Taking effect on 1 March 2018, Hong Kong government pushed two new set of complex amendments in The Companies Ordinance (“CO”) and The Anti-Money Laundering and Counter-Terrorist Financing Ordinance (“AMLO”). The timing was just prior to the review by Financial Action Task Force (“FAFT”) due that year. The government said these changes in legislations can improve the Hong Kong’s overall standing as an international financial centre by addressing the preventative regulations of commercial entities and non-financial services providers from abuse by criminals for money laundering.
This upgrade in the CO and AMLO has incorporated new features which are stated in the FAFT’s guidelines and recommendations on the scope of anti-money laundering (AML) and counter-terrorist financing (CTF), so the upgrade also sounds like an message to the world that Hong Kong is catching up the trend in the scope.
Since the upgrade has been in place for 1 year, it’s time to review of how these AML/CTF regimes are working in Hong Kong in case you plan to start a Hong Kong company or you have to maintain your companies.
Part 1 – The CO amendments
Focusing on the disclosure of ownership of commercial legal entities registered in Hong Kong without compromising the privacy of these owners, the amendment in CO adds new statutory requirements on every Hong Kong-incorporated companies, the companies are obligated to the following:
- The company must keep and maintain a Significant Controllers Register (“SCR”) of the company.
- The company must identify all the Significant Controllers(“SC”) of the company.
- The SCR of the company must record the up-to-date ownership information and contact details of its “SC”.
- The SCR must be kept in Hong Kong, its location must be registered to the Companies Registry (“CR”) if it is not kept in the Register Office Address. The CR must be notified in case of change of the SCR location within 15 days after the change.
- The Hong Kong law enforcement officers can inspect the SCR on demand.
- The company must appoint at least one Designated Representative (“DR”).
- The DR must be a natural person resident in Hong kong, and either the company’s shareholder, director or the company’s employee. Alternatively, the company can hire either one of the following Hong Kong professionals to act as the DR: a Hong Kong Certified Public Accountant (“HKCPA“), a solicitor, or a Hong Kong Trust or Company Service Provider (TCSP).
- The DR must be available to provide assistance for the law enforcement on the matter of the SCR.
Privacy of the owners is safe.
The concept of SCR is now recognized in the international community and regulatories. We have seen the implementation of similar system to enhance the transparency of beneficial ownerships and significant control in major financial hubs, the United Kingdom, Singapore, the Cayman Islands, the British Virgin Islands and Bermuda are inclusive.
A distinctive of the Hong Kong SCR system is that only the law enforcement offices in Hong Kong have rights to access the company’s SCR which is kept by the company in a registered private location. Therefore, the public do not have access to the SCR.
Overall, these amended requirements enhance Hong Kong’s standing as an pro-business, open, entrusted and competitive jurisdiction.
Who will be the Significant Controllers?
In terminology, the government adopts the term and definition of “Significant Controllers” in the CO, instead of using the “Beneficial Owner” which is commonly used in the bank and financial industries to prevent the public from confusion.
To test if a natural person is a SC, the CO adopts the “25% test”: in a simplified sense, a nature person is a significant controller of a company when he/she has 25% or above of voting rights, issued shares, or right to share of profits, under both direct or indirect manner.
In addition to the “25% test”, a person is regarded as a SC if he/she is able to exercise significant influence or control over the company, includes but not limited to appointment or removal of the majority of the board of director.
How to identify indirect control of the company?
Indirect control of a company is usually exercised in two ways:
A controller spread his/her ownership over a company among a chain of legal entities (e.g. trust, foundation or company) which are the shareholder of his/her controlled company, and/or;
A controller appoints nominees to act as his/her controlled company’s shareholder.
However, the CO states the company has obligation to carry out reasonable investigation to trace upwards if there is any person having significant control over the company.
The reasonable investigation includes to review the company’s register of members, the articles of association, shareholders agreements or other agreements, and to send notice to any person who is believed to be the significant controller of the company and any person who know the identify of the significant controller.
Such notice must be issued to the SC or the related person within 7 days of the knowledge or belief of the identification of the SC.
What information should be record in the SCR?
The SCR should be either written in English or Chinese.
Empty SCR is not acceptable in any case. It is because the SCR must include the details of all the DR of the company, and even in a very rare situation that the company does not have any significant controller, the company must note in the SCR that “the company knows, or has reasonable cause to believe, that it has no significant controller”.
Although not required by the law, the SCR should start with a brief description about the distribution of significant control of the company in the time of writing (Who? When? How?).
Addition, removal and change of details of any significant controllers must be made within 7 days after the change is effective.
