Home > FAQs
|FAQ applicable to all Money Service Operators (“MSOs”)|
|Identification and verification of customer’s identity – natural persons|
|Q1||Non-Hong Kong residents
What documents would be regarded as “reliable and independent” for verifying the identity information of a natural person customer who is not a Hong Kong resident?
|A1||The following are examples of documents that would be considered reliable and independent for non-Hong Kong residents:
(a) a valid travel document;
(b) a valid national (i.e., government or state-issued) identity card bearing the photograph of the individual; or
(c) a valid national driving licence incorporating all the required identification information and photographic evidence of the identity of the applicant (issued by a competent national or state authority).
(Key Reference(s): Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (For Money Service Operators) (“AML/CFT Guideline”) para. 4.3.3 and para. 2 of Appendix A)
|Q2||Acceptable travel documents
What are acceptable “travel documents” for the purpose of paragraph 4.3.3?
|A2||The following documents are examples of travel documents for the purpose of identity verification:
(b) Mainland Travel Permit for Taiwan Residents;
(c) Seaman’s Identity Document (issued under and in accordance with the International Labour Organisation Convention/Seafarers Identity Document Convention 1958);
(d) Taiwan Travel Permit for Mainland Residents;
(e) Permit for residents of Macau issued by Director of Immigration;
(f) Exit-entry Permit for Travelling to and from Hong Kong and Macau for Official Purposes; or
(g) Exit-entry Permit for Travelling to and from Hong Kong and Macau.
(Key Reference(s): AML/CFT Guideline para. 4.3.3 and para. 3 of Appendix A)
|Q3||Retention of a copy of travel documents
What part of the “travel documents” should be kept on file?
|A3||An MSO should retain a copy of the “biodata” page of the travel documents containing the bearer’s photograph and biographical details for the purpose of the record-keeping requirements in the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap.615) (“AMLO”) and the AML/CFT Guideline.
(Key Reference(s): AML/CFT Guideline para. 4.3.3)
|Q4||Change of name of a natural person customer
If a natural person customer’s name has changed, what measures should be taken by an MSO?
|A4||If a natural person customer changes their name, an MSO should verify the new name by reference to documents, data or information provided by a reliable and independent source following paragraph 4.3.3 of the AML/CFT Guideline. To mitigate the risk of impersonation, the MSO should corroborate other identification information (e.g. date of birth, Hong Kong Identity Card number) on the new identification documents against its existing records. In case of doubt, the MSO may request a copy of applicable documentation regarding the name change (e.g. marriage certificate or deed poll).
For the avoidance of doubt, if a customer’s name has changed before the establishment of a business relationship, only the current name is required to be identified and verified.
(Key Reference(s): AML/CFT Guideline para. 4.3.2)
|Identification and verification of customer’s identity – legal persons, trusts or other similar legal arrangements|
|Q5||Principal place of business
What is the “principal place of business” of a legal person?
|A5||The “principal place of business” means the location where a legal person primarily operates or the place of its main activities. It can be the same as, or differ from, the address of registered office.
Legal persons, depending on their business nature, may operate in various locations or premises of different natures. If the address of the principal place of business of a legal person is not in line with an MSO’s understanding of the legal person’s business nature or customer profile, the MSO should seek to understand the rationale for why that address is provided to the MSO.
(Key Reference(s): AML/CFT Guideline para. 4.3.6)
|Q6||Address of registered office
Does an MSO need to separately ask the customer to provide “address of registered office” information, if such information is included in a document provided by a reliable and independent source that is obtained by (or otherwise available to) the MSO?
|A6||Paragraph 4.3.6(c) requires MSOs to obtain the address of registered office of a legal person. When the address of registered office of a legal person is included in a document provided by a reliable and independent source (e.g., certificate of incumbency) that is obtained by (or otherwise available to) the MSO for verification of the legal person's identity, an MSO may accept the document as an evidence of the address of registered office unless the MSO was made aware that such address was out of date.
(Key Reference(s): AML/CFT Guideline para. 4.3.6)
What documents need to be obtained to verify the identity of a partnership?
|A7||The identity of a partnership can be verified by a record of registration or a partnership agreement or deed (which may be an extract or redacted version for customers / circumstances that are not deemed to present a high ML/TF risk). However, if a record of registration is obtained, an additional document may be required to understand the powers that regulate and bind the partnership, which may not be covered by that record itself.
