Navigating Hong Kong’s Latest Anti-Money Laundering Regulations

On May 23, 2023, the Hong Kong Securities and Futures Commission (SFC) announced the “Summary of Consultation on Proposed Regulatory Provisions Applicable to Licensed Operators of Virtual Asset Trading Platforms.” It was noted that the consultation period ended on March 31, during which the SFC received 152 feedback submissions from industry and professional organizations, consulting firms, market participants, licensed corporations, individuals, and other stakeholders. The respondents generally supported the proposed regulatory provisions for licensed virtual asset trading platforms.

The SFC will implement the suggestions to allow licensed virtual asset trading platforms to provide services to retail investors. Given the public’s broad support for these proposals, the SFC will enforce the “Guidelines for Virtual Asset Trading Platforms” and the “Anti-Money Laundering Guidelines,” making some modifications and clarifications as outlined in the summary document. These guidelines will come into effect on June 1st.

In recent years, financial technology has been growing explosively, with constant industry innovation. This growth, however, has led to an increase in diversified and concealed money laundering activities. Criminals are utilizing the characteristics of virtual currencies, such as difficulty in traceability, to conceal the source of illegal funds. Anti-money laundering is becoming the biggest challenge for regulatory compliance agencies.

What is Anti-Money Laundering?

Anti-money laundering is a systematic project where governments use legislation and judicial powers, mobilizing relevant organizations and commercial institutions to identify possible money laundering activities, dispose of related funds, and punish the relevant institutions and individuals to prevent criminal activities. Based on international experience, both money laundering and anti-money laundering activities mainly occur in the financial field. Almost all countries place the anti-money laundering of financial institutions at the core position, and international cooperation in anti-money laundering mainly occurs in the financial field.

How do regulations supervise criminal activities?

Some trading platforms provide simple, quick transaction services, and the platform generally does not collect “Know Your Customer” (KYC) related data, so most are anonymous customers. On May 26, the Hong Kong Securities and Futures Commission issued the “Anti-Money Laundering and Anti-Terrorist Financing Guidelines,” which sets out the following key aspects of customer due diligence:

1. Situations in which financial institutions must perform customer due diligence:

- Before establishing a business relationship with the customer

- Before executing the following occasional transactions that involve an amount equal to or above HK$120,000, or an equivalent amount in any other currency, or an amount equal to or above HK$8,000 or an equivalent amount in any other currency and is a wire transfer

- When the financial institution suspects that the customer or the customer’s account is involved in money laundering/terrorist financing

- When the financial institution doubts the authenticity or adequacy of the information obtained in the past to identify or verify the identity of the customer

2. The general rules for financial institutions to perform customer due diligence:

- Collect enough transfer transaction counterparty information to fully understand its business nature

- Understand the nature of the transfer with the counterparty, the expected transaction volume, and value

- Understand the reputation of the transfer transaction counterparty from publicly available information, as well as the quality and effectiveness of the AML/CFT regulation and supervision of the counterparty in its jurisdiction

- Evaluate the AML/CFT control measures of the transfer transaction counterparty to ensure that its control measures are sufficient and effective, and obtain approval from the company’s senior management

SlowMist offers exchanges AML/CFT compliance solutions, including a malicious address database and the MistTrack on-chain tracking platform.

The malicious address database, utilizing open-source data, blockchain honey pots, AI, and information provided by our clients and partners, extracts reliable anti-money laundering data in real time. This database can be applied to different applications such as trading platforms, wallets, or other asset management platforms. It can both intercept money laundering behaviors in the process of asset transfer and help platforms verify the source of assets, maintain platform compliance, and avoid falling into a situation involving money laundering. This database contains information from over 100,000 different sources and provides services through an API.

The second solution is the MistTrack on-chain tracking platform. It revolves around “on-chain monitoring” and “anti-money laundering risks,” using multi-dimensional malicious address data and comprehensive address subject label data to detect on-chain problem assets (KYT) for clients, effectively and timely interrupting on-chain money laundering. Currently, MistTrack supports eight chains: Bitcoin, Ethereum, Binance Smart Chain, Avalanche, TRON, Polygon, IoTeX, and Arbitrum. So far, MistTrack has served over 90 clients and has successfully recovered over $1 billion in assets.

Suspicious monitoring and timely feedback: The MistTrack platform has accumulated more than 200 million address labels. Malicious actors will trigger the system feedback mechanism, providing relevant information to the trading platform in real time, enabling them to block money laundering operations. For instance, the system will monitor in real-time the malicious actor’s money laundering operations from the initial address to various other addresses. As soon as there’s a new money laundering action, the new laundering address will automatically be added to the monitoring system.

Multi-dimensional risk detection: MistTrack calculates the AML risk score for an address from three perspectives: the entity to which the address belongs, the address’s historical transaction activity, and the SlowMist malicious wallet address database. If the address’s entity is a high-risk entity (such as a coin mixing platform), or the address has financial dealings with known risk entities, the system will mark that address as a risk address. Meanwhile, using the malicious address dataset in the SlowMist malicious wallet address database, the system will risk-mark addresses involved in verified ransom, theft, phishing fraud, and other illegal activities. In other words, the platform can assess the risk of each wallet address and check whether the wallet address is involved with illegal funds.

Address profiling and visual representation: The system is capable of not only identifying the entity to which an address belongs, such as Coinbase or Binance, but also recognizing various on-chain and off-chain labels, including ENS, MEV Bots, DeFi whales, and even the wallet applications used, like imToken/MetaMask. Through address labels, we can better understand suspicious addresses. In addition, the system analyzes all historical transactions of an address and summarizes these behaviors in a human-readable way. This allows the platform to quickly understand the history of an address and build a behavioral profile of the target address. It also can detect unusual financial networks among massive transaction data.

At present, some of the clients for SlowMist’s AML/CFT compliance solution include comprehensive digital asset management and financial services group, HashKey Group.

In addition, the “Guidelines for Operators of Virtual Asset Trading Platforms” will take effect on June 1. The Hong Kong Securities and Futures Commission welcomes operators of virtual asset trading platforms who are prepared to comply with the Commission’s standards to apply for a license. Operators who do not intend to apply for a license should proceed to orderly terminate their business in Hong Kong.

It is believed that the gradual clarification of regulatory rules will help virtual asset service providers and financial institutions combat money laundering and fundraising by illegal actors, and assist in sanction screening and transaction monitoring. As a leading security company in the blockchain industry, we will also respond more actively to national regulatory policies and continue to vigorously promote the application of technology related to regulatory compliance.