Anti-Money Laundering and Counter-Terrorist
Financing (AML/CFT) Policy

1. Introduction and Business Model of the Firm

Prepaid Global HK Limited (the “firm”) is a licensed Money Service Operator (“MSO”) in the business of providing Prepaid Card -Services which allows our customers to launch the prepaid card program without requiring any prior experience or knowledge of running a prepaid card program. It is the perfect platform for companies looking for a simple and secure way to pay commissions, reward loyalty or distribute compensations to their clients, employees, agents, affiliates or members. It also offers a cost-effective alternative to traditional corporate payroll programs and investment advisory services. This enables our customers to take advantage of our turn-key platform and prepaid cards dedicated to their brand and company image. By allowing companies to effortlessly put their company brand on the front lines and custom design the entire program with their brand mark, this has enabled clients to identify with their brand and enhance client retention rates.

The firm also offers global money transfers for businesses. We strongly believe in providing compliant, reliable and secure cross-border money transfer for our customers to enhance their business. We have a wealth of experience and expertise in providing customised solutions to suit the individual needs of our customers. Reliable and cost effective, we don’t just move money for our customers, we safeguard their profit margins when they need to make business-critical decisions for their international payments.

More information about the types of products and services we offer can be found on our website at https://www.prepaidglobal.net/contact-us/.

Our comprehensive AML/CFT policies and procedures are set out and elaborated on below.

2. Firm Policy and Introduction to AML/CFT Framework in Hong Kong

It is the policy of the firm to prohibit and actively prevent money laundering and any activity that facilitates money laundering or the funding of terrorist or criminal activities by complying with all applicable requirements under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Chapter 615) (“AMLO”), the Banking Ordinance (Chapter 155), Drug Trafficking (Recovery of Proceeds) Ordinance (Chapter 405), the Organized and Serious Crimes Ordinance (Chapter 455), the United Nations (Anti-Terrorism Measures) Ordinance (Chapter 575), and all relevant subsidiary legislation as may be the case.

Money laundering is generally defined as engaging in acts designed to conceal or disguise the true origins of criminally derived proceeds so that the proceeds appear to have derived from legitimate origins or constitute legitimate assets. Generally, money laundering occurs in three stages. Cash first enters the financial system at the “placement” stage, where the cash generated from criminal activities is converted into monetary instruments, such as money orders or traveler’s checks, or deposited into accounts at financial institutions. At the “layering” stage, the funds are transferred or moved into other accounts or other financial institutions to further separate the money from its criminal origin. At the “integration” stage, the funds are reintroduced into the economy and used to purchase legitimate assets or to fund other criminal activities or legitimate businesses.

The Money Service Operator industry is unique in that it can be used to launder funds obtained elsewhere, and to generate illicit funds within the industry itself through fraudulent activities. Examples of types of fraudulent activities include insider trading, market manipulation, ponzi schemes, cybercrime and other investment-related fraudulent activity.

Terrorist financing may not involve the proceeds of criminal conduct, but rather an attempt to conceal either the origin of the funds or their intended use, which could be for criminal purposes. Legitimate sources of funds are a key difference between terrorist financiers and traditional criminal organizations. In addition to charitable donations, legitimate sources include foreign government sponsors, business ownership and personal employment. Although the motivation differs between traditional money launderers and terrorist financiers, the actual methods used to fund terrorist operations can be the same as or similar to methods used by other criminals to launder funds. Funding for terrorist attacks does not always require large sums of money and the associated transactions may not be complex.

The negative effects of money laundering and terrorist financing on businesses or the economies of countries are quite high. The high risks and negative effects of money laundering do not prove that these crimes cannot be prevented: Effective anti-money laundering (“AML”) and countering terrorist financing (“CTF”) (used interchangeably with “CFT”) applications and businesses’ programs are a powerful part of dealing with money laundering. An effective AML / CTF framework increases its deterrence for crime and allows them to minimize their risk. Every AML / CTF step taken in businesses is of great importance. An AML Compliance Program allows businesses to easily comply with regulations, thus protecting themselves against risks and avoiding regulatory penalties. Anti-Money Laundering regulations, audits, and penalties have been increasing by the year. Therefore, the importance of effective AML / CTF Framework is increasing in businesses day by day.

Our AML policies, procedures and internal controls are designed to ensure compliance with all applicable rules and regulations and will be reviewed and updated on a regular basis to ensure appropriate policies, procedures and internal controls are in place to account for both changes in regulations and changes in our business. We will take all reasonable measures to ensure that proper safeguards exist to prevent a contravention of any requirement under Part 2 or 3 of the AMLO and to mitigate AML / CTF risks. Specifically, our attention is brought to section 19(3) of Schedule 2 of the AMLO, wherein we will comply with the requirement to establish and maintain effective procedures not inconsistent with the AMLO for the purposes of carrying out our duties under the AMLO.

For the avoidance of doubt, it should be noted that in the design and implementation of this policy, we adopt a risk-based approach with a view to managing and mitigating our AML / CTF risks.

3. AML Compliance Person Designation and Duties

The firm has designated its Qualified Anti-Money Laundering Program Compliance Officer (Compliance Officer), with full responsibility for the firm’s AML program. Compliance Officer has a working knowledge of the AMLO and its implementing regulations and is qualified by experience, knowledge, and training. The duties of the Compliance Officer will include monitoring the firm’s compliance with AML obligations, and overseeing communication and training for employees. The Compliance Officer will also ensure that the firm keeps and maintains all the required AML records and will in the capacity as Money Laundering Reporting Officer ensure that Suspicious Transaction Reports (STRs) are filed with the Joint Financial Intelligence Unit (the “JFIU”) when appropriate. The Compliance Officer is vested with full responsibility and authority to enforce the firm’s AML program, and shall implement appropriate AML / CFT policies and procedures. Where the Compliance Officer and Money Laundering Reporting Officer are different persons, the Money Laundering Reporting Officer shall report to the former.

The firm will provide the JFIU or any other relevant authorities with contact information for the AML Compliance Officer on request. The firm will promptly notify the JFIU of any change in this information, and if necessary, update this information within 17 business days after the end of each calendar year. The annual review of this contact information will be conducted by senior management and will be completed with all necessary updates being provided no later than 17 business days following the end of each calendar year. In addition, if there is any change to the information, senior management will update the information promptly, but in any event not later than 30 days following the change.

4. Giving AML Information to Enforcement Agencies, Regulators, and Other Authorities

We will cooperate with the Customs and Excise Department and where required, respond to a request from the said Department concerning accounts and transactions by immediately searching our records to determine whether we maintain or have maintained any account for, or have engaged in any transaction with, each individual, entity or organization named in the Request. We understand that we have 14 days (unless otherwise specified) from the transmission date of the request to respond to the request. If we find a match, we will report it to the Customs and Excise Department within 14 days or within the time requested by the Customs and Excise Department in the request. If the search parameters differ from those mentioned, we structure our search accordingly. We will maintain documentation that we have performed the required search.

We will not disclose the fact that the Customs and Excise Department has requested or obtained information from us, except to the extent necessary to comply with the information request. We will review, maintain, and implement procedures to protect the security and confidentiality of requests from the Customs and Excise Department with regard to the protection of customers’ non-public information.

