RBWM CDD Customer LoBP Refresh October 2016 Final 2 31102016
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Global <strong>Customer</strong> Due Diligence (<strong>CDD</strong>)<br />
Global <strong>RBWM</strong> <strong>Customer</strong> Line of Business<br />
Procedures (<strong>LoBP</strong>s)<br />
<strong>October</strong> <strong>2016</strong><br />
INTERNAL<br />
Page | 1
Revision History<br />
Date Version Status Prepared by Comments<br />
8 th June 2015 1.0 Draft James Thompson First re-fresh produced following<br />
review of snagging list items<br />
15 th June 1.1 Draft James Thompson Reviewed with GAMLO, <strong>RBWM</strong> FCC<br />
and <strong>RBWM</strong> Business. Amendments<br />
tracked in document and issued for<br />
review<br />
19 th June 1.2 Draft James Thompson Updated following review meeting<br />
30 th July 1.3 Draft Alan Clare Updated based on feedback from<br />
Lynda Cassell and her approval of<br />
changes<br />
7th Oct 1.4 Publication James Thompson Separated Governance <strong>LoBP</strong> from<br />
this document; updated reference<br />
numbers and minor formatting<br />
corrections completed<br />
24 March <strong>2016</strong> 1.5 Draft Jane Fletcher Updates to <strong>LoBP</strong> post <strong>RBWM</strong><br />
FCC/AML and GAMLO review<br />
18 April <strong>2016</strong> 1.6 <strong>Final</strong> Draft Jane Fletcher Updates from GAMLO<br />
13 July <strong>2016</strong> 1.7 <strong>Final</strong> James Thompson July <strong>2016</strong> - <strong>Final</strong><br />
28 Sep <strong>2016</strong> 1.8 Draft Jane Fletcher <strong>LoBP</strong> refresh with Group Policy<br />
driven changes<br />
31 Oct <strong>2016</strong> 1.9 <strong>Final</strong> James Thompson <strong>October</strong> <strong>2016</strong> - <strong>Final</strong><br />
Sign Off<br />
Role Name Sign-off Date<br />
Global Head of FCC & MLRO Robert Werner 25/10/16<br />
SVP Global Head of AML Policy Lynda Cassell 10/8 &<br />
5/10 (QC&QA)<br />
Global Head of AML, FC Compliance Barbara Patow 12/8 &<br />
5/10 (QC&QA)<br />
<strong>RBWM</strong> Policy Approval Committee Committee Members 12/8 & 2/9 (QC&QA)<br />
INTERNAL<br />
Page | 2
INTERNAL<br />
Page | 3
1. Introduction to Individuals and their Identification<br />
and Verification (ID&V)<br />
Key Objective<br />
How will the Objectives<br />
be achieved?<br />
To understand who HSBC’s Individual <strong>Customer</strong>s are and who HSBC is doing business<br />
with in order to safeguard against Financial Crime Risks.<br />
This section outlines the Identification and Verification (ID&V) procedures for Individuals on<br />
a risk based approach:<br />
<br />
<br />
Identification – identifying who the Individual <strong>Customer</strong> and their Connected<br />
Parties are by obtaining information on their identity; and<br />
Verification – verifying some or all of the information obtained using reliable and<br />
independent documentary and/or electronic sources.<br />
This section details the specific ID&V requirements for all Individual <strong>Customer</strong>s of HSBC<br />
and their Connected Parties.<br />
Scope of Section<br />
1.1 Introduction<br />
1.2 Individual <strong>Customer</strong> Types – Key Definitions<br />
1.3 Definitions of Connected Parties<br />
1.4 Risks associated with Individuals<br />
1.5 Risks associated with Connected Parties<br />
1.6 ‘<strong>Customer</strong> type’ risk classification<br />
1.7 Reduced Due Diligence<br />
1.8 ID&V - Requirements for an Individual <strong>Customer</strong><br />
1.8 ID&V - Requirements for Connected Parties<br />
1.9 Vulnerable Persons and Other Special Cases<br />
1.10 Other Considerations<br />
Related Sections<br />
Guidance sources<br />
Chapter 2 – Know Your <strong>Customer</strong> (KYC) – baseline content applicable to all Individuals<br />
Chapter 3 – Enhanced Due Diligence (EDD) – baseline content applicable to all Individuals<br />
Joint Money Laundering Steering Group (JMLSG) Part I: 5.3.7 – 5.3.114, Part II, Part III<br />
2005/60/EC – Third EU Directive on Anti-Money Laundering (AML)<br />
Guidance on <strong>Customer</strong>s Identification Regulations: CIP <strong>Final</strong> Rule<br />
Global Anti-Money Laundering Policy: <strong>CDD</strong> Standards<br />
INTERNAL<br />
Page | 4
1.1 Introduction<br />
1.1.1 This chapter outlines the definitions, risks and requirements for Individual <strong>Customer</strong>s (“<strong>Customer</strong>”)<br />
and their Connected Parties.<br />
1.1.2 This chapter also details the specific ID&V requirements for Individual <strong>Customer</strong>s and their<br />
Connected Parties. It is essential that HSBC identifies all Individual <strong>Customer</strong>s from verifiable<br />
information to ensure that they are indeed the person they are claiming to be.<br />
1.1.3 ID&V is a two-step process:<br />
a) Identification – identifying who the <strong>Customer</strong> and their Connected Parties are by<br />
gathering information about their identity; and<br />
b) Verification – verifying some or all of the identity information gathered using reliable and<br />
independent documentary and/or electronic sources.<br />
1.2 Individual <strong>Customer</strong> Types – Key Definitions<br />
1.2.1 An Individual <strong>Customer</strong> is a natural person who is the holder of the account.<br />
1.2.2 For the purpose of <strong>Customer</strong> Due Diligence (<strong>CDD</strong>), <strong>RBWM</strong> has established two <strong>Customer</strong> Types<br />
within the Individual <strong>Customer</strong> Type Family:<br />
Figure 1.1: Individual <strong>Customer</strong> Types<br />
Retail Individual<br />
A natural person managed in Retail Banking and Wealth Management (<strong>RBWM</strong>) and not a<br />
HNWI (refer to HNWI definition below).<br />
High Net Worth<br />
Individual (“HNWI”)<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
A natural person who is managed outside of Global Private Bank GPB and is either:<br />
Premier Top Tier <strong>Customer</strong>, or has equivalent Total Relationship Balance (TRB) in that<br />
market; or<br />
Where Premier Top Tier is not available, Total Relationship Balance (TRB) with HSBC<br />
equal to or greater than USD 1 million.<br />
TRB is defined as the aggregate of:<br />
Deposits (both local and foreign currency): Current Accounts, Savings and Deposit<br />
Accounts (including Term Deposits such as Time Deposits, Certificates of Deposit)<br />
Investments: Mutual Funds (including UT), Structured Products, Securities Trading<br />
(Stocks / Shares and Bonds purchased and held in HSBC Trading facilities), Other<br />
Investments<br />
Insurance: Life, Pension & Investment Insurance (LPI) products (using policyholder<br />
liability as a proxy for aggregate customer balances as necessary) including<br />
Discretionary Participation Features (DPF) / profit fund, unit linked, annuity, universal<br />
life, Mandatory Provident Fund (MPF). Excludes pure protection products such as Whole<br />
of Life and Term Life.<br />
Note: TRB is calculated excluding Credit Enhancement Services Insurance and General<br />
Insurance products, pure Protection Insurance products as well as Mortgage or other Loan /<br />
Asset balances.<br />
1.2.3 The following table provides further information about each of the different Individual <strong>Customer</strong><br />
Types and the HSBC Products and Services characteristics:<br />
INTERNAL<br />
Page | 5
Figure 1.2: Individual <strong>Customer</strong> Types – Features, Products and Services<br />
Type Features Products and Services<br />
Retail<br />
<br />
<br />
Mass consumer<br />
market<br />
Multiple entry<br />
channels: online,<br />
walk-in, referrals from<br />
within HSBC,<br />
telephone via Contact<br />
Centre<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Retail Bank Account<br />
Additional services: provision of credit cards, insurance, loans,<br />
savings products<br />
Share dealing<br />
Basic Wealth Management products; such as savings and<br />
investments, pensions, life products<br />
Foreign currency accounts<br />
Retail <strong>Customer</strong>s with TRB threshold to be defined, will be subject<br />
to additional <strong>CDD</strong> requirements (e.g. Source of Funds, Source of<br />
Wealth questions, defined in the relevant sections of the KYC<br />
Chapter).<br />
Private Holding Trusts, Private Investment Corporations, Private<br />
Investment Funds<br />
Wealth Management Services in more than one jurisdiction.<br />
HNWI<br />
<br />
<br />
<br />
<strong>Customer</strong>s typically<br />
have dedicated<br />
Relationship<br />
Managers but this is<br />
not mandatory<br />
Multiple entry<br />
channels: online,<br />
walk-in, referrals from<br />
HSBC, telephone via<br />
Contact Centre<br />
Likely to have<br />
relationships across<br />
HSBC territories and<br />
entities<br />
<br />
In addition to the above services for the retail segment, key<br />
services include:<br />
<strong>Customer</strong>s who subscribe to Discretionary Portfolio Management 1 ,<br />
discretionary advisory services or equivalent product and service<br />
offerings<br />
<br />
<br />
<br />
<br />
Access to equities, fixed income, FX, structured products and<br />
mature funds<br />
Ad hoc financial advice on investment needs (typically for pension<br />
provision, long-term savings and investments) and establishing<br />
Trusts via referrals<br />
Share dealing (execution only transactions carried out on receipt of<br />
instructions from the Individual)<br />
International banking services<br />
Channels<br />
1.2.4 Individuals can be on-boarded to HSBC through various channels. These procedures use the<br />
following terms:<br />
Figure 1.3: On-boarding Channels<br />
Face-to-face<br />
Non Face-to-face<br />
Intermediary<br />
<br />
<br />
<br />
<br />
<br />
At on-boarding, the Individual <strong>Customer</strong> has face-to-face contact with HSBC. As an<br />
example, this would encompass all individuals that come to a branch in person in<br />
order to open accounts.<br />
Where an account is opened in <strong>RBWM</strong> through the International Banking Centre (IBC)<br />
for an existing customer of the referring booking office, the account may also be<br />
classified as face-to-face at account opening.<br />
At on-boarding, the Individual <strong>Customer</strong> deals with HSBC through telephone, internet,<br />
mobile banking, and postal applications only and there is no face-to-face contact<br />
during this process.<br />
Where the customer is introduced by an HSBC approved intermediary and has been<br />
seen by the intermediary face-to-face, it is acceptable to follow the guidance for faceto-face<br />
business<br />
Where the customer has not been seen face-to-face by the intermediary or where the<br />
intermediary has not been approved by HSBC then non face-to-face guidance must<br />
be applied<br />
1<br />
This is HSBCs internal terminology<br />
INTERNAL<br />
Page | 6
Residency<br />
1.2.5 <strong>CDD</strong> also considers the residency status of the <strong>Customer</strong>. Three key terms apply in these<br />
procedures:<br />
Figure 1.4 Residency Definitions for Individual <strong>Customer</strong>s<br />
Resident Individual<br />
<strong>Customer</strong>s<br />
Non-Resident<br />
Individual<br />
<strong>Customer</strong>s<br />
Tax Residency<br />
A <strong>Customer</strong> whose permanent residential address is in the same country as the HSBC<br />
booking office. In predominately expat markets, it is a customer whose current mailing and<br />
residential addresses on file are in the same country as the HSBC booking centre<br />
A <strong>Customer</strong> whose permanent residential address is not in the same country as the HSBC<br />
booking office.<br />
The tax residence status of a <strong>Customer</strong> generally determines which country has the<br />
primary right to tax that person's income. It does not necessarily mean that tax has to be<br />
paid in that country and the <strong>Customer</strong> may also have tax liabilities in countries in which<br />
they are not tax resident (for example, if they own a rental property in that country).<br />
The definition of tax residence may vary between countries and will depend in each case<br />
on a number of factors, for example, where a <strong>Customer</strong> lives or, if the <strong>Customer</strong> is an<br />
Entity, where that Entity is incorporated. Other circumstances that may be taken into<br />
account include the number of days spent in a country or where the <strong>Customer</strong>'s centre of<br />
economic interest is.<br />
<br />
<br />
<br />
<br />
It is possible to have more than one residence for tax purposes ("dual residence").<br />
If a <strong>Customer</strong> is tax resident in more than one jurisdiction each location should be<br />
recorded.<br />
Although extremely rare, it is also possible for a <strong>Customer</strong> to be not tax resident in<br />
any jurisdiction. Any claims by <strong>Customer</strong>s that they are not tax resident in any<br />
country should be treated with caution and further validation sought.<br />
Important Note: Country of Tax Residence will be provided by the <strong>Customer</strong>.<br />
Documentary evidence such as a tax certificate issued by tax authorities, is not<br />
mandatory, unless it is a local regulatory requirement or pursuant to HSBC's own<br />
risk.<br />
If the <strong>Customer</strong> confirms to HSBC that he/she has tax filing obligations based on<br />
citizenship or nationality or other criteria rather than residency, this information (i.e.<br />
Country of tax obligations) should also be captured in the customer's profile. If the<br />
<strong>Customer</strong> confirms to HSBC that he/she has tax filing obligations based on<br />
citizenship or nationality or other criteria rather than residency, this information (i.e.<br />
Country of tax obligations) should also be captured in the customer's profile.<br />
1.3 Definitions of Connected Parties<br />
1.3.1 In the context of an Individual, Connected Parties may be Natural Persons or Entities which may<br />
exercise control over individual customers, examples of which are cited in the table below.<br />
INTERNAL<br />
Page | 7
Figure 1.5: Connected Parties associated with an Individual <strong>Customer</strong><br />
Level of<br />
Influence over<br />
the account<br />
Control<br />
Direct<br />
Contribute<br />
INTERNAL<br />
Roles Example Details and Relationship<br />
Full access and control<br />
over the account<br />
Partial access and control<br />
over the account.<br />
Access and control will be<br />
established in line with<br />
their level of authorisation<br />
and responsibility towards<br />
the account<br />
Contribution to Source of<br />
Wealth or Source of<br />
Funds, i.e. transfers of<br />
funds to account or<br />
account holder outside<br />
the normal course of<br />
business<br />
Guardian/Parent<br />
Additional card holder/<br />
credit card holder<br />
Third parties given<br />
access to Safe Deposit<br />
Box<br />
Executor/Administrator<br />
Investment Advisor and<br />
Asset Manager<br />
Third Party Authority<br />
Contributor to source of<br />
wealth (other)<br />
A natural person or entity invested with the<br />
power, and charged with the obligation, of<br />
taking care and managing the property and<br />
rights, of a person who, because of age,<br />
understanding, or self-control, is<br />
considered incapable/unable of<br />
administering his or her own affairs (see<br />
1.3.3 and Table 1.6 PoA and PoAd below)<br />
A natural person or entity authorised to<br />
have an additional credit card on the<br />
<strong>Customer</strong>’s credit card account.<br />
A natural person who has access to safe<br />
deposit services provided by HSBC. Safe<br />
deposit services allow the <strong>Customer</strong> to<br />
store their possessions within HSBC’s<br />
vault or premises.<br />
A natural person or entity responsible for<br />
executing, or following through on an<br />
assigned task or duty usually relating to<br />
the execution of a last will and testament.<br />
A natural person or entity responsible for<br />
investment decisions, managing,<br />
executing, or following through on an<br />
assigned task or duty usually relating to<br />
discretionary asset management.<br />
Where a <strong>Customer</strong> has provided another<br />
individual with signing authority over the<br />
account.<br />
A Contributor is defined as an individual<br />
(e.g. a spouse or parent) that provides<br />
more than USD 10k per month where this<br />
accounts for over 50%of an <strong>RBWM</strong><br />
customer's source of funds. The funds<br />
could either be deposited into the<br />
customer's account as a single payment or<br />
could be split into multiple payments paid<br />
into one or more accounts.<br />
In the event that two or more persons<br />
jointly provide a customer with more than<br />
USD 10k per month but, individually, they<br />
each provide less than this threshold<br />
value, these individuals would not meet the<br />
definition of a contributor.<br />
In the case of accounts held by Students<br />
and Insurance policies, where<br />
contributions are made equal to or greater<br />
than USD 75k per year then, subject to<br />
local data privacy laws, the contributor<br />
must be identified (full name, DoB,<br />
residential address) as a Connected Party<br />
to the Policy and screened on a regular<br />
basis. If local data privacy laws prevent<br />
retaining information on the Contributor,<br />
(refer to Global Data Privacy and<br />
Information Governance Guidelines) a<br />
Page | 8
Level of<br />
Influence over<br />
the account<br />
Beneficiary<br />
(for Insurance<br />
Contracts)<br />
Guarantor<br />
Roles Example Details and Relationship<br />
No influence over<br />
policy but value<br />
recipient. Recipient of<br />
funds following an<br />
event.<br />
No influence over the<br />
account but funds<br />
provider in the event<br />
the customer is<br />
unable to make<br />
repayment<br />
Beneficiaries under a<br />
pension or retirement<br />
scheme<br />
Specific parties due to<br />
benefit from any<br />
Insurance payment<br />
Guarantors for personal<br />
lending<br />
deviation to the <strong>RBWM</strong> Global <strong>LoBP</strong> must<br />
be sought.<br />
Furthermore, an employer paying a<br />
customer their monthly salary is not<br />
considered a contributor as this would<br />
constitute ‘normal course of business’<br />
Parties who benefit from a collective<br />
pension or retirement scheme.<br />
Parties who have been named on the<br />
Insurance policy to receive payment in the<br />
event of an insurable event occurring.<br />
A Guarantor is a party that agrees to be<br />
responsible for a Borrower’s debt or the<br />
Borrower’s performance of its financial<br />
obligations under a contract if the Borrower<br />
fails to meet its obligations.<br />
1.3.2 Connected Parties that are classified in the “Control” or “Direct” categories will either have a legal<br />
right over the <strong>Customer</strong> (e.g. a parent of a minor child) or will be appointed in this capacity by the<br />
<strong>Customer</strong>. Outside of HSBC’s bank documentation (e.g. third party mandate), there may or may<br />
not be a formal legal arrangement in place between the <strong>Customer</strong> and their Connected Party.<br />
1.3.3 Arrangements such as a Power of Attorney 2 (“PoA”) and Power of Administration (“PoAd”) are<br />
examples of legally binding arrangements in which the <strong>Customer</strong> nominates another Individual (or<br />
entity) who is not the account holder to be responsible for some elements of operating the account.<br />
Figure 1.6 outlines the definitions of each.<br />
Figure 1.6: PoA and PoAd<br />
Power of Attorney (“PoA”) A PoA can hold a number of different roles on an account. The role will be<br />
specified in the legal arrangement in place.<br />
A PoA may be held by a natural person or entity, such as a Law Firm, Trust, or<br />
another Corporate Entity.<br />
Typical restrictions in these arrangements include limitations around account<br />
closure, appointment of alternative or additional PoA representatives, changes<br />
to mailing addresses.<br />
Power of Administration<br />
(“PoAd”)<br />
<br />
<br />
<br />
A PoAd is an administrative mandate held over an account. The scope of the<br />
role will include the authority to manage assets held on a discretionary basis<br />
and can include the authority to take out credit facilities.<br />
The PoAd may be held by a natural person, an entity such as an External<br />
Asset Manager or another HSBC entity.<br />
Typical restrictions in these arrangements include limitations around delegation<br />
of duties, requirements to disclose conflicts of interests, and withdrawal and<br />
deposit of funds or assets into the account.<br />
1.3.4 A joint account holder will not be treated as a Connected Party but as an Individual <strong>Customer</strong>. For<br />
<strong>CDD</strong> purposes they will have their own profile and are subject to the same requirements.<br />
2<br />
Local legal requirements relating to privilege/confidentiality should be observed.<br />
INTERNAL<br />
Page | 9
1.3.5 For the purposes of <strong>CDD</strong> the PoA / PoAd authority over the individual's account must be verified.<br />
For example, by obtaining a certified copy of the PoA document. For clarity, within Insurance a<br />
“joint account holder” will be taken to mean a joint policy holder and as such would be treated as<br />
an Individual <strong>Customer</strong>. Therefore, each policy holder will be treated as a customer.<br />
1.4 Risks associated with Individuals<br />
1.4.1 There are a number of financial crime risks inherent in dealing with Individuals and, where<br />
applicable, their Connected Parties. Retail Individuals are often regarded as being lower risk as<br />
they utilise standard banking products and less sophisticated services and are most commonly<br />
domestic in nature. HNWIs and GPB <strong>Customer</strong>s can represent a higher risk due to the types of<br />
products and cross-border services they might require and the complexity of their financial affairs.<br />
Key Risks for the Individual <strong>Customer</strong><br />
1.4.2 The following table outlines key risks associated with the Individual as the <strong>Customer</strong>:<br />
Figure 1.7: Key Risks Table for the <strong>Customer</strong><br />
Country<br />
Source of Wealth<br />
Products and<br />
services<br />
Impersonation<br />
risk<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<strong>Customer</strong>s engaging in cross-border transactions may pose a higher risk to HSBC as it<br />
is more difficult to understand and trace the nature and origin of such transactions. The<br />
risk is increased where a Country is defined as High Risk as per the Financial Crime<br />
Country Risk Model (FCCRM)<br />
Particular attention should be paid to identifying transactions or business relationships<br />
with Sensitive Sanctioned Countries (see Global Sanctions Policy), individuals from<br />
such countries or individuals that are specifically listed on sanction lists.<br />
<strong>Customer</strong>s banking in one or more jurisdictions and residing in another may pose<br />
additional risk to HSBC, due to potential lack of tax transparency, the complexity of their<br />
financial affairs and data sharing/banking secrecy limitations, particularly if HSBC does<br />
not have a presence in one of those jurisdictions<br />
Wealth accumulated by an individual could have been obtained by illicit means.<br />
Consequently, the source of wealth is inherently a key risk factor in the assessment of a<br />
<strong>Customer</strong>.<br />
<strong>Customer</strong>s may have accounts with multiple financial institutions across multiple<br />
jurisdictions. This may make it more difficult to form a complete picture of the <strong>Customer</strong>,<br />
their Source of Wealth and Total Net Worth. Such complexity may also be more difficult<br />
for an institution to assess accurately the true purpose and business rationale for<br />
individual transactions.<br />
Certain products available to <strong>Customer</strong>s may carry higher risk indicators. Examples<br />
include, but are not limited to:<br />
Extending credit to <strong>Customer</strong>s who use their assets as collateral poses a money<br />
laundering risk unless the lender is satisfied that the origin and source of the underlying<br />
asset is legitimate. This risk may be higher where the loan is made in one jurisdiction<br />
and collateral is held in another.<br />
There may be a risk that the stated purpose of account does not correlate to the actual<br />
activity. An example of the risk is where an Individual who is self-employed conducts<br />
business activity through their personal accounts.<br />
HNWIs and private banking Individual <strong>Customer</strong>s can have the financial means and<br />
knowledge to access flexible and complex financial products and services. The<br />
complexity of services and products can favour anonymity and facilitate the different<br />
stages of money laundering.<br />
There is an inherent risk with Individuals that they are not the person they are claiming<br />
to be (impersonation fraud). The risk of impersonation is heightened when the<br />
<strong>Customer</strong> is opening an account through a non-face-to-face channel.<br />
INTERNAL<br />
Page | 10
1.5 Risks associated with Connected Parties of Individuals<br />
1.5.1 The relationship of the <strong>Customer</strong> with HSBC becomes more complex where there are Connected<br />
Parties involved.<br />
1.5.2 If the Connected Party is an Individual, some or all of the same risks as laid out in Figure 1.8 below<br />
apply, depending on the nature of the Connected Party. Similarly, if the Connected Party is a<br />
corporate entity, refer to Chapter 6 for the risks associated with that customer type.<br />
1.5.3 The following table outlines key additional risk considerations inherent for <strong>Customer</strong>s with<br />
Connected Parties:<br />
Figure 1.8: Key risk table Connected Parties<br />
Financial crime risk<br />
Abuse of Power of Attorney<br />
(“PoA”) / Power of<br />
Administration (“PoAd”)<br />
<br />
<br />
<br />
<br />
<br />
Connected parties have influence, if not full control, over the account of the<br />
<strong>Customer</strong> and they can direct the flow of funds or transfer funds to or out of<br />
the account independently. Therefore, the possibility of the account being<br />
used by a Connected Party for money laundering purposes exists.<br />
The Connected Party may also be an Individual or an entity that is<br />
sanctioned or may otherwise be precluded from conducting transactions or<br />
payments in their own right and may be using the <strong>Customer</strong>’s account for<br />
their own purposes.<br />
Where the Connected Party is an entity it is important to “look through” the<br />
entity and identify its Owners and Key Controllers, as they have the potential<br />
to exploit the entity’s relationship with the <strong>Customer</strong> to commit Financial<br />
Crimes. These risks may not be apparent if only the entity itself is<br />
considered.<br />
The use of a PoA, fiduciary relationship or other Connected Party to the<br />
account, other than the <strong>Customer</strong> itself, may also represent a risk of tax<br />
evasion to conceal ultimate beneficial ownership of the assets or income<br />
derived from the HSBC account and subject to taxation.<br />
The authority or powers that the Connected Party may have over the HSBC<br />
account; e.g. mandate only to collect information from the account, mandate<br />
to withdraw or transfer or use funds of the account, mandate to sign on the<br />
account, may be used for the purposes of the Connected Party. These may<br />
not be in line with the <strong>Customer</strong>s’ best interest or may be entirely selfserving.<br />
1.5.4 As the relationship with a <strong>Customer</strong> evolves over time, there may be changes associated with the<br />
<strong>Customer</strong>, their connected parties and/or the products and services they hold with HSBC; all of<br />
which may impact the risks associated with the <strong>Customer</strong> relationship. These should be considered<br />
as Trigger events and must lead to a review of the <strong>CDD</strong> profile and in some cases re-approval of<br />
the <strong>CDD</strong> profile, and the relationship with the <strong>Customer</strong>, would be required. (Reference Process<br />
Chapter 4 Periodic and Event Driven Reviews).<br />
1.6 ‘<strong>Customer</strong> type’ risk classification<br />
1.6.1 Individuals are risk rated according to the key risk factors identified in the FCC-RAM<br />
1.6.2 Where the <strong>Customer</strong>, or one of their Connected Parties, is a PEP, or meets other SCC classification<br />
criteria, the <strong>Customer</strong> must be risk rated SCC. (Reference Process Chapter 10 Restricted and<br />
Prohibited <strong>Customer</strong>s, Special Categories of <strong>Customer</strong>s (SCCs) and Prohibited Products)<br />
INTERNAL<br />
Page | 11
1.6.3 Where a <strong>Customer</strong> is considered to be a HNWI, High Risk or SCC, Enhanced Due Diligence (EDD)<br />
will be performed. The procedures for HNWI, High Risk <strong>Customer</strong>s/SCC are included within the<br />
KYC chapter for Individuals.<br />
1.6.4 Where there are concerns regarding the nature and purpose of the Individual’s account, the<br />
<strong>Customer</strong> should be escalated to Business Risk/FCC to determine what action should be taken,<br />
including the requirement to conduct Enhanced Due Diligence (EDD) and the determination of the<br />
appropriate Financial Crime Risk Rating (FCRR).<br />
1.7 Reduced Due Diligence for Lower Risk Product Types<br />
1.7.1 Within <strong>RBWM</strong>, products exist that have limitations on the value that can be passed through them<br />
and / or that are limited in their functionality, such that they present a lower risk of being used to<br />
facilitate money laundering Certain products offered by <strong>RBWM</strong> are deemed "lower risk" as the<br />
account functionality and transaction limitations (e.g. value/volume of transactions) means that the<br />
risk of abuse by money launderers may be considered low.<br />
1.7.2 Types of lower risk products include:<br />
<br />
<br />
<br />
<br />
<br />
Payroll Accounts<br />
Retirement or Benefits Accounts e.g. Social Security<br />
Credit Cards<br />
Certain Government mandated accounts<br />
Certain basic bank account products designed to enable financial inclusion<br />
1.7.3 While credit cards are also considered to be low risk from a money laundering perspective due to<br />
the existence of credit limits, monthly repayments and other scheme obligations, they provide<br />
greater functionality and additional payment options (e.g. cross border transactions, third party<br />
repayments etc.) when compared with another "lower risk" product.<br />
1.7.4 For any product to qualify as lower risk, where Reduced Due Diligence (RDD) is to be applied,<br />
approval needs to be sought as per the Product Approval form. (See Appendix 3)<br />
1.7.5 <strong>CDD</strong> requirements for Minimal Risk Insurance products are subject to the requirements set out in<br />
<strong>CDD</strong> <strong>Customer</strong> Chapter 10.<br />
1.7.6 Reduced Due Diligence can be applied where the customer holds one or more lower risk products,<br />
unless a lower risk product is combined with a credit card e.g. payroll account and credit card.<br />
<strong>Customer</strong>s meeting the RDD criteria to hold such lower risk products alone, will by default, be risk<br />
rated as low.<br />
1.7.7 The combination of a lower risk product and a credit card could create a relationship which offers<br />
the customer the same functionality as a standard risk product (e.g. a current account). A full<br />
customer relationship is therefore considered to exist which requires <strong>CDD</strong> to be conducted. In<br />
summary:<br />
a) <strong>Customer</strong>s applying for more than one lower risk product continue to be subject to RDD<br />
unless;<br />
b) A customer with one lower risk product applies for a credit card, then <strong>CDD</strong> is required,<br />
or<br />
c) If the customer has up to four credit cards within any one brand / entity / (in the same<br />
name and same jurisdiction) then RDD applies. <strong>CDD</strong> should apply where this criteria is<br />
no longer met.<br />
d) High Risk/SCC/PEP customers are not eligible for RDD.<br />
INTERNAL<br />
Page | 12
e) RDD should not be applied where there are Sanctions screening hits.<br />
1.7.8 Where these low risk products exist, countries may apply a reduced level of <strong>CDD</strong> to support the<br />
principles of financial inclusion and to recognise the appropriate reduced risk associated with these<br />
products.<br />
1.7.9 With the exception of credit cards, Countries must identify all lower risk products to which Reduced<br />
Due Diligence standards should apply (as outlined in this <strong>LoBP</strong>) and approval must be sought from<br />
both 1st and 2nd Line of Defence. 1st Line of Defence Approval must be sought through the <strong>RBWM</strong><br />
<strong>CDD</strong> Exco (following approval at Country and Regional level). 2nd Line approval is required from<br />
the <strong>RBWM</strong> Head of AML (at a Country, Regional and Global level).<br />
1.7.10 Appendix 3 provides a copy of the RDD Product Approval Form which should be completed and<br />
submitted to the above approval authorities for each product.<br />
1.7.11 Appendix 4 details the RDD Product Approval Log which should be used to detail each product for<br />
which lower risk product approval has been granted, following the above approval process.<br />
Countries should complete and maintain this log as an auditable record of their lower risk products.<br />
1.7.12 In the event that a country is unable to apply the full Reduced Due Diligence requirements as<br />
outlined in this <strong>LoBP</strong> then a dispensation against the Global AML Policy would be required.<br />
