RBWM CDD Customer LoBP Refresh October 2016 Final 2 31102016

Global Customer Due Diligence (CDD)
Global RBWM Customer Line of Business
Procedures (LoBPs)
October 2016
INTERNAL
Page | 1

Revision History
Date Version Status Prepared by Comments
8 th June 2015 1.0 Draft James Thompson First re-fresh produced following
review of snagging list items
15 th June 1.1 Draft James Thompson Reviewed with GAMLO, RBWM FCC
and RBWM Business. Amendments
tracked in document and issued for
review
19 th June 1.2 Draft James Thompson Updated following review meeting
30 th July 1.3 Draft Alan Clare Updated based on feedback from
Lynda Cassell and her approval of
changes
7th Oct 1.4 Publication James Thompson Separated Governance LoBP from
this document; updated reference
numbers and minor formatting
corrections completed
24 March 2016 1.5 Draft Jane Fletcher Updates to LoBP post RBWM
FCC/AML and GAMLO review
18 April 2016 1.6 Final Draft Jane Fletcher Updates from GAMLO
13 July 2016 1.7 Final James Thompson July 2016 - Final
28 Sep 2016 1.8 Draft Jane Fletcher LoBP refresh with Group Policy
driven changes
31 Oct 2016 1.9 Final James Thompson October 2016 - Final
Sign Off
Role Name Sign-off Date
Global Head of FCC & MLRO Robert Werner 25/10/16
SVP Global Head of AML Policy Lynda Cassell 10/8 &
5/10 (QC&QA)
Global Head of AML, FC Compliance Barbara Patow 12/8 &
5/10 (QC&QA)
RBWM Policy Approval Committee Committee Members 12/8 & 2/9 (QC&QA)
INTERNAL
Page | 2

INTERNAL
Page | 3

1. Introduction to Individuals and their Identification
and Verification (ID&V)
Key Objective
How will the Objectives
be achieved?
To understand who HSBC’s Individual Customers are and who HSBC is doing business
with in order to safeguard against Financial Crime Risks.
This section outlines the Identification and Verification (ID&V) procedures for Individuals on
a risk based approach:
Identification – identifying who the Individual Customer and their Connected
Parties are by obtaining information on their identity; and
Verification – verifying some or all of the information obtained using reliable and
independent documentary and/or electronic sources.
This section details the specific ID&V requirements for all Individual Customers of HSBC
and their Connected Parties.
Scope of Section
1.1 Introduction
1.2 Individual Customer Types – Key Definitions
1.3 Definitions of Connected Parties
1.4 Risks associated with Individuals
1.5 Risks associated with Connected Parties
1.6 ‘Customer type’ risk classification
1.7 Reduced Due Diligence
1.8 ID&V - Requirements for an Individual Customer
1.8 ID&V - Requirements for Connected Parties
1.9 Vulnerable Persons and Other Special Cases
1.10 Other Considerations
Related Sections
Guidance sources
Chapter 2 – Know Your Customer (KYC) – baseline content applicable to all Individuals
Chapter 3 – Enhanced Due Diligence (EDD) – baseline content applicable to all Individuals
Joint Money Laundering Steering Group (JMLSG) Part I: 5.3.7 – 5.3.114, Part II, Part III
2005/60/EC – Third EU Directive on Anti-Money Laundering (AML)
Guidance on Customers Identification Regulations: CIP Final Rule
Global Anti-Money Laundering Policy: CDD Standards
INTERNAL
Page | 4

1.1 Introduction
1.1.1 This chapter outlines the definitions, risks and requirements for Individual Customers (“Customer”)
and their Connected Parties.
1.1.2 This chapter also details the specific ID&V requirements for Individual Customers and their
Connected Parties. It is essential that HSBC identifies all Individual Customers from verifiable
information to ensure that they are indeed the person they are claiming to be.
1.1.3 ID&V is a two-step process:
a) Identification – identifying who the Customer and their Connected Parties are by
gathering information about their identity; and
b) Verification – verifying some or all of the identity information gathered using reliable and
independent documentary and/or electronic sources.
1.2 Individual Customer Types – Key Definitions
1.2.1 An Individual Customer is a natural person who is the holder of the account.
1.2.2 For the purpose of Customer Due Diligence (CDD), RBWM has established two Customer Types
within the Individual Customer Type Family:
Figure 1.1: Individual Customer Types
Retail Individual
A natural person managed in Retail Banking and Wealth Management (RBWM) and not a
HNWI (refer to HNWI definition below).
High Net Worth
Individual (“HNWI”)
A natural person who is managed outside of Global Private Bank GPB and is either:
Premier Top Tier Customer, or has equivalent Total Relationship Balance (TRB) in that
market; or
Where Premier Top Tier is not available, Total Relationship Balance (TRB) with HSBC
equal to or greater than USD 1 million.
TRB is defined as the aggregate of:
Deposits (both local and foreign currency): Current Accounts, Savings and Deposit
Accounts (including Term Deposits such as Time Deposits, Certificates of Deposit)
Investments: Mutual Funds (including UT), Structured Products, Securities Trading
(Stocks / Shares and Bonds purchased and held in HSBC Trading facilities), Other
Investments
Insurance: Life, Pension & Investment Insurance (LPI) products (using policyholder
liability as a proxy for aggregate customer balances as necessary) including
Discretionary Participation Features (DPF) / profit fund, unit linked, annuity, universal
life, Mandatory Provident Fund (MPF). Excludes pure protection products such as Whole
of Life and Term Life.
Note: TRB is calculated excluding Credit Enhancement Services Insurance and General
Insurance products, pure Protection Insurance products as well as Mortgage or other Loan /
Asset balances.
1.2.3 The following table provides further information about each of the different Individual Customer
Types and the HSBC Products and Services characteristics:
INTERNAL
Page | 5

Figure 1.2: Individual Customer Types – Features, Products and Services
Type Features Products and Services
Retail
Mass consumer
market
Multiple entry
channels: online,
walk-in, referrals from
within HSBC,
telephone via Contact
Centre
Retail Bank Account
Additional services: provision of credit cards, insurance, loans,
savings products
Share dealing
Basic Wealth Management products; such as savings and
investments, pensions, life products
Foreign currency accounts
Retail Customers with TRB threshold to be defined, will be subject
to additional CDD requirements (e.g. Source of Funds, Source of
Wealth questions, defined in the relevant sections of the KYC
Chapter).
Private Holding Trusts, Private Investment Corporations, Private
Investment Funds
Wealth Management Services in more than one jurisdiction.
HNWI
Customers typically
have dedicated
Relationship
Managers but this is
not mandatory
Multiple entry
channels: online,
walk-in, referrals from
HSBC, telephone via
Contact Centre
Likely to have
relationships across
HSBC territories and
entities
In addition to the above services for the retail segment, key
services include:
Customers who subscribe to Discretionary Portfolio Management 1 ,
discretionary advisory services or equivalent product and service
offerings
Access to equities, fixed income, FX, structured products and
mature funds
Ad hoc financial advice on investment needs (typically for pension
provision, long-term savings and investments) and establishing
Trusts via referrals
Share dealing (execution only transactions carried out on receipt of
instructions from the Individual)
International banking services
Channels
1.2.4 Individuals can be on-boarded to HSBC through various channels. These procedures use the
following terms:
Figure 1.3: On-boarding Channels
Face-to-face
Non Face-to-face
Intermediary
At on-boarding, the Individual Customer has face-to-face contact with HSBC. As an
example, this would encompass all individuals that come to a branch in person in
order to open accounts.
Where an account is opened in RBWM through the International Banking Centre (IBC)
for an existing customer of the referring booking office, the account may also be
classified as face-to-face at account opening.
At on-boarding, the Individual Customer deals with HSBC through telephone, internet,
mobile banking, and postal applications only and there is no face-to-face contact
during this process.
Where the customer is introduced by an HSBC approved intermediary and has been
seen by the intermediary face-to-face, it is acceptable to follow the guidance for faceto-face
business
Where the customer has not been seen face-to-face by the intermediary or where the
intermediary has not been approved by HSBC then non face-to-face guidance must
be applied
1
This is HSBCs internal terminology
INTERNAL
Page | 6

Residency
1.2.5 CDD also considers the residency status of the Customer. Three key terms apply in these
procedures:
Figure 1.4 Residency Definitions for Individual Customers
Resident Individual
Customers
Non-Resident
Individual
Customers
Tax Residency
A Customer whose permanent residential address is in the same country as the HSBC
booking office. In predominately expat markets, it is a customer whose current mailing and
residential addresses on file are in the same country as the HSBC booking centre
A Customer whose permanent residential address is not in the same country as the HSBC
booking office.
The tax residence status of a Customer generally determines which country has the
primary right to tax that person's income. It does not necessarily mean that tax has to be
paid in that country and the Customer may also have tax liabilities in countries in which
they are not tax resident (for example, if they own a rental property in that country).
The definition of tax residence may vary between countries and will depend in each case
on a number of factors, for example, where a Customer lives or, if the Customer is an
Entity, where that Entity is incorporated. Other circumstances that may be taken into
account include the number of days spent in a country or where the Customer's centre of
economic interest is.
It is possible to have more than one residence for tax purposes ("dual residence").
If a Customer is tax resident in more than one jurisdiction each location should be
recorded.
Although extremely rare, it is also possible for a Customer to be not tax resident in
any jurisdiction. Any claims by Customers that they are not tax resident in any
country should be treated with caution and further validation sought.
Important Note: Country of Tax Residence will be provided by the Customer.
Documentary evidence such as a tax certificate issued by tax authorities, is not
mandatory, unless it is a local regulatory requirement or pursuant to HSBC's own
risk.
If the Customer confirms to HSBC that he/she has tax filing obligations based on
citizenship or nationality or other criteria rather than residency, this information (i.e.
Country of tax obligations) should also be captured in the customer's profile. If the
Customer confirms to HSBC that he/she has tax filing obligations based on
citizenship or nationality or other criteria rather than residency, this information (i.e.
Country of tax obligations) should also be captured in the customer's profile.
1.3 Definitions of Connected Parties
1.3.1 In the context of an Individual, Connected Parties may be Natural Persons or Entities which may
exercise control over individual customers, examples of which are cited in the table below.
INTERNAL
Page | 7

Figure 1.5: Connected Parties associated with an Individual Customer
Level of
Influence over
the account
Control
Direct
Contribute
INTERNAL
Roles Example Details and Relationship
Full access and control
over the account
Partial access and control
over the account.
Access and control will be
established in line with
their level of authorisation
and responsibility towards
the account
Contribution to Source of
Wealth or Source of
Funds, i.e. transfers of
funds to account or
account holder outside
the normal course of
business
Guardian/Parent
Additional card holder/
credit card holder
Third parties given
access to Safe Deposit
Box
Executor/Administrator
Investment Advisor and
Asset Manager
Third Party Authority
Contributor to source of
wealth (other)
A natural person or entity invested with the
power, and charged with the obligation, of
taking care and managing the property and
rights, of a person who, because of age,
understanding, or self-control, is
considered incapable/unable of
administering his or her own affairs (see
1.3.3 and Table 1.6 PoA and PoAd below)
A natural person or entity authorised to
have an additional credit card on the
Customer’s credit card account.
A natural person who has access to safe
deposit services provided by HSBC. Safe
deposit services allow the Customer to
store their possessions within HSBC’s
vault or premises.
A natural person or entity responsible for
executing, or following through on an
assigned task or duty usually relating to
the execution of a last will and testament.
A natural person or entity responsible for
investment decisions, managing,
executing, or following through on an
assigned task or duty usually relating to
discretionary asset management.
Where a Customer has provided another
individual with signing authority over the
account.
A Contributor is defined as an individual
(e.g. a spouse or parent) that provides
more than USD 10k per month where this
accounts for over 50%of an RBWM
customer's source of funds. The funds
could either be deposited into the
customer's account as a single payment or
could be split into multiple payments paid
into one or more accounts.
In the event that two or more persons
jointly provide a customer with more than
USD 10k per month but, individually, they
each provide less than this threshold
value, these individuals would not meet the
definition of a contributor.
In the case of accounts held by Students
and Insurance policies, where
contributions are made equal to or greater
than USD 75k per year then, subject to
local data privacy laws, the contributor
must be identified (full name, DoB,
residential address) as a Connected Party
to the Policy and screened on a regular
basis. If local data privacy laws prevent
retaining information on the Contributor,
(refer to Global Data Privacy and
Information Governance Guidelines) a
Page | 8

Level of
Influence over
the account
Beneficiary
(for Insurance
Contracts)
Guarantor
Roles Example Details and Relationship
No influence over
policy but value
recipient. Recipient of
funds following an
event.
No influence over the
account but funds
provider in the event
the customer is
unable to make
repayment
Beneficiaries under a
pension or retirement
scheme
Specific parties due to
benefit from any
Insurance payment
Guarantors for personal
lending
deviation to the RBWM Global LoBP must
be sought.
Furthermore, an employer paying a
customer their monthly salary is not
considered a contributor as this would
constitute ‘normal course of business’
Parties who benefit from a collective
pension or retirement scheme.
Parties who have been named on the
Insurance policy to receive payment in the
event of an insurable event occurring.
A Guarantor is a party that agrees to be
responsible for a Borrower’s debt or the
Borrower’s performance of its financial
obligations under a contract if the Borrower
fails to meet its obligations.
1.3.2 Connected Parties that are classified in the “Control” or “Direct” categories will either have a legal
right over the Customer (e.g. a parent of a minor child) or will be appointed in this capacity by the
Customer. Outside of HSBC’s bank documentation (e.g. third party mandate), there may or may
not be a formal legal arrangement in place between the Customer and their Connected Party.
1.3.3 Arrangements such as a Power of Attorney 2 (“PoA”) and Power of Administration (“PoAd”) are
examples of legally binding arrangements in which the Customer nominates another Individual (or
entity) who is not the account holder to be responsible for some elements of operating the account.
Figure 1.6 outlines the definitions of each.
Figure 1.6: PoA and PoAd
Power of Attorney (“PoA”) A PoA can hold a number of different roles on an account. The role will be
specified in the legal arrangement in place.
A PoA may be held by a natural person or entity, such as a Law Firm, Trust, or
another Corporate Entity.
Typical restrictions in these arrangements include limitations around account
closure, appointment of alternative or additional PoA representatives, changes
to mailing addresses.
Power of Administration
(“PoAd”)
A PoAd is an administrative mandate held over an account. The scope of the
role will include the authority to manage assets held on a discretionary basis
and can include the authority to take out credit facilities.
The PoAd may be held by a natural person, an entity such as an External
Asset Manager or another HSBC entity.
Typical restrictions in these arrangements include limitations around delegation
of duties, requirements to disclose conflicts of interests, and withdrawal and
deposit of funds or assets into the account.
1.3.4 A joint account holder will not be treated as a Connected Party but as an Individual Customer. For
CDD purposes they will have their own profile and are subject to the same requirements.
2
Local legal requirements relating to privilege/confidentiality should be observed.
INTERNAL
Page | 9

1.3.5 For the purposes of CDD the PoA / PoAd authority over the individual's account must be verified.
For example, by obtaining a certified copy of the PoA document. For clarity, within Insurance a
“joint account holder” will be taken to mean a joint policy holder and as such would be treated as
an Individual Customer. Therefore, each policy holder will be treated as a customer.
1.4 Risks associated with Individuals
1.4.1 There are a number of financial crime risks inherent in dealing with Individuals and, where
applicable, their Connected Parties. Retail Individuals are often regarded as being lower risk as
they utilise standard banking products and less sophisticated services and are most commonly
domestic in nature. HNWIs and GPB Customers can represent a higher risk due to the types of
products and cross-border services they might require and the complexity of their financial affairs.
Key Risks for the Individual Customer
1.4.2 The following table outlines key risks associated with the Individual as the Customer:
Figure 1.7: Key Risks Table for the Customer
Country
Source of Wealth
Products and
services
Impersonation
risk
Customers engaging in cross-border transactions may pose a higher risk to HSBC as it
is more difficult to understand and trace the nature and origin of such transactions. The
risk is increased where a Country is defined as High Risk as per the Financial Crime
Country Risk Model (FCCRM)
Particular attention should be paid to identifying transactions or business relationships
with Sensitive Sanctioned Countries (see Global Sanctions Policy), individuals from
such countries or individuals that are specifically listed on sanction lists.
Customers banking in one or more jurisdictions and residing in another may pose
additional risk to HSBC, due to potential lack of tax transparency, the complexity of their
financial affairs and data sharing/banking secrecy limitations, particularly if HSBC does
not have a presence in one of those jurisdictions
Wealth accumulated by an individual could have been obtained by illicit means.
Consequently, the source of wealth is inherently a key risk factor in the assessment of a
Customer.
Customers may have accounts with multiple financial institutions across multiple
jurisdictions. This may make it more difficult to form a complete picture of the Customer,
their Source of Wealth and Total Net Worth. Such complexity may also be more difficult
for an institution to assess accurately the true purpose and business rationale for
individual transactions.
Certain products available to Customers may carry higher risk indicators. Examples
include, but are not limited to:
Extending credit to Customers who use their assets as collateral poses a money
laundering risk unless the lender is satisfied that the origin and source of the underlying
asset is legitimate. This risk may be higher where the loan is made in one jurisdiction
and collateral is held in another.
There may be a risk that the stated purpose of account does not correlate to the actual
activity. An example of the risk is where an Individual who is self-employed conducts
business activity through their personal accounts.
HNWIs and private banking Individual Customers can have the financial means and
knowledge to access flexible and complex financial products and services. The
complexity of services and products can favour anonymity and facilitate the different
stages of money laundering.
There is an inherent risk with Individuals that they are not the person they are claiming
to be (impersonation fraud). The risk of impersonation is heightened when the
Customer is opening an account through a non-face-to-face channel.
INTERNAL
Page | 10

1.5 Risks associated with Connected Parties of Individuals
1.5.1 The relationship of the Customer with HSBC becomes more complex where there are Connected
Parties involved.
1.5.2 If the Connected Party is an Individual, some or all of the same risks as laid out in Figure 1.8 below
apply, depending on the nature of the Connected Party. Similarly, if the Connected Party is a
corporate entity, refer to Chapter 6 for the risks associated with that customer type.
1.5.3 The following table outlines key additional risk considerations inherent for Customers with
Connected Parties:
Figure 1.8: Key risk table Connected Parties
Financial crime risk
Abuse of Power of Attorney
(“PoA”) / Power of
Administration (“PoAd”)
Connected parties have influence, if not full control, over the account of the
Customer and they can direct the flow of funds or transfer funds to or out of
the account independently. Therefore, the possibility of the account being
used by a Connected Party for money laundering purposes exists.
The Connected Party may also be an Individual or an entity that is
sanctioned or may otherwise be precluded from conducting transactions or
payments in their own right and may be using the Customer’s account for
their own purposes.
Where the Connected Party is an entity it is important to “look through” the
entity and identify its Owners and Key Controllers, as they have the potential
to exploit the entity’s relationship with the Customer to commit Financial
Crimes. These risks may not be apparent if only the entity itself is
considered.
The use of a PoA, fiduciary relationship or other Connected Party to the
account, other than the Customer itself, may also represent a risk of tax
evasion to conceal ultimate beneficial ownership of the assets or income
derived from the HSBC account and subject to taxation.
The authority or powers that the Connected Party may have over the HSBC
account; e.g. mandate only to collect information from the account, mandate
to withdraw or transfer or use funds of the account, mandate to sign on the
account, may be used for the purposes of the Connected Party. These may
not be in line with the Customers’ best interest or may be entirely selfserving.
1.5.4 As the relationship with a Customer evolves over time, there may be changes associated with the
Customer, their connected parties and/or the products and services they hold with HSBC; all of
which may impact the risks associated with the Customer relationship. These should be considered
as Trigger events and must lead to a review of the CDD profile and in some cases re-approval of
the CDD profile, and the relationship with the Customer, would be required. (Reference Process
Chapter 4 Periodic and Event Driven Reviews).
1.6 ‘Customer type’ risk classification
1.6.1 Individuals are risk rated according to the key risk factors identified in the FCC-RAM
1.6.2 Where the Customer, or one of their Connected Parties, is a PEP, or meets other SCC classification
criteria, the Customer must be risk rated SCC. (Reference Process Chapter 10 Restricted and
Prohibited Customers, Special Categories of Customers (SCCs) and Prohibited Products)
INTERNAL
Page | 11

1.6.3 Where a Customer is considered to be a HNWI, High Risk or SCC, Enhanced Due Diligence (EDD)
will be performed. The procedures for HNWI, High Risk Customers/SCC are included within the
KYC chapter for Individuals.
1.6.4 Where there are concerns regarding the nature and purpose of the Individual’s account, the
Customer should be escalated to Business Risk/FCC to determine what action should be taken,
including the requirement to conduct Enhanced Due Diligence (EDD) and the determination of the
appropriate Financial Crime Risk Rating (FCRR).
1.7 Reduced Due Diligence for Lower Risk Product Types
1.7.1 Within RBWM, products exist that have limitations on the value that can be passed through them
and / or that are limited in their functionality, such that they present a lower risk of being used to
facilitate money laundering Certain products offered by RBWM are deemed "lower risk" as the
account functionality and transaction limitations (e.g. value/volume of transactions) means that the
risk of abuse by money launderers may be considered low.
1.7.2 Types of lower risk products include:
Payroll Accounts
Retirement or Benefits Accounts e.g. Social Security
Credit Cards
Certain Government mandated accounts
Certain basic bank account products designed to enable financial inclusion
1.7.3 While credit cards are also considered to be low risk from a money laundering perspective due to
the existence of credit limits, monthly repayments and other scheme obligations, they provide
greater functionality and additional payment options (e.g. cross border transactions, third party
repayments etc.) when compared with another "lower risk" product.
1.7.4 For any product to qualify as lower risk, where Reduced Due Diligence (RDD) is to be applied,
approval needs to be sought as per the Product Approval form. (See Appendix 3)
1.7.5 CDD requirements for Minimal Risk Insurance products are subject to the requirements set out in
CDD Customer Chapter 10.
1.7.6 Reduced Due Diligence can be applied where the customer holds one or more lower risk products,
unless a lower risk product is combined with a credit card e.g. payroll account and credit card.
Customers meeting the RDD criteria to hold such lower risk products alone, will by default, be risk
rated as low.
1.7.7 The combination of a lower risk product and a credit card could create a relationship which offers
the customer the same functionality as a standard risk product (e.g. a current account). A full
customer relationship is therefore considered to exist which requires CDD to be conducted. In
summary:
a) Customers applying for more than one lower risk product continue to be subject to RDD
unless;
b) A customer with one lower risk product applies for a credit card, then CDD is required,
or
c) If the customer has up to four credit cards within any one brand / entity / (in the same
name and same jurisdiction) then RDD applies. CDD should apply where this criteria is
no longer met.
d) High Risk/SCC/PEP customers are not eligible for RDD.
INTERNAL
Page | 12

e) RDD should not be applied where there are Sanctions screening hits.
1.7.8 Where these low risk products exist, countries may apply a reduced level of CDD to support the
principles of financial inclusion and to recognise the appropriate reduced risk associated with these
products.
1.7.9 With the exception of credit cards, Countries must identify all lower risk products to which Reduced
Due Diligence standards should apply (as outlined in this LoBP) and approval must be sought from
both 1st and 2nd Line of Defence. 1st Line of Defence Approval must be sought through the RBWM
CDD Exco (following approval at Country and Regional level). 2nd Line approval is required from
the RBWM Head of AML (at a Country, Regional and Global level).
1.7.10 Appendix 3 provides a copy of the RDD Product Approval Form which should be completed and
submitted to the above approval authorities for each product.
1.7.11 Appendix 4 details the RDD Product Approval Log which should be used to detail each product for
which lower risk product approval has been granted, following the above approval process.
Countries should complete and maintain this log as an auditable record of their lower risk products.
1.7.12 In the event that a country is unable to apply the full Reduced Due Diligence requirements as
outlined in this LoBP then a dispensation against the Global AML Policy would be required.
1.8 ID&V - Requirements for an Individual Customer
Reduced Due Diligence
1.8.1 For lower risk products, where reduced due diligence may be applied (see 1.7 above) the ID&V
requirements below should be followed:
Figure 1.9: Minimum ID&V requirements for Reduced Due Diligence
Requirements
Identification
Electronic or Documentary
verification
Full name 3 Yes Yes
Date of birth Yes Yes 4
Residential address 5 Yes Yes
Nationality/Citizenship (including all
nationalities/ citizenships held)
Country of Tax residence 6
Yes
Yes
Verification not required
3
Where the Customer has another recorded name this must also be captured e.g. where the Customer has changed their name.
4
Unless the Customer is being electronically verified or the primary document used for documentary verification does not contain
Date of Birth, subject to Business Risk/FCC approval.
5
"Residential address" is defined in the Glossary. If a Customer has multiple residential addresses, all must be captured. Only
primary residential address needs to be verified through electronic or documentary verification
6
It should be noted that local or global regulatory requirements may require verification of Tax Residence. Where this is the case,
such regulation must be followed
INTERNAL
Page | 13

7
Tax Identification Number Yes 8
Customer Due Diligence
1.8.2 This section covers the minimum requirements for Identification and Verification of the Customer
at on-boarding (as set out in Figure 1.10 below).
1.8.3 Non-resident Customers are to be identified and verified in accordance with the same standard
requirements as resident Customers.
Figure 1.10: Minimum ID&V requirements for all Individual Customers
Requirements
Identification
Electronic or Documentary
verification
Full name 9 Yes Yes
Date of birth Yes Yes 10
Residential address 11 Yes Yes
Country of Tax residence 12
Yes
Date moved to residential address
At a minimum, the
city/town/region/province and country
of the individual's previous addresses
for the past three years
Correspondence address (if different
from Residential address above)
Yes
Yes
Yes
Verification not required
Nationality/Citizenship 13 (including all
nationalities/ citizenships held)
Yes
Country of Birth
Yes
7
This is a unique Tax issued identification number that is specific only to the individual Customer. Where unavailable capture
Government issued ID number. This, for example may be a passport number, the number provided on a government identity card,
a drivers license number, a government benefits number or a social security number.
8
Unless the country does not issue identification numbers
9
Where the Customer has another recorded name this must also be captured e.g. where the Customer has changed their name.
10
Unless the Customer is being electronically verified or the primary document used for documentary verification does not contain
Date of Birth, subject to Business Risk/FCC approval.
11
"Residential address" is defined in the Glossary. If a Customer has multiple residential addresses, all must be captured. Only
primary residential address needs to be verified through electronic or documentary verification
12
It should be noted that local or global regulatory requirements may require verification of Tax Residence. Where this is the case,
such regulation must be followed
13
Nationality and citizenship are used interchangeably in many jurisdictions. Local regulatory requirements may require verification
of nationality/citizenship; where this is the case and legally permissible, local regulation must be followed
Page | 14
INTERNAL

14
Tax Identification Number Yes 15
1.8.4 In addition to the above minimum identification requirements, further information may be obtained
to enhance the Customer’s experience or to facilitate communications with the Customer; for
example, telephone number and email address. FATCA requirements may result in additional
information being required for US persons.
1.8.5 Post Office Box (PO Box) addresses are only permitted in Countries where complete legal
addresses do not exist. If the Customer lives in an area where a PO Box is the only address
possible, full details of the descriptive address (i.e. the location of the property) must be obtained.
1.8.6 Where the Customer is identified as being a national/citizen of a Sensitive Sanctioned Country, or
a resident of a Sensitive Sanctioned Country, the case should be escalated to FCC Sanctions.
Customer Verification Requirements
1.8.7 Customer Identity can be verified through the use of Electronic and/or Documentary sources. These
terms, as well as those for primary and secondary documents, are defined in the glossary (see
Appendix 1).
1.8.8 Where available and allowed in a local jurisdiction, electronic verification of the Customer is
preferable and should be attempted first. In all jurisdictions where electronic verification is to be
used, the approach to be taken should be documented and submitted to the Global RBWM FCC
team for sign off. If electronic verification is not possible, documentary verification should be
performed.
1.8.9 Two verification sources are required, unless explicitly mandated by a local regulatory initiative
(with the exception of Reduced Due Diligence, see figure 1.11), irrespective of the type of source
(electronic vs. documentary). However, the standard level of verification required is dependent on
the verification source.
1.8.10 Where the use of one source is explicitly mandated by a local regulatory initiative, and where the
source containing the Customers: full name, Date of Birth and current residential address, is
assessed as being adequately robust to be relied upon as a sole document, Country FCC may
propose an amendment to the ID&V matrix for the Country addendum to allow for a Customer to
be verified by relying only on that Primary document. The assessment undertaken must be retained
on file by Country FCC.
Figure 1.11 Verification sources
Verification Source
Electronic
Verification
Documentary
Verification
Reduced Due
Diligence
Verification Required
At least one approved provider will be used to obtain the following verification:
a) One match on a Customer’s full name and residential address; and
b) A second match on a Customer’s full name and either their residential address or
their date of birth.
Two document sources, one of which must be a Primary Document.
a) The primary document must confirm the Customer’s full name, Date of Birth and/or
residential address.
b) A second document must confirm the Customer’s residential address.
One or more document or electronic source(s) that contain customers full name, date of
birth and residential address
14
This is a unique Tax issued identification number that is specific only to the individual Customer. Where unavailable capture
Government issued ID number. This, for example may be a passport number, the number provided on a government identity card,
a drivers license number, a government benefits number or a social security number. Where customer has passed eID&V
Government ID number is not required.
15
Unless the country does not issue identification numbers
Page | 15
INTERNAL

1.8.11 Where the Customer’s country(ies) of Tax Residence has been collected for Non-resident HNWI
Customers and is/are not consistent with the customer’s profile (e.g. does not match any address
or information provided by the customer) this should be escalated along with the documentation
evidencing the inconsistency to the Country FCC team who will then escalate to the
regional/country Tax teams if required.
1.8.12 HSBC needs to ensure that it has a holistic understanding of the Customer; in particular that all
documents which are obtained to verify a Customer are analysed and understood as a whole and
cross-checked against each other.
1.8.13 Although verification of identity is required, alternative means of obtaining this may be required
where standard documents within the ID&V Matrix / electronic verification is not available or cannot
be obtained. Approval must also be provided by Country FCC and also approved by Security and
Fraud Risk.
Non Face-to-Face Account Opening Verification
1.8.14 Where electronic verification sources are used in a non face-to-face channel, it is mandatory to
perform an additional check in order to mitigate the risk of impersonation fraud. This could be
done through a variety of means including, but not limited to, obtaining additional electronic
matches against the customer’s data; account activation requirements, additional electronic
checks provided by third party providers, etc. The approach to be taken must be documented
and approved by Global RBWM FCC.
1.8.15 Where documentary sources are used to verify the identity of non-face-to-face Customers at onboarding,
(e.g. where electronic ID&V has not passed or is not available), where certified true
copies of the original documents have not already been provided e.g. the customer has provided
documents with paper application, it is mandatory to perform one of the three following steps:
Figure 1.12: Verification
Non face-to-face
a) HSBC write to the Customer at the correspondence address provided, requesting certified true copies of the
original documents. These must be certified by an approved third party source (e.g. embassy official, notary
public 16 ) and returned to HSBC.
b) Require the Customer to come into HSBC premises to provide documentation (in which case this becomes a de
facto face-to-face account opening).
c) Alternative means of verifying a customer’s identity and mitigating the additional risk of impersonation fraud
associated with non face to face business. The alternative means must be approved by both Country FCC and
Country Security and Fraud Risk and documented in the country addendum
1.8.16 Where a photographic identification document is not available, the Business Risk/FCC function
must stipulate alternative documents which can be used to verify the Customer’s identity. This is
subject to local regulatory requirements being met.
Approved Documentary and Electronic Sources for Verification
1.8.17 ID&V matrices will outline approved primary and secondary documentary and electronic sources
that may be used. Country FCC must ensure that lists of appropriate documentary sources for that
jurisdiction are updated on an annual basis [e.g. in-Country ID&V Matrix].
1.8.18 A printout from an HSBC system, e.g. Global Customer Directory (GCD), Browser Main Menu
(BMM) or other, showing a customer's residential address, is not a valid verification document.
1.8.19 The following key principles apply with respect to Documentation Standards:
16
Refer to Country procedures for further examples of appropriate certification providers.
INTERNAL
Page | 16

Figure 1.13: Documentation Standards
Original documents must be seen by HSBC or be certified true copies.
Documentary
Sources
Primary Documents (e.g. passports and national ID cards) must be current, i.e.
unexpired.
Letters and bills used as secondary sources should be of recent date (from within the
last four months 17 ). In the case of students, the course dates stated in the Letter of
Acceptance should reasonably correspond with the date of the account application to
HSBC.
Electronic Sources
Electronic Verification is completed through FCC approved 3 rd party data providers. Key
criteria for approval of 3 rd party data providers include:
a) The vendor is registered and permitted to store personal data;
b) The vendor uses a wide range of alert data sources and positive information
sources that link an applicant to both current and previous circumstances and
negative information sources, e.g. regarding identity fraud; and
c) The vendor has transparent processes that enable HSBC to know what checks were
carried out, what the results of these checks were, how much certainty they provide
as to the identity of the subject and has processes that allow the enquirer to capture
and store the information they used to verify an identity.
1.9 ID&V - Requirements for Connected Parties
1.9.1 The guiding principle is that Connected Parties that exercise a degree of control or influence over
the activities of the Customer must be subject to ID&V. When assessing a Connected Party, care
must be taken to understand the Connected Party fully; in particular how and why it exercises
control over the Customer and/or the assets held by HSBC.
1.9.2 This principle results in:
a) All Connected Parties that are classified as parties who “Control” or “Direct” the activities of
the Customers' account below require full ID&V (according to Figure 1.14). These Parties will
generally be appointed PoAs or PoAds or have 3 rd party mandates.
b) Where a Connected Party contributes to the account, the requirement to identify the party
and to hold their information in the CDD profile will depend on the amount the Connected
Party is contributing to the account. For contribution thresholds for identifying Connected
Parties, refer to KYC Chapter and Figure 1.14 below. In such instances, only identification of
the Connected Party is required.
1.9.3 Figure 1.14 below outlines the minimum ID&V requirements for Connected Parties as natural
persons While verification of Connected Parties may not be required in all cases, Business Risk/
FCC may require verification, e.g. in the event of a potential screening hit.
17
Some jurisdictions may specify documentary sources should be dated within a more restrictive time period, where this is the case,
local regulatory guidance must be followed.
Page | 17
INTERNAL

Figure 1.14: Minimum ID&V requirements for Connected Parties
Level of Influence
over the account
Roles Connected Party type Identify Verify
Control
Direct
Full access and
control over the
account
Part access and
control over the
account in line with
their level of
authorisation and
responsibility
towards the account
Individual Yes Yes
Acceptably Publicly Listed entities
and Equivalently Regulated FI’s
Yes
Other entities Yes Yes
Individual Yes Yes
Acceptably Publicly Listed entities
and Equivalently Regulated FI’s
Yes
Other entities Yes Yes
No
No
Contribute
Beneficiary (For
Insurance contracts)
Guarantor
Contribution to
Source of Wealth or
Source of Funds, i.e.
transfers of funds to
account or account
holder outside the
normal course of
business
No influence over
account but value
recipient. Recipient
of funds following an
event.
No influence over the
account but funds
provider in the event
the customer is
unable to make
repayment
Individual
Acceptably Publicly Listed entities
and Equivalently Regulated FI’s
Other entities
Beneficiaries under a pension or
retirement scheme.
Specific parties due to benefit from
any Insurance payment
Guarantors for personal lending
Yes, where
identified
through:
a) SoF; (refer to
section 2.3)
b) SoW; (refer to
section 2.4);
and/or
c) Directed by
business
risk/FCC.
Yes- prior to
payment
Yes
No
Yes- prior to
payment
Yes, only where
the debt is
invoked and the
Guarantor is
required to repay
monies owed
INTERNAL
Page | 18

1.9.4 If an Individual is identified as a Connected Party, the following ID&V information is required:
Figure 1.15: Minimum ID&V requirements for Connected Parties as Natural Persons
Requirements
Full name
Date of birth
Residential address 19
Nationality/Citizenships
(including all
nationalities held/
citizenships)
Identification of
Connected Parties
excluding
beneficiaries to
insurance contracts
Yes
Yes
Yes
Yes
Identification of
Beneficiaries (for
Insurance Contracts)
Prior to Payment: Optional
At Payment: Yes
Prior to Payment: Optional
At Payment:Yes
Prior to Payment: Optional
At Payment: Yes
No
Electronic or Documentary
verification (Connected
Parties that Control or Direct
only)
Yes
Yes 18
Yes (Unless, Residential
address is the same as that of
the Customer)
Verification not required
1.9.5 The identity of a Connected Party can be verified using only one Primary Document (Documentary
Source) or one electronic match (Electronic Source), if it verifies all of the requirements in Figure
1.15. If not, the verification must follow the ID&V requirements for an Individual Customer as
described in Figure 1.11.
1.9.6 If an Entity is identified as a Connected Party the following ID&V information is required about the
Entity.
Figure 1.16: Minimum ID&V requirements for Connected Parties as Entity
Requirements
Full Legal name
“Trading As” name
Registered office
address in country of
incorporation
Principal place of
business (if different
to registered address)
Evidence of listing on
an Exchange and/or
regulator
Identification of
Connected Parties
excluding
Beneficiaries (for
Insurance contracts)
Yes
Yes (where applicable)
Yes
Yes
Identification of
Beneficiaries (for
Insurance Contracts)
Prior to Payment: Optional
At Payment: Yes
Prior to Payment: Optional
At Payment: Yes
One of either Registered
Address or Principle Place
of Business
Electronic or Documentary
verification
Yes
No
Yes
Yes (where applicable) No Yes (where identified)
1.9.7 Verification of the above ID&V information for an entity must follow the requirements for the
applicable entity type (Please refer to the relevant Chapter).
1.9.8 Where the Connected Party is an Entity that is acting in a Professional Fiduciary Capacity, e.g. a
lawyer acting as an Executor or Trustee, or an accountant representing their Customer, unless
No
18
Unless the Customer is being electronically verified or the primary document used for documentary verification does not contain
Date of Birth, subject to Business Risk/FCC approval.
19
"Residential address" is defined in the Glossary
Page | 19
INTERNAL

directed by Business Risk/FCC, it is not necessary to 'look through' the entity to conduct additional
ID&V on its Ownership Structure, UBOs and Connected Parties. In all other cases, a "look through"
to the underlying natural persons owning and controlling the Entity is required.
1.9.9 As outlined in the relevant Entity Customer Type Procedure, a Risk Based Approach applies to the
ID&V of the individuals who own or control the entity. Where the identified UBOs or Key Controllers
must be verified, only one verification source is required, unless otherwise stated in Figure 1.17.
Verification can be completed using either Documentary Sources, or where local regulatory
requirements allow, Electronic Sources. The information to be verified depends upon the
verification source:
Figure 1.17: Verification Sources for individuals who own or control the entity
Documentary
Sources
a) Full Name and percentage of ownership/voting rights; and
b) Date of Birth OR Residential Address
Electronic
Sources
a) Full Name and percentage ownership; and either
b) Date of Birth and Residential Address; or
c) Two sources confirming Residential Address; or
d) By exception, where Residential Addresses are not commonly used, two sources confirming
Date of Birth or age and country of residence (and nationality, if legally permissible, if different)
INTERNAL
Page | 20

