Hong Kong, a major international financial hub, operates under a robust framework of anti-money laundering and counter-terrorist financing (AML/CFT) laws and regulations to combat financial crime. As gatekeepers of financial and legal systems, lawyers and other professionals are obligated to stay abreast of the latest developments in AML/CFT laws to safeguard the system and mitigate associated risks. 

With the heightened emphasis on AML/CFT compliance around the globe, legal professionals must stay on top of regulatory requirements in Hong Kong, including the statutory requirements for designated non-financial businesses and professions under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO) (Cap. 615 of the laws of Hong Kong) and the Practice Direction P issued by the Law Society of Hong Kong.

This article outlines five key steps to assist law firms in navigating AML/CFT obligations during client onboarding:

1. Identify and verify the client’s identity with reliable documents and conduct AML/CFT screenings

The foundation of AML/CFT compliance is know your client (KYC) and client due diligence (CDD). Solicitors are required to take reasonable measures to obtain basic information regarding client identity, and in an Applicable Circumstance, verify the client's identity using documents, data, or information from reliable and independent sources. For individuals, acceptable documents include an identity card, passport, recent utility bill and bank statement. For corporate clients, acceptable documents include a certificate of incorporation or registration, business registration certificate, constitutional documents, register of directors, and register of members. Under Schedule 2 of the AMLO, solicitors must identify and verify beneficial owners holding more than 25% of the client’s share capital or voting rights. For further details on how to conduct identification and verification, please refer to paragraphs 104-115 of the Practice Direction P.

Solicitors must also verify the identity and authority of any person purporting to give instructions on behalf of the client (ie. an authorised person or PPTA). If the client is a company, this typically involves obtaining a board resolution confirming the authorised person’s authority.

Depending on the risks posed by the clients, solicitors should cross-reference client information with public records, such as those from the Companies Registry or Business Registration Office.

To further mitigate money laundering and terrorist financing (ML/TF) risks, solicitors are recommended to conduct screenings of clients and their beneficial owners against sanctions lists, the list of terrorists or terrorist associates, politically exposed persons (PEP) databases, and adverse media lists. Subject to a risk-based approach (RBA), solicitors may also screen the authorised person of the client against sanctions and PEP lists.

Pro Tip: Automated AML/CFT tools can enhance the efficiency of client due diligence and screening processes, ensuring compliance with regulatory requirements.

2. Confirm the client’s business purpose, source of funds, and source of wealth

If a legal professional is acting for a client in any of the Applicable Circumstances, they must obtain details on the nature and purpose of the transaction and the source of funds (SoF). This includes determining whether funds originate from the client’s bank account, a third-party account, or a high-risk jurisdiction, as well as identifying the activities that generated those funds. Where enhanced client due diligence (EDD) is required, solicitors should also verify the source of wealth (SoW) of the clients and their beneficial owners. This may include obtaining information about the origins of the client’s ongoing and accumulated business income/funding and the client’s net worth.

For higher-risk clients and transactions, solicitors may request bank statements, contracts, audited financial statements, pay slips, tenancy agreements, tax returns, grants of probate, or other evidence to confirm the legitimacy of SoF and SoW. Practice Direction P stipulates that legal professionals must properly document enquiries, investigations, and findings related to the nature and intended purpose of the transaction, SoF, and SoW.

Pro Tip: Solicitors should ask targeted questions about the client’s business activities, SoF, and SoW by applying a risk-based approach. It is always a balancing exercise between managing potential client risks and allowing flexibility based on the client’s risk profile and circumstances.

3. Conduct risk assessments for the client and the proposed transaction

Solicitors must assess ML/TF risks associated with the client by accounting for various factors such as client risk, country risk, service risk, and transaction and delivery channels risks. Law firms should categorise clients into low, medium, or high risk based on these risk factors and adopt an RBA to apply appropriate and proportionate client due diligence and risk mitigating measures to the clients and their beneficial owners. The extent of client due diligence varies depending on the client type, business relationship, and transaction nature.

Practice Direction P highlights the need for ongoing risk assessments throughout the client relationship. Law firms should periodically review the risk profiles of clients and their beneficial owners, particularly when circumstances change.

Pro Tip: Solicitors must conduct and document periodic client risk assessments to ensure compliance with AML/CFT requirements.

4. Apply enhanced client due diligence for high-risk clients

Solicitors are required to apply EDD in situations including, but not limited to:

1. Transactions that are unusually large or complex, exhibit unusual patterns, or lack a clear economic or lawful purpose;
2. Client and/or the beneficial owners are considered “high risk” based on factors such as client risk, country risk, service risk, transaction and delivery channels risk as set out in paragraph 121 of the Practice Direction P;
3. Non-Hong Kong PEPs; and
4. Client and/or the beneficial owners are from or in non-cooperative countries and territories identified by the Financial Action Task Force (FATF) or other jurisdictions non-compliant with FATF recommendations.

For Hong Kong PEPs or international organisation PEPs, solicitors must conduct a risk assessment to determine whether EDD is necessary. EDD should be applied only when a Hong Kong or international organisation PEP presents a high ML/TF risk.

Pro Tip: Law firms should train staff to recognise high-risk indicators and implement EDD measures tailored to the firm’s risk assessment.

5. Maintain detailed records of client due diligence and risk assessment for future audits

Law firms must maintain comprehensive records relating to the transactions, CDD, EDD, risk assessments, and screenings to comply with the record-keeping requirements set out in the Practice Direction P and the recommendations in Circular 12-475  issued by the Law Society of Hong Kong. The corresponding AML/CFT records must be retained for the following periods, based on transaction type:

1. Conveyancing matters – 15 years; 
2. Tenancy matters – 7 years; 
3. Other matters, except criminal cases – 7 years; and 
4. Criminal cases – 5 years from the expiration of any appeal period.

Solicitors should periodically review and update client records to reflect changes in risk profiles or business activities.

Pro Tip: A secure and cloud-based compliance platform can assist law firms in efficiently organising and retrieving client due diligence and risk assessment records.

Conclusion

Compliance with AML/CFT requirements during client onboarding is critical for law firms to mitigate the risks of money laundering and terrorist financing from the very beginning of client engagement. Non-compliance of these legal requirements can be costly, potentially resulting in financial penalties, reputational damage, or disciplinary actions. With the AML/CFT regulatory landscape evolving rapidly, solicitors must stay informed of the latest regulatory requirements. A robust AML/CFT framework ensures compliance while equipping solicitors with a deeper understanding of clients’ circumstances, enabling tailored, personalized advice.

How thorough are your onboarding procedures? Strengthen your AML compliance with KYC Management, which is tailored to the specific AML/CFT requirements for law firms in Hong Kong.

Sources:

• Practice Direction P issued by the Law Society of Hong Kong
• Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO) (Cap. 615)

Simplify Your AML/CFT Workflow Today

KYC Management enables firms to complete the entire AML/CFT process in minutes - not hours. From customer due diligence and risk assessments to screening and ongoing monitoring, KYC Management expedites traditionally manual and complex AML/CFT processes into a simple and compliant workflow.

Interested in learning more? Contact us today!