📑AML and KYC Policies
HKD.com’S AML/KYC POLICIES AND PROCEDURES
This Policy relates to the anti-money laundering and countering the financing of terrorism (“AML/KYC”) policies and procedures of HKD.com/global ("HKD.com"). This Policy is solely for the purpose of providing general information and is not, in any way, legally binding either on HKD.com and/or on any other person(s) (natural or otherwise).
A. HKD.com's Principles and Approach to AML/KYC Efforts
HKD.com is committed to supporting AML/KYC efforts, in principle, we are committed to, amongst other things:
exercising due diligence when dealing with our customers, natural persons appointed to act for our customers ‘behalf;
conducting our business in conformity with high ethical standards, and to, as far as possible, guard against establishing any business relations that is or may be connected with or may facilitate money-laundering or terrorism-financing;
we will, to the fullest extent possible, assist and cooperate with relevant law authorizes to prevent the threat of money-laundering and terrorism-financing.
B. HKD.com’s Approach to Risk Assessment and Risk Mitigation
Risk Assessment
We envisage that the majority of our customers would be retail customers,
We would:
a. document and/or collect documentation in relation to:
the identities of our customers;
the countries or jurisdictions that our customers are from or in; and
b. ensure that, to the best of our knowledge, skill and ability, that our customers, connected persons of a customer, natural persons appointed to act on behalf of a customer, beneficial owners of a customer will be assessed and screened with the assistance of List of Designated Individuals and Entities which include categories such as: the Democratic People’s Republic of Korea; the Democratic Republic of the Congo; Iran; Libya; Somalia; South Sudan; Sudan; Yemen; the UN 1267/1989 Al-Qaida List; the UN 1988 Taliban List; persons identified in the First Schedule of the Terrorism(Suppression of Financing) Act (Cap. 325).
Risk Mitigation
If identified, we shall not deal with any persons identified in the List of Designated Individuals and Entities.
C. Our Approach to New Products, Practices and Technologies
We shall be properly advised, in relation to, identifying and assessing the money laundering and terrorism financing risks that may arise in relation to:
the development of new products and new business practices, including new delivery mechanism;
the use of new or developing technologies for both new and pre- existing
We shall especially pay special attention to any new products and new business practices, including new delivery mechanism, and new or developing technologies, that favour anonymity such as digital tokens (whether security, payment and/or utility tokens) that favour anonymity.
D. Our Approach to Customer Due Diligence (“CDD”)
We do not open, maintain or accept anonymous accounts or accounts in fictitious names.
We do not establish business relations with, or undertake a transaction for a customer that we have any reasonable grounds to suspect that the assets or funds of a customer are proceeds of drug dealing or criminal conduct. We shall lodge a Suspicious Transaction Report and extend a copy to the relevant Financial Intelligence Unit for such transactions.
We perform Customer Due Diligence:
when we establish business relations with any customer;
when we undertake any transaction for any customer whom we had not established business relations with;
when we effect or receive digital payment tokens by value transfer for any customer whom we had not established business relations with;
when we have suspicion of money-laundering or terrorism financing;
when we have doubts about the veracity or adequacy of any information
When we suspect that there are 2 or more transactions are or may be related, linked or the result of a deliberate restructuring of an otherwise single transaction into smaller transactions in order to evade the Prevention of Money Laundering and Countering the Financing of Terrorism measures, we shall treat the transactions as a single transaction and aggregate their values for the purpose of complying with Prevention of Money Laundering and Countering the Financing of Terrorism principles.
Identifying our Customers
We shall identify each of our customers.
To identify our customers, we shall obtain, at least:
their full names, including aliases;
their unique identification numbers (such as an identity card number, birth certificate number, or passport number, or where the customeris not a natural person, their business registration numbers);
AND
their date of births, establishment, incorporation or registration; and
their nationality, place of incorporation or registration
Where the customer is a legal person or legal arrangement, we shall apart from obtaining the relevant information as aforesaid above, identify its legal form, constitution and powers that regulate and bind the legal person or legal arrangement; we shall also identify connected parties of it (e.g., directors, partners of and/or persons having executive authority of it), by obtaining at least the following information of each connected party:
full name, including aliases; and
unique identification number such as identify card number, birth certificate number, or passport number of the connected party).