1.8 ID&V - Requirements for an Individual <strong>Customer</strong><br />
Reduced Due Diligence<br />
1.8.1 For lower risk products, where reduced due diligence may be applied (see 1.7 above) the ID&V<br />
requirements below should be followed:<br />
Figure 1.9: Minimum ID&V requirements for Reduced Due Diligence<br />
Requirements<br />
Identification<br />
Electronic or Documentary<br />
verification<br />
Full name 3 Yes Yes<br />
Date of birth Yes Yes 4<br />
Residential address 5 Yes Yes<br />
Nationality/Citizenship (including all<br />
nationalities/ citizenships held)<br />
Country of Tax residence 6<br />
Yes<br />
Yes<br />
Verification not required<br />
3<br />
Where the <strong>Customer</strong> has another recorded name this must also be captured e.g. where the <strong>Customer</strong> has changed their name.<br />
4<br />
Unless the <strong>Customer</strong> is being electronically verified or the primary document used for documentary verification does not contain<br />
Date of Birth, subject to Business Risk/FCC approval.<br />
5<br />
"Residential address" is defined in the Glossary. If a <strong>Customer</strong> has multiple residential addresses, all must be captured. Only<br />
primary residential address needs to be verified through electronic or documentary verification<br />
6<br />
It should be noted that local or global regulatory requirements may require verification of Tax Residence. Where this is the case,<br />
such regulation must be followed<br />
INTERNAL<br />
Page | 13
7<br />
Tax Identification Number Yes 8<br />
<strong>Customer</strong> Due Diligence<br />
1.8.2 This section covers the minimum requirements for Identification and Verification of the <strong>Customer</strong><br />
at on-boarding (as set out in Figure 1.10 below).<br />
1.8.3 Non-resident <strong>Customer</strong>s are to be identified and verified in accordance with the same standard<br />
requirements as resident <strong>Customer</strong>s.<br />
Figure 1.10: Minimum ID&V requirements for all Individual <strong>Customer</strong>s<br />
Requirements<br />
Identification<br />
Electronic or Documentary<br />
verification<br />
Full name 9 Yes Yes<br />
Date of birth Yes Yes 10<br />
Residential address 11 Yes Yes<br />
Country of Tax residence 12<br />
Yes<br />
Date moved to residential address<br />
At a minimum, the<br />
city/town/region/province and country<br />
of the individual's previous addresses<br />
for the past three years<br />
Correspondence address (if different<br />
from Residential address above)<br />
Yes<br />
Yes<br />
Yes<br />
Verification not required<br />
Nationality/Citizenship 13 (including all<br />
nationalities/ citizenships held)<br />
Yes<br />
Country of Birth<br />
Yes<br />
7<br />
This is a unique Tax issued identification number that is specific only to the individual <strong>Customer</strong>. Where unavailable capture<br />
Government issued ID number. This, for example may be a passport number, the number provided on a government identity card,<br />
a drivers license number, a government benefits number or a social security number.<br />
8<br />
Unless the country does not issue identification numbers<br />
9<br />
Where the <strong>Customer</strong> has another recorded name this must also be captured e.g. where the <strong>Customer</strong> has changed their name.<br />
10<br />
Unless the <strong>Customer</strong> is being electronically verified or the primary document used for documentary verification does not contain<br />
Date of Birth, subject to Business Risk/FCC approval.<br />
11<br />
"Residential address" is defined in the Glossary. If a <strong>Customer</strong> has multiple residential addresses, all must be captured. Only<br />
primary residential address needs to be verified through electronic or documentary verification<br />
12<br />
It should be noted that local or global regulatory requirements may require verification of Tax Residence. Where this is the case,<br />
such regulation must be followed<br />
13<br />
Nationality and citizenship are used interchangeably in many jurisdictions. Local regulatory requirements may require verification<br />
of nationality/citizenship; where this is the case and legally permissible, local regulation must be followed<br />
Page | 14<br />
INTERNAL
14<br />
Tax Identification Number Yes 15<br />
1.8.4 In addition to the above minimum identification requirements, further information may be obtained<br />
to enhance the <strong>Customer</strong>’s experience or to facilitate communications with the <strong>Customer</strong>; for<br />
example, telephone number and email address. FATCA requirements may result in additional<br />
information being required for US persons.<br />
1.8.5 Post Office Box (PO Box) addresses are only permitted in Countries where complete legal<br />
addresses do not exist. If the <strong>Customer</strong> lives in an area where a PO Box is the only address<br />
possible, full details of the descriptive address (i.e. the location of the property) must be obtained.<br />
1.8.6 Where the <strong>Customer</strong> is identified as being a national/citizen of a Sensitive Sanctioned Country, or<br />
a resident of a Sensitive Sanctioned Country, the case should be escalated to FCC Sanctions.<br />
<strong>Customer</strong> Verification Requirements<br />
1.8.7 <strong>Customer</strong> Identity can be verified through the use of Electronic and/or Documentary sources. These<br />
terms, as well as those for primary and secondary documents, are defined in the glossary (see<br />
Appendix 1).<br />
1.8.8 Where available and allowed in a local jurisdiction, electronic verification of the <strong>Customer</strong> is<br />
preferable and should be attempted first. In all jurisdictions where electronic verification is to be<br />
used, the approach to be taken should be documented and submitted to the Global <strong>RBWM</strong> FCC<br />
team for sign off. If electronic verification is not possible, documentary verification should be<br />
performed.<br />
1.8.9 Two verification sources are required, unless explicitly mandated by a local regulatory initiative<br />
(with the exception of Reduced Due Diligence, see figure 1.11), irrespective of the type of source<br />
(electronic vs. documentary). However, the standard level of verification required is dependent on<br />
the verification source.<br />
1.8.10 Where the use of one source is explicitly mandated by a local regulatory initiative, and where the<br />
source containing the <strong>Customer</strong>s: full name, Date of Birth and current residential address, is<br />
assessed as being adequately robust to be relied upon as a sole document, Country FCC may<br />
propose an amendment to the ID&V matrix for the Country addendum to allow for a <strong>Customer</strong> to<br />
be verified by relying only on that Primary document. The assessment undertaken must be retained<br />
on file by Country FCC.<br />
Figure 1.11 Verification sources<br />
Verification Source<br />
Electronic<br />
Verification<br />
Documentary<br />
Verification<br />
Reduced Due<br />
Diligence<br />
Verification Required<br />
At least one approved provider will be used to obtain the following verification:<br />
a) One match on a <strong>Customer</strong>’s full name and residential address; and<br />
b) A second match on a <strong>Customer</strong>’s full name and either their residential address or<br />
their date of birth.<br />
Two document sources, one of which must be a Primary Document.<br />
a) The primary document must confirm the <strong>Customer</strong>’s full name, Date of Birth and/or<br />
residential address.<br />
b) A second document must confirm the <strong>Customer</strong>’s residential address.<br />
One or more document or electronic source(s) that contain customers full name, date of<br />
birth and residential address<br />
14<br />
This is a unique Tax issued identification number that is specific only to the individual <strong>Customer</strong>. Where unavailable capture<br />
Government issued ID number. This, for example may be a passport number, the number provided on a government identity card,<br />
a drivers license number, a government benefits number or a social security number. Where customer has passed eID&V<br />
Government ID number is not required.<br />
15<br />
Unless the country does not issue identification numbers<br />
Page | 15<br />
INTERNAL
1.8.11 Where the <strong>Customer</strong>’s country(ies) of Tax Residence has been collected for Non-resident HNWI<br />
<strong>Customer</strong>s and is/are not consistent with the customer’s profile (e.g. does not match any address<br />
or information provided by the customer) this should be escalated along with the documentation<br />
evidencing the inconsistency to the Country FCC team who will then escalate to the<br />
regional/country Tax teams if required.<br />
1.8.12 HSBC needs to ensure that it has a holistic understanding of the <strong>Customer</strong>; in particular that all<br />
documents which are obtained to verify a <strong>Customer</strong> are analysed and understood as a whole and<br />
cross-checked against each other.<br />
1.8.13 Although verification of identity is required, alternative means of obtaining this may be required<br />
where standard documents within the ID&V Matrix / electronic verification is not available or cannot<br />
be obtained. Approval must also be provided by Country FCC and also approved by Security and<br />
Fraud Risk.<br />
Non Face-to-Face Account Opening Verification<br />
1.8.14 Where electronic verification sources are used in a non face-to-face channel, it is mandatory to<br />
perform an additional check in order to mitigate the risk of impersonation fraud. This could be<br />
done through a variety of means including, but not limited to, obtaining additional electronic<br />
matches against the customer’s data; account activation requirements, additional electronic<br />
checks provided by third party providers, etc. The approach to be taken must be documented<br />
and approved by Global <strong>RBWM</strong> FCC.<br />
1.8.15 Where documentary sources are used to verify the identity of non-face-to-face <strong>Customer</strong>s at onboarding,<br />
(e.g. where electronic ID&V has not passed or is not available), where certified true<br />
copies of the original documents have not already been provided e.g. the customer has provided<br />
documents with paper application, it is mandatory to perform one of the three following steps:<br />
Figure 1.12: Verification<br />
Non face-to-face<br />
a) HSBC write to the <strong>Customer</strong> at the correspondence address provided, requesting certified true copies of the<br />
original documents. These must be certified by an approved third party source (e.g. embassy official, notary<br />
public 16 ) and returned to HSBC.<br />
b) Require the <strong>Customer</strong> to come into HSBC premises to provide documentation (in which case this becomes a de<br />
facto face-to-face account opening).<br />
c) Alternative means of verifying a customer’s identity and mitigating the additional risk of impersonation fraud<br />
associated with non face to face business. The alternative means must be approved by both Country FCC and<br />
Country Security and Fraud Risk and documented in the country addendum<br />
1.8.16 Where a photographic identification document is not available, the Business Risk/FCC function<br />
must stipulate alternative documents which can be used to verify the <strong>Customer</strong>’s identity. This is<br />
subject to local regulatory requirements being met.<br />
Approved Documentary and Electronic Sources for Verification<br />
1.8.17 ID&V matrices will outline approved primary and secondary documentary and electronic sources<br />
that may be used. Country FCC must ensure that lists of appropriate documentary sources for that<br />
jurisdiction are updated on an annual basis [e.g. in-Country ID&V Matrix].<br />
1.8.18 A printout from an HSBC system, e.g. Global <strong>Customer</strong> Directory (GCD), Browser Main Menu<br />
(BMM) or other, showing a customer's residential address, is not a valid verification document.<br />
1.8.19 The following key principles apply with respect to Documentation Standards:<br />
16<br />
Refer to Country procedures for further examples of appropriate certification providers.<br />
INTERNAL<br />
Page | 16
Figure 1.13: Documentation Standards<br />
Original documents must be seen by HSBC or be certified true copies.<br />
Documentary<br />
Sources<br />
Primary Documents (e.g. passports and national ID cards) must be current, i.e.<br />
unexpired.<br />
Letters and bills used as secondary sources should be of recent date (from within the<br />
last four months 17 ). In the case of students, the course dates stated in the Letter of<br />
Acceptance should reasonably correspond with the date of the account application to<br />
HSBC.<br />
Electronic Sources<br />
Electronic Verification is completed through FCC approved 3 rd party data providers. Key<br />
criteria for approval of 3 rd party data providers include:<br />
a) The vendor is registered and permitted to store personal data;<br />
b) The vendor uses a wide range of alert data sources and positive information<br />
sources that link an applicant to both current and previous circumstances and<br />
negative information sources, e.g. regarding identity fraud; and<br />
c) The vendor has transparent processes that enable HSBC to know what checks were<br />
carried out, what the results of these checks were, how much certainty they provide<br />
as to the identity of the subject and has processes that allow the enquirer to capture<br />
and store the information they used to verify an identity.<br />
1.9 ID&V - Requirements for Connected Parties<br />
1.9.1 The guiding principle is that Connected Parties that exercise a degree of control or influence over<br />
the activities of the <strong>Customer</strong> must be subject to ID&V. When assessing a Connected Party, care<br />
must be taken to understand the Connected Party fully; in particular how and why it exercises<br />
control over the <strong>Customer</strong> and/or the assets held by HSBC.<br />
1.9.2 This principle results in:<br />
a) All Connected Parties that are classified as parties who “Control” or “Direct” the activities of<br />
the <strong>Customer</strong>s' account below require full ID&V (according to Figure 1.14). These Parties will<br />
generally be appointed PoAs or PoAds or have 3 rd party mandates.<br />
b) Where a Connected Party contributes to the account, the requirement to identify the party<br />
and to hold their information in the <strong>CDD</strong> profile will depend on the amount the Connected<br />
Party is contributing to the account. For contribution thresholds for identifying Connected<br />
Parties, refer to KYC Chapter and Figure 1.14 below. In such instances, only identification of<br />
the Connected Party is required.<br />
1.9.3 Figure 1.14 below outlines the minimum ID&V requirements for Connected Parties as natural<br />
persons While verification of Connected Parties may not be required in all cases, Business Risk/<br />
FCC may require verification, e.g. in the event of a potential screening hit.<br />
17<br />
Some jurisdictions may specify documentary sources should be dated within a more restrictive time period, where this is the case,<br />
local regulatory guidance must be followed.<br />
Page | 17<br />
INTERNAL
Figure 1.14: Minimum ID&V requirements for Connected Parties<br />
Level of Influence<br />
over the account<br />
Roles Connected Party type Identify Verify<br />
Control<br />
Direct<br />
Full access and<br />
control over the<br />
account<br />
Part access and<br />
control over the<br />
account in line with<br />
their level of<br />
authorisation and<br />
responsibility<br />
towards the account<br />
Individual Yes Yes<br />
Acceptably Publicly Listed entities<br />
and Equivalently Regulated FI’s<br />
Yes<br />
Other entities Yes Yes<br />
Individual Yes Yes<br />
Acceptably Publicly Listed entities<br />
and Equivalently Regulated FI’s<br />
Yes<br />
Other entities Yes Yes<br />
No<br />
No<br />
Contribute<br />
Beneficiary (For<br />
Insurance contracts)<br />
Guarantor<br />
Contribution to<br />
Source of Wealth or<br />
Source of Funds, i.e.<br />
transfers of funds to<br />
account or account<br />
holder outside the<br />
normal course of<br />
business<br />
No influence over<br />
account but value<br />
recipient. Recipient<br />
of funds following an<br />
event.<br />
No influence over the<br />
account but funds<br />
provider in the event<br />
the customer is<br />
unable to make<br />
repayment<br />
Individual<br />
Acceptably Publicly Listed entities<br />
and Equivalently Regulated FI’s<br />
Other entities<br />
Beneficiaries under a pension or<br />
retirement scheme.<br />
Specific parties due to benefit from<br />
any Insurance payment<br />
Guarantors for personal lending<br />
Yes, where<br />
identified<br />
through:<br />
a) SoF; (refer to<br />
section 2.3)<br />
b) SoW; (refer to<br />
section 2.4);<br />
and/or<br />
c) Directed by<br />
business<br />
risk/FCC.<br />
Yes- prior to<br />
payment<br />
Yes<br />
No<br />
Yes- prior to<br />
payment<br />
Yes, only where<br />
the debt is<br />
invoked and the<br />
Guarantor is<br />
required to repay<br />
monies owed<br />
INTERNAL<br />
Page | 18
1.9.4 If an Individual is identified as a Connected Party, the following ID&V information is required:<br />
Figure 1.15: Minimum ID&V requirements for Connected Parties as Natural Persons<br />
Requirements<br />
Full name<br />
Date of birth<br />
Residential address 19<br />
Nationality/Citizenships<br />
(including all<br />
nationalities held/<br />
citizenships)<br />
Identification of<br />
Connected Parties<br />
excluding<br />
beneficiaries to<br />
insurance contracts<br />
Yes<br />
Yes<br />
Yes<br />
Yes<br />
Identification of<br />
Beneficiaries (for<br />
Insurance Contracts)<br />
Prior to Payment: Optional<br />
At Payment: Yes<br />
Prior to Payment: Optional<br />
At Payment:Yes<br />
Prior to Payment: Optional<br />
At Payment: Yes<br />
No<br />
Electronic or Documentary<br />
verification (Connected<br />
Parties that Control or Direct<br />
only)<br />
Yes<br />
Yes 18<br />
Yes (Unless, Residential<br />
address is the same as that of<br />
the <strong>Customer</strong>)<br />
Verification not required<br />
1.9.5 The identity of a Connected Party can be verified using only one Primary Document (Documentary<br />
Source) or one electronic match (Electronic Source), if it verifies all of the requirements in Figure<br />
1.15. If not, the verification must follow the ID&V requirements for an Individual <strong>Customer</strong> as<br />
described in Figure 1.11.<br />
1.9.6 If an Entity is identified as a Connected Party the following ID&V information is required about the<br />
Entity.<br />
Figure 1.16: Minimum ID&V requirements for Connected Parties as Entity<br />
Requirements<br />
Full Legal name<br />
“Trading As” name<br />
Registered office<br />
address in country of<br />
incorporation<br />
Principal place of<br />
business (if different<br />
to registered address)<br />
Evidence of listing on<br />
an Exchange and/or<br />
regulator<br />
Identification of<br />
Connected Parties<br />
excluding<br />
Beneficiaries (for<br />
Insurance contracts)<br />
Yes<br />
Yes (where applicable)<br />
Yes<br />
Yes<br />
Identification of<br />
Beneficiaries (for<br />
Insurance Contracts)<br />
Prior to Payment: Optional<br />
At Payment: Yes<br />
Prior to Payment: Optional<br />
At Payment: Yes<br />
One of either Registered<br />
Address or Principle Place<br />
of Business<br />
Electronic or Documentary<br />
verification<br />
Yes<br />
No<br />
Yes<br />
Yes (where applicable) No Yes (where identified)<br />
1.9.7 Verification of the above ID&V information for an entity must follow the requirements for the<br />
applicable entity type (Please refer to the relevant Chapter).<br />
1.9.8 Where the Connected Party is an Entity that is acting in a Professional Fiduciary Capacity, e.g. a<br />
lawyer acting as an Executor or Trustee, or an accountant representing their <strong>Customer</strong>, unless<br />
No<br />
18<br />
Unless the <strong>Customer</strong> is being electronically verified or the primary document used for documentary verification does not contain<br />
Date of Birth, subject to Business Risk/FCC approval.<br />
19<br />
"Residential address" is defined in the Glossary<br />
Page | 19<br />
INTERNAL
directed by Business Risk/FCC, it is not necessary to 'look through' the entity to conduct additional<br />
ID&V on its Ownership Structure, UBOs and Connected Parties. In all other cases, a "look through"<br />
to the underlying natural persons owning and controlling the Entity is required.<br />
1.9.9 As outlined in the relevant Entity <strong>Customer</strong> Type Procedure, a Risk Based Approach applies to the<br />
ID&V of the individuals who own or control the entity. Where the identified UBOs or Key Controllers<br />
must be verified, only one verification source is required, unless otherwise stated in Figure 1.17.<br />
Verification can be completed using either Documentary Sources, or where local regulatory<br />
requirements allow, Electronic Sources. The information to be verified depends upon the<br />
verification source:<br />
Figure 1.17: Verification Sources for individuals who own or control the entity<br />
Documentary<br />
Sources<br />
a) Full Name and percentage of ownership/voting rights; and<br />
b) Date of Birth OR Residential Address<br />
Electronic<br />
Sources<br />
a) Full Name and percentage ownership; and either<br />
b) Date of Birth and Residential Address; or<br />
c) Two sources confirming Residential Address; or<br />
d) By exception, where Residential Addresses are not commonly used, two sources confirming<br />
Date of Birth or age and country of residence (and nationality, if legally permissible, if different)<br />
INTERNAL<br />
Page | 20
1.10 Special Circumstances<br />
1.10.1 Some <strong>Customer</strong>s may not be able to produce identification information to the required standards.<br />
Such cases may include, for example, Social Welfare claimants, Individuals in care homes or on<br />
probation. Figure 1.18 below sets out the requirements:<br />
Figure 1.18: ID&V for Special Circumstances<br />
Individual <strong>Customer</strong> and Connected<br />
Party<br />
Benefit or Social Welfare claimants<br />
Individuals in care homes/sheltered<br />
accommodation/refuge<br />
Individuals on probation<br />
Prisoners<br />
Students<br />
Minors<br />
Individuals who lack the capacity to<br />
manage their own affairs<br />
Economic migrants [those working<br />
temporarily in the local country,<br />
whose lack of banking or credit<br />
history precludes them being offered<br />
anything other than a retail bank<br />
account]<br />
Refugees<br />
Asylum seekers 20<br />
Examples of acceptable documentary sources<br />
Entitlement letter or Identity Confirmation Letter issued by the relevant<br />
Government Department or Local Authority or country equivalently accepted<br />
document as per the ID&V Matrix<br />
Letter from care home manager or warden of sheltered accommodation or refuge<br />
or from an employer if the <strong>Customer</strong> is in work or country equivalently accepted<br />
document as per the ID&V Matrix<br />
It may be possible to apply standard identification procedures. Otherwise, a letter<br />
from the <strong>Customer</strong>’s probation officer, or a hostel manager, or country equivalently<br />
accepted document as per the ID&V Matrix<br />
It may be possible to apply standard identification procedures. Otherwise, a letter<br />
from the governor of the prison, or, if the applicant has been released, from a<br />
police or probation officer or hostel manager or country equivalently accepted<br />
document as per the ID&V Matrix<br />
Passport or National Identity Card and Letter of Acceptance from an accredited<br />
Institution on the local Border Agency list or country equivalently accepted<br />
document and correspondence as per the ID&V Matrix<br />
Passport or National Identity Card if available, otherwise birth certificate, medical<br />
card or country equivalently accepted document as per the ID&V Matrix<br />
Evidence of disability living allowance payments, personal introduction from the<br />
local Healthcare Trust or known private sector equivalent, or country equivalently<br />
accepted document as per the ID&V Matrix.<br />
National Passport or National Identity Card. Alternatively, country equivalently<br />
accepted document as per the ID&V Matrix<br />
Immigration Status Document with Residence Permit, or officially issued<br />
emergency travel documents or country equivalently accepted document as per<br />
the ID&V Matrix<br />
Officially issued emergency travel documents, or country equivalently accepted<br />
document as per the ID&V Matrix<br />
1.10.2 In situations when an existing <strong>Customer</strong> has died there may be a need to conduct <strong>CDD</strong> on the<br />
party(ies) who now control the deceased <strong>Customer</strong>’s funds (defined as a “Direct” Connected Party<br />
in Figure 1.5) and/or the Party to whom the funds are to be transferred (referred to as<br />
“Beneficiaries”).<br />
1.10.3 Beneficiaries of Insurance policies or Pension/Retirement schemes must be Identified, Verified and<br />
Screened prior to initial payment. Repeat payment to the same recipient would not require further<br />
ID&V unless there are changes to the recipient.<br />
1.10.4 For these Connected Parties the ID&V requirements are outlined in Chapter 1: Individuals –<br />
Identification & Verification (ID&V) (section 1.9), where the requirements are outlined in Figure 1.15<br />
for an Individual and Figure 1.16 for an Entity. The applicable Screening Requirements are detailed<br />
within Section 2.2 of Chapter 2: Individuals – Know Your <strong>Customer</strong> (KYC) (section 2.2).<br />
20<br />
Local legal requirements relating to asylum seekers should be observed.<br />
INTERNAL<br />
Page | 21
1.11 Other Considerations<br />
1.11.1 During the <strong>CDD</strong> process and throughout the <strong>Customer</strong> relationship, information may be identified<br />
which indicates a heightened risk of Financial Crime. This information may require Escalation and<br />
the engagement of a Financial Crime specialist, or the upward revision of the initial Financial Crime<br />
risk rating. For further information refer to Process <strong>LoBP</strong> Chapter 5 Escalations.<br />
1.11.2 If any ambiguity or discrepancy is identified in the ID&V information provided by the <strong>Customer</strong> or<br />
full ID&V information cannot be obtained, the procedures in the Process <strong>LoBP</strong> Chapter 5<br />
Escalation and <strong>CDD</strong> Risk Acceptance chapter 7 must be followed.<br />
1.11.3 There are cases where HSBC should not on-board a <strong>Customer</strong> or consider exiting existing<br />
<strong>Customer</strong>s. For further information refer to Process <strong>LoBP</strong> Chapter 10 Restricted and Prohibited<br />
<strong>Customer</strong>s, Special Categories of <strong>Customer</strong>s (SCCs) and Prohibited Products.<br />
INTERNAL<br />
Page | 22
Appendix 1: Glossary definitions<br />
Figure 1.19: Glossary definitions<br />
Electronic<br />
verification<br />
Primary<br />
Document<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Electronic verification may be permitted in some jurisdictions, based on local regulatory<br />
and legal requirements. There may be circumstances where HSBC entities wish to<br />
undertake electronic verification of the <strong>Customer</strong>s instead of, or in conjunction with,<br />
documentary identity verification. These circumstances may include the verification of<br />
non-face-to-face <strong>Customer</strong>s, in order to supplement documentary verification.<br />
A Government Issued document with a photograph e.g. valid passport or photo card<br />
driving licence or identity card 21 may be used for verification where it incorporates:<br />
<strong>Customer</strong>’s full name and photograph; and either<br />
Residential address; or<br />
Date of birth.<br />
Government-issued documents with a photograph include:<br />
Valid passport<br />
Valid photo card driving licence (full or provisional)<br />
National Identity card<br />
Firearms certificate or shotgun licence<br />
Secondary<br />
document<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Secondary documents include other original Government or local Government-Issued<br />
documents or documents issued by public authorities.<br />
A government-issued document which does not have a photograph but incorporates the<br />
<strong>Customer</strong>’s full name may be used, supported by a second document, that is:<br />
Either government-issued, or<br />
Issued by a judicial authority, or<br />
A public sector body or authority, or<br />
A regulated utility company, or<br />
Another regulated firm in the financial services sector which incorporates:<br />
<strong>Customer</strong>’s full name and either;<br />
Residential address; or,<br />
Date of birth.<br />
Blacklist A list of persons or organisations that are prohibited or suspicious.<br />
Permanent<br />
residential<br />
address<br />
Correspondence<br />
address<br />
<br />
<br />
The main address at which a <strong>Customer</strong> lives (i.e. address at which they spend the<br />
majority of their time).<br />
The address at which the <strong>Customer</strong> requests to have correspondence sent to.<br />
Other address(es) Any other address (es) where the <strong>Customer</strong> resides, even if for short periods of time.<br />
21<br />
Definitions for Primary and Secondary Documents have been taken from the current Glossary and are subject to change.<br />
INTERNAL<br />
Page | 23
Appendix 2: Tax Evasion Indicators<br />
Purpose and Scope<br />
The purpose of this document is to help HSBC staff identify factors that might indicate that clients are<br />
using HSBC’s services in order to evade tax, which is a predicate offence for money laundering, or<br />
commit a tax crime.<br />
Tax evasion or tax crime usually involves the concealment of beneficial ownership of income, assets, or<br />
gains that would otherwise be taxable.<br />
It can be difficult for HSBC staff to distinguish between tax evasion and arrangements which are being put<br />
in place for commercial, wealth preservation or succession planning reasons. Many clients will seek to<br />
invest in products and investments that legitimately reduce or mitigate tax. What the following seeks to<br />
provide is a number of factors that could indicate that client is seeking to use HSBC’s services to evade<br />
taxes.<br />
Please note that the tax crime in question might not be with respect to the country in which the HSBC<br />
services are being delivered but elsewhere. Experience tells us that tax evasion most commonly occurs<br />
where the client is hiding wealth in a foreign jurisdiction.<br />
The country of residency, citizenship or incorporation of the customer must be carefully evaluated<br />
especially when it is an international (multibank) customer opening an account in an offshore HSBC site.<br />
HSBC policies which restrict service propositions to non‐resident customers must be applied at all times<br />
and considered in conjunction with this document.<br />
When to use these Indicators<br />
You should consider these indicators at the account opening for new customers, during the course of the<br />
relationship with existing customers (periodic review, client visitations) and when escalating unusual<br />
behaviour to Financial Crime Compliance teams.<br />
Examples of tax evasion Indications<br />
The following is a non‐exhaustive list of customer behaviour that could highlight tax evasion by a<br />
customer.<br />
<strong>Customer</strong> Behaviour<br />
1. <strong>Customer</strong> has indicated that he/she is not compliant with his/her tax obligations.<br />
2. A non‐resident customer seeking to use HSBC’s services does not appear to have a commercial or<br />
personal reason for banking in that jurisdiction.<br />
3. <strong>Customer</strong>’s personal contact details (address, phone number) or place of birth are inconsistent with<br />
other documentation used to evidence nationality or residence.<br />
4. <strong>Customer</strong> has expressed an interest in using HSBC’s products and services in order to conceal<br />
beneficial ownership of deposits and investments from tax authorities.<br />
5. <strong>Customer</strong> indicates an unwillingness to accept HSBC’s terms and conditions with respect to tax<br />
reporting requirements.<br />
6. Screening performed on the <strong>Customer</strong> or Connected Parties results in negative tax‐related news<br />
(e.g., allegations of tax fraud or convictions on tax crime(s)).<br />
7. <strong>Customer</strong> refuses to provide information requested by HSBC in order to comply with its international<br />
tax obligations e.g., US Foreign Account Act (FATCA), EU Savings Directive.<br />
8. <strong>Customer</strong> has been identified as non‐tax compliant in an HSBC tax‐related remediation review.<br />
9. <strong>Customer</strong> refuses to be contacted without a valid reason<br />
10. <strong>Customer</strong> behaves in such a way that indicates he/she might not be tax compliant or does not intend<br />
to comply with domestic or foreign tax obligations. For example client does not seem to be interested<br />
INTERNAL<br />
Page | 24
in receiving or responding to HSBC statements and correspondence or seeks to conceal real<br />
residence or citizenship.<br />
Source of Funds/Wealth<br />
1. The source of funds seems unusual in that it is not derived from a history of investments, commercial<br />
gain or family wealth.<br />
2. When asked, the customer cannot confirm that the source of funds/wealth has been properly declared<br />
to a tax authority.<br />
Structures and Transactions<br />
1. <strong>Customer</strong> has set up a structure which lacks a legitimate commercial, wealth preservation or<br />
succession planning purpose particularly in a territory other than the home country of the customer.<br />