We will direct any questions we have about the request to the Customs and Excise Department. Unless otherwise stated in the request, we will not be required to treat the information request as continuing in nature, and we will not be required to treat the periodic requests, if any, as a government provided list of suspected terrorists for purposes of the customer identification and verification requirements.

In addition to the above, we will also cooperate with the Customs and Excise Department relating to any inspections and investigations, routine or otherwise. We will also cooperate with other law enforcement agencies, regulators, or authorities whenever required under the laws of Hong Kong.

5. AML / CFT Customer Screening Process

Before opening an account, and on an ongoing basis, we will check to ensure that a customer does not appear on the Specially Designated Nationals and Blocked Persons List (SDN list) or is not engaging in transactions that are prohibited by the economic sanctions and embargoes administered and enforced by the Office of Foreign Assets Control (OFAC) of the United States Department of the Treasury. Because the SDN list and listings of economic sanctions and embargoes are updated frequently, we will consult them on a regular basis and subscribe to receive any available updates when they occur. With respect to the SDN list, we may also access that list through various software programs to ensure speed and accuracy. We will also review existing accounts against the SDN list and listings of current sanctions and embargoes when they are updated and we will document the review.

If we determine that a customer is on the SDN list or is engaging in transactions that are prohibited by the economic sanctions and embargoes administered and enforced by OFAC, we will reject the transaction and/or block the customer’s assets and file a blocked assets and/or rejected transaction form with the Joint Financial Intelligence Unit within 10 days. We will also call the JFIU Hotline at (852) 2866 3366 immediately.

In relation to customers who may be a politically exposed person (PEP), meaning that the customer is an individual who is currently or has previously been entrusted with a prominent public position, screening will be conducted to ascertain if the current or potential client is a PEP. This includes not only verifying the identity of the said client and having an automatic screening system in place, but also utilizing a technology called “fuzzy matching”. Fuzzy matching technology allows the detection of data matches that are not a 100% match. For example, fuzzy matching could detect a PEP even if they use an alternate spelling of their name. Normal screening technologies would require an exact match. If a PEP is genuinely corrupt, they are more likely to provide false information about themselves, which is why we use fuzzy matching.

We will also check a PEP’s country of origin and compare it against sanction lists. In addition, we will also exercise professional skepticism and do a search and on the public information that is available regarding the potential client. Factors who we look out for will include whether the PEP was recently elected into public office, or were they appointed to a higher government position, and whether they have previously been involved in any scandals or misconduct. All results arising from the searches will be documented.

For completeness, all screening of customers, whether as part of ongoing monitoring or onboarding, will be done through a commercial research database.

6. Risk Assessment

The firm will take all appropriate steps to identify, assess, and understand out AML / CFT risks in a complete and holistic sense. This risk assessment involves documentation, consideration of the risk factors, periodic updates to keep the risk assessment updated, and having the appropriate mechanism to share the information with the relevant authorities. The controls enacted by the firm as stated in this policy are formulated in accordance with the following risk assessment methodology: [Inherent Risks – Mitigating Controls = Residual Risks].

The mitigating controls written into this policy and corresponding risk-mitigating procedures have been approved by senior management, allowing the firm to mitigate our AML / CFT risks. We will continue to monitor policies, procedures, and controls to ensure they remain current. In the cases where the AML / CFT risks remain elevated, we will take enhanced measures, by way of having enhanced controls and due diligence, and/or conducting greater transactional surveillance. These internal controls, policies, and procedures will be regularly updated when there are significant changes.

Where there are new products, practices, and technologies, the firm will consider these as part of the risk assessment process. The firm will assess the vulnerabilities, undertake a risk assessment before dealing with such new products, practices, and technologies, and ensure that the inherent risks have suitable control(s) to lessen the residual risk. We will pay particular care and attention around products, services, or channels that provide anonymity.

7. Customer Identification Program

a. Required Customer Information

Prior to opening an account, we will collect the following information for all accounts, if applicable, for any person, entity or organization that is opening a new account and whose name is on the account:

PPG CDD/ KYC REQUIREMENTS FOR ONBOARDING:

KYC Requirements for Individuals:

For Hong Kong Residents:

1. Scanned copy of Hong Kong Identity Card (front and back) or Passport (with signature page) –in COLOR, and all 4 corners of the document must be clearly visible.

2. Proof of Address – Bank Statement/Utility Bill/Credit Card Statement/Tax Statement/ National Identification Card/ Driving License issued within the last 3 months. All 4 corners of the document must be clearly visible.

For Singapore Citizens :

1. Scanned copy of Passport (with signature page) OR National Identification Card (front and back) –in COLOR, and all 4 corners of the document must be clearly visible.

2. Proof of Address – Bank Statement/Utility Bill/Credit Card Statement/Tax Statement/ National Identification Card/ Driving License issued within the last 3 months. All 4 corners of the document must be clearly visible.



For Other Foreigners :

Please note that all documents should be in provided in English, or translated into English.

1. Scanned copy of Passport (with signature page) –in COLOR, and all 4 corners of the document must be clearly visible

2. Proof of Address – Bank Statement/Utility Bill/Credit Card Statement/ National Identification Card/ Driving License issued within the last 3 months. All 4 corners of the document must be clearly visible.

Note: This list is not exhaustive, and PPG may request for additional information at its discretion.

KYC Requirements for Companies/ Corporates:

For Hong Kong Registered Companies :


1. Business Registration (BR) and Certificate of Incorporation (CI)

2. Articles of Association
3. Latest Annual Return (Form NAR1)

4. Details of the ownership and structure control of the company, e.g. an ownership chart

5. Scanned copy of Passport (with signature page) – in COLOR, and all 4 corners of the document must be clearly visible: All directors

6. Scanned copy of Passport (with signature page) – in COLOR, and all 4 corners of the document must be clearly visible: All shareholders/ beneficial owners (defined as each individual with 25% or more equity interest in the legal entity, whether directly or indirectly.)

7. Proof of Address – Bank Statement/Utility Bill/Credit Card Statement/Tax Statement/ National Identification Card/ Driving License issued within the last 3 months (All 4 corners of the document must be clearly visible): All directors

8. Proof of Address – Bank Statement/Utility Bill/Credit Card Statement/Tax Statement/ National Identification Card/ Driving License issued within the last 3 months (All 4 corners of the document must be clearly visible): All shareholders/ beneficial owners (defined as each individual with 25% or more equity interest in the legal entity, whether directly or indirectly.)

9. Company Bank account statement dated within the last 6 months. Sensitive information may be redacted but it must be a full page and include: company name, account number, address, transaction history

10. Any relevant licenses or permits related to the business

11. For companies incorporated for less than a year: Curriculum Vitae (CV) of the Ultimate Beneficial Owner (UBO) (defined as each individual with 25% or more equity interest in the legal entity, whether directly or indirectly.)

12. For companies incorporated for less than a year: Source of Funds supporting documents (eg.: Personal Funding bank statements, inheritance, investor funding, etc.)