If the customer (ie the partnership) is a well-known, reputable organisation with a long history in its industry and there is substantial public information about the customer, its partners and controllers, then confirmation of the customer’s membership of a professional or trade industry is likely to be sufficient to verify the identity of the customer.
(Key Reference(s): AML/CFT Guideline para. 4.3.7 and 4.3.8)
Is it mandatory to obtain and verify an ownership chart for a legal entity customer?
|A8||An MSO is obliged to understand the ownership and control structure of its customers. Although obtaining an ownership chart from the customer is the most convenient way of doing this, there is no strict requirement to do so.
In deciding whether an ownership chart should be obtained, an MSO should take into account the risk profile of the customer and the complexity of the ownership or control structure.
Although an MSO needs to identify any intermediate layers, it needs not, as a matter of routine, verify the details of the intermediate companies in the ownership structure. Whether this is necessary will depend upon the MSO’s overall understanding of the structure, the customer’s risk profile and whether the information available is adequate in the circumstances for the MSO to consider if it has taken adequate measures to identify the beneficial owners.
(Key Reference(s): AML/CFT Guideline para. 4.4.14)
|Q9||Presence of directors or beneficial owners for the purpose of account opening
Is there any requirement for directors and beneficial owners of a legal person to establish business relationship with an MSO and be physically present at account opening?
|A9||In general, a corporate account is opened in the name of a legal person by a natural person who is authorised to act on behalf of that legal person to establish business relationship with an MSO. The AML/CFT Guideline does not mandate whether the natural person should be a director or beneficial owner of a customer so long as the natural person has been properly authorised to act on behalf of the customer to establish business relationship with the MSO. The basic requirement in this regard is for an MSO to identify and verify the identity of that natural person as well as obtaining the written authority to verify that the natural person has the authorisation of the legal person to establish a business relationship with the MSO.
If, in such a case, the business relationship is established through a face-to-face channel, at least one natural person who is authorised to establish the business relationship should be physically present at the time of account opening.
For the avoidance of doubt, if, in such a case, the business relationship is established through a non-face-to-face channel (i.e., the natural person acting on behalf of the legal person customer to establish the business relationship is not physically present for identification purpose), the MSO should mitigate any increased risk according to paragraph 4.10.4 of the AML/CFT Guideline, such as applying additional due diligence measures set out in paragraph 4.10.1.
(Key Reference(s): AML/CFT Guideline para. 4.10.1 and 4.10.4)
|Definition of beneficial owner|
|Q10||Who should be considered as an individual who "exercises ultimate control over the management of the corporation"?|
|A10||The following are some examples of natural persons who could be considered as beneficial owners on the basis that they exercise ultimate control over the management of the corporation:
(a) A natural person who exerts control of a legal person through means such as personal connections to persons who would be beneficial owners due to owning more than 25% of the shares or voting rights.
(b) A natural person who exerts control without ownership by participating in the financing of the enterprise, or because of close and intimate family relationships, historical or contractual associations, or if a company defaults on certain payments. Furthermore, control may be presumed even if control is never actually exercised, such as using, enjoying or benefiting from the assets owned by the legal person.
There is no requirement to actively identify a person exercising ultimate control over a customer where nothing obtained during the customer due diligence (“CDD”) process suggests that such a person exists.
(Key Reference(s): AML/CFT Guideline para. 4.4.5)
|Person purporting to act on behalf of the customer (“PPTA”)|
|Q11||Identifying the PPTA
Who should be treated as a PPTA?
|A11||A person may utilise a business relationship established between an MSO and another person (natural or legal person) or legal arrangement to conduct ML/TF activities. Financial Action Task Force (“FATF”) Recommendation 10 requires financial institutions to identify and verify the identity of any PPTA, and the AMLO adopts the same requirement.
Neither the FATF Recommendations nor the AMLO define the scope of PPTA. The AML/CFT Guideline explains that whether the person is considered to be a PPTA should be determined based on the nature of that person’s roles and the activities which the person is authorised to conduct, as well as the ML/TF risks associated with these roles and activities.
