Regulatory action in response to financial crime is on the rise and it is critically important for organisations to understand the key focus areas of authorities and ways to minimise the risks.

In this alert, we discuss the current trends in financial crime compliance and enforcement in Hong Kong. Specifically, we describe:

Hong Kong regulators have increased the level of enforcement for breaches of AML/CTF obligations against financial institutions and there is an ongoing push for rules and regulations relating to financial crime. They are also driving Regtech innovation to help mitigate ML/TF risk. As outlined in more detail below, it is essential for all financial institutions to:

  • ensure they have procedures in place to assist with meeting the specified provisions of the AMLO
  • ensure the procedures around ongoing monitoring are not overlooked. Failing to identify suspicious transactions or review customer files in a timely and adequate manner remain the most common factors for enforcement action by both the HKMA and the SFC
  • strive to develop innovative Regtech, or partner with innovative third-party Regtech vendors, to assist with detecting financial crimes, establishing trusted digital identity systems, customer risk profiling, and
  • ensure they understand new rules and regulations and the requirements placed upon them.

AML/CFT enforcement trends

Enforcement for AML/CTF failings has ramped up in Hong Kong.

The AMLO was enacted in 2012. Until recently, the HKMA had brought very few proceedings under the AMLO. Between 2012 and mid-2021, only four banks were penalised for AML/CTF failings.

In November 2021, the HKMA announced disciplinary action against four further banks, imposing a total penalty of HKD44.2 million (details below). Two further disciplinary actions followed in 2022 against stored value facility licensees.

The HKMA’s increased enforcement activity follows a number of enforcement cases brought by the SFC between 2019 and 2021 regarding AML breaches, including a significant fine of HKD2.7 billion imposed in relation to the 1MDB scandal.


  • Hong Kong’s banking sector AML/CTF framework leverages the strong collaboration between the HKMA and The Hong Kong Association of Banks (HKAB) in terms of standard setting and typology development. The Joint Financial Intelligence Unit and the Privacy Commissioner are also regularly involved where their respective expertise is needed
  • The HKMA enforcement team remains busy and further fines against banks in Hong Kong are in the pipeline
  • Ongoing customer monitoring is integral. Failing to conduct periodic reviews properly and on a timely basis was a key failing in multiple enforcement actions
  • Banks must not allow periodic review, trigger event reviews and transaction alert reviews to fall into a backlog. We see this regularly, particularly where staff resource is diverted away from matters like periodic review to focus on remediation or simply to expedite onboarding of new customers. This creates a snowball effect in backlog numbers
  • “Industry practice” can be taken into account and the HKMA does seek to understand how systems and resources are evolving. However, it is not a defence; many of the failings were in the early days after the AMLO came into effect
  • Regtech should be properly assessed and implemented to assist with ongoing due diligence but it is only as good as the data that feeds it and the system adopted; quality data and quality vendors are essential, and
  • Where the HKMA finds a failure in conducting mandatory due diligence steps, it will likely tack on an additional failure of failing to maintain adequate procedures around that step.

The contraventions by the four banks recently fined are summarised below.


The predominant cause of SFC AML/CTF-related fines to date is failing to identify and prevent third party payments. It is integral for those financial institutions regulated by the SFC to ensure they have proper systems in place to identify and investigate third party payments. 

In our experience, other key areas for scrutiny are:

  • identifying who the customer is when dealing with funds (ie the fund or the fund manager),
  • identifying who the person purporting to act on behalf of the customer (PPTA) is when dealing with funds and carrying out due diligence to Hong Kong standards on the PPTA. Due diligence is often delegated to a fund administrator in places like the Cayman Islands. It is important the administrator understands Hong Kong’s particular requirements when it is appointed to act as an intermediary,
  • carrying on business in a regulated activity without a licence to permit that activity. This may be for example where the corporation holds a Type 1 licence (dealing in securities) but not a Type 4 licence (advising on securities) and yet has strayed into an advisory role, and
  • failing to update the SFC in relation to key changes to the business model or senior personnel information.

