AML/CFT Compliance in Hong Kong for Financial Institutions

9 mins

The Hong Kong Monetary Authority (HKMA) recently imposed a penalty of HK$6,000,000 against the local branch of Commerzbank AG for the violation of the region’s anti-money laundering/countering the financing of terrorism (AML/CFT) laws. The regulator said the German bank’s local unit failed to establish and maintain effective customer due diligence (CDD) and name screeningprocedures.

“As the first line of defence, carrying out CDD measures upon customer on-boarding is fundamental to combating money laundering and terrorist financing and thereby maintaining the integrity of the banking system of Hong Kong,” said Carmen Chu, Executive Director (Enforcement and AML) of the HKMA, commenting on the development. 

“Banks should make reference to the HKMA’s relevant guidelines and circulars in reviewing and optimising the performance of their anti-money laundering and counter-financing of terrorism control systems on an on-going basis, to ensure that the design and implementation of their policies and procedures remain effective.”

It is another example of Hong Kong regulators' strictness with their AML/CFT norms. An international financial centre and trading hub, the city-state has been keen to implement international AML/CTF standards to safeguard its financial systems from financial crimes. It is an active member of international AML organisations, such as the Financial Action Task Force (FATF) and the Asia/Pacific Group on Money Laundering. It has been at the forefront in formulating effective anti-financial crime regulations in line with international standards and enforcing them. 

It is vital for financial institutions operating in the self-administered region to understand the various AML/CFT regulations in the country and implement necessary control systems to address the ever-changing financial crime risk landscape. More than monetary losses, fines and penalties from the regulators seriously damage financial institutions' reputation. 

How to Comply With KYC_AML-related Regulatory Developments in Hong Kong_ (2)-1  

Hong Kong has made significant progress with its efforts to internationalise financial systems over the last decade, leading to an influx of international financial institutions into the self-administered region. In line with changing scenarios, Hong Kong regulators have encouraged financial institutions to strengthen their AML/CTF compliance. Furthermore, it has emphasised using modern-day Regtech solutions to manage risk effectively. 

In this article, we will explore the recent regulatory developments pertaining to AML compliance in Hong Kong, explain the compliance challenges of traditional and modern financial institutions and share how they can ensure optimal adherence to AML/CTF regulations with technology. 

Recent Regulatory Developments in Hong Kong

Recent regulatory developments on AML/CFT indicate that Hong Kong is looking to align its control mechanisms with international standards better. The city-state has encouraged traditional banks and fintech companies to understand the risks better and implement new measures, harnessing multiple data streams and new technologies. Regulators, including the Hong Kong Monetary Authority (HKMA) and the Securities and Futures Commission (SFC), have provided guidelines so that financial institutions have proper controls and systems in place, commensurate with the nature, scale and complexity of their operations. 

How to Comply With KYC_AML-related Regulatory Developments in Hong Kong_ (1)-1SFC AML/CFT Guideline

In September 2021, the SFC published its updated Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (For Licensed Corporations) for the securities sector. The guide highlighted the need for institutional risk assessment and a risk-based approach to simplified and enhanced Customer Due Diligence (CDD). Other notable requirements include identifying indicators for suspicious transactions involving third-party deposits and payments and measures for cross-border correspondent banking relationships.

New Risk Assessment Report

In the latest money laundering and terrorist financing (ML/TF) risk assessment report published in July 2022, Hong Kong’s financial secretary emphasised that the ML/TF landscape has continued to evolve, particularly regarding digital financial technologies. 

According to the report, Hong Kong has a medium-high ML risk. “As an international finance, trade and transport hub with strong links to the Mainland, Hong Kong is exposed to ML threats arising from both internal and external predicate offences,” says the report. The critical threat areas are fraud, drug-related crimes, corruption and tax evasion.

AML Threats in Various Sectors

The risk assessment report noted that the ML threat posed by the banking sector is “high”, while the danger from money service operators (MSOs) is “medium-high”. ML syndicates often attempt to misuse corporate bank accounts and the MSO services for ML, abusing Hong Kong’s efficient financial and banking systems. 

Stored value payment products (e-wallets), internet and mobile payment services have gained popularity in Hong Kong, with increased linkages to bank accounts. Accordingly, there has been an evolution in the modus operandi, ML typologies and techniques deployed by criminals, the report observed. It also highlighted an increased number of fraud cases related to virtual assets (VA) in line with the increasing scale and popularity of VA activities in Hong Kong. VAs are not legal tender in the city-state. 