MSOs should adopt a framework procedure for assisting their employees in assessing who would ordinarily be considered a PPTA for each customer segment. The approach and rationale should be consistent across departments and customer segments, to the extent possible.
(Key Reference(s): AML/CFT Guideline para. 4.5.1)
|Q12||Lists of signatories
Is an MSO required to identify and verify the identity of all authorized signatories?
|A12||Authorized signatories are only required to be identified and verified if they are a PPTA. Instead of verifying the PPTAs’ identities by reference to the identification document, data or information for each PPTA, MSOs may take other reasonable measures (i.e. appropriate measures which are commensurate with the ML/TF risks). For example, where a business relationship is assessed to present a low ML/TF risk, an MSO could verify the PPTAs’ identities by reference to a list of PPTAs, whose identities and authority to act have been confirmed by a department or person within that customer which is independent to the persons whose identities are being verified (for example, compliance, audit or human resources).
For the avoidance of doubt, as indicated in paragraph 4.5.3 of the AML/CFT Guideline, the MSO is required to identify the PPTA by obtaining at least the following identification information:
Natural person PPTA:
(a) full name;
(b) date of birth;
(c) nationality; and
(d) unique identification number and document type.
Legal person PPTA:
(a) full name;
(b) date of incorporation, establishment or registration;
(c) place of incorporation, establishment or registration (including address of registered office);
(d) unique identification number and document type; and
(e) principal place of business (if different from the address of registered office).
(Key Reference(s): AML/CFT Guideline para. 4.5.3)
|Reliability of documents, data or information|
What measures is an MSO expected to take to ensure the reliability of identification documents which are in electronic form?
|A13||The AML/CFT Guideline recognises that some commonly used original identification documents can be in electronic form. An MSO should take appropriate measures to ensure the reliability of the electronic documents. The appropriateness of the measures to be taken will depend on the type of identification document in question.
For example, an original certificate of incorporation issued by the Hong Kong Companies Registry is available in electronic form. When accepting a print copy of an electronic certificate of incorporation, an MSO can corroborate with other identification document or information (e.g., record of companies registry) to ensure the reliability of the print copy.
For the avoidance of doubt, corroboration would not be required for instances where the MSO itself has downloaded a particular document (as opposed to having received a print copy of it) from a reliable source (e.g., the Hong Kong Companies Registry’s website).
(Key Reference(s): AML/CFT Guideline para. 4.3.16)
|Q14||Document in foreign language
Does the translation need to be performed by a professional third party (e.g., solicitor)?
|A14||Paragraph 4.3.17 requires MSOs to take appropriate steps to be reasonably satisfied that the documents in foreign language in fact provide evidence of the customer’s identity. There is no requirement that the translation has to be performed by a professional third party (e.g., solicitor) or someone who is qualified; an MSO may obtain a translation from a reliable source, which may include technology solutions and commonly used translation tools.
(Key Reference(s): AML/CFT Guideline para. 4.3.17)
If a previously obtained identity document such as passport of a customer is expired, does the MSO need to re-verify any aspect of customer identification by obtaining a current identity document?
|A15||The MSO does not need to re-verify any aspect of customer identification just because of the expiry of a previously obtained identity document. According to footnote 39 to paragraph 5.2 of the AML/CFT Guideline, once the identity of a customer has been satisfactorily verified, there is no obligation to re-verify identity unless in specified circumstances; however, the MSO should take steps from time to time (i.e., during a periodic or trigger event customer due diligence (“CDD”) review) to ensure that the customer information that has been obtained is up-to-date and relevant.
(Key Reference(s): AML/CFT Guideline para. 5.2 and footnote 39)
|Enhanced measures for high risk customers and jurisdictions|
|Q16||Source of wealth
Does an MSO need to establish source of wealth for every customer?
|A16||No. Under a risk-based approach, MSOs are required to establish the customer’s source of wealth in high risk situations. Examples of these situations include (a) a customer or whose beneficial owner is a foreign politically exposed person (“PEP”); (b) a high risk business relationship with a customer or whose beneficial owner is a domestic PEP or an international organisation PEP; and, where appropriate, (c) other situations that by its nature presents a high money laundering and terrorist financing risk. Therefore, MSOs are not expected to establish source of wealth for each and every customer.