1.10 Special Circumstances
1.10.1 Some Customers may not be able to produce identification information to the required standards.
Such cases may include, for example, Social Welfare claimants, Individuals in care homes or on
probation. Figure 1.18 below sets out the requirements:
Figure 1.18: ID&V for Special Circumstances
Individual Customer and Connected
Party
Benefit or Social Welfare claimants
Individuals in care homes/sheltered
accommodation/refuge
Individuals on probation
Prisoners
Students
Minors
Individuals who lack the capacity to
manage their own affairs
Economic migrants [those working
temporarily in the local country,
whose lack of banking or credit
history precludes them being offered
anything other than a retail bank
account]
Refugees
Asylum seekers 20
Examples of acceptable documentary sources
Entitlement letter or Identity Confirmation Letter issued by the relevant
Government Department or Local Authority or country equivalently accepted
document as per the ID&V Matrix
Letter from care home manager or warden of sheltered accommodation or refuge
or from an employer if the Customer is in work or country equivalently accepted
document as per the ID&V Matrix
It may be possible to apply standard identification procedures. Otherwise, a letter
from the Customer’s probation officer, or a hostel manager, or country equivalently
accepted document as per the ID&V Matrix
It may be possible to apply standard identification procedures. Otherwise, a letter
from the governor of the prison, or, if the applicant has been released, from a
police or probation officer or hostel manager or country equivalently accepted
document as per the ID&V Matrix
Passport or National Identity Card and Letter of Acceptance from an accredited
Institution on the local Border Agency list or country equivalently accepted
document and correspondence as per the ID&V Matrix
Passport or National Identity Card if available, otherwise birth certificate, medical
card or country equivalently accepted document as per the ID&V Matrix
Evidence of disability living allowance payments, personal introduction from the
local Healthcare Trust or known private sector equivalent, or country equivalently
accepted document as per the ID&V Matrix.
National Passport or National Identity Card. Alternatively, country equivalently
accepted document as per the ID&V Matrix
Immigration Status Document with Residence Permit, or officially issued
emergency travel documents or country equivalently accepted document as per
the ID&V Matrix
Officially issued emergency travel documents, or country equivalently accepted
document as per the ID&V Matrix
1.10.2 In situations when an existing Customer has died there may be a need to conduct CDD on the
party(ies) who now control the deceased Customer’s funds (defined as a “Direct” Connected Party
in Figure 1.5) and/or the Party to whom the funds are to be transferred (referred to as
“Beneficiaries”).
1.10.3 Beneficiaries of Insurance policies or Pension/Retirement schemes must be Identified, Verified and
Screened prior to initial payment. Repeat payment to the same recipient would not require further
ID&V unless there are changes to the recipient.
1.10.4 For these Connected Parties the ID&V requirements are outlined in Chapter 1: Individuals –
Identification & Verification (ID&V) (section 1.9), where the requirements are outlined in Figure 1.15
for an Individual and Figure 1.16 for an Entity. The applicable Screening Requirements are detailed
within Section 2.2 of Chapter 2: Individuals – Know Your Customer (KYC) (section 2.2).
20
Local legal requirements relating to asylum seekers should be observed.
INTERNAL
Page | 21

1.11 Other Considerations
1.11.1 During the CDD process and throughout the Customer relationship, information may be identified
which indicates a heightened risk of Financial Crime. This information may require Escalation and
the engagement of a Financial Crime specialist, or the upward revision of the initial Financial Crime
risk rating. For further information refer to Process LoBP Chapter 5 Escalations.
1.11.2 If any ambiguity or discrepancy is identified in the ID&V information provided by the Customer or
full ID&V information cannot be obtained, the procedures in the Process LoBP Chapter 5
Escalation and CDD Risk Acceptance chapter 7 must be followed.
1.11.3 There are cases where HSBC should not on-board a Customer or consider exiting existing
Customers. For further information refer to Process LoBP Chapter 10 Restricted and Prohibited
Customers, Special Categories of Customers (SCCs) and Prohibited Products.
INTERNAL
Page | 22

Appendix 1: Glossary definitions
Figure 1.19: Glossary definitions
Electronic
verification
Primary
Document
Electronic verification may be permitted in some jurisdictions, based on local regulatory
and legal requirements. There may be circumstances where HSBC entities wish to
undertake electronic verification of the Customers instead of, or in conjunction with,
documentary identity verification. These circumstances may include the verification of
non-face-to-face Customers, in order to supplement documentary verification.
A Government Issued document with a photograph e.g. valid passport or photo card
driving licence or identity card 21 may be used for verification where it incorporates:
Customer’s full name and photograph; and either
Residential address; or
Date of birth.
Government-issued documents with a photograph include:
Valid passport
Valid photo card driving licence (full or provisional)
National Identity card
Firearms certificate or shotgun licence
Secondary
document
Secondary documents include other original Government or local Government-Issued
documents or documents issued by public authorities.
A government-issued document which does not have a photograph but incorporates the
Customer’s full name may be used, supported by a second document, that is:
Either government-issued, or
Issued by a judicial authority, or
A public sector body or authority, or
A regulated utility company, or
Another regulated firm in the financial services sector which incorporates:
Customer’s full name and either;
Residential address; or,
Date of birth.
Blacklist A list of persons or organisations that are prohibited or suspicious.
Permanent
residential
address
Correspondence
address
The main address at which a Customer lives (i.e. address at which they spend the
majority of their time).
The address at which the Customer requests to have correspondence sent to.
Other address(es) Any other address (es) where the Customer resides, even if for short periods of time.
21
Definitions for Primary and Secondary Documents have been taken from the current Glossary and are subject to change.
INTERNAL
Page | 23

Appendix 2: Tax Evasion Indicators
Purpose and Scope
The purpose of this document is to help HSBC staff identify factors that might indicate that clients are
using HSBC’s services in order to evade tax, which is a predicate offence for money laundering, or
commit a tax crime.
Tax evasion or tax crime usually involves the concealment of beneficial ownership of income, assets, or
gains that would otherwise be taxable.
It can be difficult for HSBC staff to distinguish between tax evasion and arrangements which are being put
in place for commercial, wealth preservation or succession planning reasons. Many clients will seek to
invest in products and investments that legitimately reduce or mitigate tax. What the following seeks to
provide is a number of factors that could indicate that client is seeking to use HSBC’s services to evade
taxes.
Please note that the tax crime in question might not be with respect to the country in which the HSBC
services are being delivered but elsewhere. Experience tells us that tax evasion most commonly occurs
where the client is hiding wealth in a foreign jurisdiction.
The country of residency, citizenship or incorporation of the customer must be carefully evaluated
especially when it is an international (multibank) customer opening an account in an offshore HSBC site.
HSBC policies which restrict service propositions to non‐resident customers must be applied at all times
and considered in conjunction with this document.
When to use these Indicators
You should consider these indicators at the account opening for new customers, during the course of the
relationship with existing customers (periodic review, client visitations) and when escalating unusual
behaviour to Financial Crime Compliance teams.
Examples of tax evasion Indications
The following is a non‐exhaustive list of customer behaviour that could highlight tax evasion by a
customer.
Customer Behaviour
1. Customer has indicated that he/she is not compliant with his/her tax obligations.
2. A non‐resident customer seeking to use HSBC’s services does not appear to have a commercial or
personal reason for banking in that jurisdiction.
3. Customer’s personal contact details (address, phone number) or place of birth are inconsistent with
other documentation used to evidence nationality or residence.
4. Customer has expressed an interest in using HSBC’s products and services in order to conceal
beneficial ownership of deposits and investments from tax authorities.
5. Customer indicates an unwillingness to accept HSBC’s terms and conditions with respect to tax
reporting requirements.
6. Screening performed on the Customer or Connected Parties results in negative tax‐related news
(e.g., allegations of tax fraud or convictions on tax crime(s)).
7. Customer refuses to provide information requested by HSBC in order to comply with its international
tax obligations e.g., US Foreign Account Act (FATCA), EU Savings Directive.
8. Customer has been identified as non‐tax compliant in an HSBC tax‐related remediation review.
9. Customer refuses to be contacted without a valid reason
10. Customer behaves in such a way that indicates he/she might not be tax compliant or does not intend
to comply with domestic or foreign tax obligations. For example client does not seem to be interested
INTERNAL
Page | 24

in receiving or responding to HSBC statements and correspondence or seeks to conceal real
residence or citizenship.
Source of Funds/Wealth
1. The source of funds seems unusual in that it is not derived from a history of investments, commercial
gain or family wealth.
2. When asked, the customer cannot confirm that the source of funds/wealth has been properly declared
to a tax authority.
Structures and Transactions
1. Customer has set up a structure which lacks a legitimate commercial, wealth preservation or
succession planning purpose particularly in a territory other than the home country of the customer.
2. The proposed arrangements appear to be designed to conceal the ultimate beneficial owner.
3. The arrangements being requested involves 3rd party authorised signatories, or 3rd parties with
powers to access the client account, in a way that suggests the real ownership lies elsewhere.
4. The beneficial owner of a personal investment company ignores the corporate formalities in accessing
assets in accounts held in the name of the personal investment company.
5. Unusual receipts and disbursements to and from 3rd parties indicate that the account is not being used
for its stated purpose.
6. Use of offshore companies to re‐route payments for transactions and services without apparent
commercial substance.
7. The use of bearer share entities (refer to global CDD procedures for bearer share accounts).
Note to reader: If in doubt on the application of any tax evasion indicator or red flag, referral should be
made in the first instance to the Country FCC team. In turn, Country FCC team will refer to Group /
Regional Tax Function if in doubt of a customer’s tax obligations or position.
Any changes intended to be made to this document must be previously reviewed and approved by
Group/Regional Tax.
INTERNAL
Page | 25

Appendix 3: Reduced Due Diligence Product Approval Form
RBWM Reduced Due Diligence Product Approval Form
Country
Region
Product Name
Product Code
Brand
New or Existing Product- if new date of NPAP
approval
Product Features and Benefits-this should be a description of the product, its features, benefits and
distribution channel
Risk Assessment Summary & Status- this should include details of the FCC RAG status (once the
PRAM has been agreed) and any deficiencies identified in the sale, processing and or monitoring of the product
together with details of any dispensations/deviations agreed re compliance with Global Policy
Business Rationale for Reduced Due Diligence to be applied- this should include details of the
control environment and monitoring in place and or proposed that restricts/permits functionality
Approval 1 st Line- Executive Committee
1 RBWM CDD Country Exco. Date of Comm. Approval
2 RBWM CDD Regional Exco. Date of Comm. Approval
3 RBWM CDD Global Exco. Date of Comm. Approval
Approval 2 nd line- Head of AML
1 RBWM Country Head of AML Name Date of Approval
2 RBWM Regional Head of AML Name Date of Approval
3 RBWM Global Head of AML Name Date of Approval
INTERNAL
Page | 26

INTERNAL
Page | 27

Appendix 4: Reduced Due Diligence Product Approval Log
RBWM RDD Product
Approval Log.xlsx
INTERNAL
Page | 28

2. Know Your Customer (KYC)
Key Objective
How will the Objectives
be achieved?
Scope of Section
Related Sections
Guidance Sources
To understand the nature of HSBC’s Customers and any associated Financial Crime risks
posed by them.
The objective will be achieved by ensuring that key processes are used to understand
Customers and how they expect to do business with HSBC.
This section outlines risk based Know Your Customer (KYC) procedures to be undertaken
in addition to the ID&V procedures defined in Chapter 1.
2.1 Introduction
2.2 Screening – Customer and Connected Parties
2.3 Employment Status KYC Information
2.4 Source(s) of Funds
2.5 Source(s) of Wealth
2.6 Intended Purpose and Account Activity
2.7 Other General Connected Party KYC Information
2.8 Customer Contact and Visitation Requirements
Chapter 1 – Identification & Verification (ID&V) – baseline content applicable to all
Individuals
Chapter 3 – Enhanced Due Diligence (EDD) – baseline content applicable to all Individuals
Global Anti-Money Laundering Policy: CDD Standards
AML B.1.1.2.8 Cash Services policy
INTERNAL
Page | 29

2.1 Introduction
2.1.1 It is important to understand the background and circumstances of Customers who wish to open
accounts with HSBC. This includes understanding the rationale for the services and products they
request.
2.1.2 In some cases it will be necessary to complete additional due diligence and to understand the
Individual’s income, business activities and tax profile.
2.1.3 A Risk Based Approach should be taken when applying Know Your Customer (KYC) procedures
to Customers and may include:
Screening – screening of the Customer and any Connected Parties against PEP and
Sanctions lists (being the Official Lists 22 and Other Lists – Refer to Screening - Process Chapter
3), as well as Negative NewsScreening as applicable
Understanding the Source of Funds – gathering information on the Customers’
Source of Funds
Understanding the Nature and Source(s) of Wealth – gathering information on the
Customers’ Source of Wealth
Understanding the Purpose and Usage of Account – gathering information on the
purpose and use of the Customer’s account in support of Transaction Monitoring
Completion of a Customer Meeting or Visitation – meeting the Customer to enhance
the overall understanding of the Customer
2.1.4 Along with ID&V, KYC information is recorded in the CDD Profile in order to provide a fuller picture
of the due diligence undertaken on a Customer at a given point in time.
2.1.5 This chapter details the specific KYC requirements in relation to ‘Individual Customers.’ Where
applicable, the chapter highlights the Enhanced Due Diligence (EDD) applicable to the Procedures
for Customers that are HNWI, High Risk or SCC.
2.2 Screening – Customer and Connected Parties
Parties to be Screened
2.2.1 Screening against PEP and Sanctions lists (being the Official Lists 23 and Other Lists – refer to
Screening - Process Chapter 3) must be applied to all Customers and to any Connected Parties
identified. These screening processes must be completed before any initial funds deposited may
be withdrawn. All accounts where an initial deposit has been accepted prior to the completion of
screening processes must have an inhibit marker against them to prevent any transactions,
products, services or economic benefit being made available to the Customer. Once the applicable
screening processes have been completed, the inhibit marker may be removed. 24
2.2.2 If it is known that a Customer and/or Connected Parties has changed its name in the past,
Screening against Official and Other lists should include both the new name as well as the previous
name(s). If the Customer’s and/or Connected Parties name has changed within 5 years, both the
new and previous name should also be subject to Negative NewsScreening.
22 The Offic ial Lists are the lists of individuals, entities or organisations who have been designated as sanctioned targets by the UN, UK, US, EU or HK. The Official Lists
which must be screened are set out in the Global Sanctions Policy.
23 The Official Lists are the lists of individuals, entities or organisations who have been designated as sanctioned targets by the UN, UK, US, EU or HK. The Official Lists which
must be screened are set out in the Global Sanctions Policy.
24
Automated screening should be completed as soon as possible but no later than 48 hours after the customer has been onboarded. Pre-screening
should be undertaken where a Customer has the ability to transact prior to automated screening.
INTERNAL
Page | 30

2.2.3 The Screening Chapter defines the applicable data points of each Customer and their Connected
Party (e.g. name, country of residence) that need to be screened.
2.2.4 Negative NewsScreening helps to identify adverse information about Customers in order to take
necessary steps to protect HSBC’s reputation (see Glossary for definitions of each) and is
undertaken following a Risk Based Approach on both the Customer and their Connected Parties.
The following table sets out the Risk Based Approach by Customer Segment and FCRR:
Figure 2.1: Mandatory screening requirements for Customers and their Connected Parties
Customer
Segments
FCRR
Official and
Other Screening
Lists
(PEP/Sanctions)
Customer and
Connected
Parties
Customer
Negative
News
Connected
Party
High Risk / SCC Yes Yes Yes
Retail
Medium Yes No No
Low Yes No No
Safe Custody Services (in line with AML - Safe Custody FIM at all FCRR
High Risk / SCC Yes Yes Yes
HNWI
Medium Yes Yes Yes
Low Yes Yes Yes
2.2.5 The application of Negative News Screening for all HNWI Customers, across all risk levels, reflects
the greater complexity and the international footprint of many HNWI Customers and the time frame
over which Financial Crime may evolve.
2.2.6 Where the Connected Party is an entity, screening against PEP and Sanctions lists (refer to
Screening – Process Chapter 3) must be performed in all cases on both the entity and the
Connected Parties of the entity that have been identified.
2.2.7 In addition to the above screening requirements, other screening controls are performed at onboarding
and on an on-going basis (e.g. Fraud Screening and Transaction Monitoring).
2.2.8 Where an automated negative news screening tool is available the parameters of that tool must be
documented and approved by Global RBWM FCC.
INTERNAL
Page | 31

2.3 Employment Status KYC Information
2.3.1 In order to understand the funding of the account, the Individuals’ employment status must be
identified and validated according to Figure 2.2 below.
Figure 2.2: Employment status minimum Validation requirements
Identify Validate Information Required
All
Employed
Determine employment status: Employed, Business Owner or Key Controller, Sole
Trader, Student, Not employed or Retired
Yes No ­ If employed: obtain occupation, name of employer 25 ,
employers address (City & Country) and salary
Business Owner/ Key
Controller/ Self-employed/
Sole trader
Yes No ­ If business owner, key controller or self-employed:
name of business, job title, business activity, location
and earnings
Student
Yes Yes ­ Course end date
­ Obtain evidence of student status
Not in Employment
Yes No ­ If person receives social security/benefits
­
Yes No ­ Source and amount of income
­ If known HNWI, Prior employment status.
Retired
­ If prior employment was business owner/key
controller/Self-employed/Sole trader: obtain business
activity
*See Appendix 4 for guidance on personal accounts being used for business purposes.
2.3.2 For Customers where detailed SoW information is obtained in line with section 2.5, judgment is
required when concluding on what documents, if any, are additionally required to validate that
employment status. As an example, if detailed employment SoW information is received for a HNWI
Customer, obtaining a payslip may not be required to validate the employment status.
2.4 Source(s) of Funds
2.4.1 The Customer’s Source of Funds (SoF) refers to the origin and means of transfer of currency/
financial instruments deposited, which includes the amount to be transferred to the HSBC account
at onboarding.
2.4.2 The SoF differs from SoW in that it addresses where the funds to be deposited with HSBC originate
from, rather than how they were generated. For example, SoW could be accumulated savings from
employment salary whereas the corresponding SoF would be the salary payment from the
employer to be paid into the Customers' bank account (refer to glossary for definition of SoF and
Source of Wealth (SoW)).
2.4.3 It is necessary to understand both the initial deposits into an account and the on-going funding of
that account. The origin of the funds and means of transfer needs to be identified; and, depending
on the amount or the risk rating of the account, validated prior to account opening (See Appendix
1)
25
Where it is known the employer is located in a Sensitive Sanctioned Country escalate to FCC.
INTERNAL
Page | 32

Definitions
Figure 2.3: Definitions
Identification
Information obtained from conversation with the Customer (e.g. Employer’s name and
address, details of inheritance). Depending on the type of Customer (refer to Customer
Chapter 1, section 1.2) and FCRR, the Customer might be asked a standard set of questions
or, reflective of the level of risk, additional detailed questions.
Example: ask the Customer for the required information and document the response within the
CDD profile.
Validation
Validation describes the process of corroborating (i.e. supporting with evidence) Source of
Funds / Source of Wealth information. This is performed using documents provided by the
Customer.
Validation should not be confused with the verification process in the context of ID&V of
Customers and their Connected Parties (see Customer Chapter 1).
Example: obtaining a bank statement or pay slip from a customer to validate their SoF.
3 rd Party
Validation
3 rd Party Validation describes the process of corroborating (i.e. supporting with evidence)
Source of Funds / Source of Wealth information by either using a Party other than the
customer to obtain relevant information and documents or to certify documents as true copies
of the original (See Appendix 1 and Chapter 9 Customer Data Management, Verification
Requirements and Key Risk Indicators and Management Information).
Example: Using outside service providers for independent due diligence or performing a Credit
Check.
Example: Using the services of a Notary to certify that documents are true copies of the
original.
Verification
Verification involves checking information provided against documents, data or information
obtained from a reliable and independent source, in line with the concept of verification in
ID&V. As there are few such sources for verifying SoF/SoW (e.g. government issued tax
returns see sections 2.5.12-2.5.15 below), verification only has limited applicability to this
chapter.
Example: Using official governmental documents like tax returns issued by the government.
Note to reader: Details of “independent, reliable and approved sources will be defined in the
ID&V matrix. If documentary evidence is used from such a source, it is considered to be
“verification.”
Source of Funds of Customers
2.4.4 Retail Customers will tend to have lower monetary value and less complex financial instruments
transferred into their accounts at on-boarding than HNWI Customers.
2.4.5 Where initial funds are being deposited in accounts of HNWI Customers, the amount must be
scrutinised to ensure that the expected funds received into the account are consistent with the
Customer’s or Connected Party’s profile in terms of size, nature and source. In practice this means
ensuring the initial funds credited to an account are consistent with the expected Account Activity
and Account Usage, as well as with the Customer’s SoW, which will be reviewed during periodic
review or following a material event driven review.
INTERNAL
Page | 33

Source of Funds from Non-Cash deposits 26
2.4.6 For non-cash fund transfers from other financial or banking institutions, there are higher thresholds
for validation than for cash deposits.
2.4.7 Identification of SoF involves gathering:
a) the amount or value and type of financial instruments;
b) method of transfer e.g. wire from previous bank;
c) party from which the funds will be transferred e.g. salary payment or transfer of funds
from the Customer’s account with another financial institution; and
d) the country from which the funds will originate.
2.4.8 The validation controls are risk based and relate to the expected amounts to be paid over the first
12 months. Refer to Figure 2.4 below for the controls applicable to the SoF of customers opening
the account with a non-cash fund transfer:
Figure 2.4: Source of Funds for Customers’ non-cash deposits
Retail Individual
Low/Medium
Risk
High Risk/ SCC
HNWI
Identification
of Source of
Funds
Validation of
Source of
Funds
Yes Yes Yes
No Yes Yes
2.4.9 For standalone credit cards source of funds identification or validation is not required due to the
lower risk nature of the product, preset transactional limits and scheme operating regulations.
2.4.10 For lower risk products where Reduced Due Diligence is applicable, Source of Funds may be
implicit based upon the nature of the product e.g. payroll accounts or accounts for receipt of pension
or other government benefits. In such instances, SOF will need to be identified, but the information
does not need to be requested from the customer.
2.4.11 A Contributor is defined as an individual (e.g. Spouse or Parent) that provides more than USD 10k
per month where this accounts for over 50% of an RBWM customer's source of funds. The funds
could either be deposited into the customer's account as a single payment or could be split into
multiple payments paid into one or more account
2.4.12 In the event that two or more persons jointly provide a customer with more than USD 10k per month
but, individually, they each provide less than this threshold value, these individuals would not meet
the definition of a contributor. Furthermore, an employer paying a customer their monthly salary is
not considered a contributor as this would constitute ‘normal course of business’
2.4.13 RBWM must enquire at account opening and periodic or event based reviews whether the customer
has received, or will receive, USD 10k or more per month from a Contributor. Where a Contributor
is identified and local data privacy laws allow for the handling of non-customer information, the
individual's full name, DoB, country of residence and relationship to the RBWM customer must be
recorded. The Contributor must be identified as a Connected Party to the customer's account and
screened on a regular basis. If local data privacy laws prevent retaining information on the
26
Non- cash transfers include wire, cheque and other financial instruments (e.g. securities) transfers
INTERNAL
Page | 34

Contributor, (refer to Global Data Privacy and Information Governance Guidelines) a deviation to
the RBWM Global LoBP must be sought.
2.4.14 Where contributions are made to a student’s account or an Insurance policy equal to or greater
than USD 75k per year, the Contributor must be identified (full name, DoB, residential address) as
a Connected Party to the Policy and screened on a regular basis.
2.4.15 For all other Customers, actual SoF will be reviewed against expected SoF in the following
instances:
a) Following a Transaction Monitoring trigger event; and/or
b) At the first periodic review
2.4.16 Part of this review will look at Account Activity and determine whether it is in line with the expected
activity at on-boarding. Where initial expectation and actual source of funds or account activity do
not correspond with the information obtained at on-boarding, the Customer must be contacted to
understand the change in behaviour. If there are concerns that the activity is not reasonable or
plausible, the Customer must be escalated according to the Escalations Chapter
Source of Funds from Cash deposits
2.4.17 Where at Customer on-boarding, the Customer indicates that cash will be used to fund the account
on an ongoing basis; the following information should be documented in the CDD Profile:
a) The name of / details of the Customer or the Connected Party who will be depositing the
funds to the Customer’s account. ID&V must be completed for the Connected Party (refer
to Chapter 1, section 1.9 for ID&V requirements for the Connected Parties); and
b) SoF must be identified, i.e. explained, and validated by documentary evidence (e.g.
Invoices, sale particulars, withdrawal slip from another Bank, receipts of earnings from
cash business like a restaurant).
2.4.18 Where a Customer is unable to provide the required evidence to validate SoF, or if there are any
identified financial crime concerns related to the SoF or the Connected Party depositing the funds
the Customer should be escalated to Country FCC, through the Unusual Activity Reporting (UAR)
process, and the Risk Acceptance Process initiated.
2.4.19 The AML RBWM FIM B1.1.2.8 AML Cash Services provides additional guidance relating to the
enhanced consideration requirements and associated controls according to the value of the cash
being deposited by the customer.
2.5 Source(s) of Wealth
2.5.1 The Source of Wealth section must be read in conjunction with the Source of Wealth Framework,
Appendix 5.
2.5.2 The Customer’s Source of Wealth refers to the underlying economic activity that has generated the
wealth/net worth which the Customer owns and can be broken down into three key areas:
a) Regular Income (salary)
b) Major Events
c) Growth
2.5.3 The information required to understand the Customer’s SoW will depend on the particular
circumstances presented by the Customer, including the extent to which their wealth is connected
to businesses, inheritance or to other sources. The level of detail and the extent of the
documentation and corroboration, where available, will depend on the type of customer and the
customer’s risk level.
INTERNAL
Page | 35

2.5.4 Obtaining appropriate documentation from the customer is vital when seeking to validate SoW.
This should be undertaken on a risk basis and does not mean providing evidence for all the
money the customer has, every event or investment made in their lifetime, just those that are
identified as ‘major factors’.
2.5.5 The requirement is to understand and verify how the Customer’s wealth was accumulated, it needs
to make sense and support the Customer’s current wealth position.
2.5.6 These ‘major factors’ should provide a reasonable explanation of the customer’s current wealth
and enable adequate documentation as to how it has been accumulated.
2.5.7 The explanation of how the wealth has been acquired needs to be clear and comprehensible to a
third party who does not necessarily know the Customer, in order that the information:
Is understood;
Is coherent and plausible
Enables the same conclusions to be reached;
Is sufficiently detailed, and
Builds confidence that the level of wealth is reasonable and comes from legitimate
sources.
2.5.8 A clear distinction must be made between:
The origin of the initial Source(s) of Wealth – the activity or events that generated
the Customers’ accumulated capital, not just the portion that is invested with/paid to the
bank for the initial deposit/account opening; and
The origin of the on-going Source(s) of Wealth – the on-going activities or future
events that will generate the capital that will be deposited into the account or premium
paid/cash invested.
2.5.9 The following table sets out the identification and validation requirements for SoW.
Figure 2.5: Source of Wealth for Individuals
Identification
of Source of
Wealth
Validation of
Source of
Wealth
Low/Medium Risk
No
Retail Individual
High Risk/ SCC
Yes – additional questions
HNWI
Yes – additional
questions
No Yes Yes
3 rd Party
Validation or
Verification of
Source of
Wealth
No
By exception (refer to 2.5.14 and/or where directed
by Business Risk/FCC
2.5.10 SOW Identification and Validation is only required for HNWI, High Risk and SCC / PEP customers.
The approach to Validation is provided in the Source of Wealth Framework.
2.5.11 Active judgement and reflection are required when obtaining SoW information. Time should be
invested before reaching a conclusion on whether the information provided makes sense and is
plausible.
INTERNAL
Page | 36

2.5.12 A coherent and plausible picture of the Customer and their SoW is necessary for both Existing and
New customers.
2.5.13 In some instances, validation may prove difficult or impossible for the Customer, e.g. in cases of
"old money" or a substantial inheritance made decades ago. In such circumstances judgment will
need to be applied, considering the Source of Wealth Framework and the following approach for
Existing and New customers:
Existing Customers: where we have an existing or long standing relationship with the
customer, particularly when considering customers who have multiple sources of income,
intergenerational wealth accumulation or have very public profiles, publicly available
information should be considered first before asking the customer to provide validation.
Where the events took place a long time ago and evidence is not available the RMs view of
the customer should be provided based on the customer interactions and what we know of
the customers history and previous activity to give plausibility to the story
New Customers: for new customers, we will require the Customer to validate the “major”
events that have contributed to the source of wealth. Consideration should also be given to
utilising publically available information, for the same reasons that this would be considered
appropriate for existing customers.
2.5.14 If the identification and validation of SoW is incomplete or the information does not initially seem
reasonable, coherent or plausible, it might be required to validate the SoW using a 3 rd Party or
verify, where possible. Thereafter, if doubt remains about the veracity of information provided by
the Customer or the information cannot be validated by the 3 rd Party or verified and the Business
wants to onboard the customer, the CDD Risk Acceptance procedures must be followed.
2.5.15 Examples of acceptable documentation are provided in Appendix 1. This is not an exhaustive or
mandatory list. It is provided to support the building of a coherent and plausible view of the
Customer’s Source of Wealth.
Tax Returns as SoW/SoF Validation
2.5.16 Sections of Tax Returns are not always considered to be an appropriate document to use for
evidencing Source of Wealth or Source of Funds and should only be considered the primary source
of documentation where other evidence is not available.
2.5.17 Where Tax Returns are currently used, this practice must be reviewed by Country AML, FCC and
Tax teams to ensure that the use of specific section(s) of the Tax Returns is appropriate. In addition
if countries wish to start using specific section(s) of the Tax Returns as documentary evidence,
prior approval from Country AML, FCC and Tax teams must be sought.
2.5.18 When specific sections of the Tax Returns are used the following must be considered:
The Line of Business is to collect only those sections of the Tax Return which evidences
the SoW and/or SoF.
The Customer's file is to retain only those sections of the Tax Return which evidence the
SoW and/or SoF along with a description of how the section / line item was used in the
verification process.
Additional evidence (e.g. bank statements) may be required to support the information
provided in the specific section of the Tax Return.
Although there is no expectation for employees in countries, authorised to use sections of
Tax Returns as documentary evidence for SoW and/or SoF, to have specialist tax
knowledge to assess the section of the Tax Return, employees are expected to review
the documentation in line with CDD policies and procedures.
Note: Where concerns of tax evasion arise on review of the Tax Return section,
employees must escalate their concerns via the UAR escalation process.
INTERNAL
Page | 37

2.6 Intended Purpose and Account Activity
2.6.1 The intended purpose and activity of the account should be consistent with one another and aligned
to the Customer’s profile, including their financial situation. In order to understand the intended
purpose of the Customer’s relationship, information must be gathered in relation to the products
and services that are used by the Customer; The Business must understand both how and why a
product is being used (this may, on a risk basis, include the level of intended activity).
Purpose of Account
2.6.2 A clear explanation of the purpose of the account must be obtained unless the intended purpose
of the account is implicit in the account, product or service e.g. a mortgage on a residential property,
which is the customer’s primary residence. See Appendix 3 for further examples. Where the
purpose of the account does not make sense this should be escalated to Line Management in the
first instance.
Figure 2.6: Information captured for Intended Purpose of Account
Intended Purpose of account
a) Type of account to be opened (for example Current Account, investment account, insurance)
b) Purpose (i.e. rationale) of the account.
c) Where the Customer is a Non-Resident Customer, understand and obtain a valid reason as to why such
Customer wishes to open an account in a country in which they are not resident. A holistic understanding of
the Customer (activity) will facilitate a risk assessment of any apparent lack of connection with the booking
centre.
Understanding Account Activity
2.6.3 It is important to understand the projected activity on the account, applying a risk based approach.
The projected activity of the account and the on-going activity are key indicators for an on-going
assessment and transaction monitoring of the Customers' activities. In some instances where
Reduced Due Diligence is being applied, the account activity may be implicit due to the nature of
the product and associated controls.
Figure 2.7: Understanding Account Activity
Individual
Account activity
All
Expected Total Relationship Balance (TRB)) for the first 12 months
Expected transfer of funds in/out of the account (monthly value and volume).
Other than usual day to day living credits and transactions will the customer be conducting
any other cash transactions on a regular basis? If yes?
a. Does the customer intend to make large cash deposits/withdrawals? Large as in
volume or value is to be defined at Country and agreed by Business and FCC
Intention to make/receive cross-border transactions. If yes, the countries involved and the
purpose, monthly value and volume. Where the Customer has indicated that they intend to
make/receive cross-border transactions from a Sensitive Sanctioned Country escalate to
FCC.
2.6.4 The information captured in the CDD Profile supports the transaction monitoring alert handling
process, as well as ensuring that the Customer is appropriately risk rated.
INTERNAL
Page | 38

2.6.5 It is important to ensure that the information regarding the products and services held, and purpose
and use of the account/products/services, is kept up to date on an on-going basis. Examples of
when updates may be required include further to Trigger Events or as part of a Periodic Review.
2.6.6 Where transaction monitoring alerts cannot be cleared with reference to the CDD Profile, this may
lead to a Trigger Event to review the CDD Profile.
Relationships with other HSBC Offices
2.6.7 The customer must be asked whether they have HSBC accounts in other jurisdictions. Additionally,
where in place, cross-border Relationship Management Systems must be leveraged, subject to
data sharing restrictions.
2.7 Other General Connected Party KYC Information
2.7.1 To capture and mitigate the risks associated with Connected Parties properly, HSBC must ensure
that it understands the level of authority, control or powers of the Connected Party with respect to
the Customer and to the HSBC account, which includes understanding the relationship the
Connected Party has with the Customer, how that relates to their role with respect to the Customer’s
account and the nature of business of the Connected Party.
2.7.2 The requirements are captured in Figure 2.9 below:
Figure 2.8: KYC requirements for Connected Parties
KYC Requirements for Connected Parties
a) Obtain a clear understanding of the relationship between the account holder and the Connected Party,
explaining the purpose and extent of the connected Party’s role in relation to the Customer’s account.
b) When the Connected Party is an entity, understanding the nature of business. This means understanding
the business type of the entity including applicable industry classification code (e.g. Industry, services
provided)
2.7.3 The purpose of assessing the above information is to determine whether the relationship makes
sense and has a valid business purpose. If a relationship does not seem to make sense, the
business purpose does not seem to be valid or the structure being set up by using the Connected
Party seems overly opaque, the Customer should be escalated to Business Risk/FCC unless the
Business decides, in the case of a new Customer, not to on-board.
2.7.4 If the Customer is not able to provide sufficient information or the proposed Connected Party is
reluctant or unwilling to provide information and cannot provide a valid reason or explanation for
this, then the Connected Party should not be on-boarded and consideration given to whether the
Customer relationship should be onboarded or exited. In addition, consideration should be given
to raising a UAR.
2.8 Customer Contact Requirements
2.8.1 Regular contact with Customers is key to any successful commercial relationship and the
management of risk. This enables RBWM to remain up-to-date with the Customer’s professional,
business or personal activities, investment profile and financial requirements.
2.8.2 In RBWM, there is no policy requirement to complete a visitation. However, a visitation may be
completed in lieu of customer contact, where appropriate. An example of where a visitation may
provide enhanced information about a Customer is where the Individual owns a business and the
HSBC staff member visits the Customer at their place of Business, supporting substantiation of the
Customer’s SOW. Customer contact and visitation are defined below:
INTERNAL
Page | 39

Figure 2.9: Definitions of Visitation, Contact and Compliance directed
Visitation
A face-to-face meeting between the RM and his/her Customer at a place of relevance to
the Customer, such as their place of business or their residence.
Contact
Refers to telephone conversations (non-face-to-face) and meetings with the Customer inbranch
or other locations (face-to-face meetings).
Business Risk/FCC may request either a Customer visitation or a Customer contact in
response to concerns over a specific Financial Crime risk:
a) Customer escalation to the Business Risk/FCC, Negative News report or
Material Trigger Event;
b) Sanctions related;
c) Transaction Monitoring findings; and/or
d) SARs 27
Compliance
directed
In such instances the Customer contact/visitation may seek to:
a) Validate certain information or obtain further information about the Customer;
and/or
b) Discuss a specific AML or related issue.
In these circumstances, Business Risk/FCC will specify the type of contact required.
Where contact is required as a result of a SAR being filed or as a result of other Financial
Crime risk concerns, care needs to be taken to avoid “tipping off”. See Compliance FIM
B2.17.1 for GPPs relating to the criminal offence of ‘tipping off’ and the importance of not
informing Customers that a suspicion report has been made.
Minimum Contact Requirements
2.8.3 Contact must be made for some Customers prior to on-boarding. The required minimum frequency
for all subsequent contact is determined primarily by the FCRR and is summarised in the following
table using a risk based approach:
Figure 2.10: Contact Requirements Table for RBWM
On-boarding
channel
Retail HNWI PEP/SCC
Onboarding
Non face-to-face Compliance directed Contact Contact
Face-to-face
Compliance directed
Contact – Face to
Face meeting required
Contact - Face to face
meeting required
Periodic review Compliance directed Compliance directed Compliance directed
27
HSBC employees must not under any circumstances inform customers or any third party that they are considering filing or have
filed an unusual activity report or SAR. This constitutes 'tipping off' and is illegal in most jurisdictions with employees being held
responsible.
Page | 40
INTERNAL

Other Customer Contact and Visitation Considerations
Figure 2.11: Applicable Customer Contact and Visitation Considerations
Applicable to All LOB
a) A record of completion of Customer Contacts and Visitation must be recorded in appropriate HSBC
Relationship Management Systems or the CDD Profile.
b) Any kind of Negative News or reputational concerns arising from the contact or visit must be escalated to
Line Management and Business Risk/ FCC for advice.
c) When a Customer is reclassified as a SCC or High Risk, then those Customers must be contacted or
visited, in accordance with the requirements applicable at periodic review, within a maximum of twelve
months after the change in classification.
d) If any Customer cannot be contacted or visited within the requirements outlined above, this constitutes an
exception, which must be escalated to Business Risk/ FCC for advice.
INTERNAL
Page | 41

Appendix 1: Source of Wealth
The following table captures typical examples of Source of Wealth information and types of documentary evidence
used to confirm it. It is not exhaustive and provides guidance only.
SoW Sources
Customer’s
Employment
Examples of data required
Employer’s name and address
Nature of the employer’s business
How long has the Customer been
employed at the company and the
position held?
Any other significant positions the
Customer has held (e.g., where/when)
Annual Income/bonus for current year
and approximate average income
Identify whether there is share/option
ownership
Example Forms of Documentary
Evidence for Validation
Assumed Name or Doing Business As
Certificate
Copy of recent pay slip
Confirmation from employer of income
Copy of recent accounts if selfemployed
Bank statements showing salary
payment deposits from named
employer (within three months)
Business
Ownership
Name, address, and nature of
company
Main business activity
Where the business’ bank account is
Customer’s ownership interest
Date business established
Number of employees, locations and
estimated annual revenues
Explain where the capital used to
establish the business originated
If there are significant revenues from
government contracts or licenses
Describe the company’s history and
how it grew to its present size
Whether company is publicly traded
Whether there are significant
patents/inventions
Certificate of ownership (this may be
obtained by the Bank from a company
registry)
Copy of signed Company Tax Return
(see section 2.3.4 – 2.3.6 for further
guidance.)
Audited Financial Statements
For existing businesses, most recent
three months of bank statements for
the business account
Official business entity documentation
where ownership is noted, along with
ownership by any other individuals
Recent dividend statements
Sale of Property Address of property
Date of sale
Total sale amount
Date of purchase
Total amount of purchase
Was there a mortgage on the
property?
Does the value of the property
correspond with the money being
received?
Active Wealth/
Investments
(E.g. Investors
who buy and sell
assets of any
type. For
example: real
estate, securities,
companies,
royalties, patents,
inventions,
INTERNAL
Name of the company where active
wealth/investment are held
Nature of investments.
Details of significant investment(s) and
When this investment(s) took place
How the wealth originated to fund the
initial investment(s) (e.g. real estate,
securities)
How the initial investment(s) grew to
its present net worth
Copy of the mortgage statement
Copy of the valuation of the property
(only when combined with proof of the
sale of the property)
Signed letter from Lawyer/Attorney
Signed letter from real estate agent (if
applicable)
Copy of signed and executed sales
contract or closing sheet
Copy of the solicitor’s statement of
completion
Copy bank statement (most recent
three months)
Certified copies of contract notes
Signed letter detailing funds from a
regulated accountant
Page | 42

