Effective Source of Funds and Wealth Checks: A Practical Guide for TCSP Licensees in Hong Kong

Effective source of funds (“SoF”) and source of wealth checks (“SoW”) are a critical part of the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615 of the laws of Hong Kong) (“AMLO”) and the “Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (For Trust or Company Service Provider Licensees)” (“TCSP AML Guidelines”) issued by the Hong Kong Companies Registry (“CR”). Under these guidelines and a risk-based approach, firms are expected to understand where client funds come from, how wealth has been accumulated, and whether transactions present higher money laundering or terrorist financing risks. 

This article offers practical guidance for trust or company service provider (“TCSPs”) in Hong Kong on conducting SoF and SoW checks, making targeted enquiries for higher-risk clients, and maintaining proper documentation to support ongoing compliance and Hong Kong Companies Registry’s inspections.

Are source of wealth and source of funds verifications required for every single client and transaction?

No. SoF and SoW checks are not required for every client or every transaction. Under Hong Kong’s AML and CFT framework, TCSP licensees are expected to apply a risk-based approach, meaning the depth and scope of verification should be proportionate to the level of money laundering and terrorist financing (“ML/TF”) risk involved.

For lower-risk clients and transactions, basic customer due diligence and an understanding of the purpose of the business relationship may be sufficient. In these cases, TCSP firms are generally not expected to conduct detailed SoF or SoW verification unless specific risk indicators or unusual activity are identified.

However, more thorough SoF and SoW checks are expected for higher-risk clients or transactions. This may include situations involving complex ownership structures, unusually large or inconsistent transactions, higher-risk jurisdictions, or clients subject to enhanced due diligence measures. In such cases, TCSPs should make targeted enquiries, obtain additional supporting documentation, and corroborate client-provided information using reliable and independent sources.

In practice, TCSP firms should be able to demonstrate, through appropriate documentation, that decisions on whether to conduct SoF or SoW checks are made using a risk-based approach and are applied consistently across comparable cases. The focus is not on performing the same checks for every client, but on ensuring that higher-risk relationships receive an appropriate level of scrutiny.

Legal framework for Hong Kong TCSP licensees

SoF and SoW checks for TCSP licensees in Hong Kong are guided by a combination of statutory requirements and regulatory guidance issued by the Companies Registry. Together, these form the compliance framework that TCSP firms are expected to follow when applying AML and CFT controls in practice.

The primary legislation is the AMLO. Under AMLO, TCSP licensees are required to conduct customer due diligence by adopting a risk-based approach, and take reasonable measures to understand the nature and purpose of client relationships. Where appropriate, this includes understanding the SoF involved in transactions and, in higher-risk situations, the source of a client’s wealth.

For day-to-day implementation, TCSP firms rely mainly on the TCSP AML Guidelines. These TCSP AML Guidelines explain how AMLO requirements should be applied in practice and set out supervisory expectations on risk assessment, enhanced due diligence, record-keeping, and circumstances where more detailed SoF and SoW checks are expected.

Overall, Hong Kong TCSP licensees should base their SoF and SoW practices on AMLO and the TCSP AML Guidelines to better understand supervisory expectations and strengthen internal compliance arrangements.

Practical guidance for establishing clients’ source of funds and source of wealth

Establishing SoF and SoW is a practical exercise that should be embedded into a TCSP firm’s day-to-day onboarding and monitoring processes. Rather than applying the same checks to every client, Hong Kong TCSP licensees are expected to take a risk-based approach, focusing resources on higher-risk clients and transactions while maintaining proportionate controls for lower-risk cases. The following five steps outline a practical framework for conducting SoF and SoW checks in a way that supports AML and CFT compliance, meets regulatory expectations, and remains workable for TCSP firms.

1. Adopt a risk-based approach tailored to the client’s risk profile and circumstances

A risk-based approach means that SoF and SoW checks should be proportionate to the level of ML/TF risks presented by a client or transaction. Hong Kong TCSP licensees are not expected to apply the same level of customer due diligence to every client. Instead, firms should assess risk at onboarding and throughout the business relationship, and apply additional scrutiny where higher-risk scenarios are identified.