2. The proposed arrangements appear to be designed to conceal the ultimate beneficial owner.<br />
3. The arrangements being requested involves 3rd party authorised signatories, or 3rd parties with<br />
powers to access the client account, in a way that suggests the real ownership lies elsewhere.<br />
4. The beneficial owner of a personal investment company ignores the corporate formalities in accessing<br />
assets in accounts held in the name of the personal investment company.<br />
5. Unusual receipts and disbursements to and from 3rd parties indicate that the account is not being used<br />
for its stated purpose.<br />
6. Use of offshore companies to re‐route payments for transactions and services without apparent<br />
commercial substance.<br />
7. The use of bearer share entities (refer to global <strong>CDD</strong> procedures for bearer share accounts).<br />
Note to reader: If in doubt on the application of any tax evasion indicator or red flag, referral should be<br />
made in the first instance to the Country FCC team. In turn, Country FCC team will refer to Group /<br />
Regional Tax Function if in doubt of a customer’s tax obligations or position.<br />
Any changes intended to be made to this document must be previously reviewed and approved by<br />
Group/Regional Tax.<br />
INTERNAL<br />
Page | 25
Appendix 3: Reduced Due Diligence Product Approval Form<br />
<strong>RBWM</strong> Reduced Due Diligence Product Approval Form<br />
Country<br />
Region<br />
Product Name<br />
Product Code<br />
Brand<br />
New or Existing Product- if new date of NPAP<br />
approval<br />
Product Features and Benefits-this should be a description of the product, its features, benefits and<br />
distribution channel<br />
Risk Assessment Summary & Status- this should include details of the FCC RAG status (once the<br />
PRAM has been agreed) and any deficiencies identified in the sale, processing and or monitoring of the product<br />
together with details of any dispensations/deviations agreed re compliance with Global Policy<br />
Business Rationale for Reduced Due Diligence to be applied- this should include details of the<br />
control environment and monitoring in place and or proposed that restricts/permits functionality<br />
Approval 1 st Line- Executive Committee<br />
1 <strong>RBWM</strong> <strong>CDD</strong> Country Exco. Date of Comm. Approval<br />
2 <strong>RBWM</strong> <strong>CDD</strong> Regional Exco. Date of Comm. Approval<br />
3 <strong>RBWM</strong> <strong>CDD</strong> Global Exco. Date of Comm. Approval<br />
Approval 2 nd line- Head of AML<br />
1 <strong>RBWM</strong> Country Head of AML Name Date of Approval<br />
2 <strong>RBWM</strong> Regional Head of AML Name Date of Approval<br />
3 <strong>RBWM</strong> Global Head of AML Name Date of Approval<br />
INTERNAL<br />
Page | 26
INTERNAL<br />
Page | 27
Appendix 4: Reduced Due Diligence Product Approval Log<br />
<strong>RBWM</strong> RDD Product<br />
Approval Log.xlsx<br />
INTERNAL<br />
Page | 28
2. Know Your <strong>Customer</strong> (KYC)<br />
Key Objective<br />
How will the Objectives<br />
be achieved?<br />
Scope of Section<br />
Related Sections<br />
Guidance Sources<br />
To understand the nature of HSBC’s <strong>Customer</strong>s and any associated Financial Crime risks<br />
posed by them.<br />
The objective will be achieved by ensuring that key processes are used to understand<br />
<strong>Customer</strong>s and how they expect to do business with HSBC.<br />
This section outlines risk based Know Your <strong>Customer</strong> (KYC) procedures to be undertaken<br />
in addition to the ID&V procedures defined in Chapter 1.<br />
2.1 Introduction<br />
2.2 Screening – <strong>Customer</strong> and Connected Parties<br />
2.3 Employment Status KYC Information<br />
2.4 Source(s) of Funds<br />
2.5 Source(s) of Wealth<br />
2.6 Intended Purpose and Account Activity<br />
2.7 Other General Connected Party KYC Information<br />
2.8 <strong>Customer</strong> Contact and Visitation Requirements<br />
Chapter 1 – Identification & Verification (ID&V) – baseline content applicable to all<br />
Individuals<br />
Chapter 3 – Enhanced Due Diligence (EDD) – baseline content applicable to all Individuals<br />
Global Anti-Money Laundering Policy: <strong>CDD</strong> Standards<br />
AML B.1.1.2.8 Cash Services policy<br />
INTERNAL<br />
Page | 29
2.1 Introduction<br />
2.1.1 It is important to understand the background and circumstances of <strong>Customer</strong>s who wish to open<br />
accounts with HSBC. This includes understanding the rationale for the services and products they<br />
request.<br />
2.1.2 In some cases it will be necessary to complete additional due diligence and to understand the<br />
Individual’s income, business activities and tax profile.<br />
2.1.3 A Risk Based Approach should be taken when applying Know Your <strong>Customer</strong> (KYC) procedures<br />
to <strong>Customer</strong>s and may include:<br />
<br />
<br />
<br />
<br />
<br />
Screening – screening of the <strong>Customer</strong> and any Connected Parties against PEP and<br />
Sanctions lists (being the Official Lists 22 and Other Lists – Refer to Screening - Process Chapter<br />
3), as well as Negative NewsScreening as applicable<br />
Understanding the Source of Funds – gathering information on the <strong>Customer</strong>s’<br />
Source of Funds<br />
Understanding the Nature and Source(s) of Wealth – gathering information on the<br />
<strong>Customer</strong>s’ Source of Wealth<br />
Understanding the Purpose and Usage of Account – gathering information on the<br />
purpose and use of the <strong>Customer</strong>’s account in support of Transaction Monitoring<br />
Completion of a <strong>Customer</strong> Meeting or Visitation – meeting the <strong>Customer</strong> to enhance<br />
the overall understanding of the <strong>Customer</strong><br />
2.1.4 Along with ID&V, KYC information is recorded in the <strong>CDD</strong> Profile in order to provide a fuller picture<br />
of the due diligence undertaken on a <strong>Customer</strong> at a given point in time.<br />
2.1.5 This chapter details the specific KYC requirements in relation to ‘Individual <strong>Customer</strong>s.’ Where<br />
applicable, the chapter highlights the Enhanced Due Diligence (EDD) applicable to the Procedures<br />
for <strong>Customer</strong>s that are HNWI, High Risk or SCC.<br />
2.2 Screening – <strong>Customer</strong> and Connected Parties<br />
Parties to be Screened<br />
2.2.1 Screening against PEP and Sanctions lists (being the Official Lists 23 and Other Lists – refer to<br />
Screening - Process Chapter 3) must be applied to all <strong>Customer</strong>s and to any Connected Parties<br />
identified. These screening processes must be completed before any initial funds deposited may<br />
be withdrawn. All accounts where an initial deposit has been accepted prior to the completion of<br />
screening processes must have an inhibit marker against them to prevent any transactions,<br />
products, services or economic benefit being made available to the <strong>Customer</strong>. Once the applicable<br />
screening processes have been completed, the inhibit marker may be removed. 24<br />
2.2.2 If it is known that a <strong>Customer</strong> and/or Connected Parties has changed its name in the past,<br />
Screening against Official and Other lists should include both the new name as well as the previous<br />
name(s). If the <strong>Customer</strong>’s and/or Connected Parties name has changed within 5 years, both the<br />
new and previous name should also be subject to Negative NewsScreening.<br />
22 The Offic ial Lists are the lists of individuals, entities or organisations who have been designated as sanctioned targets by the UN, UK, US, EU or HK. The Official Lists<br />
which must be screened are set out in the Global Sanctions Policy.<br />
23 The Official Lists are the lists of individuals, entities or organisations who have been designated as sanctioned targets by the UN, UK, US, EU or HK. The Official Lists which<br />
must be screened are set out in the Global Sanctions Policy.<br />
24<br />
Automated screening should be completed as soon as possible but no later than 48 hours after the customer has been onboarded. Pre-screening<br />
should be undertaken where a <strong>Customer</strong> has the ability to transact prior to automated screening.<br />
INTERNAL<br />
Page | 30
2.2.3 The Screening Chapter defines the applicable data points of each <strong>Customer</strong> and their Connected<br />
Party (e.g. name, country of residence) that need to be screened.<br />
2.2.4 Negative NewsScreening helps to identify adverse information about <strong>Customer</strong>s in order to take<br />
necessary steps to protect HSBC’s reputation (see Glossary for definitions of each) and is<br />
undertaken following a Risk Based Approach on both the <strong>Customer</strong> and their Connected Parties.<br />
The following table sets out the Risk Based Approach by <strong>Customer</strong> Segment and FCRR:<br />
Figure 2.1: Mandatory screening requirements for <strong>Customer</strong>s and their Connected Parties<br />
<strong>Customer</strong><br />
Segments<br />
FCRR<br />
Official and<br />
Other Screening<br />
Lists<br />
(PEP/Sanctions)<br />
<strong>Customer</strong> and<br />
Connected<br />
Parties<br />
<strong>Customer</strong><br />
Negative<br />
News<br />
Connected<br />
Party<br />
High Risk / SCC Yes Yes Yes<br />
Retail<br />
Medium Yes No No<br />
Low Yes No No<br />
Safe Custody Services (in line with AML - Safe Custody FIM at all FCRR<br />
High Risk / SCC Yes Yes Yes<br />
HNWI<br />
Medium Yes Yes Yes<br />
Low Yes Yes Yes<br />
2.2.5 The application of Negative News Screening for all HNWI <strong>Customer</strong>s, across all risk levels, reflects<br />
the greater complexity and the international footprint of many HNWI <strong>Customer</strong>s and the time frame<br />
over which Financial Crime may evolve.<br />
2.2.6 Where the Connected Party is an entity, screening against PEP and Sanctions lists (refer to<br />
Screening – Process Chapter 3) must be performed in all cases on both the entity and the<br />
Connected Parties of the entity that have been identified.<br />
2.2.7 In addition to the above screening requirements, other screening controls are performed at onboarding<br />
and on an on-going basis (e.g. Fraud Screening and Transaction Monitoring).<br />
2.2.8 Where an automated negative news screening tool is available the parameters of that tool must be<br />
documented and approved by Global <strong>RBWM</strong> FCC.<br />
INTERNAL<br />
Page | 31
2.3 Employment Status KYC Information<br />
2.3.1 In order to understand the funding of the account, the Individuals’ employment status must be<br />
identified and validated according to Figure 2.2 below.<br />
Figure 2.2: Employment status minimum Validation requirements<br />
Identify Validate Information Required<br />
All<br />
Employed<br />
Determine employment status: Employed, Business Owner or Key Controller, Sole<br />
Trader, Student, Not employed or Retired<br />
Yes No If employed: obtain occupation, name of employer 25 ,<br />
employers address (City & Country) and salary<br />
Business Owner/ Key<br />
Controller/ Self-employed/<br />
Sole trader<br />
Yes No If business owner, key controller or self-employed:<br />
name of business, job title, business activity, location<br />
and earnings<br />
Student<br />
Yes Yes Course end date<br />
Obtain evidence of student status<br />
Not in Employment<br />
Yes No If person receives social security/benefits<br />
<br />
Yes No Source and amount of income<br />
If known HNWI, Prior employment status.<br />
Retired<br />
If prior employment was business owner/key<br />
controller/Self-employed/Sole trader: obtain business<br />
activity<br />
*See Appendix 4 for guidance on personal accounts being used for business purposes.<br />
2.3.2 For <strong>Customer</strong>s where detailed SoW information is obtained in line with section 2.5, judgment is<br />
required when concluding on what documents, if any, are additionally required to validate that<br />
employment status. As an example, if detailed employment SoW information is received for a HNWI<br />
<strong>Customer</strong>, obtaining a payslip may not be required to validate the employment status.<br />
2.4 Source(s) of Funds<br />
2.4.1 The <strong>Customer</strong>’s Source of Funds (SoF) refers to the origin and means of transfer of currency/<br />
financial instruments deposited, which includes the amount to be transferred to the HSBC account<br />
at onboarding.<br />
2.4.2 The SoF differs from SoW in that it addresses where the funds to be deposited with HSBC originate<br />
from, rather than how they were generated. For example, SoW could be accumulated savings from<br />
employment salary whereas the corresponding SoF would be the salary payment from the<br />
employer to be paid into the <strong>Customer</strong>s' bank account (refer to glossary for definition of SoF and<br />
Source of Wealth (SoW)).<br />
2.4.3 It is necessary to understand both the initial deposits into an account and the on-going funding of<br />
that account. The origin of the funds and means of transfer needs to be identified; and, depending<br />
on the amount or the risk rating of the account, validated prior to account opening (See Appendix<br />
1)<br />
25<br />
Where it is known the employer is located in a Sensitive Sanctioned Country escalate to FCC.<br />
INTERNAL<br />
Page | 32
Definitions<br />
Figure 2.3: Definitions<br />
Identification<br />
Information obtained from conversation with the <strong>Customer</strong> (e.g. Employer’s name and<br />
address, details of inheritance). Depending on the type of <strong>Customer</strong> (refer to <strong>Customer</strong><br />
Chapter 1, section 1.2) and FCRR, the <strong>Customer</strong> might be asked a standard set of questions<br />
or, reflective of the level of risk, additional detailed questions.<br />
Example: ask the <strong>Customer</strong> for the required information and document the response within the<br />
<strong>CDD</strong> profile.<br />
Validation<br />
Validation describes the process of corroborating (i.e. supporting with evidence) Source of<br />
Funds / Source of Wealth information. This is performed using documents provided by the<br />
<strong>Customer</strong>.<br />
Validation should not be confused with the verification process in the context of ID&V of<br />
<strong>Customer</strong>s and their Connected Parties (see <strong>Customer</strong> Chapter 1).<br />
Example: obtaining a bank statement or pay slip from a customer to validate their SoF.<br />
3 rd Party<br />
Validation<br />
3 rd Party Validation describes the process of corroborating (i.e. supporting with evidence)<br />
Source of Funds / Source of Wealth information by either using a Party other than the<br />
customer to obtain relevant information and documents or to certify documents as true copies<br />
of the original (See Appendix 1 and Chapter 9 <strong>Customer</strong> Data Management, Verification<br />
Requirements and Key Risk Indicators and Management Information).<br />
Example: Using outside service providers for independent due diligence or performing a Credit<br />
Check.<br />
Example: Using the services of a Notary to certify that documents are true copies of the<br />
original.<br />
Verification<br />
Verification involves checking information provided against documents, data or information<br />
obtained from a reliable and independent source, in line with the concept of verification in<br />
ID&V. As there are few such sources for verifying SoF/SoW (e.g. government issued tax<br />
returns see sections 2.5.12-2.5.15 below), verification only has limited applicability to this<br />
chapter.<br />
Example: Using official governmental documents like tax returns issued by the government.<br />
Note to reader: Details of “independent, reliable and approved sources will be defined in the<br />
ID&V matrix. If documentary evidence is used from such a source, it is considered to be<br />
“verification.”<br />
Source of Funds of <strong>Customer</strong>s<br />
2.4.4 Retail <strong>Customer</strong>s will tend to have lower monetary value and less complex financial instruments<br />
transferred into their accounts at on-boarding than HNWI <strong>Customer</strong>s.<br />
2.4.5 Where initial funds are being deposited in accounts of HNWI <strong>Customer</strong>s, the amount must be<br />
scrutinised to ensure that the expected funds received into the account are consistent with the<br />
<strong>Customer</strong>’s or Connected Party’s profile in terms of size, nature and source. In practice this means<br />
ensuring the initial funds credited to an account are consistent with the expected Account Activity<br />
and Account Usage, as well as with the <strong>Customer</strong>’s SoW, which will be reviewed during periodic<br />
review or following a material event driven review.<br />
INTERNAL<br />
Page | 33
Source of Funds from Non-Cash deposits 26<br />
2.4.6 For non-cash fund transfers from other financial or banking institutions, there are higher thresholds<br />
for validation than for cash deposits.<br />
2.4.7 Identification of SoF involves gathering:<br />
a) the amount or value and type of financial instruments;<br />
b) method of transfer e.g. wire from previous bank;<br />
c) party from which the funds will be transferred e.g. salary payment or transfer of funds<br />
from the <strong>Customer</strong>’s account with another financial institution; and<br />
d) the country from which the funds will originate.<br />
2.4.8 The validation controls are risk based and relate to the expected amounts to be paid over the first<br />
12 months. Refer to Figure 2.4 below for the controls applicable to the SoF of customers opening<br />
the account with a non-cash fund transfer:<br />
Figure 2.4: Source of Funds for <strong>Customer</strong>s’ non-cash deposits<br />
Retail Individual<br />
Low/Medium<br />
Risk<br />
High Risk/ SCC<br />
HNWI<br />
Identification<br />
of Source of<br />
Funds<br />
Validation of<br />
Source of<br />
Funds<br />
Yes Yes Yes<br />
No Yes Yes<br />
2.4.9 For standalone credit cards source of funds identification or validation is not required due to the<br />
lower risk nature of the product, preset transactional limits and scheme operating regulations.<br />
2.4.10 For lower risk products where Reduced Due Diligence is applicable, Source of Funds may be<br />
implicit based upon the nature of the product e.g. payroll accounts or accounts for receipt of pension<br />
or other government benefits. In such instances, SOF will need to be identified, but the information<br />
does not need to be requested from the customer.<br />
2.4.11 A Contributor is defined as an individual (e.g. Spouse or Parent) that provides more than USD 10k<br />
per month where this accounts for over 50% of an <strong>RBWM</strong> customer's source of funds. The funds<br />
could either be deposited into the customer's account as a single payment or could be split into<br />
multiple payments paid into one or more account<br />
2.4.12 In the event that two or more persons jointly provide a customer with more than USD 10k per month<br />
but, individually, they each provide less than this threshold value, these individuals would not meet<br />
the definition of a contributor. Furthermore, an employer paying a customer their monthly salary is<br />
not considered a contributor as this would constitute ‘normal course of business’<br />
2.4.13 <strong>RBWM</strong> must enquire at account opening and periodic or event based reviews whether the customer<br />
has received, or will receive, USD 10k or more per month from a Contributor. Where a Contributor<br />
is identified and local data privacy laws allow for the handling of non-customer information, the<br />
individual's full name, DoB, country of residence and relationship to the <strong>RBWM</strong> customer must be<br />
recorded. The Contributor must be identified as a Connected Party to the customer's account and<br />
screened on a regular basis. If local data privacy laws prevent retaining information on the<br />
26<br />
Non- cash transfers include wire, cheque and other financial instruments (e.g. securities) transfers<br />
INTERNAL<br />
Page | 34
Contributor, (refer to Global Data Privacy and Information Governance Guidelines) a deviation to<br />
the <strong>RBWM</strong> Global <strong>LoBP</strong> must be sought.<br />
2.4.14 Where contributions are made to a student’s account or an Insurance policy equal to or greater<br />
than USD 75k per year, the Contributor must be identified (full name, DoB, residential address) as<br />
a Connected Party to the Policy and screened on a regular basis.<br />
2.4.15 For all other <strong>Customer</strong>s, actual SoF will be reviewed against expected SoF in the following<br />
instances:<br />
a) Following a Transaction Monitoring trigger event; and/or<br />
b) At the first periodic review<br />
2.4.16 Part of this review will look at Account Activity and determine whether it is in line with the expected<br />
activity at on-boarding. Where initial expectation and actual source of funds or account activity do<br />
not correspond with the information obtained at on-boarding, the <strong>Customer</strong> must be contacted to<br />
understand the change in behaviour. If there are concerns that the activity is not reasonable or<br />
plausible, the <strong>Customer</strong> must be escalated according to the Escalations Chapter<br />
Source of Funds from Cash deposits<br />
2.4.17 Where at <strong>Customer</strong> on-boarding, the <strong>Customer</strong> indicates that cash will be used to fund the account<br />
on an ongoing basis; the following information should be documented in the <strong>CDD</strong> Profile:<br />
a) The name of / details of the <strong>Customer</strong> or the Connected Party who will be depositing the<br />
funds to the <strong>Customer</strong>’s account. ID&V must be completed for the Connected Party (refer<br />
to Chapter 1, section 1.9 for ID&V requirements for the Connected Parties); and<br />
b) SoF must be identified, i.e. explained, and validated by documentary evidence (e.g.<br />
Invoices, sale particulars, withdrawal slip from another Bank, receipts of earnings from<br />
cash business like a restaurant).<br />
2.4.18 Where a <strong>Customer</strong> is unable to provide the required evidence to validate SoF, or if there are any<br />
identified financial crime concerns related to the SoF or the Connected Party depositing the funds<br />
the <strong>Customer</strong> should be escalated to Country FCC, through the Unusual Activity Reporting (UAR)<br />
process, and the Risk Acceptance Process initiated.<br />
2.4.19 The AML <strong>RBWM</strong> FIM B1.1.2.8 AML Cash Services provides additional guidance relating to the<br />
enhanced consideration requirements and associated controls according to the value of the cash<br />
being deposited by the customer.<br />
2.5 Source(s) of Wealth<br />
2.5.1 The Source of Wealth section must be read in conjunction with the Source of Wealth Framework,<br />
Appendix 5.<br />
2.5.2 The <strong>Customer</strong>’s Source of Wealth refers to the underlying economic activity that has generated the<br />
wealth/net worth which the <strong>Customer</strong> owns and can be broken down into three key areas:<br />
a) Regular Income (salary)<br />
b) Major Events<br />
c) Growth<br />
2.5.3 The information required to understand the <strong>Customer</strong>’s SoW will depend on the particular<br />
circumstances presented by the <strong>Customer</strong>, including the extent to which their wealth is connected<br />
to businesses, inheritance or to other sources. The level of detail and the extent of the<br />
documentation and corroboration, where available, will depend on the type of customer and the<br />
customer’s risk level.<br />
INTERNAL<br />
Page | 35
2.5.4 Obtaining appropriate documentation from the customer is vital when seeking to validate SoW.<br />
This should be undertaken on a risk basis and does not mean providing evidence for all the<br />
money the customer has, every event or investment made in their lifetime, just those that are<br />
identified as ‘major factors’.<br />
2.5.5 The requirement is to understand and verify how the <strong>Customer</strong>’s wealth was accumulated, it needs<br />
to make sense and support the <strong>Customer</strong>’s current wealth position.<br />
2.5.6 These ‘major factors’ should provide a reasonable explanation of the customer’s current wealth<br />
and enable adequate documentation as to how it has been accumulated.<br />
2.5.7 The explanation of how the wealth has been acquired needs to be clear and comprehensible to a<br />
third party who does not necessarily know the <strong>Customer</strong>, in order that the information:<br />
<br />
<br />
<br />
<br />
<br />
Is understood;<br />
Is coherent and plausible<br />
Enables the same conclusions to be reached;<br />
Is sufficiently detailed, and<br />
Builds confidence that the level of wealth is reasonable and comes from legitimate<br />
sources.<br />
2.5.8 A clear distinction must be made between:<br />
<br />
<br />
The origin of the initial Source(s) of Wealth – the activity or events that generated<br />
the <strong>Customer</strong>s’ accumulated capital, not just the portion that is invested with/paid to the<br />
bank for the initial deposit/account opening; and<br />
The origin of the on-going Source(s) of Wealth – the on-going activities or future<br />
events that will generate the capital that will be deposited into the account or premium<br />
paid/cash invested.<br />
2.5.9 The following table sets out the identification and validation requirements for SoW.<br />
Figure 2.5: Source of Wealth for Individuals<br />
Identification<br />
of Source of<br />
Wealth<br />
Validation of<br />
Source of<br />
Wealth<br />
Low/Medium Risk<br />
No<br />
Retail Individual<br />
High Risk/ SCC<br />
Yes – additional questions<br />
HNWI<br />
Yes – additional<br />
questions<br />
No Yes Yes<br />
3 rd Party<br />
Validation or<br />
Verification of<br />
Source of<br />
Wealth<br />
No<br />
By exception (refer to 2.5.14 and/or where directed<br />
by Business Risk/FCC<br />
2.5.10 SOW Identification and Validation is only required for HNWI, High Risk and SCC / PEP customers.<br />
The approach to Validation is provided in the Source of Wealth Framework.<br />
2.5.11 Active judgement and reflection are required when obtaining SoW information. Time should be<br />
invested before reaching a conclusion on whether the information provided makes sense and is<br />
plausible.<br />
INTERNAL<br />
Page | 36
2.5.12 A coherent and plausible picture of the <strong>Customer</strong> and their SoW is necessary for both Existing and<br />
New customers.<br />
2.5.13 In some instances, validation may prove difficult or impossible for the <strong>Customer</strong>, e.g. in cases of<br />
"old money" or a substantial inheritance made decades ago. In such circumstances judgment will<br />
need to be applied, considering the Source of Wealth Framework and the following approach for<br />
Existing and New customers:<br />
<br />
<br />
Existing <strong>Customer</strong>s: where we have an existing or long standing relationship with the<br />
customer, particularly when considering customers who have multiple sources of income,<br />
intergenerational wealth accumulation or have very public profiles, publicly available<br />
information should be considered first before asking the customer to provide validation.<br />
Where the events took place a long time ago and evidence is not available the RMs view of<br />
the customer should be provided based on the customer interactions and what we know of<br />
the customers history and previous activity to give plausibility to the story<br />
New <strong>Customer</strong>s: for new customers, we will require the <strong>Customer</strong> to validate the “major”<br />
events that have contributed to the source of wealth. Consideration should also be given to<br />
utilising publically available information, for the same reasons that this would be considered<br />
appropriate for existing customers.<br />
2.5.14 If the identification and validation of SoW is incomplete or the information does not initially seem<br />
reasonable, coherent or plausible, it might be required to validate the SoW using a 3 rd Party or<br />
verify, where possible. Thereafter, if doubt remains about the veracity of information provided by<br />
the <strong>Customer</strong> or the information cannot be validated by the 3 rd Party or verified and the Business<br />
wants to onboard the customer, the <strong>CDD</strong> Risk Acceptance procedures must be followed.<br />
2.5.15 Examples of acceptable documentation are provided in Appendix 1. This is not an exhaustive or<br />
mandatory list. It is provided to support the building of a coherent and plausible view of the<br />
<strong>Customer</strong>’s Source of Wealth.<br />
Tax Returns as SoW/SoF Validation<br />
2.5.16 Sections of Tax Returns are not always considered to be an appropriate document to use for<br />
evidencing Source of Wealth or Source of Funds and should only be considered the primary source<br />
of documentation where other evidence is not available.<br />
2.5.17 Where Tax Returns are currently used, this practice must be reviewed by Country AML, FCC and<br />
Tax teams to ensure that the use of specific section(s) of the Tax Returns is appropriate. In addition<br />
if countries wish to start using specific section(s) of the Tax Returns as documentary evidence,<br />
prior approval from Country AML, FCC and Tax teams must be sought.<br />
2.5.18 When specific sections of the Tax Returns are used the following must be considered:<br />
<br />
<br />
<br />
<br />
<br />
The Line of Business is to collect only those sections of the Tax Return which evidences<br />
the SoW and/or SoF.<br />
The <strong>Customer</strong>'s file is to retain only those sections of the Tax Return which evidence the<br />
SoW and/or SoF along with a description of how the section / line item was used in the<br />
verification process.<br />
Additional evidence (e.g. bank statements) may be required to support the information<br />
provided in the specific section of the Tax Return.<br />
Although there is no expectation for employees in countries, authorised to use sections of<br />
Tax Returns as documentary evidence for SoW and/or SoF, to have specialist tax<br />
knowledge to assess the section of the Tax Return, employees are expected to review<br />
the documentation in line with <strong>CDD</strong> policies and procedures.<br />
Note: Where concerns of tax evasion arise on review of the Tax Return section,<br />
employees must escalate their concerns via the UAR escalation process.<br />
INTERNAL<br />
Page | 37
2.6 Intended Purpose and Account Activity<br />
2.6.1 The intended purpose and activity of the account should be consistent with one another and aligned<br />
to the <strong>Customer</strong>’s profile, including their financial situation. In order to understand the intended<br />
purpose of the <strong>Customer</strong>’s relationship, information must be gathered in relation to the products<br />
and services that are used by the <strong>Customer</strong>; The Business must understand both how and why a<br />
product is being used (this may, on a risk basis, include the level of intended activity).<br />
Purpose of Account<br />
2.6.2 A clear explanation of the purpose of the account must be obtained unless the intended purpose<br />
of the account is implicit in the account, product or service e.g. a mortgage on a residential property,<br />
which is the customer’s primary residence. See Appendix 3 for further examples. Where the<br />
purpose of the account does not make sense this should be escalated to Line Management in the<br />
first instance.<br />
Figure 2.6: Information captured for Intended Purpose of Account<br />
Intended Purpose of account<br />
a) Type of account to be opened (for example Current Account, investment account, insurance)<br />
b) Purpose (i.e. rationale) of the account.<br />
c) Where the <strong>Customer</strong> is a Non-Resident <strong>Customer</strong>, understand and obtain a valid reason as to why such<br />
<strong>Customer</strong> wishes to open an account in a country in which they are not resident. A holistic understanding of<br />
the <strong>Customer</strong> (activity) will facilitate a risk assessment of any apparent lack of connection with the booking<br />
centre.<br />
Understanding Account Activity<br />
2.6.3 It is important to understand the projected activity on the account, applying a risk based approach.<br />
The projected activity of the account and the on-going activity are key indicators for an on-going<br />
assessment and transaction monitoring of the <strong>Customer</strong>s' activities. In some instances where<br />
Reduced Due Diligence is being applied, the account activity may be implicit due to the nature of<br />
the product and associated controls.<br />
Figure 2.7: Understanding Account Activity<br />
Individual<br />
Account activity<br />
All<br />
<br />
<br />
<br />
<br />
Expected Total Relationship Balance (TRB)) for the first 12 months<br />
Expected transfer of funds in/out of the account (monthly value and volume).<br />
Other than usual day to day living credits and transactions will the customer be conducting<br />
any other cash transactions on a regular basis? If yes?<br />
a. Does the customer intend to make large cash deposits/withdrawals? Large as in<br />
volume or value is to be defined at Country and agreed by Business and FCC<br />
Intention to make/receive cross-border transactions. If yes, the countries involved and the<br />
purpose, monthly value and volume. Where the <strong>Customer</strong> has indicated that they intend to<br />
make/receive cross-border transactions from a Sensitive Sanctioned Country escalate to<br />
FCC.<br />
2.6.4 The information captured in the <strong>CDD</strong> Profile supports the transaction monitoring alert handling<br />
process, as well as ensuring that the <strong>Customer</strong> is appropriately risk rated.<br />
INTERNAL<br />
Page | 38
2.6.5 It is important to ensure that the information regarding the products and services held, and purpose<br />
