LeftMenu

搜寻于 Anti-money laundering (AML)

Anti-money laundering (AML)

Applicable to ALL practice units: Q1 to Q9

Applicable to practice units which has provided services specified in paragraphs 600.2.1 and 600.2.2 of the AML Guidelines and / or adopted “good practices”: Q10 to Q15

If a practice only provides statutory audit services, what are the minimum requirements of the AML Guidelines with which the practice needs to comply?

The extent to which a practice should comply with the requirements of the AML Guidelines depends on the nature of transactions / services that a practice carries out or prepares for its clients. If a practice carries out or prepares for its clients transactions or services specified in paragraphs 600.2.1 and 600.2.2 of the AML Guidelines (“specified services”), all sections of the AML Guidelines are mandatory for the practice to the extent that they are applicable to the part of its business concerning specified service activities.

A statutory audit per se is not a specified service. Therefore, if a practice only provides statutory audit services, the minimum requirements of the AML Guidelines with which the practice should fully comply are Sections 640 and 650 of the AML Guidelines concerning suspicious transaction reporting and financial sanctions and terrorist financing. In other words, it is not mandatory for a practice providing solely statutory audit services to carry out customer due diligence ("CDD") and ongoing monitoring measures on its clients, or record keeping, so far as it relates to these. However, practices will need to have suitable policies and procedures in place, including record keeping, to address matters relating to suspicious transaction reporting and complying with financial sanctions and terrorist financing.

If a client of the above practice decides to engage the practice for a service other than a statutory audit (e.g. a special audit), the practice should obtain an understanding of the nature and purpose of the engagement before accepting it. If the engagement relates to a specified transaction / service (e.g. assisting the client to complete an acquisition of a business entity), the practice will have to expand its AML / CTF policies and procedures to comply with all sections in the AML Guidelines, including CDD, ongoing monitoring and all aspects of record keeping, if it decides to accept the engagement. (Posted on 23 December 2019)

Is it advisable for a practice to adopt T01 (Example policies and procedures) from the Institute's anti-money laundering procedures manual for accountants (AML Procedures Manual) without tailoring?

The example policies and procedures in the AML Procedures Manual only provide general guidance on drawing up an AML / CTF policy manual. The example policies and procedures should be tailored to suit the circumstances of the practice. Areas requiring further tailoring and suggested amendments are listed below:

1. If a practice chooses not to apply "good practice" on services other than those specified in paragraphs 600.2.1 and 600.2.2 of the AML Guidelines, the practice's AML / CTF policy manual should not state that policies and procedures regarding customer due diligence and ongoing monitoring are applied to "all" clients. The following sets out a suggested revised “Policy Statement” for a practice that chooses not to apply “good practice”:

Policy statement

The practice has a policy of zero tolerance to any involvement in money laundering, including tax evasion, when dealing with the practice’s own or our client’s affairs. All principals, employees and any sub-contractors used by the practice are therefore required to comply with relevant legislation on anti-money laundering and counter-terrorist financing (see the section below on staff training and hiring) and the code of ethics of the Hong Kong Institute of Certified Public Accountants (HKICPA) and in particular, Part F of the code, "Guidelines on Anti-Money Laundering and Counter-Terrorist Financing for Professional Accountants". Accordingly, it is the policy of the practice to apply suspicious transaction reporting and financial sanctions related procedures to all clients but all other policies and procedures, in particular the customer due diligence (CDD) and ongoing monitoring procedures specified below, only to ~~all~~ clients;, whether new or existing clients, ~~but in particular to client~~ whose engagements ~~which~~ involve the following:

(a) buying and selling of real estate;

(b) managing of client money, securities or other assets;

(c) management of bank, savings or securities accounts;

(d) organisation of contributions for the creation, operation or management of companies;

(e) creation, operation or management of legal persons or arrangements;

(f) buying and selling of business entities;

(g) forming corporations or other legal persons;

(h) acting as, or arranging for another person to act as, a director or secretary of a company, a partner of a partnership, or a similar position in relation to other legal persons;

(i) providing a registered office, business address or accommodation, correspondence or administrative address for a company, a partnership or any other legal person or arrangement;

(j) acting as, or arranging for another person to act as, a trustee of an express trust or similar legal arrangement; or

(k) acting, or arranging for another person to act, as a nominee shareholder for a person other than a corporation whose securities are listed on a recognised stock market.

All principals, employees and any sub-contractors are expected to report any knowledge or suspicion of money laundering, including tax evasion, to the practice’s Money Laundering Reporting Officer (MLRO) in accordance with their statutory obligations.

2. Practices are reminded that since suspicious transaction reporting and financial sanctions (sections 640 and 650 of the AML Guidelines) are mandatory regardless of the services provided, every practice should have policies and procedures on suspicious transaction reporting and financial sanctions. The following sets out example policies and procedures relating to financial sanctions and terrorist financing:

Financial sanctions and terrorist financing

The United Nations Sanctions Ordinance (Cap. 537) empowers the Chief Executive of Hong Kong to make regulations to implement sanctions decided by the United Nations (“UN”) Security Council. It is an offence to provide or solicit financial or related services to a client who is a person or entity designated in UN sanctions lists.