For Singapore Registered Companies :


1. Latest Bizfile (ACRA) (Dated within the last 6 months)

2. Memorandum of association and Articles of Association (for companies incorporated on or before 3 January 2016)

3. Company Constitution (for companies incorporated on or after 3 January 2016

4. Details of the ownership and structure control of the company, e.g. an ownership chart

5. Scanned copy of Passport (with signature page) – in COLOR, and all 4 corners of the document must be clearly visible: All directors

6. Scanned copy of Passport (with signature page) – in COLOR, and all 4 corners of the document must be clearly visible: All shareholders/ beneficial owners (defined as each individual with 25% or more equity interest in the legal entity, whether directly or indirectly.)

7. Proof of Address – Bank Statement/Utility Bill/Credit Card Statement/Tax Statement/ National Identification Card/ Driving License issued within the last 3 months (All 4 corners of the document must be clearly visible): All directors

8. Proof of Address – Bank Statement/Utility Bill/Credit Card Statement/Tax Statement/ National Identification Card/ Driving License issued within the last 3 months (All 4 corners of the document must be clearly visible): All shareholders/ beneficial owners (defined as each individual with 25% or more equity interest in the legal entity, whether directly or indirectly.)

9. Company Bank account statement dated within the last 6 months. Sensitive information may be redacted but it must be a full page and include: company name, account number, address, transaction history

10. Any relevant licenses or permits related to the business

11. For companies incorporated for less than a year: Curriculum Vitae (CV) of the Ultimate Beneficial Owner (UBO) (defined as each individual with 25% or more equity interest in the legal entity, whether directly or indirectly.)

12. For companies incorporated for less than a year: Source of Funds supporting documents (eg.: Personal Funding bank statements, inheritance, investor funding, etc.)


For Offshore or Foreign Registered Companies :


Please note that all documents should be in provided in English, or translated into English.

1. Certificate of Incorporation / Business Registration

2. Memorandum of Articles or Constitution

3. Memorandum of Association

4. Directors and Shareholders Register (Dated within the last 6 months)

5. Details of the ownership and structure control of the company, e.g. an ownership chart

6. Scanned copy of Passport – in COLOR, and all 4 corners of the document must be clearly visible: All directors

7. Scanned copy of Passport (with signature page) – in COLOR, and all 4 corners of the document must be clearly visible: All shareholders/ beneficial owners (defined as each individual with 25% or more equity interest in the legal entity, whether directly or indirectly.)

8. Proof of Address – Bank Statement/Utility Bill/Credit Card Statement/Tax Statement/ National Identification Card/ Driving License issued within the last 3 months (All 4 corners of the document must be clearly visible): All directors

9. Proof of Address – Bank Statement/Utility Bill/Credit Card Statement/Tax Statement/ National Identification Card/ Driving License issued within the last 3 months (All 4 corners of the document must be clearly visible): All shareholders/ beneficial owners (defined as each individual with 25% or more equity interest in the legal entity, whether directly or indirectly.)
10. Company Bank account statement dated within the last 6 months. Sensitive information may be redacted but it must be a full page and include: company name, account number, address, transaction history

11. Any relevant licenses or permits related to the business

12. For companies incorporated for less than a year: Curriculum Vitae (CV) of the Ultimate Beneficial Owner (UBO) (defined as each individual with 25% or more equity interest in the legal entity, whether directly or indirectly.)

13. For companies incorporated for less than a year: Source of Funds supporting documents (eg. Personal Funding bank statements, inheritance, investor funding, etc.)


Note: This list is not exhaustive, and PPG may request for additional information at its discretion.

Our customer onboarding is conducted via our online platform, when opening an account for a foreign business or enterprise that does not have an identification number, we will request alternative government-issued documentation certifying the existence of the business or enterprise.

b. Customers Who Refuse to Provide Information

If a potential or existing customer either refuses to provide the information described above when requested, or appears to have intentionally provided misleading information, our firm will not open a new account and, after considering the risks involved, consider closing any existing account. In either case, our AML Compliance Person will be notified so that we can determine whether a suspicious transaction report should be reported to the authorities.

Specifically, in the event that a potential or existing customer is unable to provide an address or does not have a residential or business street address, we will not proceed with the account opening. Where a potential or existing customer is unable or not willing to provide a taxpayer identification number such as a passport or national ID identification number, we will not proceed with the account opening. Where the circumstances necessitate, a suspicious transaction report will be made to the authorities.

c. Verifying Information

Based on the risk, and to the extent reasonable and practicable, we will ensure that we have a reasonable belief that we know the true identity of our customers by using risk-based procedures to verify and document the accuracy of the information we get about our customers. Our Compliance Officer will analyze the information we obtain to determine whether the information is sufficient to form a reasonable belief that we know the true identity of the customer (e.g., whether the information is logical or contains inconsistencies).

We will verify customer identity through documentary means, non-documentary means or both. We will use documents to verify customer identity when appropriate documents are available. In light of the potential for identity fraud, we will supplement the use of documentary evidence by using the non-documentary means described below whenever necessary. We may also use non-documentary means, if we are still uncertain about whether we know the true identity of the customer. In verifying the information, we will consider whether the identifying information that we receive, such as the customer’s name, street address, zip code, telephone number, date of birth and National Identification number, allow us to determine that we have a reasonable belief that we know the true identity of the customer (e.g., whether the information is logical or contains inconsistencies).

Appropriate documents for verifying the identity of customers include the following:

We understand that we are not required to take steps to determine whether the document that the customer has provided to us for identity verification has been validly issued and that we may rely on a government-issued identification as verification of a customer’s identity. If, however, we note that the document shows some obvious form of fraud, we must consider that factor in determining whether we can form a reasonable belief that we know the customer’s true identity.

We will use the following non-documentary methods of verifying identity:

We will use non-documentary methods of verification when:

(1) the customer is unable to present an unexpired government-issued identification document with a photograph or other similar safeguard;
(2) the firm is unfamiliar with the documents the customer presents for identification verification;
(3) the customer and firm do not have face-to-face contact; and
(4) there are other circumstances that increase the risk that the firm will be unable to verify the true identity of the customer through documentary means.

We will verify the information within a reasonable time before or after the account is opened. Depending on the nature of the account and requested transactions, we may refuse to complete a transaction before we have verified the information, or in some instances when we need more time, we may, pending verification, restrict the types of transactions or dollar amount of transactions. If we find suspicious information that indicates possible money laundering, terrorist financing activity, or other suspicious activity, we will, after internal consultation with the firm’s AML Compliance Officer, file a suspicious transaction report with the authorities in accordance with applicable laws and regulations.