and use of the account/products/services, is kept up to date on an on-going basis. Examples of<br />
when updates may be required include further to Trigger Events or as part of a Periodic Review.<br />
2.6.6 Where transaction monitoring alerts cannot be cleared with reference to the <strong>CDD</strong> Profile, this may<br />
lead to a Trigger Event to review the <strong>CDD</strong> Profile.<br />
Relationships with other HSBC Offices<br />
2.6.7 The customer must be asked whether they have HSBC accounts in other jurisdictions. Additionally,<br />
where in place, cross-border Relationship Management Systems must be leveraged, subject to<br />
data sharing restrictions.<br />
2.7 Other General Connected Party KYC Information<br />
2.7.1 To capture and mitigate the risks associated with Connected Parties properly, HSBC must ensure<br />
that it understands the level of authority, control or powers of the Connected Party with respect to<br />
the <strong>Customer</strong> and to the HSBC account, which includes understanding the relationship the<br />
Connected Party has with the <strong>Customer</strong>, how that relates to their role with respect to the <strong>Customer</strong>’s<br />
account and the nature of business of the Connected Party.<br />
2.7.2 The requirements are captured in Figure 2.9 below:<br />
Figure 2.8: KYC requirements for Connected Parties<br />
KYC Requirements for Connected Parties<br />
a) Obtain a clear understanding of the relationship between the account holder and the Connected Party,<br />
explaining the purpose and extent of the connected Party’s role in relation to the <strong>Customer</strong>’s account.<br />
b) When the Connected Party is an entity, understanding the nature of business. This means understanding<br />
the business type of the entity including applicable industry classification code (e.g. Industry, services<br />
provided)<br />
2.7.3 The purpose of assessing the above information is to determine whether the relationship makes<br />
sense and has a valid business purpose. If a relationship does not seem to make sense, the<br />
business purpose does not seem to be valid or the structure being set up by using the Connected<br />
Party seems overly opaque, the <strong>Customer</strong> should be escalated to Business Risk/FCC unless the<br />
Business decides, in the case of a new <strong>Customer</strong>, not to on-board.<br />
2.7.4 If the <strong>Customer</strong> is not able to provide sufficient information or the proposed Connected Party is<br />
reluctant or unwilling to provide information and cannot provide a valid reason or explanation for<br />
this, then the Connected Party should not be on-boarded and consideration given to whether the<br />
<strong>Customer</strong> relationship should be onboarded or exited. In addition, consideration should be given<br />
to raising a UAR.<br />
2.8 <strong>Customer</strong> Contact Requirements<br />
2.8.1 Regular contact with <strong>Customer</strong>s is key to any successful commercial relationship and the<br />
management of risk. This enables <strong>RBWM</strong> to remain up-to-date with the <strong>Customer</strong>’s professional,<br />
business or personal activities, investment profile and financial requirements.<br />
2.8.2 In <strong>RBWM</strong>, there is no policy requirement to complete a visitation. However, a visitation may be<br />
completed in lieu of customer contact, where appropriate. An example of where a visitation may<br />
provide enhanced information about a <strong>Customer</strong> is where the Individual owns a business and the<br />
HSBC staff member visits the <strong>Customer</strong> at their place of Business, supporting substantiation of the<br />
<strong>Customer</strong>’s SOW. <strong>Customer</strong> contact and visitation are defined below:<br />
INTERNAL<br />
Page | 39
Figure 2.9: Definitions of Visitation, Contact and Compliance directed<br />
Visitation<br />
A face-to-face meeting between the RM and his/her <strong>Customer</strong> at a place of relevance to<br />
the <strong>Customer</strong>, such as their place of business or their residence.<br />
Contact<br />
Refers to telephone conversations (non-face-to-face) and meetings with the <strong>Customer</strong> inbranch<br />
or other locations (face-to-face meetings).<br />
Business Risk/FCC may request either a <strong>Customer</strong> visitation or a <strong>Customer</strong> contact in<br />
response to concerns over a specific Financial Crime risk:<br />
a) <strong>Customer</strong> escalation to the Business Risk/FCC, Negative News report or<br />
Material Trigger Event;<br />
b) Sanctions related;<br />
c) Transaction Monitoring findings; and/or<br />
d) SARs 27<br />
Compliance<br />
directed<br />
In such instances the <strong>Customer</strong> contact/visitation may seek to:<br />
a) Validate certain information or obtain further information about the <strong>Customer</strong>;<br />
and/or<br />
b) Discuss a specific AML or related issue.<br />
In these circumstances, Business Risk/FCC will specify the type of contact required.<br />
Where contact is required as a result of a SAR being filed or as a result of other Financial<br />
Crime risk concerns, care needs to be taken to avoid “tipping off”. See Compliance FIM<br />
B2.17.1 for GPPs relating to the criminal offence of ‘tipping off’ and the importance of not<br />
informing <strong>Customer</strong>s that a suspicion report has been made.<br />
Minimum Contact Requirements<br />
2.8.3 Contact must be made for some <strong>Customer</strong>s prior to on-boarding. The required minimum frequency<br />
for all subsequent contact is determined primarily by the FCRR and is summarised in the following<br />
table using a risk based approach:<br />
Figure 2.10: Contact Requirements Table for <strong>RBWM</strong><br />
On-boarding<br />
channel<br />
Retail HNWI PEP/SCC<br />
Onboarding<br />
Non face-to-face Compliance directed Contact Contact<br />
Face-to-face<br />
Compliance directed<br />
Contact – Face to<br />
Face meeting required<br />
Contact - Face to face<br />
meeting required<br />
Periodic review Compliance directed Compliance directed Compliance directed<br />
27<br />
HSBC employees must not under any circumstances inform customers or any third party that they are considering filing or have<br />
filed an unusual activity report or SAR. This constitutes 'tipping off' and is illegal in most jurisdictions with employees being held<br />
responsible.<br />
Page | 40<br />
INTERNAL
Other <strong>Customer</strong> Contact and Visitation Considerations<br />
Figure 2.11: Applicable <strong>Customer</strong> Contact and Visitation Considerations<br />
Applicable to All LOB<br />
a) A record of completion of <strong>Customer</strong> Contacts and Visitation must be recorded in appropriate HSBC<br />
Relationship Management Systems or the <strong>CDD</strong> Profile.<br />
b) Any kind of Negative News or reputational concerns arising from the contact or visit must be escalated to<br />
Line Management and Business Risk/ FCC for advice.<br />
c) When a <strong>Customer</strong> is reclassified as a SCC or High Risk, then those <strong>Customer</strong>s must be contacted or<br />
visited, in accordance with the requirements applicable at periodic review, within a maximum of twelve<br />
months after the change in classification.<br />
d) If any <strong>Customer</strong> cannot be contacted or visited within the requirements outlined above, this constitutes an<br />
exception, which must be escalated to Business Risk/ FCC for advice.<br />
INTERNAL<br />
Page | 41
Appendix 1: Source of Wealth<br />
The following table captures typical examples of Source of Wealth information and types of documentary evidence<br />
used to confirm it. It is not exhaustive and provides guidance only.<br />
SoW Sources<br />
<strong>Customer</strong>’s<br />
Employment<br />
<br />
<br />
<br />
<br />
<br />
<br />
Examples of data required<br />
Employer’s name and address<br />
Nature of the employer’s business<br />
How long has the <strong>Customer</strong> been<br />
employed at the company and the<br />
position held?<br />
Any other significant positions the<br />
<strong>Customer</strong> has held (e.g., where/when)<br />
Annual Income/bonus for current year<br />
and approximate average income<br />
Identify whether there is share/option<br />
ownership<br />
<br />
<br />
<br />
<br />
<br />
Example Forms of Documentary<br />
Evidence for Validation<br />
Assumed Name or Doing Business As<br />
Certificate<br />
Copy of recent pay slip<br />
Confirmation from employer of income<br />
Copy of recent accounts if selfemployed<br />
Bank statements showing salary<br />
payment deposits from named<br />
employer (within three months)<br />
Business<br />
Ownership<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Name, address, and nature of<br />
company<br />
Main business activity<br />
Where the business’ bank account is<br />
<strong>Customer</strong>’s ownership interest<br />
Date business established<br />
Number of employees, locations and<br />
estimated annual revenues<br />
Explain where the capital used to<br />
establish the business originated<br />
If there are significant revenues from<br />
government contracts or licenses<br />
Describe the company’s history and<br />
how it grew to its present size<br />
Whether company is publicly traded<br />
Whether there are significant<br />
patents/inventions<br />
<br />
<br />
<br />
<br />
<br />
<br />
Certificate of ownership (this may be<br />
obtained by the Bank from a company<br />
registry)<br />
Copy of signed Company Tax Return<br />
(see section 2.3.4 – 2.3.6 for further<br />
guidance.)<br />
Audited Financial Statements<br />
For existing businesses, most recent<br />
three months of bank statements for<br />
the business account<br />
Official business entity documentation<br />
where ownership is noted, along with<br />
ownership by any other individuals<br />
Recent dividend statements<br />
Sale of Property Address of property<br />
Date of sale<br />
Total sale amount<br />
Date of purchase<br />
Total amount of purchase<br />
Was there a mortgage on the<br />
property?<br />
Does the value of the property<br />
correspond with the money being<br />
received?<br />
Active Wealth/<br />
Investments<br />
(E.g. Investors<br />
who buy and sell<br />
assets of any<br />
type. For<br />
example: real<br />
estate, securities,<br />
companies,<br />
royalties, patents,<br />
inventions,<br />
INTERNAL<br />
<br />
<br />
<br />
<br />
<br />
<br />
Name of the company where active<br />
wealth/investment are held<br />
Nature of investments.<br />
Details of significant investment(s) and<br />
When this investment(s) took place<br />
How the wealth originated to fund the<br />
initial investment(s) (e.g. real estate,<br />
securities)<br />
How the initial investment(s) grew to<br />
its present net worth<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Copy of the mortgage statement<br />
Copy of the valuation of the property<br />
(only when combined with proof of the<br />
sale of the property)<br />
Signed letter from Lawyer/Attorney<br />
Signed letter from real estate agent (if<br />
applicable)<br />
Copy of signed and executed sales<br />
contract or closing sheet<br />
Copy of the solicitor’s statement of<br />
completion<br />
Copy bank statement (most recent<br />
three months)<br />
Certified copies of contract notes<br />
Signed letter detailing funds from a<br />
regulated accountant<br />
Page | 42
SoW Sources<br />
Examples of data required<br />
franchises) Estimated net income generated from<br />
investment(s)<br />
If this is an entity holding other<br />
investment(s), identify type, current<br />
value, and approximate annual yield,<br />
return<br />
Example Forms of Documentary<br />
Evidence for Validation<br />
Real Estate<br />
Development/<br />
Name of company where the funds will<br />
be coming from<br />
Investment<br />
Name and address of company<br />
Nature of Real Estate properties/<br />
developments (e.g. type/ location,<br />
businesses, name of main projects)<br />
Explain where the capital originated<br />
from for the Real Estate investment(s)<br />
How Real Estate properties have<br />
appreciated throughout the years<br />
Significant number of rental units and<br />
type (commercial, retail, residential)<br />
Estimated net income generated from<br />
Real Estate properties (e.g., lease/<br />
developments).<br />
Inheritance Received from<br />
Date received<br />
Total value<br />
Type of asset inherited (e.g. land,<br />
securities, company, Trusts)<br />
Explain how the original wealth was<br />
created<br />
Identify history since inheritance, such<br />
as current occupation<br />
Percentage of ownership of inherited<br />
assets that currently generate income<br />
<strong>Customer</strong>’s Name of company paying the pension.<br />
Pension/Retired Employer’s name and address<br />
Person<br />
How long did the <strong>Customer</strong> work for<br />
the employer?<br />
Date of retirement<br />
Previous estimated earnings<br />
Explain <strong>Customer</strong>’s occupation and<br />
approximate income at time of<br />
retirement<br />
Identify <strong>Customer</strong>’s current sources of<br />
retirement income<br />
Is the money currently held in a<br />
pension scheme?<br />
Explain how the initial wealth grew to<br />
its present worth<br />
Gift Relationship of donor to the <strong>Customer</strong><br />
Date of transaction and/ or frequency<br />
Total amount<br />
Name and address of party making<br />
the transaction<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Bank statements (most recent three<br />
months) showing regular income from<br />
properties<br />
Copy of a project contract or<br />
document giving evidence of a<br />
material Real Estate investment<br />
Capital and/or income accounts of the<br />
property portfolio.<br />
Grant of probate (with a copy of the<br />
will) which must include the value of<br />
the estate<br />
Copy of will<br />
Lawyer/Attorney’s letter<br />
Account statements and other<br />
documentation identifying the assets<br />
inherited<br />
Bank statements (most recent three<br />
months) showing deposits from named<br />
employer/pension fund/Social Security<br />
Annual pension statement<br />
Pension pay slips<br />
Withdrawal from another bank account<br />
Account statements and the<br />
documentation identifying the gift and<br />
the donor<br />
INTERNAL<br />
Page | 43
SoW Sources<br />
Current or Former<br />
Government<br />
Official - in<br />
addition to any<br />
other applicable<br />
SoW questions<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Examples of data required<br />
Title or position (with the name of<br />
country) that the current or Former<br />
Government Official held or holds<br />
Whether the current or Former<br />
Government Official is/was elected or<br />
appointed to the position and how long<br />
the PEP has been/was with the office<br />
<strong>Customer</strong>’s salary and compensation<br />
from official duties<br />
Wealth and annual income derived<br />
from other than official duties<br />
If a former government official, identify<br />
current sources of wealth/income<br />
How wealth was derived<br />
Whether the Individual may still be<br />
connected closely to a current high<br />
level government official<br />
Sale of Artwork Details of the sale<br />
Origin of the artwork<br />
Description of the artwork<br />
Date of purchase of artwork<br />
Amount of purchase of artwork<br />
Lottery/Betting/<br />
Casino Win<br />
<br />
<br />
<br />
Date of win<br />
Total amount won<br />
Name and address of organisation<br />
making the payoff<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Example Forms of Documentary<br />
Evidence for Validation<br />
Bank statements (most recent three<br />
months)<br />
Financial statement for a legal entity<br />
(audited, if available)<br />
Inherited artwork: copy of estate deed<br />
including the list of artwork with<br />
description<br />
Acquired artwork: copy of the<br />
purchase contract or invoice, as well<br />
as the proof of payment<br />
Sales in a recognised auction house:<br />
copy of the related sale catalogue<br />
page, copy of the settlement<br />
statement and proof of payment of<br />
sale proceeds from the auction house<br />
Private sales: copy of the sales<br />
contract and proof of payment<br />
received from buyer<br />
Name of the artist<br />
Title of the piece of art and description<br />
Estimated value<br />
Auction house lot number where<br />
relevant<br />
Letter from relevant organisation<br />
(lottery headquarters/betting<br />
shop/casino)<br />
Certified copy of bank statement<br />
(month that shows deposit of lottery<br />
winnings)<br />
Copies of media coverage (if<br />
applicable) as supporting evidence<br />
INTERNAL<br />
Page | 44
Appendix 2: Glossary<br />
Negative News<br />
An indication of adverse information about an individual, a legal entity or Connected Party that<br />
may or may not be factual<br />
Negative News involves public source searches using Group approved tools and requires a<br />
judgmental assessment of relevance and materiality of any finding. Further investigation is<br />
usually required to determine the veracity of the information.<br />
Examples would include criminal and regulatory enforcement action, Financial Crime violation or<br />
other illegal activity that was conducted or facilitated by the <strong>Customer</strong>, or any Connected or<br />
Other Related Party, or an internal decision to Exit a <strong>Customer</strong> relationship due to Financial<br />
Crime risk concerns.<br />
Data bases used for research can be specific to available LoB tools/ country and language<br />
Length of History<br />
The time horizon of the search should be restricted to 5 years or since the last search was<br />
conducted. This is referred to as “Recent History”.<br />
In certain circumstances, for instance, where Negative News is identified, this time horizon may<br />
be extended to establish the full facts, referred to as “Full History”.<br />
Search strings<br />
List of numbers and characters used when searching for Negative News. A comprehensive,<br />
locally defined, search string must be agreed with the appropriate Country Business Risk<br />
function.<br />
Source of Wealth<br />
Understanding the SoW looks at how the <strong>Customer</strong> generated not only the wealth previously<br />
accumulated by the <strong>Customer</strong>, but HSBC must also understand how a <strong>Customer</strong> generates ongoing<br />
wealth. SoW considers the entire net worth of the <strong>Customer</strong>, not just the portion which is<br />
invested with HSBC. For example, this could be the explained by the Nature of Business, for a<br />
commercial entity, or inheritance and employment salary, for an individual;<br />
Source of Funds<br />
The SoF differs from SoW in that it addresses where the funds to be deposited with HSBC<br />
originate from, rather than how they were generated. For example, SoW could be accumulated<br />
savings from employment salary whereas SoF would be a USD savings account at Country<br />
Bank Limited;<br />
The tax residence status of a <strong>Customer</strong> generally determines which country has the primary<br />
right to tax that person's income. It does not necessarily mean that tax has to be paid in that<br />
country and the <strong>Customer</strong> may also have tax liabilities in countries in which they are not tax<br />
resident (for example, if they own a rental property in that country).<br />
Tax Residence<br />
The definition of tax residence may vary between countries and will depend in each case on a<br />
number of factors, for example, where a <strong>Customer</strong> lives or, if the <strong>Customer</strong> is an Entity, where<br />
that Entity is incorporated. Other circumstances that may be taken into account include the<br />
number of days spent in a country or where the <strong>Customer</strong>'s centre of economic interest is.<br />
<br />
<br />
It is possible to have more than one residence for tax purposes ("dual residence"). If a<br />
<strong>Customer</strong> is tax resident in more than one jurisdiction each location should be<br />
recorded.<br />
Although extremely rare, it is also possible for a <strong>Customer</strong> to be not tax resident in any<br />
jurisdiction. Any claims by <strong>Customer</strong>s that they are not tax resident in any country<br />
should be treated with caution and further validation sought.<br />
INTERNAL<br />
Page | 45
Important Note: Country of Tax Residence will be provided by the <strong>Customer</strong>.<br />
Documentary evidence such as a tax certificate issued by tax authorities, is not<br />
mandatory, unless it is a local regulatory requirement or pursuant to HSBC's own risk.<br />
If the <strong>Customer</strong> confirms to HSBC that he/she has tax filing obligations based on citizenship or<br />
nationality or other criteria rather than residency, this information (i.e., Country of tax obligations)<br />
should also be captured in the customer's profile.<br />
Tax Evasion<br />
Tax evasion is a financial crime. It is the knowing and deliberate illegal non-payment of tax as a<br />
result of the failure to fully declare or report assets, income or gains to appropriate tax<br />
authorities.<br />
INTERNAL<br />
Page | 46
Appendix 3 – Products with Implicit Purpose<br />
This is not an exhaustive list and additional products, where the purpose is implicit should be included in Country<br />
procedures following both First and Second Line Approval requirements as outlined in the <strong>RBWM</strong> Governance <strong>LoBP</strong>.<br />
<br />
<br />
<br />
Personal Lending - Auto Finance<br />
Mortgages - Home Loans and buy to rent<br />
Credit Cards, Charge Cards (or deferred debit cards), Co-branded credit cards, Affinity cards, Private label<br />
cards<br />
Insurance products<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Permanent life insurance policies, other than group life insurance policies;<br />
Fixed and variable annuity contracts, other than group annuity contracts;<br />
(Second hand) endowment products;<br />
A regular contribution investment linked product (e.g. pension scheme);<br />
Other products with cash surrender or investment features; this includes personal insurance policies such as<br />
investment bonds, personal pension plans, and annuity contracts.<br />
Pure protection insurance (i.e. no cash value);<br />
Group insurance products;<br />
Products offered by recognised charitable organizations, e.g. charitable annuities;<br />
Contracts of indemnity and structured settlements (including workers’ compensation payments);<br />
Term (including credit) life, property, casualty, health, or title insurance.<br />
Motor insurance;<br />
House insurance;<br />
Pet insurance.<br />
Minimal risk insurance products (products which have all of the following characteristics):<br />
<br />
<br />
<br />
<br />
<br />
Non-life insurance policy;<br />
Duration of 12 months or less;<br />
No surrender or maturity value;<br />
No investment value;<br />
Only pays out on loss from an insured event.<br />
INTERNAL<br />
Page | 47
Appendix 4 – Onboarding Guidance - Personal Accounts Being Used<br />
for Business Purposes<br />
1. If at onboarding a <strong>Customer</strong>’s employment status is identified as Sole Trader or Business Owner<br />
and they are seeking to open a retail personal account, it is important to establish if the <strong>Customer</strong><br />
intends to use the retail personal account for conducting business transactions. It is expected<br />
that this will be established whilst having discussions with the customer about the intended use of<br />
the account and expected transactional value and volume.<br />
2. If the <strong>Customer</strong> does plan to use their account for business transactions:<br />
a. In countries where <strong>RBWM</strong> operates a Retail Business Banking (RBB) portfolio the<br />
<strong>Customer</strong> can continue to be managed by <strong>RBWM</strong> and be provided with a suitable RBB<br />
product to meet their needs. <strong>Customer</strong>s retained by <strong>RBWM</strong> in this manner must have an<br />
RBB marker applied to their record to identify them to ensure that <strong>CDD</strong> requirements are<br />
conducted appropriately for their <strong>Customer</strong> type. E.g. Sole Trader.<br />
b. Where there is no RBB portfolio, the customer should be referred to CMB following local<br />
referral procedures. CMB will present them with products and services that would better<br />
suit their business needs. Please refer to the appropriate CMB <strong>LoBP</strong> for further <strong>Customer</strong><br />
Type definition information<br />
c. In Countries where CMB does not operate and RBB is not offered, <strong>RBWM</strong> will be unable<br />
to provide the appropriate services to the <strong>Customer</strong> and no referral will be possible,<br />
therefore onboarding of the <strong>Customer</strong> should not proceed. The customer is able to<br />
open/retain a personal account however it must be ensured that the customer does not<br />
operate business activities through the personal account.<br />
3. There are a number of reasons why <strong>RBWM</strong> does not permit retail personal accounts to be utilised<br />
for business purposes:<br />
a. Reduced ability to undertake effective Transaction Monitoring to identify suspicious or<br />
unusual activity, therefore increasing the risk of failing to identify transactions connected<br />
to money laundering or terrorist financing<br />
b. Regulatory requirements of certain regions and countries formally prevent the use of<br />
personal accounts for business purposes<br />
c. <strong>CDD</strong> activities will have been completed to the requirements for Individual <strong>Customer</strong>s<br />
rather than Sole Traders, therefore will not have identified the required Nature of<br />
Business information. Please see Chapter 5: Sole Traders for further Nature of Business<br />
guidance.<br />
4. Actual account activity will be reviewed during Periodic and Event Driven reviews. Guidance is<br />
provided in Chapter 4: Periodic and Event Driven Reviews.<br />
INTERNAL<br />
Page | 48
Appendix 5 – Source of Wealth Framework<br />
• This Source of Wealth (SoW) Framework defines <strong>RBWM</strong>’s approach to understanding, gathering<br />
information and validating our customers’ Source of Wealth throughout their banking relationship<br />
with us. The framework simplifies our approach by breaking it down into three key areas:<br />
1. Regular Income (Salary)<br />
2. Major events<br />
3. Growth<br />
• The Framework and guidance material builds on the <strong>RBWM</strong> Team Time sessions, by aligning<br />
SoW to the existing EDRAS (sales) model:<br />
1. Engaging<br />
2. Discovering<br />
3. Review<br />
4. Act<br />
5. Serve<br />
• In order to help our colleagues understand how they can weave these requirements into their<br />
everyday conversations with customers. The material in the Framework will be used to develop<br />
meaningful and practical training enabling recipients to have more focused training sessions and<br />
discussions on the subject.<br />
• The Framework material has been prepared in such a way as to be ‘sliced & diced’ depending on<br />
the focus of the requirement at the time. It has been developed specifically with First line of<br />
Defence in mind, however it should be also used to ensure Second line of Defence has a<br />
consistent understanding and expectations around the capturing and validating of SoW so that<br />
there is alignment in expectation from an oversight perspective.<br />
:<br />
INTERNAL<br />
Page | 49
INTERNAL<br />
Page | 50
3. Enhanced Due Diligence (EDD)<br />
Key Objective<br />
How will the Objectives<br />
be achieved?<br />
Scope of Section<br />
Related Sections<br />
Guidance Sources<br />
To identify, assess and mitigate the risks associated with Individual <strong>Customer</strong>s who pose a<br />
higher risk of Financial Crime, and where HSBC could be used as a conduit for Financial<br />
Crime activities.<br />
HSBC must apply Enhanced Due Diligence (EDD) procedures on a Risk Based Approach<br />
in any situation which, by its nature, can present a higher risk of financial crime.<br />
Typically, EDD requirements involve gathering additional information about the <strong>Customer</strong><br />
and their Connected Parties over and above the standard ID&V and KYC requirements.<br />
This Section outlines the EDD procedures to be undertaken:<br />
3.1 Introduction<br />
3.2 SCC Risk<br />
Chapter 1 – Identification & verification (ID&V) – baseline content applicable to all Individuals<br />
Chapter 2 – Know Your <strong>Customer</strong> (KYC) – baseline content applicable to all Individuals<br />
Global Anti-Money Laundering Policy: <strong>CDD</strong> Documents<br />
Global <strong>RBWM</strong> AML Policy Chapter 13: PEPs<br />
INTERNAL<br />
Page | 51
3.1 Introduction<br />
3.1.1 The purpose of this chapter is to address Special Category <strong>Customer</strong>s including Politically Exposed<br />
Persons (PEPs) or where individuals connected to the <strong>Customer</strong> are PEPs and the level of EDD<br />
required.<br />
3.1.2 EDD is a series of extra procedural steps beyond <strong>CDD</strong> which are taken to understand higher risk<br />
customers better. The extent and depth of EDD, as well as who performs the EDD, reflects the<br />
potential risk posed by the customer, as identified in the <strong>CDD</strong> process. The emphasis in EDD is<br />
therefore on risk management, not simply documentation.<br />
3.1.3 EDD must be undertaken on all Individual <strong>Customer</strong>s that pose a higher risk for financial crime<br />
including:<br />
a) Special Category <strong>Customer</strong>s (“SCC”); refer to SCC Risk Section below;<br />
b) <strong>Customer</strong>s with a high risk Financial Crime Risk Rating (FCRR);<br />
c) Specific circumstances where, irrespective of the FCRR, additional due diligence is<br />
required to address higher risk characteristics; and<br />
d) Other instances as directed by FCC.<br />
3.1.4 The ID&V and KYC chapters (1 and 2) for Individuals outline the EDD requirements for this<br />
customer type.<br />
3.1.5 The ID&V chapter outlines:<br />
a) Document certification requirements for non-face-to-face <strong>Customer</strong>s (1.8.14 – 1.8.16);<br />
b) A risk based approach to the Verification of Connected Parties (1.9); and<br />
c) Where Nationals/Citizens from Sensitive Sanctioned Countries are identified, the case<br />
must be escalated to FCC (1.8.6).<br />
d) Escalation considerations where there are higher risk indicators (1.11.1 – 1.11.3)<br />
3.1.6 The KYC chapter outlines the risk based approach to:<br />
a) Negative NewsScreening (2.2);<br />
b) Source of Funds (2.4);<br />
c) Source of Wealth (2.5); and<br />
d) <strong>Customer</strong> Contact/Visitation (2.8).<br />
For further information regarding the EDD requirements outlined above please refer to the ID&V and KYC<br />
chapters.<br />
INTERNAL<br />
Page | 52
3.2 Special Category <strong>Customer</strong>s<br />
3.2.1 An Individual <strong>Customer</strong> may be SCC due to:<br />
a) Being an Individual PEP or Connected PEP (SCC 01 and SCC 02 in Figure 3.1 and refer<br />
to Global <strong>RBWM</strong> PEP Policy<br />
b) Owning, operating or exercising any significant control in relation to any of the businesses<br />
or activities considered to be a High Risk (SCC 03, SCC 04,SCC 05, SCC 06, SCC 07,<br />
SCC 08, SCC 10 and SCC 12);<br />
c) Their level of exposure to a Sensitive Sanctioned Country (SCC 11, Refer to the Global<br />
Sanctions Policy for further information in relation to Sensitive Sanctioned Countries);<br />
and/or<br />
d) Any other adverse information or reputational risk they pose to HSBC (SCC 09) as<br />
directed by the HSBC Reputational Risk Committee. Refer to process Chapter 10<br />
(Appendix B) for further information on Special Categories of <strong>Customer</strong>s.<br />
Figure 3.1: Categories of SCC<br />
SCC 01<br />
SCC 02<br />
SCC 03<br />
SCC 04<br />
SCC 05<br />
SCC 06<br />
SCC 07<br />
SCC 08<br />
Politically Exposed Persons (PEPs).<br />
For further information regarding the EDD requirements for PEPs (including their close associates and family<br />
members) please refer to the <strong>RBWM</strong> PEPs LOBP.<br />
PEP Associates or Connected person (includes immediate family members and close associates.<br />
As above, please refer to the <strong>RBWM</strong> PEPs LOBP for further information regarding the EDD requirements for close<br />
associates and family members of PEPs.<br />
Charities, Not-for-Profit Organisations (NPO), Non-governmental Organisations (NGOs), religious organisations<br />
collectively known as “CNNs” that exhibit high risk characteristics.<br />
Government and state-owned bodies (GSBs) that exhibit high risk characteristics and Embassies (e.g. Foreign<br />
Embassies, Consulates, and Foreign Missions).<br />
Crowdfunding platforms, Third Party Payment Processors (TPPPs) Issuers/Dealers of Virtual Currency and Money<br />
Services Business (MSBs)<br />
Gaming/gambling operations (Land-Based and Online).<br />
Companies that manufacture or sell weapons e.g Arms dealers and manufacturers.<br />
Certain Bearer Share Corporations that are an exception to the procedure Documents.<br />
SCC 09<br />
<br />
<br />
Entities and Individuals that pose significant reputational risk to HSBC e.g. customers who have been<br />
accused or convicted of money laundering, terrorist financing, tax evasion, bribery, or corruption, human<br />
trafficking, proliferation, organised crime, as well as those entities that pose sustainability/environmental<br />
concerns.<br />
Any Restricted customers which do not fall under a prescribed SCC category.<br />
SCC 10<br />
SCC 11<br />
SCC 12<br />
Offshore Banking License – Offshore licensed banks or an individual, who owns, operates or exercises any control<br />
in relation to this type of business activity<br />
Individuals or entities with a known and material level of exposure to a Sensitive Sanctioned Country (refer to<br />
Global Sanctions Policy) 28 .<br />
