🇭🇰 Hong Kong · HKMA, SFC & CEO

Hong Kong AML Compliance, End to End

Built for institutions regulated in Hong Kong — Authorised Institutions under HKMA, SFC-licensed corporations, Stored Value Facility issuers, and Trust or Company Service Providers — under AMLO Cap. 615 and the supervisor-specific guidelines that elaborate it.

Book a Demo All Regulations

About Hong Kong's AML Framework

A Multi-Supervisor Regime, One Underlying Statute

Hong Kong's anti-money-laundering framework is anchored in the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615) — usually shortened to AMLO. The Ordinance sets out the core CDD, recordkeeping, and reporting obligations, but is administered by different supervisors depending on the type of regulated entity.

The Hong Kong Monetary Authority (HKMA) supervises Authorised Institutions — banks, restricted-licence banks, deposit-taking companies, and Stored Value Facility issuers. The Securities and Futures Commission (SFC) supervises licensed corporations, including the new Virtual Asset Trading Platform regime that brings retail crypto exchanges into regulation. The Insurance Authority covers insurance entities, and the Companies Registry oversees Trust or Company Service Providers (TCSPs).

Each supervisor publishes its own AML/CFT Guideline — built on the same AMLO foundation but tailored to the sector's risk profile. Reports of suspicion are filed to the Joint Financial Intelligence Unit (JFIU), the Hong Kong Police–Customs joint unit that operates the country's STR-receiving function.

The Rules That Apply

AMLO Plus Supervisor-Specific Guidelines

Different parts of AMLO and different supervisor guidelines apply depending on your licence. One Constellation maps to whichever combination governs your firm.

AMLO Cap.615

Anti-Money Laundering Ordinance

The foundational statute — sets out CDD, recordkeeping, and reporting obligations. Schedules 2 prescribes the core CDD requirements; the Drug Trafficking (Recovery of Proceeds) Ordinance and OSCO sit alongside as the predicate-offence framework.

HKMA Guideline

HKMA AML/CFT Guideline

The HKMA's binding guidance for Authorised Institutions — covering risk assessment, CDD, EDD, ongoing monitoring, sanctions, and the appointment of a Compliance Officer and Money Laundering Reporting Officer.

SFC Guideline

SFC AML/CFT Guideline

The SFC's binding guidance for licensed corporations — the same operating principles as HKMA's, calibrated to securities and asset-management activities, plus specific provisions for Virtual Asset Trading Platforms.

SVF Guideline

SVF Licensing Guideline

Operating requirements for Stored Value Facility licensees — including AML obligations, customer protection, and prudential standards. Covers e-wallets, prepaid cards, and digital-money issuers.

VATP Regime

VATP & Virtual Asset Service Providers

The SFC licensing framework for Virtual Asset Trading Platforms serving retail customers — bringing crypto exchanges into the same AML regime as traditional licensed corporations, plus FATF Travel Rule obligations.

DTROP & UNATMO

Predicate & CFT Statutes

The Drug Trafficking (Recovery of Proceeds) Ordinance, Organized and Serious Crimes Ordinance, and United Nations (Anti-Terrorism Measures) Ordinance — defining predicate offences, the STR duty, and the sanctions framework.

The Obligations

What HKMA & SFC Require — and How We Address It

Across HKMA and SFC guidelines the same operating obligations recur. Here are the seven the Hong Kong supervisors examine most closely.

Risk-Based Approach & Risk Assessment

Conduct an institution-wide risk assessment and assign each customer a risk rating reflecting geography, product, channel, and behavioural risk.

One ConstellationHKMA/SFC-aligned risk-scoring engine, jurisdiction risk tables, and EWRA workpapers ready for board sign-off and supervisor review.

Customer Due Diligence (Schedule 2 AMLO)

Identify and verify every customer at onboarding using reliable, independent sources. For corporates, identify beneficial owners holding 25% or more.

One ConstellationHong Kong identity verification, HKID checks, Companies Registry integration for KYB, and UBO unwrapping to natural-person level.

Enhanced Due Diligence

Apply EDD to PEPs (foreign and domestic), customers from higher-risk jurisdictions, and any customer presenting elevated risk under the institution's methodology.

One ConstellationAutomatic EDD trigger workflows, source-of-funds capture, source-of-wealth questionnaires, and senior-management approval logging.