We recognize that the risk that we may not know the customer’s true identity may be heightened for certain types of accounts, such as an account opened in the name of a corporation, partnership or trust that is created or conducts substantial business in a jurisdiction that has been designated by the Financial Action Task Force (FATF) as a primary money laundering jurisdiction, a terrorist concern, or has been designated as a non-cooperative country or territory. We will identify customers that pose a heightened risk of not being properly identified. We will also take the following additional measures that may be used to obtain information about the identity of the individuals associated with the customer when standard documentary methods prove to be insufficient, such as obtaining information about beneficial ownership, and individuals with authority or control over such account(s). If we find suspicious information that indicates possible money laundering, terrorist financing activity, or other suspicious activity, we will, after internal consultation with the firm’s AML Compliance Officer, file a suspicious transaction report with the authorities in accordance with applicable laws and regulations.

d. Lack of Verification

When we cannot form a reasonable belief that we know the true identity of a customer, we will do the following: (1) not open an account; (2) impose terms under which a customer may conduct transactions while we attempt to verify the customer’s identity; (3) close an account after attempts to verify a customer’s identity fail; and (4) determine whether it is necessary to file a suspicious transaction report with the authorities in accordance with applicable laws and regulations.

e. Recordkeeping

We will document our verification, including all identifying information provided by a customer, the methods used and results of verification, and the resolution of any discrepancies identified in the verification process. We will keep records containing a description of any document that we relied on to verify a customer’s identity, noting the type of document, any identification number contained in the document, the place of issuance, and if any, the date of issuance and expiration date. With respect to non-documentary verification, we will retain documents that describe the methods and the results of any measures we took to verify the identity of a customer. We will also keep records containing a description of the resolution of each substantive discrepancy discovered when verifying the identifying information obtained. We will retain records of all identification information for five years after the account has been closed; we will retain records made about verification of the customer’s identity for five years after the record is made.

f. Reliance on Another Financial Institution for Identity Verification

We may, under the following circumstances, rely on the performance by another financial institution (including an affiliate) of some or all of the elements of our Customer Identification Program with respect to any customer that is opening an account or has established an account or similar business relationship with the other financial institution to provide or engage in services, dealings or other financial transactions:

8. Customer Due Diligence

The relevant workflow of the firm’s AML/CFT process can be summarized as follows:

A customer is a natural person, legal entity or legal arrangement, such as a trust structure, which establishes or intends to build a business relationship, or undertakes or wants to conduct a transaction with an account being opened with the firm. In this context, a “business relationship” is one between a person and the firm and this includes a business, professional or commercial relationship: (a) that has an element of duration; or (b) that the firm, at the time the person first contacts it in the person’s capacity as a potential customer of the firm, expects to have an element of duration.

Customer Due Diligence (“CDD”) measures are conducted to identify the customer and verify the customer’s identity on the basis of documents, data or information provided. Said in another way, it is the processes by which our firm collects and evaluates relevant information about a customer or potential customer.

The firm will carry out CDD measures in relation to a customer or potential customer before establishing a business relationship with the customer. However, we may verify the identity of a customer or potential customer and any beneficial owner of the customer or potential customer after establishing a business relationship with the customer if this is necessary not to interrupt the normal conduct of business with regard to the customer or potential customer, and any risk of money laundering or terrorist financing that may be caused by carrying out the verification after establishing the business relationship can be effectively managed by us. Where the firm carries out verification after establishing a business relationship with a customer or potential customer in the interest of time, we shall complete the verification as soon as reasonably practicable after establishing the business relationship

The firm will also carry out CDD measures in relation to a customer or potential customer before carrying out for the customer an occasional transaction involving an amount equal to or above HK$120,000 or an equivalent amount in any other currency, whether the transaction is carried out in a single operation or in several operations that appear to the firm to be linked.

Where the firm suspects that a customer or potential customer’s account is involved in money laundering or terrorist financing and/or the firm doubts the veracity or adequacy of any information previously obtained for the purpose of identifying the customer or potential customer or for the purpose of verifying the customer or potential customer’s identity, the firm will also carry out CDD measures before carrying out for the customer or potential customer an occasional transaction that is a wire transfer involving an amount equal to or above HK$8,000 or an equivalent amount in any other currency, whether the transaction is carried out in a single operation or in several operations that appear to the firm to be linked.

If we are unable to comply with or complete CDD measures on a customer or potential customer, the firm will not establish a business relationship or carry out any occasional transaction with that customer, and if we have already established a business relationship with that customer, we shall terminate the business relationship as soon as reasonably practicable.

a. Identification and Verification of Beneficial Owners

At the time of opening an account for a legal entity customer, our compliance officer will identify any individual that is a beneficial owner of the legal entity customer by identifying any individuals who directly or indirectly own 25% or more of the equity interests of the legal entity customer, and any individual with significant responsibility to control, manage, or direct a legal entity customer. The following information will be collected for each beneficial owner:

(1) the name;
(2) date of birth (for an individual);
(3) an address, which will be a residential or business street address (for an individual) or a principal place of business, local office, or other physical location (for a person other than an individual); and
(4) an identification number, which will be a passport or national ID identification number, or one or more of the following: a taxpayer identification number, passport number and country of issuance, alien identification card number, or number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or other similar safeguard.

For verification, we will describe any document relied on (noting the type, any identification number, place of issuance and, if any, date of issuance and expiration). We will also describe any non-documentary methods and the results of any measures undertaken.

If there is a beneficial owner in relation to the customer or potential customer, we will identify the beneficial owner and in accordance with what is stated above, take reasonable measures to verify the beneficial owner’s identity so that we are satisfied that the firm knows who the beneficial owner is, including, where the customer or potential customer is a legal person or trust, measures to enable the firm to understand the ownership and control structure of the legal person or trust.

If a business relationship is to be established with the customer or potential customer, we will obtain information on the purpose and intended nature of the business relationship with the firm, unless the purpose and intended nature are obvious, and if a person purports to act on behalf of the customer or potential customer, we will identify the person and take all reasonable measures to verify the person’s identity on the basis of documents, data or information provided by (a) a governmental body; (b) the relevant authority or any other relevant authority; (c) an authority in a place outside Hong Kong that performs functions similar to those of the relevant authority or any other relevant authority; or (d) any other reliable and independent source that is recognized by the relevant authority. Further, we will also verify the person’s authority to act on behalf of the customer or potential customer.

b. Understanding the Nature and Purpose of Customer Relationships and Customer Risk Assessment

The risk factors common to all financial businesses, and especially to our firm include business lines (type of business function), customers (meaning any person or entity that can engage in financial transactions), products and services, and location. This section is concerned with the customer risk aspect.

Specifically, the firm will undertake a Customer Risk Assessment (“CRA”) prior to the establishment of a business relationship or carrying out an occasional transaction, with, or for, that customer or potential customer in order to estimate the AML/CFT risk posed by the customer or potential customer. This risk assessment will be documented by the firm. The customer risk assessment will take into account that not all CDD and relationship information might have been collected yet. This risk assessment document is a living document that is subject to be revisited as more information about the customer and relationship is determined.

This CDD and CRA will be undertaken within a proportional framework that reflects a customer’s inherent risks. We will apply a risk based approach towards our CDD measures. Specifically, simplified due diligence will be applied to low risk customers and enhanced due diligence will be applied for high risk customers. Although it is a very strict policy of the firm not to onboard high risk customers, we cannot discount that a customer’s risk profile may change after onboarding and therefore ongoing monitoring and periodic reviews are necessary on a fixed term basis or when new circumstances necessitate the triggering of a re-assessment of a customer’s risk profile.