Individuals who effectively own, operate or exercise any significant control in relation to any of the businesses/<br />
activities listed above.<br />
28<br />
<strong>Customer</strong>s with a known and material level of exposure to a Sensitive Sanctioned Country should be escalated to FCC who may require EDD<br />
measures to be undertaken in respect of the <strong>Customer</strong>.<br />
Page | 53<br />
INTERNAL
4. Trusts<br />
Key Objective<br />
How will the<br />
Objective be<br />
achieved?<br />
Scope of Section<br />
Related Sections<br />
Guidance sources<br />
To identify, assess and mitigate the risks associated with specific <strong>Customer</strong> types which<br />
pose a higher risk of Financial Crime, and/or where HSBC could be used as a conduit<br />
for Financial Crime activities.<br />
Trusts require additional and/or specific due diligence to address their risk attributes,<br />
outside the scope of the standard ID&V, KYC and general EDD requirements.<br />
This Section outlines who the <strong>Customer</strong> is for due diligence purposes, and the specific<br />
and/or additional due diligence requirements for Trusts.<br />
This Section outlines the ID&V procedures with respect to the following:<br />
4.1 Introduction<br />
4.2 Definition of <strong>Customer</strong> Type<br />
4.3 Definitions of Connected Parties<br />
4.4 Risks Associated with the <strong>Customer</strong> Type<br />
4.5 <strong>Customer</strong> Risk Classification<br />
4.6 ID&V of the <strong>Customer</strong> and their Connected Parties<br />
4.7 ID&V Requirements<br />
4.8 <strong>Customer</strong> Screening<br />
4.9 Understanding Nature of Business and Sources(s) of Wealth<br />
4.10 Understanding the Intended Purpose and Usage of Account<br />
4.11 Visitation<br />
4.12 Enhanced Due Diligence (EDD)<br />
4.13 HSBC as a Trustee - Introduction<br />
4.14 HSBC as a Trustee - ID&V of Connected Parties<br />
4.15 HSBC as a Trustee - Source of Wealth of the Settlor<br />
4.16 HSBC as a Trustee - Visitation<br />
4.17 ID&V of Trusts as Beneficial Owners<br />
Chapter 1 –<strong>RBWM</strong> Individuals: Identification and Verification (ID&V)<br />
Chapter 2 – <strong>RBWM</strong> Individuals: Know Your <strong>Customer</strong> (KYC)<br />
Chapter 3 – <strong>RBWM</strong> Individuals: Enhanced Due Diligence (EDD)<br />
Chapter 5 – Global AML Policy: <strong>CDD</strong> Standards - Corporates & Partnerships (ID&V)<br />
Chapter 6 – Global AML Policy: <strong>CDD</strong> Standards - Corporates & Partnerships (KYC)<br />
Chapter 7 – Global AML Policy: <strong>CDD</strong> Standards - Corporates & Partnerships (EDD)<br />
Global AML Policy: <strong>CDD</strong> Standards Trusts<br />
4.1 Introduction<br />
4.1.1 The procedures below outline the <strong>Customer</strong> Due Diligence (<strong>CDD</strong>) standards to be followed for<br />
Trusts. Where the standards are the same as those for Corporates or Individuals, cross references<br />
are made to related sections in the Corporates or Individuals procedures.<br />
4.2 Definition of <strong>Customer</strong> Type<br />
INTERNAL<br />
Page | 54
4.2.1 A Trust (<strong>Customer</strong> 29 ) is defined as a relationship created at the direction of an Individual or an entity<br />
(Settlor), in which one or more parties (Trustee(s)) hold the Individual's/entity’s property, subject to<br />
certain duties, to use and protect it for the benefit of others (Beneficiary(ies)). While the structure<br />
of the Trust may vary, this section is intended to provide procedures for Trusts whose structure is<br />
based on the intention of the Settlor to transfer assets to a Beneficiary/Beneficiaries (e.g. party<br />
other than the Settlor), and where the control over the assets is held by a third party, Trustee.<br />
4.2.2 A Trust is governed by a Trust Deed and is created either (a) for the purpose of protecting and<br />
conserving assets for the benefit of either the Beneficiary in a Holding Trust structure or (b) to<br />
operate as a business providing a product or a service to third parties in an Operating Trust<br />
structure.<br />
4.2.3 This document sets out procedures for the following type of Trust banked by <strong>RBWM</strong>:<br />
Fig. 4.1: Types of Trusts<br />
Private Holding<br />
Trust<br />
A Private Holding Trust is typically established for the purpose of wealth management so<br />
that assets of an Individual may be efficiently transferred from one generation to the next.<br />
Alternatively, this type of Trust may be established for asset protection purposes. For this<br />
type of a Trust, a Settlor may be an Individual, a Private Investment Vehicle (PIV) or a<br />
Private Investment Company (PIC).<br />
4.2.4 For the purpose of this document, Trusts are treated as equivalent to a legal entity type. It is<br />
acknowledged, however, that the extent to which a Trust is considered to have a discrete legal<br />
personality will vary depending on jurisdiction and the terms of the founding document(s).<br />
Moreover, in jurisdictions where a Trust is not considered a legal entity, the Trust may still exhibit<br />
certain characteristics of a legal entity such as bankruptcy remoteness and/or the ability to be bound<br />
by a contract.<br />
4.2.5 <strong>RBWM</strong> banks different types of Trust. Details of other types of Trust can be found in the Global<br />
AML Guidance<br />
4.3 Definitions of Connected Parties<br />
4.3.1 A Connected Party is a term used to describe a party, either a natural person or a legal entity, who<br />
provides assets to the <strong>Customer</strong>, has the power to direct the activities of the <strong>Customer</strong>, and/or is<br />
the Beneficiary of the <strong>Customer</strong>.<br />
4.3.2 The following table establishes definitions of the key Connected Parties requiring <strong>CDD</strong>:<br />
29<br />
For the purposes of this section, the term “<strong>Customer</strong>” represents the Trust banked by <strong>RBWM</strong>.<br />
INTERNAL<br />
Page | 55
Fig. 4.2: Key Connected Parties<br />
Trustee<br />
Protector<br />
Settlor<br />
(Donor/Grantor/<br />
Trustor)<br />
Beneficiary<br />
Other Connected<br />
Parties<br />
The Trustees of a Trust exercise control over the Trust property. A Trustee may be a<br />
natural person or a legal entity. Control is defined as a power (whether exercisable alone,<br />
jointly with another person or with the consent of another person) under the Trust Deed or<br />
equivalent or by law to:<br />
<br />
<br />
<br />
<br />
Dispose of, advance, lend, invest, pay or apply Trust property;<br />
Vary the Trust’s structure;<br />
Add or remove a person as a Beneficiary, or to or from a class of Beneficiaries;<br />
Appoint or remove Trustees; or<br />
Direct, withhold consent to, or veto the exercise of any of the above powers.<br />
Control over the assets in the Trust is held with the Trustees but can be constrained by the<br />
terms of the Trust to operate within certain limits. Limits can cover all aspects such as a<br />
requirement to hold a real asset (property) or deposit funds with a specified custodian.<br />
Note: In some cases, another party may exercise control; such as a Trust Protector or a<br />
Settlor who retains significant powers over the Trust property either directly or indirectly (such<br />
as the power to replace the Trustee).<br />
A Trust Protector is a party or parties appointed by the Settlor to exercise one or more<br />
powers affecting the Trust and to protect Beneficiaries from a rogue Trustee.<br />
Trust Protectors can often make changes to a Trust, involving addition/ removal of<br />
Trustees, investment decisions, change distributions and, in some cases, modifications to<br />
or termination of a Trust.<br />
A Settlor is an Individual/entity that provides the Source of Wealth and/or Source of Funds<br />
for the Trust. The party who creates a Trust by a written Trust Deed is called a Settlor (or<br />
may sometimes be referred to as a Trustor, Donor or Grantor). The Settlor usually transfers<br />
the assets into the Trust; this can be at inception or during the life of the Trust. There may<br />
be one or many Settlors.<br />
A Beneficiary is any person, class of persons, legal entity (e.g. a Corporate) or Trust (e.g.<br />
Charitable Trust) who receives a distribution of assets or income from a Trust. In some<br />
instances, the Beneficiary may or may not be aware of their entitlement. A Beneficiary may<br />
be an Intermediate Beneficiary (IB) (an entity) or an Ultimate Beneficiary (UB) (a natural<br />
person) who is the Ultimate Beneficial Owner (UBO) of the IB.<br />
For the majority of Trusts, there will be clearly identified Beneficiaries or a class of<br />
Beneficiaries (e.g. unborn grandchildren). Usually, Beneficiaries or the Class of<br />
Beneficiaries are documented in the Trust’s Deed or equivalent.<br />
Examples of other Connected Parties include Sole Signatories and Power of Attorney<br />
holders, who may be appointed in positions of effective control of the Trust.<br />
4.3.3 For Trusts, the account applicant will be the controlling Connected Party, who will maintain the<br />
relationship with <strong>RBWM</strong>. The applicant will be following the instructions of the Settlor to set up a<br />
Trust account as described in the Trust Deed.<br />
4.3.4 The applicant for the Trust account may be one of the following:<br />
a) Trustee/Protector; or<br />
b) Key Controller, where the Settlor is a legal entity.<br />
INTERNAL<br />
Page | 56
4.4 Risks Associated with the <strong>Customer</strong> Type<br />
4.4.1 As set out below in more detail, Trusts can involve a higher degree of Financial Crime risk for the<br />
following principal reasons:<br />
Fig. 4.3: Financial Crime risks<br />
a) Property is generally transferred from the Settlor to the Beneficiary; and<br />
b) It may be difficult to determine who exercises effective control over the Trust.<br />
Ownership and<br />
Control<br />
Source of<br />
Wealth and<br />
Activity of the<br />
Trust<br />
Operating<br />
Environment<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Since Trusts generally include the transfer of ownership of assets between the Settlor and<br />
the Beneficiary, understanding the motivation of the Settlor is a key factor relevant to<br />
determining Financial Crime Risk.<br />
Particular attention should be made to complex Trust structures (i.e. where multi-tiered<br />
entities exist before reaching Beneficiaries and such multiple-tiers involve multiple<br />
jurisdictions), since these can create difficulties in identifying the role of the Connected<br />
Parties, most notably the actual Controlling Party. Consideration should be given as to<br />
whether the purpose of the Trust is to create distance between the Settlor and the<br />
Beneficiaries of the Trust (potential related risks include circumvention of sanction<br />
requirements, connection to a Politically Exposed Person (PEP), or tax evasion).<br />
Understanding the value each Connected Party is providing to the Trust is also relevant to<br />
mitigate the risk.<br />
The level of inherent risk may be reduced where the Trust’s Connected Parties are<br />
Acceptably Publicly Listed or Equivalently Regulated Financial Institutions and a higher<br />
degree of publicly available information and reporting requirements exist.<br />
Some Trusts may be established in one jurisdiction but its activities are based within<br />
another. This may result in control being located in a different jurisdiction to the location of<br />
the Trust assets and related income.<br />
To ensure that the Trust is not a money–laundering layering activity, the Source of Wealth<br />
and the legitimacy of the transfer need to be understood for a Trust. Appropriate distinction<br />
should be made between those Trusts that serve a limited purpose (such as inheritance<br />
tax planning), or have a limited range of activities, and those Trusts where the activities<br />
and connections are more diverse and complex.<br />
Understanding the Nature of Business of the Trust and of the key Individuals behind the<br />
Trust is fundamental in mitigating the risk in doing business with these entities.<br />
The country of establishment is a key consideration, notably with regards to entities which<br />
are based in a high risk jurisdiction which has been associated with financial crime or is<br />
considered a Tax Haven.<br />
The entity may do business in a high risk jurisdiction(s) and/ or across borders, increasing<br />
the risk of financial crime.<br />
Tax residency of Beneficiaries and the Settlor is a key consideration, notably with regards<br />
to Private Holding Trusts established in a Tax Haven.<br />
4.5 <strong>Customer</strong> Risk Classification<br />
4.5.1 Trusts are risk rated according to the key risk factors identified in the Global FCC-RAM. The nature<br />
of the Settlor(s) (e.g. Individual or business) will impact the application of the FCC-RAM for the<br />
Trust.<br />
4.5.2 Where a PEP is identified as a Connected Party, the Trust is to be classified as SCC.<br />
4.5.3 Tax Transparency adopts a risk based approach and is applicable to Private Holding Trusts.<br />
INTERNAL<br />
Page | 57
4.5.4 Examples of High Risk indicators are outlined in this document and include the examples below.<br />
Where such concerns are noted, Enhanced Due Diligence (EDD) should be conducted and the<br />
<strong>Customer</strong> should be escalated to Country FCC to determine what action should be taken, including<br />
the determination of the appropriate Financial Crime Risk Rating (FCRR). Examples include:<br />
a) There are concerns regarding the nature and purpose of the Trust or its Connected<br />
Parties;<br />
b) The Settlor is unknown or anonymous and the <strong>Customer</strong> fails to be open about the Source<br />
of Wealth and Source of Funds, which may indicate an attempt to conceal the true Settlor;<br />
c) <strong>Customer</strong>’s failure to be open about the purpose of a legal person or legal arrangement<br />
in the Trust structure;<br />
d) There is an unusual supervision or control structure of assets (e.g. control is not with the<br />
Trustee); and<br />
e) The intended purpose of the Trust entails the transfer of assets due to political exposure<br />
or the risk of a legal or tax investigation to any Beneficiary or Connected Party to the<br />
Trust.<br />
4.5.5 An account should not be opened if any of following are identified:<br />
a) The <strong>Customer</strong> refuses to provide information about the Connected Parties or essential<br />
information necessary to complete a <strong>Customer</strong> profile such as Source of Wealth,<br />
business/ occupation, or business name and address<br />
b) The information provided by the <strong>Customer</strong> is inconsistent or does not appear to be<br />
credible;<br />
c) True Beneficiaries or class of Beneficiaries cannot be identified;<br />
d) The Relationship Manager (RM) suspects that the <strong>Customer</strong> may be engaged in criminal<br />
activities; and/or<br />
e) The RM knows or has reasonable grounds to suspect that the <strong>Customer</strong> may have the<br />
intention of using HSBC’s services to evade taxes. For example, this may arise due to<br />
the nature of the <strong>Customer</strong> or Connected Parties questions at account opening or at any<br />
time during the relationship, but is a matter of judgement for the RM. A non-exhaustive<br />
list of tax evasion indicators are included for reference within <strong>RBWM</strong> Individuals ID&V<br />
Appendix 2). This list should be used in conjunction with any other information the RM<br />
has on the customer.<br />
4.6 ID&V of the <strong>Customer</strong> and their Connected Parties<br />
Identification of the Level of Public Accountability<br />
4.6.1 For the purposes of this section, Trusts are not classified as being Acceptably Publicly Listed Entity<br />
or Equivalent Regulated Financial Institutions (FI), since the types of Trusts in scope are not listed<br />
on a stock exchange or regulated for AML purposes.<br />
4.6.2 However, where the Connected Parties to a Trust are legal entities, they may be Acceptably<br />
Publicly Listed Entities or Equivalent Regulated FI which will result in reduced verification<br />
requirements for the Connected Party.<br />
4.6.3 For the definition of levels of Public Accountability refer to Global Procedural Standards [5.6]<br />
Corporates and Partnerships- Identification and Verification (ID&V) (Identification of the Levels of<br />
Public Accountability).<br />
4.6.4 Where a Connected Party that is a Legal Entity is neither an Acceptably Publicly Listed Entity nor<br />
Equivalent Regulated FI, the entity must be categorised as either Wholesale or in the Other Entities<br />
category based on the level of information known about the Connected Party. If the information<br />
required to classify a Connected Party into one of these categories is not available, the Connected<br />
Party should be classified in the Other Entities category and ID&V’d accordingly.<br />
INTERNAL<br />
Page | 58
4.7 ID&V Requirements<br />
4.7.1 The following table describes minimum identification and verification requirements for Trusts.<br />
Fig. 4.4: Minimum ID&V requirements<br />
Minimum Identification Requirements – Trusts (all FCRRs)<br />
All Trusts:<br />
a) Full Name of the Trust (as per proof of formation document)<br />
b) Country of establishment 30<br />
c) Registered address* of the Trust (where applicable)<br />
d) Identification Number or equivalent (e.g. registration number, tax identification number) (where available)<br />
e) Date on which the Trust was established<br />
f) Future date of Trust dissolution (where stated)<br />
*Note: Where the Trust does not have a registered address, the registered address of the Trustee(s) should be<br />
obtained.<br />
Note: In countries where it is not usual to use street addresses, it is acceptable to record the business address of the<br />
entity according to standard local practice such as PO Box Number and physical location(s) of the business.<br />
Verification Requirements – Trusts (all FCRRs)<br />
All Trusts:<br />
a) Full Name of the Trust<br />
b) Registered address including country of establishment (where applicable)<br />
c) Identification Number or equivalent (e.g. registration number, tax identification number) (where available)<br />
Verification Sources (all FCRRs):<br />
See Verification Sources for Trusts Section 4.7.2 and 4.7.3<br />
30<br />
Country where the Trust is legally formed<br />
INTERNAL<br />
Page | 59
Verification Sources for Trusts<br />
4.7.2 It is key that <strong>RBWM</strong> reviews the information provided about the Trust against documents from an<br />
independent, reliable and approved source. Where the Trustee is providing the Trust Deed, the<br />
secondary documentary source will not be independent of the Trustee therefore a single primary<br />
source is sufficient. Below are verification sources that should be obtained for a Private Holding<br />
Trust<br />
Fig. 4.5: Verification Sources that should be obtained for a Private Holding Trust<br />
Verification Source (see Fig. 4.6):<br />
Trust Type<br />
Private Holding Trust<br />
Where the documentation is<br />
provided by Trustee<br />
Trust Deed<br />
Where the documentation is provided by a<br />
party other than Trustee (e.g. Settlor)<br />
Trust Deed as the Primary Documentary<br />
Source<br />
Secondary Documentary Source (see<br />
examples below.)<br />
4.7.3 Below are examples of Verification Sources for Trusts.<br />
Fig. 4.6: Verification: Primary and Secondary Sources<br />
Type<br />
Primary<br />
Documentary Source<br />
Secondary<br />
Documentary Source<br />
INTERNAL<br />
Verification<br />
Full Trust Deed (including addendums for the minimum of the past 5<br />
years)<br />
Primary verification documentation must, at a minimum, disclose activities<br />
of the Trust and the names and roles of all Connected Parties.<br />
<br />
<br />
Note: Where only a certified true copy of redacted (a copy with sensitive or<br />
confidential words/phrases hidden) Trust Deed may be obtained, the<br />
<strong>Customer</strong> account opening should be referred to Country FCC to review<br />
whether the documentation provided is sufficient. In all cases, where a<br />
redacted copy of the Trust Deed is accepted, a Trustee Declaration should<br />
be obtained.<br />
Partial Trust Deeds can also be accepted providing they contain sufficient<br />
details to fulfil <strong>CDD</strong>/KYC requirements. This includes the Grantor/Settlor,<br />
Trustees, Beneficiaries, date of the Trust, Trust name and signatures.<br />
This information can typically be located on the first and last pages of the<br />
trust agreement. <strong>RBWM</strong> should work in conjunction with Country FCC to<br />
determine general guidelines for partial Trust Deed (as additional local<br />
requirements might apply).<br />
Signed Trustee Declaration;<br />
<br />
<br />
<br />
Confirmation letter from a Professional Service Provider that the Trust<br />
Deed was provided to them by the Trustee;<br />
Document setting out professional advice received from a <strong>Customer</strong>’s<br />
legal or tax adviser, if any; or<br />
Search confirming existence on approved government websites. The<br />
website must be approved by Country FCC as an acceptable form of<br />
verification.<br />
Page | 60
Trustees, Key Controllers or Protectors<br />
4.7.4 The names of all Trustees, Key Controllers and Protectors are to be identified by reference to<br />
documentary verification sources. These should be verified per requirements stated below; where<br />
the Trustee is a legal entity that is an Equivalently Regulated FI, only verification of regulation is<br />
required.<br />
Trustees<br />
4.7.5 All Trustees connected to the Trust should be ID&V’d as per the requirements below.<br />
4.7.6 Where there is a large number of Trustees (greater than 5), the rationale for the high number of<br />
Trustees and their relationships to the Trust should be understood and fully documented.<br />
Additionally, the <strong>Customer</strong> should be escalated to Country FCC for approval as to how many and<br />
which Trustees should be ID&V’d.<br />
4.7.7 At a minimum, full ID&V is to be conducted for a Trust Company (as per the entity type) and for<br />
those Trustees who give instructions on the account. The names of other Trustees are to be<br />
obtained and screened against Official and Other Lists.<br />
4.7.8 Where the number of Trustees/Key Controllers appears disproportionate to the number of<br />
Trustees/Key Controllers normally encountered in similar Trusts types (e.g. 20 Individual Trustees<br />
for a Private Holding Trust), the <strong>Customer</strong> should be escalated to Country FCC.<br />
4.7.9 Where a Successor Trustee (a party who takes over a position as a Trustee when the original<br />
Trustee can no longer act in a Trustee capacity) is present, the Successor Trustee must be<br />
identified within the <strong>CDD</strong> profile. The Successor Trustee must be verified as a Trustee when the<br />
party takes on the responsibilities of the Trustee. Successor Trustees will not count toward the<br />
number of Trustees held by the Trust until the party becomes an acting Trustee.<br />
4.7.10 The following table provides ID&V requirements for Trustees:<br />
Fig. 4.7: ID&V requirements for Trustees<br />
Minimum Identification and Verification Requirements – Trustee (all FCRRs)<br />
Trustee Type Identification Verification<br />
Individual Full Name<br />
<br />
Date of Birth<br />
Legal Entity Legal Name<br />
<br />
<br />
<br />
<br />
Permanent Residential Address (including<br />
Country)<br />
Country(ies) of Nationality, if legally permissible,<br />
or Citizenship<br />
Registered address/ address of incorporation<br />
(including country)<br />
Proof of Regulation (mandatory for Equivalently<br />
Regulated FI)<br />
Verify in accordance with Section<br />
[1.8] Individuals - Identification<br />
and Verification (ID&V) (ID&V –<br />
Requirements for the <strong>Customer</strong>)<br />
Verify in accordance with Global<br />
Procedural Standards Section<br />
[5.7] Corporates and<br />
Partnerships - Identification and<br />
Verification (ID&V) (ID&V –<br />
Requirements for the <strong>Customer</strong>)<br />
4.7.11 The identification of Authorised Signatories is part of product onboarding and maintenance<br />
requirements, with Authorised Signatory arrangements often varying by Product.<br />
Protectors<br />
4.7.12 Where a Protector is used within the structure of a Trust, the Protector should be ID&V’d in the<br />
same manner as a Trustee. Additionally, the relationship between the Protector and Connected<br />
Parties should be understood.<br />
INTERNAL<br />
Page | 61
Key Controllers<br />
4.7.13 Where the Key Controller is not a natural person, it is necessary to “look through” the entity to its<br />
Ultimate Beneficial Owner (UBO) and Key Controllers. In such cases, the Legal Entity is to be<br />
ID&V’d, along with the ownership structure and UBOs/Key Controllers.<br />
Fig. 4.8: ID&V requirements Key Controllers<br />
Minimum Identification and Verification Requirements – Key Controllers (all FCRRs)<br />
<strong>Customer</strong> FCCR Identification Verification<br />
Who is to be identified and verified:<br />
All<br />
Obtain list of all Key Controllers<br />
Identify at least two Key Controllers<br />
What information is to be obtained:<br />
<br />
<br />
Verify list of Key Controllers<br />
Verify Identity of at least two Key Controllers<br />
All<br />
For List of Key Controllers<br />
(Individuals):<br />
o<br />
o<br />
Full Name<br />
Position/ Title<br />
o Date of Birth<br />
Additional for Legal Entities<br />
o<br />
o<br />
o<br />
Full Name<br />
Country of Incorporation<br />
Regulation/ Listing status (where<br />
applicable)<br />
Additional for Two Key Controllers:<br />
o<br />
Permanent Residential Address<br />
Additionally for UBOs of Key<br />
Controllers:<br />
<br />
List of Key Controllers – see Global<br />
Procedural Standards Section [5.10]<br />
Corporates and Partnerships - Identification<br />
and Verification (ID&V) (ID&V –<br />
Requirements for Key Controllers)<br />
ID&V of two Key Controllers of the Trust –<br />
Global Procedural Standards Section [4.10]<br />
Corporates and Partnerships - Identification<br />
and Verification (ID&V) (ID&V –<br />
Requirements for Key Controllers)<br />
<br />
Where the Key Controller is a Legal Entity,<br />
ID&V two Key Controllers and the UBOs for<br />
the entity as per Global Procedural<br />
Standards Section [5.10] Corporates and<br />
Partnerships - Identification and Verification<br />
(ID&V) (ID&V – Requirements for Key<br />
Controllers)<br />
o<br />
o<br />
o<br />
o<br />
Full Name<br />
Ownership percentage<br />
Date of birth<br />
Permanent residential address<br />
Settlors, Donors or Grantors<br />
4.7.14 It is key that adequate information is obtained about the Settlors/ Grantors/ Donors of the Trust in<br />
order to ID&V these parties. The ID&V process will vary based on the type of the Settlors/<br />
Donors/Grantors connected to the Trust:<br />
a) Settlors/ Donors/ Grantors, ID&V all Settlors/ Donors/ Grantors of the Trust contributing 10% or<br />
more to the value of the Trust’s assets, at the time of contribution; or<br />
b) Where the Settlor is not a natural person, it is required to “look through” the entity to its UBO and<br />
Key Controllers. In such cases, the Legal Entity is to be ID&V’d, along with the ownership structure,<br />
and UBOs/ Key Controllers.<br />
INTERNAL<br />
Page | 62
4.7.15 The table below sets out ID&V requirements for Settlors.<br />
Fig. 4.9: ID&V requirements for Settlors<br />
Where the Settlor is Identification Verification<br />
Natural Person Full Name<br />
<br />
<br />
<br />
<br />
Date of Birth<br />
Permanent Residential Address<br />
(including Country)<br />
Country(ies) of Nationality, if legally<br />
permissible, or Citizenship<br />
Country of Tax Residence* (if different<br />
to permanent residential address) (For<br />
Private Holding Trusts only)<br />
Verify in accordance with Section [1.8]<br />
Individuals - Identification and Verification<br />
(ID&V) (ID&V – Requirements for the<br />
<strong>Customer</strong>)<br />
Legal Entity<br />
Legal Entity<br />
o<br />
o<br />
o<br />
Legal Name<br />
Registered address/address<br />
of incorporation (including<br />
country)<br />
Business Address<br />
o Proof of Listing/Regulation<br />
(mandatory for Acceptably<br />
Publicly Listed or Equivalently<br />
Regulated FI)<br />
Controlling Parties<br />
o<br />
o<br />
o<br />
o<br />
Ownership structure<br />
List of names of Key<br />
Controllers<br />
UBOs (contributing 10% of the<br />
value of the Trust’s assets, at<br />
the time of contribution)<br />
Two Key Controllers<br />
<br />
<br />
<br />
<br />
Verify the Legal Entity in accordance with<br />
Global Procedural Standards Section [5.7]<br />
Corporates and Partnerships - Identification<br />
and Verification (ID&V) (ID&V –<br />
Requirements for the <strong>Customer</strong>)<br />
Verify ownership structure accordance with<br />
Global Procedural Standards Section [5.9.6-<br />
5.9.11] Corporates and Partnerships -<br />
Identification and Verification (ID&V)<br />
(Identification of Ownership Structure)<br />
Verify the List of Key Controllers in<br />
accordance Global Procedural Standards<br />
Section [5.10] Corporates and Partnerships<br />
- Identification and Verification (ID&V) (ID&V<br />
– Requirements for Key Controllers)<br />
Verify two Key Controllers and all UBOs,<br />
contributing 10% of the value of the Trust’s<br />
assets, at the time of contribution, in<br />
accordance with requirements stated for the<br />
Settlor who is a natural person, as per the<br />
above.<br />
*Note: See Glossary for definition of Tax Residence.<br />
4.7.16 It is important to understand the control the Settlor has/will have over the Trust’s assets. Where the<br />
Settlor has the power to influence the distributions based on the Trust Deed, the Settlor should be<br />
ID&V’d as per the process for the Trustee (i.e. Settlor should be ID&V’d in all cases).<br />
4.7.17 Where the Settlor is a legal entity, it is critical to understand the structure and ownership of the<br />
Settlor as per Global Procedural Standards Section [5.7] Corporates and Partnerships -<br />
Identification and Verification (ID&V) (ID&V – Requirements for the <strong>Customer</strong>).<br />
INTERNAL<br />
Page | 63
Deceased Settlor<br />
4.7.18 Where the Settlor is deceased, the Trustees must provide the following information to properly<br />
identify the Settlor:<br />
a) Name;<br />
b) Date of Birth; and<br />
c) One of the following:<br />
<br />
<br />
The Settlor’s death certificate, or<br />
Confirmation from an approved public source<br />
Where this information and/ or documentation are not available, the <strong>Customer</strong> should be<br />
escalated to Country FCC.<br />
Anonymous and Unknown Settlors<br />
4.7.19 In the event that the Settlor is anonymous (Settlor that chooses to remain unnamed on the Trust<br />
Deed) or unknown (Settlor for whom information is not now available) for an existing Trust (e.g.<br />
due to the age of the Trust) refer the <strong>Customer</strong> to Country FCC.<br />
4.7.20 No new Trusts with unknown or anonymous Settlors should be onboarded.<br />
Nominee Settlor<br />
4.7.21 Where a nominee Settlor is identified, the reasons for the use of such a nominee should be<br />
understood and recorded, in addition to performing appropriate due diligence on all underlying true<br />
Settlors. The nominee’s relationship to the true Settlor and/or other Connected Parties to the trust<br />
should also be understood and recorded.<br />
4.7.22 Where a true Settlor cannot be identified, refer to Country FCC.<br />
4.7.23 One or more of the following may help to identify whether a nominee Settlor is being used:<br />
Beneficiaries<br />
a) The Source of Wealth listed on the Trust Deed does not correspond to the Source of<br />
Wealth of the listed Settlor;<br />
b) There is no apparent relationship between the Beneficiaries and the Settlor or the Settlor<br />
is a professional service provider for Trusts; and/or<br />
c) The Trustee may provide information that a nominee Settlor is stated on the Trust Deed.<br />
4.7.24 It is important to ID&V Beneficiaries who receive a significant portion or a large sum of the Trust’s<br />
property. Both IBs and UBs should be identified (e.g. if a direct Beneficiary is not a natural person,<br />
the natural person who is the UB should be identified).<br />
4.7.25 Beneficiaries must be appropriately ID&V’d in accordance with the table below.<br />
Fig. 4.10: ID&V requirements for Beneficiaries<br />
<strong>Customer</strong><br />
FCRR<br />
Identification Requirements<br />
Verification Requirements<br />
All Named Beneficiaries for Private Holding Trusts (all FCRRs)<br />
All<br />
Identify all Beneficiaries (where<br />
named on the Trust Deed).<br />
Note: Where the number of<br />
Beneficiaries exceeds 20, a risk<br />
based approach as per Fixed<br />
Entitlement Beneficiaries section<br />
below can be applied.<br />
<br />
<br />
Verify identity of all Ultimate Beneficiaries of the Trust,<br />
where the Beneficiary is an Individual or an entity that is<br />
classified as Wholesale or in the Other Entities category.<br />
No requirement to verify identity where the Beneficiary is<br />
an Acceptably Publicly Listed Entity or Equivalent<br />
Regulated FI**.<br />
<br />
Verify ownership structure if direct Beneficiaries are not<br />
natural persons (see Global Procedural Standards Section<br />
INTERNAL<br />
Page | 64
[5.9.6-5.9.11] Corporates and Partnerships - Identification<br />
and Verification (ID&V) (Identification of Ownership<br />
Structure).<br />
Fixed Entitlement Beneficiaries<br />
High/SCC<br />
Beneficiaries (including UBs<br />
and IBs) who are entitled to a<br />
share of ≥ 10% of the Trust’s<br />
total assets/ annual income*.<br />
<br />
Verify identity of all identified Ultimate Beneficiaries of the<br />
Trust, where the Beneficiary is an Individual or an entity<br />
that is classified as Wholesale or in the Other Entities<br />
category.<br />
<br />
