，可於該公司的註冊地點的公司註冊

處進行查冊，並取得一份完整的公司查冊報告，藉以證實目前可從查冊取得的公

司的全部資料（或外地對等資料）。有關資料除可確認公司的持續註冊狀況外，

還載有：

(a) 公司目前的基本資料；

(b) 現任董事及後備董事（如有）名單（連同身分識別證明資料）；

(c) 秘書的資料詳情；

(d) 註冊辦事處地址（本地公司）；

(e) 香港主要營業地點的地址；

(f) 獲授權代表的資料詳情（非香港公司）；

(g) 股本；及

(h) 財產接管人、管理人及清盤人（如有）的資料詳情。

42 凡年滿11歲及以上的香港居民均須登記辦理身分證。香港永久居民持有香港永久性居民身份

證。永久居民的身分證（即香港永久性居民身份證）在身分證正面個人出生日期的下方註有大

寫英文字母「A」。

133

6 至於沒有國民身分證的司法管轄區，以及如客戶沒有附有相片的旅遊證件或駕駛

執照，金融機構可採取以風險為本的方法，破例接受其他文件作為身分識別證

據。該等文件上應盡可能附有該個人的照片。

134

附錄B

機密機密機密機密

聯合財富情報組聯合財富情報組聯合財富情報組聯合財富情報組

香港郵政總局信箱第6555號

電話電話電話電話: 2866 3366: 2866 3366: 2866 3366: 2866 3366 傳真傳真傳真傳真：：：： 2529 4013 2529 4013 2529 4013 2529 4013

電郵電郵電郵電郵：：：：[email protected]@[email protected]@police.gov.hk

洗錢報告主任

XXXXXX

傳真號碼傳真號碼傳真號碼傳真號碼: xxxx xxxx: xxxx xxxx: xxxx xxxx: xxxx xxxx

先生/女士:

可疑交易報告可疑交易報告可疑交易報告可疑交易報告

財富情報組編號：來函檔號: 收件日期

xx xx xx

財富情報組已收到你根據《販毒(追討得益)條例》(第405章) /《有組織及

嚴重罪行條例》(第455章) 第25A(1)條及《聯合國( 反恐怖主義措施)條例》(第575

章)第12(1)條提交的上述可疑交易報告。

按照目前所得的資料，本組現根據《販毒(追討得益)條例》及《有組織

及嚴重罪行條例》第25A(2)條及《聯合國(反恐怖主義措施)條例》第12(2)條給予

135

同意。

如有疑問，請致電(852) 2860 xxxx與高級督察xxxxx先生聯絡。

聯合財富情報組主管

( 代行)

2011年xx月xx日

136


個人資料個人資料個人資料個人資料

聯合財富情報組聯合財富情報組聯合財富情報組聯合財富情報組

香港郵政總局信箱第6555號

電話電話電話電話: 2866 3366: 2866 3366: 2866 3366: 2866 3366 傳真傳真傳真傳真：：：： 2529 4013 2529 4013 2529 4013 2529 4013

電郵電郵電郵電郵：：：：[email protected]@[email protected]@police.gov.hk

本組檔號:

來函檔號:

洗錢報告主任

XXXXXX

傳真號碼: xxxx xxxx

先生/女士:

《《《《販毒販毒販毒販毒((((追討得益追討得益追討得益追討得益))))條例條例條例條例》》》》////《《《《有組織及嚴重罪行條例有組織及嚴重罪行條例有組織及嚴重罪行條例有組織及嚴重罪行條例》》》》