We will understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile through the appropriate methods as set out below. Depending on the facts and circumstances, a customer risk profile may include but is not limited to such information as:

a) The type of customer;
b) The account or service being offered;
c) The customer’s income;
d) The customer’s net worth;
e) The customer’s domicile;
f) The customer’s principal occupation or business; and
g) In the case of existing customers, the customer’s history of activity.

c. Firm policy on Customer Risk Assessment

The firm takes an absolute position that we WILL NOT onboard high risk customers and will, on the strictest basis, cease having business relations with existing customers in the event we assess them to be at a high risk of AML/CFT. There are certain circumstances under which our firm will rate a customer or potential customer as having a high risk of AML/CFT. These include, but are not limited to:

a.  a business relationship or occasional transaction with a customer located in a jurisdiction listed in the black list or grey list of the FATF;
b.  a customer or potential customer that is the subject of a warning in relation to AML/CFT matters issued by a competent authority or equivalent authority in Hong Kong or another jurisdiction; and
c.  any situation that is assessed by us to contain high AML/CFT risks.

In assessing the AML/CFT risk posed by a customer or potential customer, we will, in addition to the factors listed in the section above, consider all known risk factors and document these in the customer’s risk profile, making sure that any mitigating factors are documented accordingly. Some examples of the factors in customer risk assessment that we shall take into account include:

a) Our risk assessment in relation to AML/CFT and our risk appetite, bearing in mind our risk assessment methodology: [Inherent Risks – Mitigating Controls = Residual Risks];
b) The nature, scale, complexity and geographical location of the customer’s activities. This will involve looking at the sector of business the customer is involved in, whether the nature of their business puts them at a higher risk of criminal activity such as bribery or corruption, and the value and frequency and complexity of transactions;
c) The persons to whom the customer is providing products and services to and the manner in which they are being provided. In relation to who the services are being provided to, this will require an examination of the types of customers and understanding the rationale for providing particular products and services to these customers. In relation to the customer’s offering of products and services we will consider the extent to which they are vulnerable to AML/CFT risks, how the products and services are delivered and the value and complexity of transactions etc.; and,
d) Whether there is any reliance placed on third parties for the customer due diligence process for example the use of an eligibly introduced relationship.

Where a business relationship is carried out by customers or potential customers through non-face to face channels, we will (a) take measures to further verify the customer’s identity on the basis of further documents, data or information; (b) take supplementary measures to verify information relating to the customer that has been obtained by the firm; and (c) ensure that the payment or, if there is more than one payment, the first payment made in relation to the customer’s account is carried out through an account opened in the customer’s name with (i) an authorized institution; or (ii) an institution that (A) is incorporated or established in an equivalent jurisdiction; (B) carries on a business similar to that carried on by an authorized institution; (C) has measures in place to ensure compliance with requirements similar to those imposed under this Schedule; and (D) is supervised for compliance with those requirements by authorities in that jurisdiction that perform functions similar to those of the Hong Kong Monetary Authority.

Where the customer or potential customer is identified as a Politically Exposed Person (“PEP”), this is a risk factor that we will have to consider when undertaking the customer risk assessment. However, a customer or potential customer being classified as a PEP does not automatically mean that the said individual should be classed as posing a higher risk of AML/CFT. It is up to the firm to determine whether the particular customer should be treated as high risk depending on the customer risk assessment process and our risk appetite. Generally, when a customer or potential customer is a domestic, foreign, or international organization PEP, we will generally, on a risk based approach, decline to onboard them or carry on a business relationship with them.

The risk rating that we allocate to a PEP will determine the extent of additional CDD, EDD and enhanced monitoring that we will undertake at the onset and onboarding, and throughout the customer relationship. In relation to any foreign PEP, and higher risk domestic PEPs, enhanced monitoring of the business relationship will be undertaken. This includes examining all aspects of the business relationship including the customer due diligence or enhanced due diligence obtained and the customer’s activity. In particular, it will focus on any changes in transactional activity or any transactional activity that is not in line with the customer’s expected activity. If so, these transactions will be scrutinised more thoroughly. We will also undertake the appropriate screening for negative press for customers and potential customers. When a PEP or any customer or potential customer is assessed as posing a high risk, it bears repeating our firm’s absolute position that we WILL NOT onboard such high risk customers and will, on the strictest basis, cease having business relations with existing customers in the event they are assessed to be high risk.

d. Simplified Customer Due Diligence

Simplified customer due diligence is the lowest level of due diligence that can be completed on a customer. This may be appropriate where there is little opportunity or risk of our services or our customers becoming involved in money laundering or terrorist financing.

In cases where we are satisfied that a customer, product and services fall into simplified due diligence criteria, then our concern is first to identify the customer. When completing simplified due diligence, there is no requirement to verify your customer’s identity as we might otherwise have to with a standard or enhanced due diligence approach. However, out of an abundance of caution, the business relationship will be continually monitored for trigger events which may create a requirement for further due diligence in future.

There are a number of factors that can help determine if the situation is low risk, such as the service or product being provided or the type of customer that we are engaging with.

Specifically, this will include situations where the customer is (a) a financial institution, or (b) an institution that (i) is incorporated or established in an equivalent jurisdiction; (ii) carries on a business similar to that carried on by a financial institution; (iii) has measures in place to ensure compliance with requirements similar to those imposed under the AMLO; and (iv) is supervised for compliance with those requirements by an authority in that jurisdiction that performs functions similar to those of any of the relevant authorities, or (c) a corporation listed on any stock exchange; or (d) an investment vehicle where the person responsible for carrying out measures that are similar to the customer due diligence measures in relation to all the investors of the investment vehicle is (i) a financial institution; (ii) an institution that (A) is incorporated or established in Hong Kong; (B) has measures in place to ensure compliance with requirements similar to those imposed under this Schedule; and (C) is supervised for compliance with those requirements; or (iii) an institution that (A) is incorporated or established in an equivalent jurisdiction; (B) has measures in place to ensure compliance with requirements similar to those imposed under this Schedule; and (C) is supervised for compliance with those requirements; or (e) the Government or any public body in Hong Kong; or (f) the government of an equivalent jurisdiction or a body in an equivalent jurisdiction that performs functions similar to those of a public body.

Whilst not directly and immediately applicable to the firm, the other factor that can help determine if the situation is low risk centres on an assessment of the product risk. This means that simplified customer due diligence can be done if the product is (a) a provident, pension, retirement or superannuation scheme (however described) that provides retirement benefits to employees, where contributions to the scheme are made by way of deduction from income from employment and the scheme rules do not permit the assignment of a member’s interest under the scheme; (b) an insurance policy for the purposes of a provident, pension, retirement or superannuation scheme (however described) that does not contain a surrender clause and cannot be used as a collateral; or (c) a life insurance policy in respect of which (i) an annual premium of no more than HK$8,000 or an equivalent amount in any other currency is payable; or (ii) a single premium of no more than HK$20,000 or an equivalent amount in any other currency is payable.

It is a cornerstone of our policy that if at any point during the relationship with our customer, additional intelligence becomes available which suggests that the customer or product may pose a higher risk than originally thought, a more enhanced level of due diligence must definitely be conducted and the appropriate action taken.

For the avoidance of doubt, it is our policy that we will not conduct or employ simplified customer due diligence when:

a) A customer or potential customer or any beneficial owner of the customer is from or in a country or jurisdiction on which the FATF has called for countermeasures;
b) A customer or potential customer or any beneficial owner of the customer is from or in a country or jurisdiction known to have inadequate AML/CFT measures, as determined by the Hong Kong authorities, or by third party inputs such as the FATF, Basel Index, or Transparency International; or
c) When the firm has a suspicion about the customer prompted by adverse media reports.