No requirement to verify identity where the Beneficiary is<br />
an Acceptably Publicly Listed Entity or Equivalent<br />
Regulated FI**.<br />
<br />
Verify ownership structure if direct Beneficiaries are not<br />
natural persons (see Global Procedural Standards Section<br />
[5.9.6-5.9.11] Corporates and Partnerships - Identification<br />
and Verification (ID&V) (Identification of Ownership<br />
Structure).<br />
Medium<br />
Beneficiaries (including UBs<br />
and IBs) who are entitled to a<br />
share of ≥ 25% of the Trust’s<br />
total assets/ annual income*.<br />
<br />
Verify identity of all identified Ultimate Beneficiaries of the<br />
Trust, where the Beneficiary is an Individual or an entity<br />
that is classified as Wholesale or in the Other Entities<br />
category.<br />
<br />
No requirement to verify identity where the Beneficiary is<br />
an Acceptably Publicly Listed Entity or Equivalent<br />
Regulated FI**.<br />
<br />
Verify ownership structure if direct Beneficiaries is<br />
classified as Wholesale or in the Other Entities category<br />
(see Global Procedural Standards Section [5.9.6-5.9.11]<br />
Corporates and Partnerships - Identification and<br />
Verification (ID&V) (Identification of Ownership Structure).<br />
Low<br />
Beneficiaries (including UBs<br />
and IBs) who are entitled to a<br />
share of ≥ 25% of the Trust’s<br />
total assets/ annual income*.<br />
<br />
<br />
No requirement to verify identity.<br />
Verify ownership structure if direct Beneficiaries is<br />
classified as Wholesale or in the Other Entities category<br />
( Global Procedural Standards Section [5.9.6-5.9.11]<br />
Corporates and Partnerships - Identification and<br />
Verification (ID&V) (Identification of Ownership Structure).<br />
Beneficiaries with Non-fixed Entitlement<br />
All<br />
Beneficiaries with Non-fixed<br />
Entitlements<br />
<br />
Verify all Beneficiaries named in the Trust Deed (where<br />
possible)<br />
<br />
Transaction monitoring within local threshold requirements<br />
<br />
No requirement to verify identity where the Beneficiary is<br />
an Acceptably Publicly Listed or Equivalently Regulated FI<br />
Unnamed Beneficiary on Trust Deed<br />
All<br />
Identify class of Beneficiaries<br />
from the Trust Deed.<br />
<br />
<br />
No verification requirements for the class of Beneficiaries<br />
Note: Where a Trustee provides information regarding<br />
previously unnamed Beneficiary prior to disbursement,<br />
ID&V as per the type of Trust/Settlor described above<br />
should be performed on the Beneficiary.<br />
INTERNAL<br />
Page | 65
Information to be Obtained for Beneficiaries Based on Requirements Stated Above (all FCRRs)<br />
Beneficiaries (UBs and IBs)<br />
o<br />
Full Legal Name<br />
o Ownership %<br />
Additionally for Individuals<br />
(UBs)<br />
o<br />
o<br />
o<br />
o<br />
Date of Birth<br />
Permanent Residential<br />
Address<br />
Country(ies) of<br />
Nationality, if legally<br />
permissible, or<br />
Citizenship<br />
Country of Tax<br />
Residence (For Private<br />
Holding Trusts only)<br />
Additionally for Legal<br />
Entities (IBs)<br />
Verify Individuals in accordance with Section [1.8]<br />
Individuals - Identification and Verification (ID&V) (ID&V<br />
– Requirements for the <strong>Customer</strong>).<br />
<br />
For verification of Legal Entity Structure refer to Global<br />
Procedural Standards Section [5.7] Corporates and<br />
Partnerships - Identification and Verification (ID&V)<br />
(ID&V – Requirements for the <strong>Customer</strong>).<br />
o<br />
o<br />
o<br />
Country of Incorporation<br />
Registered Address<br />
Details of Listing and/or<br />
regulation (required for<br />
Acceptably Publicly<br />
Listed or Equivalently<br />
Regulated FI)<br />
*Note: The greater value of the total assets or annual income should be used to determine ID&V thresholds.<br />
**Note: Whether an entity is Acceptably Publicly Listed or Equivalently Regulated FI should be verified for<br />
ID&V purposes.<br />
4.7.26 Additionally, as part of the transaction monitoring process, transactions to/from the Trust should be<br />
monitored within the local thresholds.<br />
4.7.27 Where the Beneficiary is a minor, one parent/guardian should be ID&V’d. In addition, one of the<br />
following should be obtained to ID&V the child:<br />
<br />
<br />
<br />
Birth certificate;<br />
Passport; or<br />
Other formal document from a Governmental Body.<br />
4.7.28 Additionally, where a POA is acting on behalf of and makes decisions for a Beneficiary, the POA<br />
should be ID&V’d as per requirements for Beneficiaries.<br />
4.7.29 Where the purpose of the Trust is to make payments or guarantee a loan/credit on behalf of the<br />
Beneficiary and the Beneficiary cannot be easily identified, refer to Country FCC.<br />
4.7.30 As part of the Periodic/ Trigger Event review process, any Beneficiaries who were previously<br />
unnamed and/ or newly added Beneficiaries should be ID&V’d per requirements stated in Figure<br />
4.10 based on Trust type.<br />
INTERNAL<br />
Page | 66
4.7.31 The <strong>Customer</strong> Terms and Conditions will include a requirement that the Trustee will be responsible<br />
for notifying <strong>RBWM</strong> of these Beneficiary types as and when the changes occur.<br />
Other Connected Parties<br />
Other Controllers<br />
4.7.32 Sole Signatories, or persons with sole unlimited signing authority on the account, have autonomous<br />
power to act without additional signatories from other Connected Parties. In cases where a Sole<br />
Signatory exists, the Individual must be assumed to have major control over the Trust and must be<br />
ID&V’d as a Key Controller. The relationship of the Sole Signatory to the Trust must also be<br />
understood.<br />
4.7.33 The above text highlights typical scenarios where additional Controllers of the Trust may be<br />
identified. Where an additional party with control over the Trust is identified, the party should be<br />
documented in the <strong>CDD</strong> profile, ID&V’d as a Key Controller and escalated to Country FCC, where<br />
applicable.<br />
Nominee Companies<br />
4.7.34 A Trust may hold assets through a Nominee Company. Where a Nominee Company is identified<br />
as a Connected Party, the documentation below should be obtained and the company should be<br />
screened.<br />
<br />
<br />
<br />
The ownership structure chart which covers the relationship between the Trust and the<br />
connected Nominee Company. The ownership structure chart may be obtained directly<br />
from the <strong>Customer</strong> or created based on documentation provided by the <strong>Customer</strong> (e.g.<br />
annual reports);<br />
Certification of Incorporation; and<br />
Nominee Agreement.<br />
INTERNAL<br />
Page | 67
Know Your <strong>Customer</strong> (KYC)<br />
4.8 <strong>Customer</strong> Screening- Parties to be Screened<br />
4.8.1 Parties to be screened vary depending on ‘<strong>Customer</strong> type’. The following table sets out the parties<br />
and information to be screened where identified in relation to all Trust types (all FCRRs).<br />
Fig. 4.11: Screening requirements<br />
Party<br />
Official and<br />
Other<br />
Screening Lists<br />
Negative<br />
NewsScreening<br />
Information Screened<br />
<strong>Customer</strong><br />
Trust Yes Yes Full Name<br />
Connected Parties<br />
Trustee/ Protector<br />
(Definition in Section 4.3)<br />
Settlor<br />
(Definition in Section 4.3)<br />
Beneficiary<br />
(Definition in Section 4.3)<br />
Other Key Controllers, not<br />
identified as Trustee<br />
(Definition in Section 4.3)<br />
Yes Yes Full names of the Individuals or entity<br />
identified in ID&V.<br />
Yes Yes Full Names of the Individuals or entity<br />
identified in ID&V.<br />
Yes Yes Full Names of the Individuals or entity<br />
identified including the Ultimate Beneficiaries<br />
and Intermediate Beneficiaries identified<br />
during ID&V.<br />
Yes Yes Full names of the Individuals or entity<br />
identified in ID&V.<br />
Other Related Parties<br />
Other Related Parties Yes Yes Where identified, the full names of these<br />
parties must be screened.<br />
4.8.2 If it is known that a <strong>Customer</strong> and/or other Connected Parties have changed their name in the past,<br />
Screening against Official and Other lists should include both the new name as well as the previous<br />
name(s). If the <strong>Customer</strong>’s and/or Connected Party’s name has changed within five years, both the<br />
new and previous name should also be subject to Negative News Screening.<br />
Negative NewsScreening<br />
4.8.3 Negative NewsScreening helps to identify adverse News about our <strong>Customer</strong>s in order to take<br />
necessary steps to protect HSBC’s reputation.<br />
4.8.4 Negative NewsScreening should be performed for all Trusts across all FCRRs.<br />
INTERNAL<br />
Page | 68
4.9 Understanding Nature of Business and Source(s) of Wealth<br />
Nature of Business<br />
4.9.1 It is critical to understand the type of Trust, activities and purpose of the Trust in order to assess<br />
the Financial Crime Risk implied.<br />
4.9.2 Where the purpose or intent of a Trust is unclear or lacks an economic or financial purpose, the<br />
<strong>Customer</strong> should be escalated to Country FCC.<br />
4.9.3 Information gathered will be driven primarily by the questions included within the <strong>CDD</strong> templates<br />
which are tailored to each risk category, <strong>Customer</strong> type, and the level of Public Accountability of<br />
the related parties.<br />
4.9.4 Below is the key Nature of Business information to be obtained for a Trust (all FCRRs):<br />
Fig. 4.12: Nature of Business information<br />
<strong>Customer</strong> Nature and purpose of the Trust<br />
<br />
<br />
<br />
<br />
<br />
Reasons for the use of the Trust structure<br />
Key Financial data relating to the Trust e.g. total annual revenue (USD equivalent) and<br />
total assets held<br />
Understand the nature, location and structure of asset holding<br />
Understand which party introduced the Trust to the Bank<br />
Where the Settlor is a Beneficial Owner of a business, understand the nature of the<br />
underlying business (see Global Procedural Standards Section [6.3.2-6.3.10]<br />
Corporates and Partnerships – Know Your <strong>Customer</strong> (KYC) (Nature of Business))<br />
Trustee Principal Business and appropriate industry classification code (if a business)<br />
<br />
<br />
Provisions relating to changing Trustee either upon resignation or the requirements of<br />
the Settlor or Beneficiary or other agent (e.g. Protector) are also important since this will<br />
reveal a potential source of influence on the Trustee by other Connected Parties.<br />
Identify if there have been recent changes to the Trustee in the past 5 years, including<br />
the rationale for the change<br />
Understanding the Source(s) of Wealth<br />
4.9.5 Source of Wealth (SoW) relates to the business activity or situation that generated the <strong>Customer</strong>’s<br />
accumulated capital.<br />
4.9.6 Two aspects must be considered:<br />
a) The origin of the initial Source(s) of Wealth – the business activity or situation that<br />
generated their accumulated capital, not just the portion that is invested with the bank for<br />
the initial deposit/account opening; and<br />
b) The origin of ongoing Source(s) of Wealth – the ongoing business activities or situation<br />
that will generate the funds that will be deposited into the account.<br />
Source of Wealth for Trusts<br />
4.9.7 In the context of a Trust, the initial SoW will be the SoW of the Settlor.<br />
4.9.8 The ongoing SoW will be dependent on the nature of assets, and if the Settlor continues to transfer<br />
assets to the Trust.<br />
Source of Wealth of the Settlor<br />
4.9.9 Sufficient SoW information (as per the table below) should be collected to enable <strong>RBWM</strong> to form a<br />
reasonable conclusion that the Settlor has earned or otherwise acquired their accumulated capital<br />
INTERNAL<br />
Page | 69
legally. This will involve obtaining supporting documentation from the Settlor (or Trustee on behalf<br />
of the Settlor) to validate the Source of Wealth information.<br />
Fig. 4.13: SoW Information<br />
Private Holding<br />
Trust<br />
<br />
<br />
<br />
<br />
SoW of Settlor, or<br />
Where Settlor is a PIC/PIV, “look through” to the True Settlor; and<br />
Primary country of SoW of Settlor.<br />
Refer to Section [2.5] Individuals – Know Your <strong>Customer</strong> (KYC) (Source of<br />
Wealth)<br />
Understanding the Source(s) of Funds<br />
4.9.10 Refer to Section [2.4] Individuals – Know Your <strong>Customer</strong> (KYC) (Source of Funds).<br />
4.10 Understanding the Intended Purpose and Usage of Account<br />
4.10.1 Refer to Global Procedural Standards Section [6.5] – Know Your <strong>Customer</strong> (KYC) (Understanding<br />
the Intended Purpose and Usage of Account).<br />
4.11 Visitation<br />
Principles of Visitation<br />
4.11.1 No specific additional requirements for Trusts (see Global Procedural Standards Corporates and<br />
Partnerships Section [6.7] – Know Your <strong>Customer</strong> (KYC) (Visitation Requirements)).<br />
Types of Visitation<br />
4.11.2 No specific additional requirements for Trusts (see Global Procedural Standards Corporates and<br />
Partnerships Section [6.7] – Know Your <strong>Customer</strong> (KYC) (Visitation Requirements)).<br />
Purpose of an AML Visitation for <strong>CDD</strong><br />
4.11.3 No specific additional requirements for Trusts (see Global Procedural Standards Corporates and<br />
Partnerships Section [6.7] – Know Your <strong>Customer</strong> (KYC) (Visitation Requirements)).<br />
Situations where a <strong>Customer</strong> Visit is Required<br />
4.11.4 The party to be visited will depend upon the nature of the Trust and the true Controlling Party of<br />
the Trust. As such, it is essential to identify the party(ies) that exercise or influence the activities<br />
of the Trust (e.g. Trustee or Settlor who retains control) in order to complete visitation<br />
requirements.<br />
INTERNAL<br />
Page | 70
4.11.5 The parties to be visited at onboarding and on an ongoing basis are:<br />
Fig. 4.14: Visitation requirements<br />
Trust Type<br />
Party to be Visited At Onboarding and<br />
Period Review<br />
Comments<br />
Private Holding<br />
Trust<br />
Where a Settlor is High Net<br />
Worth 31 , visitation or contact is<br />
required in accordance with the<br />
requirements set out in Section<br />
[2.8] – Know Your <strong>Customer</strong><br />
(<strong>Customer</strong> Contact and Visitation<br />
Requirements)<br />
See note 1, 2 & 3<br />
a) Where required, frequency of visitation<br />
should be in line with the Periodic Review<br />
cycle.<br />
b) For all Trusts further visits may be required<br />
as advised by Country FCC, typically in<br />
instances where there are Financial Crime<br />
indicators regarding Source of Wealth and<br />
Source of Funds<br />
Notes:<br />
1. Where the Settlor is an existing <strong>Customer</strong>, visitation should be performed on the Settlor (Individual or business<br />
see Global Procedural Standards Corporates and Partnerships Section [6.7] – Know Your <strong>Customer</strong> (KYC)<br />
(Visitation Requirements) when visiting a business).<br />
2. Where the Settlor is not an existing <strong>Customer</strong>, Controlling Party or Party which appears to have influence over<br />
the Trust should be visited. Where multiple Trustees/Controllers are identified, those Trustees that hold control<br />
over the Trust should be visited, taking a Risk Based Approach.<br />
3. While visitation should be completed in line with Periodic Review cycle, it is possible to draw on a previous<br />
Visitation <strong>Customer</strong> Assessment if it current (i.e. it was completed within a period of up to 1 year), provided<br />
that there are no material changes to the <strong>Customer</strong>’s circumstances in the intervening period. For example,<br />
a Trust with a FCRR of Medium has a periodic review and associated visitation every two years. If the last<br />
Visitation <strong>Customer</strong> Assessment was completed 9 months ago and no material changes to the <strong>Customer</strong>’s<br />
circumstances occurred, no additional visitation is required for the periodic review.<br />
4. In practical terms, where <strong>RBWM</strong> banks multiple Trusts administered by a Trustee, the Trustee visit should<br />
be visited annually.<br />
4.11.6 Visitation of the Connected Parties may be performed by a local office, where the party is located<br />
in a jurisdiction other than where the account is opened (e.g. if the Settlor is located in UK, but the<br />
Trust is banked in Bermuda, visitation of the Settlor may take place by a staff member in the UK),<br />
following cross-border marketing guidelines.<br />
Completion of an AML Visitation for <strong>CDD</strong> Purposes<br />
4.11.7 No specific additional requirements for Trusts (see Global Procedural Standards Corporates and<br />
Partnerships Section [6.7] – Know Your <strong>Customer</strong> (KYC) (Visitation Requirements)).<br />
31<br />
See Section [1] – Individuals Identification and Verification (ID&V) for the definition of a High Net Worth Individual.<br />
INTERNAL<br />
Page | 71
4.12 Enhanced Due Diligence (EDD)<br />
4.12.1 No specific additional requirements for Trusts (see Global Procedural Standards Corporates and<br />
Partnerships <strong>Customer</strong> Chapter 7 – Enhanced Due Diligence (EDD)). Note: where EDD is<br />
performed on the Trust, the Settlor should be treated equivalently to an Ultimate Beneficial Owner,<br />
which may result in the need to obtain certain additional information about the Settlor (e.g. SOW<br />
for a Settlor).<br />
HSBC as a Trustee<br />
4.13 Introduction<br />
4.13.1 Where HSBC is acting as a Trustee, HSBC’s fiduciary responsibilities are increased as compared<br />
to those within the banking relationship.<br />
4.13.2 When acting as a Trustee, the aligned procedures should be followed by the HSBC Trustee as<br />
minimum standard guidelines, however, where the local regulatory requirements are higher, HSBC<br />
Trustees should follow local requirements. Where a local jurisdiction wishes to fall below stated<br />
requirements due to lower regulatory requirements, a dispensation should be obtained from<br />
Country FCC.<br />
4.13.3 The below section outlines the requirements where HSBC is the Trustee. These standards should<br />
be followed in addition to Trustee specific procedures established by the lines of business.<br />
4.13.4 These procedures are limited to situations where an HSBC entity acts as Trustee for a Trust whose<br />
structure is based on the intention of the Settlor to transfer assets to the control of a Trustee and<br />
for the benefit of a Beneficiary(ies) (e.g. party other than the Settlor).<br />
4.13.5 These procedures do not cover instances where an HSBC unit acts as a Trustee to Fund<br />
Managers/Funds 32 .<br />
4.14 IDV&V of Connected Parties<br />
Settlors, Donors, and Grantors<br />
4.14.1 One of the following parties may request HSBC to undertake the role of the Trustee:<br />
a) Settlor – at the establishment of the Trust; or<br />
b) Protector.<br />
4.14.2 As the Trustee, HSBC must ID&V all Settlors, Donors, and Grantors, irrespective of the contribution<br />
amount, as per fiduciary obligations of the Trustee.<br />
4.14.3 Where the Settlor is deceased, HSBC should ID&V the party acting on behalf of the Settlor and<br />
understand the relationship between the party, the Settlor, and other Connected Parties.<br />
Beneficiaries<br />
4.14.4 As the Trustee, HSBC must ID&V all Beneficiaries, irrespective of their entitlement, as per fiduciary<br />
obligations of the Trustee.<br />
32<br />
In the case of a fund, the Individual or entity placing assets with a fund has every expectation of assets (and profit) being returned.<br />
INTERNAL<br />
Page | 72
4.15 Source of Wealth of the Settlor<br />
4.15.1 In addition to the information that should be obtained related to SoW of the Settlor, where HSBC<br />
acts as a Trustee, all countries of SoW of the Settlors, Donors, and Grantors should be identified<br />
as per fiduciary obligations of the Trustee.<br />
4.16 Visitation<br />
4.16.1 For all Trust types, visitation to other controlling or influencing parties will reflect the fiduciary<br />
obligations of the Trustee and the type of Trust being managed. Country procedures will establish<br />
requirements. The guiding principal is that a controlling or influencing party will be visited for all<br />
Trust types.<br />
INTERNAL<br />
Page | 73
5. RBB Sole Traders<br />
Key Objective<br />
How will the Objective<br />
be achieved?<br />
Scope of Section<br />
Related Sections<br />
Guidance sources<br />
To identify, assess and mitigate the risks associated with RBB Sole Traders in order to<br />
safeguard HSBC against Financial Crime risks<br />
Setting out specific <strong>Customer</strong> type due diligence to address their specific risk attributes<br />
outside of the scope of the standard ID&V, KYC and general EDD.<br />
This Section describes the Procedures applicable to RBB Sole Traders with respect to<br />
the following:<br />
5.1 Introduction<br />
5.2 Definition of <strong>Customer</strong> Type<br />
5.3 Key Connected parties associated with this <strong>Customer</strong> Type<br />
5.4 Risk associated with this <strong>Customer</strong> Type<br />
5.5 <strong>Customer</strong> Type Risk Classification<br />
5.6 Identification and Verification (ID&V) - <strong>Customer</strong><br />
5.7 Identification and Verification (ID&V) – Connected Party<br />
5.8 Know Your <strong>Customer</strong> (KYC)<br />
5.9 Enhanced Due Diligence (EDD)<br />
Global Corporates and Partnerships Procedural Standards<br />
<strong>RBWM</strong> Individuals<br />
Global AML Policy: <strong>CDD</strong> Standards - Sole Traders<br />
INTERNAL<br />
Page | 74
5.1. Introduction<br />
5.1.1. This chapter outlines the due diligence procedures associated with <strong>RBWM</strong> Retail Business Banking<br />
(RBB) Sole Traders.<br />
5.1.2. RBB Sole Traders are those <strong>Customer</strong>s which will be managed by <strong>RBWM</strong> as opposed to CMB,<br />
due to these simple business banking clients being more aligned to <strong>RBWM</strong> service principles than<br />
CMBs. They will have simple, domestic product and lending needs.<br />
5.1.3. Consideration must be given to the ‘legal form’ of the <strong>Customer</strong>. A RBB Sole Trader is an<br />
unincorporated entity type for which there is no legal distinction between the owner and the<br />
business, resulting in a number of differing due diligence requirements from other customer types.<br />
5.1.4. RBB Sole Trader specific due diligence requirements are to be considered in addition to the scope<br />
of the standard ID&V, KYC and general EDD requirements outlined in the CMB Corporates and<br />
Partnerships and <strong>RBWM</strong> Individuals <strong>LoBP</strong>s.<br />
5.1.5. Where there are no RBB Sole Trader specific requirements, cross references to relevant sections<br />
of other <strong>Customer</strong> type chapters are included throughout these procedures.<br />
5.2. Definition of <strong>Customer</strong> Type<br />
5.2.1. The definition of a ‘RBB Sole Trader’ below outlines the key characteristics of this customer type.<br />
Fig. 5.1: RBB Sole Trader: Definition<br />
<strong>Customer</strong> Type<br />
RBB Sole Trader<br />
Definition<br />
A RBB Sole Trader, also known as a sole proprietorship or a proprietorship, is a type of<br />
business entity that is always owned and generally run by one individual and in which there<br />
is no legal distinction between the owner and the business (i.e. it is not incorporated).<br />
The owner receives all profits and has unlimited responsibility for all losses and debts. All<br />
assets of the business are owned by the RBB Sole Trader. A RBB Sole Trader may use a<br />
“Trading As” name or business name other than his or her legal name.<br />
RBB Sole Traders are typically small businesses where the costs of incorporation (including<br />
minimum capital) and/or of maintaining a company are considered by the RBB Sole Trader<br />
to outweigh the benefits of limited liability. Operating as a RBB Sole Trader may also<br />
provide tax benefits to an individual over operating through an incorporated entity in certain<br />
jurisdictions.<br />
The business activity of the RBB Sole Trader must meet all of the following criteria:<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<strong>Customer</strong>s’ needs served through branches, contact centres or online platforms<br />
Operations must be domestic only i.e. do not require multi-jurisdictional relationship<br />
management<br />
Credit needs that can be fulfilled through scored lending only<br />
Have a small and simple organisational structure<br />
No more than one Key Controller<br />
Products must be simple with no international requirements<br />
Must be resident in the same country as the HSBC Booking Centre<br />
Where any of the above criteria are not met at onboarding, or there is uncertainty regarding<br />
whether <strong>RBWM</strong> should manage the customer relationship, the <strong>CDD</strong> Risk Acceptance<br />
procedure should be followed.<br />
In addition, if following onboarding any of the above criteria change, the Country Head of<br />
RBB and FCC will need to approve the relationship continuing to be managed by <strong>RBWM</strong><br />
INTERNAL<br />
Page | 75
5.3. Key ‘Connected Parties’ associated with this <strong>Customer</strong> Type<br />
5.3.1. The definition of ‘<strong>Customer</strong>’, ‘Connected parties’ and ‘other related parties’ is defined in the<br />
Glossary.<br />
5.3.2. The following table establishes definitions of the key connected parties requiring <strong>CDD</strong> for RBB Sole<br />
Traders:<br />
Fig. 5.2: Key Connected Parties for whom <strong>CDD</strong> is Required<br />
Key Controller<br />
Authorised<br />
Signatories<br />
A Key Controller is someone who is elected or appointed to exercise more direct control over<br />
the <strong>Customer</strong> entity. Authorised Signatories with Sole Authority over the <strong>Customer</strong>’s account<br />
are considered to be Key Controllers.<br />
An Authorised Signatory is a <strong>Customer</strong> staff member who receives delegated authority to the<br />
<strong>Customer</strong>’s products and services with HSBC.<br />
Where Authorised Signatories are not recorded in product level due diligence, they may be<br />
recorded in the <strong>CDD</strong> Profile.<br />
5.4. Risks associated with this <strong>Customer</strong> Type<br />
5.4.1. There are a number of risks inherent in dealing with RBB Sole Traders. These include, but are not<br />
limited to:<br />
Fig. 5.3: Examples for inherent risks<br />
Ownership and<br />
Control<br />
Activity of the<br />
Business<br />
Operational<br />
Environment<br />
Intermingling of<br />
Business and<br />
Personal Funds<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
A RBB Sole Trader is normally a small business with a very straightforward control<br />
structure. Its ownership is always evident as the individual RBB Sole Trader. Risk<br />
increases considerably where the RBB Sole Trader is large, or has international reach<br />
e.g. a web designer or consultant with overseas clients.<br />
The entity may engage in high risk activity(ies) or it may be unclear which activity(s) it<br />
undertakes. Certain business types have been classed in the FCC-RAM as high risk due<br />
to the increased risk of financial crime.<br />
A key risk is that many RBB Sole Traders have limited reporting requirements and there<br />
may be limited publicly available information on the activity of the business. Since RBB<br />
Sole Traders are taxed personally on the profits arising from their activities, they may be<br />
motivated to use cash for purchases and accept cash from <strong>Customer</strong>s to evade taxes on<br />
sales and/or profits and maintain a portion of their trading outside of their bank account(s).<br />
Sole proprietors in general represent a higher risk for tax evasion as these types of<br />
entities are not required to apply the same stringent corporate obligations or rules as a<br />
legal entity otherwise would.<br />
The country of establishment is a key consideration, notably in regards to RBB Sole<br />
Traders which are based in a high risk jurisdiction which has been associated with<br />
financial crime.<br />
The RBB Sole Trader may do business in a high risk jurisdiction(s) and/ or across borders,<br />
increasing the risk of financial crime.<br />
A RBB Sole Trader may intermingle business and personal funds. In some jurisdictions<br />
local Regulation may not enable HSBC to require separation of business and personal<br />
activity. This may reduce the effectiveness of transaction monitoring (TM). (Refer to<br />
Chapter 2 Appendix 4 for guidance on personal accounts being used for business<br />
purposes.<br />
Use of Product The products which the <strong>Customer</strong> utilises may increase the risk associated with the<br />
<strong>Customer</strong>. For example, products involving value movement across borders (e.g.<br />
international wire transfers) pose a higher risk of financial crime.<br />
INTERNAL<br />
Page | 76
5.5. <strong>Customer</strong> Type Risk Classification<br />
5.5.1. RBB Sole Traders are risk rated according to the key risk factors identified in the FCC-RAM.<br />
5.5.2. Where the <strong>Customer</strong>, or one of their Connected Parties, is a PEP, or meets other SCC classification<br />
criteria, the <strong>Customer</strong> must be risk rated SCC. (Reference Process Chapter 10 Restricted and<br />
Prohibited <strong>Customer</strong>s, Special Categories of <strong>Customer</strong>s (SCCs) and Prohibited Products).<br />
5.5.3. Where a <strong>Customer</strong> is considered to be High Risk/SCC, Enhanced Due Diligence (EDD) will be<br />
performed. The procedures for HNWI, High Risk <strong>Customer</strong>s/SCC are included within the KYC<br />
chapter for Individuals.<br />
5.5.4. Where there are concerns regarding the nature and purpose of the RBB Sole Trader, the <strong>Customer</strong><br />
should be escalated to Country FCC to determine what action should be taken, including the<br />
requirement to conduct Enhanced Due Diligence (EDD) and the determination of the appropriate<br />
Financial Crime Risk Rating (FCRR).<br />
INTERNAL<br />
Page | 77
5.6. Identification and Verification (ID&V)<br />
ID&V – Requirements for the RBB Sole Trader <strong>Customer</strong><br />
5.6.1. The following tables outline the applicable requirements for the ID&V of RBB Sole Traders:<br />
Fig. 5.4: ID&V requirements<br />
Identification Requirements – RBB Sole Traders (All FCRRs)<br />
a) Full name of RBB Sole Trader<br />
b) “Trading As” name (if applicable)<br />
c) Date of Birth<br />
d) Residential Address 33<br />
e) Country of Tax Residence 34<br />
f) Date moved to Residential Address<br />
g) At a minimum, the City/Town/Region/Province and Country of the RBB Sole Traders previous addresses for the<br />
past three years. 35<br />
h) Correspondence Address (if different from residential address above)<br />
i) Nationality, where legally permissible/ Citizenship 36 (including all nationalities/ citizenships held)<br />
j) Country of Birth<br />
k) Government issued ID number 37<br />
l) Principal business address (if different to residential address)<br />
m) Date of Formation of business<br />
Note: In countries where it is not usual to use street addresses, it is acceptable to record the addresses according to<br />
standard local practice such as PO Box Number and physical location(s) of the business / residence.<br />
Verification Requirements – RBB Sole Traders (all FCRRs)<br />
Information to be verified:<br />
a) Full name of RBB Sole Trader<br />
b) Date of Birth 38<br />
c) Residential Address<br />
Verification Sources (all FCRRs):<br />
Refer to Figure 1.11 of the Individuals ID&V Chapter for more information on verification source requirements.<br />
Where the <strong>Customer</strong> is onboarded through an indirect delivery channel, i.e. non-face-to-face onboarding, (see Section<br />
1.8.14 for definition Individuals ID&V requirements).<br />
33<br />
Residential address is defined as the main address at which a <strong>Customer</strong> lives, i.e. the address at which they spend the majority of their time.<br />
34<br />
It should be noted that Local or Global regulatory requirements may require verification of Tax Residence. Where this is the case, such<br />
regulations should be followed.<br />
35<br />
Only required where the <strong>Customer</strong> has resided in a Country that is not the same as the HSBC Booking Centre within the last three years.<br />
36<br />
Nationality and Citizenship are used interchangeably in many jurisdictions. Local regulatory requirements may require verification of<br />
nationality/ citizenship; where this is the case and legally permissible, local regulation must be followed.<br />
37<br />
To be obtained, unless the Country does not issue a government identification number.<br />
38<br />
Unless the <strong>Customer</strong> is being electronically verified, or the primary document used for documentary verification does not contain the date of<br />
birth, subject to FCC approval.<br />
INTERNAL<br />
Page | 78
5.6.2. Further information on ID&V requirements and approved documentary and electronic sources of<br />
verification is detailed in Individuals Section 1.8. See ID&V Matrix for further information on<br />
acceptable sources of verification<br />
ID&V – Requirements for Connected Parties<br />
5.6.3. In the case of RBB Sole Traders Connected Parties are limited to Key Controller i.e. an individual<br />
with sole responsibility over the <strong>Customer</strong>’s account and Authorised Signatories (see definition Fig.<br />
5.2).<br />
5.6.4. HSBC must ensure that it understands the level of authority, control or powers of the Connected<br />
Party with respect to the Individual <strong>Customer</strong> and to the HSBC account (see Individuals ID&V<br />
