By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

A Deep Dive into Hong Kong’s New AML Guidelines for VASPs: Part II

Catarina Veloso
Catarina Veloso
June 6, 2023
Catarina, Regulatory & Compliance Senior Associate at Notabene, specializes in global crypto regulations. With roles including co-chair of the CryptoUK Travel Rule group and part of the EBA Expert Group, she shapes Travel Rule compliance. Holds Masters in Energy Law and BA in Law.

Last week, Hong Kong’s Securities and Futures Commission (SFC) concluded its consultation on the regulation of virtual asset trading platforms and has gazetted its’ AML/CTF Guideline for SFC-licensed VASPs, which sets forth Travel Rule obligations in the country. 

In two blog posts, we covered vital Travel Rule compliance takeaways in the update. Part I covered the entry into force, information transmission obligations, pre-transaction requirements, and self-hosted wallet obligations. The final part II will cover obligations for Intermediaries, Travel Rule solution requirements, how to handle deposits, and more.

Key Travel Rule Takeaways

1. The SFC gives clear instructions on how to evaluate a Travel Rule solution provider.

See how Notabene performs:

Source: HK SFC's AML/CTF Guideline for SFC-licensed VASPs 2023, pg. 169, paras. 12.12.2

2. Intermediary institutions must retain and transmit all relevant originator and recipient information and perform due diligence on other VASPs

Travel Rule flows often involve Intermediary VASPs. It is important to understand your obligations if you qualify as an Intermediary or when you interact with one. The definition and requirements for Intermediary VASPs vary from country to country. The SFC’s Guidance laid out clear requirements for Intermediary VASPs:

  • Intermediary institutions involved in a virtual asset transfer must hold onto (retain) all the necessary information about the people involved in the transaction (the sender and receiver). 
  • The intermediary institution must also verify (undertake due diligence measures) the identity and legitimacy of the ordering institution and any other institutions involved in the transfer.
  • Just like the Originator, the intermediary institution must forward the required information to the next Intermediary VASP or the Beneficiary VASP receiving the funds, following the guidelines in specific paragraphs of the regulation. [2]

Watch our on-demand webinar “Everything Intermediary VASPs Need to Know About The Travel Rule” to learn more. 

3. Beneficiary and Intermediary VASPs must have procedures for identifying and managing incoming transfers with missing information.

For transactions involving virtual assets of at least KRW 8,000, the Beneficiary VASP should confirm the recipient's identity if it hasn’t been previously verified as part of its CDD process. They should also confirm whether the recipient’s name and account number obtained from the institution from which it receives the transfer instruction match the recipient information verified by it and take reasonable measures as set out in paragraph 12.11.24 where such information does not match. [3]

Beneficiaries and intermediaries must have procedures for identifying and managing incoming transfers that don't provide enough information about the sender or receiver. The procedures include:

  • Measures (such as real-time or post-event monitoring) to identify transfers that lack required information.
  • Risk-based policies to decide whether to carry out, delay, stop, or return a transfer that lacks required information or, in some instances, return the assets to the sender. They should also determine suitable follow-up actions. [4]

Regarding the suitable follow-up actions mentioned above, if the Originator VASP doesn't provide all the required information about the virtual asset transfer, the Intermediary or Beneficiary VASP should try to get the missing details as quickly as possible. If they can't get this information, the receiving institution should consider limiting or ending their business relationship with the Originator VASP for future transfers or take reasonable steps to reduce the risk of money laundering or terrorist financing. [5] 

In conclusion, the Hong Kong Securities and Futures Commission's recently gazetted Guidelines on Anti-Money Laundering and Counter-Financing of Terrorism provide clarity and guidance for the region's Virtual Asset Service Providers (VASPs). This development reemphasizes the importance of adhering to the Travel Rule and underlines specific responsibilities for all entities involved in virtual asset transactions, including intermediary institutions and Beneficiary VASPs. 

Notabene, a key player in the field, showcases how it meets and often exceeds these regulatory requirements with its comprehensive suite of solutions. While navigating the evolving landscape of digital asset regulation remains complex, such guidance offers a roadmap for compliance, promising safer and more secure virtual asset transactions. As the industry matures, the dialogue between regulators and the regulated will continue to foster a robust and compliant virtual asset ecosystem.


[1] Section 12.12.2 of the Guidance
[2] Section 12.11.18-19 of the Guidance
[3] Section 12.11.21 of the Guidance
[4] Section12.11.22 of the Guidance
[5] Section12.11.23 of the Guidance