Where simplified customer due diligence is employed, the rationale for doing so will be documented, and regular approval by the firm’s senior management will be needed and recorded in writing.

e. Source of Funds and Source of Wealth

Source of Funds refers to the origin of the particular funds or assets which are the subject of the business relationship between the firm and its customer and the transactions the firm is required to undertake on the customer’s behalf (e.g. the amounts being invested, deposited or remitted). To establish source of Funds, the research should not simply be restricted to knowing from which bank or financial institution the funds may have been received. The information obtained should be substantive, relevant and be able to establish the fund’s origin and the method/circumstances under which the funds were acquired.

Source of Wealth refers to the origin of the entire body of wealth (i.e. total assets) of the customer. The information to be obtained should give an indication as to the volume of wealth the client would reasonably be expected to have, and provide a picture of how it was acquired. Although the firm may not have specific information or details about all the client’s assets, we will strive to gather general information from commercial databases or other open sources.

Generally speaking, establishing the source of wealth and funds is a suggested EDD measure for all high-risk clients in addition to PEPs to verify that the source of wealth and funds do not constitute proceeds of crime. Additional high-risk categories where the EDD measure of establishing source of wealth is applicable include clients from jurisdictions considered by FATF to have strategic deficiencies in anti-money laundering / countering the financing of terrorism measures, clients in high risk industries, and clients with complex structures.

Understanding the SOF and SOW of a PEP is also necessary for ongoing Due Diligence purposes, where the aim should be to ensure that the reason for the business relationship between the firm and the PEP and the transactions undertaken on the PEP’s behalf, are commensurate with what one could reasonably expect from that PEP, given his/her particular circumstances.

The firm will follow a risk-based approach when establishing SOW i.e. apply ‘reasonable measures’ i.e. detail / extent should depend on the client’s money laundering and terrorist finance risks. In doing so, we will follow three steps when establishing source of wealth.

First, we will obtain information on the customer’s net worth. Indication of a customer or potential customer’s net worth will be obtained through representations obtained from the client. It is not required to obtain the exact amount and might be impractical to do so.

Second, we will obtain information on the source of the net worth. Once the customer or potential customer’s net worth is established, information will be obtained on where it came from i.e. inheritance, employment, business, investment etc. If the customer or potential customer is a corporate or legal entity, we will ensure that this came from profits generated from legitimate business and commercial activities. Generally, no single source is likely to account for the total value of net worth; but categories are likely to be few and generally well understood. It is often difficult to specifically identify the wealth from all the different sources, and there is no expectation to do so. The level of detail should be based on the client’s risk profile (reasonable measure). We can also rely on publicly disclosed information if such information is available. While only a summary of the information filed by officials is generally made publicly available, this may include categories such as values of income, real estate, stock holdings, sources of income, positions on boards of companies, etc. In the absence of publicly available information, we are only able to primarily rely on declarations made by the client; however, the inability to verify such information should be taken into account in establishing the true value. We will also try and obtain specific information as far as possible, on how much wealth the client has or controls. However, it may not be possible to do so, on every aspect of the client’s entire body of assets, especially when this information is not voluntarily disclosed, but should cover those aspects that form the major part of the net worth. We will bear in mind that failure by a client to voluntarily disclose information about how much wealth he or she controls could be a red flag

Third, we will verify the information on a risk sensitive basis. Once the firm has information on how the wealth was generated and a description of it, we will consider the validity of this information. It is not necessary to find evidence to corroborate every source or to verify the entire net worth (which is most likely to be impossible). Depending on the level of risk posed by the customer or potential customer, we may have to seek to find some evidence from a reliable, independent source that corroborates the essence of how the wealth was generated. We will focus our attention on the sources that generated the major proportion of the wealth.

In summary, source of wealth and funds can be established through a combination of sources, such as publicly available information, external confirmations and information provided by the client. Examples include publicly available property registers, land registers, asset disclosure registers, company registers, past transactions (in the case of existing clients), sources of information, where available, about legal and beneficial ownership, internet searches (from reputable sources), including social media, may reveal useful information about a PEP’s wealth, lifestyle and official income, confirmation from regulated professionals with knowledge of the client (accountants, lawyers etc.), evidence of title, copies of trust deeds, audited documents (annual reports containing information on dividends), documents confirming salary, tax returns and bank statements

The level of corroboration (proof/evidence) should reflect the client’s risk profile and be able to resolve any red flags. Where a client is high risk, copies of trust deeds, audited accounts, reliable and independent third-party information (e.g. lawyer, accountant) may suffice. Where a client is low risk, public information, open sources, official documents provided by client may suffice.

It is also pertinent that we keep records faithfully and accurately. All relevant information should be obtained and collected and appropriately recorded. Records maintained should enable an independent reviewer (whether internal or external) to understand the source of wealth and funds and how it was acquired, on the basis of the information recorded. We will prepare a summary of the source of wealth and funds and present our findings neatly, by stating our assessment, rationale for assessment, justification. We will also document the questions asked of, and the answers given by, the customer or potential customer, and retain copies of any supporting material the customer or potential customer has provided or independently obtained. Our record systems are electronic and computerized. In the event a record needs to be retrieved, it may be retrieved within one day.

f. Consequences of Not Carrying out Customer Due Diligence Measures

Globally, there have been increasingly stringent regulations being placed on companies to have a deep understanding of those they do business with. For those active in the financial services sector, it is essential to carry out due diligence on clients to verify their identity, fraud, money laundering and terrorist financing.

Besides the local laws and regulations in Hong Kong, there are also international regulations such as Anti-Money Laundering (AML), the Alternative Investment Fund Managers Directive, the Foreign Account Tax Compliance Act and the Common Reporting Standard.

It’s not enough to conduct a few cursory checks before we on-board a new client. A comprehensive knowledge of the customer is essential, especially in identifying people who are the subject of sanctions, or PEPs, or those who may be high risk to customers and stakeholders.

There can be several consequences for not doing this. If the authorities or government regulator suspects a company of not meeting its AML and KYC obligations, it will investigate. This could mean a lengthy and time-consuming study of internal documentation, archiving and procedures – risking disruption to our business as usual.

If the firm is in breach of complying with the relevant laws and regulation, it could be subject to fines and even prohibited from selling specific products or services, and the firm may possibly risk its on-going MSO license. At the extreme end of the scale, the individuals responsible for lapses may be faced with court action and/or imprisoned.

Once a company is fined, it will be watched even more closely by the regulatory authorities. The onus will be on the company to demonstrate robust procedures and 100% compliance with KYC requirements. The firm is not prepared to be put in such a position and hence, we have formulated a very robust AML/KYC policy and have taken strict measures to comply, in addition to investing in training our in-house compliance staff.

