Editor | Wu said blockchain
Link to the original text (Chapter 12):
https://www.sfc.hk/-/media/TC/assets/components/codes/files-current/zh-hant/guidelines/guideline-on-anti-money-laundering-and-counter-financing-of- terrorism/AML-Guideline-for-LCs-and-SFC-licensed-VASPs_TC_1-Jun-2023.pdf?rev=77578ce554fb4e45bc8b3006375f1e69
This chapter provides guidance on the money laundering/counter-terrorist financing risks associated with virtual assets, and the AML/CFT regulations and standards to address those risks, including in a risk-based approach. Factors to be considered in risk assessment, requirements for virtual assets in the implementation of customer due diligence and ongoing monitoring, and requirements for virtual asset transfers and third party deposits and payments in the form of virtual assets.
For the purposes of this chapter, the term “virtual asset” means (i) any “virtual asset” as defined in section 53ZRA of the AMLO; and (ii) any security token. The term “Security Token” means an encryption-protected digital form of value constituting “securities” as defined in section 1 of Part 1 of Schedule 1 to the SFO.
Money laundering can be broken down into 3 common stages, often involving multiple transactions. Financial institutions should be on the lookout for signs of possible criminal activity. These stages include: (a) depository—disposing of cash proceeds from illicit activities or disposing of virtual assets derived from illicit activities; (b) layered transactions—through complex layers of financial anonymity techniques or mechanisms) to separate illicit proceeds from their origin, thereby hiding the origin of funds or virtual assets, disguising audit trails, and achieving anonymity; and (c) integration—creating a semblance of legitimacy to criminally derived wealth. When the process of layering transactions is successful, the integration scheme effectively funnels laundered proceeds back into the general financial system, giving the impression that such proceeds are derived from or involve legitimate business activities.
Transactions facilitated by virtual asset businesses may use cash as a medium of exchange, so such businesses may be used to store cash proceeds from criminal activity. In addition, the virtual asset business may be exploited to dispose or store virtual assets derived from illegal activities or associated with predicate crimes such as online scams, ransomware and other cyber crimes.
Virtual asset business may also be used in the second stage of money laundering, which is the process of layered transactions. These operations provide potential avenues for criminals or money launderers to significantly alter the form of funds (i.e. fiat currency) or virtual assets in question. This, in addition to converting cash on hand or other funds into virtual assets or converting one type of virtual asset into another, converts virtual assets derived from illegal activities or related to illegal origin into cash in hand or other funds only for the purpose of further obscuring the flow of funds and the identity of the holders or beneficial owners of the virtual assets.
To obscure the origin of virtual assets derived from illicit activities, criminals or money launderers may move assets between different wallet addresses, service providers, classes of virtual assets, or blockchains. They may leverage layering techniques specific to virtual assets, such as peel chains and chain-hopping. Virtual assets are sometimes enhanced through anonymous services (such as mixers or tumblers) and other enhanced anonymity technologies or mechanisms (such as virtual assets with enhanced anonymity functions or private coins, private wallets, etc.) Unhosted wallets, decentralized virtual asset exchanges, peer-to-peer platforms, or virtual asset businesses that are not regulated or have loose anti-money laundering/terrorist fund-raising control measures are harmful to criminals or Especially attractive to money launderers.
Before conducting a virtual asset transfer involving virtual assets equivalent to not less than RMB 8,000, the remittance institution must obtain and record the following remitter and payee information:
(a) the name of the sender;
(b) where the virtual asset is transferred from an account of the remitter with the remittance institution—the number of that account (i.e. the account used to process the transaction) (or, if there is no such account, the number of the remittance institution the unique reference number assigned to the transfer);
(c) the sender’s address, the sender’s customer identification number or identification document number, or the sender’s date and place of birth if it is an individual;
(d) the name of the payee;
(e) where the virtual asset is transferred to an account of the beneficiary with the beneficiary institution—the number of that account (i.e. the account used to process the transaction) (or, if there is no such account, the beneficiary unique reference number assigned to the transfer by the institution).
Additional information includes: Internet Protocol (IP) addresses with associated time stamps; geolocation data; and device identifiers.
Before conducting a virtual asset transfer involving virtual assets equivalent to less than 8,000 yuan, the remittance institution must obtain and record the following remitter and payee information:
(a) the name of the sender;
(b) where the virtual asset is transferred from an account of the remitter with the remittance institution—the account number (or, if there is no such account, the unique reference number assigned to the transfer by the remittance institution);
(c) the name of the payee;
(d) where the virtual asset is transferred to an account of the payee with the beneficiary institution—the account number (or, if there is no such account, the unique reference number assigned to the transfer by the beneficiary institution) .