The Way Ahead

Following the risk assessment, the Hong Kong government intends to work on five key areas:  

  • Enhancing the AML/CFT legal framework: This includes amending the AMLO to introduce a licensing regime for virtual asset service providers (VASPs) and a registration regime for dealers in precious metals and stones. 
  • Strengthening risk-based supervision: There would be further efforts to promote the implementation of risk-based AML/CFT systems that are critical for protecting the soundness of FIs and the integrity of the financial system.
  • Stepping up outreach and awareness-raising: The government plans awareness-raising efforts to facilitate more efficient and targeted detection of suspicious activities and better focus AML/CFT systems on genuine risks.
  • Monitoring new and emerging risks: Hong Kong will continue to monitor risks and keep abreast of new and emerging typologies in line with the changes in patterns of predicate offences and the development of new technologies creating new opportunities for unlawful activities. 
  • Enhancing law enforcement efforts: Law enforcement agencies will leverage the use and exchange of financial intelligence and multi-agency collaboration, responding to the evolving landscape of financial crimes. They will also strengthen international cooperation to combat cross-border and transnational ML syndicates.

How Can Financial Institutions Strengthen AML Compliance?

Broadly, various Hong Kong regulators suggest the following measures for financial institutions to improve on their AML compliance: 

Risk-based approach

Financial institutions should evaluate the risks associated with new or existing business relationships to determine the degree, frequency, and extent of the CDD measures and ongoing monitoring required. The scope of CDD measures taken should vary according to the ML/TF risks assessed with regard to the customer.

Customer due diligence (CDD)

Financial institutions should undertake CDD measures for identifying and verifying customers using documents, data, or information sourced from them and independent providers. In the case of corporate customers, they should take necessary measures to verify the beneficial owner’s identity. This will help create risk profiles, enabling financial institutions to rank customers and formulate effective risk policies. It will also ensure smoother services to low-risk customers. 

Screening for Politically Exposed Persons (PEPs) and Sanctions

Hong Kong regulators require financial institutions to implement proper systems to identify PEPs and sanctioned entities. Proper identification of PEPs and sanctioned entities will help create risk practices, including enhanced due diligence, restricted services and closure of business relations.

Ongoing Monitoring

Financial institutions should review existing CDD records of customers periodically or upon unusual events such as a sudden transaction surge. This practice will ensure that customer risk profiles are up to date and relevant. 

Transaction Monitoring

Apart from banks, SVFs and payment systems must have transaction monitoring capabilities. These financial institutions should conduct appropriate scrutiny of transactions carried out for the customer to ensure that they are consistent with the available knowledge of the customer, the customer’s business, risk profile and source of funds. They should also identify complex and unusual transactions with no apparent economic or lawful purpose. 


The regulators also mandate record-keeping to help detect and investigate suspicious activities. It will also enable law enforcement agencies to prosecute criminals. In addition to all screening records, financial institutions should also document and keep all vital customer review results. They should maintain proper records throughout the customer life cycle and for at least five years after the cessation of the business relationship.

How Can Tookitaki Help? 

In line with the changing landscape in the financials sector, Hong Kong has been encouraging financial institutions to enhance the efficiency and effectiveness of their AML control systems by using new technologies, including regulatory technology (Regtech).

An award-winning Regtech, Tookitaki has developed an AML solution that helps financial institutions strengthen their risk coverage and mitigate risks seamlessly in the ever-evolving world of regulatory compliance. Tookitaki’s Anti-Money Laundering Suite or AMLSis an end-to-end operating system with multiple modules, such as Transaction Monitoring, Smart Screening, and Customer Risk Scoring solutions seamlessly integrated to provide a one-stop compliance solution. Tookitaki’s Case Manager solution collates the alerts from all solutions in an interactive manner, offering companies speedy alert disposition and easy regulatory report filing.

Tookitaki prides itself in bringing to life “The AML Ecosystem” – a first-of-its-kind initiative that is community-driven and powers financial crime prevention. The ecosystem combines Tookitaki’s network of people and our library of typologies. The “Hub and Spoke Approach” for transaction monitoring completely encompasses holistic AML coverage, faster deployment, lesser false positives, and seamless AML operations.

Talk to our expert to learn more about our AML solution and how Tookitaki can be your partner of choice for enhancing risk-based AML compliance programmes.