For customers who are non-high risk, some of the information that is obtained by (or otherwise available to) an MSO to understand the purpose and intended nature of the business relationship (e.g., occupation of individual customers, business nature of corporate customers, etc.) should often be sufficient for the MSO to have a basic understanding of the customer’s profile and accordingly be able to monitor that the account balance, and value and volume of transactions, is in line with the expected wealth and profile of the customer.
For high risk customers, there is no expectation to apply the same source of wealth procedures to all these customers in the same manner, or collect evidence dating back decades when the risk does not justify doing so, as it is often impractical.
(Key Reference(s): AML/CFT Guideline para. 4.9.3, 4.9.10 and 4.9.15)
|Q17||Jurisdictions subject to a call by the FATF
Which jurisdictions are subject to a call by the FATF?
|A17||Only jurisdictions listed in the FATF statement: “The FATF Public Statement” should be regarded as “jurisdictions for which this is called for by the FATF” under paragraph 4.15.1 of the AML/CFT Guideline. Enhanced customer due diligence (“EDD”) measures that are proportionate to the risks should be conducted on business relationships and transactions with customers from these jurisdictions.
For the avoidance of doubt, conducting EDD is not mandatory for customers connected to jurisdictions listed in the FATF statement: “Improving Global Anti-Money Laundering and Counter-Financing of Terrorism (“AML/CFT”) Compliance: On-going Process”. However, the fact that a customer is connected to such a jurisdiction should be taken into account in determining the overall risk profile of the customer.
(Key Reference(s): AML/CFT Guideline para. 4.15.1)
|Q18||International organisation PEPs
Are agencies of the United Nations considered to be “international organisations” for the purposes of establishing PEP status?
|A18||Yes, agencies of the United Nations are international organisations and such agencies are listed on the UN website currently available at the following website:
(Key Reference(s): AML/CFT Guideline para. 4.9.12)
|Q19||International organisation PEPs
Should individuals with a prominent function at all kinds of international organisations be regarded as a PEP?
|A19||“International organisations” are defined in the AML/CFT Guideline as entities established by formal political agreements between their member States that have the status of international treaties; their existence is recognised by law in their member countries; and they are not treated as resident institutional units of the countries in which they are located. As such, individuals at organisations that do not meet these criteria are not international organisation PEPs.
However, if an individual holds a prominent function at an organisation that may have certain similarities to, but which nevertheless does not meet the prescribed definition of, an “international organisation” (e.g. an international sport association), the MSO should consider whether this impacts the risk profile of the customer.
(Key Reference(s): AML/CFT Guideline para. 4.9.13)
Should an MSO apply EDD measures on foreign PEPs that are no longer entrusted with a prominent public function?
How about the former domestic or international organisation PEPs?
|A20||An MSO should apply all the EDD measures set out in paragraph 4.9.10 of the AML/CFT Guideline even when a foreign PEP is no longer entrusted with a prominent public function. The MSO should nevertheless adopt risk-based approach (“RBA”) in determining the extent of EDD measures taking into account factors like the level of influence that a foreign PEP may continue to exercise after stepping down from the prominent public function.
If a domestic PEP or an international organization PEP is no longer entrusted with a prominent (public) function, an MSO may adopt an RBA to determine whether to apply or continue to apply the EDD measures set out in paragraph 4.9.10 in a high risk business relationship with a customer who, or whose beneficial owner is, that domestic PEP or international organization PEP, taking into account various risk factors.
For the avoidance of doubt, the extent of any EDD measures applied should also be determined on an RBA according to paragraph 4.9.21 of the AML/CFT Guideline.
(Key Reference(s): AML/CFT Guideline para. 4.9.7, 4.9.16 and 4.9.21)
|Q21||Senior management approval
Who qualifies as “senior management” for the purposes of being able to approve establishing / continuing a business relationship with a PEP?
|A21||It is for individual MSOs to determine this question, as organisational structures vary from MSO to MSO. MSOs should maintain clear and documented policies setting out the persons within the institution who are able to approve PEP customer onboarding and a continued business relationship. In any event, it should only include those with sufficient seniority. The number and title of such persons will vary according to the size, type and institutional risk assessment of the MSO. Senior management may include personnel in another jurisdiction if this reflects the MSO’s organisational structure and risk management practices.