SoW Sources
Examples of data required
franchises) Estimated net income generated from
investment(s)
If this is an entity holding other
investment(s), identify type, current
value, and approximate annual yield,
return
Example Forms of Documentary
Evidence for Validation
Real Estate
Development/
Name of company where the funds will
be coming from
Investment
Name and address of company
Nature of Real Estate properties/
developments (e.g. type/ location,
businesses, name of main projects)
Explain where the capital originated
from for the Real Estate investment(s)
How Real Estate properties have
appreciated throughout the years
Significant number of rental units and
type (commercial, retail, residential)
Estimated net income generated from
Real Estate properties (e.g., lease/
developments).
Inheritance Received from
Date received
Total value
Type of asset inherited (e.g. land,
securities, company, Trusts)
Explain how the original wealth was
created
Identify history since inheritance, such
as current occupation
Percentage of ownership of inherited
assets that currently generate income
Customer’s Name of company paying the pension.
Pension/Retired Employer’s name and address
Person
How long did the Customer work for
the employer?
Date of retirement
Previous estimated earnings
Explain Customer’s occupation and
approximate income at time of
retirement
Identify Customer’s current sources of
retirement income
Is the money currently held in a
pension scheme?
Explain how the initial wealth grew to
its present worth
Gift Relationship of donor to the Customer
Date of transaction and/ or frequency
Total amount
Name and address of party making
the transaction
Bank statements (most recent three
months) showing regular income from
properties
Copy of a project contract or
document giving evidence of a
material Real Estate investment
Capital and/or income accounts of the
property portfolio.
Grant of probate (with a copy of the
will) which must include the value of
the estate
Copy of will
Lawyer/Attorney’s letter
Account statements and other
documentation identifying the assets
inherited
Bank statements (most recent three
months) showing deposits from named
employer/pension fund/Social Security
Annual pension statement
Pension pay slips
Withdrawal from another bank account
Account statements and the
documentation identifying the gift and
the donor
INTERNAL
Page | 43

SoW Sources
Current or Former
Government
Official - in
addition to any
other applicable
SoW questions
Examples of data required
Title or position (with the name of
country) that the current or Former
Government Official held or holds
Whether the current or Former
Government Official is/was elected or
appointed to the position and how long
the PEP has been/was with the office
Customer’s salary and compensation
from official duties
Wealth and annual income derived
from other than official duties
If a former government official, identify
current sources of wealth/income
How wealth was derived
Whether the Individual may still be
connected closely to a current high
level government official
Sale of Artwork Details of the sale
Origin of the artwork
Description of the artwork
Date of purchase of artwork
Amount of purchase of artwork
Lottery/Betting/
Casino Win
Date of win
Total amount won
Name and address of organisation
making the payoff
Example Forms of Documentary
Evidence for Validation
Bank statements (most recent three
months)
Financial statement for a legal entity
(audited, if available)
Inherited artwork: copy of estate deed
including the list of artwork with
description
Acquired artwork: copy of the
purchase contract or invoice, as well
as the proof of payment
Sales in a recognised auction house:
copy of the related sale catalogue
page, copy of the settlement
statement and proof of payment of
sale proceeds from the auction house
Private sales: copy of the sales
contract and proof of payment
received from buyer
Name of the artist
Title of the piece of art and description
Estimated value
Auction house lot number where
relevant
Letter from relevant organisation
(lottery headquarters/betting
shop/casino)
Certified copy of bank statement
(month that shows deposit of lottery
winnings)
Copies of media coverage (if
applicable) as supporting evidence
INTERNAL
Page | 44

Appendix 2: Glossary
Negative News
An indication of adverse information about an individual, a legal entity or Connected Party that
may or may not be factual
Negative News involves public source searches using Group approved tools and requires a
judgmental assessment of relevance and materiality of any finding. Further investigation is
usually required to determine the veracity of the information.
Examples would include criminal and regulatory enforcement action, Financial Crime violation or
other illegal activity that was conducted or facilitated by the Customer, or any Connected or
Other Related Party, or an internal decision to Exit a Customer relationship due to Financial
Crime risk concerns.
Data bases used for research can be specific to available LoB tools/ country and language
Length of History
The time horizon of the search should be restricted to 5 years or since the last search was
conducted. This is referred to as “Recent History”.
In certain circumstances, for instance, where Negative News is identified, this time horizon may
be extended to establish the full facts, referred to as “Full History”.
Search strings
List of numbers and characters used when searching for Negative News. A comprehensive,
locally defined, search string must be agreed with the appropriate Country Business Risk
function.
Source of Wealth
Understanding the SoW looks at how the Customer generated not only the wealth previously
accumulated by the Customer, but HSBC must also understand how a Customer generates ongoing
wealth. SoW considers the entire net worth of the Customer, not just the portion which is
invested with HSBC. For example, this could be the explained by the Nature of Business, for a
commercial entity, or inheritance and employment salary, for an individual;
Source of Funds
The SoF differs from SoW in that it addresses where the funds to be deposited with HSBC
originate from, rather than how they were generated. For example, SoW could be accumulated
savings from employment salary whereas SoF would be a USD savings account at Country
Bank Limited;
The tax residence status of a Customer generally determines which country has the primary
right to tax that person's income. It does not necessarily mean that tax has to be paid in that
country and the Customer may also have tax liabilities in countries in which they are not tax
resident (for example, if they own a rental property in that country).
Tax Residence
The definition of tax residence may vary between countries and will depend in each case on a
number of factors, for example, where a Customer lives or, if the Customer is an Entity, where
that Entity is incorporated. Other circumstances that may be taken into account include the
number of days spent in a country or where the Customer's centre of economic interest is.
It is possible to have more than one residence for tax purposes ("dual residence"). If a
Customer is tax resident in more than one jurisdiction each location should be
recorded.
Although extremely rare, it is also possible for a Customer to be not tax resident in any
jurisdiction. Any claims by Customers that they are not tax resident in any country
should be treated with caution and further validation sought.
INTERNAL
Page | 45

Important Note: Country of Tax Residence will be provided by the Customer.
Documentary evidence such as a tax certificate issued by tax authorities, is not
mandatory, unless it is a local regulatory requirement or pursuant to HSBC's own risk.
If the Customer confirms to HSBC that he/she has tax filing obligations based on citizenship or
nationality or other criteria rather than residency, this information (i.e., Country of tax obligations)
should also be captured in the customer's profile.
Tax Evasion
Tax evasion is a financial crime. It is the knowing and deliberate illegal non-payment of tax as a
result of the failure to fully declare or report assets, income or gains to appropriate tax
authorities.
INTERNAL
Page | 46

Appendix 3 – Products with Implicit Purpose
This is not an exhaustive list and additional products, where the purpose is implicit should be included in Country
procedures following both First and Second Line Approval requirements as outlined in the RBWM Governance LoBP.
Personal Lending - Auto Finance
Mortgages - Home Loans and buy to rent
Credit Cards, Charge Cards (or deferred debit cards), Co-branded credit cards, Affinity cards, Private label
cards
Insurance products
Permanent life insurance policies, other than group life insurance policies;
Fixed and variable annuity contracts, other than group annuity contracts;
(Second hand) endowment products;
A regular contribution investment linked product (e.g. pension scheme);
Other products with cash surrender or investment features; this includes personal insurance policies such as
investment bonds, personal pension plans, and annuity contracts.
Pure protection insurance (i.e. no cash value);
Group insurance products;
Products offered by recognised charitable organizations, e.g. charitable annuities;
Contracts of indemnity and structured settlements (including workers’ compensation payments);
Term (including credit) life, property, casualty, health, or title insurance.
Motor insurance;
House insurance;
Pet insurance.
Minimal risk insurance products (products which have all of the following characteristics):
Non-life insurance policy;
Duration of 12 months or less;
No surrender or maturity value;
No investment value;
Only pays out on loss from an insured event.
INTERNAL
Page | 47

Appendix 4 – Onboarding Guidance - Personal Accounts Being Used
for Business Purposes
1. If at onboarding a Customer’s employment status is identified as Sole Trader or Business Owner
and they are seeking to open a retail personal account, it is important to establish if the Customer
intends to use the retail personal account for conducting business transactions. It is expected
that this will be established whilst having discussions with the customer about the intended use of
the account and expected transactional value and volume.
2. If the Customer does plan to use their account for business transactions:
a. In countries where RBWM operates a Retail Business Banking (RBB) portfolio the
Customer can continue to be managed by RBWM and be provided with a suitable RBB
product to meet their needs. Customers retained by RBWM in this manner must have an
RBB marker applied to their record to identify them to ensure that CDD requirements are
conducted appropriately for their Customer type. E.g. Sole Trader.
b. Where there is no RBB portfolio, the customer should be referred to CMB following local
referral procedures. CMB will present them with products and services that would better
suit their business needs. Please refer to the appropriate CMB LoBP for further Customer
Type definition information
c. In Countries where CMB does not operate and RBB is not offered, RBWM will be unable
to provide the appropriate services to the Customer and no referral will be possible,
therefore onboarding of the Customer should not proceed. The customer is able to
open/retain a personal account however it must be ensured that the customer does not
operate business activities through the personal account.
3. There are a number of reasons why RBWM does not permit retail personal accounts to be utilised
for business purposes:
a. Reduced ability to undertake effective Transaction Monitoring to identify suspicious or
unusual activity, therefore increasing the risk of failing to identify transactions connected
to money laundering or terrorist financing
b. Regulatory requirements of certain regions and countries formally prevent the use of
personal accounts for business purposes
c. CDD activities will have been completed to the requirements for Individual Customers
rather than Sole Traders, therefore will not have identified the required Nature of
Business information. Please see Chapter 5: Sole Traders for further Nature of Business
guidance.
4. Actual account activity will be reviewed during Periodic and Event Driven reviews. Guidance is
provided in Chapter 4: Periodic and Event Driven Reviews.
INTERNAL
Page | 48

Appendix 5 – Source of Wealth Framework
• This Source of Wealth (SoW) Framework defines RBWM’s approach to understanding, gathering
information and validating our customers’ Source of Wealth throughout their banking relationship
with us. The framework simplifies our approach by breaking it down into three key areas:
1. Regular Income (Salary)
2. Major events
3. Growth
• The Framework and guidance material builds on the RBWM Team Time sessions, by aligning
SoW to the existing EDRAS (sales) model:
1. Engaging
2. Discovering
3. Review
4. Act
5. Serve
• In order to help our colleagues understand how they can weave these requirements into their
everyday conversations with customers. The material in the Framework will be used to develop
meaningful and practical training enabling recipients to have more focused training sessions and
discussions on the subject.
• The Framework material has been prepared in such a way as to be ‘sliced & diced’ depending on
the focus of the requirement at the time. It has been developed specifically with First line of
Defence in mind, however it should be also used to ensure Second line of Defence has a
consistent understanding and expectations around the capturing and validating of SoW so that
there is alignment in expectation from an oversight perspective.
:
INTERNAL
Page | 49

INTERNAL
Page | 50

3. Enhanced Due Diligence (EDD)
Key Objective
How will the Objectives
be achieved?
Scope of Section
Related Sections
Guidance Sources
To identify, assess and mitigate the risks associated with Individual Customers who pose a
higher risk of Financial Crime, and where HSBC could be used as a conduit for Financial
Crime activities.
HSBC must apply Enhanced Due Diligence (EDD) procedures on a Risk Based Approach
in any situation which, by its nature, can present a higher risk of financial crime.
Typically, EDD requirements involve gathering additional information about the Customer
and their Connected Parties over and above the standard ID&V and KYC requirements.
This Section outlines the EDD procedures to be undertaken:
3.1 Introduction
3.2 SCC Risk
Chapter 1 – Identification & verification (ID&V) – baseline content applicable to all Individuals
Chapter 2 – Know Your Customer (KYC) – baseline content applicable to all Individuals
Global Anti-Money Laundering Policy: CDD Documents
Global RBWM AML Policy Chapter 13: PEPs
INTERNAL
Page | 51

3.1 Introduction
3.1.1 The purpose of this chapter is to address Special Category Customers including Politically Exposed
Persons (PEPs) or where individuals connected to the Customer are PEPs and the level of EDD
required.
3.1.2 EDD is a series of extra procedural steps beyond CDD which are taken to understand higher risk
customers better. The extent and depth of EDD, as well as who performs the EDD, reflects the
potential risk posed by the customer, as identified in the CDD process. The emphasis in EDD is
therefore on risk management, not simply documentation.
3.1.3 EDD must be undertaken on all Individual Customers that pose a higher risk for financial crime
including:
a) Special Category Customers (“SCC”); refer to SCC Risk Section below;
b) Customers with a high risk Financial Crime Risk Rating (FCRR);
c) Specific circumstances where, irrespective of the FCRR, additional due diligence is
required to address higher risk characteristics; and
d) Other instances as directed by FCC.
3.1.4 The ID&V and KYC chapters (1 and 2) for Individuals outline the EDD requirements for this
customer type.
3.1.5 The ID&V chapter outlines:
a) Document certification requirements for non-face-to-face Customers (1.8.14 – 1.8.16);
b) A risk based approach to the Verification of Connected Parties (1.9); and
c) Where Nationals/Citizens from Sensitive Sanctioned Countries are identified, the case
must be escalated to FCC (1.8.6).
d) Escalation considerations where there are higher risk indicators (1.11.1 – 1.11.3)
3.1.6 The KYC chapter outlines the risk based approach to:
a) Negative NewsScreening (2.2);
b) Source of Funds (2.4);
c) Source of Wealth (2.5); and
d) Customer Contact/Visitation (2.8).
For further information regarding the EDD requirements outlined above please refer to the ID&V and KYC
chapters.
INTERNAL
Page | 52

3.2 Special Category Customers
3.2.1 An Individual Customer may be SCC due to:
a) Being an Individual PEP or Connected PEP (SCC 01 and SCC 02 in Figure 3.1 and refer
to Global RBWM PEP Policy
b) Owning, operating or exercising any significant control in relation to any of the businesses
or activities considered to be a High Risk (SCC 03, SCC 04,SCC 05, SCC 06, SCC 07,
SCC 08, SCC 10 and SCC 12);
c) Their level of exposure to a Sensitive Sanctioned Country (SCC 11, Refer to the Global
Sanctions Policy for further information in relation to Sensitive Sanctioned Countries);
and/or
d) Any other adverse information or reputational risk they pose to HSBC (SCC 09) as
directed by the HSBC Reputational Risk Committee. Refer to process Chapter 10
(Appendix B) for further information on Special Categories of Customers.
Figure 3.1: Categories of SCC
SCC 01
SCC 02
SCC 03
SCC 04
SCC 05
SCC 06
SCC 07
SCC 08
Politically Exposed Persons (PEPs).
For further information regarding the EDD requirements for PEPs (including their close associates and family
members) please refer to the RBWM PEPs LOBP.
PEP Associates or Connected person (includes immediate family members and close associates.
As above, please refer to the RBWM PEPs LOBP for further information regarding the EDD requirements for close
associates and family members of PEPs.
Charities, Not-for-Profit Organisations (NPO), Non-governmental Organisations (NGOs), religious organisations
collectively known as “CNNs” that exhibit high risk characteristics.
Government and state-owned bodies (GSBs) that exhibit high risk characteristics and Embassies (e.g. Foreign
Embassies, Consulates, and Foreign Missions).
Crowdfunding platforms, Third Party Payment Processors (TPPPs) Issuers/Dealers of Virtual Currency and Money
Services Business (MSBs)
Gaming/gambling operations (Land-Based and Online).
Companies that manufacture or sell weapons e.g Arms dealers and manufacturers.
Certain Bearer Share Corporations that are an exception to the procedure Documents.
SCC 09
Entities and Individuals that pose significant reputational risk to HSBC e.g. customers who have been
accused or convicted of money laundering, terrorist financing, tax evasion, bribery, or corruption, human
trafficking, proliferation, organised crime, as well as those entities that pose sustainability/environmental
concerns.
Any Restricted customers which do not fall under a prescribed SCC category.
SCC 10
SCC 11
SCC 12
Offshore Banking License – Offshore licensed banks or an individual, who owns, operates or exercises any control
in relation to this type of business activity
Individuals or entities with a known and material level of exposure to a Sensitive Sanctioned Country (refer to
Global Sanctions Policy) 28 .
Individuals who effectively own, operate or exercise any significant control in relation to any of the businesses/
activities listed above.
28
Customers with a known and material level of exposure to a Sensitive Sanctioned Country should be escalated to FCC who may require EDD
measures to be undertaken in respect of the Customer.
Page | 53
INTERNAL

4. Trusts
Key Objective
How will the
Objective be
achieved?
Scope of Section
Related Sections
Guidance sources
To identify, assess and mitigate the risks associated with specific Customer types which
pose a higher risk of Financial Crime, and/or where HSBC could be used as a conduit
for Financial Crime activities.
Trusts require additional and/or specific due diligence to address their risk attributes,
outside the scope of the standard ID&V, KYC and general EDD requirements.
This Section outlines who the Customer is for due diligence purposes, and the specific
and/or additional due diligence requirements for Trusts.
This Section outlines the ID&V procedures with respect to the following:
4.1 Introduction
4.2 Definition of Customer Type
4.3 Definitions of Connected Parties
4.4 Risks Associated with the Customer Type
4.5 Customer Risk Classification
4.6 ID&V of the Customer and their Connected Parties
4.7 ID&V Requirements
4.8 Customer Screening
4.9 Understanding Nature of Business and Sources(s) of Wealth
4.10 Understanding the Intended Purpose and Usage of Account
4.11 Visitation
4.12 Enhanced Due Diligence (EDD)
4.13 HSBC as a Trustee - Introduction
4.14 HSBC as a Trustee - ID&V of Connected Parties
4.15 HSBC as a Trustee - Source of Wealth of the Settlor
4.16 HSBC as a Trustee - Visitation
4.17 ID&V of Trusts as Beneficial Owners
Chapter 1 –RBWM Individuals: Identification and Verification (ID&V)
Chapter 2 – RBWM Individuals: Know Your Customer (KYC)
Chapter 3 – RBWM Individuals: Enhanced Due Diligence (EDD)
Chapter 5 – Global AML Policy: CDD Standards - Corporates & Partnerships (ID&V)
Chapter 6 – Global AML Policy: CDD Standards - Corporates & Partnerships (KYC)
Chapter 7 – Global AML Policy: CDD Standards - Corporates & Partnerships (EDD)
Global AML Policy: CDD Standards Trusts
4.1 Introduction
4.1.1 The procedures below outline the Customer Due Diligence (CDD) standards to be followed for
Trusts. Where the standards are the same as those for Corporates or Individuals, cross references
are made to related sections in the Corporates or Individuals procedures.
4.2 Definition of Customer Type
INTERNAL
Page | 54

4.2.1 A Trust (Customer 29 ) is defined as a relationship created at the direction of an Individual or an entity
(Settlor), in which one or more parties (Trustee(s)) hold the Individual's/entity’s property, subject to
certain duties, to use and protect it for the benefit of others (Beneficiary(ies)). While the structure
of the Trust may vary, this section is intended to provide procedures for Trusts whose structure is
based on the intention of the Settlor to transfer assets to a Beneficiary/Beneficiaries (e.g. party
other than the Settlor), and where the control over the assets is held by a third party, Trustee.
4.2.2 A Trust is governed by a Trust Deed and is created either (a) for the purpose of protecting and
conserving assets for the benefit of either the Beneficiary in a Holding Trust structure or (b) to
operate as a business providing a product or a service to third parties in an Operating Trust
structure.
4.2.3 This document sets out procedures for the following type of Trust banked by RBWM:
Fig. 4.1: Types of Trusts
Private Holding
Trust
A Private Holding Trust is typically established for the purpose of wealth management so
that assets of an Individual may be efficiently transferred from one generation to the next.
Alternatively, this type of Trust may be established for asset protection purposes. For this
type of a Trust, a Settlor may be an Individual, a Private Investment Vehicle (PIV) or a
Private Investment Company (PIC).
4.2.4 For the purpose of this document, Trusts are treated as equivalent to a legal entity type. It is
acknowledged, however, that the extent to which a Trust is considered to have a discrete legal
personality will vary depending on jurisdiction and the terms of the founding document(s).
Moreover, in jurisdictions where a Trust is not considered a legal entity, the Trust may still exhibit
certain characteristics of a legal entity such as bankruptcy remoteness and/or the ability to be bound
by a contract.
4.2.5 RBWM banks different types of Trust. Details of other types of Trust can be found in the Global
AML Guidance
4.3 Definitions of Connected Parties
4.3.1 A Connected Party is a term used to describe a party, either a natural person or a legal entity, who
provides assets to the Customer, has the power to direct the activities of the Customer, and/or is
the Beneficiary of the Customer.
4.3.2 The following table establishes definitions of the key Connected Parties requiring CDD:
29
For the purposes of this section, the term “Customer” represents the Trust banked by RBWM.
INTERNAL
Page | 55

Fig. 4.2: Key Connected Parties
Trustee
Protector
Settlor
(Donor/Grantor/
Trustor)
Beneficiary
Other Connected
Parties
The Trustees of a Trust exercise control over the Trust property. A Trustee may be a
natural person or a legal entity. Control is defined as a power (whether exercisable alone,
jointly with another person or with the consent of another person) under the Trust Deed or
equivalent or by law to:
Dispose of, advance, lend, invest, pay or apply Trust property;
Vary the Trust’s structure;
Add or remove a person as a Beneficiary, or to or from a class of Beneficiaries;
Appoint or remove Trustees; or
Direct, withhold consent to, or veto the exercise of any of the above powers.
Control over the assets in the Trust is held with the Trustees but can be constrained by the
terms of the Trust to operate within certain limits. Limits can cover all aspects such as a
requirement to hold a real asset (property) or deposit funds with a specified custodian.
Note: In some cases, another party may exercise control; such as a Trust Protector or a
Settlor who retains significant powers over the Trust property either directly or indirectly (such
as the power to replace the Trustee).
A Trust Protector is a party or parties appointed by the Settlor to exercise one or more
powers affecting the Trust and to protect Beneficiaries from a rogue Trustee.
Trust Protectors can often make changes to a Trust, involving addition/ removal of
Trustees, investment decisions, change distributions and, in some cases, modifications to
or termination of a Trust.
A Settlor is an Individual/entity that provides the Source of Wealth and/or Source of Funds
for the Trust. The party who creates a Trust by a written Trust Deed is called a Settlor (or
may sometimes be referred to as a Trustor, Donor or Grantor). The Settlor usually transfers
the assets into the Trust; this can be at inception or during the life of the Trust. There may
be one or many Settlors.
A Beneficiary is any person, class of persons, legal entity (e.g. a Corporate) or Trust (e.g.
Charitable Trust) who receives a distribution of assets or income from a Trust. In some
instances, the Beneficiary may or may not be aware of their entitlement. A Beneficiary may
be an Intermediate Beneficiary (IB) (an entity) or an Ultimate Beneficiary (UB) (a natural
person) who is the Ultimate Beneficial Owner (UBO) of the IB.
For the majority of Trusts, there will be clearly identified Beneficiaries or a class of
Beneficiaries (e.g. unborn grandchildren). Usually, Beneficiaries or the Class of
Beneficiaries are documented in the Trust’s Deed or equivalent.
Examples of other Connected Parties include Sole Signatories and Power of Attorney
holders, who may be appointed in positions of effective control of the Trust.
4.3.3 For Trusts, the account applicant will be the controlling Connected Party, who will maintain the
relationship with RBWM. The applicant will be following the instructions of the Settlor to set up a
Trust account as described in the Trust Deed.
4.3.4 The applicant for the Trust account may be one of the following:
a) Trustee/Protector; or
b) Key Controller, where the Settlor is a legal entity.
INTERNAL
Page | 56

4.4 Risks Associated with the Customer Type
4.4.1 As set out below in more detail, Trusts can involve a higher degree of Financial Crime risk for the
following principal reasons:
Fig. 4.3: Financial Crime risks
a) Property is generally transferred from the Settlor to the Beneficiary; and
b) It may be difficult to determine who exercises effective control over the Trust.
Ownership and
Control
Source of
Wealth and
Activity of the
Trust
Operating
Environment
Since Trusts generally include the transfer of ownership of assets between the Settlor and
the Beneficiary, understanding the motivation of the Settlor is a key factor relevant to
determining Financial Crime Risk.
Particular attention should be made to complex Trust structures (i.e. where multi-tiered
entities exist before reaching Beneficiaries and such multiple-tiers involve multiple
jurisdictions), since these can create difficulties in identifying the role of the Connected
Parties, most notably the actual Controlling Party. Consideration should be given as to
whether the purpose of the Trust is to create distance between the Settlor and the
Beneficiaries of the Trust (potential related risks include circumvention of sanction
requirements, connection to a Politically Exposed Person (PEP), or tax evasion).
Understanding the value each Connected Party is providing to the Trust is also relevant to
mitigate the risk.
The level of inherent risk may be reduced where the Trust’s Connected Parties are
Acceptably Publicly Listed or Equivalently Regulated Financial Institutions and a higher
degree of publicly available information and reporting requirements exist.
Some Trusts may be established in one jurisdiction but its activities are based within
another. This may result in control being located in a different jurisdiction to the location of
the Trust assets and related income.
To ensure that the Trust is not a money–laundering layering activity, the Source of Wealth
and the legitimacy of the transfer need to be understood for a Trust. Appropriate distinction
should be made between those Trusts that serve a limited purpose (such as inheritance
tax planning), or have a limited range of activities, and those Trusts where the activities
and connections are more diverse and complex.
Understanding the Nature of Business of the Trust and of the key Individuals behind the
Trust is fundamental in mitigating the risk in doing business with these entities.
The country of establishment is a key consideration, notably with regards to entities which
are based in a high risk jurisdiction which has been associated with financial crime or is
considered a Tax Haven.
The entity may do business in a high risk jurisdiction(s) and/ or across borders, increasing
the risk of financial crime.
Tax residency of Beneficiaries and the Settlor is a key consideration, notably with regards
to Private Holding Trusts established in a Tax Haven.
4.5 Customer Risk Classification
4.5.1 Trusts are risk rated according to the key risk factors identified in the Global FCC-RAM. The nature
of the Settlor(s) (e.g. Individual or business) will impact the application of the FCC-RAM for the
Trust.
4.5.2 Where a PEP is identified as a Connected Party, the Trust is to be classified as SCC.
4.5.3 Tax Transparency adopts a risk based approach and is applicable to Private Holding Trusts.
INTERNAL
Page | 57

4.5.4 Examples of High Risk indicators are outlined in this document and include the examples below.
Where such concerns are noted, Enhanced Due Diligence (EDD) should be conducted and the
Customer should be escalated to Country FCC to determine what action should be taken, including
the determination of the appropriate Financial Crime Risk Rating (FCRR). Examples include:
a) There are concerns regarding the nature and purpose of the Trust or its Connected
Parties;
b) The Settlor is unknown or anonymous and the Customer fails to be open about the Source
of Wealth and Source of Funds, which may indicate an attempt to conceal the true Settlor;
c) Customer’s failure to be open about the purpose of a legal person or legal arrangement
in the Trust structure;
d) There is an unusual supervision or control structure of assets (e.g. control is not with the
Trustee); and
e) The intended purpose of the Trust entails the transfer of assets due to political exposure
or the risk of a legal or tax investigation to any Beneficiary or Connected Party to the
Trust.
4.5.5 An account should not be opened if any of following are identified:
a) The Customer refuses to provide information about the Connected Parties or essential
information necessary to complete a Customer profile such as Source of Wealth,
business/ occupation, or business name and address
b) The information provided by the Customer is inconsistent or does not appear to be
credible;
c) True Beneficiaries or class of Beneficiaries cannot be identified;
d) The Relationship Manager (RM) suspects that the Customer may be engaged in criminal
activities; and/or
e) The RM knows or has reasonable grounds to suspect that the Customer may have the
intention of using HSBC’s services to evade taxes. For example, this may arise due to
the nature of the Customer or Connected Parties questions at account opening or at any
time during the relationship, but is a matter of judgement for the RM. A non-exhaustive
list of tax evasion indicators are included for reference within RBWM Individuals ID&V
Appendix 2). This list should be used in conjunction with any other information the RM
has on the customer.
4.6 ID&V of the Customer and their Connected Parties
Identification of the Level of Public Accountability
4.6.1 For the purposes of this section, Trusts are not classified as being Acceptably Publicly Listed Entity
or Equivalent Regulated Financial Institutions (FI), since the types of Trusts in scope are not listed
on a stock exchange or regulated for AML purposes.
4.6.2 However, where the Connected Parties to a Trust are legal entities, they may be Acceptably
Publicly Listed Entities or Equivalent Regulated FI which will result in reduced verification
requirements for the Connected Party.
4.6.3 For the definition of levels of Public Accountability refer to Global Procedural Standards [5.6]
Corporates and Partnerships- Identification and Verification (ID&V) (Identification of the Levels of
Public Accountability).
4.6.4 Where a Connected Party that is a Legal Entity is neither an Acceptably Publicly Listed Entity nor
Equivalent Regulated FI, the entity must be categorised as either Wholesale or in the Other Entities
category based on the level of information known about the Connected Party. If the information
required to classify a Connected Party into one of these categories is not available, the Connected
Party should be classified in the Other Entities category and ID&V’d accordingly.
INTERNAL
Page | 58

4.7 ID&V Requirements
4.7.1 The following table describes minimum identification and verification requirements for Trusts.
Fig. 4.4: Minimum ID&V requirements
Minimum Identification Requirements – Trusts (all FCRRs)
All Trusts:
a) Full Name of the Trust (as per proof of formation document)
b) Country of establishment 30
c) Registered address* of the Trust (where applicable)
d) Identification Number or equivalent (e.g. registration number, tax identification number) (where available)
e) Date on which the Trust was established
f) Future date of Trust dissolution (where stated)
*Note: Where the Trust does not have a registered address, the registered address of the Trustee(s) should be
obtained.
Note: In countries where it is not usual to use street addresses, it is acceptable to record the business address of the
entity according to standard local practice such as PO Box Number and physical location(s) of the business.
Verification Requirements – Trusts (all FCRRs)
All Trusts:
a) Full Name of the Trust
b) Registered address including country of establishment (where applicable)
c) Identification Number or equivalent (e.g. registration number, tax identification number) (where available)
Verification Sources (all FCRRs):
See Verification Sources for Trusts Section 4.7.2 and 4.7.3
30
Country where the Trust is legally formed
INTERNAL
Page | 59

Verification Sources for Trusts
4.7.2 It is key that RBWM reviews the information provided about the Trust against documents from an
independent, reliable and approved source. Where the Trustee is providing the Trust Deed, the
secondary documentary source will not be independent of the Trustee therefore a single primary
source is sufficient. Below are verification sources that should be obtained for a Private Holding
Trust
Fig. 4.5: Verification Sources that should be obtained for a Private Holding Trust
Verification Source (see Fig. 4.6):
Trust Type
Private Holding Trust
Where the documentation is
provided by Trustee
Trust Deed
Where the documentation is provided by a
party other than Trustee (e.g. Settlor)
Trust Deed as the Primary Documentary
Source
Secondary Documentary Source (see
examples below.)
4.7.3 Below are examples of Verification Sources for Trusts.
Fig. 4.6: Verification: Primary and Secondary Sources
Type
Primary
Documentary Source
Secondary
Documentary Source
INTERNAL
Verification
Full Trust Deed (including addendums for the minimum of the past 5
years)
Primary verification documentation must, at a minimum, disclose activities
of the Trust and the names and roles of all Connected Parties.
Note: Where only a certified true copy of redacted (a copy with sensitive or
confidential words/phrases hidden) Trust Deed may be obtained, the
Customer account opening should be referred to Country FCC to review
whether the documentation provided is sufficient. In all cases, where a
redacted copy of the Trust Deed is accepted, a Trustee Declaration should
be obtained.
Partial Trust Deeds can also be accepted providing they contain sufficient
details to fulfil CDD/KYC requirements. This includes the Grantor/Settlor,
Trustees, Beneficiaries, date of the Trust, Trust name and signatures.
This information can typically be located on the first and last pages of the
trust agreement. RBWM should work in conjunction with Country FCC to
determine general guidelines for partial Trust Deed (as additional local
requirements might apply).
Signed Trustee Declaration;
Confirmation letter from a Professional Service Provider that the Trust
Deed was provided to them by the Trustee;
Document setting out professional advice received from a Customer’s
legal or tax adviser, if any; or
Search confirming existence on approved government websites. The
website must be approved by Country FCC as an acceptable form of
verification.
Page | 60

Trustees, Key Controllers or Protectors
4.7.4 The names of all Trustees, Key Controllers and Protectors are to be identified by reference to
documentary verification sources. These should be verified per requirements stated below; where
the Trustee is a legal entity that is an Equivalently Regulated FI, only verification of regulation is
required.
Trustees
4.7.5 All Trustees connected to the Trust should be ID&V’d as per the requirements below.
4.7.6 Where there is a large number of Trustees (greater than 5), the rationale for the high number of
Trustees and their relationships to the Trust should be understood and fully documented.
Additionally, the Customer should be escalated to Country FCC for approval as to how many and
which Trustees should be ID&V’d.
4.7.7 At a minimum, full ID&V is to be conducted for a Trust Company (as per the entity type) and for
those Trustees who give instructions on the account. The names of other Trustees are to be
obtained and screened against Official and Other Lists.
4.7.8 Where the number of Trustees/Key Controllers appears disproportionate to the number of
Trustees/Key Controllers normally encountered in similar Trusts types (e.g. 20 Individual Trustees
for a Private Holding Trust), the Customer should be escalated to Country FCC.
4.7.9 Where a Successor Trustee (a party who takes over a position as a Trustee when the original
Trustee can no longer act in a Trustee capacity) is present, the Successor Trustee must be
identified within the CDD profile. The Successor Trustee must be verified as a Trustee when the
party takes on the responsibilities of the Trustee. Successor Trustees will not count toward the
number of Trustees held by the Trust until the party becomes an acting Trustee.
4.7.10 The following table provides ID&V requirements for Trustees:
Fig. 4.7: ID&V requirements for Trustees
Minimum Identification and Verification Requirements – Trustee (all FCRRs)
Trustee Type Identification Verification
Individual Full Name
Date of Birth
Legal Entity Legal Name
Permanent Residential Address (including
Country)
Country(ies) of Nationality, if legally permissible,
or Citizenship
Registered address/ address of incorporation
(including country)
Proof of Regulation (mandatory for Equivalently
Regulated FI)
Verify in accordance with Section
[1.8] Individuals - Identification
and Verification (ID&V) (ID&V –
Requirements for the Customer)
Verify in accordance with Global
Procedural Standards Section
[5.7] Corporates and
Partnerships - Identification and
Verification (ID&V) (ID&V –
Requirements for the Customer)
4.7.11 The identification of Authorised Signatories is part of product onboarding and maintenance
requirements, with Authorised Signatory arrangements often varying by Product.
Protectors
4.7.12 Where a Protector is used within the structure of a Trust, the Protector should be ID&V’d in the
same manner as a Trustee. Additionally, the relationship between the Protector and Connected
Parties should be understood.
INTERNAL
Page | 61

Key Controllers
4.7.13 Where the Key Controller is not a natural person, it is necessary to “look through” the entity to its
Ultimate Beneficial Owner (UBO) and Key Controllers. In such cases, the Legal Entity is to be
ID&V’d, along with the ownership structure and UBOs/Key Controllers.
Fig. 4.8: ID&V requirements Key Controllers
Minimum Identification and Verification Requirements – Key Controllers (all FCRRs)
Customer FCCR Identification Verification
Who is to be identified and verified:
All
Obtain list of all Key Controllers
Identify at least two Key Controllers
What information is to be obtained:
Verify list of Key Controllers
Verify Identity of at least two Key Controllers
All
For List of Key Controllers
(Individuals):
o
o
Full Name
Position/ Title
o Date of Birth
Additional for Legal Entities
o
o
o
Full Name
Country of Incorporation
Regulation/ Listing status (where
applicable)
Additional for Two Key Controllers:
o
Permanent Residential Address
Additionally for UBOs of Key
Controllers:
List of Key Controllers – see Global
Procedural Standards Section [5.10]
Corporates and Partnerships - Identification
and Verification (ID&V) (ID&V –
Requirements for Key Controllers)
ID&V of two Key Controllers of the Trust –
Global Procedural Standards Section [4.10]
Corporates and Partnerships - Identification
and Verification (ID&V) (ID&V –
Requirements for Key Controllers)
Where the Key Controller is a Legal Entity,
ID&V two Key Controllers and the UBOs for
the entity as per Global Procedural
Standards Section [5.10] Corporates and
Partnerships - Identification and Verification
(ID&V) (ID&V – Requirements for Key
Controllers)
o
o
o
o
Full Name
Ownership percentage
Date of birth
Permanent residential address
Settlors, Donors or Grantors
4.7.14 It is key that adequate information is obtained about the Settlors/ Grantors/ Donors of the Trust in
order to ID&V these parties. The ID&V process will vary based on the type of the Settlors/
Donors/Grantors connected to the Trust:
a) Settlors/ Donors/ Grantors, ID&V all Settlors/ Donors/ Grantors of the Trust contributing 10% or
more to the value of the Trust’s assets, at the time of contribution; or
b) Where the Settlor is not a natural person, it is required to “look through” the entity to its UBO and
Key Controllers. In such cases, the Legal Entity is to be ID&V’d, along with the ownership structure,
and UBOs/ Key Controllers.
INTERNAL
Page | 62

4.7.15 The table below sets out ID&V requirements for Settlors.
Fig. 4.9: ID&V requirements for Settlors
Where the Settlor is Identification Verification
Natural Person Full Name
Date of Birth
Permanent Residential Address
(including Country)
Country(ies) of Nationality, if legally
permissible, or Citizenship
Country of Tax Residence* (if different
to permanent residential address) (For
Private Holding Trusts only)
Verify in accordance with Section [1.8]
Individuals - Identification and Verification
(ID&V) (ID&V – Requirements for the
Customer)
Legal Entity
Legal Entity
o
o
o
Legal Name
Registered address/address
of incorporation (including
country)
Business Address
o Proof of Listing/Regulation
(mandatory for Acceptably
Publicly Listed or Equivalently
Regulated FI)
Controlling Parties
o
o
o
o
Ownership structure
List of names of Key
Controllers
UBOs (contributing 10% of the
value of the Trust’s assets, at
the time of contribution)
Two Key Controllers
Verify the Legal Entity in accordance with
Global Procedural Standards Section [5.7]
Corporates and Partnerships - Identification
and Verification (ID&V) (ID&V –
Requirements for the Customer)
Verify ownership structure accordance with
Global Procedural Standards Section [5.9.6-
5.9.11] Corporates and Partnerships -
Identification and Verification (ID&V)
(Identification of Ownership Structure)
Verify the List of Key Controllers in
accordance Global Procedural Standards
Section [5.10] Corporates and Partnerships
- Identification and Verification (ID&V) (ID&V
– Requirements for Key Controllers)
Verify two Key Controllers and all UBOs,
contributing 10% of the value of the Trust’s
assets, at the time of contribution, in
accordance with requirements stated for the
Settlor who is a natural person, as per the
above.
*Note: See Glossary for definition of Tax Residence.
4.7.16 It is important to understand the control the Settlor has/will have over the Trust’s assets. Where the
Settlor has the power to influence the distributions based on the Trust Deed, the Settlor should be
ID&V’d as per the process for the Trustee (i.e. Settlor should be ID&V’d in all cases).
4.7.17 Where the Settlor is a legal entity, it is critical to understand the structure and ownership of the
Settlor as per Global Procedural Standards Section [5.7] Corporates and Partnerships -
Identification and Verification (ID&V) (ID&V – Requirements for the Customer).
INTERNAL
Page | 63