Verifying the Identities of our Customers
We shall verify the identities of our customers using reliable, independent source data, documents or information. Where our customer is a legal person or legal arrangement, we shall verify the legal form, proof of existence, constitution and powers that regulate and bind the customer, using reliable, independent source data, documents or information.
Identifying and Verifying the Identities of Natural Persons Appointed to Act on a Customer’s behalf
Where a customer appoints 1 or more natural persons to act on his behalf in establishing business relations with us, or if the customer is not a natural person we shall:
identify each natural person who acts or is appointed to act on behalf of the customer by obtaining:
their full name;
their unique identification number;
date of birth;
nationality; and'
verify the identities of the aforesaid natural persons using reliable, independent source data, documents or
We shall also verify due authority of each natural person appointed to act on behalf of our customers by obtaining:
appropriate documentary evidence authorizing the appointment of such natural persons by our customers;
the specimen signature of each natural person
Where the customer is a Government entity, we shall only obtain such information as may be required to confirm that the customer is a Government entity as asserted.
Identifying and Verifying Beneficial Owners
We will inquire if there exist any beneficial owners in relation to a customer.
Where there is 1 or more beneficial owner in relation to a customer, we shall identify the beneficial owners and take reasonable measures to verify the identities of the beneficial owners using relevant information or data obtained from reliable, independent sources. We shall:
if the customer is a legal person –
identify the natural persons (whether acting alone or together) who ultimate own the legal person;
where there is doubt as to whether as to whether natural persons who ultimately own a legal person are the beneficial owners or where no natural person ultimately own the legal person, identify the natural persons (if applicable) who ultimately control the legal person or have ultimate effective control of the legal person; and
where no natural persons are identified, identify natural persons having executive authority in such legal persons;
if the customer is a legal arrangement –
for trusts, identify the settlor, the trustee, the protector (if applicable), the beneficiaries, any natural person exercising ultimate ownership, ultimate control or ultimate effective control over the trust; and
for other types of legal arrangements, identify person in equivalent positions.
Where our customer is not natural person, we shall identify the nature of our customers’ business, its ownership and control structure.
We shall be required if there exist any beneficial owners for customers who are:
an entity listed on the stock Exchange;
an entity listed on a stock exchange that is subject to regulatory disclosure requirements; and requirements relating to adequate transparency relating to its beneficial owners;
a financial institution;
a financial institution that is subject to and supervised for compliance with AML/CFT requirements consistent with standards set by FATF; or
an investment vehicle where the managers are financial institutions, or are subject to and supervised for compliance with AML/CFT requirements consistent with standards set by the FATF;
unless we have doubts about the veracity of the CDD information, or suspect that our customers, business relations with, or transactions for the customer, may be connected with money laundering or terrorism financing.
We shall also document the basis for our determination.
Information on the Purpose and Intended Nature of Business Relations and Transaction Undertaken without an Account being Opened*
We shall, when processing the application to establish business relations or undertake transactions without being opened, understand and as appropriate, obtain from the customer information as to the purpose and intended nature of business relations or transaction.
Review of Transactions Undertaken without an Account being Opened*
Where we undertake one or more transactions for a customer without an account being opened (“current transaction”), we shall review the earlier transactions undertaken by that customer to ensure that the current transaction is consistent with our knowledge of the customer, its business and risk profile and where appropriate, the source of funds.
Where we establish business relations with a customer, the payment service provider shall review any transaction undertaken before the business relations are established, to ensure that the business relations are consistent with our knowledge of the customer, its business and risk profile and where appropriate, the source of funds.
We shall pay special attention to all complex, unusually large or unusual patterns of transactions undertaken without an account being opened that have no apparent or visible economic or lawful purpose. We shall, to the extent possible, inquire into the background and purpose of the aforesaid transactions and document its findings with a view to making this information available to the relevant authorities should the need arise.