When assessing a client’s risk profile, TCSP firms should pay particular attention to the following scenarios:

• Client type: Clients involving trusts, private investment vehicles, or complex corporate structures, which may obscure beneficial ownership
• Nature of transaction: Large, unusual, or one-off transactions that are inconsistent with the client’s stated business or profile
• Source of funds: Funds derived from multiple sources, third parties, or jurisdictions not clearly linked to the client’s business activities
• Source of wealth: Significant wealth accumulation without a clear or well-documented explanation, or where wealth was generated over a short period across multiple jurisdictions
• Ownership and control: Use of nominee shareholders, bearer instruments, or layered ownership structures that reduce transparency
• Jurisdictions involved: Connections to higher-risk jurisdictions, or frequent cross-border fund movements without a clear commercial rationale
• Transaction behaviour: Sudden changes in transaction patterns, such as sharp increases in transaction size or frequency

Where one or more of these risk factors are present, TCSP licensees should consider whether enhanced SoF and SoW checks are necessary and ensure that the rationale for this decision is clearly documented.

By linking the level of SoF and SoW verification directly to identified risk factors, TCSP firms can demonstrate a consistent, proportionate, and defensible risk-based approach.

2. Conduct thorough source of funds and/or source of wealth checks for high-risk clients and transactions

Where a client or transaction is assessed as presenting a higher ML/TF risks, TCSP licensees are expected to conduct more thorough SoF and SoW checks. In these situations, basic customer due diligence is often insufficient to fully understand the financial background of the client or the legitimacy of the funds involved.

SoF checks focus on understanding about the origin of the particular funds or other assets which are the subject of the business relationship, such as the amounts being invested, deposited, or wired as part of the business relationship. SoW checks, by contrast, consider how the client accumulated their overall wealth over time. For higher-risk cases, TCSP firms should consider both elements to form a complete picture.

In practice, higher-risk situations may include complex ownership structures, transactions that are large or unusual in size, cross-border arrangements, or clients connected to countries identified by credible sources as higher-risk jurisdictions. In these cases, TCSP licensees should obtain supporting information and documentation that is sufficient to explain the SoF or SoW in a clear and credible manner, rather than relying solely on client representations.

Importantly, the depth of checks should remain proportionate to the identified risk. The objective is not to eliminate all risk, but to ensure that higher-risk clients and transactions receive an appropriate level of scrutiny and that the firm can reasonably explain and support its conclusions during regulatory inspections.

3. Targeted enquiries and corroboration for higher-risk clients and transactions

For clients or transactions that present a higher ML/TF risks, TCSP licensees should go beyond collecting documents and make targeted, risk-focused enquiries to better understand the client’s financial background. Generic explanations or high-level declarations are often insufficient in higher-risk cases, particularly where funds or other assets which are the subject of the business relationship are inconsistent with the client’s stated profile.

Targeted enquiries should be tailored to the specific risks identified. This may involve asking clients to explain the commercial rationale for a transaction, clarify the origin of funds, or provide additional context on how wealth was accumulated. The aim is to assess whether the explanation is reasonable, internally consistent, and aligned with the client’s known business or personal circumstances.

Where possible, TCSP firms should corroborate client-provided information using reliable and independent public sources. This may include government registries and records, public company disclosures, property records, or adverse media searches. Corroboration helps reduce reliance on self-declared information and provides additional comfort that the SoF or SoW is credible.

If inconsistencies, gaps, or unexplained points are identified, TCSP licensees should consider whether further enquiries or enhanced due diligence measures are required. Clear documentation of both the enquiries made and the conclusions reached is essential to demonstrate that the TCSP firm has taken reasonable and proportionate steps to manage ML/TF risks.

4. Document all findings to ensure a complete audit trail

Proper documentation is a critical part of effective SoF and SoW checks. For TCSP licensees, it is not enough to conduct enquiries or review supporting documents. Firms must also be able to demonstrate, through clear and well-maintained records, how conclusions were reached and why the level of verification applied was appropriate for the identified risk.

In practice, documentation should include the client’s risk assessment, the SoF or SoW information obtained, and a clear narrative explaining how the information was assessed. Where enhanced checks are carried out, TCSP firms should record the specific risk factors identified, the additional enquiries made, and how any inconsistencies or concerns were resolved.