Ongoing Transaction Monitoring

Monitor customer transactions on an ongoing basis. Detect activity inconsistent with the customer's expected behaviour or risk profile and investigate it.

One ConstellationReal-time monitoring with HKMA/SFC-tuned typology rules, customer-specific behavioural baselines, and full case management for analyst review.

Sanctions Screening (UNATMO & UN)

Screen every customer and counterparty against UN Security Council lists implemented through UNATMO, plus other applicable global sanctions regimes.

One ConstellationReal-time screening against UN, UNATMO-implementing lists, OFAC, EU, OFSI and PEP databases — refreshed multiple times daily.

STR Filing to JFIU

File a Suspicious Transaction Report to the Joint Financial Intelligence Unit (JFIU) as soon as suspicion is formed under DTROP, OSCO, or UNATMO.

One ConstellationSTR generation directly from the case record in JFIU-compatible format, with full audit evidence retained per AMLO requirements.

CO & MLRO Function + Recordkeeping

Appoint a Compliance Officer and an MLRO. Retain all CDD records, transaction records, and STR documentation for at least five years from the end of the customer relationship.

One ConstellationCO and MLRO dashboards, exception reporting, KPI tracking, 5+ year encrypted retention, and pre-built audit-export packages for supervisor visits.

The Cost of Getting It Wrong

HKMA and SFC Enforcement Is Active

Hong Kong supervisors have demonstrated willingness to fine, censure, and revoke licences for AML control failures — alongside criminal liability under AMLO and the predicate-offence statutes.

HK$1M

Maximum AMLO regulatory penalty

7 yrs

Maximum imprisonment under AMLO

14 yrs

Under DTROP & OSCO predicate offences

Public

Disciplinary action & censure

Built for Hong Kong

What HKMA & SFC-Aligned Compliance Looks Like

100%

AMLO Cap. 615 Coverage

5 yrs

Default Record Retention

JFIU

Native STR Export Format

VATP

Virtual Asset Workflows

HKMA & SFC FAQ

Common Questions

Which Hong Kong supervisor regulates my firm?+

It depends on your licence. Authorised Institutions (banks, restricted-licence banks, deposit-takers) and Stored Value Facility licensees fall under HKMA. SFC-licensed corporations — including securities dealers, asset managers, and Virtual Asset Trading Platforms — fall under the SFC. Insurance entities under the Insurance Authority. TCSPs under the Companies Registry. The platform is configured per supervisor so the right guideline applies automatically.

How does One Constellation help with STR filing to JFIU?+

Cases identified by transaction monitoring or analyst review are packaged directly into the JFIU STR template, with the investigative narrative, supporting transaction records, and KYC context bundled in. The export aligns with JFIU's submission requirements, and full audit evidence is retained for the AMLO five-year period.

Does the platform support Hong Kong VATP licensees?+

Yes. Virtual Asset Trading Platforms licensed by the SFC face the full AMLO regime plus specific provisions for retail customer protection and FATF Travel Rule compliance. The platform's crypto workflows — wallet risk scoring, on-chain monitoring, counterparty VASP due diligence, and Travel Rule message exchange — are built for VATP requirements.

How does the platform integrate with the Companies Registry?+

For KYB on Hong Kong–incorporated entities, integration with the Companies Registry pulls company particulars, directors, and Significant Controllers Register data. UBO unwrapping resolves the natural-person owners through layered structures, with screening applied to every individual identified.

How are UNATMO sanctions handled?+

UN Security Council sanctions implemented in Hong Kong through UNATMO are screened in real time against every customer and counterparty on every transaction, alongside other relevant regimes (OFAC, EU, OFSI). Updates flow into the platform multiple times daily. Positive matches trigger transaction blocks and immediate case opening.

Does One Constellation provide Hong Kong regulatory advice?+

No. We provide the technology platform that helps you implement and demonstrate compliance with AMLO and the relevant supervisor's guideline. Interpreting these obligations as they apply to your specific licence and business model is the responsibility of your compliance and legal functions, typically supported by external counsel.

Hong Kong Compliance, Done Properly

See the AMLO workflows, HKMA and SFC Guideline coverage, JFIU STR export, and VATP-ready crypto controls live — with the actual evidence trail your supervisor expects.