Deceased Settlor
4.7.18 Where the Settlor is deceased, the Trustees must provide the following information to properly
identify the Settlor:
a) Name;
b) Date of Birth; and
c) One of the following:
The Settlor’s death certificate, or
Confirmation from an approved public source
Where this information and/ or documentation are not available, the Customer should be
escalated to Country FCC.
Anonymous and Unknown Settlors
4.7.19 In the event that the Settlor is anonymous (Settlor that chooses to remain unnamed on the Trust
Deed) or unknown (Settlor for whom information is not now available) for an existing Trust (e.g.
due to the age of the Trust) refer the Customer to Country FCC.
4.7.20 No new Trusts with unknown or anonymous Settlors should be onboarded.
Nominee Settlor
4.7.21 Where a nominee Settlor is identified, the reasons for the use of such a nominee should be
understood and recorded, in addition to performing appropriate due diligence on all underlying true
Settlors. The nominee’s relationship to the true Settlor and/or other Connected Parties to the trust
should also be understood and recorded.
4.7.22 Where a true Settlor cannot be identified, refer to Country FCC.
4.7.23 One or more of the following may help to identify whether a nominee Settlor is being used:
Beneficiaries
a) The Source of Wealth listed on the Trust Deed does not correspond to the Source of
Wealth of the listed Settlor;
b) There is no apparent relationship between the Beneficiaries and the Settlor or the Settlor
is a professional service provider for Trusts; and/or
c) The Trustee may provide information that a nominee Settlor is stated on the Trust Deed.
4.7.24 It is important to ID&V Beneficiaries who receive a significant portion or a large sum of the Trust’s
property. Both IBs and UBs should be identified (e.g. if a direct Beneficiary is not a natural person,
the natural person who is the UB should be identified).
4.7.25 Beneficiaries must be appropriately ID&V’d in accordance with the table below.
Fig. 4.10: ID&V requirements for Beneficiaries
Customer
FCRR
Identification Requirements
Verification Requirements
All Named Beneficiaries for Private Holding Trusts (all FCRRs)
All
Identify all Beneficiaries (where
named on the Trust Deed).
Note: Where the number of
Beneficiaries exceeds 20, a risk
based approach as per Fixed
Entitlement Beneficiaries section
below can be applied.
Verify identity of all Ultimate Beneficiaries of the Trust,
where the Beneficiary is an Individual or an entity that is
classified as Wholesale or in the Other Entities category.
No requirement to verify identity where the Beneficiary is
an Acceptably Publicly Listed Entity or Equivalent
Regulated FI**.
Verify ownership structure if direct Beneficiaries are not
natural persons (see Global Procedural Standards Section
INTERNAL
Page | 64

[5.9.6-5.9.11] Corporates and Partnerships - Identification
and Verification (ID&V) (Identification of Ownership
Structure).
Fixed Entitlement Beneficiaries
High/SCC
Beneficiaries (including UBs
and IBs) who are entitled to a
share of ≥ 10% of the Trust’s
total assets/ annual income*.
Verify identity of all identified Ultimate Beneficiaries of the
Trust, where the Beneficiary is an Individual or an entity
that is classified as Wholesale or in the Other Entities
category.
No requirement to verify identity where the Beneficiary is
an Acceptably Publicly Listed Entity or Equivalent
Regulated FI**.
Verify ownership structure if direct Beneficiaries are not
natural persons (see Global Procedural Standards Section
[5.9.6-5.9.11] Corporates and Partnerships - Identification
and Verification (ID&V) (Identification of Ownership
Structure).
Medium
Beneficiaries (including UBs
and IBs) who are entitled to a
share of ≥ 25% of the Trust’s
total assets/ annual income*.
Verify identity of all identified Ultimate Beneficiaries of the
Trust, where the Beneficiary is an Individual or an entity
that is classified as Wholesale or in the Other Entities
category.
No requirement to verify identity where the Beneficiary is
an Acceptably Publicly Listed Entity or Equivalent
Regulated FI**.
Verify ownership structure if direct Beneficiaries is
classified as Wholesale or in the Other Entities category
(see Global Procedural Standards Section [5.9.6-5.9.11]
Corporates and Partnerships - Identification and
Verification (ID&V) (Identification of Ownership Structure).
Low
Beneficiaries (including UBs
and IBs) who are entitled to a
share of ≥ 25% of the Trust’s
total assets/ annual income*.
No requirement to verify identity.
Verify ownership structure if direct Beneficiaries is
classified as Wholesale or in the Other Entities category
( Global Procedural Standards Section [5.9.6-5.9.11]
Corporates and Partnerships - Identification and
Verification (ID&V) (Identification of Ownership Structure).
Beneficiaries with Non-fixed Entitlement
All
Beneficiaries with Non-fixed
Entitlements
Verify all Beneficiaries named in the Trust Deed (where
possible)
Transaction monitoring within local threshold requirements
No requirement to verify identity where the Beneficiary is
an Acceptably Publicly Listed or Equivalently Regulated FI
Unnamed Beneficiary on Trust Deed
All
Identify class of Beneficiaries
from the Trust Deed.
No verification requirements for the class of Beneficiaries
Note: Where a Trustee provides information regarding
previously unnamed Beneficiary prior to disbursement,
ID&V as per the type of Trust/Settlor described above
should be performed on the Beneficiary.
INTERNAL
Page | 65

Information to be Obtained for Beneficiaries Based on Requirements Stated Above (all FCRRs)
Beneficiaries (UBs and IBs)
o
Full Legal Name
o Ownership %
Additionally for Individuals
(UBs)
o
o
o
o
Date of Birth
Permanent Residential
Address
Country(ies) of
Nationality, if legally
permissible, or
Citizenship
Country of Tax
Residence (For Private
Holding Trusts only)
Additionally for Legal
Entities (IBs)
Verify Individuals in accordance with Section [1.8]
Individuals - Identification and Verification (ID&V) (ID&V
– Requirements for the Customer).
For verification of Legal Entity Structure refer to Global
Procedural Standards Section [5.7] Corporates and
Partnerships - Identification and Verification (ID&V)
(ID&V – Requirements for the Customer).
o
o
o
Country of Incorporation
Registered Address
Details of Listing and/or
regulation (required for
Acceptably Publicly
Listed or Equivalently
Regulated FI)
*Note: The greater value of the total assets or annual income should be used to determine ID&V thresholds.
**Note: Whether an entity is Acceptably Publicly Listed or Equivalently Regulated FI should be verified for
ID&V purposes.
4.7.26 Additionally, as part of the transaction monitoring process, transactions to/from the Trust should be
monitored within the local thresholds.
4.7.27 Where the Beneficiary is a minor, one parent/guardian should be ID&V’d. In addition, one of the
following should be obtained to ID&V the child:
Birth certificate;
Passport; or
Other formal document from a Governmental Body.
4.7.28 Additionally, where a POA is acting on behalf of and makes decisions for a Beneficiary, the POA
should be ID&V’d as per requirements for Beneficiaries.
4.7.29 Where the purpose of the Trust is to make payments or guarantee a loan/credit on behalf of the
Beneficiary and the Beneficiary cannot be easily identified, refer to Country FCC.
4.7.30 As part of the Periodic/ Trigger Event review process, any Beneficiaries who were previously
unnamed and/ or newly added Beneficiaries should be ID&V’d per requirements stated in Figure
4.10 based on Trust type.
INTERNAL
Page | 66

4.7.31 The Customer Terms and Conditions will include a requirement that the Trustee will be responsible
for notifying RBWM of these Beneficiary types as and when the changes occur.
Other Connected Parties
Other Controllers
4.7.32 Sole Signatories, or persons with sole unlimited signing authority on the account, have autonomous
power to act without additional signatories from other Connected Parties. In cases where a Sole
Signatory exists, the Individual must be assumed to have major control over the Trust and must be
ID&V’d as a Key Controller. The relationship of the Sole Signatory to the Trust must also be
understood.
4.7.33 The above text highlights typical scenarios where additional Controllers of the Trust may be
identified. Where an additional party with control over the Trust is identified, the party should be
documented in the CDD profile, ID&V’d as a Key Controller and escalated to Country FCC, where
applicable.
Nominee Companies
4.7.34 A Trust may hold assets through a Nominee Company. Where a Nominee Company is identified
as a Connected Party, the documentation below should be obtained and the company should be
screened.
The ownership structure chart which covers the relationship between the Trust and the
connected Nominee Company. The ownership structure chart may be obtained directly
from the Customer or created based on documentation provided by the Customer (e.g.
annual reports);
Certification of Incorporation; and
Nominee Agreement.
INTERNAL
Page | 67

Know Your Customer (KYC)
4.8 Customer Screening- Parties to be Screened
4.8.1 Parties to be screened vary depending on ‘Customer type’. The following table sets out the parties
and information to be screened where identified in relation to all Trust types (all FCRRs).
Fig. 4.11: Screening requirements
Party
Official and
Other
Screening Lists
Negative
NewsScreening
Information Screened
Customer
Trust Yes Yes Full Name
Connected Parties
Trustee/ Protector
(Definition in Section 4.3)
Settlor
(Definition in Section 4.3)
Beneficiary
(Definition in Section 4.3)
Other Key Controllers, not
identified as Trustee
(Definition in Section 4.3)
Yes Yes Full names of the Individuals or entity
identified in ID&V.
Yes Yes Full Names of the Individuals or entity
identified in ID&V.
Yes Yes Full Names of the Individuals or entity
identified including the Ultimate Beneficiaries
and Intermediate Beneficiaries identified
during ID&V.
Yes Yes Full names of the Individuals or entity
identified in ID&V.
Other Related Parties
Other Related Parties Yes Yes Where identified, the full names of these
parties must be screened.
4.8.2 If it is known that a Customer and/or other Connected Parties have changed their name in the past,
Screening against Official and Other lists should include both the new name as well as the previous
name(s). If the Customer’s and/or Connected Party’s name has changed within five years, both the
new and previous name should also be subject to Negative News Screening.
Negative NewsScreening
4.8.3 Negative NewsScreening helps to identify adverse News about our Customers in order to take
necessary steps to protect HSBC’s reputation.
4.8.4 Negative NewsScreening should be performed for all Trusts across all FCRRs.
INTERNAL
Page | 68

4.9 Understanding Nature of Business and Source(s) of Wealth
Nature of Business
4.9.1 It is critical to understand the type of Trust, activities and purpose of the Trust in order to assess
the Financial Crime Risk implied.
4.9.2 Where the purpose or intent of a Trust is unclear or lacks an economic or financial purpose, the
Customer should be escalated to Country FCC.
4.9.3 Information gathered will be driven primarily by the questions included within the CDD templates
which are tailored to each risk category, Customer type, and the level of Public Accountability of
the related parties.
4.9.4 Below is the key Nature of Business information to be obtained for a Trust (all FCRRs):
Fig. 4.12: Nature of Business information
Customer Nature and purpose of the Trust
Reasons for the use of the Trust structure
Key Financial data relating to the Trust e.g. total annual revenue (USD equivalent) and
total assets held
Understand the nature, location and structure of asset holding
Understand which party introduced the Trust to the Bank
Where the Settlor is a Beneficial Owner of a business, understand the nature of the
underlying business (see Global Procedural Standards Section [6.3.2-6.3.10]
Corporates and Partnerships – Know Your Customer (KYC) (Nature of Business))
Trustee Principal Business and appropriate industry classification code (if a business)
Provisions relating to changing Trustee either upon resignation or the requirements of
the Settlor or Beneficiary or other agent (e.g. Protector) are also important since this will
reveal a potential source of influence on the Trustee by other Connected Parties.
Identify if there have been recent changes to the Trustee in the past 5 years, including
the rationale for the change
Understanding the Source(s) of Wealth
4.9.5 Source of Wealth (SoW) relates to the business activity or situation that generated the Customer’s
accumulated capital.
4.9.6 Two aspects must be considered:
a) The origin of the initial Source(s) of Wealth – the business activity or situation that
generated their accumulated capital, not just the portion that is invested with the bank for
the initial deposit/account opening; and
b) The origin of ongoing Source(s) of Wealth – the ongoing business activities or situation
that will generate the funds that will be deposited into the account.
Source of Wealth for Trusts
4.9.7 In the context of a Trust, the initial SoW will be the SoW of the Settlor.
4.9.8 The ongoing SoW will be dependent on the nature of assets, and if the Settlor continues to transfer
assets to the Trust.
Source of Wealth of the Settlor
4.9.9 Sufficient SoW information (as per the table below) should be collected to enable RBWM to form a
reasonable conclusion that the Settlor has earned or otherwise acquired their accumulated capital
INTERNAL
Page | 69

legally. This will involve obtaining supporting documentation from the Settlor (or Trustee on behalf
of the Settlor) to validate the Source of Wealth information.
Fig. 4.13: SoW Information
Private Holding
Trust
SoW of Settlor, or
Where Settlor is a PIC/PIV, “look through” to the True Settlor; and
Primary country of SoW of Settlor.
Refer to Section [2.5] Individuals – Know Your Customer (KYC) (Source of
Wealth)
Understanding the Source(s) of Funds
4.9.10 Refer to Section [2.4] Individuals – Know Your Customer (KYC) (Source of Funds).
4.10 Understanding the Intended Purpose and Usage of Account
4.10.1 Refer to Global Procedural Standards Section [6.5] – Know Your Customer (KYC) (Understanding
the Intended Purpose and Usage of Account).
4.11 Visitation
Principles of Visitation
4.11.1 No specific additional requirements for Trusts (see Global Procedural Standards Corporates and
Partnerships Section [6.7] – Know Your Customer (KYC) (Visitation Requirements)).
Types of Visitation
4.11.2 No specific additional requirements for Trusts (see Global Procedural Standards Corporates and
Partnerships Section [6.7] – Know Your Customer (KYC) (Visitation Requirements)).
Purpose of an AML Visitation for CDD
4.11.3 No specific additional requirements for Trusts (see Global Procedural Standards Corporates and
Partnerships Section [6.7] – Know Your Customer (KYC) (Visitation Requirements)).
Situations where a Customer Visit is Required
4.11.4 The party to be visited will depend upon the nature of the Trust and the true Controlling Party of
the Trust. As such, it is essential to identify the party(ies) that exercise or influence the activities
of the Trust (e.g. Trustee or Settlor who retains control) in order to complete visitation
requirements.
INTERNAL
Page | 70

4.11.5 The parties to be visited at onboarding and on an ongoing basis are:
Fig. 4.14: Visitation requirements
Trust Type
Party to be Visited At Onboarding and
Period Review
Comments
Private Holding
Trust
Where a Settlor is High Net
Worth 31 , visitation or contact is
required in accordance with the
requirements set out in Section
[2.8] – Know Your Customer
(Customer Contact and Visitation
Requirements)
See note 1, 2 & 3
a) Where required, frequency of visitation
should be in line with the Periodic Review
cycle.
b) For all Trusts further visits may be required
as advised by Country FCC, typically in
instances where there are Financial Crime
indicators regarding Source of Wealth and
Source of Funds
Notes:
1. Where the Settlor is an existing Customer, visitation should be performed on the Settlor (Individual or business
see Global Procedural Standards Corporates and Partnerships Section [6.7] – Know Your Customer (KYC)
(Visitation Requirements) when visiting a business).
2. Where the Settlor is not an existing Customer, Controlling Party or Party which appears to have influence over
the Trust should be visited. Where multiple Trustees/Controllers are identified, those Trustees that hold control
over the Trust should be visited, taking a Risk Based Approach.
3. While visitation should be completed in line with Periodic Review cycle, it is possible to draw on a previous
Visitation Customer Assessment if it current (i.e. it was completed within a period of up to 1 year), provided
that there are no material changes to the Customer’s circumstances in the intervening period. For example,
a Trust with a FCRR of Medium has a periodic review and associated visitation every two years. If the last
Visitation Customer Assessment was completed 9 months ago and no material changes to the Customer’s
circumstances occurred, no additional visitation is required for the periodic review.
4. In practical terms, where RBWM banks multiple Trusts administered by a Trustee, the Trustee visit should
be visited annually.
4.11.6 Visitation of the Connected Parties may be performed by a local office, where the party is located
in a jurisdiction other than where the account is opened (e.g. if the Settlor is located in UK, but the
Trust is banked in Bermuda, visitation of the Settlor may take place by a staff member in the UK),
following cross-border marketing guidelines.
Completion of an AML Visitation for CDD Purposes
4.11.7 No specific additional requirements for Trusts (see Global Procedural Standards Corporates and
Partnerships Section [6.7] – Know Your Customer (KYC) (Visitation Requirements)).
31
See Section [1] – Individuals Identification and Verification (ID&V) for the definition of a High Net Worth Individual.
INTERNAL
Page | 71

4.12 Enhanced Due Diligence (EDD)
4.12.1 No specific additional requirements for Trusts (see Global Procedural Standards Corporates and
Partnerships Customer Chapter 7 – Enhanced Due Diligence (EDD)). Note: where EDD is
performed on the Trust, the Settlor should be treated equivalently to an Ultimate Beneficial Owner,
which may result in the need to obtain certain additional information about the Settlor (e.g. SOW
for a Settlor).
HSBC as a Trustee
4.13 Introduction
4.13.1 Where HSBC is acting as a Trustee, HSBC’s fiduciary responsibilities are increased as compared
to those within the banking relationship.
4.13.2 When acting as a Trustee, the aligned procedures should be followed by the HSBC Trustee as
minimum standard guidelines, however, where the local regulatory requirements are higher, HSBC
Trustees should follow local requirements. Where a local jurisdiction wishes to fall below stated
requirements due to lower regulatory requirements, a dispensation should be obtained from
Country FCC.
4.13.3 The below section outlines the requirements where HSBC is the Trustee. These standards should
be followed in addition to Trustee specific procedures established by the lines of business.
4.13.4 These procedures are limited to situations where an HSBC entity acts as Trustee for a Trust whose
structure is based on the intention of the Settlor to transfer assets to the control of a Trustee and
for the benefit of a Beneficiary(ies) (e.g. party other than the Settlor).
4.13.5 These procedures do not cover instances where an HSBC unit acts as a Trustee to Fund
Managers/Funds 32 .
4.14 IDV&V of Connected Parties
Settlors, Donors, and Grantors
4.14.1 One of the following parties may request HSBC to undertake the role of the Trustee:
a) Settlor – at the establishment of the Trust; or
b) Protector.
4.14.2 As the Trustee, HSBC must ID&V all Settlors, Donors, and Grantors, irrespective of the contribution
amount, as per fiduciary obligations of the Trustee.
4.14.3 Where the Settlor is deceased, HSBC should ID&V the party acting on behalf of the Settlor and
understand the relationship between the party, the Settlor, and other Connected Parties.
Beneficiaries
4.14.4 As the Trustee, HSBC must ID&V all Beneficiaries, irrespective of their entitlement, as per fiduciary
obligations of the Trustee.
32
In the case of a fund, the Individual or entity placing assets with a fund has every expectation of assets (and profit) being returned.
INTERNAL
Page | 72

4.15 Source of Wealth of the Settlor
4.15.1 In addition to the information that should be obtained related to SoW of the Settlor, where HSBC
acts as a Trustee, all countries of SoW of the Settlors, Donors, and Grantors should be identified
as per fiduciary obligations of the Trustee.
4.16 Visitation
4.16.1 For all Trust types, visitation to other controlling or influencing parties will reflect the fiduciary
obligations of the Trustee and the type of Trust being managed. Country procedures will establish
requirements. The guiding principal is that a controlling or influencing party will be visited for all
Trust types.
INTERNAL
Page | 73

5. RBB Sole Traders
Key Objective
How will the Objective
be achieved?
Scope of Section
Related Sections
Guidance sources
To identify, assess and mitigate the risks associated with RBB Sole Traders in order to
safeguard HSBC against Financial Crime risks
Setting out specific Customer type due diligence to address their specific risk attributes
outside of the scope of the standard ID&V, KYC and general EDD.
This Section describes the Procedures applicable to RBB Sole Traders with respect to
the following:
5.1 Introduction
5.2 Definition of Customer Type
5.3 Key Connected parties associated with this Customer Type
5.4 Risk associated with this Customer Type
5.5 Customer Type Risk Classification
5.6 Identification and Verification (ID&V) - Customer
5.7 Identification and Verification (ID&V) – Connected Party
5.8 Know Your Customer (KYC)
5.9 Enhanced Due Diligence (EDD)
Global Corporates and Partnerships Procedural Standards
RBWM Individuals
Global AML Policy: CDD Standards - Sole Traders
INTERNAL
Page | 74

5.1. Introduction
5.1.1. This chapter outlines the due diligence procedures associated with RBWM Retail Business Banking
(RBB) Sole Traders.
5.1.2. RBB Sole Traders are those Customers which will be managed by RBWM as opposed to CMB,
due to these simple business banking clients being more aligned to RBWM service principles than
CMBs. They will have simple, domestic product and lending needs.
5.1.3. Consideration must be given to the ‘legal form’ of the Customer. A RBB Sole Trader is an
unincorporated entity type for which there is no legal distinction between the owner and the
business, resulting in a number of differing due diligence requirements from other customer types.
5.1.4. RBB Sole Trader specific due diligence requirements are to be considered in addition to the scope
of the standard ID&V, KYC and general EDD requirements outlined in the CMB Corporates and
Partnerships and RBWM Individuals LoBPs.
5.1.5. Where there are no RBB Sole Trader specific requirements, cross references to relevant sections
of other Customer type chapters are included throughout these procedures.
5.2. Definition of Customer Type
5.2.1. The definition of a ‘RBB Sole Trader’ below outlines the key characteristics of this customer type.
Fig. 5.1: RBB Sole Trader: Definition
Customer Type
RBB Sole Trader
Definition
A RBB Sole Trader, also known as a sole proprietorship or a proprietorship, is a type of
business entity that is always owned and generally run by one individual and in which there
is no legal distinction between the owner and the business (i.e. it is not incorporated).
The owner receives all profits and has unlimited responsibility for all losses and debts. All
assets of the business are owned by the RBB Sole Trader. A RBB Sole Trader may use a
“Trading As” name or business name other than his or her legal name.
RBB Sole Traders are typically small businesses where the costs of incorporation (including
minimum capital) and/or of maintaining a company are considered by the RBB Sole Trader
to outweigh the benefits of limited liability. Operating as a RBB Sole Trader may also
provide tax benefits to an individual over operating through an incorporated entity in certain
jurisdictions.
The business activity of the RBB Sole Trader must meet all of the following criteria:
Customers’ needs served through branches, contact centres or online platforms
Operations must be domestic only i.e. do not require multi-jurisdictional relationship
management
Credit needs that can be fulfilled through scored lending only
Have a small and simple organisational structure
No more than one Key Controller
Products must be simple with no international requirements
Must be resident in the same country as the HSBC Booking Centre
Where any of the above criteria are not met at onboarding, or there is uncertainty regarding
whether RBWM should manage the customer relationship, the CDD Risk Acceptance
procedure should be followed.
In addition, if following onboarding any of the above criteria change, the Country Head of
RBB and FCC will need to approve the relationship continuing to be managed by RBWM
INTERNAL
Page | 75

5.3. Key ‘Connected Parties’ associated with this Customer Type
5.3.1. The definition of ‘Customer’, ‘Connected parties’ and ‘other related parties’ is defined in the
Glossary.
5.3.2. The following table establishes definitions of the key connected parties requiring CDD for RBB Sole
Traders:
Fig. 5.2: Key Connected Parties for whom CDD is Required
Key Controller
Authorised
Signatories
A Key Controller is someone who is elected or appointed to exercise more direct control over
the Customer entity. Authorised Signatories with Sole Authority over the Customer’s account
are considered to be Key Controllers.
An Authorised Signatory is a Customer staff member who receives delegated authority to the
Customer’s products and services with HSBC.
Where Authorised Signatories are not recorded in product level due diligence, they may be
recorded in the CDD Profile.
5.4. Risks associated with this Customer Type
5.4.1. There are a number of risks inherent in dealing with RBB Sole Traders. These include, but are not
limited to:
Fig. 5.3: Examples for inherent risks
Ownership and
Control
Activity of the
Business
Operational
Environment
Intermingling of
Business and
Personal Funds
A RBB Sole Trader is normally a small business with a very straightforward control
structure. Its ownership is always evident as the individual RBB Sole Trader. Risk
increases considerably where the RBB Sole Trader is large, or has international reach
e.g. a web designer or consultant with overseas clients.
The entity may engage in high risk activity(ies) or it may be unclear which activity(s) it
undertakes. Certain business types have been classed in the FCC-RAM as high risk due
to the increased risk of financial crime.
A key risk is that many RBB Sole Traders have limited reporting requirements and there
may be limited publicly available information on the activity of the business. Since RBB
Sole Traders are taxed personally on the profits arising from their activities, they may be
motivated to use cash for purchases and accept cash from Customers to evade taxes on
sales and/or profits and maintain a portion of their trading outside of their bank account(s).
Sole proprietors in general represent a higher risk for tax evasion as these types of
entities are not required to apply the same stringent corporate obligations or rules as a
legal entity otherwise would.
The country of establishment is a key consideration, notably in regards to RBB Sole
Traders which are based in a high risk jurisdiction which has been associated with
financial crime.
The RBB Sole Trader may do business in a high risk jurisdiction(s) and/ or across borders,
increasing the risk of financial crime.
A RBB Sole Trader may intermingle business and personal funds. In some jurisdictions
local Regulation may not enable HSBC to require separation of business and personal
activity. This may reduce the effectiveness of transaction monitoring (TM). (Refer to
Chapter 2 Appendix 4 for guidance on personal accounts being used for business
purposes.
Use of Product The products which the Customer utilises may increase the risk associated with the
Customer. For example, products involving value movement across borders (e.g.
international wire transfers) pose a higher risk of financial crime.
INTERNAL
Page | 76

5.5. Customer Type Risk Classification
5.5.1. RBB Sole Traders are risk rated according to the key risk factors identified in the FCC-RAM.
5.5.2. Where the Customer, or one of their Connected Parties, is a PEP, or meets other SCC classification
criteria, the Customer must be risk rated SCC. (Reference Process Chapter 10 Restricted and
Prohibited Customers, Special Categories of Customers (SCCs) and Prohibited Products).
5.5.3. Where a Customer is considered to be High Risk/SCC, Enhanced Due Diligence (EDD) will be
performed. The procedures for HNWI, High Risk Customers/SCC are included within the KYC
chapter for Individuals.
5.5.4. Where there are concerns regarding the nature and purpose of the RBB Sole Trader, the Customer
should be escalated to Country FCC to determine what action should be taken, including the
requirement to conduct Enhanced Due Diligence (EDD) and the determination of the appropriate
Financial Crime Risk Rating (FCRR).
INTERNAL
Page | 77

5.6. Identification and Verification (ID&V)
ID&V – Requirements for the RBB Sole Trader Customer
5.6.1. The following tables outline the applicable requirements for the ID&V of RBB Sole Traders:
Fig. 5.4: ID&V requirements
Identification Requirements – RBB Sole Traders (All FCRRs)
a) Full name of RBB Sole Trader
b) “Trading As” name (if applicable)
c) Date of Birth
d) Residential Address 33
e) Country of Tax Residence 34
f) Date moved to Residential Address
g) At a minimum, the City/Town/Region/Province and Country of the RBB Sole Traders previous addresses for the
past three years. 35
h) Correspondence Address (if different from residential address above)
i) Nationality, where legally permissible/ Citizenship 36 (including all nationalities/ citizenships held)
j) Country of Birth
k) Government issued ID number 37
l) Principal business address (if different to residential address)
m) Date of Formation of business
Note: In countries where it is not usual to use street addresses, it is acceptable to record the addresses according to
standard local practice such as PO Box Number and physical location(s) of the business / residence.
Verification Requirements – RBB Sole Traders (all FCRRs)
Information to be verified:
a) Full name of RBB Sole Trader
b) Date of Birth 38
c) Residential Address
Verification Sources (all FCRRs):
Refer to Figure 1.11 of the Individuals ID&V Chapter for more information on verification source requirements.
Where the Customer is onboarded through an indirect delivery channel, i.e. non-face-to-face onboarding, (see Section
1.8.14 for definition Individuals ID&V requirements).
33
Residential address is defined as the main address at which a Customer lives, i.e. the address at which they spend the majority of their time.
34
It should be noted that Local or Global regulatory requirements may require verification of Tax Residence. Where this is the case, such
regulations should be followed.
35
Only required where the Customer has resided in a Country that is not the same as the HSBC Booking Centre within the last three years.
36
Nationality and Citizenship are used interchangeably in many jurisdictions. Local regulatory requirements may require verification of
nationality/ citizenship; where this is the case and legally permissible, local regulation must be followed.
37
To be obtained, unless the Country does not issue a government identification number.
38
Unless the Customer is being electronically verified, or the primary document used for documentary verification does not contain the date of
birth, subject to FCC approval.
INTERNAL
Page | 78

5.6.2. Further information on ID&V requirements and approved documentary and electronic sources of
verification is detailed in Individuals Section 1.8. See ID&V Matrix for further information on
acceptable sources of verification
ID&V – Requirements for Connected Parties
5.6.3. In the case of RBB Sole Traders Connected Parties are limited to Key Controller i.e. an individual
with sole responsibility over the Customer’s account and Authorised Signatories (see definition Fig.
5.2).
5.6.4. HSBC must ensure that it understands the level of authority, control or powers of the Connected
Party with respect to the Individual Customer and to the HSBC account (see Individuals ID&V
section 1.9 for understanding the relationship between the Customer and the Connected Party)
5.6.5. If there is no apparent or legitimate explanation for the use of the Connected Party (e.g., it is evident
that use of nominee is to conceal identity of the account holder), this should be escalated to Country
FCC for further review.
5.6.6. There are additional high risk indicators applicable for RBB Sole Traders, which would require
escalation to Country FCC which include:
Authorised Signatories with unlimited sole signing authority, who are not the RBB Sole Trader
themselves (or their spouse or (non-business) partner); or
More than one Key Controller who are non-immediate family members, in addition to the RBB Sole
Traders themselves. Refer to Glossary for definition of immediate family members.
5.7. Know Your Customer (KYC)
5.7.1. The following additional KYC requirements should be followed for:
Customer Screening
5.7.2. The following table sets out the parties and information to be screened
Fig. 5.5: Screening requirements
Party FCCRR Official and other
screening lists
Negative news
Customer High Risk/SCC Yes Yes
Medium Yes No
Low Yes No
Connected Party N/A Yes Same as Customer
Negative NewsScreening
5.7.3. For further details on Screening refer to the Screening chapter (Process Chapter 3) within the
RBWM Common Processes LoBP and the Individuals KYC Chapter.
Understanding Nature of Business
5.7.4. The nature of business of a Sole Trader will be similar to that of a Commercial Operating Business,
however, typically less complex, with smaller turnover and lower value transactions. For nature of
business requirements, see the table below:
INTERNAL
Page | 79

Fig 5.6 Nature of Business Information Requirements for all Customers
Business Type:
Industries or business types in which the Customer participates
Types of Customer with whom the Customer does business (e.g. business to consumer, business to
business, business to Government/ public sector)
Geographic location of key Customers
Countries of Business Focus:
Countries the customer does business, trades with, offers services to
Additional information must be obtained with regard to Customers with any exposure to Sensitive
Sanctioned Countries or TI CPI

Fig. 5.7: SoW: ID&V requirements for the Commercial Activity and the Individual
Customer
Source of Wealth of the Commercial
Activity (Ongoing SoW)
Source of Wealth of the Individual
Established Commercial Activity (2 Years +)
High Risk/SCC Identify and Validate Identify and Validate
Medium Risk Not Required Not Required
Low Risk Not Required Not Required
Established Commercial Activity (< 2 Years)
High Risk/SCC Identify and Validate Identify and Validate
Medium Risk Not Required Identify and Validate
(Where capital to be invested in the
business exceeds $150K)
Low Risk Not Required Identify and Validate
Start-up Commercial Activity
(Where capital to be invested in the
business exceeds $150K)
High Risk/SCC N/A Identify and Validate
Medium Risk N/A Identify and Validate
(Where capital to be invested in the
business exceeds $150K)
Low Risk N/A Identify and Validate
(Where capital to be invested in the
business exceeds $150K)
5.7.8. For RBB Sole Traders with established commercial activity, the Source(s) of Wealth will be evident
from the nature of the Customer’s business/ operations. Where further validation is required, the
Customer should be requested to provide their Bank Statements for the previous three months to
enable validation of business activities. New start-up RBB Sole Traders will not possess prior
trading records or historical financial statements that established businesses may be able to
provide. Source of Wealth information will therefore focus on the origin of the capital being invested
into the business to finance operations, most typically from the RBB Sole Trader as a Natural
Person.
5.7.9. The Individuals Source of Wealth guidance and ID&V Matrix sets out, in detail, the information and
additional documentation sources to be obtained to validate Source of Wealth for all Customers.
Understanding Source(s) of Funds
5.7.10. Refer to section 2.4 of the Individuals KYC LoBP for the Source of Funds procedures. Where local
jurisdiction legislation does not allow HSBC to require separation of business and personal funds,
the threshold to be applied for Source of Funds validation must be the lower of the threshold for
commercial activity and any applicable thresholds for individual activity.
5.7.11. When cash is the Source of Funds for the account opening, Source of Funds identification and
validation must be performed in line with RBWM FIM B1.1.2.8 AML Cash Services
INTERNAL
Page | 81

Understanding the intended Purpose and Usage of Account
5.7.12. In addition to the requirements outlined in Section 2.6 of RBWM Individuals, it is necessary to:
Determine whether the account will be used for personal activity, commercial activity, or both (only
permitted where local regulations prevent forced account segregation based on usage);
Gather information on Connected Parties so that the Bank has an understanding of the relationship to
the Party, e.g. spouse or relative.
5.7.13. At onboarding if a Sole Trader Customer confirms that they intend to utilise their business account
for both personal and commercial transactions, they must be made aware that they will need to
open separate accounts to meet these needs. It is expected that this will be established whilst
having discussions with the customer about the intended use of the account and expected
transactional value and volume.
5.7.14. Onboarding may continue in-line with the CDD requirements for Sole Traders detailed in this
chapter for their commercial needs, however the Customer will be required to open a RBWM retail
personal account to undertake their personal transactions.
5.7.15. Where the customer also applies for an RBWM Current Account the CDD of the Customer must be
completed in line with the requirements detailed within the Chapters 1-3: Individuals of the
Customer LoBP.
5.7.16. The purpose of opening an account should be in line with the expected account activity, and profile
of the RBB Sole Trader’s business. Active judgment and reflection is required to review the
Customer’s purpose of opening the account against the expected account activity and the profile
of the RBB Sole Trader’s business to identify if there are any apparent inconsistencies. Where
these are identified or if there is any doubt the Customer should be escalated to Country FCC for
review and approval.
Visitation Requirements
5.7.17. Home-based businesses 39 are exempt from visitation at onboarding or renewal provided that the
Business concludes that it is reasonable for the Customer’s business to be home based. The
employee onboarding the Customer must document the rationale for such a conclusion in the CDD
Profile. Factors for consideration may include: number of employees, the industry type, or whether
the business is predominantly cash based.
5.7.18. The Visitation requirements for High Risk and SCC RBB Sole Traders are as per Section 6.15 of
the Retail Business Banking Corporates and Partnerships procedural standards. Visitation for
Medium and Low risk Customers are not required unless requested by FCC based on escalation
of the Customer due to financial crime concerns.
5.8 Enhanced Due Diligence (EDD)
5.8.1. For Customers identified as PEPs refer to Global RBWM AML Policy RBWM Global PEP Policy for
further guidance.
5.8.2. EDD requirements should be conducted as necessary in-line with the Customer’s risk rating.
Further information regarding when EDD would be required can be found in the above sections and
the Individuals ID&V and KYC chapters.
5.8.3. Where it is known that the Customer is located in, or has an exposure to a Sensitive Sanctioned
Country (SSC), escalate to Country FCC in line with the Sanctions Escalation Matrix.
39
Examples of home based businesses should be defined in-country and included in local procedures.
INTERNAL
Page | 82

6. RBB Corporates and Partnerships IDV & KYC
Key Objective
How will the
Objective be
achieved?
To understand who HSBC’s Customers are and who HSBC is doing business with in
order to safeguard against Financial Crime risks.
This Section outlines the identification and verification procedures on a Risk Based
Approach:
Identification – identifying who the Customer and Connected Parties are, by
obtaining information on their identity; and
Verification – verifying some or all of the identity information obtained using
reliable and independent documentary and/or electronic source material.
This section also outlines the Know Your Customer (KYC) procedures to be
undertaken on a Risk Based Approach, in addition to the ID&V procedures
Scope of Section
Related Sections
This Section outlines the procedures with respect to the following:
IDV
6.1 Introduction
6.2 Definitions of Customer Type
6.3 Key ‘Connected’ parties associated with this customer type
6.4 Risks associated with this ‘customer type’
6.5 ‘Customer type’ risk classification
6.6 ID&V – Requirements for the ‘Customer
6.7 ID&V – Requirements for ‘Beneficial Owners’
6.8 ID&V – Requirements for ‘Key Controllers’
6.9 ID&V – Requirements for ‘ Direct Appointees’
KYC
6.10 KYC Introduction
6.11 Customer Screening:
6.12 Understanding Nature of Business and Source(s) of Wealth
6.13 Understanding the Source(s) of Funds
6.14 Understanding the Intended Purpose and Usage of Account
6.15 Visitation Requirements
EDD
6.16 EDD Introduction
6.17 Politically Exposed Persons
6.18 Source of Wealth (SoW) for Ultimate Beneficial Owners (UBOs)
6.19 Doing Business in Sensitive Sanctioned Countries
6.20 Customers with Identified Exposure to High Risk Countries
Global AML Policy: CDD Standards - Individuals (ID&V)
Global AML Policy: CDD Standards - Corporates & Partnerships (KYC)
Global AML Policy: CDD Standards - Corporates & Partnerships (EDD)
Guidance sources Joint-Money Laundering Steering Group (JMLSG) Part I: 5.3.122 - 5.3.177, 5.4, 5.5
INTERNAL
Page | 83

6.1 Introduction
6.1.1. This section outlines an introduction to entities as well as outlining the baseline Identification and
Verification requirements.
6.1.2. Identification and Verification (ID&V) of a Customer, and their Connected Parties, provides an
understanding of who HSBC is doing business with and is a key step in Customer Due Diligence
(CDD) to mitigate Financial Crime risk.
6.1.3. ID&V is a two-step process which follows a Risk Based Approach:
a) Identification – identifying who the Customer and their Connected Parties are by
gathering information about their identity; and
b) Verification – verifying some or all of the identity information gathered using reliable and
independent documentary and/or electronic sources
6.1.4. High Risk and SCC Customers require additional levels of ID&V than Customers with lower
Financial Crime Risk Ratings (FCRRs) or entities with a greater degree of Public Accountability.
6.1.5. For all risk levels, a complete record of ID&V including documents obtained, together with any
actions taken and approvals obtained must be recorded in the CDD Profile.
6.1.6. These ID&V requirements apply to all customer entity types, and any additional requirements or
differences in respect of specific ‘customer types’ e.g. Trusts, PICs, etc. will be detailed in the
relevant customer chapters.
6.2 Definitions of Customer ‘Type’
6.2.1. This section covers the following Customer types within the Non-Financial Institution Commercial
Enterprises customer type family:
Fig. 6.1: Definitions of Customer ‘Type’:
Customer Type
Corporates
Partnerships
Definition
An incorporated entity established for commercial trading operating activity with the objective
of generating profits. They commonly have limited liability, and can be owned by shareholders
who can transfer their shares to others, and can be controlled by a board of directors who are
normally elected or appointed by the shareholders
A Partnership / unincorporated business, although principally operated by individuals, or a group
of individuals, are different from private individuals in that there is an underlying business.
6.2.2. Where there is any doubt as to whether the relationship should be managed by RBWM, the CDD
Risk Acceptance procedure should be followed
6.3 Key ‘Connected’ parties associated with this customer type
6.3.1. The definition of ‘Customer’, ‘Connected parties’ and ‘Other related parties’ has been defined in the
Glossary.
6.3.2. The following table establishes definitions of the key connected parties requiring Customer Due
Diligence (CDD) for this particular Customer type:
INTERNAL
Page | 84