Some signs of potential money laundering risk:
(a) Customers who have no apparent reason to use the services of a financial institution (for example, customers who open accounts for virtual asset trading services, but only deposit fiat currency or virtual assets and subsequently withdraw the entire balance or deposited absolutely most of the assets without other activities; or customers located outside Hong Kong open accounts with financial institutions to buy and sell virtual assets that are also provided by virtual asset service providers in their location);
(b) The client requests to provide virtual asset transaction services or transfer virtual assets, and the source of the relevant funds is unknown or inconsistent with the client’s status and apparent status;
(c) The client accesses the financial institution’s platform and/or places a transaction instruction from an IP address that may have a higher risk, such as an IP address that meets the following descriptions:
(i) from a higher risk jurisdiction;
(ii) does not correspond to the client’s circumstances (for example, the IP address is located in a jurisdiction that is not the client’s residence or principal place of business);
(iii) was previously identified as suspicious by a financial institution; or
(iv) is associated with “darknet” markets or software that enhances anonymity or allows anonymous communication (for example, proxy servers, unverifiable IP geolocation, virtual private networks, and The Onion Router);
(d) a customer accesses the financial institution’s platform from the same IP or MAC address as other apparently unrelated customers;
(e) Customers frequently change their contact information, such as email addresses and phone numbers, especially those that are disposable or for short-term use;
(f) The client changes the IP address or device used to access the financial institution’s platform and/or conduct transactions frequently or within a short period of time (for example, within a few hours).
(a) There is no apparent purpose to the sale or purchase of virtual assets, or the transactions appear to be unusual in nature, size or frequency. For example, if a client repeatedly trades virtual assets with a particular person or group of persons and makes substantial profits or suffers substantial losses from them, this may indicate that the transactions are part of a money laundering/terrorist financing scheme and are being used as transfer of value or obscuring the flow of funds, or the account may be taken over;
(b) Involves the mirror buying or selling or trading of virtual assets used for currency exchange for unlawful purposes or without apparent business purpose;
(c) convert virtual assets into legal tender at possible loss without regard to, for example, price fluctuations or high commission fees, without apparent commercial justification;
(d) For no logical or obvious reason, convert a large amount of fiat currency or virtual assets into other or multiple virtual assets, obscuring the flow of funds.
(a) placing orders in close proximity to each other for identical virtual assets that are thinly traded for accounts held by the same beneficial owner or by an associate of the client;
(b) A number of new clients are referred by the same person within a short period of time to open accounts for buying and selling the same virtual assets;
(c) Customers participating in pre-arranged or other non-auction transactions, especially this may also indicate that the customer’s account may be taken over ).
(d) Buying and selling certain virtual assets in equal quantities (“wash trading”) so as to create the appearance of active trading, while beneficial ownership of the virtual assets remains unchanged. Such wash trading does not reflect real market conditions and may provide a “cover” for money launderers;
(e) Accumulate virtual assets at small incremental prices and gradually increase the price of virtual assets over time;
(f) The customer buys a large amount of virtual assets in a short period of time, especially virtual assets with thin trading, and the scale of the transaction is not commensurate with the customer’s situation;
(g) a group of customers with the same transaction pattern (for example, buying the same virtual asset at the same or similar time, or at the same or similar price) (especially in the case of thinly traded virtual assets), authorizes the same individuals or third parties operate their accounts and/or transfer fiat currency or virtual assets between each other’s accounts.
(a) the customer uses a financial institution to make payments or hold funds or other property on its behalf, but the funds or property are little or not used to buy or sell virtual assets, that is, the account appears to be used as an escrow account or as a conduit for money transfer ;
(b) roll positions or transfer funds, virtual assets or other property between accounts that do not appear to be under the control of the same person or persons who are not clearly related;
(c) frequent transfers of funds, virtual assets or other property or check payments with unrelated or difficult to verify third parties;
(d) transfer funds or virtual assets with financial institutions or virtual asset service providers located in jurisdictions that pose a higher risk or are inconsistent with the customer’s stated residence, business transactions or interests without reasonable explanation transfers;
(e) Funds or virtual assets are transferred from different persons to the same person, or from the same person to different persons, without reasonable explanation. For example, jurisdictions in which virtual asset service providers are located do not prohibit or regulate virtual asset-related activities or services.