(a) Sources of the lists of the financial sanctions and terrorist financing

The practice will refer to the lists maintained by the UN Security Council and its Sanctions Committees [and the United States’ Office of Foreign Assets Control (“US OFAC”) (note: not mandatory, see 650.1.6)]. The entities and individuals on those lists (referred to as designated persons or entities) are subject to financial restrictions. The purpose of the sanctions is to prevent access to and use of funds for terrorism and terrorist purposes.

The UN sanctions consolidated list is available from:

https://www.un.org/securitycouncil/content/un-sc-consolidated-list

[The US OFAC sanctions list is available from:

https://sanctionssearch.ofac.treas.gov ]

The practice will also refer to the Anti-money laundering section of the HKICPA website

(at: https://www.hkicpa.org.hk/en/Standards-and-regulation/Anti-money-laundering) as well as the HKICPA’s monthly technical e-newsletter ‘Techwatch’ (See http://www.hkicpa.org.hk/en/standards-and-regulations/technical-resources/techwatch/) and the weekly e-circular for information on the latest sanctions lists.

(b) Frequency of conducting name checks

The practice will conduct a name check of a client and consider, based on a risk approach, extending the check to the clients’ beneficial owners against the latest UN [and US OFAC] sanctions lists before the establishment of a business relationship with that client, regardless of what service is to be provided and perform ongoing screening of our client base regularly thereafter.

The practice will check for updates of UN sanctions lists on a [weekly] [monthly] basis as it [has] [does not have] cases with high money laundering/terrorist financing (“ML /TF”) risks.

(c) Reporting obligation

When the practice comes across situations where it suspects that property belongs to a designated person or entity or is otherwise terrorist property, the practice has a responsibility to stop dealing with the property and report to the Joint Financial Intelligence Unit (see the section on “Reporting of suspicious transactions” for details).

3. As mentioned in Q11, practices need to set out the factors determining the period of ongoing monitoring review and what constitutes a trigger event. The following sets out example policies and procedures to be incorporated in the “Ongoing monitoring” section:

In high risk situations, where EDD has been applied, the information will be reviewed annually.

In normal and low risk situations where CDD and SDD have been applied the information will be reviewed every [x years] and [y years], respectively. A review of the risk category of normal and low risk clients will be performed annually.

Trigger events

Apart from conducting periodic on-going monitoring of all clients’ transactions following the above timeframes, the practice will take steps to ensure that the client information obtained for the purposes of CDD is up to date and relevant when any of the following trigger events occurs:

(a) a significant or unusual activity or transaction is to take place;

(b) a material change occurs in a client’s ownership and/or activities;

(c) there is a substantial change in client documentation standards; or

(d) the practice is aware that there is insufficient information about a particular client.

(Note: the above trigger events are examples from section 620.10.7 of the AML Guidelines.)

Please note that the above suggested policies and procedures are for reference only. Practices should tailor the relevant policies and procedures according to their own particular circumstances. An example policy, which reflects all the above changes, for a practice that chooses not to adopt “good practices” is Example AML CTF policies and procedures for reference. In a practice review, an assessment will be made on the practice's level of compliance with its established policies and procedures and any failure of compliance will be reported as a finding. (Posted on 3 May 2019, updated on 23 December 2019)

If a practice does not subscribe to a commercial database, what resources can it use to perform sanctions screening?

For sanctions screening, a practice may refer to the following resources:

When the practice needs to perform a search against all current sanctions lists (e.g. before starting a business relationship with a new client), it may refer to the consolidated list published by the United Nations: https://www.un.org/securitycouncil/content/un-sc-consolidated-list. A search function is also available in the United Nations’ web site: https://scsanctions.un.org/search/ .
When the practice needs to perform ongoing sanctions screening and would like to find out which particular sanctions list(s) have been updated recently, it may refer to the updates in the HKICPA web site: https://www.hkicpa.org.hk/en/Standards-and-regulation/Anti-money-laundering.
There are several ways for the practice to identify the amendments made (e.g. new designations of individuals and entities) in the updated sanctions lists to find out whether any new designations exist in its client base. The following sets out some suggested ways:

Direct sources -

a. Press releases of United Nations Security Council:

https://www.un.org/press/en/content/security-council/press-release

Other indirect sources may include -

b. Government of the United Kingdom where the practice may, among others, download an Excel version of the consolidated sanctions list:

https://www.gov.uk/government/publications/financial-sanctions-consolidated-list-of-targets/consolidated-list-of-targets

c. Government of Australia where the practice may, among others, download an Excel version of the consolidated sanctions list:

https://dfat.gov.au/international-relations/security/sanctions/Pages/consolidated-list.aspx

(Posted on 23 December 2019)

More >