Last update: 13th May 2020
A. Policy statement
The Company has a policy of zero tolerance to any involvement in money laundering, when dealing with the Company’s own or our customer’s affairs. All principals, employees and any sub-contractors used by the Company are therefore required to comply with relevant legislation on anti-money laundering and counterterrorist financing (see Section I below on staff training and hiring). Accordingly, it is the policy of the Company to apply suspicious transaction reporting and financial sanctions related procedures to all customers but all other policies and procedures, in particular the customer due diligence (CDD) and ongoing monitoring procedures specified in Sections F and G below.
B. Risk assessment and management
Among the risks facing the Company are:
Involvement of customers in:
Tax evasion such as that specified in Section 82 of the Inland Revenue Ordinance.
Fraud or false accounting under Sections 16A or 19 respectively of the Theft Ordinance.
Dealing in property known or believed to represent the proceeds of an indictable offence under Section 25(1) of the Organized and Serious Crimes Ordinance (“OSCO”,) or drug trafficking under Section 25(1) of the Drug Trafficking (Recovery of Proceeds) Ordinance (“DTROP”) (and “property” has a broad definition under the relevant legislation)
Various bribery offences under the Prevention of Bribery Ordinance.
Breaches of targeted financial sanctions
Failure to report to the Company’s Money Laundering Reporting Officer (MLRO) suspicion or knowledge of such involvement by a principal, employee or sub-contractor of the Company.
Failure to implement and apply appropriate policies and procedures.
Whilst the likelihood of encountering instances of money laundering other than tax evasion may not be high, principals, staff and sub-contractors must still remain alert to such eventuality.
Principals, staff and sub-contractors must also be alert for complex or unusually large transactions and unusual patterns of transactions which have no apparent economic or visible lawful purpose.
Similarly, principals, staff and sub-contractors must identify situations where the customer is using products and transactions which might favour anonymity (such as companies in offshore jurisdictions where transparency may be lacking (e.g., Panama)), recognise the increased risk of money laundering or terrorist financing that these products and transactions produce, and take additional measures, where appropriate.
Where applicable, all know your customer forms and customer due diligence forms should record the customer’s risk profile.
C. Financial sanctions and terrorist financing
The United Nations Sanctions Ordinance (Cap. 537) empowers the Chief Executive of Hong Kong to make regulations to implement sanctions decided by the United Nations (“UN”) Security Council. It is an offence to provide or solicit financial or related services to a customer who is a person or entity designated in UN sanctions lists.
(a) Sources of the lists of the financial sanctions and terrorist financing
We will refer to the lists maintained by the UN Security Council and its Sanctions Committees and the United States’ Office of Foreign Assets Control (“US OFAC”). The entities and individuals on those lists (referred to as designated persons or entities) are subject to financial restrictions. The purpose of the sanctions is to prevent access to and use of funds for terrorism and terrorist purposes.
The UN sanctions consolidated list is available from: https://www.un.org/securitycouncil/content/un-sc-consolidated-list
The US OFAC sanctions list is available from: https://sanctionssearch.ofac.treas.gov
We will also refer to the Anti-money laundering section of the Hong Kong Institute of Certified Public Accountants (“HKICPA”) website (at: https://www.hkicpa.org.hk/en/Standards-and-regulation/Anti-money-laundering) as well as the HKICPA’s monthly technical e-newsletter ‘Techwatch’ (See http://www.hkicpa.org.hk/en/standards-and-regulations/technicalresources/techwatch/ ) and the weekly e-circular for information on the latest sanctions lists.
(b) Frequency of conducting name checks
We will conduct a name check of a customer and consider, based on a risk approach, extending the check to the customer’s beneficial owners against the latest UN and US OFAC sanction lists before the establishment of a relationship with that customer, and perform ongoing screening of our customer base regularly thereafter. We will check for updates of UN sanction lists on a monthly basis as it does not have cases with high money laundering/terrorist financing (“ML /TF”) risks.
(c) Reporting obligation
When we come across situations where we suspect that property belongs to a designated person or entity or is otherwise terrorist property, we have a responsibility to stop dealing with the property and report to the Joint Financial Intelligence Unit (see Section D “Reporting of suspicious transactions” for details).
D. Reporting of suspicious transactions
All principals and staff must report knowledge or suspicion of money laundering (including bribery and tax evasion) or terrorist financing, whether it relates to customers or other parties. It is a criminal offence under OSCO, DTROP and also the United Nations (Anti-Terrorism Measures) Ordinance to fail to report where the requisite knowledge or suspicion exists. Before deciding that a potentially suspect activity is not suspicious, you should consider whether the information that you have, taken in its entirety, might provide “reasonable grounds for knowledge or suspicion”, i.e. in the eyes of a third party.
If in doubt, discuss your concerns with the Company’s MLRO.
E. Avoiding tipping off
In the event of a report being made to the MLRO or to Joint Financial Intelligence Unit (JFIU), under no circumstances must the customer be informed. This means that the customer must not be made aware that a report has been made. It also means that the customer should not be made aware if an investigation into allegations that a money laundering offence has been committed is being contemplated or carried out.
Generally, disclosure, not only to the customer but to any other person, of any matter that is likely to prejudice an investigation, once a report is known or suspected to have been made, is a criminal offence. If it appears to be necessary to disclose the existence of a report or an actual or contemplated investigation to any other person (i.e. not the customer) then the MLRO must be consulted before any disclosure is made.