(f) frequently changing the details or information of the bank account or wallet address used to receive funds or virtual assets;
(g) A number of transactions involving high-value virtual assets that appear to be unusual in nature, frequency or pattern, such as transactions occurring within a short period of time (for example, within 24 hours) or in meaningful transactions after prolonged inactivity; A regular pattern of segmenting; the transfer of virtual assets to another wallet, especially a new wallet or a wallet that has been inactive for a period of time, which may indicate an opportunity for a ransomware attack or other cybercrime;
(h) virtual assets are transferred from wallet addresses known to hold stolen virtual assets or known to be associated with holders of stolen virtual assets;
(i) Immediately after depositing virtual assets (including deposits of virtual assets by new customers), conduct transactions that would incur additional or unnecessary costs or expenses without apparent legitimate purpose or commercial justification (for example, transferring deposited virtual assets to Assets are converted into other or multiple virtual assets, obscuring transaction clues, and/or immediately withdrawing all or part of the deposited virtual assets to non-custodial wallets);
(j) gradually transfer virtual assets (especially virtual assets held by third parties) from multiple wallets, and then transfer to another wallet, or convert all virtual assets into legal tender;
(k) Transactions involving virtual assets with strong anonymity (such as virtual assets with enhanced anonymity) (for example, depositing virtual assets operating on a public virtual assets);
(l) Clients use financial institutions to transfer unusual amounts (in terms of transaction volume or amount) from peer-to-peer platforms (such as peer-to-peer platforms with lax AML/CFT controls) without logical or apparent reason Count) virtual assets converted into legal tender;
(m) virtual asset transfers to and from wallet addresses with higher risks (for example, wallet addresses directly and/or indirectly associated with illegal or suspicious activities/sources or designated persons);
(n) Transfer of virtual assets that have always been associated with jump chains
(o) conduct frequent and/or large-value transactions involving virtual assets through virtual asset ATMs or self-service machines, particularly those located in jurisdictions with higher risks;
(p) information or information transmitted with the transfer of virtual assets indicates that the transaction may be used to finance or facilitate illegal activities;
(q) Individuals who are financially unstable and/or customers who have no previous knowledge of virtual assets participate in frequent and/or large transactions (especially deposits and withdrawals of funds and/or virtual assets) through financial institutions, which may is a sign of a money mule or victim of a scam;
(r) Deposits of large amounts of virtual assets, which are then converted into fiat currency, where the origin of the funds is unknown and the size of the transaction is inconsistent with the client’s background, which may imply that the deposited virtual assets are stolen assets;
(s) Customer funds or virtual assets originate from or are sent to a financial institution or virtual asset service provider (i) in the jurisdiction in which it operates (or is authorized by it to the jurisdiction in which the customer who supplies the product and/or service resides or is located) is not registered or licensed;
(ii) operate in jurisdictions that do not prohibit or regulate virtual asset-related activities or services, or customers whose products and/or services are provided by them reside or are located in such jurisdictions;
(t) The information required for virtual asset transfer is inaccurate or incomplete. For example, in the case of a remittance institution, the payee information provided by its customers is inconsistent with the information kept by the beneficiary institution, so that the cash register conducts a virtual asset transfer. The information required for asset transfer is inaccurate or incomplete. For example, in the case of a remittance institution, the payee information provided by its customers is inconsistent with the information kept by the beneficiary institution, so that the beneficiary institution may reject the request for virtual asset transfer or return the relevant virtual assets, or the payee information provided by its customers is inconsistent with the information noticed when screening the payee wallet address associated with the transfer of virtual assets;
(u) Clients with limited or no other assets at financial institutions receive large transfers of thinly traded virtual assets;
(v) Customer deposits virtual assets and requests to be credited to multiple seemingly unrelated accounts, and sells or otherwise transfers ownership of such virtual assets.
According to the “Notice on Further Preventing and Dealing with the Risk of Hype in Virtual Currency Transactions” issued by the central bank and other departments, the content of this article is only for information sharing, and does not promote or endorse any operation and investment behavior. Readers are requested to strictly abide by the laws and regulations of the region and do not participate in Any illegal financial conduct. It does not provide transaction entry, guidance, distribution channel guidance, etc. for any virtual currency, digital collection-related issuance, transaction and financing. Wu said that without permission, it is forbidden to reprint or copy the content, and those who violate it will be investigated for legal responsibility.
