All financial businesses (which includes DNFBPs) and NPOs are required to comply with the following AML/CFT/PFT requirements:
In respect of financial businesses:-
1. appointing a money laundering compliance officer who is responsible for implementing the AML compliance program (does not apply to NPOs);
2. appointing a money laundering reporting officer who is responsible for receiving internal reports of suspicious activity, considering whether to report same to the FIA, and reporting suspicious activity to the FIA (does not apply to NPOs);
3. conducting a risk assessment of the business’ activities to assess and document the risk of a money laundering offence or a terrorist and proliferation financing offence (ML/TF/PF) occurring in the course of the business activities (does not apply to NPOs but NPOs should assess their money laundering and terrorist financing risks);
4. developing and applying written compliance policies and procedures that are kept up to date and, in the case of an entity, are approved by a senior officer (does not apply to NPOs but NPOs are encouraged to have written policies and procedures to detect money laundering and terrorist financing);
5. application of appropriate CDD measures (NPOs are required to undertake due diligence measures to know their donors, beneficiaries and partners).
6. termination of relationships or ceasing of transactions if CDD measures cannot be applied;
7. application of EDD measures to compensate for the higher risk of ML/TF;
8. prohibition of numbered accounts, anonymous accounts or accounts with names that are fictitious;
9. freezing and reporting on the freezing of assets of individuals and entities designated under a financial sanctions regime;
10. keeping of records specified in regulation 18(2) of the AML Regulations in the manner specified in regulations 18(1)(4)(5);
11. developing and maintaining a written, ongoing compliance training program for employees, agents or other authorized persons;
12. instituting and documenting a plan for the ongoing compliance training program and delivering the training (training plan); and
13. instituting and documenting a plan for review of the compliance program for the purpose of testing its effectiveness and carrying out this review at least every two years (two-year effectiveness review).
In respect of NPOs:-
1. there must always be at least two controllers;
2. prepare and submit annual financial statements on the NPO’s revenue and expenditure to the NPO Supervisor;
3. pay to the NPO Supervisor a fee of $100 upon submitting its financial statements;
4. where an NPO’s gross annual income exceeds $500,000, the financial statement must be certified by an accountant;
5. operate in accordance with its governing document;
6. within 14 days of a change occurring, provide written notification to the NPO Supervisor of the following changes:
changes to the non-profit organisation’s purposes, objectives and activities;
changes of office-bearers, their addresses and other contact details;
changes of the non-profit organisation’s address and other contact details; and
changes to the governing instrument
7. Keep the following records for a period of at least five years –
financial records that show and explain its transactions, within and outside the TCI, and which are sufficiently detailed to show that funds have been used in a manner consistent with the purposes, objectives and activities of the organisation and show the source of the NPO’s gross annual income.
administrative records which include due diligence records i.e. identification and principal residential address records for all controllers, the governing document that sets out the purpose, objectives, activities and regulating powers of the NPO and all amendments to the document, register of controllers listing the name, address, occupation, date of appointment and departure, and position of controllers, corporate records if the NPO is a non-profit company (refer to the Companies Ordinance for more information), records which relate to the distribution of the NPO’s funds including any reason(s) for selecting beneficiaries, and information on beneficiaries such as name, principal residential address, sex and age.