Fig. 6.2: Definitions of key connected parties
Beneficial
Owner
Director / Partner
A Beneficial Owner is an individual or an entity who owns or exercises control over the Customer
arising from their shareholding or other ownership interest in the Customer; or from control over
the voting rights; or from exercising other control over the composition and/or the voting of the
Board of Directors.
A Beneficial Owner can also be the party on whose behalf a transaction or activity is being
conducted. Note that:
a) Ultimate Beneficial Owner (UBO) – Usually an Individual who ultimately owns a legal entity
and/or the person on whose behalf a transaction is being conducted. The UBO is any natural
person or government body that owns, has the right to vote, or has the power to sell or direct
the sale of a class of the business’ voting securities of an Intermediate Owner.
b) Intermediate Owner (IO) – An Entity or legal arrangement (e.g. structure such as a Trust,
Foundation etc.) identified as existing within the corporate structure that sits between the
Customer and the UBO (as defined above) in the ownership chain.
A Director is an appointed member of a Customer’s Board and may be either an executive or a
non-executive.
The roles and responsibilities of a Board of Directors will vary according to the type of entity. A
Director may or may not be a Key Controller for the purposes of CDD. For entities, certain Directors
and managers will be classified as Key Controllers, due to their ability to exercise significant control
over an entity and to have a substantial influence over the day-to-day management of the business.
A Partner is a person associated with one or more other individuals engaged in a business
enterprise in which the profits and losses are shared proportionally. The legal definition of a
partnership is generally stated as "an association of two or more persons to carry on as coowners
a business for profit'.
Persons can form a partnership by written or oral agreement, and a partnership agreement often
governs the partners' relations to each other and to the partnership.
Key Controller
Direct Appointees
(and others
purporting to act
on behalf of the
Customer)
Authorised
Signatories
Employees
A Key Controller is someone who is elected or appointed to exercise more direct control over the
Customer entity, by participating in the governance or senior executive activities of the Customer.
Key Controllers typically set the strategic direction of the entity.
The title given to a Key Controller varies according to the type of entity, Country of Operation, and
Country of Incorporation/ Registration/ Formation. Most commonly, a Key Controller will include the
Chief Executive Officer (CEO), Chief Financial Officer (CFO), Managing Partner and Chairman of
the Board. Usually, control is exercised jointly with other Directors/senior executive management.
A Direct Appointee is a person authorised under an executed instrument of the Customer Entity to
act on its behalf with respect to the banking relationship and also to delegate authority to others to
represent the Customer entity in more limited circumstances, e.g. Direct Appointees may appoint
Authorised Signatories. The Company Secretary is generally a Direct Appointee.
Direct Appointees may not themselves be Key Controllers but are typically appointed by Key
Controllers or the Board of Directors. They may or may not themselves be Authorised Signatories.
Direct Appointees may be product specific.
An Authorised Signatory is a Customer staff member who receives delegated authority to the
Customer’s HSBC products and services. Authorised Signatories with Sole Authority over the
Customer’s HSBC account/ Financial affairs are also considered to be Key Controllers due to the
influence they have over the business.
Where Authorised Signatories are not recorded in product level due diligence, they may be
recorded in the CDD Profile.
Employees of an entity do not require CDD unless they are connected parties, as defined above,
or are Individual HSBC customers in their own right.
INTERNAL
Page | 85

6.4 Risks associated with this ‘customer type’
6.4.1. There are a number of risks inherent with dealing specifically with entities. These include, but are
not limited to:
Fig. 6.3: Risks associated with this ‘customer type’
Ownership and
Control
Activity of the
Business
Operating
Environment
The legal persona of the entity is distinct and separate from the individual(s) who own and/ or
control it, and it may be difficult to establish the individual(s) who exercise ultimate control and/
or financed its creation.
Particular attention should be given to complex corporate ownership structures, which may
include Trusts or Foundations, as these can result in opaqueness in identifying the role of
Connected Parties and most notably, the actual controlling party.
Certain legal entities may be owned through bearer shares, whereby ownership is assigned to
whoever has physical possession of the share certificates. Although common and legitimate in
many jurisdictions, the anonymity that they can offer provides the potential to elevate financial
crime risk. Therefore, entities that include bearer shares within the ownership structure are
prohibited by RBWM.
The entity may engage in high risk activity(ies) or it may be unclear which activity(s) it
undertakes. Certain business types have been classed in the FCC-RAM as high risk due to the
inherent increased risk of financial crime.
The entity may do business in a high risk jurisdiction(s) and/ or across borders, increasing the
risk of financial crime.
Use of Product The products which the customer utilises may increase risk. For example, products involving
value movement across borders (e.g. international wire transfers) pose a higher risk of financial
crime.
6.4.2. Understanding the nature of business of the entity and the key individuals controlling the entity is
fundamental in mitigating the risk in doing business with these entities.
6.4.3. If the entity has a higher degree of publicly available information and reporting requirements, the
level of inherent risk may be reduced.
6.5 ‘Customer type’ risk classification
6.5.1. Entities are risk rated according to the key risk factors identified in the Global FCC-RAM
6.5.2. Where there are concerns regarding the nature and purpose of the Entity, the Customer should be
escalated to Local Financial Crime Compliance (FCC) to determine what action should be taken,
including the requirement to conduct Enhanced Due Diligence (EDD) and the determination of the
appropriate Financial Crime Risk Rating (FCRR).
INTERNAL
Page | 86

6.6 ID&V – Requirements for the ‘Customer’
6.6.1. The following table sets out the minimum Identification requirements for Corporates and
Partnerships:
Fig. 6.4: Identification requirements for Corporates and Partnerships
Identification Requirements – Corporates and Partnerships (all FCRRs)
a) Legal name
b) “Trading As” name (if applicable)
c) Registered office address in country of incorporation
d) Incorporation/registration details
e) Country of registration / incorporation / establishment
f) Date of incorporation / establishment of the partnership
g) Identification Number of the entity (where applicable) together with the name of the Issuing Authority
h) Name of Regulator (where applicable)
i) Principal place of business address (if different to registered address)
j) Names of all Directors/ Partners of Customers irrespective of whether they retain control over the business or not
Note: In countries where it is not usual to use street addresses, it is acceptable to record the business address of the entity
according to standard local practice such as PO Box Number and physical location(s) of the business.
6.6.2. The following table sets out the Verification requirements for Corporates and Partnerships:
Fig. 6.5: Verification requirements for Corporates and Partnerships
Verification Requirements – Corporates and Partnerships (all FCRRs)
Information to be verified:
a) Full Legal Name
b) Registered address / Business address in the case of Partnerships
c) Evidence of listing with a regulator of the Customer and its Parent (where applicable)
Verification Sources (all FCRRs):
Two reliable and independent verification sources are required; one of which must be a Primary Document.
6.6.3. Acceptable verification sources are outlined in the ID&V Matrix.
FATCA Data Requirements
6.6.4. Tax regime requirements (such as Foreign Account Tax Compliance (FATCA 40 )) may result in
additional information being required for certain customers. In order to comply with these
requirements, HSBC is required to leverage substantially from its AML policies and procedures.
Tax regime requirements should therefore be considered in conjunction with these CDD
procedures in order to achieve a holistic understanding of the customer’s profile.
40
Other Intergovernmental Agreements (IGAs) and the UK Crown Dependencies and Overseas Territories Automatic Exchange of Information Agreement (also
known as “TRE Phase 1” for HSBC purposes) may also be applicable.
Page | 87
INTERNAL

Non-Face-to-Face Customer On-boarding
6.6.5. Non-face-to-face customer on-boarding is considered to present an increased risk as customer
identification cannot be performed in person. To address the additional risk, verification of identified
Beneficial Owners is required across all FCRRs (to the thresholds of 10%/25%).
6.6.6. Where documentary sources have been used to verify the identity of non-face-to-face Customers
at on-boarding, further mandatory steps will be required as outlined in Individuals Section 1.8.15.
6.6.7. The following are considered to be face-to-face:
a) HSBC meets with representatives of the business entity to be on-boarded;
b) The Customer is introduced through an Affiliate. (see section 9.5.2 for definition of Affiliate.
6.7 ID&V – Requirements for ‘Beneficial Owners’
6.7.1. Beneficial Owners have the potential to exploit the Customer entity’s relationship with HSBC to
launder money or commit other Financial Crimes because they exercise control over the Customer
Entity via their ownership interest or voting power. A Risk Based Approach to ID&V of Ultimate
Beneficial Owners (UBOs) must be taken to establish that they are, in fact, Beneficial Owners and
that these persons/entities do actually exist.
Different Classes of UBO
6.7.2. UBOs are generally defined as natural persons who ultimately own or control the Customer. There
is a requirement to look through an entity to a point where natural persons who are direct or indirect
owners of equal to or greater than the required percentage ownership of the Customer can be
identified.
6.7.3. In some cases, an entity’s ownership may be so widely dispersed that no single person or family
group of individuals owns equal to or greater than the relevant percentage. This requirement to
identify UBOs to the relevant threshold must be met regardless of entity structure to minimise the
risk posed by complex business structures.
6.7.4. An example of the UBO Percentage Holding calculation is outlined below in figure 6.6:
INTERNAL
Page | 88

Fig. 6.6: UBO Percentage Holding calculation
UBO % holding of
the customer
40%
30%
(60%x50%)
30%
(60%x50%)
Identification of Ownership Structure
6.7.5. It is important to understand the ownership structure as this will assist with determining which
parties have control (i.e. Beneficial Owners), establish their true percentage ownership and
therefore which parties require ID&V.
6.7.6. The requirements to ID&V the ownership structure will depend on the FCRR of the Customer.
6.7.7. For all FCRRs, one independent source detailing the ownership structure must be obtained.
Detailed requirements are described in the ID&V Matrix. This includes for example: approved
market information providers; suitably audited reports & accounts; regulatory returns that are
publicly available; Partnership agreements; or a Customer Declaration or equivalent. Where a
Customer Declaration is being relied upon, this must be obtained from an appropriate Officer in the
Customer entity or Group including Company Secretary, Legal, or similar function.
6.7.8. Multiple levels of ownership in a Customer entity, notably for smaller Customers, may present a
Complex Ownership Structure that could be used to conceal the origin of funds and the identity of
the UBO. Examples of a complex ownership structure may include the use of either Trusts or
Foundations. Explanation of complexity is important so that risks can be fully understood.
6.7.9. Escalation to FCC should be considered where there are concerns arising from understanding the
rationale for the complexity, and must be initiated in all cases where the structure is considered
complex compared with the size of the business (e.g. 3 layers would be considered complex for a
Corporate Customer sitting in Business Banking Mass). For the purpose of clarity, the Customer
itself is not considered one of the layers to the ownership structure.
ID&V Requirements for Beneficial Owners
6.7.10. The following table sets out the minimum ID&V requirements for Beneficial Owners using a Risk
Based Approach:
INTERNAL
Page | 89

Fig. 6.7: Minimum ID&V requirements for Beneficial Owners
Customer
FCRR
Identification
Corporates & Partnerships
Verification
High/
SCC
All BOs (including UBOs and IOs) owning 10% or
more
Verify the identity of all UBOs owning 10% or more
Verify ownership structure
Medium
All BOs (including UBOs and IOs) owning 25% or
more
Verify the identity of all UBOs owning 25% or more
Verify ownership structure
Low
All BOs (including UBOs and IOs) owning 25% or
more
No requirement to verify the identity of UBOs 41
Verify ownership structure
All
Full Name
Ownership %/ Voting rights
For Individuals:
Date of Birth
Permanent Residential Address
For Entities as IOs:
Proof of Listing or Regulation status (where
applicable)
Country of Incorporation/ registration/ formation
For UBOs see Section 6.7.1 – 6.7.4
For ownership structure see Section 6.7.5 – 6.7.9
41
Where the Customer has been onboarded non-face-to-face, verification of UBOs owning 25% or more is required.
INTERNAL
Page | 90

Verification of UBO Identity
6.7.11. Where directed in the table above, the identified UBOs must be verified by one verification source,
unless otherwise stated in the table below. Verification can be completed using either Documentary
Sources, or where local regulatory requirements allow, Electronic Sources. The information to be
verified depends upon the verification source:
Fig. 6.8: Verification Sources for UBOs
Documentary
Sources
a) Full Name and percentage of ownership/voting rights; and
b) Date of Birth OR Permanent Residential Address.
a) Full Name and percentage ownership; and either
b) Date of Birth and Permanent Residential Address; or
Electronic
Sources
c) Two sources confirming Permanent Residential Address; or
d) By exception, where Permanent Residential Addresses are not commonly used, two
sources confirming Date of Birth or age and country of residence (and nationality, where
legally permissible, if different).
6.7.12. The ID&V Matrix defines acceptable sources and documents to meet the requirements for verifying
the UBOs identity.
6.7.13. In the event that escalation to FCC has occurred due to financial crime concerns, FCC may request
that EDD is undertaken on a UBO. This may include, but is not limited to, verification for UBOs of
Low Risk Customers and/or a Financial Intelligence Unit (FIU) investigation.
Beneficial Ownerships by Family Groups
6.7.14. A Family Group may, collectively, hold more than the stated UBO threshold, and the group may
exercise greater control than indicated by their individual shareholdings, by voting as a Group.
6.7.15. Where it is apparent that the ownership structure of the Customer includes family members at
multiple levels, the names of all family members should be identified, along with the family’s total
collective percentage shareholding.
6.7.16. Further ID&V, in accordance with the above table, will be required only for those UBOs within the
family group whose personal holding exceeds the indicated threshold amounts.
Beneficial Ownerships by Public Figures
6.7.17. A UBO may be a well-known public figure, such that the individual can be readily ID&V‘d by specific
public data-sources, e.g. Forbes. In such cases, it is sufficient to ID&V only their name and
percentage ownership. Information obtained from public data-sources is to be retained on the CDD
Profile.
6.7.18. The ID&V Matrix sets out the extent to which public domain sources may be used to verify the
identity of public figures or when biographies may be used in lieu of Date of Birth information.
Trusts or Foundations as Beneficial Owners
6.7.19. Refer to Chapter 4: Trusts for ID&V requirements if a Trust or Foundation has been identified in the
Ownership Structure as owning more than the stated threshold amounts.
INTERNAL
Page | 91

6.8 ID&V – Requirements for ‘Key Controllers’
6.8.1. Key Controllers will typically be Directors or Partners and, in some circumstances, Authorised Sole
Signatories, any of whom could be in a position to exert influence on financial and/or operational
controls of an entity or legal arrangement. A Key Controller may itself be an entity in which case
we will “look through” the entity to its UBOs and Key Controllers.
6.8.2. Key Controllers have the potential to exploit the Customer Entity’s relationship with HSBC to
launder money or commit other Financial Crimes. As a result, Key Controllers must be ID&V’d using
a Risk Based Approach.
6.8.3. Examples of Key Controllers include, but are not limited to the following, where applicable:
Fig. 6.9: Typical Key Controllers
Customer Type
Typical Key Controllers
Commercial
Operating
Business
Directors who exercise direct control over the Company (senior executive activities)
Chairman of the Board of Directors
Deputy Chairman of the Board
Chair of the Supervisory Board
Chair of the Audit Committee
Chair of the Remuneration Committee
Chair of the Shariah Compliance Board
Chair of the Risk Committee
CEO
CFO
Chief Operating Officer (COO)
Managing Partner
Powers of Attorney
Nominees
The person on whose behalf the Nominee entity is working for
Authorised Signatories with Sole Signing Authority
Local Equivalent roles
Obtain the List of Key Controllers
6.8.4. It is necessary to obtain a list of the names of all of the Entity’s Key Controllers using the risk based
approach set out in the Minimum Requirements Table in Figure 6.10.
6.8.5. The ID&V Matrix will prescribe what sources may be used for obtaining the names of Key
Controllers, including but not limited to: audited financial statements, government maintained
registers or partnership agreements.
6.8.6. If reliable and independent approved sources are unavailable, it is acceptable to obtain this
information from the Customer, provided that it is certified to be accurate and up-to-date by an
Officer in the Customer entity with an independent control function such as Company Secretary,
Legal or other similar function.
6.8.7. The identification of Authorised Signatories is part of product on-boarding and maintenance
requirements, with Authorised Signatory arrangements often varying by Product. Therefore,
INTERNAL
Page | 92

Authorised Signatories with Sole unlimited Signing Authority will be identified at product onboarding
and this will constitute a Trigger Event.
6.8.8. Sole Authorised Signatories should be considered to be a Key Controller and ID&V’d accordingly.
6.8.9. Where the Sole Authorised Signatory is not a Beneficial Owner or Key Controller by position with
the entity, the Business should make reasonable efforts to understand the precise nature of the
relationship of the Sole Authorised Signatory to the Customer and document the results of this
enquiry in the CDD Profile.
6.8.10. Where the nature of the relationship between the Sole Authorised Signatory and the Customer
raises concern as to the true nature of the business or its control structure, the Customer should
be escalated to Local FCC for review.
6.8.11. For all categories of Customers it is not a requirement to maintain details of other Authorised
Signatories (refer to Figure 6.2 for definition), who do not have sole unlimited signing authority,
within the CDD profile. Product areas must maintain Procedures to appropriately ID&V these
Authorised Signatories.
ID&V of Key Controllers
6.8.12. Key Controllers are ID&V’d on a risk based approach. When selecting the Key Controllers for ID&V,
consideration should be given to the persons with the most significant influence within the
Customer. 42 For example, where Key Controllers are able to independently act on behalf of the
company, or are also Direct Appointees.
6.8.13. The following table sets out the minimum ID&V requirements for Key Controllers using a Risk Based
Approach
42
Where the Key Controller of the Customer is a Legal Entity, it is necessary to look through to the UBO of the Key Controller following percentage
thresholds and ID&V requirements in line with Customer’s entity type and risk rating.
INTERNAL
Page | 93

Fig. 6.10: Minimum ID&V requirements for Key Controllers
Customer
FCRR
Identification
Corporates & Partnerships
Verification
High/ SCC
Obtain list of all Key Controllers
Obtain list of all other Directors
Identify at least two Key Controllers
Verify list of Key Controllers
Verify Identity of at least two Key Controllers
Medium
Low
All
Obtain list of all Key Controllers
Obtain list of all other Directors
Identify at least two Key Controllers
Obtain list of all Key Controllers
Obtain list of all other Directors
Identify at least two Key Controllers
For List of Key Controllers (individuals):
Full Name
Position/ Title
Date of Birth
Requirements for Key Controllers who are Legal
Entities:
Full Name
Country of Incorporation/ registration/ formation
Regulation/ Listing status (where applicable)
Additional for Two Key Controllers:
Permanent Residential Address
Verify list of Key Controllers
Verify Identity of at least two Key Controllers
Verify list of Key Controllers
Verify Identity of at least two Key Controllers
List of Key Controllers
Two Key Controllers
INTERNAL
Page | 94

6.8.14. In some jurisdictions it is permitted for an entity to have only one Director and no Company
Secretary. In such cases, it may not be possible to meet the requirement to ID&V two or more Key
Controllers. Evidence clearly illustrating these jurisdictional variances must be recorded in the CDD
Profile. Refer to the ID&V matrix for examples of appropriate evidence to capture.
Verification Sources for Key Controller Identity
6.8.15. Where directed above, the identity of Key Controllers must be verified by one verification source,
unless otherwise stated in the table below. Verification can be completed using either documentary
sources or where local regulatory requirements allow, electronic sources to prove the identity of
the Key Controller. The information to be verified depends upon the verification source.
Fig. 6.11: Verification Sources for Key Controllers
Documentary
Sources
Electronic
Sources
a) Full Name; and
b) Date of Birth OR Permanent Residential Address
a) Full Name; and either
b) Date of Birth and Permanent Residential Address; OR
c) Two sources confirming Permanent Residential Address; OR
d) By exception, where Permanent Residential Addresses are not commonly used, two sources
confirming DoB or age and country of residence (and nationality, where legally permissible, if
different)
6.8.16. Individuals Chapter 1: ID&V for definition of Documentary and Electronic Sources.
6.8.17. Detailed requirements are described in the ID&V Matrix and include: approved information
providers (e.g. Forbes for well-known individuals) and Government-issued identification documents
or travel documents.
6.8.18. In the event that the Customer is escalated to FCC due to financial crime concerns, FCC may
request that EDD is undertaken on a Key Controller. This may include, but is not limited to,
verification for Key Controllers of Low Risk Customers and/or a Financial Intelligence Unit (FIU)
investigation.
6.9 ID&V – Requirements for ‘Direct Appointees’
6.9.1. Direct Appointees are persons authorised under an executed instrument of the Customer to act on
its behalf and also to delegate authority to others to represent the Customer entity in more limited
circumstances e.g. Direct Appointees may appoint Authorised Signatories. The Company
Secretary may be considered a Direct Appointee. Direct Appointees may be product specific,
similar to Key Controllers, and due to their influence, all Direct Appointees must be identified and
verified on a risk based approach.
6.9.2. In many cases the Direct Appointees may also be the Beneficial Owners or Key Controllers, in
which case due diligence may have already been completed in this capacity. Where this is the
case, it is not necessary to repeat due diligence activities for the Direct Appointee.
6.9.3. Direct Appointees may vary by Product or Service provided by HSBC. Procedures should be in
place to:
a) Identify, verify, screen and record applicable Direct Appointees;
b) Understand their position/ connection to the Company; and
c) Identify, verify and record that Direct Appointees have properly executed authority from
the Customer entity to act on its behalf for the activity undertaken.
6.9.4. Direct Appointee information will not typically be captured in the CDD profile unless otherwise
advised by FCC. Examples of this include where a Screening hit has resulted in escalation to FCC,
the results of which are to be recorded on the CDD profile.
INTERNAL
Page | 95

ID&V of Direct Appointees
6.9.5. The following table sets out the minimum ID&V requirements for Direct Appointees using a Risk
Based Approach:
INTERNAL
Page | 96

Fig. 6.12: Minimum ID&V requirements for Direct Appointees
Customer FCRR
Other Entities
High/ SCC
Medium
Low
Identification
For all Direct Appointees
identify:
Full Name
Date of Birth
Permanent Residential
Address
For all Direct Appointees
identify:
Full Name
Date of Birth*
For all Direct Appointees
identify:
Full Name
Date of Birth*
Verification
Verify the identity of all Direct Appointees
No verification of identity is required.
No verification of identity is required.
* Further additional Information, such as Date of Birth or address will be obtained as necessary to address potential Screening matches. In countries where it is not usual to use street
addresses, it is acceptable to record the residential address of the entity according to standard local practice such as PO Box Number and physical location(s) of the residence.
INTERNAL
Page | 97

6.9.6. Where directed above, the identity of Direct Appointees must be verified using one reliable and
independent source to establish that the named person exists.
6.9.7. Detailed requirements and acceptable sources are described in the ID&V Matrix. This includes for
example: government-issued documents, identification or travel documents or approved
information providers (e.g. Forbes) to verify the identity of well-known individuals.
6.10 KYC Introduction
6.10.1 Understanding the Customer‘s business is a critical step in understanding and mitigating the
Financial Crime risks that doing business with the Customer may bring.
6.10.2 To understand the nature of your Customer, its business and the associated Financial Crime risks
posed by the Customer, the following Know Your Customer (KYC) procedures will be undertaken
in addition to ID&V procedures:
Screening – Screening of the Customer, Connected and Other Related Parties against
Sanctions, Terrorist, PEP or other lists as well as Negative News Screening;
Understanding the Nature of Business and Source(s) of Wealth – Gathering
information on the Customers’ Nature of Business and Source of Wealth on a Risk Based
Approach;
Understanding the Source(s) of Funds – Gathering information on the Customers’
Source of Funds;
Understanding the purpose and usage of account – Gathering information on the
purpose and use of the Customer’s account in support of Transaction Monitoring;
Completion of a Customer Visitation – Supplementing the CDD process to enhance the
understanding of the Customer and the Customer’s business .
6.10.3 KYC, along with ID&V, information is recorded in the CDD Profile, in order to provide a complete
picture of the due diligence undertaken on a Customer at a given point in time.
6.10.4 These KYC requirements apply to all Customer entity types, and any additional requirements or
differences in respect to specific ‘customer types’ (e.g. Trusts, PICs etc.) will be detailed in the
relevant customer chapters.
6.11 Customer Screening
Parties to be Screened
6.11.1 The following table sets out the parties and information to be screened where identified during the
ID&V process, in relation to Corporates and Partnerships regardless of the FCRR:
INTERNAL
Page | 97

Fig. 6.13: Parties and Information to be screened
Party
Official and
Other
Screening Lists
NegativeNews
Screening
Information Screened
Customers
Customers Yes Yes Full Names and any “Trading As” names
identified during ID&V
Connected Parties
Beneficial Owners Yes Yes Full Name of the individuals or legal entity
identified including the Ultimate Beneficial
Owner and Intermediate Owner identified
during ID&V
Key Controllers Yes Yes Full name of the individuals and legal entities
identified in ID&V
Other Directors, not
identified as Key
Controllers
Yes No Full name of the Individuals identified in ID&V
Direct Appointees Yes No Full name of Direct Appointees identified
during ID&V
Other Related Parties
Other Related Parties Yes Yes Where identified, the full names of these
parties must be screened
6.11.2 The Global CDD Templates specify which parties are required to be screened based on the table
above. Screening may take place outside the Global CDD Template with the results captured in
the CDD Profile.
6.11.3 If it is known that a Customer has changed its name in the past, Screening against Official and
Other lists should include both the new name as well as the previous name(s). If the Customer’s
name has changed within 5 years, both the new and previous name should also be subject to
Negative News Screening (as applicable based on FCRR as outlined in Fig 6.14 below).
6.11.4 Negative Newsscreening is required (in line with Fig 6.14) at each periodic review, but should only
cover the period from the last review to the present.
Negative NewsScreening
6.11.5 Negative News Screening helps to identify adverse News about our Customers in order to take
necessary steps to protect HSBC’s reputation (see Common Topics Chapter 3: Screening for
definitions of each).
6.11.6 Negative NewsScreening is required for all customers regardless of FCRR:
Fig. 6.14: Negative NewsScreening by FCRR
Customer FCRR
Corporates & Partnerships
All
Negative News
INTERNAL
Page | 98

6.11.7 Refer to Common Process Chapter 3: Screening for details on the application of Screening/
Resolution of screening hits.
6.12 Understanding Nature of Business and Source(s) of Wealth
6.12.1 The information needed to understand the Customer’s Nature of Business and Source(s) of Wealth
will depend on the particular circumstances presented by the Customer including the extent to
which their business is established and/or connected to other entities/businesses.
Nature of Business
6.12.2 The nature, type and scope of the Customer’s business must be understood in order to assess the
Financial Crime risk implied.
6.12.3 The following information should be gathered about the Customer:
Fig. 6.15: Nature of Business information requirements for all Customers
Information Areas to be Covered
All FCRR
Business Type
Industries or business types in which the Customer participates
Types of Customer with whom the Customer does business (e.g.
business to consumer, business to business)
Geographic location of major Customers
Countries of Business Focus
Countries where the Customer does business / Countries they trade
with or provide services to
Where the Customer has any exposure to a Sensitive Sanctioned
Country (SSC), this must be escalated to FCC in line with the Sanctions
Escalation Matrix and EDD may apply
Additionally, any Customer with Business Operations in a High Risk
Country must be escalated to FCC and EDD may apply. See section
6.20 for further detail.
Key Financial Data
Yes
Yes
Yes
Total annual revenue (USD equivalent)
Sources of Revenue
Total Asset size
Size of the business (e.g. number of employees, number of offices or
store locations, etc.)
6.12.4 Details of any recent material changes to the Customer’s business (e.g. change in Business Type
or move from domestic to international) need to be understood. At Customer on-boarding, a recent
change is considered to be a change within the past 5 years.
6.12.5 For newly incorporated/registered/formed businesses at on-boarding, the Nature of Business
information will be based on the Customer’s business plan, i.e. consideration of the intended
products/ services, strategic business and growth plans, and targeted Customer base. Where a
INTERNAL
Page | 99

usiness plan is not available, information is to be gathered by means of inquiry and validated as
part of the first periodic review.
6.12.6 Information gathered will be driven primarily by the questions included within the CDD templates
which are tailored to each risk category and the level of public accountability.
6.12.7 EDD requirements for Customers with exposure to High Risk or Sensitive Countries are set out in
Sections 6.19 and 6.20.
Understanding the Source(s) of Wealth
6.12.8 Source of Wealth relates to the business activity or situation that generated the Customer’s
accumulated capital.
6.12.9 Two aspects must be considered:
a) The origin of the initial Source(s) of Wealth – the business activity or situation that
generated their accumulated capital, not just the portion that is invested with the bank for the
initial deposit/account opening or premium paid/ cash invested; and
b) The origin of ongoing Source(s) of Wealth – the ongoing business activities or situation that
will generate the funds that will be deposited into the account or premium paid/ cash invested.
Information to Understand Source(s) of Wealth
6.12.10 Sufficient Source(s) of Wealth information should be collected to enable HSBC to form a reasonable
conclusion that the Customer has earned or otherwise acquired their accumulated capital legally.
This may involve obtaining supporting documentation from the Customer to validate the Source of
Wealth information. Acceptable sources for validation will be included in the ID&V matrix.
6.12.11 For many established HSBC Customers, the Source(s) of Wealth will be evident from the nature of
the Customer’s business/ operations and the Beneficial Owners. The Customer’s Annual
report/financial statements and accounts (or equivalent) will also provide useful sources of
information in order to understand the Source of Wealth.
6.12.12 Where the annual report/financial statements and accounts are used to identify Source(s) of
Wealth, the CDD Operating Unit must identify and record the name of one of the following in the
CDD profile:
a) The accountant;
b) The accounting firm;
c) The auditor; or
d) The audit firm.
Where the Customer does not have an accountant or auditor the financial statements and
accounts should be reviewed in conjunction with other available information to ensure they are in
line with what we know of the Customer. Where there is any doubt as to the validity of the
financial statements the Customer should be escalated to Country FCC.
6.12.13 Newly incorporated/registered/formed businesses will not possess prior trading records or historical
financial statements that established businesses can provide. Source of Wealth information will
therefore focus on the origin of the capital being invested into the business to finance operations.
Emphasis should also be placed on understanding the level of capital declared compared with the
level of initial account funding/ Investment premium.
6.12.14 The ID&V Matrix sets out, in detail, the information and documentation sources to be obtained to
validate Source of Wealth for all Customers, including newly incorporated/registered/formed
businesses.
INTERNAL
Page | 100

6.13 Understanding Sources of Funds
6.13.1 Source(s) of Funds means the source of currency/ financial instruments deposited, which includes
the amount to be transferred to the HSBC account for investment or premium payment purposes
at on-boarding.
6.13.2 Funds may originate from a range of sources, including but not limited to the purchase and/or sale
of assets (such as real estate) or earnings from business ownership or business activities.
6.13.3 For many Customers, the Source(s) of Funds will simply be earnings from the business activity.
6.13.4 For all Customers, the aggregate amount from all accounts being opened must be reviewed to
ensure it is in keeping with the information collected on the Customer’s Source of Wealth and
Nature of Business.
6.13.5 The amount being deposited must also be validated against one source e.g. bank statements, and
the method of transfer understood in the following circumstances:
a) Where the initial amount to be deposited at customer on-boarding is considered
significant, i.e. exceeds US$150,000 or equivalent local currency.
b) Where the initial deposit/ investment/ payment is to be made in cash and this amount
exceeds US$10,000 or equivalent local currency.
6.13.6 Validation of funds is required at new customer on-boarding and additionally where an existing
customer opens a new account and meets the criteria listed in section 6.13.5.
6.13.7 Where there are automated controls in place, Source of Funds may be reviewed as part of the
monitoring process upon transfer in of the initial funds.
6.14 Understanding the Intended Purpose and Usage of Account
6.14.1 In order to understand the intended purpose of the Customer’s relationship with HSBC, information
must be gathered in relation to the following higher risk characteristics:
a) Products and services to be provided to the Customer, i.e. product lists etc.
b) Purpose of the account/ product/ service, their intended usage and rationale for products
and services
6.14.2 Where appropriate for the service(s) offered to the Customer the relevant information below must
be gathered:
a) For cross-border transactions, the rationale, purpose, expected volume and value of
expected significant 43 payments.
b) For current accounts, the purpose of account, expected amount and average value of
regular cash deposits/withdrawals.
c) Rationale for the Customer to hold large balances in current accounts with minimal
activity.
6.14.3 The information captured in the CDD Profile supports the transaction monitoring alerts process, as
well as ensuring that the Customer is appropriately risk rated.
6.14.4 It is important to ensure that the information regarding the products and services held, and purpose
and use of the account/ products/ services is kept up to date to allow the analyst/ RM to confirm
that the transaction patterns are in line with the rest of the CDD profile. Examples of when updates
may be required include Trigger Events or as part of a Periodic Review.
43 Minimum thresholds are currently to be defined locally.
INTERNAL
Page | 101

6.15 Visitation Requirements
Types of Visitation
6.15.1 The types of visitation which may occur include:
a) AML Visitation for CDD purposes – An AML Customer visit supplements the CDD
gathered on the Customer and the Customer’s business as outlined in this document. It
is particularly useful in understanding the Nature of Business of the Customer on site.
b) Relationship Management – Customers may be visited regularly in support of
relationship management, including sales, marketing and ongoing serving of relationship.
c) Credit/Borrowing Review – certain HSBC borrowing Customers will be visited annually
for the purposes of the Credit review.
Purpose of an AML Visitation for CDD
6.15.2 AML visitation for CDD purposes provides an opportunity to:
a) Substantiate information provided on the Customer Questionnaire and observe the
environment in which the Customer operates;
b) Ask follow-up questions in response to specific Trigger Events;
c) Validate the appropriateness of the products and services provided to the Customer;
d) Substantiate anticipated volumes; and
e) Gather additional information/clarification about the ownership and control structure.
6.15.3 The specific focus of the physical site visit will depend on the Customer’s Nature of Business. For
example, if visiting a manufacturer, the RM/ employee conducting the visit, would expect to see
machines, raw materials and finished products, in accordance with the Customer’s specific
operations.
6.15.4 A Customer visit is not a substitute for Customer ID&V or KYC.
6.15.5 A visit for AML CDD purposes may be conducted at the same time as visitations for other purposes,
provided that the visit enables the staff member to fully complete the Visitation Customer
Assessment.
Situations where an AML Visitation for CDD purposes is required
6.15.6 For all Customer Types and FCRRs, a site visit may be required in response to concerns over a
specific Financial Crime risk:
a) Customer escalation to FCC, Negative News report or Material Trigger Event;
b) Transaction Monitoring findings; and/or
6.15.7 SARs. In such instances FCC may request or the Business may determine that a Customer visit is
appropriate in order to:
a) Validate certain information or obtain further information from someone in a particular part
of the Customer organisation; and/or
b) Discuss a specific AML or related issue.
6.15.8 In these circumstances, FCC will specify the legal entity to be visited (i.e. reliance may not be
appropriate).
6.15.9 When a site visit is required as a result of a SAR being raised or as a result of other Financial Crime
risk concerns, care needs to be taken to avoid “tipping off”. See Compliance FIM B2.17.1 for GPPs
relating to the criminal offence of ‘tipping off’ and the importance of not informing Customers that a
suspicion report has been made.
INTERNAL
Page | 102

Additional Situations where an AML Visitation for CDD Purposes is required
6.15.10 An AML Visitation for Other Entities is required at on-boarding and periodic review for all SCC and
High Risk RM’d customers, and for High Risk non-RM’d customers. AML Visitation is only required
for Medium and Low Risk Customer on identification of financial crime concerns:
Fig. 6.16: AML Visitation requirements for Corporates & Partnerships
Relationship Managed Customers and Non-Relationship Managed Customers
Customer
FCRR
On-boarding
Periodic Review
SCC 44
High
Y
Y - Annual
Medium
Low
Financial crime concerns only
Additional Detail on AML Visitations for CDD Purposes
Fig. 6.17: AML Visitations for CDD Purposes
Home based
businesses
Periodic review
triggered by Material
Changes to Customer
Circumstance
A home-based business is defined as a business that is operating from the Permanent
Residential Address of the Beneficial Owner. Home-based businesses are typically Non-RM’d
Customers.
Home-based businesses may also be exempt from visitation at onboarding or renewal provided
that the Business concludes that it is reasonable for the Customer’s business to be home based.
The Business Owner must document the rationale for such a conclusion in the CDD Profile.
Factors for consideration may include: number of employees, the industry type, or whether the
business is predominantly cash based.
Due to the size and scale of a typical Sole Trader, many will operate their business from their
residential address and will not have a separate business address (i.e. a home-based
business).
Where a Customer Material Trigger Event results in a Customer’s FCRR increasing from Low
or Medium Risk to High or SCC, a periodic review may be triggered. In these instances a site
visit must be completed within a maximum of 60 days. The guidance on reliance and homebased
businesses continues to apply.
Completion of an AML Visitation for CDD Purposes
6.15.11 All AML visitations must be completed by an appropriately trained member of staff within the
business.
6.15.12 Following a site visit the staff member will document the visit in the appropriate Relationship
Management system or in the CDD Profile.
6.15.13 It is not a requirement to attach the full Customer Visitation report to the CDD Profile, provided the
employee conducting the visit has attested that:
44
All SCC Customers must be Relationship Managed
INTERNAL
Page | 103

a) A satisfactory visit has occurred;
b) There are no financial crime concerns; and
c) Additionally, the report must be accessible to the relevant parties reviewing the CDD
Profile.
6.15.14 At a minimum the following information should be captured in the CDD profile:
Fig. 6.18: AML Visitation: Requirement for the CDD Profiles
AML Visitation for CDD Purposes Customer Assessment – requirements for the CDD Profile
a) Customer Name;
b) Address Visited;
c) Date of visit;
d) Names and titles of person interviewed;
e) Name and title of the person(s) making the visit from HSBC; and
f) Areas of financial crime concern arising from the visit (full site visitation report does not need to be attached)
6.15.15 If the AML visitation is not consistent with the information provided by the Customer in the CDD
profile, consideration should be given to declining the on-boarding or exiting of the Customer.
However, if the employee conducting the visit wishes to proceed with on-boarding or retain the
Customer, it should be referred to FCC. The business must ensure that they do not “tip off” the
Customer that there are concerns or that the Customer has been referred to FCC:
6.16 EDD Introduction
6.16.1 The purpose of this section is to identify, assess and mitigate the risks associated with Customers
who pose a higher risk of Financial Crime and where HSBC could be used as a conduit for Financial
Crime activities. In such circumstances HSBC must apply EDD procedures on a Risk Based
Approach.
6.16.2 EDD requirements involve gathering additional information about the Customer, Connected Parties
and Other Related Parties over and above the Core CDD requirements.
6.16.3 EDD procedures must be undertaken for all Customer Types where the Customer is a HNWI or
considered to be an SCC or High Risk, or where individuals connected to the Customer, are PEPs
or where they display higher risk characteristics. EDD procedures may be undertaken at
onboarding, Periodic Reviews, Trigger Events or at any time during the course of the Customer
relationship.
6.16.4 This section highlights the additional requirements not already captured in the risk based approach
outlined in the Retail Business Banking (RBB) ID&V and KYC chapters.
6.17 Politically Exposed Persons
6.17.1 Refer to Global RBWM AML Policy Chapter 13: PEPs for further guidance on Politically Exposed
Persons (PEPs):
6.18 Source of Wealth (SoW) for Ultimate Beneficial Owners (UBOs)
6.18.1 The determination of Source(s) of Wealth for Beneficial Owners is required as follows:
a) For all identified Ultimate Beneficial Owners of High FCRR and SCC Customers, i.e.
those identified as owning 10% or more of the Customer; and/ or
INTERNAL
Page | 104