Firstly, the details of the significant controllers should be tabulated:
- The date of entry
- Full Name of registrable person / legal entity
- The particulars:
- For any legal entity:
Legal form (e.g. limited company), Place of incorporation (i.e. the jurisdiction of the governing law), Registration number, Address of registered office, Date of becoming a registrable legal entity, Nature of control over the company
- For any person:
Correspondence address, HKID / (if HKID is not available) Passport no. and issuing country, Date of becoming a registrable person nature of control over the company
- For any legal entity:
Secondly, the details of the designated representatives:
- The date of entry
- Full Name
- Capacity / Professional (i.e.: director / shareholder / accounting professional / legal professional / TCSP)
- Contact details: Correspondence address / Telephone
How to obtain and update the required particulars of a Significant Controller?
The company must take reasonable steps to obtain and update the information, these include to review the company’s incorporation document, registration documents, financial documents, business agreements, shareholder agreements and any other agreements, and to issues notice to to the Significant Controllers or the person who have the identity of the Significant Controllers to request the required information.
The company must issue such notice to the SC and the related person within 7 days of the acknowledge or belief of the identification of the SC.
What is the consequence of non-compliance to the SCR requirements
Pursuant to the amended CO, the company and its responsible person failed to comply with the SCR requirements face a Level 4 fine (currently at HK$ 25,000); For failure in keeping the particulars in SCR updated, the fine would be at Level 4 in additional to accumulative fine at HK$700 per day.
The steepest penalty is where a person knowingly or recklessly makes a misleading statement which is false or deceptive in a material particular. This is a criminal office and incurs a fine of up to HK$300,000 and two years’ imprisonment.
In addition to the penalty on the company, the person who does not respond to the notice issued by the company in relation to its duty to obtain required particular of any SC within 1 month from the date of the notice, he/she may be criminally liable.
The CR provides the public for the highlight of prosecution cases due to non-compliance, it’s available here.
The CR has published guidelines for providing guidance in relation to producing, keeping and updating the SCR, which are accessible here.
Part 2 – The AMLO Amendments
The AMLO amendments brings 2 new sets of regulatory in effect:
- The AML procedures including statutory customer due diligence (“CDD”) and record-keeping requirements which have been applied on the financial institutions are extended and applied on specific legal professionals, accounting professionals, business professionals and trusts or company service providers (“TCSP”) when these professionals (collectively called designated non-financial businesses and professions (“DNFBP”)) engage in specified “trust or company service” with clients.
- The introduction of licensing regime for TCSPs requires any person (excluding the exempted professionals who are regulated by their professional bodies on this matters) who provide trust or company services as a business in Hong Kong to apply for a TCSP licence from the CR. The CR grants a TCSP license to a person (or a corporate) if the person (or the relevant persons and “ultimate owners” of the corporate) can satisfy the “fit-and-proper” test(s) and on-going compliance. The TCSP license is valid for 3 years.
What does trust or company service mean?
“Trust or company service” is a collection of business services, it includes acting or arranging for another person to act as a trustee of an express trust or a similar legal arrangement, or as a nominee shareholder for a person (other than a corporation whose securities are listed on a recognised stock market). It also includes the provision of a registered office, business address, correspondence or administrative address for a corporation, a partnership or any other legal person or legal arrangement.
What are the new compliance of TCSP licensees? (What are implication on their clients?)
TCSP licensees must comply with the AML and CTF requirements which is similar to that of financial institutions and other DNFBPs. To fulfill the requirements, TCSP licensees must deploy an internal system (collectively called as AML/CTF system) on the following:
- customer risk assessment
- customers ongoing monitoring
- suspicious transactions reporting
- keeping records
- staff training
For new or existing customers of the TCSP, the TCSPs must conduct CDD to know the true identity of their customers, and keep records of the identification data, and account and business correspondence for a minimum of at least five years. The TCSPs need to create a risk profile of a customer, the TCSP should take into account factors including:
- the products and services offered by the customers
- the geographical locations of the customers and their business
- the channel of delivery of the products and services
- the category of the customer’s customers
When any transaction with a customer is unusual or suspicious, or is not consistent with the customer’s business or risk profile known to the TCSP licensee, or there is a material change in how the customer’s account is operated. The TCSP licensee should terminate the business relationship with the customer as soon as reasonably practicable.
If a TCSP licensee fails to comply with the AMLO Requirements, the CR may exercise the power to withdraw the TCSP licensee, order the TCSP licensee to take specified action, and impose a maximum fine at HK$ 500,000.
How to tell if a TCSP has done enough to know the customers?
There is no cookie-cutter solution to access every customers since these are no identical customers and business are ever evolving. The reference, the proof, and the records to determine whether a customer is risk-free is potentially open ended.
In practice, identifying an SC of the customer is especially complex when Hong Kong incorporated companies involve trusts as the shareholders. To evaluate the profile, the TSCP would question that the protector, beneficiary and settlor be an SC over a trust structure aside from the trustees. It is not a straightforward answer to this question.
The CR has uploaded guidelines about licensing of TCSPs and compliance with AML/CTF Requirements by TCSPs, which can be downloaded here.
In scope of the regulatory of AML and CTF, there is an area for the law enforcement officers to seek information. It is because the right to privacy protection versus regulation against crime is an unending debate.