section 1.9 for understanding the relationship between the <strong>Customer</strong> and the Connected Party)<br />
5.6.5. If there is no apparent or legitimate explanation for the use of the Connected Party (e.g., it is evident<br />
that use of nominee is to conceal identity of the account holder), this should be escalated to Country<br />
FCC for further review.<br />
5.6.6. There are additional high risk indicators applicable for RBB Sole Traders, which would require<br />
escalation to Country FCC which include:<br />
<br />
<br />
Authorised Signatories with unlimited sole signing authority, who are not the RBB Sole Trader<br />
themselves (or their spouse or (non-business) partner); or<br />
More than one Key Controller who are non-immediate family members, in addition to the RBB Sole<br />
Traders themselves. Refer to Glossary for definition of immediate family members.<br />
5.7. Know Your <strong>Customer</strong> (KYC)<br />
5.7.1. The following additional KYC requirements should be followed for:<br />
<strong>Customer</strong> Screening<br />
5.7.2. The following table sets out the parties and information to be screened<br />
Fig. 5.5: Screening requirements<br />
Party FCCRR Official and other<br />
screening lists<br />
Negative news<br />
<strong>Customer</strong> High Risk/SCC Yes Yes<br />
Medium Yes No<br />
Low Yes No<br />
Connected Party N/A Yes Same as <strong>Customer</strong><br />
Negative NewsScreening<br />
5.7.3. For further details on Screening refer to the Screening chapter (Process Chapter 3) within the<br />
<strong>RBWM</strong> Common Processes <strong>LoBP</strong> and the Individuals KYC Chapter.<br />
Understanding Nature of Business<br />
5.7.4. The nature of business of a Sole Trader will be similar to that of a Commercial Operating Business,<br />
however, typically less complex, with smaller turnover and lower value transactions. For nature of<br />
business requirements, see the table below:<br />
INTERNAL<br />
Page | 79
Fig 5.6 Nature of Business Information Requirements for all <strong>Customer</strong>s<br />
Business Type:<br />
<br />
<br />
<br />
Industries or business types in which the <strong>Customer</strong> participates<br />
Types of <strong>Customer</strong> with whom the <strong>Customer</strong> does business (e.g. business to consumer, business to<br />
business, business to Government/ public sector)<br />
Geographic location of key <strong>Customer</strong>s<br />
Countries of Business Focus:<br />
<br />
<br />
Countries the customer does business, trades with, offers services to<br />
Additional information must be obtained with regard to <strong>Customer</strong>s with any exposure to Sensitive<br />
Sanctioned Countries or TI CPI
Fig. 5.7: SoW: ID&V requirements for the Commercial Activity and the Individual<br />
<strong>Customer</strong><br />
Source of Wealth of the Commercial<br />
Activity (Ongoing SoW)<br />
Source of Wealth of the Individual<br />
Established Commercial Activity (2 Years +)<br />
High Risk/SCC Identify and Validate Identify and Validate<br />
Medium Risk Not Required Not Required<br />
Low Risk Not Required Not Required<br />
Established Commercial Activity (< 2 Years)<br />
High Risk/SCC Identify and Validate Identify and Validate<br />
Medium Risk Not Required Identify and Validate<br />
(Where capital to be invested in the<br />
business exceeds $150K)<br />
Low Risk Not Required Identify and Validate<br />
Start-up Commercial Activity<br />
(Where capital to be invested in the<br />
business exceeds $150K)<br />
High Risk/SCC N/A Identify and Validate<br />
Medium Risk N/A Identify and Validate<br />
(Where capital to be invested in the<br />
business exceeds $150K)<br />
Low Risk N/A Identify and Validate<br />
(Where capital to be invested in the<br />
business exceeds $150K)<br />
5.7.8. For RBB Sole Traders with established commercial activity, the Source(s) of Wealth will be evident<br />
from the nature of the <strong>Customer</strong>’s business/ operations. Where further validation is required, the<br />
<strong>Customer</strong> should be requested to provide their Bank Statements for the previous three months to<br />
enable validation of business activities. New start-up RBB Sole Traders will not possess prior<br />
trading records or historical financial statements that established businesses may be able to<br />
provide. Source of Wealth information will therefore focus on the origin of the capital being invested<br />
into the business to finance operations, most typically from the RBB Sole Trader as a Natural<br />
Person.<br />
5.7.9. The Individuals Source of Wealth guidance and ID&V Matrix sets out, in detail, the information and<br />
additional documentation sources to be obtained to validate Source of Wealth for all <strong>Customer</strong>s.<br />
Understanding Source(s) of Funds<br />
5.7.10. Refer to section 2.4 of the Individuals KYC <strong>LoBP</strong> for the Source of Funds procedures. Where local<br />
jurisdiction legislation does not allow HSBC to require separation of business and personal funds,<br />
the threshold to be applied for Source of Funds validation must be the lower of the threshold for<br />
commercial activity and any applicable thresholds for individual activity.<br />
5.7.11. When cash is the Source of Funds for the account opening, Source of Funds identification and<br />
validation must be performed in line with <strong>RBWM</strong> FIM B1.1.2.8 AML Cash Services<br />
INTERNAL<br />
Page | 81
Understanding the intended Purpose and Usage of Account<br />
5.7.12. In addition to the requirements outlined in Section 2.6 of <strong>RBWM</strong> Individuals, it is necessary to:<br />
<br />
<br />
Determine whether the account will be used for personal activity, commercial activity, or both (only<br />
permitted where local regulations prevent forced account segregation based on usage);<br />
Gather information on Connected Parties so that the Bank has an understanding of the relationship to<br />
the Party, e.g. spouse or relative.<br />
5.7.13. At onboarding if a Sole Trader <strong>Customer</strong> confirms that they intend to utilise their business account<br />
for both personal and commercial transactions, they must be made aware that they will need to<br />
open separate accounts to meet these needs. It is expected that this will be established whilst<br />
having discussions with the customer about the intended use of the account and expected<br />
transactional value and volume.<br />
5.7.14. Onboarding may continue in-line with the <strong>CDD</strong> requirements for Sole Traders detailed in this<br />
chapter for their commercial needs, however the <strong>Customer</strong> will be required to open a <strong>RBWM</strong> retail<br />
personal account to undertake their personal transactions.<br />
5.7.15. Where the customer also applies for an <strong>RBWM</strong> Current Account the <strong>CDD</strong> of the <strong>Customer</strong> must be<br />
completed in line with the requirements detailed within the Chapters 1-3: Individuals of the<br />
<strong>Customer</strong> <strong>LoBP</strong>.<br />
5.7.16. The purpose of opening an account should be in line with the expected account activity, and profile<br />
of the RBB Sole Trader’s business. Active judgment and reflection is required to review the<br />
<strong>Customer</strong>’s purpose of opening the account against the expected account activity and the profile<br />
of the RBB Sole Trader’s business to identify if there are any apparent inconsistencies. Where<br />
these are identified or if there is any doubt the <strong>Customer</strong> should be escalated to Country FCC for<br />
review and approval.<br />
Visitation Requirements<br />
5.7.17. Home-based businesses 39 are exempt from visitation at onboarding or renewal provided that the<br />
Business concludes that it is reasonable for the <strong>Customer</strong>’s business to be home based. The<br />
employee onboarding the <strong>Customer</strong> must document the rationale for such a conclusion in the <strong>CDD</strong><br />
Profile. Factors for consideration may include: number of employees, the industry type, or whether<br />
the business is predominantly cash based.<br />
5.7.18. The Visitation requirements for High Risk and SCC RBB Sole Traders are as per Section 6.15 of<br />
the Retail Business Banking Corporates and Partnerships procedural standards. Visitation for<br />
Medium and Low risk <strong>Customer</strong>s are not required unless requested by FCC based on escalation<br />
of the <strong>Customer</strong> due to financial crime concerns.<br />
5.8 Enhanced Due Diligence (EDD)<br />
5.8.1. For <strong>Customer</strong>s identified as PEPs refer to Global <strong>RBWM</strong> AML Policy <strong>RBWM</strong> Global PEP Policy for<br />
further guidance.<br />
5.8.2. EDD requirements should be conducted as necessary in-line with the <strong>Customer</strong>’s risk rating.<br />
Further information regarding when EDD would be required can be found in the above sections and<br />
the Individuals ID&V and KYC chapters.<br />
5.8.3. Where it is known that the <strong>Customer</strong> is located in, or has an exposure to a Sensitive Sanctioned<br />
Country (SSC), escalate to Country FCC in line with the Sanctions Escalation Matrix.<br />
39<br />
Examples of home based businesses should be defined in-country and included in local procedures.<br />
INTERNAL<br />
Page | 82
6. RBB Corporates and Partnerships IDV & KYC<br />
Key Objective<br />
How will the<br />
Objective be<br />
achieved?<br />
To understand who HSBC’s <strong>Customer</strong>s are and who HSBC is doing business with in<br />
order to safeguard against Financial Crime risks.<br />
This Section outlines the identification and verification procedures on a Risk Based<br />
Approach:<br />
<br />
<br />
Identification – identifying who the <strong>Customer</strong> and Connected Parties are, by<br />
obtaining information on their identity; and<br />
Verification – verifying some or all of the identity information obtained using<br />
reliable and independent documentary and/or electronic source material.<br />
This section also outlines the Know Your <strong>Customer</strong> (KYC) procedures to be<br />
undertaken on a Risk Based Approach, in addition to the ID&V procedures<br />
Scope of Section<br />
Related Sections<br />
This Section outlines the procedures with respect to the following:<br />
IDV<br />
6.1 Introduction<br />
6.2 Definitions of <strong>Customer</strong> Type<br />
6.3 Key ‘Connected’ parties associated with this customer type<br />
6.4 Risks associated with this ‘customer type’<br />
6.5 ‘<strong>Customer</strong> type’ risk classification<br />
6.6 ID&V – Requirements for the ‘<strong>Customer</strong><br />
6.7 ID&V – Requirements for ‘Beneficial Owners’<br />
6.8 ID&V – Requirements for ‘Key Controllers’<br />
6.9 ID&V – Requirements for ‘ Direct Appointees’<br />
KYC<br />
6.10 KYC Introduction<br />
6.11 <strong>Customer</strong> Screening:<br />
6.12 Understanding Nature of Business and Source(s) of Wealth<br />
6.13 Understanding the Source(s) of Funds<br />
6.14 Understanding the Intended Purpose and Usage of Account<br />
6.15 Visitation Requirements<br />
EDD<br />
6.16 EDD Introduction<br />
6.17 Politically Exposed Persons<br />
6.18 Source of Wealth (SoW) for Ultimate Beneficial Owners (UBOs)<br />
6.19 Doing Business in Sensitive Sanctioned Countries<br />
6.20 <strong>Customer</strong>s with Identified Exposure to High Risk Countries<br />
Global AML Policy: <strong>CDD</strong> Standards - Individuals (ID&V)<br />
Global AML Policy: <strong>CDD</strong> Standards - Corporates & Partnerships (KYC)<br />
Global AML Policy: <strong>CDD</strong> Standards - Corporates & Partnerships (EDD)<br />
Guidance sources Joint-Money Laundering Steering Group (JMLSG) Part I: 5.3.122 - 5.3.177, 5.4, 5.5<br />
INTERNAL<br />
Page | 83
6.1 Introduction<br />
6.1.1. This section outlines an introduction to entities as well as outlining the baseline Identification and<br />
Verification requirements.<br />
6.1.2. Identification and Verification (ID&V) of a <strong>Customer</strong>, and their Connected Parties, provides an<br />
understanding of who HSBC is doing business with and is a key step in <strong>Customer</strong> Due Diligence<br />
(<strong>CDD</strong>) to mitigate Financial Crime risk.<br />
6.1.3. ID&V is a two-step process which follows a Risk Based Approach:<br />
a) Identification – identifying who the <strong>Customer</strong> and their Connected Parties are by<br />
gathering information about their identity; and<br />
b) Verification – verifying some or all of the identity information gathered using reliable and<br />
independent documentary and/or electronic sources<br />
6.1.4. High Risk and SCC <strong>Customer</strong>s require additional levels of ID&V than <strong>Customer</strong>s with lower<br />
Financial Crime Risk Ratings (FCRRs) or entities with a greater degree of Public Accountability.<br />
6.1.5. For all risk levels, a complete record of ID&V including documents obtained, together with any<br />
actions taken and approvals obtained must be recorded in the <strong>CDD</strong> Profile.<br />
6.1.6. These ID&V requirements apply to all customer entity types, and any additional requirements or<br />
differences in respect of specific ‘customer types’ e.g. Trusts, PICs, etc. will be detailed in the<br />
relevant customer chapters.<br />
6.2 Definitions of <strong>Customer</strong> ‘Type’<br />
6.2.1. This section covers the following <strong>Customer</strong> types within the Non-Financial Institution Commercial<br />
Enterprises customer type family:<br />
Fig. 6.1: Definitions of <strong>Customer</strong> ‘Type’:<br />
<strong>Customer</strong> Type<br />
Corporates<br />
Partnerships<br />
Definition<br />
An incorporated entity established for commercial trading operating activity with the objective<br />
of generating profits. They commonly have limited liability, and can be owned by shareholders<br />
who can transfer their shares to others, and can be controlled by a board of directors who are<br />
normally elected or appointed by the shareholders<br />
A Partnership / unincorporated business, although principally operated by individuals, or a group<br />
of individuals, are different from private individuals in that there is an underlying business.<br />
6.2.2. Where there is any doubt as to whether the relationship should be managed by <strong>RBWM</strong>, the <strong>CDD</strong><br />
Risk Acceptance procedure should be followed<br />
6.3 Key ‘Connected’ parties associated with this customer type<br />
6.3.1. The definition of ‘<strong>Customer</strong>’, ‘Connected parties’ and ‘Other related parties’ has been defined in the<br />
Glossary.<br />
6.3.2. The following table establishes definitions of the key connected parties requiring <strong>Customer</strong> Due<br />
Diligence (<strong>CDD</strong>) for this particular <strong>Customer</strong> type:<br />
INTERNAL<br />
Page | 84
Fig. 6.2: Definitions of key connected parties<br />
Beneficial<br />
Owner<br />
Director / Partner<br />
A Beneficial Owner is an individual or an entity who owns or exercises control over the <strong>Customer</strong><br />
arising from their shareholding or other ownership interest in the <strong>Customer</strong>; or from control over<br />
the voting rights; or from exercising other control over the composition and/or the voting of the<br />
Board of Directors.<br />
A Beneficial Owner can also be the party on whose behalf a transaction or activity is being<br />
conducted. Note that:<br />
a) Ultimate Beneficial Owner (UBO) – Usually an Individual who ultimately owns a legal entity<br />
and/or the person on whose behalf a transaction is being conducted. The UBO is any natural<br />
person or government body that owns, has the right to vote, or has the power to sell or direct<br />
the sale of a class of the business’ voting securities of an Intermediate Owner.<br />
b) Intermediate Owner (IO) – An Entity or legal arrangement (e.g. structure such as a Trust,<br />
Foundation etc.) identified as existing within the corporate structure that sits between the<br />
<strong>Customer</strong> and the UBO (as defined above) in the ownership chain.<br />
A Director is an appointed member of a <strong>Customer</strong>’s Board and may be either an executive or a<br />
non-executive.<br />
The roles and responsibilities of a Board of Directors will vary according to the type of entity. A<br />
Director may or may not be a Key Controller for the purposes of <strong>CDD</strong>. For entities, certain Directors<br />
and managers will be classified as Key Controllers, due to their ability to exercise significant control<br />
over an entity and to have a substantial influence over the day-to-day management of the business.<br />
A Partner is a person associated with one or more other individuals engaged in a business<br />
enterprise in which the profits and losses are shared proportionally. The legal definition of a<br />
partnership is generally stated as "an association of two or more persons to carry on as coowners<br />
a business for profit'.<br />
Persons can form a partnership by written or oral agreement, and a partnership agreement often<br />
governs the partners' relations to each other and to the partnership.<br />
Key Controller<br />
Direct Appointees<br />
(and others<br />
purporting to act<br />
on behalf of the<br />
<strong>Customer</strong>)<br />
Authorised<br />
Signatories<br />
Employees<br />
A Key Controller is someone who is elected or appointed to exercise more direct control over the<br />
<strong>Customer</strong> entity, by participating in the governance or senior executive activities of the <strong>Customer</strong>.<br />
Key Controllers typically set the strategic direction of the entity.<br />
The title given to a Key Controller varies according to the type of entity, Country of Operation, and<br />
Country of Incorporation/ Registration/ Formation. Most commonly, a Key Controller will include the<br />
Chief Executive Officer (CEO), Chief Financial Officer (CFO), Managing Partner and Chairman of<br />
the Board. Usually, control is exercised jointly with other Directors/senior executive management.<br />
A Direct Appointee is a person authorised under an executed instrument of the <strong>Customer</strong> Entity to<br />
act on its behalf with respect to the banking relationship and also to delegate authority to others to<br />
represent the <strong>Customer</strong> entity in more limited circumstances, e.g. Direct Appointees may appoint<br />
Authorised Signatories. The Company Secretary is generally a Direct Appointee.<br />
Direct Appointees may not themselves be Key Controllers but are typically appointed by Key<br />
Controllers or the Board of Directors. They may or may not themselves be Authorised Signatories.<br />
Direct Appointees may be product specific.<br />
An Authorised Signatory is a <strong>Customer</strong> staff member who receives delegated authority to the<br />
<strong>Customer</strong>’s HSBC products and services. Authorised Signatories with Sole Authority over the<br />
<strong>Customer</strong>’s HSBC account/ Financial affairs are also considered to be Key Controllers due to the<br />
influence they have over the business.<br />
Where Authorised Signatories are not recorded in product level due diligence, they may be<br />
recorded in the <strong>CDD</strong> Profile.<br />
Employees of an entity do not require <strong>CDD</strong> unless they are connected parties, as defined above,<br />
or are Individual HSBC customers in their own right.<br />
INTERNAL<br />
Page | 85
6.4 Risks associated with this ‘customer type’<br />
6.4.1. There are a number of risks inherent with dealing specifically with entities. These include, but are<br />
not limited to:<br />
Fig. 6.3: Risks associated with this ‘customer type’<br />
Ownership and<br />
Control<br />
Activity of the<br />
Business<br />
Operating<br />
Environment<br />
<br />
<br />
<br />
<br />
<br />
The legal persona of the entity is distinct and separate from the individual(s) who own and/ or<br />
control it, and it may be difficult to establish the individual(s) who exercise ultimate control and/<br />
or financed its creation.<br />
Particular attention should be given to complex corporate ownership structures, which may<br />
include Trusts or Foundations, as these can result in opaqueness in identifying the role of<br />
Connected Parties and most notably, the actual controlling party.<br />
Certain legal entities may be owned through bearer shares, whereby ownership is assigned to<br />
whoever has physical possession of the share certificates. Although common and legitimate in<br />
many jurisdictions, the anonymity that they can offer provides the potential to elevate financial<br />
crime risk. Therefore, entities that include bearer shares within the ownership structure are<br />
prohibited by <strong>RBWM</strong>.<br />
The entity may engage in high risk activity(ies) or it may be unclear which activity(s) it<br />
undertakes. Certain business types have been classed in the FCC-RAM as high risk due to the<br />
inherent increased risk of financial crime.<br />
The entity may do business in a high risk jurisdiction(s) and/ or across borders, increasing the<br />
risk of financial crime.<br />
Use of Product The products which the customer utilises may increase risk. For example, products involving<br />
value movement across borders (e.g. international wire transfers) pose a higher risk of financial<br />
crime.<br />
6.4.2. Understanding the nature of business of the entity and the key individuals controlling the entity is<br />
fundamental in mitigating the risk in doing business with these entities.<br />
6.4.3. If the entity has a higher degree of publicly available information and reporting requirements, the<br />
level of inherent risk may be reduced.<br />
6.5 ‘<strong>Customer</strong> type’ risk classification<br />
6.5.1. Entities are risk rated according to the key risk factors identified in the Global FCC-RAM<br />
6.5.2. Where there are concerns regarding the nature and purpose of the Entity, the <strong>Customer</strong> should be<br />
escalated to Local Financial Crime Compliance (FCC) to determine what action should be taken,<br />
including the requirement to conduct Enhanced Due Diligence (EDD) and the determination of the<br />
appropriate Financial Crime Risk Rating (FCRR).<br />
INTERNAL<br />
Page | 86
6.6 ID&V – Requirements for the ‘<strong>Customer</strong>’<br />
6.6.1. The following table sets out the minimum Identification requirements for Corporates and<br />
Partnerships:<br />
Fig. 6.4: Identification requirements for Corporates and Partnerships<br />
Identification Requirements – Corporates and Partnerships (all FCRRs)<br />
a) Legal name<br />
b) “Trading As” name (if applicable)<br />
c) Registered office address in country of incorporation<br />
d) Incorporation/registration details<br />
e) Country of registration / incorporation / establishment<br />
f) Date of incorporation / establishment of the partnership<br />
g) Identification Number of the entity (where applicable) together with the name of the Issuing Authority<br />
h) Name of Regulator (where applicable)<br />
i) Principal place of business address (if different to registered address)<br />
j) Names of all Directors/ Partners of <strong>Customer</strong>s irrespective of whether they retain control over the business or not<br />
Note: In countries where it is not usual to use street addresses, it is acceptable to record the business address of the entity<br />
according to standard local practice such as PO Box Number and physical location(s) of the business.<br />
6.6.2. The following table sets out the Verification requirements for Corporates and Partnerships:<br />
Fig. 6.5: Verification requirements for Corporates and Partnerships<br />
Verification Requirements – Corporates and Partnerships (all FCRRs)<br />
Information to be verified:<br />
a) Full Legal Name<br />
b) Registered address / Business address in the case of Partnerships<br />
c) Evidence of listing with a regulator of the <strong>Customer</strong> and its Parent (where applicable)<br />
Verification Sources (all FCRRs):<br />
Two reliable and independent verification sources are required; one of which must be a Primary Document.<br />
6.6.3. Acceptable verification sources are outlined in the ID&V Matrix.<br />
FATCA Data Requirements<br />
6.6.4. Tax regime requirements (such as Foreign Account Tax Compliance (FATCA 40 )) may result in<br />
additional information being required for certain customers. In order to comply with these<br />
requirements, HSBC is required to leverage substantially from its AML policies and procedures.<br />
Tax regime requirements should therefore be considered in conjunction with these <strong>CDD</strong><br />
procedures in order to achieve a holistic understanding of the customer’s profile.<br />
40<br />
Other Intergovernmental Agreements (IGAs) and the UK Crown Dependencies and Overseas Territories Automatic Exchange of Information Agreement (also<br />
known as “TRE Phase 1” for HSBC purposes) may also be applicable.<br />
Page | 87<br />
INTERNAL
Non-Face-to-Face <strong>Customer</strong> On-boarding<br />
6.6.5. Non-face-to-face customer on-boarding is considered to present an increased risk as customer<br />
identification cannot be performed in person. To address the additional risk, verification of identified<br />
Beneficial Owners is required across all FCRRs (to the thresholds of 10%/25%).<br />
6.6.6. Where documentary sources have been used to verify the identity of non-face-to-face <strong>Customer</strong>s<br />
at on-boarding, further mandatory steps will be required as outlined in Individuals Section 1.8.15.<br />
6.6.7. The following are considered to be face-to-face:<br />
a) HSBC meets with representatives of the business entity to be on-boarded;<br />
b) The <strong>Customer</strong> is introduced through an Affiliate. (see section 9.5.2 for definition of Affiliate.<br />
6.7 ID&V – Requirements for ‘Beneficial Owners’<br />
6.7.1. Beneficial Owners have the potential to exploit the <strong>Customer</strong> entity’s relationship with HSBC to<br />
launder money or commit other Financial Crimes because they exercise control over the <strong>Customer</strong><br />
Entity via their ownership interest or voting power. A Risk Based Approach to ID&V of Ultimate<br />
Beneficial Owners (UBOs) must be taken to establish that they are, in fact, Beneficial Owners and<br />
that these persons/entities do actually exist.<br />
Different Classes of UBO<br />
6.7.2. UBOs are generally defined as natural persons who ultimately own or control the <strong>Customer</strong>. There<br />
is a requirement to look through an entity to a point where natural persons who are direct or indirect<br />
owners of equal to or greater than the required percentage ownership of the <strong>Customer</strong> can be<br />
identified.<br />
6.7.3. In some cases, an entity’s ownership may be so widely dispersed that no single person or family<br />
group of individuals owns equal to or greater than the relevant percentage. This requirement to<br />
identify UBOs to the relevant threshold must be met regardless of entity structure to minimise the<br />
risk posed by complex business structures.<br />
6.7.4. An example of the UBO Percentage Holding calculation is outlined below in figure 6.6:<br />
INTERNAL<br />
Page | 88
Fig. 6.6: UBO Percentage Holding calculation<br />
UBO % holding of<br />
the customer<br />
40%<br />
30%<br />
(60%x50%)<br />
30%<br />
(60%x50%)<br />
Identification of Ownership Structure<br />
6.7.5. It is important to understand the ownership structure as this will assist with determining which<br />
parties have control (i.e. Beneficial Owners), establish their true percentage ownership and<br />
therefore which parties require ID&V.<br />
6.7.6. The requirements to ID&V the ownership structure will depend on the FCRR of the <strong>Customer</strong>.<br />
6.7.7. For all FCRRs, one independent source detailing the ownership structure must be obtained.<br />
Detailed requirements are described in the ID&V Matrix. This includes for example: approved<br />
market information providers; suitably audited reports & accounts; regulatory returns that are<br />
publicly available; Partnership agreements; or a <strong>Customer</strong> Declaration or equivalent. Where a<br />
<strong>Customer</strong> Declaration is being relied upon, this must be obtained from an appropriate Officer in the<br />
<strong>Customer</strong> entity or Group including Company Secretary, Legal, or similar function.<br />
6.7.8. Multiple levels of ownership in a <strong>Customer</strong> entity, notably for smaller <strong>Customer</strong>s, may present a<br />
Complex Ownership Structure that could be used to conceal the origin of funds and the identity of<br />
the UBO. Examples of a complex ownership structure may include the use of either Trusts or<br />
Foundations. Explanation of complexity is important so that risks can be fully understood.<br />
6.7.9. Escalation to FCC should be considered where there are concerns arising from understanding the<br />
rationale for the complexity, and must be initiated in all cases where the structure is considered<br />
complex compared with the size of the business (e.g. 3 layers would be considered complex for a<br />
Corporate <strong>Customer</strong> sitting in Business Banking Mass). For the purpose of clarity, the <strong>Customer</strong><br />
itself is not considered one of the layers to the ownership structure.<br />
ID&V Requirements for Beneficial Owners<br />
6.7.10. The following table sets out the minimum ID&V requirements for Beneficial Owners using a Risk<br />
Based Approach:<br />
INTERNAL<br />
Page | 89
Fig. 6.7: Minimum ID&V requirements for Beneficial Owners<br />
<strong>Customer</strong><br />
FCRR<br />
Identification<br />
Corporates & Partnerships<br />
Verification<br />
High/<br />
SCC<br />
All BOs (including UBOs and IOs) owning 10% or<br />
more<br />
Verify the identity of all UBOs owning 10% or more<br />
Verify ownership structure<br />
Medium<br />
All BOs (including UBOs and IOs) owning 25% or<br />
more<br />
Verify the identity of all UBOs owning 25% or more<br />
Verify ownership structure<br />
Low<br />
All BOs (including UBOs and IOs) owning 25% or<br />
more<br />
No requirement to verify the identity of UBOs 41<br />
Verify ownership structure<br />
All<br />
Full Name<br />
Ownership %/ Voting rights<br />
For Individuals:<br />
Date of Birth<br />
Permanent Residential Address<br />
For Entities as IOs:<br />
Proof of Listing or Regulation status (where<br />
applicable)<br />
Country of Incorporation/ registration/ formation<br />
For UBOs see Section 6.7.1 – 6.7.4<br />
For ownership structure see Section 6.7.5 – 6.7.9<br />
41<br />
Where the <strong>Customer</strong> has been onboarded non-face-to-face, verification of UBOs owning 25% or more is required.<br />
INTERNAL<br />
Page | 90
Verification of UBO Identity<br />
6.7.11. Where directed in the table above, the identified UBOs must be verified by one verification source,<br />
unless otherwise stated in the table below. Verification can be completed using either Documentary<br />
Sources, or where local regulatory requirements allow, Electronic Sources. The information to be<br />
verified depends upon the verification source:<br />
Fig. 6.8: Verification Sources for UBOs<br />
Documentary<br />
Sources<br />
a) Full Name and percentage of ownership/voting rights; and<br />
b) Date of Birth OR Permanent Residential Address.<br />
a) Full Name and percentage ownership; and either<br />
b) Date of Birth and Permanent Residential Address; or<br />
Electronic<br />
Sources<br />
c) Two sources confirming Permanent Residential Address; or<br />
d) By exception, where Permanent Residential Addresses are not commonly used, two<br />
sources confirming Date of Birth or age and country of residence (and nationality, where<br />
legally permissible, if different).<br />
6.7.12. The ID&V Matrix defines acceptable sources and documents to meet the requirements for verifying<br />
the UBOs identity.<br />
6.7.13. In the event that escalation to FCC has occurred due to financial crime concerns, FCC may request<br />
that EDD is undertaken on a UBO. This may include, but is not limited to, verification for UBOs of<br />
Low Risk <strong>Customer</strong>s and/or a Financial Intelligence Unit (FIU) investigation.<br />
Beneficial Ownerships by Family Groups<br />
6.7.14. A Family Group may, collectively, hold more than the stated UBO threshold, and the group may<br />
exercise greater control than indicated by their individual shareholdings, by voting as a Group.<br />
6.7.15. Where it is apparent that the ownership structure of the <strong>Customer</strong> includes family members at<br />
multiple levels, the names of all family members should be identified, along with the family’s total<br />
collective percentage shareholding.<br />
6.7.16. Further ID&V, in accordance with the above table, will be required only for those UBOs within the<br />
family group whose personal holding exceeds the indicated threshold amounts.<br />
Beneficial Ownerships by Public Figures<br />
6.7.17. A UBO may be a well-known public figure, such that the individual can be readily ID&V‘d by specific<br />
public data-sources, e.g. Forbes. In such cases, it is sufficient to ID&V only their name and<br />
percentage ownership. Information obtained from public data-sources is to be retained on the <strong>CDD</strong><br />
Profile.<br />
6.7.18. The ID&V Matrix sets out the extent to which public domain sources may be used to verify the<br />
identity of public figures or when biographies may be used in lieu of Date of Birth information.<br />
Trusts or Foundations as Beneficial Owners<br />
6.7.19. Refer to Chapter 4: Trusts for ID&V requirements if a Trust or Foundation has been identified in the<br />
Ownership Structure as owning more than the stated threshold amounts.<br />
INTERNAL<br />
Page | 91
6.8 ID&V – Requirements for ‘Key Controllers’<br />
6.8.1. Key Controllers will typically be Directors or Partners and, in some circumstances, Authorised Sole<br />
Signatories, any of whom could be in a position to exert influence on financial and/or operational<br />
controls of an entity or legal arrangement. A Key Controller may itself be an entity in which case<br />