你向財富情報組作出的以下披露：

財富情報組編號：來函檔號: 日期

Xx xx xx

與xxxxxx的人員進行的一項xxxxx調查有關(檔案編號：xxxxxx) 。

本人是香港法例第455章《有組織及嚴重罪行條例》25A(2)條所述的獲授權

人，現特通知你由於附件A所列述戶口的資金相信是犯罪得益，本人不不不不同意你進

137

一步處理該戶口內的資金。

請你注意根據《有組織及嚴重罪行條例》第25條，凡任何人處理明知是或有

合理理由相信有關金錢是代表從可公訴罪行的得益，即屬犯罪。上述資料必須嚴

加保密，而根據《有組織及嚴重罪行條例》第25A(5)條，任何人如向未獲授權人

士披露本信的內容(包括被調查的事宜) ，因而有可能損害警方進行的調查，可

能已犯罪。戶口持有人或任何其他人士均不得獲告知此通訊的內容。

任何人如與貴機構接觸及設法進行涉及此戶口的交易，請貴機構職員立即與

本個案的主管聯絡，並且拒絕執行有關交易。如戶口持有人或第三者質疑銀行他

們為何不能處理有關戶口內的資金，請指示有關人士與個案主管聯絡，而且不能

透露任何進一步資料。

如有其他疑問或需要我們對本信的內容作出澄清，請與個案主管xxxxx督察

(電話: xxxxxxxx)或本信的簽署人(電話: xxxxxxxx)聯絡。

聯合財富情報組主管xxxxxx警司

2011年xx月xx日

副本: 個案主管

138


附件附件附件附件AAAA

編號編號編號編號戶戶戶戶口持有人口持有人口持有人口持有人戶戶戶戶口號碼口號碼口號碼口號碼

1.

139

主要用語及縮寫詞彙主要用語及縮寫詞彙主要用語及縮寫詞彙主要用語及縮寫詞彙

用語用語用語用語╱╱╱╱縮寫縮寫縮寫縮寫涵義涵義涵義涵義

未成年人未成年人是指未滿18歲的人〔《釋義及通則條例》（第1

章）- 第3條的釋義〕

打擊洗錢／恐怖分子資金

籌集

打擊洗錢及／或恐怖分子資金籌集

打擊洗錢條例《打擊洗錢及恐怖分子資金籌集（金融機構）條例》（第

615章）

《有組織及嚴重罪行條

例》

《有組織及嚴重罪行條例》（第455章）

有關連者客戶的有關連者包括實益擁有人及有權指令該客戶的活

動的任何自然人。為免生疑問，有關連者一詞包括任何

董事、股東、實益擁有人、簽署人、受託人、財產授予

人／資產提供者／創立人、保護人，以及法律安排界定

的受益人。

更嚴格的盡職審查更嚴格的客戶盡職審查

附表2 《打擊洗錢及恐怖分子資金籌集（金融機構）條例》附

表2

信託就本指引而言，信託指明示信託或附有具法律約束力的

文件（即信託契據或任何其他形式）的任何類似安排。

洗錢／恐怖分子資金籌集洗錢及／或恐怖分子資金籌集

《保險公司條例》《保險公司條例》（第41章）

保險機構保險機構指經營長期業務或就長期業務提供意見的獲授

權保險人、再保險人、獲委任保險代理人及獲授權保險

經紀

風險為本的方法就盡職審查及持續監察的風險為本的方法

個人個人指自然人，已身故的自然人除外

140

特別組織財務特別行動組織

高級管理層高級管理層是指一家商號的董事（或董事會）及高級經

理（或對等職級），他們個別或共同負責管理及監督該

商號的業務，可包括商號的行政總裁、董事長或其他高

級營運管理人員（視情況而定）。

財富情報組聯合財富情報組

《販毒（追討得益）條例》《販毒（追討得益）條例》（第405章）

國際保險監督聯會保監聯會

《銀行業條例》《銀行業條例》（第155章）

盡職審查客戶盡職審查

《聯合國（反恐怖主義措

施）條例》

《聯合國（反恐怖主義措施）條例》（第575章）

《聯合國制裁條例》

《聯合國制裁條例》（第537章）

簡化盡職審查

簡化客戶盡職審查

《證券及期貨條例》《證券及期貨條例》（第571章）