(Key Reference(s): AML/CFT Guideline para. 4.9.10 and 4.9.21)
|Q22||Using intermediaries for ongoing monitoring
If an MSO relies on an intermediary to carry out CDD measures when on boarding a customer, can the MSO further rely on the intermediary to conduct ongoing monitoring?
|A22||No. Section 18 of Schedule 2 to the AMLO (“Schedule 2”) only allows an MSO to carry out any CDD measures set out in section 2 of Schedule 2 by means of an intermediary but does not allow an MSO to rely on an intermediary to continuously monitor relevant business relationships as required by section 5 of Schedule 2. Therefore, an MSO cannot rely on an intermediary to continuously monitor its business relationships with a customer (i.e., ongoing CDD and transaction monitoring).
However, an MSO may use an intermediary to collect further documents, data and information, and provide or coordinate relevant updates, to assist the MSO in ensuring that the CDD records maintained by the MSO remain up-to-date and relevant.
(Key Reference(s): Section 2, 5 and 18 of Schedule 2 and AML/CFT Guideline footnote 33)
|Q23||Independent validation of transaction monitoring systems
Who can independently validate an MSO’s transaction monitoring systems and processes?
|A23||Such validation can be performed by an external party or an internal audit function of the MSO. Subject to appropriate segregation of duties, the internal audit function should have sufficient expertise and resources to enable it to carry out an independent review of the MSO’s AML/CFT systems (see paragraph 3.11 of the AML/CFT Guideline).
(Key Reference(s): AML/CFT Guideline para. 3.11 and 5.8)
|Q24||Sanctions screening of parties involved in payments
In a cross-border wire transfer, who must be screened as a “relevant party”?
|A24||An MSO should, at a minimum, screen the following relevant parties in a cross-border wire transfer:
(c) ordering institution;
(d) intermediary institution;
(e) beneficiary institution; and
(f) named parties (e.g., individuals, companies, banks etc) in the payment message.
(Key Reference(s): AML/CFT Guideline para. 6.16(c))
|Q25||Accuracy of originator information
How should an ordering institution ensure that the required originator information is accurate?
|A25||The required originator information is deemed to be accurate if the identity of the originator has been verified in compliance with the AMLO and the AML/CFT Guideline. No further verification of the originator information is normally required, although ordering institutions may exercise their discretion to do so in individual cases.
(Key Reference(s): AML/CFT Guideline para. 10.8)
For wire transfers over $8,000, can the originator’s address accompanying the wire transfer be a Post Office (“PO”) box address?
|A26||The address information accompanying the wire transfer should be sufficient to identify clearly the location of party / parties for sanctions screening and AML/CFT monitoring purposes. Therefore, having a PO Box as an address should be avoided except where no alternative exists.
(Key Reference(s): AML/CFT Guideline para. 10.8)
If an MSO decides to use certification as a supplementary measure to fulfil the requirement of section 9 of Schedule 2, what documents should be certified?
|A27||In general, the identification document used for the purpose of identity verification (e.g., official document such as an identity card, passport, certificate of incorporation, or certificate of incumbency etc) should be subject to certification.
There is no expectation to require certification for all other CDD information or documents provided by the customer; or to require certification if an MSO is able to check the documents against public sources.
As a general principle, customers should always be provided with the opportunity, if they wish to do so, to present their original documents to the staff of the MSO.
(Key Reference(s): AML/CFT Guideline para. 4.10.3 and para. 7 to 10 of Appendix A)
|Q28||Record-keeping of unsuccessful applicants
For cases of unsuccessful application for business, is an MSO required to retain the identification records and documents in relation to the unsuccessful applicants?
|A28||Under the AMLO, there is no requirement for an MSO to maintain records and documents involving unsuccessful applicants. This, however, does not preclude the MSO from retaining the relevant records and documents in order to meet its other statutory obligations.