For the purposes of reviewing transactions undertaken without an account being opened, we shall put in place and implement adequate systems and processes, commensurate with the size and complexity of the payment service provider to:
monitor its transactions undertaken without an account being openedfor customers; and
detect and report suspicious, complex, unusually large or unusual patterns of transactions undertaken without an account being
Where there are any reasonable grounds for suspicion that a transaction for a customer undertaken without an account being opened is connected with money laundering or terrorism financing, and where we consider it appropriate to undertake the transaction, the payment service provider shall substantiate and document the reasons for undertaking the transaction.
Ongoing Monitoring
We shall monitor business relations with our customers on an ongoing basis. We shall, during the course of business relations with a customer, observe the conduct of the customer’s account and scrutinise transactions undertaken throughout the course of business relations, to ensure that the transactions are consistent with our knowledge of the customer, its business and risk profile and where appropriate, the source of funds.
We shall perform our risk mitigation measures where the transaction involves a transfer of digital payment token to or receipt of a digital payment token from an entity other than:
a financial institution;or
a financial institution that is subject to and supervised for compliance with AML/CFT requirements consistent with standards set by the FATF.
We shall pay special attention to all complex, unusually large or unusual patterns of transactions, undertaken throughout the course of business relations, that have no apparent or visible economic or lawful purpose. We shall, to the extent possible, inquire into the background and purpose of the aforesaid transactions and document its findings with a view to making this information available to the relevant authorities should the need arise.
For the purposes of ongoing monitoring, we shall put in place and implement adequate systems and processes, commensurate with the size and complexity of the payment service provider to:
monitor its business relations with customers; and
detect and report suspicious, complex, unusually large or unusual patterns of transactions undertaken throughout the course of business relations.
We shall ensure that the CDD data, documents and information obtained in respect of customers, natural persons appointed to act on behalf of the customers, connected parties of the customers and beneficial owners of the customers, are relevant and kept up-to-date by undertaking reviews of existing CDD data, documents and information, particularly for higher risk categories of customers.
Where there are any reasonable grounds for suspicion that existing business relations with a customer are connected with money laundering or terrorism financing, and where we consider it appropriate to retain the customer:
we shall substantiate and document the reasons for retaining the customer; and
the customer’s business relations with us shall be subject to commensurate risk mitigation measures, including enhanced ongoingmonitoring.
Where we assess the customer or the business relations with the customer to be of higher risk, the payment service provider shall perform enhanced CDD measures, which shall include obtaining the approval of our senior management to retain the customer.
CDD Measures for Non-Face-to-Face Business Relations or Non-Face-to- Face Transactions Undertaken without an Account Being Opened*
We shall develop policies and procedures to address any specific risks associated with non-face-to-face business relations with a customer or nonface-to-face transactions undertaken without an account being opened for a customer (“non-face-to-face business contact”).
We shall implement the policies and procedures when establishing business relations with a customer and when conducting ongoing due diligence.
Where there is no face-to-face contact, the payment service provider shall perform CDD measures that are at least as stringent as those that would be required to be performed if there was face-to-face contact.
Where a payment service provider conducts its first non-face-to-face business contact, the payment service provider shall, at his or its own expense, appoint an external auditor or an independent qualified consultant to assess the effectiveness of the policies and procedures, including the effectiveness of any technology solutions used to manage impersonation risks.
We shall appoint an external auditor or an independent qualified consultant to carry out an assessment of the new policies and procedures, and shall submit the report of the assessment to the Authority no later than one year after the implementation of the change in policies and procedures.
Reliance by Acquiring Payment Service Provider on Measures Already Performed
When we (“acquiring payment service provider”) acquires, either in whole or in part, the business of another payment service provider, we shall perform the measures on the customers acquired with the business at the time of acquisition except where the acquiring payment service provider has:
acquired at the same time all corresponding customer records (including CDD information) and has no doubt or concerns about the veracity or adequacy of the information so acquired; and
conducted due diligence enquiries that have not raised any doubt on the part of the acquiring payment service provider as to the adequacy of AML/CFT measures previously adopted in relation to the business or part thereof now acquired by the acquiring payment service provider, and document such process.