) For all Customers where a PEP has been identified as an Ultimate Beneficial Owner,
irrespective of the Customer’s FCRR.
6.18.2 For both scenarios, information must be gathered on the identified UBOs in relation to their Source
of Wealth and income to enable an assessment to be made as to whether this is commensurate
with their holding in the company. Evidence supporting the Source of Wealth information must be
documented in the Customer’s CDD profile.
6.18.3 The ID&V Matrix sets out, in detail, the information and documentation sources to be obtained to
gather Source of Wealth details for UBOs.
6.18.4 Where it is not possible to obtain SoW information from public sources, the business needs to
provide a support statement detailing the information obtained from the Customer, which includes
how the UBOs Source of Wealth has been acquired/ built and confirmation that it is consistent with
their holding in the Customer entity. This statement should be stored in the Customer’s CDD profile.
6.18.5 The business needs to be satisfied that they have collected sufficient information to understand the
UBO’s Source of Wealth. If not, the business should consider ceasing to onboard a Customer given
the lack of sufficient Source of Wealth information to assess the risk, and whether the Source of
Wealth is commensurate with the UBOs holding in the Customer. Should the business wish to
continue with onboarding, the Customer should be escalated to Country FCC for review.
6.19 Doing Business in Sensitive Sanctioned Countries
6.19.1 The Global Sanctions Policy (Risk FIM B.2.19) lists those countries designated by HSBC as
Sensitive Sanctioned Countries and includes those countries designated by jurisdictional
programmes imposed by the United Nations, EU, United Kingdom, Hong Kong or the United States
of America. Such programmes include lists of sanctioned individuals, entities or organisations as
well as imposing sanctions which either prohibit almost all commercial activity with the country or
impose broad prohibitions on commercial activity, such as a ban on imports.
6.19.2 Doing business with Sensitive Sanctioned Countries directly or indirectly represents a reputational
risk to the Group and may ultimately expose HSBC to potential breaches of sanctions laws. HSBC
therefore has a limited appetite with respect to Customers that have business dealings with
Sensitive Sanctioned Countries.
6.19.3 EDD will be required to determine if a Customer’s exposure to Sensitive Sanctioned Countries is
within the Group’s risk appetite and managed accordingly.
6.19.4 The risk appetite, with respect to a Customer’s exposure to Sensitive Sanctioned Countries is a
function of:
a) Countries the Customer has exposure to;
b) Type of exposure a Customer has to the Sensitive Sanctioned Country (i.e. Customers
in, supplies from, investments in or operations in);
c) Type of activity (i.e. any industry in which the Customer operates);
d) Level of activity as a % of the entity’s total revenue; and
e) Nature of their relationship with HSBC (i.e. Direct Relationship, Direct Support or Indirect
Risk Exposure 45 ).
6.19.5 Further guidance can be found in the Risk/ Compliance FIM B.2.19.
Identification of Customer Exposure
6.19.6 HSBC is concerned with a Customer’s direct and indirect risk exposure to Sensitive Sanctioned
Countries.
6.19.7 All Customers are required over the course of CDD to affirm whether they, or any members of their
group legal entity structure do business in Sensitive Sanctioned Countries. This includes whether
45
Please refer to the Global Sanctions Policy for the definitions of Direct Relationship, Direct Support and Indirect
Risk Exposure.
INTERNAL
Page | 105

the Customer has Beneficial Owners resident in, Customers in (exports to), obtaining supplies from
(imports from), investments in (assets in) or operations in (business in) Sensitive Sanctioned
Countries.
6.19.8 Communications to Customers will include the list of current Sensitive Sanctioned Countries.
6.19.9 In addition, a Customer’s exposure to Sensitive Sanctioned Countries may be identified as a Trigger
Event through payment/trade finance/message screening, Negative News Screening or over the
course of the Customer relationship.
Enhanced Due Diligence Procedures
6.19.10 Where a Customer has indicated that they have an exposure to Sensitive Sanctioned Countries,
the following EDD activities will need to be performed at onboarding and then at periodic review to
determine whether the Customer’s exposure is within the Group’s tolerance levels.
6.19.11 In reaching this determination, the following information should be considered, where relevant, and
should be documented within the CDD profile:
INTERNAL
Page | 106

Fig. 6.19: Sensitive Sanctioned Country Information to be obtained from the Customer
Information to be obtained from the Customer
Name of legal entity with exposure to Sensitive Sanctioned Countries
Sensitive Sanctioned Countries that the legal entity has exposure to
Type of exposure to each Sensitive Sanctioned Country (owned by/operates in/invests in/has Customers
in/purchases from)
The level of activity for each type of exposure that the entity has with a Sensitive Sanctioned Country 46 :
Nature of Customer’s
exposure with a Sensitive
Sanctioned Country
Information required
Owned by BO(s) resident in
a Sensitive Sanctioned
Country
Operates in a Sensitive
Sanctioned Country
Has investments in a
Sensitive Sanctioned
Country
Selling to Customers in
Sensitive Sanctioned
Countries
Buying from suppliers in
Sensitive Sanctioned
Countries
Name of BO(s) (UBOs and IOs), where identified, subject to thresholds
in Retail Business Banking Corporates and Partnerships ID&V and KYC
chapters
Total % ownership held by Beneficial Owner(s) domiciled in a Sensitive
Sanctioned Country
Total revenues and assets of the legal entity (USD or local currency)
% of total revenue from operations in Sensitive Sanctioned Countries
Value of investment in Sensitive Sanctioned Countries and total assets
(USD or local currency)
% of total assets related to investments in Sensitive Sanctioned
Countries
Nature of investment (e.g. type of investment, local partners)
Value of export sales to Sensitive Sanctioned Countries (USD or local
currency)
% of total revenues from trade with Sensitive Sanctioned Countries
Nature of products/ services sold
Value of import purchases from Sensitive Sanctioned Countries (USD or
local currency)
% of total cost of goods sold from purchases from Sensitive Sanctioned
Countries
Nature of products/ services purchased
The entity’s primary business operation, including information on the products and services involved in their
exposure to Sensitive Sanctioned Countries.
Supplementary information regarding:
The Customer’s business plans with regards to Sensitive Sanctioned Countries (e.g. to reduce or terminate
transactions with a Sensitive Sanctioned Country; for example winding up of a business) and anticipated timing
of such activities;
Description of the Customer’s control procedures to monitor transactions with Sensitive Sanctioned Countries
and to ensure compliance with sanctions regulations; and
46
This information needs to be captured in relation to each Sensitive Sanctioned Country which the Customer has
exposure to.
INTERNAL
Page | 107

Information required
Whether the legal entities with exposure to Sensitive Sanctioned Countries are HSBC Customers, and if so:
a) Which Products and services are offered to the Customer?
b) Do the Products provided have a specific purpose to support trade with Sensitive Sanctioned Countries?
Control and Approvals Process
6.19.12 Once full information about the Customer’s exposure to Sensitive Sanctioned Countries has been
received by the business and CDD Operating Unit, the Customer should be escalated to FCC
Sanctions. FCC Sanctions will determine whether the exposure is within HSBC’s risk appetite and
to determine whether any additional EDD is required.
6.19.13 The table below describes the additional CDD control and approvals procedures required:
Fig. 6.20: Additional CDD Control and Approval processes
Scenario
Legal entity that HSBC banks has an
exposure to Sensitive Sanctioned
Countries in excess of the exposure
levels (Refer to Global Sanctions
Policy/ FIM)
Legal entity that HSBC banks has an
exposure to Sensitive Sanctioned
Countries within threshold amounts
Controls and Approval processes
a) New Customers should be declined unless a Sanctions Risk
Approval is obtained through a referral to FCC Sanctions and
where necessary the Reputational Risk and Client Selection
Committee (RRCS). The Sanctions Risk Approval Form can be
found in the Global Sanctions SharePoint at:
http://teams.uk.hsbc/compliance/globalsanctions/Blank%20Tem
plates/Forms /AllItems.aspx.
b) For existing Customers, a Sanctions Risk Approval must be
obtained (by referral to FCC Sanctions and where necessary the
RRCS). In the event a Sanctions Risk Approval is declined, the
Customer relationship must be exited.
c) The escalation to FCC Sanctions should indicate any risk
mitigations to be considered by FCC Sanctions. If a Sanctions
Risk Approval is granted, the Customer’s FCRR must be SCC
d) Where required by FCC Sanctions, the Customer must
acknowledge and agree in writing that HSBC will not facilitate
payments to any person or entity listed on a sanctions list or
located in a Sensitive Sanctioned Country. The wording of any
Customer undertaking must be approved by FCC Sanctions.
e) It should be noted that depending on the specific sanctions
measures in place any particular transaction may be prohibited
a) Customers with Sensitive Sanctioned Country exposure that falls
within the thresholds can be on-boarded or maintained only with
the approval of the FCC Sanctions Officer.
b) If approval is given to open or maintain the customer relationship,
the Country Sanctions Officer should consider whether the
Customer should be categorised as a Special Category Client
(SCC).
c) Where required by FCC Sanctions, the Customer must
acknowledge and agree in writing that HSBC will not facilitate
payments to any person or entity listed on a sanctions list or
located in a Sensitive Sanctioned Country. The wording of any
customer undertaking must be approved by FCC Sanctions
d) It should be noted that depending on the specific sanctions
measures in place any particular transaction may be prohibited
INTERNAL
Page | 108

6.20 Customers with Identified Exposure to Countries with a
Transparency International Corruption Perception Index (TI CPI) Score of 22 or Less
6.20.1 HSBC has a limited appetite for Customers with a significant exposure to high risk countries where
the TI CPI score is ≤ 22. These Customers must be risk-rated High, require additional approvals
from the regional/local RRCSC and are subject to the additional EDD as described in this section.
These Customers must be escalated to FCC.
6.20.2 Significant Customer exposure to TI CPI ≤ 22 countries is defined as:
a) Customer incorporated/registered/formed in a TI CPI ≤ 22 country;
b) Customer with a primary business operation in a TI CPI ≤ 22 country;
c) Customer with a ≥ 25% UBO whose country of permanent residence is the TI CPI ≤ 22
country; or
d) Customer with known business operations in TI CPI ≤ 22 countries of 10% or more from a
single jurisdiction or 25% or more from several jurisdictions, as indicated by:
Total Investments; and/ or
Total Sales; and/ or
Total Supplies; and/or
HSBC products and services provided with the specific purpose of supporting activity in
that country (e.g. provision of a performance guarantee).
6.20.3 Where exposure to a TI CPI ≤ 22 country has been identified over the course of CDD, further Nature
of Business information is required. The information required varies according to the nature of the
Customer’s exposure, as outlined in the Table below:
INTERNAL
Page | 109

Fig. 6.21: Further Nature of Business Information
Nature of Customer’s
Exposure to TI ≤ 22
countries
Incorporated/Registered
/Formed in the Country
Source of Exposure Identification
Customer ID&V (see Section 6.6)
Further EDD requirements to be Captured
No additional EDD requirements
Operates in the Country Customer ID&V (see Section 6.6) No additional EDD requirements
Owned by BOs
domiciled in country
Has investments in
country
Sells to Customers in
country
Buys from suppliers in
country
UBO ID&V (see Section 6.7)
identifies UBO country of primary
residence for Other Entities and
Country of Incorporation for IO’s.
Nature of Business information (see
Section 6.12) identifies Countries
where the Customer does business
AND/OR
Products and Services provided to
the Customer have the specific
purpose of supporting investments
with the Country
AND/OR
Based on other Customer
management/transaction monitoring
information
Nature of Business information on
Countries the Customer does
business/Trades with as outlined in
Section 6.12;
AND/OR
Products and Services provided to
the Customer have the specific
purpose of supporting business
activity with the Country
AND/OR
Based on other Customer
management/transaction monitoring
information e.g. from Trade product
information
No additional EDD requirements as UBO
Source of Wealth will be identified, as outlined
in Section 6.18.
a) Value of investment (USD or local
currency, % of total assets) in the
country
b) Nature of investment (e.g. type of
investment, local partners)
a) Value of exports/imports (USD or local
currency, % of total)
b) Nature of exports/imports (e.g.
products/services sold or purchased)
Additionally for all:
Description of any specific control procedures that the Customer has to monitor the risks associated with the TI
CPI ≤ 22 country;
Details of Customer’s business plans in the market (i.e. expansion through acquisition of new Customers,
expansion of existing relationships, change of existing contracts, Exit from the market etc.) and anticipated
timings for such plans;
Details of HSBC products and services provided with the specific purpose of supporting the Customer’s activity
with the Country.
INTERNAL
Page | 110

7. Clubs & Societies
Key Objective
How will the Objective
be achieved?
Scope of Section
To identify, assess and mitigate the risks associated with specific Customer types which
pose a higher risk of Financial Crime, and/or where HSBC could be used as a conduit
for Financial Crime activities.
This Customer type requires additional and/or specific due diligence to address their risk
attributes, outside the scope of the standard ID&V, KYC and general EDD requirements.
This Section outlines who the Customer is for due diligence purposes, and the specific
and/ or additional due diligence requirements for Clubs and Societies.
Section outlines the ID&V procedures with respect to the following:
Definitions and Risks of Customer Type
7.1. Introduction
7.2. Definition of Customer Type
7.3 Risks Associated with Clubs and Societies
7.4. Key Connected parties
7.5. Prohibited Clubs and Societies and Customer Risk Classification
ID&V of the Customer and their Connected Parties
7.6. ID&V Requirements for the Club/Society
7.7. ID&V Requirements for Connected Parties
Know Your Customer (KYC)
7.8. Customer Screening
7.9. Understanding Nature of Business and Source(s) of Wealth
7.10. Understanding the Intended Purpose and Usage of Account
7.11. Enhanced Due Diligence (EDD)
Related Sections
Guidance sources
Global AML Policy: CDD Standards - Individuals (ID&V)
Global AML Policy: CDD Standards - Corporates & Partnerships (KYC)
Global AML Policy: CDD Standards - Corporates & Partnerships (EDD)
Chapter 4 – Trusts (available in this document - RBWM CDD Customer LoBP)
Global AML Policy: CDD Standards - NPOs
INTERNAL
Page | 111

Definitions and Risks of Customer Type
7.1 Introduction
7.1.1. The procedures below outline the Customer Due Diligence (CDD) standards that should be
followed for Clubs and Societies. Where the requirements align to the standards for Corporates,
Individuals, or other Legal Entity types, a cross reference is used to indicate related Global
Guidance and RBWM LoBP sections.
7.1.2. RBWM only banks Clubs & Societies, for all categories of Non-Profit Organisations (NPOs) other
than Clubs and Societies, please refer to the Global Procedural Standards for CMB and the
applicable CDD standards.
7.2 Definition of Customer Type
7.2.1 The majority of Clubs and Societies will have the following characteristics:
a) Legal status defined by the organisation’s aims and purpose;
b) Are self-governing private organisations, which pursue activities for public or private interest
or benefit (e.g. social, literary, or religious purposes);
c) Operate on the principle that funds are raised for a stated cause or “mission” through a
diverse set of Donors/ Members;
d) Funds are distributed to other projects, organisations, or individuals, in accordance with the
aims of the organisation.
7.2.2. Clubs and Societies are usually funded by Donors or Members through:
a) Donations;
b) Membership Dues; and/or,
c) Grants.
7.2.3. Management of funds within Clubs and Societies sits with the Key Controllers of the organisation.
It is the responsibility of the Key Controllers to manage and distribute the funds, which must be
completed in a manner consistent with, and in support of, the objectives of the organisation.
7.2.4. Clubs and Societies generally distribute benefits internally to the Connected Parties of the
organisation (e.g. to its Members)
7.2.5. Descriptions of Clubs and Societies may include:
Figure 7.1: Descriptions of Clubs and Societies
Description
Examples
Clubs and
Societies
An association of members sharing a common interest by the use
of a structure (formal or informal) through which they can pursue
that interest;
Chess club;
Football club.
Depending on the size, purpose, and jurisdiction, may be
incorporated or unincorporated;
Only unincorporated Clubs and Societies are permitted within
RBWM and will be treated as a Partnership unless otherwise
specified (refer to Global Procedural Standards Corporates and
Partnerships Chapter [6] for additional detail). If any incorporated
Clubs and Societies are identified refer to Country FCC.
INTERNAL
Page | 112

7.2.6. Investment clubs are outside the scope of this section as they are operationally different from other
clubs in terms of funding and purpose and will be covered in the Funds Chapter 10 of the Global
Procedural Standards.
7.3 Risks Associated with Clubs and Societies
7.3.1 Many clubs and societies are small or medium sized organisations and as such are reliant on a few
professionals/volunteers to control their funds and assets. These arrangements may lack the
scrutiny and segregation of roles and responsibilities which is often a feature of large organisations;
7.3.2 Clubs and societies will often lack formally executed documentation and, accordingly, the risk of
misrepresentation or deception may be higher
7.4 Key Connected Parties associated with Clubs and Societies
7.4.1 Establishing the Connected Parties requires an understanding of how the Club/ Society is
structured, how funding is sourced, who has control over the distribution of funds, and to whom the
funds are distributed.
7.4.2 The following table defines key Connected Parties requiring CDD for clubs and Societies in RBWM:
Figure 7.2: Definition of key Connected Parties requiring CDD
Role
Description
Beneficial
Owners
It is important to note that in the case of a Club or Society, there will be no individuals or
entity that will be classed as a “Beneficial Owner 47 . This is due to the purpose and
organisational structure of Clubs and Societies and the absence of share capital 48 ;
Donors Individuals or entities providing funds to the organisation; e.g. Donations outside of
normal membership fees
Donors may provide one-time only payments or regular ongoing funds to the
organisation;
Donors surrender ownership and control of the donated funds to the Club or Society;
Based on the structure of the entity, in certain circumstances Donors can retain control
over the funds
Members would not automatically be considered a Donor unless they meet one of the
requirements above.
Key Controllers Individuals who are elected or appointed to exercise direct control over the Customer by
participating in its governance or senior executive activities;
The title given to a Key Controller varies according to the type of entity and country of
operation/incorporation
For a Club or Society a Key Controller may be the President of the club, the Treasurer,
or the club Secretary;
Managing
Members
Managing Members are considered to be individual members who are elected/appointed
to participate in the governance of the organisation and will have a significant amount of
control over the organisation;
49 For a definition of Beneficial Owner refer to Figure 6.2 Corporates and Partnerships Section
50 In the context of the Global Non-Profit Organisations (NPO) Procedural Standards, an entity may have material control over the Club or Society
whether through voting rights, appointment of Senior Management, or direct management of the entity. This may result in a parent and/or
branch/subsidiary relationship for Clubs and Societies.
INTERNAL
Page | 113

Other Connected
Parties
The primary difference between a Managing Member and a Key Controller is that a
Managing Member is part of the membership base of the organisation and directly
benefits from the purpose of the organisation;
Managing Members may exist along with Key Controllers;
Examples of other Connected Parties include, but are not limited to, Authorised
Signatories and Power of Attorney holders, who may be appointed in positions of
effective control of the Customer;
Individuals with Sole Authority over the Customer’s RBWM account/financial affairs are
also considered to be Key Controllers due to the influence they have over the
organisation. Where these parties are not recorded in Product Level Due Diligence, they
may be recorded in the CDD Profile.
7.4.3. The following table establishes definitions of Other Related Parties who may require CDD based
on their role within the organisation:
Figure 7.3: Other Related Parties who may require CDD
Role
Description
Members Individuals who have joined a Club or Society*;
While membership fees are usually collected, the payment of membership fees is not a
prerequisite to be considered a member.
*where the Club or Society has AUM over $10,000 and there are less than 5 members
Volunteers Individuals who engage in activities to help a Club or Society achieve its stated
objective;
The activity should not be primarily undertaken for financial reward.
7.5 Prohibited Clubs and Societies and Customer Risk Classification
7.5.1. Clubs and Societies will be risk rated according to the Financial Crime Customer Risk Assessment
Model (FCC-RAM) 49 .
7.5.2. Certain types of Clubs or Societies are prohibited customers. These include:
a) Entities named on sanctions lists issued by Competent Authorities in any jurisdiction.
b) Entities the subject of allegations of links to criminal/terrorist related activities/persons.
c) Entities which have activities or aims that may present a heightened reputational risk (e.g.
Due to high profile/media attention) 50 .
d) Entities which have activities which support a HSBC prohibited Customer type.
7.5.3. The following High Risk Indicators are to be considered for Clubs and Societies:
a) Significant exposure (25% or more of annual contributions from or disbursements) to high
risk jurisdictions (cross border fund movement and/or geographical presence outside of the
country of establishment);
b) Majority (50% or more) of the incoming annual funds are collected in cash (where this 50%
is equal to or exceeds US$10k or equivalent local currency).
49
Where a Club or Society is associated with a Political Party, the organisation should be risk rated according to the FCC-RAM. Where a PEP is
identified as a Key Controllers refer to Global RBWM Line of Business Procedures - PEPs.
50
Note: where the Business is uncertain as to whether a Club or Society should be considered prohibited, escalate to Country FCC.
INTERNAL
Page | 114

7.6 ID&V Requirements for the Club / Society
7.6.1 The following minimum identification and verification information must be obtained for Clubs and
Societies:
Figure 7.4: Minimum ID&V Requirements
Minimum Identification Requirements – Clubs and Societies (all FCRRs)
a) Full Legal Name;
b) Structure of Club and Society Identification Number or equivalent (e.g. registration number, tax identification
number) (where available);
c) Registered status and name of supervisory body (where applicable); 51
d) Registered 12 address (where applicable);
e) Business 52 address (where applicable);
f) Year of establishment;
g) Website address (where available).
Verification Requirements – Clubs and Societies (all FCRRs)
a) Full Legal Name;
b) Registered address 52 (where applicable);
c) Business Address 52 (where applicable);
d) Identification Number or equivalent (e.g. registration number, tax identification number) (where available).
Verification Sources (all FCRRs):
Two reliable and independent verification sources are required; one of which must be a Primary Document. Please
refer to the Individuals ID&V chapter.
For unincorporated organisations (i.e. organisations with no defined legal entity structure):
Obtain tax related documentation where available ; and
Constitution or Rules of the Organisation (where available)
If address is that of a connected party, verify their address
7.6.2. In addition to the above minimum identification requirements, further information may be obtained
to enhance the Customer’s experience or to facilitate communications with the Customer; for
example, telephone number and email address.
7.7 ID&V Requirements for Connected Parties (i.e. Key Controller)
7.7.1. The following connected parties should be ID&V’d as per the requirements below The following
Connected Parties should be ID&V’d as per the requirements below. Where additional Connected
Parties exist based on the Legal Entity type being other to that of a Partnership (e.g. Trust), ID&V
of these Connected Parties should be performed as per the requirements of the specific Legal
Entity type.
7.7.2. Where a PEP is identified as a Connected Party, please refer to the Global RBWM AML Policy
Chapter 13: PEPs
51
In some jurisdictions certain types of Clubs and Societies will be required to register with a supervisory body. Where the registration details are
not available it is necessary to understand the reasons for this and escalate to Country FCC.
52
Where a Club or Society does not have a business address or registered address, a correspondence address must be obtained and verified.
INTERNAL
Page | 115

Donors
7.7.3. Donors will often not have a material connection to the organisation itself once the funds have been
transferred. As a result, it may prove difficult to gather information that would be captured for similar
Connected Parties of other customer types as no formal relationship exists between the
organisation and the individual Donors.
7.7.4. The following are the ID&V requirements for Donors:
Figure 7.5: ID&V Requirements for Donors
Customer FCRR Identification Requirements Verification Requirements
All
Customer FCRR
All Donors (e.g. individuals/ entities making
donations outside of normal membership fees)
that contribute 5% or more (where 5% is equal
to or exceed US$10k or equivalent local
currency) of total annual contributions to the
Club/ Society 53
No verification requirements
Information to be obtained for all identified Donors (those Donors that contribute 5%
(where 5% is equal to or exceed US$10k or equivalent local currency) of total annual
contributions)
All
Full Legal Name;
Contribution % ;
Additionally for Individuals
Date of Birth;
Permanent Residential Address;
Additionally for Legal Entities
“Trading As” name (where applicable);
Registered Address.
No verification requirements
7.7.5. It is important to understand the organisation’s Donor base and to ensure that it is in line with the
stated activities of the Club/ Society.
7.7.6. It is also necessary to understand the controls that the Customer has in regards to its Donors for
managing money laundering and terrorist financing risks.
Key Controllers
7.7.7. Key Controllers, and Authorised Signatories should be ID&V’d as per the requirements detailed in
the Customer Individuals ID&V chapter 1 (for other entities refer to the relevant Legal Entity type
CDD chapter).
7.7.8. Where a Sole Authorised Signatory who is not a Key Controller by position with the entity is
identified, the Business should make reasonable efforts to understand the precise nature of the
relationship of the Sole Authorised Signatory to the Customer and document the results of this
enquiry in the CDD Profile.
7.7.9. For small clubs and Societies ( e.g. local Chess club) it is common to have a sole authorised
signatory, In instances where the nature of the relationship between the Sole Authorised
Signatory and the Club/ Society raises concern as to the true nature of the organisation or its
control structure, the Club should be escalated to Country FCC for review. Due to the potential of
misappropriation of funds for this customer type.
53
Where a single anonymous donor provides funds over the established threshold, the Customer should be escalated to Country FCC.
INTERNAL
Page | 116

Members
7.7.10. Clubs and societies usually maintain formal or informal records of its Members. These records may
be used to evidence the existence of a class of Members who seek to benefit from the organisation.
7.7.11. All managing members must be identified and ID&V conducted in line with the Individuals ID&V
Chapter 1. Managing members are individuals that control the operations and / or funds of the
Club / Society (e.g. the Club President or Treasurer).
7.8 Customer Screening
7.8.1 The following table sets out the parties and information to be screened where identified (all FCRRs):
Figure 7.6: Customer Screening
Party
Official and
Other
Screening
Lists
NegativeNews
Screening
Information Screened
Customer
Club/ Society Yes Yes Full Names
Connected Parties
Donors Yes Yes Full Name of Identified Donors
Key Controllers Yes Yes Full Name of the individuals identified in
ID&V
Members (Managing) Yes Yes Full Name of Managing Members
Other Related Parties
Other Related Parties Yes Yes Full name of the individuals identified in
ID&V
Negative NewsScreening
7.8.2. Where a Donor or Key Controller is identified as a PEP or High Risk/SCC Negative News Screening
should be carried out.
INTERNAL
Page | 117

7.9 Understanding Nature of Business and Source(s) of Wealth
Nature of Business
7.9.1. It is critical to understand the purpose and activities of the organisation in order to assess the
Financial Crime Risk.
7.9.2. In all cases it is important to understand the following
Nature and purpose of the club/ society business
Country in which they operate, generate funds or hold assets.
Value of membership fees
7.9.3. In addition below is the key additional Business information to be obtained for Clubs and Societies
when the annual turnover of the account is more than $10,000 or equivalent
Figure 7.7: Nature of Business Information for Clubs and Societies
Nature of Business
All Clubs,
Societies
a) Key Financial data including:
Most recent level of annual donation/membership fees or expected
donations/membership fees (where applicable);
Details of any government or state funding.
b) Nature and purpose of Customer’s operations;
c) Operational Data;
Number and location of:
employees; and
Volunteer base.
place of Business Operations;
d) Principal place of business and jurisdiction in which the Customer, the Customer’s
subsidiaries/branches and where applicable its parent is based;
e) Number of branches and/or offices in each country.
f) Countries of Business Focus;
Jurisdictions where the Customer generates funding greater than 10% of annual
donations/membership fees;
Jurisdictions where the Customer makes distributions greater than 10% of annual
distributions;
Jurisdictions where the Customer holds assets greater than 10% of total asset
balance.
g) Details on any cash donations accepted should be obtained from the Customer including
details regarding:
Cash value of donations;
What percentage of overall donations are collected in cash;
Maximum value of cash donations accepted per transaction.
h) Details of how Key Controllers (and/or Managing Members) are appointed;
i) Nature of membership base;
j) Number of Members;
k) Details of how membership fees are collected.
7.9.4. Based on the information obtained from the Customer, assess whether the organisation’s donation/
membership profile aligns with the mission, aims, purpose and objectives of the organisation.
INTERNAL
Page | 118

7.9.5. Where there are differences between the country of registration, primary operation or permanent
residence of Key Controllers, the rationale for the operating and organisational structure of the Club
or Society should be obtained. Where a reasonably justified explanation is not provided, the
Customer should be escalated to Country FCC.
7.9.6. Details of any recent material changes to the Customer’s operations (e.g. change in mission, class
of Donors/ Beneficiaries and fundraising activities) should to be understood. At Customer
onboarding, a recent change is considered to be one which has occurred within the past 5 years.
At Periodic Review or review as a result of a Trigger Event, information should be updated in the
CDD Profile to reflect any changes that have taken place from the last review.
Understanding the Source(s) of Wealth
7.9.7. For Clubs and Societies SoW will likely be derived from Membership dues or a donation from a
single or multiple Donor(s).
7.9.8. The ongoing SoW will be dependent on the Club or Society’s nature of business (i.e. whether the
organisation receives ongoing donations/ funding and/or membership dues or has commercial
activities).
7.9.9. For detailed requirements on SoW refer to Global Procedural Standards - Corporates and
Partnerships Section 6.3.
Understanding Sources of Funds
7.9.10. Refer to Global Procedural Standards - Corporates and Partnerships Section 6.4.
7.10 Understanding the Intended Purpose and Usage of Account
7.10.1. Refer to Global Procedural Standards - Corporates and Partnerships Section 6.5. Where the
intended purpose and usage of the account are not consistent with the type of Club or Society, the
account must be referred to the Country FCC.
7.11 Enhanced Due Diligence (EDD)
7.11.1 Refer to Global Procedural Standards Corporates and Partnerships Section [7– Enhanced Due
Diligence (EDD) for EDD requirements applicable to all entity types.
INTERNAL
Page | 119

8. Personal Investment Vehicles
Key Objective
How will the Objective
be achieved?
Scope of Section
Related Sections
To identify, assess and mitigate the risks associated with Personal Investment
Companies (PICs) and Personal Investment Funds (PIFs) which pose a higher risk of
Money Laundering or Terrorist Financing or where HSBC could be used as a conduit for
financial crime activities
PIFs and PICs require additional and/or specific due diligence to address their risk
attributes, outside the scope of the standard ID&V, KYC, and general EDD
requirements.
This section outlines the specific and/or additional due diligence requirements for these
Customers (and their connected parties, as applicable).
This Section outlines the additional/specific due diligence requirements in relation to the
following:
8.1 8.1 Introduction
8.2 8.2 Definition
8.3 Risks associated with PIVs
8.4 CDD Requirements for PIVs
8.5 Identification and Verification (ID&V)
8.6 Know Your Customer (KYC)
8.7 Customer-specific trigger events
8.8 Other Considerations
Sections [1-3] – RBWM Individuals: ID&V, KYC and EDD
Global AML Policy: CDD Standards - Corporates & Partnerships (ID&V)
Global AML Policy: CDD Standards - Corporates & Partnerships (KYC)
Global AML Policy: CDD Standards - Corporates & Partnerships (EDD)
Section [4] – RBWM Trusts
Global AML Policy: CDD Standards - Funds
Global AML Policy: CDD Standards - Foundations
Guidance sources
Global AML Policy: CDD Standards - PIVs
INTERNAL
Page | 120

8.1 Introduction
8.1.1. In order to identify, assess and mitigate the risks associated with Personal Investment Vehicles
(PIVs) such as PIFs and PICs, HSBC must apply specific due diligence procedures using a risk
based approach. Specifically, the key CDD focus with PIVs relates to the Ultimate Beneficial
Owner(s) since the sole purpose of the PIV (see definition below) is to hold and invest personal
wealth on behalf of an individual or a small number of individuals.
8.1.2. These specific due diligence procedures are to be considered in addition to the standard ID&V,
KYC and EDD requirements outlined in RBWM Individuals and Corporates and Partnerships
Chapters.
8.2 Definition
8.2.1. This chapter outlines the due diligence requirements for Personal Investment Vehicles, which
include the following categories of Customers.
Figure 8.1: Personal Investment Vehicles - Definition
Customer
Definition
PIC
PIF
An incorporated entity (wherever constituted) ultimately beneficially owned by an individual
or a small number of individuals, who are all connected to each other by family
relationship or other, similar close association, the sole purpose of which is holding and
investing the ultimate beneficial owner’s(s’) personal wealth. Assets held may include, but
are not limited to, property, shares, bonds or any negotiable instrument.
Refer to the Global RBWM AML Policy Chapter 13: PEPs for the definitions and examples
of family members and close associates.
Note that a PIC is distinct from a Holding Company. Please refer to the definition of
Holding Company in Global Procedural Standards Corporates and Partnerships Chapter 5
– ID&V.
A Fund which satisfies one of the following criteria:
Is limited to 10 or fewer investors (whether individuals or entities); or
Is only open to investors (individuals) who are all connected to each other by
family relationship or other, similar close association, or to investors (entities)
which are connected by legal structure, for example entities in the same group
structure.
Refer to the Global RBWM AML Policy Chapter 13: PEPs for the definitions and examples
of family members and close associates.
A Fund is an individual pool of assets or investments which are ring-fenced and managed
by a Fund/Investment manager with the intention to provide an economic return, through
capital gain and/or income, to the beneficiaries or owners of those assets.
8.2.2. Please note that Funds as an Entity type (Global Procedural Standards Funds Section 10) are
considered separately to PIVs. The additional and specific procedures for Funds do not apply to
PIFs, as defined above. If there is any doubt as to whether the Customer is a Fund or a PIF, refer
to country FCC for guidance.
8.2.3. Private Holding Trusts (“PHTs”) and Private Foundations are also considered separately within
the RBWM Procedural Standards and Global Procedural Standards and are not subject to the
requirements outlined below. Please refer to RBWM Section 4 Trusts for further information on
PHTs and to Global Procedural Standards Section 15 for the requirements for Foundations
(Section [15] Foundations).
8.2.4. It is sometimes difficult to determine the form of a particular entity since the word ‘trust’ may be
included in its name although the entity is actually a fund. A trust generally involves an individual
INTERNAL
Page | 121

or entity (settlor) passing control/ownership of an asset(s) to the control of a third party (trustee)
for the benefit of another third party (beneficiary). When an investor places money with a fund it
will generally be with the expectation of such funds being returned. If you have any doubt
concerning the precise form of the entity, please refer to country FCC.
8.3 Risks associated with PIVs
8.3.1. There are a number of inherent risks when dealing with Personal Investment Vehicles. These
include, but are not limited to:
Figure 8.3: Risks Associated with Personal Investment Vehicles
Beneficial owners’
source of wealth
The source of wealth of the beneficial owners of the PIC or PIF may be derived from illicit
or prohibited activity. This may be made more difficult to detect by the culture of
confidentiality attached to these structures, where it is usual practice not to disclose
publically the identity of the underlying investors (beneficial owners) or positions held,
unless legally obliged to do so.
Complex structures
Purpose of the
structure
Financial crime risks may be magnified by the existence of structures which may hinder or
complicate establishing the identity of the underlying investors (beneficial owners). This
may be because the unit-holdings are held in nominee names or trusts. The country of
incorporation of the PIC or PIF may also be a factor which affects the complexity of the
structure and should therefore also be considered, where relevant. Where there are three
or more layers in the ownership or control structures around the PIC or PIF, or where
other unusual characteristics are identified, the Customer should be escalated to country
FCC for guidance.
There is an increased risk of financial crime associated with PICs and PIFs due to the
potential opacity of the ownership structure and the purpose of the vehicle. While this may
be valid (for example to confer tax advantages legally or to provide a valid level of
confidentiality on the nature of the assets held), it is important to establish that the vehicles
have a genuine and legitimate purpose.
8.4 CDD requirements for PIVs
8.4.1. Common chapters have been drafted for ‘Corporates and Partnerships’ which detail the
requirements as a baseline for all other ‘non individual’ customer types in respect of:
Identification and Verification: Global Procedural Standards Corporates & Partnerships ;
Know Your Customer: Global Procedural Standards Corporates & Partnerships;
Enhanced Due Diligence: Global Procedural Standards Corporates & Partnerships.
8.4.2. This chapter seeks to outline the additional or different ID&V, KYC and EDD requirements for
PIVs, which may differ or be changed with regard to the baseline chapters as noted above.
8.5 Identification and Verification (ID&V)
8.5.1. There are no specific additional requirements for the ID&V of PIVs as Customers. The core ID&V
requirements outlined in [Global Corporates & Partnerships Procedural Standards Section [5] -
ID&V] must be completed for all PIVs.
8.5.2. However, it is vital to understand the ownership structure as this will assist with determining which
Investors (Beneficial Owners) have control of the PIV, and will establish their true percentage
ownership. In contrast to the core Corporates & Partnerships baseline content, where the
requirements to ID&V the ownership structure and Beneficial Owners of the Customer vary
according to its FCRR (refer to Global Procedural Standards Section 5.9.12 for further
information), ID&V of the ownership structure and all Ultimate Beneficial Owners (UBOs) and Key
Controllers must be performed for all PIVs regardless of their FCRR. The ID&V of these UBOs
INTERNAL
Page | 122

and Key Controllers must be performed in accordance with RBWM Individuals Section 1.8 (ID&V
– Requirements for an Individual Customer).
8.5.3. In certain instances, nominee directors, shareholders, companies, fund managers or other
connected parties may be used in PIV structures. Nominees are commonly used to create a
layer(s) of apparent ownership and control to disguise the actual beneficial ownership and control
structure. A nominee may be an individual or entity and is defined as a party acting on behalf of
another party and only on the specific instruction of that party.
8.5.4. Where nominee or intermediate parties exist, it is only required to identify the name, date of birth
and permanent residential address for individual nominees or the Name, Country of Incorporation
and Regulated / Listed Status (where applicable) for entity nominees and to screen them against
Official and Other Lists and Negative News. Additionally, consideration should be given to
obtaining the nominee agreement(s).
8.5.5. The use of nominees may be limited to the PIV itself or be more complex with multiple layers of
nominee or intermediate parties. Where multiple layers of nominee or intermediate parties exist, it
is key to 'look through' these layer(s) in order to understand who the ultimate beneficial owners
are and the individuals (if different) who exercise real control over the PIV. Please refer to Global
Procedural Standards Corporates and Partnerships Section 5.9.3 for specific requirements
regarding “look through”. If concerns are raised over the complexity of the overall structure,
consideration should be given to verifying certain CDD information obtained for the individual and
/ or entity nominees.
8.5.6. Where the Customer is a PIF, it may also be required to ID&V and screen the Fund Manager. The
ID&V of the Fund Manager should be performed in accordance with RBWM Individuals ID&V
Section 1.9 – ID&V Requirements for Connected Parties.
8.5.7. The ID&V requirements for the UBOs and Key Controllers (nominee or non-nominee) of the PIV
and the Fund Manager (applicable for PIFs only) are summarised in the table below.
Figure 8.3: Personal Investment Vehicles ID&V Requirements
Role Identify Verify Screen against Official and
Other List and Negative News
Ultimate Beneficial Owner (non-nominee and Yes Yes Yes
nominee arrangements)
Key Controller (non-nominee) Yes Yes Yes
Intermediate Owner (nominee) Yes No* Yes
Key Controller/(nominee) Yes No* Yes
Fund Manager with power to withdraw funds Yes Yes Yes
from the PIF
Fund manager with power only to invest funds Yes No Yes
and not withdraw funds from the PIF
* Verification is not required where the Key Controller/ Intermediate Owner is a Nominee, and a Nominee Agreement has been
provided by the UBOs. Verification of information should be considered where concerns are raised over the complexity of the overall
structure.
8.6 Know Your Customer (KYC)
8.6.1. Except where outlined below, there are no specific additional KYC requirements for PIVs as
Customers. The requirements outlined as a baseline in Chapter [5] of the Global Procedural
Standards Corporates & Partnerships - Know Your Customer (KYC) should be completed.
Understanding Nature of Business
8.6.2. It is important that information be gathered in order to identify the Customer as a PIC or a PIF (as
opposed to a Corporate or a Fund). This includes obtaining the constitution document (or another
acceptable document, such as the investment management agreement, shareholder agreement,
INTERNAL
Page | 123

offering memorandum or prospectus) for the structure, for example, from an officer in the
Customer entity with an independent control function, such as Company Secretary.
8.6.3. It is also required for all PIVs to understand the reason for use (economic purpose) of the PIV
structure, and to assess that it has a genuine and legitimate purpose. Examples of the economic
purpose of a PIV are generally limited to Tax Management.
Understanding Source of Wealth and Source of Funds
8.6.4. There are no specific additional KYC requirements for PIVs as Customers relating to
understanding the Source of Wealth of the structure.
8.6.5. Source(s) of Wealth must be identified and validated for all UBOs and Investors in the PIV.
8.6.6. The procedures to identify and validate Source of Wealth must be performed in accordance with
the RBWM Individuals KYC standards (Refer to Section 2.5 – Source of Wealth).
8.6.7. Sufficient information should be collected to enable HSBC to form a reasonable conclusion that
they have earned or otherwise acquired their accumulated capital legally, that they provided
capital to the structure with a bona fide investment purpose, and that their Source(s) of Wealth is
commensurate with their holding in the Customer. The initial and on-going Source of Funds for
PIVs will often reflect Customer specific characteristics such as payments originating from other
family members, family businesses or countries where the Customer has personal or financial
connections such as residency and existing investments.
8.7 Customer-specific trigger events
8.7.1. RBWM CDD Process Procedural Standards [Chapter 4 – Periodic and Event Driven Reviews]
outlines the procedures to be performed at a Trigger Event. Appendix [8] of the Periodic and
Event Driven Review Procedural Standards lists the Trigger Events applicable to all entities and
the Trigger Events by customer type.
8.8 Other Considerations
Bearer Shares
8.8.1. RBWM has a zero appetite for banking Bearer Share Entities. On-boarding of new Bearer Share
PICs is prohibited. Where an existing Customer is a Bearer Share entity, it should convert to a
registered share Entity or be exited in accordance with the CSEM policy (see Client Selection and
Exit Management Policy).
8.8.2. Asset Management Group (AMG) and Insurance Group (INS) are permitted to maintain
relationships with, or offer products to, Issued Bearer Share Companies and Bearer Share
Capable Companies where the underlying Line of Business (i.e. CMB or GBM) has applied all
necessary controls outlined in Global Risk FIM; Global Risk Compliance FIM B.2.17.9.
8.8.3. Appropriate written agreements must also be in place with the underlying Line of Business (i.e.
CMB or GBM) which confirms that they are complying with the policy and informing AMG or INS
of any relevant changes of ownership, as well as providing regular relevant FCC MI and/or
indicators of unusual activity noted on the underlying customer.
Reliance
8.8.2. Please note that the procedures outlined in Global Procedural Standards Funds Section 10.6.3 do
not apply to PIFs.
INTERNAL
Page | 124