(Key Reference(s): AML/CFT Guideline Chapter 8)
|FAQ in Application for an MSO Licence|
|Q1||When was the Anti-Money Laundering and Counter-Terrorist Financing Ordinance, Chapter 615, implemented?|
|A1||The Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance (“AMLO”), Chapter 615, was passed on 29 June 2011 and came into operation on 1 April 2012, and amended as The Anti-Money Laundering and Counter-Terrorist Financing Ordinance in February 2018.|
|Q2||Who are subject to the statutory duties under the “AMLO”?|
|A2||Money Service Operators (“MSOs”) and the Postmaster General as well as other specified financial institutions.|
|Q3||What is the definition of a Money Service Operator (“MSO”)?|
|A3||A person who or an institution which operates a money changing service or a remittance service is a Money Service Operator.|
|Q4||Who is the relevant authority for the “MSOs” and the Postmaster General under the “AMLO”?|
|A4||The Commissioner of Customs & Excise (“CCE”) is the relevant authority under the “AMLO”.|
|Q5||What should I do if I wish to operate a money changing and/or remittance service under the “AMLO”?|
|A5||Under the “AMLO”, any person who wishes to operate a money service must apply for a licence from the “CCE”.|
|Q6||When should “MSOs” apply for a licence?|
|A6||“MSOs” should submit application for a licence to the “CCE” commencing on 1 April 2012.|
|Q7||How to apply?|
|A7||The application can be submitted in paper or through e-platform.|
|Q8||How to apply in paper?|
|A8||The application form can be downloaded from the C&ED website at http://www.customs.gov.hk After completion, the application form together with copies of supporting documents should be submitted by post or in person to the “CCE” (i.e. Money Service Supervision Bureau at Units 402-403, 4/F, Centre Parc, 11 Sheung Yuet Road, Kowloon Bay, Kowloon).|
|Q9||How to apply through e-platform?|
|A9||The application form can be completed and submitted with relevant supporting documents through the C&ED website at http://www.customs.gov.hk.|
|Q10||What are the conditions for the “CCE” to grant an “MSO” licence?|
|A10||The conditions that “CCE” will consider in granting a licence are set out in section 30(3) and (4) of the “AMLO”. In brief, the applicant (or any partner / director / ultimate owner) must not have been convicted of an offence specified at section 30(4), or is an undischarged bankrupt, and the premises for operation of the “MSO” business is considered by “CCE” to be suitable. For easy reference, the said offences under section 30(4)(a)(i) – (iv) and other provision under section 30(4)(b) – (e) are tabulated at Appendix 1.|
|Q11||Can “MSOs” use domestic premises as their business premises to apply for the licence?|
|A11||Premises situated in a wholly residential building are not considered to be suitable for registration to operate money service. Where particular premises are situated in a mixed commercial and residential building (i.e. situated in domestic premises), the applicant has secured the written consent of every occupant of the premises for any authorized person of C&ED to enter the premises to conduct inspection. Please refer to paragraph 4.6 of the Licensing Guide for more details on suitability of premises.|
|Q12||Do the “MSOs” need to pay for the licence?|
|A12||“MSOs” have to pay fees for a licence as set out at Appendix 2.|
|Q13||How long is the validity of a licence?|
|A13||The licence will be valid for 2 years and a licensee should apply for renewal not later than 45 days before the licence is due to expire.|
|Q14||If the application is unsuccessful, will the fees be refunded?|
|Q15||Who may answer MSOs’ questions in case of doubt?|
|A15||The Customs & Excise Department may answer their enquiries which can be made via :-
|Q.1||What are the requirements for a computer to access MSOS through Internet?|
|A.1||The system requirements are as follows:
Although we make our best effort to test our online services with the latest version of the browser, it takes time to perform testing. If you experience any issues, please report to us.
|Q.2||Where can I download Adobe Reader?|
|A.2||You can download Adobe Reader at here.|
|Q.3||What is the timeout limit for the MSOS?|
|A.3||The timeout limit of the MSOS is 30 minutes.|
|Q.4||When uploading supporting document, I received the error message: "File size exceeds limit". What can I do?|
|A.4||The reason you received the error is due to a file size limit of 2 MB when uploading to our system. You could reduce the file size or split the file into at most 3 files for the upload purpose.|