The firm’s customers expect a high ethical standard and demonstration of good moral behaviour from us and we intend to deliver. The standard for corporate integrity is being continually raised – both by regulatory authorities and the public at large. We must ensure that the transactions that we process are all legitimate.

g. Special requirements for remittance transactions

As the holder of an MSO license in Hong Kong, our attention has been specifically drawn to section 13 of schedule 2 of the AMLO. Before carrying out a remittance transaction, we must:

(a) identify the originator;
(b) verify the identity of the originator by reference to the originator’s identification document; and
(c) record—

(i) the originator’s name;
(ii) the originator’s identification document number and, if the originator’s identification document is a travel document, the place of issue of the travel document;
(iii) the originator’s address;
(iv) the currency and amount involved; and
(v) the date and time of receipt of the instructions, the recipient’s name and address and the method of delivery.

We also note that for the purpose of complying with the AMLO, originator, in relation to a remittance transaction carried out by a licensed money service operator, means the person from whose account with the licensed money service operator the money for the remittance is paid; or in the absence of such an account, the person who instructs the licensed money service operator to carry out the remittance transaction. On the same note, remittance transaction means a transaction for sending, or arranging for the sending of, money to a place outside Hong Kong.

h. Conducting Ongoing Monitoring to Identify and Report Suspicious Transactions

We will conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, maintain and update customer information, including information regarding the beneficial ownership of legal entity customers, using the customer risk profile as a baseline against which customer activity is assessed for suspicious transaction reporting. Our suspicious activity monitoring procedures are detailed within Section 11 below (Monitoring Accounts for Suspicious Activity).

For completeness, we note that our duty under the AMLO is to continuously monitor the business relationship with a customer by (a) reviewing from time to time documents, data and information relating to the customer that have been obtained by the financial institution or the DNFBP for the purpose of complying with the requirements imposed under this Part to ensure that they are up-to-date and relevant; (b) conducting appropriate scrutiny of transactions carried out for the customer to ensure that they are consistent with the financial institution’s or the DNFBP’s knowledge of the customer and the customer’s business and risk profile, and with the financial institution’s or the DNFBP’s knowledge of the source of the customer’s funds; and (c) identifying transactions that (i) are complex, unusually large in amount or of an unusual pattern; and (ii) have no apparent economic or lawful purpose, and examining the background and purposes of those transactions and setting out the findings in writing.

If (a) a customer has not been physically present for identification purposes; (b) a customer, or a beneficial owner of a customer, is known to us from publicly known information or information in our possession, to be a politically exposed person; or (c) a customer, or a beneficial owner of a customer, of ours is involved in a situation referred to in section 15 of schedule 2 of the AMLO, we will, in monitoring the business relationship with the customer, take additional measures to compensate for any risk of money laundering or terrorist financing that may be caused by the fact that the customer or beneficial owner is a customer or beneficial owner falling within the above situations.

9. Correspondent Accounts for Foreign Shell Banks

In the event that this is not detected at the client onboarding stage, we will continuously monitor for and identify foreign bank accounts and any such account that is a correspondent account (any account that is established for a foreign bank to receive deposits from, or to make payments or other disbursements on behalf of, the foreign bank, or to handle other financial transactions related to such foreign bank) for foreign shell banks. Upon finding or suspecting such accounts, we will notify the Compliance Officer, who will terminate any verified correspondent account for a foreign shell bank. We will also terminate any correspondent account that we have determined is not maintained by a foreign shell bank but is being used to provide services to such a shell bank. We will exercise caution regarding liquidating positions in such accounts and take reasonable steps to ensure that no new positions are established in these accounts during the termination period.

We will require our foreign bank account holders to identify the owners of the foreign bank if it is not publicly traded, the name and street address of a person who is authorized and has agreed to act as agent for acceptance of legal process, and an assurance that the foreign bank is not a shell bank nor is it facilitating activity of a shell bank. In lieu of this information the foreign bank may submit the Certification Regarding Correspondent Accounts For Foreign Banks provided in the Bank Secrecy Act of 1970 (BSA) regulations. We will re-certify when we believe that the information is no longer accurate or at least once every three years.

We will keep records identifying the owners of foreign banks with U.S. correspondent accounts and the name and address of the U.S. agent for service of legal process for those banks.

10. Due Diligence and Enhanced Due Diligence Requirements for Correspondent Accounts of Foreign Financial Institutions

We have reviewed our accounts and we do not have, nor do we intend to open or maintain, correspondent accounts for foreign financial institutions.

We will apply our risk-based due diligence procedures and controls to each financial foreign institution correspondent account on an ongoing basis. This includes periodically reviewing the activity of each foreign financial institution correspondent sufficient to ensure whether the nature and volume of account activity is generally consistent with the information regarding the purpose and expected account activity and to ensure that the firm can adequately identify suspicious transactions. Ordinarily, we will not conduct this periodic review by scrutinizing every transaction taking place within the account. One procedure we may use instead is to use any account profiles for our correspondent accounts (to the extent we maintain these) that we ordinarily use to anticipate how the account might be used and the expected volume of activity to help establish baselines for detecting unusual activity.

In the event there are circumstances in which we cannot perform appropriate due diligence with respect to a correspondent account, we will determine, at a minimum, whether to refuse to open the account, suspend transaction activity, file a STR with the relevant authorities, close the correspondent account and/or take other appropriate action.

11. Monitoring Accounts for Suspicious Activity

We will monitor account activity for unusual size, volume, pattern or type of transactions, taking into account risk factors and red flags that are appropriate to our business. Monitoring will be conducted primarily through manual means, supplemented with automated monitoring as and when required on a risk-based assessment.

The customer risk profile will serve as a baseline for assessing potentially suspicious activity. The Compliance Officer will be responsible for this monitoring, will review any activity that our monitoring system detects, will determine whether any additional steps are required, will document when and how this monitoring is carried out, and will report suspicious activities to the appropriate authorities.

a. Emergency Notification to Law Enforcement by Telephone

In situations involving violations that require immediate attention, such as terrorist financing or ongoing money laundering schemes, we will immediately call the Hong Kong Joint FIU Hotline at (852) 2866 3366 and follow up with an email to [email protected]. We note and understand that after notifying the appropriate authorities, we are required to file a timely a STR.

b. Red Flags

Red flags that signal possible money laundering or terrorist financing include, but are not limited to:

Customers – Insufficient or Suspicious Information
Efforts to Avoid Reporting and Recordkeeping
Certain Funds Transfer Activities
Activity Inconsistent With Business
Other Suspicious Customer Activity
c. Responding to Red Flags and Suspicious Activity

When an employee of the firm detects any red flag, or other activity that may be suspicious, he or she will notify the Compliance officer to escalate the report of the suspicious activity. Under the direction of the Compliance Officer, the firm will determine whether or not and how to further investigate the matter. This may include gathering additional information internally or from third-party sources, contacting the government, freezing the account and/or filing a STR.

12. Suspicious Transactions and STR Reporting

A Suspicious Transaction Report (“STR”) is a report made by a financial institution or MSO such as the firm about suspicious or potentially suspicious activity. Under the guidance of the Hong Kong Joint FIU, we will adopt the “SAFE” approach to assist us in our legal compliance obligations. Essentially, this means that we have to

a) Screen: Screen the account for suspicious indicators: Recognition Of A Suspicious Activity Indicator Or Indicators
b) Ask: Ask the customer appropriate questions
c) Find: Find out the customer’s records : Review Of Information Already Known When Deciding If The Apparently Suspicious Activity Is To Be Expected.
d) Evaluate: Evaluate all the above information : Is The Transaction Suspicious?