F. Customer due diligence measures (where applicable)
Where applicable, the standard approach to verifying the identity of individuals will be (in order of preference):
For Hong Kong residents:
A Hong Kong identity card
Address proof (any bank statements or utility bills issued within 3 months)
A video call conducted by MYETHSHOP staffs
a valid international passport or other travel document;
a current national (i.e., government or state-issued) identity card bearing the photograph of the individual;
a current valid national (i.e., government or state-issued) driving licence incorporating photographic evidence of the identity of the applicant, issued by a competent national or state authority;
other documents as appropriate;
Address proof (any bank statements or utility bills issued within 3 months)
A video call conducted by MYETHSHOP staffs
For new customers, generally before any activity for the customer is undertaken standard CDD requires that staff should check that:
1. A risk assessment has been completed and updated where necessary.
2. Up-to-date evidence of identification for the customer has been provided.
3. An up-to-date list of principals (directors, partners, trustees, etc.) has been provided (for corporate customers).
4. Depending on the risk assessment in ‘1’, the file contains adequate information to satisfy us on the identity of the principals.
5. Where the corporate customer has beneficial owners, the details of all beneficial owners are fully recorded and up to date.
6. Depending on the risk assessment in ‘1’, the file contains adequate information to satisfy us that we know who any beneficial owners are.
7. Know-your-customer forms exist and are up to date.
8. The customer’s risk assessment in ‘1’ remains up to date and appropriate.
As part of the Company’s CDD procedures, consideration must be given to establishing whether the customer is a politically exposed person (PEP) (including whether they are a domestic PEP), or a family member or close associate of a PEP or is included on a sanctions list.
Where a customer or beneficial owner is known or subsequently found to be a foreign PEP or is otherwise assessed as being high risk, the Company would simply reject his account application.
G. Ongoing monitoring (where applicable)
Where applicable, we will maintain appropriate ongoing monitoring of all customer transactions to prevent activities related to money laundering and terrorist financing. This applies even where the customer qualifies customer due diligence measures.
In future years, steps 1 to 8 in the CDD above will be followed to ensure the information held on customers, beneficial owners, etc. is still appropriate and up to date. This review will be recorded on the relevant sections of the “Know your customer” and risk assessment forms.
A review of the risk category of normal and low risk customers will be performed annually.
Apart from conducting periodic on-going monitoring of all customers’ transactions following the above timeframes, we will take steps to ensure that the customer information obtained for the purposes of CDD is up to date and relevant when any of the following trigger events occurs:
(a) a significant or unusual activity or transaction is to take place;
(b) a material change occurs in a customer’s ownership and/or activities;
(c) there is a substantial change in customer documentation standards; or
(d) we are aware that there is insufficient information about a particular customer.
H. Record keeping
We will keep full records of:
details of beneficial ownership
evidence of staff training, where applicable
internal reports to the MLRO
external reports to JFIU
the Company’s risk assessment
the Company’s compliance checks
to the extent that they are applicable under this policy.
All such records will be retained for at least five years from the end of the business relationship or the date of the transaction as applicable. The latest records of CDD checks, details of beneficial ownership and know-your-customer forms for customers with whom we had a business relationship will be kept for at least five years from the end of the relationship.
I. Training and hiring
All relevant staff must receive adequate training on:
the Company’s policies and procedures to prevent money laundering and combat terrorist financing;
Applicable sections of the following ordinances:
AMLO - Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions and Designated Non-Financial Businesses and Professions) Ordinance (Cap. 615);
DTROP - Drug Trafficking (Recovery of Proceeds) Ordinance (Cap. 405)
OSCO - Organised and Serious Crimes Ordinance (Cap. 455);
UNATMO - United Nations (Anti-Terrorism Measures) Ordinance (Cap. 575);
Staff should also be given regular updates on identifying and dealing with suspicious transactions. This will generally be at least annually.
The Company will only engage staff who appear capable of understanding and complying with the Company's policies and procedures on the prevention and detection of money laundering and terrorist financing. New staff should receive introductory training as part of their induction process, unless they can demonstrate adequate knowledge as a result of training in the previous Company. Nevertheless, they must be made fully aware of the Company’s policies and procedures.
J. Internal control, monitoring and management of compliance
The MLRO and the AML Compliance Office (CO) (who may be the same person) remain responsible for managing the Company’s reporting procedures, liaising with JFIU where consent is required, keeping the Company’s policies and procedures up-to-date and communicating those policies and procedures to principals, staff and subcontractors.
The CO or MLRO/CO also has overall responsibility for ensuring that the Company’s policies and procedures are complied with and are sufficient to meet the requirements of the law. This will involve periodic testing (at least annually) of the Company’s systems, including reviewing relevant records to ensure that the policies and procedures are operating properly.
All principals and managers are responsible for ensuring that these policies, together with the accompanying procedures in the manual are followed for their customers.
The staff principal is responsible for ensuring that all principals and relevant staff have received adequate training and are aware of the Company’s policies and procedures.
K. Internal communication of such policies and procedures
The Company’s procedures are to be found on www.myethshop.com/aml
All principals, staff and sub-contractors will sign an annual “Awareness of money laundering procedures” form to confirm that they have had the relevant training and will comply with the Company’s procedures.