9. Reliance
Key Objective
To describe the circumstances under which HSBC can rely upon another Firm/Intermediary for
the due diligence and verification of a Customer and/or its connected parties and how to gain
assurance that reliance can be placed.
How will the Objective
be achieved?
Scope of Section
HSBC may apply the procedures for placing reliance within the regulations of the
jurisdiction of account opening and where the Intermediary or Customer meets HSBC
requirements for placing reliance.
This Section outlines the CDD procedures to be undertaken when placing reliance on an
Intermediary.
9.1. Introduction
9.2. Definition of Reliance
9.3. Risks Associated with Reliance
9.4. Risk Appetite for Placing Reliance
9.5. Part A: Reliance on Transfer Agents
9.6. Risks Associated with TA’s
9.7. Requirements for TA’s
9.8. Due Diligence for TA’s
9.9. Terms of Reliance
9.10. Initial and Monitoring reviews of TA’s
9.11. HSBC Responsibilities
9.12. Part B: Reliance on an Instructing Party
9.13. Risks associated with IP’s
9.14. Requirements for IP’s
9.15. Due Diligence for IP’s
9.16. Due Diligence for the Customer and its connected parties.
9.17. Terms of Reliance
9.18. Initial and Monitoring reviews of IP’s
9.19. Part C: Other Intermediary types
9.20. Risks associated with Introducing / Managing Intermediaries
9.21. Scenarios for Interim Period (exit of reliance relationship)
9.22. Requirements for Introducing / Managing Intermediaries (to be maintained)
9.23. Due Diligence for Introducing / Managing Intermediaries
9.24. Due Diligence for Customer
9.25. Terms of Reliance
9.26. Initial and Monitoring review of Introducing / Managing Intermediaries
9.27. HSBC responsibilities
Appendices
Related Sections Global Procedural Standards Corporates & Partnerships section 4.9, 4.6.
Guidance sources
JMLSG (ref pgh.5.6.4, ref pgh.5.6.19), Wolfsberg principles (FAQ’s Q.1), FATF 2010
Global AML Policy: CDD Standards - Reliance
INTERNAL
Page | 125

9.1 Introduction
9.1.1 The purpose of this section is to detail the requirements that must be met to place reliance on third
party Transfer Agencies (TA), Instructing Parties (IP) and others to undertake certain elements of
CDD.
9.1.2. Placing reliance allows HSBC to reduce the level of CDD held relating to a Customer by relying on
the TA/IP/Intermediary to perform certain CDD tasks. As noted in the JMLSG 54 , “Several
institutions/firms requesting the same information from the same Customer not only increase’s the
inconvenience of the customer, it also results in the duplication of efforts by institutions/firms that
are similar and whose aims are to prevent the same financial crime risks”.
9.1.3. This section outlines the contractual requirements for placing initial reliance on
TA/IP/Intermediaries and conducting ongoing monitoring to satisfy our regulatory obligations, since
HSBC remains responsible for CDD even when placing reliance. The regulations across
jurisdictions vary in the concessions for placing reliance on TA/IP/Intermediaries however this
chapter provides the minimum requirements that must be met on a global basis.
9.1.4. Notwithstanding HSBC's responsibility for CDD on all investors where it acts as fund
manager/promoter/sponsor, the precise nature of the legal structure involved in a specific scenario
may result in CDD responsibility being delegated or sub-delegated or assigned to another party.
The precise legal structure of the fund and its’ advisers must be understood in assessing the overall
CDD effort being undertaken.
9.1.5. It should be noted however, that investors into HSBC funds (i.e. funds which are sponsored /
promoted by HSBC) are customers of the Bank and, as such, the overarching principle is that HSBC
retains overall responsibility for CDD on investors into funds where HSBC acts as fund
manager/promoter/sponsor (except due to local Regulatory requirements as noted below at 9.1.6).
9.1.6. In certain jurisdictions', CDD/AML Regulations place the responsibility for undertaking CDD/AML
on investors into funds on parties other than the fund manager/sponsor/promoter. In such
circumstances, HSBC does not place reliance on any third party since HSBC does not have
responsibility for CDD. Circumstances where this is the case should be fully documented and
approved as a Dispensation providing the relevant regulatory reference/text.
9.2 Definition of reliance
9.2.1 The definition of reliance widely agrees across regulations and jurisdictions. The JMLSG states
‘The ML Regulations expressly permit a firm to rely on another person to apply any or all of the
CDD measures, provided that the other person is regulated, and that consent to being relied on
has been given. The relying firm, however, retains responsibility for any failure to comply with a
requirement of the Regulations, as this responsibility cannot be delegated’.
9.2.2 A key principle is the ability of the third party on which reliance is being placed to provide CDD
regarding the Customer(s) on a timely basis to the relying firm when requested to do so.
9.2.3 HSBC must be satisfied with the following:
The relevant due diligence procedures completed by the TA/IP/Intermediary;
A record of the checks performed by HSBC on the TA/IP/Intermediary’s due diligence
procedures is maintained;
The TA’s/IP/Intermediaries reputation is suitable; and,
The appropriate level of CDD/complete financial crime risk checks have been completed
on the TA/IP/Intermediary itself prior to entering into an agreement.
54
The Joint Money Laundering Steering Group (JMLSG) is made up of the leading UK Trade Associations in the Financial Services
Industry. Its aim is to promote good practice in countering money laundering and to give practical assistance in interpreting the UK
Money Laundering Regulations. It is applicable to the UK only.
INTERNAL
Page | 126

9.2.4 As per regulations, HSBC will only place reliance on a TA/IP/Intermediary where there is an ongoing
relationship between HSBC and the TA/IP/Intermediary. The term ‘ongoing relationship’ in this
context means either:
a) The TA/IP/Intermediary has an agreement (by two way agreement either via a signed
agreement or via a two way communication depending on the 3 rd party type) with HSBC to
provide CDD to HSBC as and when required regarding the Customer. A CDD profile will be
created for the TA/IP/Intermediary which is to be updated, no less often than annually (see
Initial and Monitoring review section 9.10 for TA’s, 9.18 for IP’s and 9.26 for Introducing /
Managing Intermediaries); or,
b) The Intermediary has an agreement with the Customer to manage the account on an ongoing
basis and the account is held in the name of the Intermediary.
9.2.5 In certain circumstances HSBC will not meet a Customer therefore the relationship may be nonface
to face. If HSBC does not meet the Customer face to face, this does not necessarily constitute
a reliance situation. The distinction between reliance and other forms of outsourcing arrangements
for the purpose of these procedures are detailed below (9.2.6). The requirements regarding non
face-to-face relationships (which are not a reliance scenario) are outlined in section 9.27.10
(Introducer referral).
9.2.6 The term reliance in some jurisdictions is interchangeable with outsourcing. For the purpose of this
Standards Guidance, this document refers only to reliance.
The FATF delineates what constitutes third-party reliance from outsourcing through a
functional definition constituted by a set of positive or negative elements which describe
situations or elements which are characteristic of a reliance context (as per the example
in 9.2.5). For example, a third party in a reliance scenario usually has an existing business
relationship with the customer and applies its own procedures to perform the CDD
measures. This can be contrasted with an outsourcing/agency scenario in which the
outsource entity applies the CDD measures on behalf of the delegating financial
institution in accordance with its procedures.
9.2.7 In addition to the above scenarios (9.2.5 and 9.2.6), these procedures do not cover Know Your
Distributor Due Diligence which is covered by Line of Business specific KYDDD procedures.
9.3 Risks Associated with reliance
9.3.1 Where HSBC chooses to place reliance on the TA/IP/Intermediary to conduct elements of CDD,
the ultimate responsibility for ensuring compliance with the full CDD obligation still resides with
HSBC, although HSBC will not hold full CDD documentation.
9.3.2 In order for the Business Unit to rely on a third party, appropriate CDD and financial crime risk
checks must be completed on the third party, the third party’s reputation must be suitable and the
third party must be regulated. The Business Unit must review the third party’s due diligence
procedures to ensure that they are compatible with HSBC’s CDD standards.
9.3.3 A key risk when placing reliance is the transferring of Customer data outside of the HSBC Group.
Data security and retention of CDD information are key considerations when placing reliance on a
TA/IP/Intermediary (FIM B2.4.5 Privacy, Data Protection and Cross-Border Data Transfer).
9.3.4 The TA/IP/Intermediary must have adequate controls in place to ensure Business continuity in the
event of an incident and therefore reduce the risk of loss of Customer data and ensuring that the
business can continue to function and provide HSBC with any information required in a timely
manner.
INTERNAL
Page | 127

9.4 Risk Appetite for placing reliance
9.4.1 The decision to place reliance is based on the risk appetite that HSBC has towards the following:
a) Placing reliance on the particular TA/IP/Intermediary type within the jurisdiction / business
segment concerned;
b) On commercial considerations such as the cost of maintaining a due diligence
programme to monitor where reliance is being placed versus holding full CDD;
c) On regulatory requirements; and,
d) Best practice across similar institutions.
9.4.2 Based on the above considerations, HSBC will principally place reliance upon TA’s/IP’s for
undertaking CDD on Investors in funds and on the Fund itself (where applicable). TA’s/IP’s are
generally contractually required to undertake CDD on behalf of the Fund Manager/Fund regarding
these Investors and therefore HSBC is able to rely on the TA/IP subject to undertaking a risk
assessment (See sections 9.8 and section 9.15 for reliance on a TA /IP respectively) and initial /
ongoing due diligence on such parties (section 9.10 for TA’s, 9.18 for IP’s).
9.4.3 It is important to ensure that the correct section of this Standard is to apply where reliance is being
placed.
9.4.4 Part A relates to circumstances where:
a) HSBC is the fund manager (i.e. it is an HSBC fund); and
b) Reliance is being placed on a TA (either internal or external to HSBC) to conduct CDD
on investors into the fund.
In these circumstances the investors into a fund are customers of HSBC and, although reliance is
being placed on the TA to undertake some or all CDD, HSBC retains the responsibility for such
CDD.
9.4.5 Where HSS acts as a TA on behalf of a HSBC Fund, the requirements in section A apply. Where
HSS acts as a TA on behalf of a non HSBC Fund these procedures do not apply.
9.4.6 Please note that no other section, other than Part A, of the Procedure is applicable to AMG or GPB
where they act as the fund manager and reliance is being placed on a TA.
9.4.7 Part B relates to circumstances where:
a) HSBC banks a third party fund (i.e. it is not an HSBC fund); and
b) Reliance is being placed on an Instructing Party (typically Fund Manager) to that fund to
undertake CDD on the fund itself and the underlying investors into such fund.
In these circumstances, the fund is the customer of HSBC and investors into the fund are beneficial
owners of such customer. HSBC despite placing reliance on the TA to collect CDD, retains
responsibility for such CDD on the fund as customer (including CDD on beneficial owners as
applicable based on the appropriate risk rating of the Customer).
9.4.8 Part C relates to other circumstances where reliance is being placed on a third party but the
circumstances are not covered by the specific situations noted at Parts A and B above.
9.4.9 Where the Business is uncertain as to which section of the Standard is to be applied, Country FCC
is to be consulted.
9.4.10 Where the Intermediary is not a TA/IP, and HSBC is currently placing reliance on them to manage
the Customer’s account, the reliance relationship with the Intermediary is to be exited unless the
Business wishes to maintain the reliance relationship on an exception basis.
9.4.11 Until such a time when the relationship with the Intermediary can be exited, the requirements
outlined in Part C (section 9.19) apply.
INTERNAL
Page | 128

9.4.12 In the instances that HSBC wishes to place reliance on non-TA/IP Intermediaries (treated as an
instance of CDD Risk Acceptance), refer to section 9.21.9 for approval requirements. The
contractual requirements for initial and ongoing monitoring would need to be followed in each
instance.
9.5 Part A: Reliance on Transfer Agents where HSBC is the Fund
Manager (N.B. Only to be reviewed where reliance is being placed on a TA).
Definition of a Transfer Agent (TA)
9.5.1 TA’s (also called Registrars) are generally regulated entities that act as an Intermediary between
HSBC (as Fund Manager/Promoter) and the Investor (Fund Unit Holder) in a fund. The TA is
generally responsible for:
Maintaining the register of unit holders and processing applications into, and
redemptions from, the fund;
Receiving funds from the investors and passing such funds on to the Fund/Fund
Manager (once the register has been updated to reflect the new investor);
Collecting CDD from the new investor to a standard appropriate to the entity type and
the jurisdiction where the TA is regulated (or higher, as required by the Fund/Fund
Manager); and,
Processing requests for redemptions out of the fund, ensuring that these are not
fraudulent, that all required CDD is current and requesting sufficient funds from the
Fund/Fund Manager to pay the redemption requests.
TAs may also be responsible for the following requirements;
o
o
o
o
o
o
o
o
o
Fielding queries relating to CDD documentation;
PEP and Sanctions screening;
SARs recording;
Management of dormant positions;
Transaction monitoring;
Periodic reviews;
Ongoing management of the Customer;
Record keeping; and,
Internal risk based testing.
9.5.2 The type of TA that HSBC will consider for reliance purposes may be categorised an HSBC Affiliate
or ‘external’ to the bank. The due diligence requirements where reliance is being placed for each
TA type may differ and a risk based approach should be adopted. For guidance on Affiliate
Management, please refer to Global AML Guidance Document section ’03.01 – Affiliate
Management Guidance’.
INTERNAL
Page | 129

9.5.3 Additional definitions for terms used in section A are as follows:
Fig.9.1: Definitions
Term
The Fund
Definition
An individual pool of assets or investments which are “ring-fenced” and managed by a
Fund/investment manager with the intention to provide an economic return, through
capital gain and/or income, to the beneficiaries or owners of those assets.
A Fund may be one of a variety of different investment vehicles including but not limited
to: Unit Investment Trusts; Hedge Funds; Private Equity Funds; Pension Funds, Fundsof-Funds,
Mutual Funds, Provident Funds and Investment Clubs
Funds may be constituted in a variety of different legal entity types, including
corporations, trusts or partnerships. Common among all of this variation is the pooling of
investment resources by investors (the ultimate beneficial owners) into a vehicle that
works towards investment objectives.
Fund Manager/
Promoter/ Sponsor
(collectively 'Fund
Manager')
A Fund Manager is an individual or Fund management company responsible for making
decisions related to the Fund’s portfolio of investments in accordance with the stated
goals of the Fund. The Fund Manager will receive management fees with respect to the
day-to-day business and operations of the Fund, which are often calculated based on
the net asset value of the units of the Fund. In addition, HSBC acts as Fund Promoter
and Sponsor where it sells funds to investors or otherwise offers such funds to investors.
Transfer Agent/Registrar
(collectively 'Transfer
Agent')
A Transfer Agent is an intermediary who is responsible for maintaining a Fund's share
register of investors and for ensuring that investors into the Fund comply with all
applicable CDD regulations.
9.6 Risks Associated with TA’s
9.6.1 In addition to the general risks associated with placing reliance, a specific risk associated with TA’s
is that HSBC may not meet the Customer and therefore the relationship may be non-face-to-face.
In most instances a TA will also not meet the customer therefore appropriate controls must be put
in place by the TA and tested by HSBC as part of the reliance process.
9.7 Requirements for TA’s
9.7.1 The key requirements for placing reliance on a TA are as follows:
a) That the TA poses an acceptable financial crime risk; and,
b) That the TA is an Equivalently Regulated Financial Institution (Refer to Global Procedural
Standards Corporates section 5.6.2); and,
c) It is not located in a country assessed as High-risk on the Group FCCRM; and,
d) That the TA is fully aware of, and has agreed to, their responsibilities and the delegation
of these responsibilities is clearly defined in a written agreement.
9.7.2 Point C above is applicable except where the TA is located in the same location as the Fund (e.g.
both the Fund and TA are located in the same High Risk jurisdiction).
9.7.3 Where instances of CDD Risk Acceptance are noted, the TA should be escalated to Country FCC.
INTERNAL
Page | 130

9.8 Due Diligence for TA’s
9.8.1 The due diligence process for onboarding a TA consists of three parts;
Risk Assessment of the TA;
Due diligence on the TA; and,
Review of the Customer Due Diligence procedures of the TA.
9.8.2 In practise, Enhanced Due Diligence (EDD) on the TA is completed prior to gathering the standard
due diligence relating to the TA as part of the initial Risk Assessment phase. The CDD information
regarding the Customer is obtained in addition to the above.
Risk Assessment
9.8.3 A risk assessment of the TA’s must be performed by the Specialist team in order to limit the risk to
HSBC of using a third party for reliance purposes.
9.8.4 The risk assessment questionnaire must be completed for all TA’s including those that are existing
Customers, unless they have been risk assessed within the past 12 months. The risk assessment
questionnaire is to be completed prior to the due diligence information being gathered and the TA
profile created and is to be stored locally in the jurisdiction for which reliance is being applied.
9.8.5 The risk assessment questionnaire must cover the following topics and responses to each factor
must be descriptive in nature:
Fig.8.2: Risk Assessment questionnaire: Transfer Agent
Risk Assessment questionnaire: Transfer Agent
1) Regulated status: The regulated status of the TA must be assessed in order to confirm
that the status meets the requirements stated above (section 9.7).
2) Reputation: The public disciplinary record/market reputation of the TA should be
reviewed and considered when analysing the risk level.
3) Obligations: Research whether there have been any recent lawsuits against the TA and
understand the implications if HSBC is to establish a relationship with the TA.
4) Controls: Confirm that the TA has an adequate existing control infrastructure from a CDD
perspective necessary to meet the due diligence standards required by HSBC (e.g.
Governance, industry standard reports). Refer to table 9.8.13.
5) Financial: Review the financial strength of the TA (e.g. credit rating) and confirm that all
Customer and fund monies held are segregated from the TA’s own funds under all
circumstances
6) Business dealings: Understand the nature of business dealings that the TA is involved
in. This may identify links to higher risk business types (Chapter 10, Restricted and
Prohibited Customers, Special Categories of Customers (SCCs) and Prohibited Products).
7) Data security/IT infrastructure/Business continuity: Identify controls for data security
to reduce the risk of data transfer (such as data retention controls) and obtain information
regarding the stability of the IT infrastructure in order to understand the risk of data loss.
In addition, review procedures for business continuity
8) Products/Services: Consider the services offered by the TA
9) Any other adverse information regarding the TA (e.g. negative news).
INTERNAL
Page | 131

9.8.6 The information above is to be documented in the risk assessment questionnaire and is subject to
approval by the designated individuals (refer to approvals section 9.11.8). The risk assessment
questionnaire must include the above factors at a minimum.
9.8.7 A summary of the key risks and risk mitigating controls managed by the TA is to accompany the
risk assessment questionnaire and is to be completed prior to on-boarding. This summary is to be
updated on a periodic basis and a copy linked to the profile of the TA.
CDD on TA
Additional factors for consideration
10) Sales capacity: This information could be used to indicate the level of business activity
of the TA and whether it is indeed valid or potentially a fraudulent operation.
11) Training activities/staff strength: These factors indicate the level of knowledge (such
as AML/CFT/Anti-Bribery and Corruption), resourcing and capacity that the TA has in
order to perform the tasks required to meet the minimum requirements as set out in 9.8.13
and fig 9.3.
12) Rules of Conduct and Complaints: this information could be used to confirm if the TA
is aligned in terms of the treatment of Customers and its wider ethical standards (e.g.
conflict of interest, Inducement etc.)
9.8.8 The Due Diligence (DD) information required for the TA will follow the requirements for their
particular Customer type (i.e. Non-Banking Financial Institution or Bank).
9.8.9 TA’s that are not HSBC Customers, will be subject to a similar level of DD required for TA’s that
are existing Customers.
9.8.10 TA’s that are existing Customers will be risk rated as per their Customer type. The Product risk
rating will be increased to High risk in the scenario that a reliance relationship is entered.
9.8.11 TA’s that are not Customers will be risk rated as per their classified Customer type (e.g. Non-
Banking Financial Institution), and the product rating of the TA will be classified as High Risk in
order to reflect the risk relating to the reliance relationship.
9.8.12 In the instance that the TA is identified as High risk or SCC, approval must be provided by the
Reputational Risk Committee (or equivalent) in order to place reliance.
Review of Underlying Customer
9.8.13 CDD and risk analysis of the Customer is to be completed by the TA to meet, as a minimum, local
regulatory and legislative requirements, and the Anti Money Laundering standards for conducting
due diligence as outlined in the Wolfsberg Principles (e.g. in the Wolfsberg Questionnaire), as
applicable to the underlying Customer Type. Key control requirements which must be present in
the TAs CDD procedures include but are not limited to:
INTERNAL
Page | 132

Fig.9.3: Risk Assessment questionnaire: Transfer Agent
9.8.14 There will be no requirement for TA’s to provide copies of ID&V documents used for verification
purposes to HSBC as part of the due diligence process (unless stated within the agreement),
however these documents must be made available to HSBC within five working days upon request
(or less depending on local regulations).
9.9 Terms of Reliance
Risk Assessment questionnaire: Transfer Agent
1) Risk Rating: TA must take a risk based approach to the rating of Customers.
2) Prohibited Customers: TA is to disclose the methods for the classification and
identification of prohibited customers
3) ID&V: Identification and verification of the Customer and its connected parties such as
Beneficial Owners / Key Controllers (where required).
4) Screening: The TA is to have a method of screening Customers and clearing related hits
which is effective and transparent to HSBC.
5) KYC: Information on key KYC topics such as Source of Wealth/Source of Funds/Nature
of Business is gathered.
6) Account Activity Reviews: TA is to perform monitoring of Customer activities via the
appropriate methods (including SAR recording). Where HSBC banks the fund in addition
to acting as Fund Manager, it will also undertake transaction monitoring to the standard
set out for that process.
7) Enhanced Due Diligence (EDD): High risk Customers require enhanced due diligence
measures. The TA will be responsible for performing EDD to meet the minimum
requirements, as set out in paragraph 9.8.13 (refer to 9.7.3 for Exception requirements).
The TA undertakes to bring to the attention of HSBC any Investors/Funds that they have
identified that pose a heightened financial crime risk, negative media, or produce a
screening hit, prior to the dealing date.
8) Reliance: TA is to fully disclose the nature of any reliance relationships that they have
with third parties where the TA does not hold full CDD on a customer
9.9.1 A written agreement detailing the extent of reliance and the requirements/terms and conditions,
must be signed prior to entering the reliance relationship. This must be a two way agreement
signed by the TA and HSBC under which:
a) The responsibilities of the TA are clearly articulated;
b) The terms and conditions and requirements outlined;
c) HSBC’s rights of access to customer data are documented (including rights to access a
summary of the findings of unusual transaction monitoring activities represented by
financial metrics where required);
d) Visitation and testing documented; and,
e) The written agreement must meet legal and regulatory requirements of the local
jurisdiction.
9.9.2 The documents required in order to enter the reliance arrangement are detailed below. These
documents outline the roles and responsibilities, terms and conditions and evidence of qualification
for the arrangement:
INTERNAL
Page | 133

Fig.9.4: Reliance Agreement and Documents
Reliance Agreement and Documents
a) An agreement detailing the TA’s responsibilities and ongoing CDD work to be completed (See
Appendix1). A renegotiation of existing SLA agreements is to occur where the requirements noted are
not currently being followed.
b) HSBC’s standard terms and conditions along with the agreement above must be sent to and signed
(where required) by the TA.
c) The risk assessment questionnaire (See section 9.8) must be completed for all new TA’s and signed by
the relevant approvers.
d) Evidence that the TA is appropriately regulated is to be provided. An annual letter of agreement is to be
provided confirming the regulatory status.
9.9.3 The documents above are to be obtained from the TA in addition to the CDD documents required
under the specific Customer type section.
9.9.4 If one of these documents is not provided/cannot be completed, the TA relationship must not be
entered, or a current relationship must be exited.
9.10 Initial and Monitoring reviews of TAs
9.10.1 Initial and Monitoring reviews of the CDD activities performed on behalf of HSBC are to be
scheduled in order to validate that the CDD is being conducted in an equivalent manner to the local
regulatory and legislative requirements and the Wolfsberg principles, to the level of performance
agreed, and that the systems and controls are sound.
9.10.2 Records of the monitoring review are to be maintained by HSBC.
9.10.3 A list of all approved TA parties is to be maintained on a Global basis (procedures for this are to be
established).
Frequency of Testing
9.10.4 TA’s are to be tested both at the beginning of the relationship and on an ongoing basis. The visit
must occur no less often than once a year (or more frequently if deemed necessary).
9.10.5 The frequency of testing (if required more often) is to be determined by Country FCC and
communicated to the TA within the appropriate Fund Board Meeting.
Visitation and Reporting requirements
9.10.6 The requirements for initial testing is reduced compared to those for ongoing testing and are as
follows;
The TA is to be given reasonable notice of visitation to be performed (e.g. at least seven
working days). The Compliance Officer and Senior Operations Staff are to be in
attendance and are to review findings, follow up actions and agree timings.
Review of TA’s AML/CDD standard must take place to ensure local regulatory and
legislative requirements and the Wolfsberg principles are adhered to and relevant
correspondence with Regulator(s) is to be reviewed (where permissible by regulatory
body) including details of any breach of regulation, or any sanctions applied in order to
substantiate the TA’s adherence to local requirements.
Operational information is to be obtained e.g. Staff turnover/vacancies and any other
material staffing issues to be investigated, proposed/planned systems changes. Total
INTERNAL
Page | 134

number of complaints and brief description of the substance of these complaints (action
taken, status).
9.10.7 The final testing reports for initial and ongoing testing should include at a minimum:
Fig: 9.5 TA Testing procedures - Reporting
TA Testing procedures – Reporting Initial Periodic
a) Impact of Regulatory changes enacted or in the pipeline.
Yes
Yes
b) Confirmation that the risk assessment questionnaire has been reviewed and
updated where required. Yes Yes
c) Summary of discussions held with the TA Compliance Officer and Head of
Operations regarding any matters of substance related to the maintenance
of an effective AML/CDD programme which complies with the obligations
within the TA agreement/contract and all applicable regulatory
requirements.
d) Summary of findings of testing results including applicable management
information (e.g. number of files reviewed, number that passed/failed,
significance of results and any remedial action required and other followup).
Yes
N/A
Yes
Yes
e) For HSBC purposes only, the paper should include the level of risk recorded
for the TA along with the supporting rationale. Yes Yes
9.10.8 Findings (relating to either initial or ongoing testing) are to be summarised in a paper and distributed
to the Key Controllers of the account e.g. the Fund Board 55, Management team of the Fund
Manager, senior HSBC Risk team members, Country FCC and Operations personnel. The Paper
should be presented to the next Fund board meeting and the discussion and conclusion minuted.
The risk summary regarding the TA is to be updated based on the annual testing/review that is
performed and circulated to HSBC parties annually (See section 9.8.6).
9.11 HSBC responsibilities
9.11.1 The internal management of TA’s necessitates that the responsibilities for each part of the process
are clearly defined.
9.11.2 HSBC has a responsibility to be comfortable with the standards of the TA in order to continue in
the role of the Fund Manager of the Fund.
9.11.3 HSBC is responsible for ensuring that any findings noted as a result of review/testing are reported
to the Fund Board on a timely basis.
55 The Fund board is charged with ensuring that the fund is managed in the best interests of the fund's investors, that the
strategic direction of the Fund is line with the expectations/purpose, and with hiring the Fund Manager and other service
providers to the fund.
INTERNAL
Page | 135

Onboarding and Ongoing Management
9.11.4 The level and complexity of the risks associated with TA’s require that a designated team of
Specialists are responsible for managing these relationships within the business. This team is
responsible for:
Control Testing
Completing the Risk Assessment Questionnaire; and,
Managing the CDD information gathered regarding the TA.
9.11.5 Responsibility for arranging the visitation / control testing to the TA will be held by the Specialist
team (or equivalent).
9.11.6 A representative of Country FCC will lead the visitation and control testing of the TA and may be
supported by other Country FCC and/or operational staff.
Business Sign off
9.11.7 Sign off from key stakeholders of the Business is required for:
Approval for the TA
The Testing results reported at onboarding; and,
The Testing results reported on ongoing management.
9.11.8 The approval structure for accepting a TA is detailed below:
Controller: Specialist team
Authorizer: Head of Specialist team
Adviser: Country FCC function
Adviser: Regional FCC function
Ultimate Approver: Fund Board
9.11.9 Approval of the TA at onboarding is to be documented within the CDD profile.
9.11.10 Approval of the TA on an ongoing basis is to be documented within the CDD profile at annual review
(or as the result of a trigger event).
9.11.11 Please note that the approval structure documented in 9.11.8 in the procedures is only in the
context of the CDD requirements and that the TA (depending on the nature of the relationship with
HSBC) may still need to be approved through a complete due diligence process (covering aspects
relating to outsourcing such as service capability, systems, contingency, people, etc. etc.) as
required for all service providers.
Change in circumstance
9.11.12 Where the TA is replaced, a comprehensive plan for the transfer of CDD documentation undertaken
previously will need to be prepared and a complete review of the relationship with the newly
appointed TA performed.
9.11.13 The plan will need to be approved as per the approval structure for accepting and maintaining a TA
(see section 9.11.8) and will include the date at which responsibilities are transferred from one TA
to the other
INTERNAL
Page | 136

9.12 Part B: Reliance on an Instructing Party (N.B. Only to be reviewed where
reliance is being placed on an IP and the fund is the Customer of HSBC).
Definition of an Instructing Party (IP)
9.12.1 Generally, all Funds will appoint a Fund or Investment Manager (Instructing Party) to manage the
assets of the Fund in line with the Fund prospectus/offering memorandum. Some IP’s are
subsidiaries of larger groups such as banks or insurance companies, although they may be
independently owned and even publicly quoted.
9.12.2 The IP may provide CDD information to HSBC either if it is an external IP, or an HSBC Affiliate /
Department acting as an IP. The requirements for both IP types are the same.
9.12.3 When HSBC places reliance on an IP for information, the Fund is the Customer and the Investor is
a beneficial owner (BO) of the Fund (rather than a Customer). The IP completes due diligence on
the Fund itself and the connected parties to the Fund (although it may delegate the latter to another
entity, typically a TA, or Administrator, or Registrar).
9.12.4 Reliance therefore includes, but is not limited to:
For the Fund (Customer) – HSBC identifies the Fund on the basis of information
provided by the IP and relies on the IP to have undertaken verification;
For Key Controllers – HSBC identifies the roles and responsibilities of the parties
associated with the Fund / Fund Controllers on the basis of information provided by the
IP or Administrator and relies on the IP or Administrator to have undertaken verification;
For Investors in the Fund (Beneficial Owners) – the level of reliance that HSBC is able
to place on an IP or Administrator for due diligence regarding BO’s is dependent on the
regulatory status of the IP or Administrator (See section 9.14 below); and,
For Nature of Business, Source of Wealth, Source of Funds, Account purpose – HSBC
may be provided with some or all of the information required regarding these topics and
may rely on the IP or Administrator to have undertaken verification requirements.
9.12.5 Where indicated in Fig. 9.6 below, HSBC may place reliance on the party (or parties) responsible
for Customer due diligence of the Fund.
INTERNAL
Page | 137

Fig.9.6: Customer for due diligence requirements at Fund level: Scenarios when Reliance can be placed.
Regulated Status
of Instructing IP= Equivalently regulated FI
IP=Not an equivalently regulated FI
Party (IP)*:
HSBC Role: Specific types of engagement**** All types of engagement
CDD Profile Requirements
Scope of Role:
Traded Markets Includes e.g. (a) FX, (b)
Debt instruments, (c) OTC derivatives -
(Credit, Rates, Equity, other) (d) Primary
& off-exchange Equity & Debt, (e) Other
markets products, (f) Prime Brokerage
Securities Services includes e.g. (a)
Custody, (b) Trustee/Depository, (c)
Administrator, (d) Transfer Agent, (e)
Clearing/Settlement
Banking includes e.g. (a) Deposit fixed
& notice, (b) Loans, (c) Revolving credit,
(d) PCM, (e) Trade
i) Instructing Party (IP); and
ii) Fund; and
iii) Party on whom reliance is being
placed for due diligence on the Fund
(e.g. Administrator)
Exchange-Traded Products
Traded Markets
Securities Services
Banking
i) Instructing Party (IP); and
ii) Fund; and
iii) Party on whom reliance is being
placed for due diligence on the
Fund (e.g. Administrator)
Instructing Party (IP)
Administrator
ID&V - Fund
Customer CDD Profile: refer to sections
9.15.2 to 9.15.6
Due diligence: refer to sections 9.15.7 to
9.15.10
Identification – Obtain information from IP/
Administrator
Verification – Rely on IP/ Administrator
Customer CDD Profile: refer to sections
9.15.2 to 9.15.6
Due diligence: refer to sections 9.15.7 to
9.15.10
ID&V Fund
Fun
d
ID&V –
BO*****
Administrator
** is
equivalently
regulated
Other
Identification – Rely on IP / Administrator
Verification – Rely on IP / Administrator
Identification – Obtain information from IP/
Administrator
Identification – Obtain information from
Administrator
Verification – Rely on Administrator
ID&V BO's
Verification – Rely on IP/ Administrator
ID&V - Fund Control Structure***
Administrator
** is
Identification – Obtain information from IP/
Administrator
Verification – Rely on IP/ Administrator
Identification – Obtain information from IP/
Administrator
ID&V Structure
Identification – Obtain information from
Administrator
INTERNAL
Page | 138

ID&V –
Controller*****
*
equivalently
regulated
Other
Verification – Rely on IP/ Administrator
Identification – Obtain information from IP/
Administrator
Verification – Rely on Administrator
ID&V Controllers
Verification – Rely on IP/ Administrator
ID&V - Instructing Party (IP)
********
ID&V as Direct Appointee
(if different from Investment Manager or
Controller)
ID&V as Direct Appointee (if different
from Investment Manager or Controller)
* For simplicity, this is assumed to be the Investment Manager in the table above, but can be one of a number of parties that
may be mandated to issue instructions on behalf of the Fund. Where the Instructing Party is the Fund itself, no reliance can
be placed on the Fund.
** For simplicity, this is referred to as the Administrator in the table above, but can be one of a number of parties with
responsibility for conducting due diligence on the Fund and its investors. This may include the Administrator, Fund Trustee,
or Depositary.
*** Fund Control Structure refers to the relationship of Key Controllers to the Fund. The Fund’s structure will typically be
understood by referring to the Fund prospectus or offering memorandum. Specific details are provided in the Global ID&V
matrix.
**** A reliance agreement is required to place reliance on Instructing Party or another party to perform due diligence on a Fund.
Where a reliance agreement is not obtained, the requirements in column for ‘not an equivalently regulated institution’ will
apply. Refer to Appendix 2 for the required content of the reliance agreement.
***** The beneficial owners of the Fund are the investors into the Fund and must be identified to the relevant thresholds determined
by the Fund’s risk rating. Where the Customer is a Master Fund, composed of multiple Feeder Funds, this may involve
obtaining the offering memoranda from the Feeder Funds.
****** The Fund’s controllers will be identified via the verification of the Fund structure. It is important to note that controlling
parties may often already have been identified within an Investment Manager’s or Administrator’s CDD profile (with a
reference to the Fund’s CDD profile).
******* Even if the Instructing Party requires a separate sub-account per Fund, the Instructing Party and not the Fund is the Customer.
To denote this, the sub-account must clearly designate both the Instructing Party and Sub-account names.
******** Instructing Party where the Fund has an internal management structure.
INTERNAL
Page | 139