Measures for Non-Account Holder*
If we undertake any transaction for any customer who does not otherwise have business relations with us, we shall:
perform CDD measures as if the customer had applied to the payment service provider to establish business relations; and
record adequate details of the relevant transaction so as to permit the reconstruction of the transaction, including the nature and date of the transaction, the type and amount of currency involved, the value date, and the details of the payee or beneficiary
Timing for Verification
We shall complete verification of the identity of a customer, natural persons appointed to act on behalf of the customer and beneficial owners of the customer before:
the payment service provider establishes business relations with the customer;
the payment service provider undertakes any transaction for the customer, where the customer has not otherwise established business relations with the payment service provider; or
the payment service provider effects or receives digital payment tokens by value transfer for the customer, where the customer has not otherwise established business relations with the payment service provider.
We provider may establish business relations with a customer before completing the verification of the identity of the customer, natural persons appointed to act on behalf of the customer and beneficial owners of the customer if:
the deferral of completion of the verification is essential in order not to interrupt the normal conduct of business operations; and
the risks of money laundering and terrorism financing can be effectively managed by the payment service
Where we establish business relations with a customer before verifying the identity of the customer, natural persons appointed to act on behalf of the customer, and beneficial owners of the customer, we shall:
develop and implement internal risk management policies and procedures concerning the conditions under which such business relations may be established prior to verification; and
complete such verification as soon as is reasonably
Where Measures are Not Completed
Where we are unable to complete the measures as required, we shall not commence or continue business relations with any customer, or undertake any transaction for any customer.
Where we are unable to complete the measures, the payment service provider shall consider if the circumstances are suspicious so as to warrant the filing of an STR.
Completion of the measures means the situation where the payment service provider has obtained, screened and verified (including by delayed verification as allowed under paragraphs 6.43 and 6.44) all necessary CDD information under paragraphs 6, 7 and 8, and where the payment service provider has received satisfactory responses to all inquiries in relation to such necessary CDD information.
Joint Accounts
In the case of a joint account, we shall perform CDD measures on all of the joint account holders as if each of them were individually customers of the payment service provider.
Screening
We shall screen a customer, natural persons appointed to act on behalf of the customer, connected parties of the customer and beneficial owners of the customer against relevant money laundering and terrorism financing information sources, as well as lists and information provided by the Authority for the purposes of determining if there are any money laundering or terrorism financing risks in relation to the customer.
We shall screen the persons:
when, or as soon as reasonably practicable after, we establish business relations with a customer;
before we undertake any transaction for any customer who has not otherwise established business relations with the payment service provider;
before we effect or receive digital payment tokens by value transfer, for a customer who has not otherwise established business relations with us;
on a periodic basis after we establishes business relations with our customers; and
when there are any changes or updates to:
the lists and information provided by the Authority to the payment service provider; or
the natural persons appointed to act on behalf of a customer, connected parties of a customer or beneficial owners
We shall screen all value transfer originators and value transfer beneficiaries, against lists and information provided by the Authority for the purposes of determining if there are any money laundering or terrorism financing risks.
We shall document the results of all screening.
E. Our Approach to Enhanced Customer Due Diligence
Politically Exposed Persons
We shall use all reasonable means to determine if a customer, any natural person appointed to act on behalf of a customer, any connected party of the customer or any beneficial owner of the customer is a politically exposed person, or a family member or close associate of a politically exposed person.
We shall, in addition to performing CDD measures, perform at least the following enhanced due diligence measures where a customer or any beneficial owner of the customer is determined by us to be a politically exposed person, or a family member or close associate of a politically exposed person:
obtain approval from senior management to establish and continue business relations with the customer;
establish by reasonable means, the source of wealth and source of funds of the customer and any beneficial owner of the customer; and
conduct, during the course of business relations with the customer, enhanced monitoring of the business relations with the customer. We shall increase the degree and nature of monitoring for any transactions that appear unusual
Higher Risk Categories
We recognize that the following circumstances where a customer presents or may present a higher risk for money laundering or terrorism financing include but are not limited to the following:
where a customer or any beneficial owner of the customer is from or in a country or jurisdiction in relation to which the FATF has called for countermeasures, the payment service provider shall treat any business relations with or transactions for any such customer as presenting a higher risk for money laundering or terrorism financing; and
where a customer or any beneficial owner of the customer is from or in a country or jurisdiction known to have inadequate AML/CFT measures, as determined by the payment service provider for itself or notified to payment service providers generally by the Authority or other foreign regulatory authorities, the payment service provider shall assess whether any such customer presents a higher risk for money laundering or terrorism
We will perform enhanced CDD for customer who presents a higher risk for money laundering or terrorism financing or any customer the Authority notify to us as presenting higher risk for money laundering and terrorism financing.
