AMLO Compliance For Hong Kong Accountants | Customer Due Diligence And Record Keeping

It must not be treated as a banking-only issue, because AMLO compliance Hong Kong accountants also applies when firms help form companies, manage assets, give tax advice, or support transactions. Accounting firms can be exposed to money laundering and terrorist financing risks when they help clients form companies, manage assets, handle company structures, or give tax advice.

The HKICPA guidelines explain that AMLO was extended in 2018 to cover DNFBPs, including accounting professionals. It introduced duties such as customer due diligence, ongoing monitoring, and record keeping. The revised guidelines became effective on 1 June 2023.

Why AML Matters For Accounting Firms

Accountants often see details that banks, vendors, and customers may not see. They may review source documents, company ledgers, offshore payments, tax positions, shareholder balances, consultant fees, or unusual related-party movements.

HKICPA guidance also notes that practices are expected to have adequate client due diligence procedures. They should also maintain proper documentation arrangements to reduce the risk of involvement in money laundering or terrorist financing.

DNFBP AML Hong Kong

DNFBP AML Hong Kong rules apply to several non-financial professions, including accounting professionals. The AFRC policy statement explains that AMLO imposes customer due diligence and record-keeping requirements on financial institutions and DNFBPs.

It also states that DNFBPs include accounting professionals such as CPAs, CPA practising members, corporate practices, and CPA firms. For accounting firms, this means AML duties are not optional when the firm performs covered work. The firm needs a proper client risk process, not only a copy of the client’s ID card saved in a folder.

AMLO Schedule 2 Accountants

AMLO Schedule 2 accountants duties become important when a practice prepares for or carries out specified services for a client. HKICPA guidance lists services such as buying or selling real estate. It includes:

• Managing client money or assets.
• Managing bank accounts or securities accounts.
• Organising contributions for corporations.
• Buying or selling business entities.
• Forming corporations.
• Acting as director or arranging another person to act as director.
• Acting as company secretary or arranging another person to act as company secretary.
• Providing a registered office or correspondence address.
• Acting as trustee.
• Acting as a nominee shareholder.

Customer Due Diligence Accountant Hong Kong

Customer due diligence accountant Hong Kong work starts before the relationship begins. HKICPA guidance says practices should generally complete the CDD process before establishing a client relationship or carrying out occasional transactions. If the practice cannot complete CDD in normal circumstances, it must not establish the relationship or carry out the transaction.

A practical CDD file should include:

• Client identity details and verification evidence.
• Beneficial owner information and ownership chart.
• Authority proof for any person acting for the client.
• Purpose and intended nature of the relationship.
• Client risk rating and reasons for that rating.
• Source of funds or source of wealth checks where needed.
• Screening results for sanctions, PEPs, and adverse news.
• Engagement approval notes for high-risk clients.

For example, if a client wants help forming a company with nominee arrangements and offshore shareholders, the firm should not onboard the client with only a passport copy. It should understand who controls the company, why the structure is needed, and how the business will operate.

A Quick Overview AML Controls

HKICPA AML Guidance

HKICPA AML guidance expects accounting practices to have policies, procedures, and controls when they carry out specified services. The guidance says these controls must cover risk assessment, CDD, ongoing monitoring, suspicious transaction reporting, targeted financial sanctions, record keeping, compliance management, staff training, and group policy where appropriate.

This does not mean every small firm needs a complicated system. A two-partner practice can still use a clear risk form, onboarding checklist, screening tool, approval note, and record retention folder. The key is consistency. If the firm cannot show how it assessed the client, it may struggle during inspection.

Record Keeping Under AMLO

Record keeping is a core part of AML compliance. HKICPA guidance says records for clients and transactions must be retained for at least five years after the transaction is completed or the business relationship ends. It also says records should include identity evidence, verification support, relationship documents, transaction details, monitoring records, STR records, and staff training records.

Electronic copies can be used, but they must be stored properly. Files should be searchable, protected, and linked to the client record. A scattered mix of email attachments, WhatsApp files, and personal cloud folders is not a safe AML record system.

Suspicious Transaction Reporting

Suspicious transaction reporting should not wait for proof. AFRC and HKICPA’s May 2026 STR FAQs clarify that practices often believed solid proof was required before filing an STR, but proof is not necessary. An STR must be submitted if a practice forms a suspicion.

Red flags may include complex ownership with no business reason, repeated changes in company structure, payments by unrelated parties, and unusual consultant fees. 

Common AML Mistakes Accountants Should Avoid

Accounting practices should avoid these mistakes:

• Treating AML as a one-time onboarding form.
• Collecting ID documents but not checking beneficial ownership.
• Ignoring high-risk countries, PEP links, or adverse news.
• Applying the same CDD depth to every client.
• Taking on company formation work without checking the real controller.
• Keeping no written reason for risk ratings.
• Waiting for proof before internal escalation or STR review.
• Storing AML files in personal drives or scattered email chains.

These mistakes are common because they look small during busy client work. But they become serious when the firm faces an inspection, client dispute, bank review, or law enforcement question.

What Accounting Firms Should Do Now

Accounting firms should start with a file review. Pick a sample of high-risk clients, company formation clients, nominee-related clients, and cross-border clients. Check if the CDD file explains who the client is, who owns or controls the client, what service was provided, and why the risk rating was accepted.

The firm should also review its MLRO process, sanctions screening, staff training, and record retention rules. A good AML process should help staff make decisions early, not panic after a problem appears.

Conclusion

AMLO compliance Hong Kong accountants should be part of daily client acceptance and engagement management. CDD, risk assessment, STR review, and record keeping protect the firm as much as the wider financial system.

At Arnifi, we help businesses build a practical compliance setup, so client files stay organised, risks are easier to review, and governance remains stronger during audits, inspections, and growth planning.

FAQs

1. Do Hong Kong Accountants Need To Follow AMLO?

Yes. AMLO covers accounting professionals as DNFBPs when they carry out specified services. These duties include customer due diligence, ongoing monitoring, and record keeping.

2. When Should Accountants Conduct CDD?

CDD should generally be completed before establishing a client relationship or carrying out covered occasional transactions. If CDD cannot be completed in normal circumstances, the firm should not proceed.

3. How Long Must AML Records Be Kept?

Client and transaction records must generally be kept for at least five years after the business relationship ends or the transaction is completed.

4. Is Proof Needed Before Filing An STR?

No. The 2026 AFRC and HKICPA STR FAQs explain that solid proof is not required. An STR must be submitted when a practice forms a suspicion.