TCSP licensees are generally expected to retain customer due diligence records, including SoF and SoW documentation, for at least five years after the end of the business relationship or the completion of an occasional transaction. Records should be stored in a manner that allows them to be retrieved promptly and in a readable format, whether maintained electronically or in physical form.

Maintaining a complete audit trail over the required retention period supports ongoing monitoring, internal reviews, and regulatory inspections. Clear and consistent documentation helps demonstrate that the firm’s approach to SoF and SoW checks is risk-based, proportionate, and aligned with regulatory expectations.

5. Provide training to staff to identify ML/TF red flags and establish a robust internal reporting system

Effective SoF and SoW checks depend not only on policies and procedures, but also on the ability of staff to recognise potential ML/TF risks in practice. TCSP licensees should provide regular training to ensure that staff understand common red flags, know when additional scrutiny is required, and are confident in raising concerns.

Training should be tailored to staff roles and responsibilities, and cover practical topics such as identifying unusual transaction patterns, recognising inconsistencies in client explanations, and understanding when SoF or SoW information may require further verification. Staff should also be familiar with the firm’s risk-based approach and escalate to the senior management where appropriate.

In addition, TCSP firms should establish a clear internal reporting and approval system. This includes defined reporting lines, documented decision-making processes, and appropriate senior management oversight. A robust internal reporting framework helps promote a culture of compliance, ensures that potential risks are addressed promptly, and supports consistent application of AML and CFT controls across the organisation.

Where there is knowledge or suspicion of money laundering or terrorist financing, TCSP licensees should ensure that a Suspicious Transaction Report (“STR”) is filed with the Joint Financial Intelligence Unit (“JFIU”). Staff should be trained to understand the importance of submitting STR as soon as practicable to the JFIU whenever they suspect that any property may be linked to proceeds of drug trafficking, an indictable offence, or terrorist activities.

At the same time, TCSP firms must ensure that staff strictly avoid any disclosure that could prejudice an investigation, commonly referred to as “tipping off”. For example, informing a client that an STR has been filed, or indicating that their activities are under review, may compromise an investigation and could constitute an offence. 

Conclusion

Effective SoF and SoW checks are essential to TCSP firms in Hong Kong as part of their AML and CFT obligations. Striking the right balance between thorough client due diligence and a seamless client experience is essential. By applying a risk-based approach and calibrating due diligence measures to different client risk profiles, TCSP firms can mitigate the serious consequences of AML/CFT non-compliance, including reputational damage, financial penalties, and potential criminal liability.

SoF and SoW verification should never be treated as a one-off exercise. Instead, TCSP licensees should adopt a continuous and risk-based monitoring framework, supported by periodic reviews and updated risk assessments whenever a client’s risk profile, business activities, or circumstances change. Through ongoing client monitoring, TCSP licensees are better positioned to identify and respond to emerging money laundering and terrorist financing threats.

Last but not least, the effectiveness of these measures depends on practical implementation. It is therefore essential that staff are properly trained and supported by robust internal policies and a clear internal reporting structure. Strong internal framework and comprehensive record-keeping help TCSP firms demonstrate compliance with Companies Registry requirements, while ensuring that such measures remain proportionate to the firm’s overall risk profile. 

References

For more information about TCSP licensing, compliance obligations, and AML guidelines in Hong Kong, please refer to the following official resources:

1. Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615 of the Laws of Hong Kong)
2. Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (For Trust or Company Service Provider Licensees)”  (“TCSP AML Guidelines”) issued by the Companies Registry in March 2025
3. Guideline on Licensing of Trust or Company Service Provider issued by Companies Registry in May 2025
4. Commonly Raised Questions by respondents and the Companies Registry’s response issued by Companies Registry on 6 December 2024

Disclaimer: This publication is provided for general information and guidance only. The views and comments expressed herein do not constitute, and should not be relied upon as, legal advice or a legal opinion.

Simplify Your AML/CFT Workflow Today

KYC Management enables firms to complete the entire AML/CFT process in minutes - not hours. From customer due diligence and risk assessments to screening and ongoing monitoring, KYC Management expedites traditionally manual and complex AML/CFT processes into a simple and compliant workflow.

Interested in learning more? Contact us today!