Once we determine that a transaction is suspicious, we will submit an STR in a timely manner. Under Hong Kong law, this means that the moment when a person knows or suspects that any property is proceeds of drug trafficking or an indictable offence, or terrorist property, or was used in connection with drug trafficking, an indictable offence or terrorist act, or is intended to be used in drug trafficking, an indictable offence or terrorist act, he or she should report his or her knowledge or suspicion to an authorized officer (i.e. the Joint FIU) as soon as practicable.

a. Filing an STR

We will file STRs with the Joint FIU for any transactions (including deposits and transfers) conducted or attempted by, at or through our firm where we know, suspect or have reason to suspect:

(1) the transaction involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets derived from illegal activity as part of a plan to violate or evade federal law or regulation or to avoid any transaction reporting requirement under federal law or regulation;
(2) the transaction is designed, whether through structuring or otherwise, to evade any requirements of the AMLO and any other relevant regulations;
(3) the transaction has no business or apparent lawful purpose or is not the sort in which the customer would normally be expected to engage, and after examining the background, possible purpose of the transaction and other facts, we know of no reasonable explanation for the transaction; or
(4) the transaction involves the use of the firm to facilitate criminal activity.

In situations involving violations that require immediate attention, such as terrorist financing or ongoing money laundering schemes, we will immediately call the Hong Kong Joint FIU Hotline at (852) 2866 3366 and follow up with an email to [email protected]. We note and understand that after notifying the appropriate authorities, we are nonetheless still required to file a timely a STR.

We may file a voluntary STR for any suspicious transaction that we believe is relevant to the possible violation of any law or regulation but that is not required to be reported by us under the STR rule. It is our policy that all STRs will be reported regularly to the Board of Directors and appropriate senior management, with a clear reminder of the need to maintain the confidentiality of the STR.

We will report suspicious transactions by completing a STR, and we will collect and maintain supporting documentation as required under the relevant laws and regulations. We will file a STR as soon as practicable after initial detection of the facts that constitute a basis for filing a STR. If no suspect is identified on the date of initial detection, we may delay filing the STR for an additional 30 calendar days pending identification of a suspect, but in no case will the reporting be delayed more than 60 calendar days after the date of initial detection. The phrase “initial detection” does not mean the moment a transaction is highlighted for review. The 30-day (or 60-day) period begins when an appropriate review is conducted and a determination is made that the transaction under review is “suspicious” within the meaning of the STR requirements. A review must be initiated promptly upon identification of unusual activity that warrants investigation.

We will retain copies of any STR filed and the original or business record equivalent of any supporting documentation for five years from the date of filing the STR. We will identify and maintain supporting documentation and make such information available to the authorities upon request.

In order to avoid tipping off the person involved, we will not notify any person involved in the transaction that the transaction has been reported, except to the extent permitted by the law or regulations, as the case may be.

13. AML Recordkeeping

a. Responsibility for Required AML Records and STR Filing

Our Compliance Officer will be responsible for ensuring that AML records are maintained properly and that STRs are filed as required.

In addition, as part of our AML program, our firm will create and maintain STRs and relevant documentation on customer identity and verification and funds transmittals. We will maintain STRs and their accompanying documentation for at least five years. We will keep other documents according to the existing recordkeeping requirements, and retain all STRs filed for a six-year retention period.

b. SAR Maintenance and Confidentiality

We will hold STRs and any supporting documentation confidential. We will not inform anyone outside of the authorities or any other appropriate law enforcement or regulatory agency about an STR. We will refuse to give information that would disclose that an STR has been prepared or filed and immediately notify the Joint FIU of any such requests that we receive. We will segregate STR filings and copies of supporting documentation from other firm books and records to avoid disclosing STR filings. Our Compliance Officer will handle all requests for STRs. We may share information with another financial institution about suspicious transactions in order to determine whether we will jointly file an STR. In cases in which we file a joint STR for a transaction that has been handled both by us and another financial institution, both financial institutions will maintain a copy of the filed STR.

14. Training Programs

We will develop ongoing employee training under the leadership of the AML Compliance Person and senior management. Our training will occur on at least an annual basis. It will be based on our firm’s size, its customer base, and its resources and be updated as necessary to reflect any new developments in the law.

Our training will include, at a minimum: (1) how to identify red flags and signs of money laundering that arise during the course of the employees’ duties; (2) what to do once the risk is identified (including how, when and to whom to escalate unusual customer activity or other red flags for analysis and, where appropriate, the filing of STRs); (3) what employees’ roles are in the firm’s compliance efforts and how to perform them; (4) the firm’s record retention policy; and (5) the disciplinary consequences (including civil and criminal penalties) for non-compliance with the AMLO and any other relevant laws.

We will develop training in our firm, or contract for it. Delivery of the training may include educational pamphlets, videos, intranet systems, in-person lectures and explanatory memos. Currently our training program consists of mandatory annual AML/CFT lectures and mandatory training to watch specially selected Hong Kong-centric videos extracted from the ACAMS website on current AML/CFT themes. Attendance is mandatory for all staff members and attendance is strictly monitored. Failure to attend will lead to a mark down in the staff member’s performance grading for the year. We will maintain records to show the persons trained, the dates of training and the subject matter of their training.

We will review our operations to see if certain employees, such as those in compliance, margin and corporate security, require specialized additional training. Our written procedures will be updated to reflect any such changes.

15. Program to Independently Test AML Program

a. Staffing

The testing of our AML program will be performed at least every two calendar years (on a calendar year basis) by an independent third party. We will evaluate the qualifications of the independent third party to ensure they have a working knowledge of applicable requirements under the AMLO and its implementing regulations. Independent testing will be performed more frequently if circumstances warrant.

b. Evaluation and Reporting

After we have completed the independent testing, the assessor will report his or her findings to senior management or an internal audit committee, as the case may be. The senior management of the firm takes a very stern approach towards compliance with our AML/CFT obligations under the law. Where relevant, we will promptly address each of the resulting recommendations and keep a record of how each noted deficiency was resolved.

16. Monitoring Employee Conduct and Accounts

We will subject employee accounts to the same AML procedures as customer accounts, under the supervision of the Compliance Officer. We will also review the AML performance of all staff and supervisors, as part of their annual performance review. The Compliance officer’s accounts will be reviewed by a staff member of senior management.

17. Confidential Reporting of AML Non-Compliance

Employees are encouraged to blow the whistle with no repercussions to their job performance review or remuneration. Employees are to promptly report any potential violations of the firm’s AML compliance program to the Compliance Officer, unless the violations implicate the Compliance Officer, in which case the employee shall report directly to any member of the senior management team, including but not limited to the president or chairman of the board or audit committee chair. Such reports will be held in the strictest confidence, and the employee will suffer no retaliation for making them.

18. Senior Manager Approval

Senior management has approved this AML compliance program in writing as reasonably designed to achieve and monitor our firm’s ongoing compliance with the requirements of the AMLO and the implementing regulations under it.