F. Our Approach to Bearer Negotiable Instrument and Restriction of Cash Payout
We will not make any payment for any sum of money in the form of a bearer negotiable instrument. We will not pay any cash in any amount in the course of carrying on our business.
G. Our Approach to Value Transfer(to be implemented when required)*
If we are the ordering institution, before effecting a value transfer, we shall:
identify the value transfer originator and take reasonable measures to verify his or its identity (if we have not already done so); and
record adequate details of the value transfer including but not limited to, the date of the value transfer, the type and value of digital payment token) transferred and the value date.
If we are an ordering institution, we shall include in the message or payment instructions that accompanies or relates to the value transfer:
the name of the value transfer originator;
the value transfer originator’s account number (or unique transaction reference number if applicable);
the name of the value transfer beneficiary, and
the value transfer beneficiary’s account number (or unique transaction reference number if applicable).
Value Transfers Exceeding a particular threshold
For value transfer exceeding a particular threshold and if we are an ordering institution, we shall identify the value transfer originator and verify his or its identity, include in the message or payment instructions that accompanies or relates to the value transfer information and any of the following:
the value transfer originator’s-
residential address, or
registered or business address, and if different, principal place of business;
the value transfer originator’s unique identification number; or
the date and place of birth, incorporation or registration of the value transfer
We shall immediately and securely submit to the beneficiary institution all value transfer originator and value transfer beneficiary information, and shall document all such information. Where we in the capacity as an ordering institution are not able to comply with the requirements, we shall not execute the value transfer.
If we are the beneficiary institution, we shall take reasonable measures to identify value transfers that lack the required value transfer originator or required value transfer beneficiary institution.
For value transfers where we as the beneficiary institution pays out transferred digital payment token(s) in cash or cash equivalent to a value transfer beneficiary, we shall identify and verify the identity of the value transfer beneficiary (if the identity has not been previously verified).
We shall always conduct a review prior to executing a value transfer lacking the required value transfer originator or value transfer beneficiary information, and document our follow-up action.*
If we are the intermediary institution, we shall retain all information pertaining to a value transfer.
When we as an intermediary institution effect a value transfer to another intermediary institution or beneficiary institution, we shall immediately and securely provide the information accompanying the value transfer, to that other intermediary institution or beneficiary institution.
If we are a receiving intermediary institution, we shall keep a record for at least five years for all information received from an ordering institution or another intermediary institution.
We shall take reasonable measures to identify value transfers that lack the required value transfer originator or value transfer beneficiary information when straight-through processing.
H. Record Keeping
We will keep proper records as required for a time period of at least 5 years.
I. Personal Data*
We will safeguard the personal data of our customers in the manner prescribed.
J. Suspicious Transactions Reporting (“STR”)
We will inform the relevant authorities and file STR Reports as required by law. We will also keep all records and transactions relating to all such transactions and STR Reports.
K. Our Policies on Compliance, Audit and Training
Amongst other things, we shall appoint an AML/CFT Compliance Officer at the Management Level, maintain an independent audit function, and take proactive measures in regularly training our employees and employees on AML/CFT matters.
Enterprise-wide money-laundering/terrorism financing risk assessment
We will employ and enterprise-wide money-laundering/terrorism financing risk assessment in 3 phases:
Phase 1: Assessing inherent risk
We will assess the inherent risk in relation to our:
customer or entity: we will make an assessment in relation to our customers and/or entities we deal with;
product or services: we will and are mindful of who we serve in our cryptocurrency OTC services;
3. Geographical level: we will not deal with customers from the List of Designated Individuals and Entities.
Phase 2: Assessing mitigating control
We will assess our mitigating controls in relation the aforesaid, any and/or all customer(s) whom we find suspicious will be first monitored, followed by exercising enhanced due diligence.
Phase 3: Assessing residual risk
We will assess our residual risks after assessing our mitigating controls.
Last updated