9.13 Risks Associated with IP’s
9.13.1 In addition to the general risks associated with placing reliance, a key risk identified when placing
reliance on an IP, is that the IP also places reliance on an external TA to complete the due diligence
for the Investors and the financial crime risk checks/controls completed on the TA by the IP may
not be to the equivalent standard of HSBC’s.
9.14 Requirements for IPs
9.14.1 The key requirements for placing reliance on an IP are as follows:
a) That the IP poses an acceptable financial crime risk; and,
b) That the IP (and/or Administrator, depending on the requirements 9.14.2 and 9.14.3
below) is an Equivalently Regulated Financial Institution (FI) (Refer to Global Procedural
Standards Corporates and Partnerships section 5.6.2 for definition); and,
c) It is not located in a country assessed as High-risk country on the Group FCCRM; and,
d) That the IP (and Administrator, where applicable) is fully aware of, and has agreed to,
their responsibilities and the delegation of these responsibilities is clearly defined in a two
way written communication. These responsibilities include performing due diligence on
the Fund and its connected parties (where required) in line with local regulatory and
legislative requirements and the Wolfsberg principles.
9.14.2 If both the Instructing Party and the Administrator are equivalently regulated financial institutions,
then reliance can be placed on either party via a two way written notification and acknowledgement
(e.g. e-mail, letter). Without a two way written notification / communication, the reliance relationship
cannot be entered into.
9.14.3 If only one of the Instructing Party or the Administrator is an equivalently regulated financial
institution as outlined in 9.14.1(b), reliance can only be placed on the regulated party via a two-way
signed agreement.
9.14.4 Note that a financial institution that is only subject to an independent Self-Regulating Organisation
(SRO) falls outside the definition of an Equivalently Regulated FI, except where the SRO has been
determined to be acceptable by Global LOB FCC and Global AML.
9.14.5 Where any other instances of CDD Risk Acceptance are noted, the IP should be escalated to Global
AML via the applicable Global LOB FCC function.
9.15 Due Diligence for IPs
9.15.1 The due diligence process for onboarding an IP consists of two parts:
CDD of IP
CDD and risk rating of the IP; and,
Understand the CDD procedures applied by the IP.
9.15.2 Where it is identified that HSBC has a Customer relationship with an Instructing Party (typically an
Investment Manager), or that reliance is being placed on the Instructing Party for the completion of
due diligence on the Fund, then due diligence must be completed on the Instructing Party and
recorded in a CDD Profile.
9.15.3 The Instructing Party’s profile must be referenced to the Fund profile
9.15.4 Due diligence must be performed on the Instructing Party in accordance with the Customer Due
Diligence procedures in this document. In many cases, it will be most appropriate to treat the
Instructing Party as an NBFI. It is not required to obtain information about the source of wealth of
INTERNAL
Page | 140

an individual who is a beneficial owner of the instructing party, providing both conditions below are
met:
a) the instructing party is an equivalently regulated financial institution and not SCC; and
b) the individual is not a PEP.
9.15.5 The CDD Profile will identify the specific questions required for the Instructing Party and a tailored
AML Questionnaire will be required to analyse the appropriateness of the AML controls with regard
to:
a) looking through feeder Fund structures and omnibus account holdings to identify
Beneficial Owners; and,
b) controls to prevent investments in assets which have been derived from the proceeds of
crime.
9.15.6 If the IP is SCC or risk rated High, Country FCC approval of the CDD Profile of the IP is required.
Otherwise, please refer to the approvals matrix outlined in the approval Chapter 6 of the RBWM
CDD Process Procedural Standards – Approvals Chapter 6.4.1.
CDD of Administrator
9.15.7 Where reliance is being placed on an Administrator to conduct due diligence on the Investors in the
Fund, then a CDD Profile must be created.
9.15.8 The profile must be referenced to each Fund CDD profile as a related party, where there is reliance.
9.15.9 Where the administrator is an existing Customer, a full CDD profile will already exist. However, if
this is a new relationship for this party, an Administrative Trigger Event must be raised in
accordance with the requirements of Global CDD Process Procedural Standards -Chapter 4
Updating Information – New Accounts and Periodic and Event Driven Reviews to record the new
reliance relationship on the existing Customer’s profile.
9.15.10 If the Administrator is not an existing Customer, the Administrator profile must be referenced to the
Fund profile and the following limited due diligence procedures completed:
Identify and verify the Administrator (entity);
Screen the Administrator against sanctions terrorist and other lists, PEP and for
negative news;
Identify the nature of business from public sources; and,
Unless directed to do so by Country FCC following an escalation, there is no
requirement to identify or verify Directors or Owners, or to complete an AML
Questionnaire or for visitation.
INTERNAL
Page | 141

9.16 Due Diligence for the Customer and its connected parties
9.16.1 CDD and risk analysis of the Customer is to be completed by the IP to meet, as a minimum local
regulatory and legislative requirements and the Wolfsberg principles specific to the particular
Customer type. Key control requirements which must be present in the IPs CDD procedures include
but are not limited to:
Fig.9.7: Key Control requirements
Key Control requirements
1) Risk rating of Customers: IP must take a risk based approach to the rating of Customers which
is equivalent to that of HSBC.
2) ID&V: Identification and verification of the Customer and its connected parties e.g. Key Controllers
and Beneficial Owners (where required).
3) Screening: IP is to perform PEP and Sanctions screening of Beneficial Owners of the Fund.
4) KYC: Information on key KYC topics such as Source of Wealth/Source of Funds/Nature of Business
is gathered (where required) and reliance is to be placed on the IP for verification (where required).
5) Enhanced Due Diligence (EDD): High risk Customers require enhanced due diligence measures.
The IP will be responsible for performing EDD for the parties concerned. The IP undertakes to bring
to the attention of HSBC any Investors or Key Controllers that they have identified that have a
heightened financial crime risk, negative media, or produce a screening hit, prior to the dealing
date.
6) Reliance: IP is to fully disclose the nature of any reliance relationships that they have with third
parties (e.g. IP places reliance on a TA).
9.16.2 There will be no requirement for IP’s to provide copies of ID&V documents used for verification
purposes to HSBC as part of the due diligence process, however these documents must be made
available to HSBC within five working days upon request (or less depending on local regulations).
9.17 Terms of Reliance
9.17.1 As noted in 8.14.1(d), HSBC and any IP party on which HSBC is relying must document their
agreement to the agreed reliance arrangement. The documents required in order to enter the
reliance arrangement are detailed below. These documents outline the roles and responsibilities
and evidence of qualification for the arrangement:
Fig.9.8: Key Control requirements
Reliance Agreement and Documents
a) An agreement via notification and response to notification, or a signed agreement document (where
required) confirming/detailing the IP’s responsibilities and ongoing CDD work to be completed (refer to
section 9.14.2 and 9.14.3).
b) Evidence that the IP or Administrator is appropriately regulated is to be provided (where required). An annual
letter of agreement is to be provided confirming the regulatory status (in addition to interim notifications
regarding a change in status).
9.17.2 Requirements regarding the details within the agreement required for approval purposes are
documented in Appendix 2. A renegotiation of existing SLA agreements is to occur where the
requirements noted are not currently being followed. The documents above are to be obtained
INTERNAL
Page | 142

from the IP (or Administrator where applicable) in addition to the CDD documents required under
the specific Customer entity type section.
9.17.3 If one of these documents is not provided/cannot be completed, the IP relationship must not be
entered, or a current relationship must be exited.
9.17.4 The agreement must meet legal and regulatory requirements of the local jurisdiction.
9.18 Initial and Monitoring reviews of IP’s
9.18.1 The IP is to provide copies of the required documents noted in the Agreement and confirmation
that the activities will be / are being performed at the initial stage of the Customer onboarding and
annually during the relationship.
9.18.2 Where confirmation / documents required within the agreement are not provided, or the CDD
information provided raises concerns from an AML perspective, visitation and testing of the IP will
be required. Requirements will be determined in consultation with Country FCC.
9.19 Part C: Other Intermediary types (N.B. To be reviewed when reliance is being
placed on an Introducing/Managing Intermediary).
9.19.1 The below Intermediary definitions span the ‘other’ Intermediary type categories that can be relied
upon in the instance that reliance upon an Intermediary has been approved on an exception basis.
Fig.9.9: Key Control Requirements
Introducing
Intermediary
(ongoing)
Intermediary
(Managing)
Introduces the Customer to HSBC, shares certain CDD with HSBC but does not manage the
account on an ongoing basis. Introducing intermediary must have an ongoing relationship with
HSBC if HSBC is to place reliance e.g. they are required to sign an agreement with HSBC.
The regulated Intermediary acts on behalf of a person or entity as an account holder and/or
acts as a signatory to the account and/or manages the accounts or assets on behalf of the
Customer and/or acts as a principal of the entity. The account may be held in the name of the
Intermediary or the Customer.
Where the account is held in the Intermediaries name, testing results / CDD information
regarding the underlying Customer is gathered and maintained within the Intermediaries
Customer 56 profile.
9.19.2 As noted in 9.2.5, in certain circumstances HSBC will not meet a customer therefore the relationship
may be non-face to face. If a third party meets a customer (but HSBC does not) and the third party
provides all appropriate CDD documentation to HSBC to an acceptable level, this does not
constitute a reliance situation (as HSBC does not place reliance on the party to review and verify
CDD).
9.20 Risks Associated with Introducing/Managing Intermediaries
9.20.1 HSBC may place reliance on the Intermediary to meet the Customer face-to-face and to verify their
existence. Where the appropriate controls are not in place, there is a risk of fictitious parties opening
an account via the Intermediary.
9.20.2 HSBC has determined that when managing the account of a PEP Customer, CDD is to be
completed by HSBC rather than the Introducing/Managing Intermediary. The risk of corruption /
political associations with these types of parties is heightened and therefore reliance cannot be
placed.
56
The term Customer is used throughout this section of the procedures to refer to the underlying Customer even in the scenario that the account
is held in the name of the Intermediary.
INTERNAL
Page | 143

9.21 Scenarios for Interim period (exit of reliance relationship)
9.21.1 Where reliance is currently being placed on Intermediaries that are not approved instances of CDD
Risk Acceptance, the reliance relationship with the Intermediary is to be exited.
9.21.2 Prior to the exit of these relationships, an analysis of whether the relationship is actually a reliance
relationship as defined within these procedures needs to be completed. If there is any uncertainty
regarding whether the relationship with the Intermediary can be classified as reliance (see definition
section 9.2), refer to Country FCC for advice.
9.21.3 The two methods for exiting these relationships will be as follows:
Strategy 1 (remediation plan)
9.21.4 Current documentation held on the Customer (including documentation provided by the
Intermediary) is to be raised to the same standard as for direct Customers via a remediation
plan/project.
9.21.5 The remediation plan is to be documented and approved by the LOB FCC Head.
9.21.6 The timeframe of the remediation plan is to be limited (no less than 12 month project).
Strategy 2 (trigger/periodic review)
9.21.7 Current documentation held on the Customer (including documentation provided by the
Intermediary) is to be raised to the same standard as for direct Customers via a time bound trigger
and periodic review process (RBWM CDD Process Procedural Standards Chapter 4 – Periodic and
Event Driven Reviews).
9.21.8 The timeframe for completion of the gathering of information will depend upon the number of
trigger/periodic reviews required for the Customer within a given period. All Customers should be
remediated within five years (the longest periodic review period permissible).
Approvals
9.21.9 In the instances that HSBC wishes to place reliance on an Intermediary in the interim period, these
Intermediaries will be treated as an instance of CDD Risk Acceptance and are subject to approval
by the Global Head of FCC for the Line of Business concerned and reported to GAMLO. Such
approval is subject to annual renewal (see sections 9.27.5 to 9.27.7).
Trustee requirements
9.21.10 Where the Managing Intermediary is a Trustee/Trust Company and HSBC is no longer placing
reliance on the Trustee, the terms and conditions relating to the Trust (the Customer) will state the
obligation of the Trustee to provide HSBC with information regarding changes to the entitlement of
Beneficiaries of the Trust (e.g. new beneficiaries, beneficiaries become named or value of
entitlement changes).
9.22 Requirements for Introducing /Managing Intermediaries (to be
maintained)
9.22.1 In the case of strategy 2 above, Introducing/Managing Intermediaries must meet the following
requirements:
a) The Introducing/Managing Intermediary pose an acceptable financial crime risk; and,
b) Is not assessed as a High-risk country on the Group FCCRM; and,
c) The Introducing/Managing Intermediary is fully aware and has agreed to their responsibilities
and the delegation of these responsibilities clearly defined in a written agreement. These
responsibilities include;
INTERNAL
Page | 144

Performing due diligence on relevant parties. The due diligence and testing
requirements completed by the Introducing/Managing Intermediary on these must be
equivalent to HSBC’s AML Standards.
9.22.2 The Introducing/Managing Intermediary (if an individual) is required under the law of the jurisdiction
concerned to be registered or licensed, or is regulated under the law of that jurisdiction that meets
the equivalent criteria to the domestic jurisdiction of account opening.
9.22.3 If the Intermediary is an individual, an AML confirmation from the Professional firm employing the
Intermediary is required. If the Professional firm has several individuals acting as intermediaries,
only one AML confirmation is required to be completed and signed by the individual and the
Professional Firm.
9.22.4 HSBC will only place reliance on an Intermediary where the requirements are met, and where it is
operationally/commercially viable. Where we are placing reliance on an Introducing/Managing
Intermediary for a limited number of Customers, there should be an analysis of the impact of placing
reliance versus the impact of onboarding the Customer directly.
9.22.5 If there are international Intermediaries that do not meet the above criteria, however there is still a
case to put forward for placing reliance on the Introducing/Managing Intermediary, escalate to
Country FCC.
9.23 Due Diligence for Introducing / Managing Intermediaries (to be
maintained)
Risk Assessment
9.23.1 A risk assessment of the Introducing / Managing Intermediary must be performed by the Specialist
team 57 in order to limit the risk to HSBC of using a third party for reliance purposes.
9.23.2 The risk assessment questionnaire must be completed for all Introducing / Managing Intermediary
including those that are existing Customers, unless they have been risk assessed within the past
12 months. The risk assessment questionnaire is to be completed prior to the due diligence
information being gathered and Intermediary profile created.
9.23.3 The risk assessment questionnaire must cover the following topics and responses to each factor
must be descriptive in nature:
Fig.9.10: Risk Assessment questionnaire: Intermediaries
Risk Assessment questionnaire: Intermediaries
1) Regulated status: The regulated status of the Introducing / Managing Intermediary must be
assessed in order to confirm that the status meets the requirements stated above (section 9.22).
2) Reputation: The public disciplinary record/market reputation of the Introducing / Managing
Intermediary should be reviewed and considered when analysing the risk level.
3) Obligations: Research whether there have been any recent lawsuits against the Introducing /
Managing Intermediary and understand the implications if HSBC is to establish a relationship with
the Introducing / Managing Intermediary.
4) Controls: Confirm that the Introducing / Managing Intermediary has an adequate existing control
infrastructure from a CDD perspective, necessary to meet the due diligence standards required by
HSBC. Refer to table 9.24.1.
57
The term ‘Specialist Team’ is being used to refer to a team of designated individuals within the line of business that have the appropriate
knowledge and experience.
INTERNAL
Page | 145

Risk Assessment questionnaire: Intermediaries
5) Financial: Review the financial strength of the Introducing / Managing Intermediary and confirm
that all Customer monies held are segregated from the Introducing / Managing Intermediary’s own
monies under all circumstances.
6) Business dealings: Understand the nature of business dealings that the Introducing / Managing
Intermediary is involved in. This may identify links to higher risk business types (CDD Process
Chapter 10, Special Categories of Customers and Prohibited Customers).
7) Data security/IT infrastructure/Business continuity: Identify controls for data security to reduce
the risk of data transfer (such as data retention controls) and obtain information regarding the
stability of the IT infrastructure in order to understand the risk of data loss. In addition, review
procedures for business continuity.
8) Products/Services: Consider the services offered by the Introducing / Managing Intermediary.
9) Any other adverse information regarding the Introducing / Managing Intermediary (e.g. negative
news).
Additional factors for consideration
10) Sales capacity: This information could be used to indicate the level of business activity of the
Introducing / Managing Intermediary and whether it is indeed valid or potentially a fraudulent
operation.
11) Training activities/staff strength: These factors indicate the level of resourcing and capacity that
the Introducing / Managing Intermediary has in order to perform the tasks required to meet the
minimum requirements, as set out in paragraph 9.24.1 and fig 9.11.
9.23.4 The information above is to be documented in a risk assessment questionnaire and is subject to
approval by the designated individuals (refer to 9.27.5 to 9.27.7). The risk assessment
questionnaire must include the above factors at a minimum.
9.23.5 A summary of the key risks and risk mitigating controls managed by the Introducing / Managing
Intermediary is to accompany the risk assessment questionnaire and is to be completed prior to
on-boarding. This summary is to be updated on a periodic basis.
CDD of Introducing/Managing Intermediaries
9.23.6 The Due Diligence (DD) information required for the Introducing / Managing Intermediary will follow
the requirements for their particular Customer type (i.e. Non-Banking Financial Institution or Bank).
A HSBC profile will be set up and maintained for both Introducing and Managing Intermediaries.
9.23.7 Introducing / Managing Intermediary that are not HSBC Customers, will be subject to a similar level
of DD required for Introducing / Managing Intermediary that are existing Customers and will be risk
rated accordingly. For Introducing / Managing Intermediaries that are non HSBC Customers, the
Product Risk Rating to be applied will be High risk.
9.23.8 In the case of Managing Intermediaries, the Customer account may be set up in the name of the
Managing Intermediary and HSBC deals with the Intermediary rather than the underlying Customer
(e.g. ABC Intermediary Co Ltd as Trustee of the XYZ Trust), or an account may be set up for the
Customer and a CDD profile will be created for the Managing Intermediary party.
9.23.9 In the instance that the Introducing / Managing Intermediary is identified as High risk or SCC,
approval must be provided by the Reputational Risk Committee (or equivalent) in order to place
reliance.
INTERNAL
Page | 146

9.24 Due Diligence for Customer
Review of Underlying Customer
9.24.1 CDD and risk analysis of the Customer is to be completed by the Introducing / Managing
Intermediary to a level equivalent to the HSBC Global AML procedures specific to the particular
Customer type. Key control requirements which must be present in the Introducing / Managing
Intermediaries CDD procedures include but are not limited to:
Fig.9.11: Key Control requirements
Key Control requirements
1) Risk Rating: Introducing / Managing Intermediary must take a risk based approach to the rating of
Customers.
2) ID&V: Identification and verification of the Customer.
3) Screening: The Introducing / Managing Intermediary is to have a method of screening Customers
and clearing related hits which is effective and transparent to HSBC.
4) KYC: Information on key KYC topics such as Source of Wealth/Source of Funds/Nature of
Business is gathered.
5) Account Activity reviews: Introducing / Managing Intermediary is to perform transaction
monitoring of account activities via the appropriate methods. Where HSBC banks the fund in
addition to acting as Fund Manager, it will also undertake transaction monitoring to the standard
set out for that process.
6) Enhanced Due Diligence (EDD): Customers identified as having a heightened financial crime risk
require enhanced due diligence measures. The Intermediary will be responsible for performing
EDD for the parties concerned. Where an SCC Customer is identified, reliance cannot be placed
on an Intermediary (See section 9.24.9)
9.24.2 Introducing Intermediaries will be responsible for the verification of the Customer/Connected
Parties and the gathering of CDD information (where requested/it can be provided) depending on
the terms of the Engagement letter. Any CDD information not obtained from the Introducing
Intermediary (as per agreed terms) must be gathered by HSBC.
9.24.3 The Introducing/Managing Intermediary must review the original documents required for verification
purposes only. They cannot place reliance on an additional party for this information. Accepting a
‘copy of a copy’ is not permissible for placing reliance. Any reliance relationships must be disclosed
to HSBC as part of the agreement.
9.24.4 There will be no requirement for Introducing / Managing Intermediaries to provide copies of ID&V
documents used for verification purposes to HSBC as part of the due diligence process, however
these documents must be made available to HSBC within five working days upon request (or less
depending on local regulations).
9.24.5 Reliance will not be placed on Introducing/Managing Intermediaries for the following CDD:
a) The identification of the Customer/Connected Parties: Details of all UBO’s, Director’s, and
Controller’s must always be fully disclosed to HSBC. Refer to Customer type for the definitions
of each of these parties.
b) Screening requirements: HSBC will screen (including PEPs and sanctions) all
Customers/connected parties in line with Customer type requirements based on the
identification information captured.
c) Validation of SoW/SoF: Wider CDD information including SoW/SoF will still need to be
obtained in all cases in line with the Global Standard Procedures. Understanding the SoW/SoF
INTERNAL
Page | 147

is important for analysing the risk of the Customer. The validation of this information may vary
between Institutions even when regulated in the same manner.
Enhanced Due Diligence (EDD)
9.24.6 Under the terms and conditions of the Agreement, the Introducing / Managing Intermediary
undertakes to bring to the attention of HSBC any Customers that have a heightened financial crime
risk, negative media, or produce a screening hit, prior to the referral of the Customer to HSBC.
9.24.7 According to HSBC Global Standards policy, High risk Customers require enhanced due diligence
measures.
9.24.8 The Introducing / Managing Intermediary will perform the EDD to a level equivalent to local
regulatory and legislative requirements and the Wolfsberg principles.
9.24.9 Where an SCC Customer is identified, reliance cannot be placed on an Intermediary and the
Customer must be directly managed by HSBC.
9.25 Terms of Reliance
9.25.1 A written agreement detailing the extent of reliance and the requirements/terms and conditions,
must be signed prior to entering the reliance relationship. This must be a two way agreement
signed by the Introducing / Managing Intermediary and HSBC under which the responsibilities of
the Introducing / Managing Intermediary are clearly articulated, the terms and conditions and
requirements outlined and HSBC’s rights of access to customer data and visitation and testing
documented.
9.25.2 Amendments to the terms are required where the Intermediary is an individual rather than a legal
entity.
9.25.3 The documents required in order to enter the reliance arrangement are detailed below. These
documents outline the roles and responsibilities, terms and conditions and evidence of qualification
for the arrangement:
Fig.9.12: Reliance Agreement and Documents
Reliance Agreement and Documents
a) An agreement detailing the Introducing / Managing Intermediaries responsibilities and ongoing CDD work
to be completed (See Appendix A – 1). A renegotiation of existing SLA agreements is to occur where the
requirements noted are not currently being followed.
b) HSBC’s standard terms and conditions along with the agreement above must be sent to and signed (where
required) by the Introducing / Managing Intermediary.
c) The risk assessment questionnaire (See section 9.23.1 to 9.23.5) must be completed for all new Introducing
/ Managing Intermediaries and signed by the relevant approvers.
d) Evidence that the Introducing / Managing Intermediary is appropriately regulated is to be provided. An
annual letter of agreement is to be provided confirming the regulatory status.
9.25.4 The documents above are to be obtained from the Introducing / Managing Intermediary in addition
to the DD documents required under the specific Customer type section.
9.25.5 If one of these documents is not provided/cannot be completed, the Introducing / Managing
Intermediary relationship must not be entered, or the current relationship must be exited.
INTERNAL
Page | 148

9.26 Initial and Monitoring Review of Introducing / Managing
Intermediary (to be maintained)
9.26.1 Initial and Monitoring reviews of the CDD activities performed on behalf of HSBC are to be
scheduled in order to validate that the CDD is being conducted as per local regulatory and
legislative requirements and the Wolfsberg principles to the level of performance agreed, and that
the systems and controls are sound.
9.26.2 Records of the monitoring review are to be maintained by HSBC.
9.26.3 A list of all approved Introducing / Managing Intermediary parties is to be maintained on a Global
basis (procedures for this are to be established).
Frequency of Testing
9.26.4 Introducing / Managing Intermediaries are to be tested both at the beginning of the relationship and
on an ongoing basis. The visit must occur no less often than once a year (or more frequently if
deemed necessary).
9.26.5 The frequency of testing (if required more often) is to be determined by Country FCC and
communicated to the Introducing / Managing Intermediaries.
INTERNAL
Page | 149

Visitation and Reporting requirements
9.26.6 Testing procedures for visitation /testing of Introducing / Managing Intermediaries are detailed below:
Fig.9.13: Reliance Agreement and Documents
Introducing/Managing Intermediaries
testing procedures – Visitation
a) The Introducing / Managing Intermediary is to be given reasonable notice of
visitation to be performed (e.g. at least seven working days).
b) Where possible, HSBC will obtain a copy of the tracked changed version
(since the last agreed standard) of the Introducing / Managing Intermediaries
AML/CDD policies and procedures. Otherwise, the latest copy of the
procedures is to be provided and a comparison to the previous completed.
c) Attendance of the Compliance Officer and Senior Operations Staff of
Introducing / Managing Intermediary is required.
d) A representative sample of customer files is to be selected for review against
local regulatory and legislative requirements and the Wolfsberg principles to
include those categorised as per the below table.
AML File status
‘AML complete’
‘AML complete’
‘AML incomplete’
Customer / Investor Status
Active
Closed
Review all AML incomplete cases over 60 days
since the account has been opened
Sample checks should be risk based and skewed towards entity and account
types and larger balances which carry a higher risk of financial crime such as
International Business Companies, Trusts and higher value accounts. Pooled
accounts should also be sample checked to ensure that the Introducing /
Managing Intermediary has received appropriate comfort from the pooled
account holder that there are no prohibited customers under HSBC’s Global
CDD standards and that they hold all applicable CDD.
Initial testing
Yes
N/A but review of
AML/CDD standard must
take place to ensure
meets local regulatory
and
legislative
requirements and
Wolfsberg principles.
Yes
N/A It is not possible to
test customer files since
Intermediary has not yet
started undertaking CDD
Periodic
Yes
Yes
Yes
Yes
INTERNAL
Page | 150

e) Correspondence with Regulator(s) is to be reviewed.
Yes
Yes
f) Staff turnover/vacancies and any other material staffing issues to be
investigated. Yes Yes
g) Findings are to be reviewed with Compliance Officer and Senior Operations
staff of Introducing / Managing Intermediary and follow up actions and timings
agreed as required.
Yes
Yes
h) Proposed/planned systems changes are to be reviewed.
Yes
Yes
INTERNAL
Page | 151

9.26.7 The testing report should include at a minimum:
Introducing/Managing Intermediaries Testing procedures – Reporting Initial Periodic
a) Impact of Regulatory changes enacted or in the pipeline.
Yes
Yes
b) Confirmation that the risk assessment questionnaire has been reviewed and
updated where required. Yes Yes
c) Summary of discussions held with the Introducing / Managing Intermediary
Compliance Officer and Head of Operations regarding any matters of
substance related to the maintenance of an effective AML/CDD programme
which complies with the obligations within the agreement/contract and all
applicable regulatory requirements.
d) Summary of findings of testing results including applicable management
information (e.g. number of files reviewed, number that passed/failed,
significance of results and any remedial action required and other followup).
e) For HSBC purposes only, the paper should include the level of risk recorded
for the Introducing / Managing Intermediary along with the supporting
rationale.
Yes
Yes
Yes
Yes
N/A
Yes
9.26.8 Findings (relating to all points a) to e) above) are to be summarised in a paper and distributed to
the Key Controllers of the account, senior HSBC Risk team members, Country FCC and Operations
personnel.
9.26.9 The risk summary regarding the Introducing / Managing Intermediary is to be updated based on
the annual testing/review performed and circulated to HSBC parties annually (See section 9.23.5).
9.27 HSBC responsibilities
Onboarding and Ongoing Management
9.27.1 The Business will be responsible for managing the relationship with the Introducing/Managing
Intermediary. This team is responsible for:
Control Testing
Completing the Risk Assessment Questionnaire;
Managing the CDD information gathered regarding the Introducing/Managing
Intermediary; and,
Managing the CDD information gathered regarding the Customer.
9.27.2 Responsibility for arranging the visitation/control testing to the Introducing/Managing Intermediary
will be held by the RM/ the Business located where the account is being opened.
9.27.3 A representative of Country FCC will lead the visitation and control testing of the
Introducing/Managing Intermediary.
INTERNAL
Page | 152

Business Sign off
9.27.4 Sign off from key stakeholders of the Business is required for:
The Testing results reported at onboarding; and,
The Testing results reported on ongoing management.
Approval of Introducing / Managing Intermediary
9.27.5 Approval of the Introducing/Managing Intermediary at onboarding is to be documented within the
CDD profile.
9.27.6 Approval of the Introducing/Managing Intermediary on an ongoing basis is to be documented within
the CDD profile at annual review (or as the result of a trigger event).
9.27.7 The approval structure for accepting an Introducer/Managing Intermediary is detailed below:
Change in circumstance
Controller: RM / the Business, or equivalent
Authorizer: Head of division (Local)
Adviser: Head of Country FCC
Adviser: Regional Head of FCC
Final Authorizer: Global Head of FCC and AML for the Line of Business;
9.27.8 Where the Introducing/Managing Intermediary is replaced, a comprehensive plan for the transfer
of CDD documentation undertaken previously will need to be prepared and a complete review of
the relationship with the newly appointed Introducing/Managing Intermediary performed.
9.27.9 The plan will need to be approved as per the approval structure for accepting an
Introducing/Managing Intermediary (see section 9.27.7) and will include the date at which
responsibilities are transferred from one Introducing/Managing Intermediary to the other.
Introducer (referral)
9.27.10 In instances where the Customer is introduced to HSBC via a third party and the relationship with
the Customer is non-face to face, the risk to the bank is viewed as increased due to the limited
interaction between HSBC and the Customer in person.
9.27.11 The relationship between the third party and HSBC may not be a reliance relationship (as per the
regulatory definition), however entering into this type of relationship results in additional
requirements such as the requirement to record the name of the referrer within the Customer
profile.
INTERNAL
Page | 153

Appendix 1) Terms of Agreement – Transfer Agent
Transfer
Agent
a) TA will make available on request (potentially after the relationship between HSBC and the party
has ended), copies of the verification and other documents relating to due diligence (e.g. register
data).
b) This information will be made available with reasonable notice (including where a potential law
enforcement enquiry has been made to the bank).
c) The TA must provide a copy of the verification documents used to verify the identity of the
Customer, or its connected parties where required (e.g.).
e) The TA will in turn not place reliance on any other party/firm to complete verification or to meet
the Customer face-to-face.
f) TA will undertake to retain CDD information and documents for at least 5 years, or longer if
required under local regulatory requirements and that these documents will be available on
request with reasonable notice;
Yes
Yes
Yes
Yes
Yes
h) Confirmation of regulated status is required. Yes
j) Customer Due Diligence (CDD), including EDD as required, of the Customer/Connected Parties
is undertaken for each entity type.
k) There is a sufficient number of staff trained to the appropriate level in order to meeting the
requirements above.
l) That TA will advise if its license or registration is revoked or if the circumstances relating to the
Customers introduced have changed. A complete CDD profile on the Intermediary must be kept
on file and kept up to date
m) There are procedures and training in place to detect and prevent the commission of an offence
relating to money laundering and financing of terrorism
n) TA consents to testing of the above requirements, as requested by HSBC to provide ongoing
assurance that it is a suitable party on which to rely. This also includes agreement to perform
testing of TA where the IP is the third party.
o) TA will provide information on:
number of accounts with incomplete CDD, KRIs/KPIs/SLAs;
correspondence with Regulators;
Suspicious Transaction reports filed (full details). Internal procedures must ensure that all
unusual activity or behaviour relating to transactions or activities are reported to the
Country Head of AML;
staff turnover/vacancies;
complaints received and their disposition;
impact of actual or proposed Regulatory changes and any other material issues in line with
testing requirements.
p) TA will attend Fund Board meetings no less often than quarterly and other meetings as required
to report on the above.
q) TA will require approval from HSBC for any material systems’ changes/developments during the
terms of the agreement.
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
r) TA may not to be sold without express written consent of HSBC. Yes
INTERNAL
Page | 154

s) TA must provide register information after each dealing date for screening against sanctions’ lists
or any other lists as deemed appropriate by HSBC or for any other lawful purpose such as
marketing.
t) TA will hold and make available with reasonable notice customer files for five years (or longer if
local regulations require) after final redemption to investor.
Yes
Yes
u) TA will provide the SLA relating to incomplete cases over sixty days old. Yes
v) TA must notify HSBC of any changes to local legislation / regulation that may impact their ability
to deliver the service outlined within the agreement.
w) TA will maintain data security and the confidentiality of CDD information in line with local
regulatory requirements.
Yes
Yes
x) TA consents under a formal written agreement to be relied upon to the extent set out above. Yes
INTERNAL
Page | 155

Appendix-2) Terms of Agreement – Instructing Party, Introducing and Managing Intermediaries
Instructing Party /
Administrator
Introducing
Intermediary
Managing
Intermediary
a) IP/Intermediary will make available on request (potentially after the relationship between HSBC and the
party has ended), copies of the verification and other documents relating to due diligence (e.g. register
data).
b) This information will be made available with reasonable notice (including where a potential law
enforcement enquiry has been made to the bank).
c) The IP/Introducing Intermediary must provide a copy of the verification documents used to verify the
identity of the Customer, or its connected parties where required.
e) Intermediary will in turn not place reliance on any other party/firm to complete verification or to meet the
Customer face-to-face.
f) IP Intermediary will undertake to retain CDD information and documents for at least 5 years, or longer
if required under local regulatory requirements and that these documents will be available on request
with reasonable notice.
g) Where reliance is placed by the IP on a third party, a complete CDD profile on the third party on whom
reliance is being placed by the IP must be on file.
Yes Yes Yes
Yes Yes Yes
Yes Yes Yes
Yes Yes Yes
Yes Yes Yes
Yes No No
h) Confirmation of regulated status is required. Where applicable Yes Yes
i) Confirmation that /Intermediary will identify and verify any Investors/Beneficial Owners/Beneficiaries of
the Fund / account equivalent to local regulatory and legislative requirements and the Wolfsberg
principles.
k) Customer Due Diligence, including EDD as required, is undertaken for the Customer/Connected Parties
for each entity type and the IP undertakes to bring to the attention of HSBC any Investors or Key
Controllers that have a heightened financial crime risk, negative media, or produce a screening hit, prior
to the dealing date.
l) There is a sufficient number of staff trained to the appropriate level in order to meeting the requirements
above.
m) That IP/ Intermediary will advise if its license or registration is revoked or if the circumstances relating
to the Customers introduced have changed. A complete CDD profile on the Intermediary must be kept
on file and kept up to date
No Yes Yes
Yes Yes Yes
Yes Yes Yes
Yes Yes Yes
INTERNAL
Page | 156

n) There are procedures and training in place to detect and prevent the commission of an offence relating
to money laundering and financing of terrorism
o) IP / Intermediary consents to testing of the above requirements, as requested by HSBC to provide
ongoing assurance that it is a suitable party on which to rely. This also includes agreement to perform
testing of TA where the IP is the third party.
p) Intermediary will provide information on:
number of accounts with incomplete CDD, KRIs/KPIs/SLAs,
correspondence with Regulators,
Suspicious Transaction reports filed (full details),
staff turnover/vacancies,
complaints received and their disposition,
impact of actual or proposed Regulatory changes and any other material issues in line with testing
requirements.
q) IP Intermediary will attend Fund Board meetings no less often than quarterly and other meetings as
required to report on the above.
Yes Yes Yes
Yes Yes Yes
No Yes Yes
Yes Yes Yes
r) "Systems used for AML/KYC purposes by IP must be fit for purpose in line with the requirements of the
local Regulations" Yes No No
s) IP may not to be sold without express written consent of HSBC. Yes No No
t) IP must provide register information after each dealing date for screening against sanctions’ lists or any
other lists as deemed appropriate by HSBC or for any other lawful purpose such as marketing.
Yes No No
u) IP will hold and make available with reasonable notice customer files for five years (or longer if local
regulations require) after final redemption to investor.
Yes
No
No
v) IP will provide the SLA relating to incomplete cases over sixty days old. Yes No No
w) IP/Intermediary must notify HSBC of any changes to local legislation / regulation that may impact their
ability to deliver the service outlined within the agreement.
x) IP/Intermediary will maintain data security and the confidentiality of CDD information in line with local
regulatory requirements.
Yes Yes Yes
Yes Yes Yes
y) IP/Intermediary consents under a formal written agreement to be relied upon to the extent set out above. Yes Yes Yes
INTERNAL
Page | 157

10. Insurance Specific CDD Procedures (for
customers where the standard CDD Procedures are
not applicable)
Key Objective
How will the
Objective be
achieved?
To summarise the identification, assessment and mitigation of the risks
associated with insurance products which pose a risk of Financial Crime,
and/or where HSBC could be used as a conduit for Financial Crime activities.
Insurance products can pose specific risk attributes which can be distinct form
the level of the standard ID&V, KYC and general EDD requirements. Hence, a
different level of due diligence is required for these types of insurance products
in certain situations.
Scope of Section
This Section outlines the ID&V procedures with respect to the following:
10.1. Introduction
10.2. CDD Requirements for Customers with Minimal Risk Insurance
Products
Related Sections
Global Customer Type CDD Procedural Standards
Global AML Insurance Standard
Chapter 3 – Screening
Chapter 1 – Individuals ID&V
Chapter 2 – Individuals KYC
INTERNAL
Page | 158

10.1 Introduction
10.1.1 Insurance products can be purchased by a Customer within any Line of Business (LoB).
10.1.2 In the context of Insurance for CDD purposes, a Proposer, Applicant or Policyholder will be
considered customers.
10.1.3 The level of Customer Due Diligence (CDD) required varies depending on the type of insurance
product purchased by Customer.
10.1.4 There are subsets of insurance products that are categorised as Minimal Risk Insurance
Products 59 and Lower Risk Insurance Products 601 .
10.1.5 A Minimal Risk Insurance Product is a product which has all of the following characteristics:
Non-life Insurance policy
Duration of 12 months or less;
No surrender or maturity value;
No investment value;
Only pays out on loss from an insured event; and
Additional/top up payments by a Customer is not possible.
10.1.6 A Lower Risk Insurance Product is a product which has all of the following characteristics:
Pure Protection Insurance policy (Including Temporary Insurance Protection)
Duration of certain period or specific “term” of years;
Fixed rate of premium; with no additional/top up payments available;
Low cost premium 61
No investment value;
No surrender or maturity value; and
Only pays out on loss from insured event
A list of Minimal Risk and Lower Risk Insurance Products will be maintained by Insurance FCC
and reported to GAMLO.
59 Examples include Motor, Household, Travel and Pet.
60 Examples include Term assurance, Critical Illness and Income Protection.
61Annual premium the lesser of USD$1000 or EUR€1000 or a single premium the lesser of USD$2500 or EUR€2500.
INTERNAL
Page | 159

10.1.7 Where countries offer a “Insurance” product that complies with all the attributes of a Lower Risk
Insurance Product, they must obtain agreement from Group Insurance Compliance for the
product to be treated as or Lower Risk to enable application of reduced due diligence. Once
agreement has been obtained; the details of the product must be recorded locally.
10.1.8 For all other types of Insurance product, full CDD must be performed, in accordance with the
Customer Type.
10.2 CDD Requirements for Customers with Minimal Risk Insurance
Products
10.2.1 The following table outlines the levels of CDD required, for customer purchasing Minimal Risk
Insurance Products.
Figure 10.1: CDD Requirements
Customer Type
Minimal Risk Insurance Products only
Existing HSBC customer (is
not a standalone Insurance
customer )
HSBC standalone Insurance
customer
All Customer Types
Individual*
Customers
All customer types
(excluding
individuals)
Use existing CDD (as per Customer type)
Where attestation is being utilised, ensure that the CDD
profile lists the Insurance product to be purchased /
purchased and the HSBC entity providing the product (for
further guidance on Attestation refer to CDD Process –
Chapter 6.9 Approvals)
CDD applies (see section 10.2.2), provided that the
Individual is not a true match for screening (reference to
screening Chapter 3 – Resolution of Screening matches)
Full CDD required (as per Customer type)
* Including Sole traders purchasing insurance policies in their own name. This would not include sole
traders purchasing insurance policies in the name of the sole trader entity.
10.2.2 The information requirements and the CDD process for customers purchasing Minimal Risk
Insurance Products is summarised in the table below:
INTERNAL
Page | 160

Figure 10.2: CDD - Information Requirements for customers purchasing Minimal Risk Insurance Products
CDD Process for Customers purchasing Minimal Risk Insurance Products only
At On - Boarding At Payment
Identification Requirements
Full Name;
Date of Birth;
Residential Address 611
Nationality(where legally permissible);
Yes No*
Verification No Yes**
Screening against Sanction and Counter Yes Yes
Terrorist Financing Lists
FCC RAM Rating No*** n/a
*Identification at payment – If the sum assured recipient is different to the original applicant then identification and
verification is required.
**Unless the sum assured is to be credited to the same bank account from which the payment was received.
***An FCCR of Low Risk will apply unless identified as a true match for sanction screening.
10.3 CDD Requirements for Customers with Lower Risk Insurance
Products
10.3.1 The information requirements and the Reduced Due Diligence process for customers purchasing
Lower Risk Insurance Products is available Individuals ID&V and KYC sections above.
62 “Residential address” as defined in the Glossary.
INTERNAL
Page | 161