Regtech – leveraging technology for AML/CTF

The HKMA has focused on Regtech developments for assisting with mitigating ML/TF risk.

In May 2021, the HKMA supported the use of “iAM Smart” to remotely onboard customers without this needing to impact the customer’s risk assessment. This was critical as the AMLO position generally contemplated non-face-to-face onboarding as being inherently higher risk; technology improvements including the use of iAM Smart have significantly alleviated the compliance burden on banks.

On 11 August 2021, the HKMA issued a circular to raise awareness of a report issued by the Financial Action Task Force: “Opportunities and Challenges of New Technologies for AML/CFT”. This reported how solutions such as machine learning and natural language processing can help improve the speed, quality and efficiency of AML/CTF measures. The HKMA then issued a “Regtech Adoption Practice Guide” focused on AML/CTF. This sets out that in establishing a Regtech framework, a bank should consider whether the solution enhances the bank’s capabilities to prevent, detect, or respond to ML/TF activities or remediate deficiencies in AML/CTF controls.

Example use cases were also provided. These included:

In November 2021, the HKMA launched an AML/CTF Regtech lab. This uses network analytics to address the risks of fraud-related mule accounts and enhances data and information sharing through public-private partnership efforts.

It is clear that the HKMA will expect banks to explore and implement innovative technology to improve customer onboarding, mitigate ML/TF risk and enhance regulatory reporting.

AML/CTF legal updates

There are important legal updates on the horizon for Hong Kong’s AML/CTF regime which relate to three key areas:

  • Licensing of virtual asset exchanges: the Anti-Money Laundering and Counter Terrorist Financing (Amendment) Bill 2022 (AMLO Amendment Bill) has been issued in draft. The AMLO Amendment Bill proposes amendments to provide a framework for the licensing of companies that operate virtual asset exchanges in, or market to, Hong Kong. The SFC will oversee the new regime which commences on 1 March 2023.
  • Precious metals and stones dealer (DPMS) registration: a new registration regime for DPMS under the AMLO is to be introduced, overseen by the Commissioner for Customs & Excise. It will be a two-tier system will apply with the level of regulation dependent on whether the DPMS engages in cash transactions for HKD120,000 or more.
  • Upgrade and modernisation of AMLO standards: the AMLO Amendment Bill also makes a number of miscellaneous but important updates, including:
    • the definition of politically exposed person (PEP) is to change such that enhanced due diligence will be required not only for PEP’s from outside of China but also for PEPs from other part of China outside of Hong Kong
    • alignment of beneficial ownership definition of trusts to the concept of controlling person by clarifying that, where a trust is concerned, a beneficial owner includes a trustee, beneficiary and class of beneficiaries
    • greater flexibility regarding customer due diligence in non-face-to-face situations, and
    • increased sanctions for unlicensed money service operators.

Our summary of the key proposals from the Financial Services and the Treasury Bureau is available here. See also our thoughts here on the draft implementing Bill which was gazetted on 24 June 2022.

Looking ahead, we also expect that Hong Kong will continue to evaluate updates from the global standard-setter, the FATF, of which it is a member. Our summary of the latest developments is here. Briefly, FATF has been focused on COVID-19 related threats, binding standards to prevent the misuse of virtual assets for ML/TF and improving and updating the understanding of terrorist financing, including ethnically or racially motivated terrorist financing.

Financial crime-related regulatory developments

A number of regulatory developments regarding financial crime and related matters have taken place over the last 12 months or are progressing. KWM has advised the industry in relation to a number of these initiatives. The developments include:

Our top three key tips

Regulators in Hong Kong are focused on AML/CTF prevention and deterrence.

Three of the most useful things any organisation can do are to:

  • encourage a culture of compliance and open dialogue on enhancements it can make
  • host regular, interactive and relevant training, using case studies and debating challenging scenarios, and
  • refresh and benchmark systems and controls periodically. An external eye can be especially beneficial to identify possible blind spots.