Today, Q5 through Q8 (see yesterday’s post for Q1-Q4):
Q5: What is the requirement on who should be present at account opening for a corporate and is it a requirement to have all directors and beneficial owners be present at account opening?
A5: Generally, a corporate account is opened in the name of the corporate by a single individual who acts on behalf of that corporate. The basic requirement is for AIs to identify and verify the identity of that individual as well as obtain written authority to verify that the individual has the authorization of the corporate to establish a business relationship with the AI concerned.
While information on connected parties of the corporate, where appropriate (e.g. identities of beneficial owners, names of directors, etc.), may be required during the CDD process, the presence of two or more, or all directors or beneficial owners at the time of account opening is not required by the HKMA.
Q6: Are AIs required to understand the rationale for an overseas company to seek to establish a business relationship in Hong Kong? Are AIs required to take additional CDD measures if a company is incorporated offshore or has foreign directors or beneficial owners?
A6: Obtaining information on the purpose and intended nature of the banking relationship being established, including the reason for establishing the relationship, is a standard CDD measure applicable to all types of customers and cascades from international standards which Hong Kong is required to apply. In some cases the purpose and intended nature will be obvious or self-evident and therefore may not need to be provided by the customer, having regard to the types of accounts to be established or services/products to be used.
Applications for account opening should not be rejected merely because the customer is incorporated or established offshore, or because the beneficial owners or directors of a corporate customer are non-residents. AIs’ on-boarding process should recognise that offshore establishment and non-resident directors, etc. are common profiles for many corporates seeking banking services in an international financial centre, like Hong Kong. Similarly, in addition to collecting the information, AIs should view residence of connected parties as only one part of the CDD and risk profiling exercise, and understand the rationale why a particular type of business relationship is sought, taking into account the customer’s business model or mode of operation.
Q7: Why is certification of documents required as part of the CDD process?
A7: AIs should identify and verify the identity of a customer by reference to documents, data or information provided by a reliable and independent source. To ensure reliability, an AI should generally have sight of the original identification documents by its staff and retain a copy of the identification document. However, where the customer is unable to produce an original document (e.g. a customer is not physically present), AIs may consider accepting a copy of the identification document which is certified to be a true copy by a suitable certifier.
A list of suitable certifiers is provided in paragraph 4.12.4 of the AML Guideline, which is non-exhaustive, allowing AIs to accept other independent and reliable certifiers (e.g. a professional third party or a bank staff) where appropriate to do so, having consideration to paragraph 4.12.6 of the AML Guideline. Furthermore, there is no requirement that a certifier must be located in Hong Kong.
Certification can be time consuming and costly, so there is no need or expectation to require certification for all other CDD information or documents provided by the customer, or require certification at all if the AI is able to check the documents against public sources. Moreover, as a general rule, customers should always be provided with the opportunity, if they wish to do so, to present their original documents to bank staff.
Q8: Who should be treated as a person purporting to act (“PPTA”) on behalf of a corporate customer pursuant to section 2(1)(d) of Schedule 2 to the AMLO?
A8: A corporate customer often has a number of individuals who are authorized to give instructions to the AI concerned on various activities that may be conducted through the account or the business relationship. Whether the individual is considered to be a PPTA on behalf of a corporate customer should be determined based on the nature of that person’s roles and the activities which he or she is authorized to conduct, as well as the ML/TF risks associated with these roles and activities. For example, authorized dealers and traders in an investment bank or asset managers would not ordinarily be considered to be a PPTA. For the avoidance of doubt, the person who is authorized to act on behalf of a customer to establish a business relationship with an AI should always be treated as a PPTA.
Irrespective of whether an individual is considered to be a PPTA for AML/CFT purposes, AIs should continue to ensure that operational risk and / or fraud controls are in place.