we will “look through” the entity to its UBOs and Key Controllers.<br />
6.8.2. Key Controllers have the potential to exploit the <strong>Customer</strong> Entity’s relationship with HSBC to<br />
launder money or commit other Financial Crimes. As a result, Key Controllers must be ID&V’d using<br />
a Risk Based Approach.<br />
6.8.3. Examples of Key Controllers include, but are not limited to the following, where applicable:<br />
Fig. 6.9: Typical Key Controllers<br />
<strong>Customer</strong> Type<br />
Typical Key Controllers<br />
Commercial<br />
Operating<br />
Business<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Directors who exercise direct control over the Company (senior executive activities)<br />
Chairman of the Board of Directors<br />
Deputy Chairman of the Board<br />
Chair of the Supervisory Board<br />
Chair of the Audit Committee<br />
Chair of the Remuneration Committee<br />
Chair of the Shariah Compliance Board<br />
Chair of the Risk Committee<br />
CEO<br />
CFO<br />
Chief Operating Officer (COO)<br />
Managing Partner<br />
Powers of Attorney<br />
Nominees<br />
The person on whose behalf the Nominee entity is working for<br />
Authorised Signatories with Sole Signing Authority<br />
Local Equivalent roles<br />
Obtain the List of Key Controllers<br />
6.8.4. It is necessary to obtain a list of the names of all of the Entity’s Key Controllers using the risk based<br />
approach set out in the Minimum Requirements Table in Figure 6.10.<br />
6.8.5. The ID&V Matrix will prescribe what sources may be used for obtaining the names of Key<br />
Controllers, including but not limited to: audited financial statements, government maintained<br />
registers or partnership agreements.<br />
6.8.6. If reliable and independent approved sources are unavailable, it is acceptable to obtain this<br />
information from the <strong>Customer</strong>, provided that it is certified to be accurate and up-to-date by an<br />
Officer in the <strong>Customer</strong> entity with an independent control function such as Company Secretary,<br />
Legal or other similar function.<br />
6.8.7. The identification of Authorised Signatories is part of product on-boarding and maintenance<br />
requirements, with Authorised Signatory arrangements often varying by Product. Therefore,<br />
INTERNAL<br />
Page | 92
Authorised Signatories with Sole unlimited Signing Authority will be identified at product onboarding<br />
and this will constitute a Trigger Event.<br />
6.8.8. Sole Authorised Signatories should be considered to be a Key Controller and ID&V’d accordingly.<br />
6.8.9. Where the Sole Authorised Signatory is not a Beneficial Owner or Key Controller by position with<br />
the entity, the Business should make reasonable efforts to understand the precise nature of the<br />
relationship of the Sole Authorised Signatory to the <strong>Customer</strong> and document the results of this<br />
enquiry in the <strong>CDD</strong> Profile.<br />
6.8.10. Where the nature of the relationship between the Sole Authorised Signatory and the <strong>Customer</strong><br />
raises concern as to the true nature of the business or its control structure, the <strong>Customer</strong> should<br />
be escalated to Local FCC for review.<br />
6.8.11. For all categories of <strong>Customer</strong>s it is not a requirement to maintain details of other Authorised<br />
Signatories (refer to Figure 6.2 for definition), who do not have sole unlimited signing authority,<br />
within the <strong>CDD</strong> profile. Product areas must maintain Procedures to appropriately ID&V these<br />
Authorised Signatories.<br />
ID&V of Key Controllers<br />
6.8.12. Key Controllers are ID&V’d on a risk based approach. When selecting the Key Controllers for ID&V,<br />
consideration should be given to the persons with the most significant influence within the<br />
<strong>Customer</strong>. 42 For example, where Key Controllers are able to independently act on behalf of the<br />
company, or are also Direct Appointees.<br />
6.8.13. The following table sets out the minimum ID&V requirements for Key Controllers using a Risk Based<br />
Approach<br />
42<br />
Where the Key Controller of the <strong>Customer</strong> is a Legal Entity, it is necessary to look through to the UBO of the Key Controller following percentage<br />
thresholds and ID&V requirements in line with <strong>Customer</strong>’s entity type and risk rating.<br />
INTERNAL<br />
Page | 93
Fig. 6.10: Minimum ID&V requirements for Key Controllers<br />
<strong>Customer</strong><br />
FCRR<br />
Identification<br />
Corporates & Partnerships<br />
Verification<br />
High/ SCC<br />
Obtain list of all Key Controllers<br />
Obtain list of all other Directors<br />
Identify at least two Key Controllers<br />
Verify list of Key Controllers<br />
Verify Identity of at least two Key Controllers<br />
Medium<br />
Low<br />
All<br />
Obtain list of all Key Controllers<br />
Obtain list of all other Directors<br />
Identify at least two Key Controllers<br />
Obtain list of all Key Controllers<br />
Obtain list of all other Directors<br />
Identify at least two Key Controllers<br />
For List of Key Controllers (individuals):<br />
Full Name<br />
Position/ Title<br />
Date of Birth<br />
Requirements for Key Controllers who are Legal<br />
Entities:<br />
Full Name<br />
Country of Incorporation/ registration/ formation<br />
Regulation/ Listing status (where applicable)<br />
Additional for Two Key Controllers:<br />
Permanent Residential Address<br />
Verify list of Key Controllers<br />
Verify Identity of at least two Key Controllers<br />
Verify list of Key Controllers<br />
Verify Identity of at least two Key Controllers<br />
List of Key Controllers<br />
Two Key Controllers<br />
INTERNAL<br />
Page | 94
6.8.14. In some jurisdictions it is permitted for an entity to have only one Director and no Company<br />
Secretary. In such cases, it may not be possible to meet the requirement to ID&V two or more Key<br />
Controllers. Evidence clearly illustrating these jurisdictional variances must be recorded in the <strong>CDD</strong><br />
Profile. Refer to the ID&V matrix for examples of appropriate evidence to capture.<br />
Verification Sources for Key Controller Identity<br />
6.8.15. Where directed above, the identity of Key Controllers must be verified by one verification source,<br />
unless otherwise stated in the table below. Verification can be completed using either documentary<br />
sources or where local regulatory requirements allow, electronic sources to prove the identity of<br />
the Key Controller. The information to be verified depends upon the verification source.<br />
Fig. 6.11: Verification Sources for Key Controllers<br />
Documentary<br />
Sources<br />
Electronic<br />
Sources<br />
a) Full Name; and<br />
b) Date of Birth OR Permanent Residential Address<br />
a) Full Name; and either<br />
b) Date of Birth and Permanent Residential Address; OR<br />
c) Two sources confirming Permanent Residential Address; OR<br />
d) By exception, where Permanent Residential Addresses are not commonly used, two sources<br />
confirming DoB or age and country of residence (and nationality, where legally permissible, if<br />
different)<br />
6.8.16. Individuals Chapter 1: ID&V for definition of Documentary and Electronic Sources.<br />
6.8.17. Detailed requirements are described in the ID&V Matrix and include: approved information<br />
providers (e.g. Forbes for well-known individuals) and Government-issued identification documents<br />
or travel documents.<br />
6.8.18. In the event that the <strong>Customer</strong> is escalated to FCC due to financial crime concerns, FCC may<br />
request that EDD is undertaken on a Key Controller. This may include, but is not limited to,<br />
verification for Key Controllers of Low Risk <strong>Customer</strong>s and/or a Financial Intelligence Unit (FIU)<br />
investigation.<br />
6.9 ID&V – Requirements for ‘Direct Appointees’<br />
6.9.1. Direct Appointees are persons authorised under an executed instrument of the <strong>Customer</strong> to act on<br />
its behalf and also to delegate authority to others to represent the <strong>Customer</strong> entity in more limited<br />
circumstances e.g. Direct Appointees may appoint Authorised Signatories. The Company<br />
Secretary may be considered a Direct Appointee. Direct Appointees may be product specific,<br />
similar to Key Controllers, and due to their influence, all Direct Appointees must be identified and<br />
verified on a risk based approach.<br />
6.9.2. In many cases the Direct Appointees may also be the Beneficial Owners or Key Controllers, in<br />
which case due diligence may have already been completed in this capacity. Where this is the<br />
case, it is not necessary to repeat due diligence activities for the Direct Appointee.<br />
6.9.3. Direct Appointees may vary by Product or Service provided by HSBC. Procedures should be in<br />
place to:<br />
a) Identify, verify, screen and record applicable Direct Appointees;<br />
b) Understand their position/ connection to the Company; and<br />
c) Identify, verify and record that Direct Appointees have properly executed authority from<br />
the <strong>Customer</strong> entity to act on its behalf for the activity undertaken.<br />
6.9.4. Direct Appointee information will not typically be captured in the <strong>CDD</strong> profile unless otherwise<br />
advised by FCC. Examples of this include where a Screening hit has resulted in escalation to FCC,<br />
the results of which are to be recorded on the <strong>CDD</strong> profile.<br />
INTERNAL<br />
Page | 95
ID&V of Direct Appointees<br />
6.9.5. The following table sets out the minimum ID&V requirements for Direct Appointees using a Risk<br />
Based Approach:<br />
INTERNAL<br />
Page | 96
Fig. 6.12: Minimum ID&V requirements for Direct Appointees<br />
<strong>Customer</strong> FCRR<br />
Other Entities<br />
High/ SCC<br />
Medium<br />
Low<br />
Identification<br />
For all Direct Appointees<br />
identify:<br />
Full Name<br />
Date of Birth<br />
Permanent Residential<br />
Address<br />
For all Direct Appointees<br />
identify:<br />
Full Name<br />
Date of Birth*<br />
For all Direct Appointees<br />
identify:<br />
Full Name<br />
Date of Birth*<br />
Verification<br />
Verify the identity of all Direct Appointees<br />
No verification of identity is required.<br />
No verification of identity is required.<br />
* Further additional Information, such as Date of Birth or address will be obtained as necessary to address potential Screening matches. In countries where it is not usual to use street<br />
addresses, it is acceptable to record the residential address of the entity according to standard local practice such as PO Box Number and physical location(s) of the residence.<br />
INTERNAL<br />
Page | 97
6.9.6. Where directed above, the identity of Direct Appointees must be verified using one reliable and<br />
independent source to establish that the named person exists.<br />
6.9.7. Detailed requirements and acceptable sources are described in the ID&V Matrix. This includes for<br />
example: government-issued documents, identification or travel documents or approved<br />
information providers (e.g. Forbes) to verify the identity of well-known individuals.<br />
6.10 KYC Introduction<br />
6.10.1 Understanding the <strong>Customer</strong>‘s business is a critical step in understanding and mitigating the<br />
Financial Crime risks that doing business with the <strong>Customer</strong> may bring.<br />
6.10.2 To understand the nature of your <strong>Customer</strong>, its business and the associated Financial Crime risks<br />
posed by the <strong>Customer</strong>, the following Know Your <strong>Customer</strong> (KYC) procedures will be undertaken<br />
in addition to ID&V procedures:<br />
<br />
Screening – Screening of the <strong>Customer</strong>, Connected and Other Related Parties against<br />
Sanctions, Terrorist, PEP or other lists as well as Negative News Screening;<br />
<br />
<br />
<br />
<br />
Understanding the Nature of Business and Source(s) of Wealth – Gathering<br />
information on the <strong>Customer</strong>s’ Nature of Business and Source of Wealth on a Risk Based<br />
Approach;<br />
Understanding the Source(s) of Funds – Gathering information on the <strong>Customer</strong>s’<br />
Source of Funds;<br />
Understanding the purpose and usage of account – Gathering information on the<br />
purpose and use of the <strong>Customer</strong>’s account in support of Transaction Monitoring;<br />
Completion of a <strong>Customer</strong> Visitation – Supplementing the <strong>CDD</strong> process to enhance the<br />
understanding of the <strong>Customer</strong> and the <strong>Customer</strong>’s business .<br />
6.10.3 KYC, along with ID&V, information is recorded in the <strong>CDD</strong> Profile, in order to provide a complete<br />
picture of the due diligence undertaken on a <strong>Customer</strong> at a given point in time.<br />
6.10.4 These KYC requirements apply to all <strong>Customer</strong> entity types, and any additional requirements or<br />
differences in respect to specific ‘customer types’ (e.g. Trusts, PICs etc.) will be detailed in the<br />
relevant customer chapters.<br />
6.11 <strong>Customer</strong> Screening<br />
Parties to be Screened<br />
6.11.1 The following table sets out the parties and information to be screened where identified during the<br />
ID&V process, in relation to Corporates and Partnerships regardless of the FCRR:<br />
INTERNAL<br />
Page | 97
Fig. 6.13: Parties and Information to be screened<br />
Party<br />
Official and<br />
Other<br />
Screening Lists<br />
NegativeNews<br />
Screening<br />
Information Screened<br />
<strong>Customer</strong>s<br />
<strong>Customer</strong>s Yes Yes Full Names and any “Trading As” names<br />
identified during ID&V<br />
Connected Parties<br />
Beneficial Owners Yes Yes Full Name of the individuals or legal entity<br />
identified including the Ultimate Beneficial<br />
Owner and Intermediate Owner identified<br />
during ID&V<br />
Key Controllers Yes Yes Full name of the individuals and legal entities<br />
identified in ID&V<br />
Other Directors, not<br />
identified as Key<br />
Controllers<br />
Yes No Full name of the Individuals identified in ID&V<br />
Direct Appointees Yes No Full name of Direct Appointees identified<br />
during ID&V<br />
Other Related Parties<br />
Other Related Parties Yes Yes Where identified, the full names of these<br />
parties must be screened<br />
6.11.2 The Global <strong>CDD</strong> Templates specify which parties are required to be screened based on the table<br />
above. Screening may take place outside the Global <strong>CDD</strong> Template with the results captured in<br />
the <strong>CDD</strong> Profile.<br />
6.11.3 If it is known that a <strong>Customer</strong> has changed its name in the past, Screening against Official and<br />
Other lists should include both the new name as well as the previous name(s). If the <strong>Customer</strong>’s<br />
name has changed within 5 years, both the new and previous name should also be subject to<br />
Negative News Screening (as applicable based on FCRR as outlined in Fig 6.14 below).<br />
6.11.4 Negative Newsscreening is required (in line with Fig 6.14) at each periodic review, but should only<br />
cover the period from the last review to the present.<br />
Negative NewsScreening<br />
6.11.5 Negative News Screening helps to identify adverse News about our <strong>Customer</strong>s in order to take<br />
necessary steps to protect HSBC’s reputation (see Common Topics Chapter 3: Screening for<br />
definitions of each).<br />
6.11.6 Negative NewsScreening is required for all customers regardless of FCRR:<br />
Fig. 6.14: Negative NewsScreening by FCRR<br />
<strong>Customer</strong> FCRR<br />
Corporates & Partnerships<br />
All<br />
Negative News<br />
INTERNAL<br />
Page | 98
6.11.7 Refer to Common Process Chapter 3: Screening for details on the application of Screening/<br />
Resolution of screening hits.<br />
6.12 Understanding Nature of Business and Source(s) of Wealth<br />
6.12.1 The information needed to understand the <strong>Customer</strong>’s Nature of Business and Source(s) of Wealth<br />
will depend on the particular circumstances presented by the <strong>Customer</strong> including the extent to<br />
which their business is established and/or connected to other entities/businesses.<br />
Nature of Business<br />
6.12.2 The nature, type and scope of the <strong>Customer</strong>’s business must be understood in order to assess the<br />
Financial Crime risk implied.<br />
6.12.3 The following information should be gathered about the <strong>Customer</strong>:<br />
Fig. 6.15: Nature of Business information requirements for all <strong>Customer</strong>s<br />
Information Areas to be Covered<br />
All FCRR<br />
Business Type<br />
Industries or business types in which the <strong>Customer</strong> participates<br />
Types of <strong>Customer</strong> with whom the <strong>Customer</strong> does business (e.g.<br />
business to consumer, business to business)<br />
Geographic location of major <strong>Customer</strong>s<br />
Countries of Business Focus<br />
Countries where the <strong>Customer</strong> does business / Countries they trade<br />
with or provide services to<br />
Where the <strong>Customer</strong> has any exposure to a Sensitive Sanctioned<br />
Country (SSC), this must be escalated to FCC in line with the Sanctions<br />
Escalation Matrix and EDD may apply<br />
Additionally, any <strong>Customer</strong> with Business Operations in a High Risk<br />
Country must be escalated to FCC and EDD may apply. See section<br />
6.20 for further detail.<br />
Key Financial Data<br />
Yes<br />
Yes<br />
Yes<br />
<br />
<br />
<br />
<br />
Total annual revenue (USD equivalent)<br />
Sources of Revenue<br />
Total Asset size<br />
Size of the business (e.g. number of employees, number of offices or<br />
store locations, etc.)<br />
6.12.4 Details of any recent material changes to the <strong>Customer</strong>’s business (e.g. change in Business Type<br />
or move from domestic to international) need to be understood. At <strong>Customer</strong> on-boarding, a recent<br />
change is considered to be a change within the past 5 years.<br />
6.12.5 For newly incorporated/registered/formed businesses at on-boarding, the Nature of Business<br />
information will be based on the <strong>Customer</strong>’s business plan, i.e. consideration of the intended<br />
products/ services, strategic business and growth plans, and targeted <strong>Customer</strong> base. Where a<br />
INTERNAL<br />
Page | 99
usiness plan is not available, information is to be gathered by means of inquiry and validated as<br />
part of the first periodic review.<br />
6.12.6 Information gathered will be driven primarily by the questions included within the <strong>CDD</strong> templates<br />
which are tailored to each risk category and the level of public accountability.<br />
6.12.7 EDD requirements for <strong>Customer</strong>s with exposure to High Risk or Sensitive Countries are set out in<br />
Sections 6.19 and 6.20.<br />
Understanding the Source(s) of Wealth<br />
6.12.8 Source of Wealth relates to the business activity or situation that generated the <strong>Customer</strong>’s<br />
accumulated capital.<br />
6.12.9 Two aspects must be considered:<br />
a) The origin of the initial Source(s) of Wealth – the business activity or situation that<br />
generated their accumulated capital, not just the portion that is invested with the bank for the<br />
initial deposit/account opening or premium paid/ cash invested; and<br />
b) The origin of ongoing Source(s) of Wealth – the ongoing business activities or situation that<br />
will generate the funds that will be deposited into the account or premium paid/ cash invested.<br />
Information to Understand Source(s) of Wealth<br />
6.12.10 Sufficient Source(s) of Wealth information should be collected to enable HSBC to form a reasonable<br />
conclusion that the <strong>Customer</strong> has earned or otherwise acquired their accumulated capital legally.<br />
This may involve obtaining supporting documentation from the <strong>Customer</strong> to validate the Source of<br />
Wealth information. Acceptable sources for validation will be included in the ID&V matrix.<br />
6.12.11 For many established HSBC <strong>Customer</strong>s, the Source(s) of Wealth will be evident from the nature of<br />
the <strong>Customer</strong>’s business/ operations and the Beneficial Owners. The <strong>Customer</strong>’s Annual<br />
report/financial statements and accounts (or equivalent) will also provide useful sources of<br />
information in order to understand the Source of Wealth.<br />
6.12.12 Where the annual report/financial statements and accounts are used to identify Source(s) of<br />
Wealth, the <strong>CDD</strong> Operating Unit must identify and record the name of one of the following in the<br />
<strong>CDD</strong> profile:<br />
a) The accountant;<br />
b) The accounting firm;<br />
c) The auditor; or<br />
d) The audit firm.<br />
Where the <strong>Customer</strong> does not have an accountant or auditor the financial statements and<br />
accounts should be reviewed in conjunction with other available information to ensure they are in<br />
line with what we know of the <strong>Customer</strong>. Where there is any doubt as to the validity of the<br />
financial statements the <strong>Customer</strong> should be escalated to Country FCC.<br />
6.12.13 Newly incorporated/registered/formed businesses will not possess prior trading records or historical<br />
financial statements that established businesses can provide. Source of Wealth information will<br />
therefore focus on the origin of the capital being invested into the business to finance operations.<br />
Emphasis should also be placed on understanding the level of capital declared compared with the<br />
level of initial account funding/ Investment premium.<br />
6.12.14 The ID&V Matrix sets out, in detail, the information and documentation sources to be obtained to<br />
validate Source of Wealth for all <strong>Customer</strong>s, including newly incorporated/registered/formed<br />
businesses.<br />
INTERNAL<br />
Page | 100
6.13 Understanding Sources of Funds<br />
6.13.1 Source(s) of Funds means the source of currency/ financial instruments deposited, which includes<br />
the amount to be transferred to the HSBC account for investment or premium payment purposes<br />
at on-boarding.<br />
6.13.2 Funds may originate from a range of sources, including but not limited to the purchase and/or sale<br />
of assets (such as real estate) or earnings from business ownership or business activities.<br />
6.13.3 For many <strong>Customer</strong>s, the Source(s) of Funds will simply be earnings from the business activity.<br />
6.13.4 For all <strong>Customer</strong>s, the aggregate amount from all accounts being opened must be reviewed to<br />
ensure it is in keeping with the information collected on the <strong>Customer</strong>’s Source of Wealth and<br />
Nature of Business.<br />
6.13.5 The amount being deposited must also be validated against one source e.g. bank statements, and<br />
the method of transfer understood in the following circumstances:<br />
a) Where the initial amount to be deposited at customer on-boarding is considered<br />
significant, i.e. exceeds US$150,000 or equivalent local currency.<br />
b) Where the initial deposit/ investment/ payment is to be made in cash and this amount<br />
exceeds US$10,000 or equivalent local currency.<br />
6.13.6 Validation of funds is required at new customer on-boarding and additionally where an existing<br />
customer opens a new account and meets the criteria listed in section 6.13.5.<br />
6.13.7 Where there are automated controls in place, Source of Funds may be reviewed as part of the<br />
monitoring process upon transfer in of the initial funds.<br />
6.14 Understanding the Intended Purpose and Usage of Account<br />
6.14.1 In order to understand the intended purpose of the <strong>Customer</strong>’s relationship with HSBC, information<br />
must be gathered in relation to the following higher risk characteristics:<br />
a) Products and services to be provided to the <strong>Customer</strong>, i.e. product lists etc.<br />
b) Purpose of the account/ product/ service, their intended usage and rationale for products<br />
and services<br />
6.14.2 Where appropriate for the service(s) offered to the <strong>Customer</strong> the relevant information below must<br />
be gathered:<br />
a) For cross-border transactions, the rationale, purpose, expected volume and value of<br />
expected significant 43 payments.<br />
b) For current accounts, the purpose of account, expected amount and average value of<br />
regular cash deposits/withdrawals.<br />
c) Rationale for the <strong>Customer</strong> to hold large balances in current accounts with minimal<br />
activity.<br />
6.14.3 The information captured in the <strong>CDD</strong> Profile supports the transaction monitoring alerts process, as<br />
well as ensuring that the <strong>Customer</strong> is appropriately risk rated.<br />
6.14.4 It is important to ensure that the information regarding the products and services held, and purpose<br />
and use of the account/ products/ services is kept up to date to allow the analyst/ RM to confirm<br />
that the transaction patterns are in line with the rest of the <strong>CDD</strong> profile. Examples of when updates<br />
may be required include Trigger Events or as part of a Periodic Review.<br />
43 Minimum thresholds are currently to be defined locally.<br />
INTERNAL<br />
Page | 101
6.15 Visitation Requirements<br />
Types of Visitation<br />
6.15.1 The types of visitation which may occur include:<br />
a) AML Visitation for <strong>CDD</strong> purposes – An AML <strong>Customer</strong> visit supplements the <strong>CDD</strong><br />
gathered on the <strong>Customer</strong> and the <strong>Customer</strong>’s business as outlined in this document. It<br />
is particularly useful in understanding the Nature of Business of the <strong>Customer</strong> on site.<br />
b) Relationship Management – <strong>Customer</strong>s may be visited regularly in support of<br />
relationship management, including sales, marketing and ongoing serving of relationship.<br />
c) Credit/Borrowing Review – certain HSBC borrowing <strong>Customer</strong>s will be visited annually<br />
for the purposes of the Credit review.<br />
Purpose of an AML Visitation for <strong>CDD</strong><br />
6.15.2 AML visitation for <strong>CDD</strong> purposes provides an opportunity to:<br />
a) Substantiate information provided on the <strong>Customer</strong> Questionnaire and observe the<br />
environment in which the <strong>Customer</strong> operates;<br />
b) Ask follow-up questions in response to specific Trigger Events;<br />
c) Validate the appropriateness of the products and services provided to the <strong>Customer</strong>;<br />
d) Substantiate anticipated volumes; and<br />
e) Gather additional information/clarification about the ownership and control structure.<br />
6.15.3 The specific focus of the physical site visit will depend on the <strong>Customer</strong>’s Nature of Business. For<br />
example, if visiting a manufacturer, the RM/ employee conducting the visit, would expect to see<br />
machines, raw materials and finished products, in accordance with the <strong>Customer</strong>’s specific<br />
operations.<br />
6.15.4 A <strong>Customer</strong> visit is not a substitute for <strong>Customer</strong> ID&V or KYC.<br />
6.15.5 A visit for AML <strong>CDD</strong> purposes may be conducted at the same time as visitations for other purposes,<br />
provided that the visit enables the staff member to fully complete the Visitation <strong>Customer</strong><br />
Assessment.<br />
Situations where an AML Visitation for <strong>CDD</strong> purposes is required<br />
6.15.6 For all <strong>Customer</strong> Types and FCRRs, a site visit may be required in response to concerns over a<br />
specific Financial Crime risk:<br />
a) <strong>Customer</strong> escalation to FCC, Negative News report or Material Trigger Event;<br />
b) Transaction Monitoring findings; and/or<br />
6.15.7 SARs. In such instances FCC may request or the Business may determine that a <strong>Customer</strong> visit is<br />
appropriate in order to:<br />
a) Validate certain information or obtain further information from someone in a particular part<br />
of the <strong>Customer</strong> organisation; and/or<br />
b) Discuss a specific AML or related issue.<br />
6.15.8 In these circumstances, FCC will specify the legal entity to be visited (i.e. reliance may not be<br />
appropriate).<br />
6.15.9 When a site visit is required as a result of a SAR being raised or as a result of other Financial Crime<br />
risk concerns, care needs to be taken to avoid “tipping off”. See Compliance FIM B2.17.1 for GPPs<br />
relating to the criminal offence of ‘tipping off’ and the importance of not informing <strong>Customer</strong>s that a<br />
suspicion report has been made.<br />
INTERNAL<br />
Page | 102
Additional Situations where an AML Visitation for <strong>CDD</strong> Purposes is required<br />
6.15.10 An AML Visitation for Other Entities is required at on-boarding and periodic review for all SCC and<br />
High Risk RM’d customers, and for High Risk non-RM’d customers. AML Visitation is only required<br />
for Medium and Low Risk <strong>Customer</strong> on identification of financial crime concerns:<br />
Fig. 6.16: AML Visitation requirements for Corporates & Partnerships<br />
Relationship Managed <strong>Customer</strong>s and Non-Relationship Managed <strong>Customer</strong>s<br />
<strong>Customer</strong><br />
FCRR<br />
On-boarding<br />
Periodic Review<br />
SCC 44<br />
High<br />
Y<br />
Y - Annual<br />
Medium<br />
Low<br />
Financial crime concerns only<br />
Additional Detail on AML Visitations for <strong>CDD</strong> Purposes<br />
Fig. 6.17: AML Visitations for <strong>CDD</strong> Purposes<br />
Home based<br />
businesses<br />
Periodic review<br />
triggered by Material<br />
Changes to <strong>Customer</strong><br />
Circumstance<br />
A home-based business is defined as a business that is operating from the Permanent<br />
Residential Address of the Beneficial Owner. Home-based businesses are typically Non-RM’d<br />
<strong>Customer</strong>s.<br />
Home-based businesses may also be exempt from visitation at onboarding or renewal provided<br />
that the Business concludes that it is reasonable for the <strong>Customer</strong>’s business to be home based.<br />
The Business Owner must document the rationale for such a conclusion in the <strong>CDD</strong> Profile.<br />
Factors for consideration may include: number of employees, the industry type, or whether the<br />
business is predominantly cash based.<br />
Due to the size and scale of a typical Sole Trader, many will operate their business from their<br />
residential address and will not have a separate business address (i.e. a home-based<br />
business).<br />
Where a <strong>Customer</strong> Material Trigger Event results in a <strong>Customer</strong>’s FCRR increasing from Low<br />
or Medium Risk to High or SCC, a periodic review may be triggered. In these instances a site<br />
visit must be completed within a maximum of 60 days. The guidance on reliance and homebased<br />
businesses continues to apply.<br />
Completion of an AML Visitation for <strong>CDD</strong> Purposes<br />
6.15.11 All AML visitations must be completed by an appropriately trained member of staff within the<br />
business.<br />
6.15.12 Following a site visit the staff member will document the visit in the appropriate Relationship<br />
Management system or in the <strong>CDD</strong> Profile.<br />
6.15.13 It is not a requirement to attach the full <strong>Customer</strong> Visitation report to the <strong>CDD</strong> Profile, provided the<br />
employee conducting the visit has attested that:<br />
44<br />
All SCC <strong>Customer</strong>s must be Relationship Managed<br />
INTERNAL<br />
Page | 103
a) A satisfactory visit has occurred;<br />
b) There are no financial crime concerns; and<br />
c) Additionally, the report must be accessible to the relevant parties reviewing the <strong>CDD</strong><br />
Profile.<br />
6.15.14 At a minimum the following information should be captured in the <strong>CDD</strong> profile:<br />
Fig. 6.18: AML Visitation: Requirement for the <strong>CDD</strong> Profiles<br />
AML Visitation for <strong>CDD</strong> Purposes <strong>Customer</strong> Assessment – requirements for the <strong>CDD</strong> Profile<br />
a) <strong>Customer</strong> Name;<br />
b) Address Visited;<br />
c) Date of visit;<br />
d) Names and titles of person interviewed;<br />
e) Name and title of the person(s) making the visit from HSBC; and<br />
f) Areas of financial crime concern arising from the visit (full site visitation report does not need to be attached)<br />
6.15.15 If the AML visitation is not consistent with the information provided by the <strong>Customer</strong> in the <strong>CDD</strong><br />
profile, consideration should be given to declining the on-boarding or exiting of the <strong>Customer</strong>.<br />
However, if the employee conducting the visit wishes to proceed with on-boarding or retain the<br />
<strong>Customer</strong>, it should be referred to FCC. The business must ensure that they do not “tip off” the<br />
<strong>Customer</strong> that there are concerns or that the <strong>Customer</strong> has been referred to FCC:<br />
6.16 EDD Introduction<br />
6.16.1 The purpose of this section is to identify, assess and mitigate the risks associated with <strong>Customer</strong>s<br />
who pose a higher risk of Financial Crime and where HSBC could be used as a conduit for Financial<br />
Crime activities. In such circumstances HSBC must apply EDD procedures on a Risk Based<br />
Approach.<br />
6.16.2 EDD requirements involve gathering additional information about the <strong>Customer</strong>, Connected Parties<br />
and Other Related Parties over and above the Core <strong>CDD</strong> requirements.<br />
6.16.3 EDD procedures must be undertaken for all <strong>Customer</strong> Types where the <strong>Customer</strong> is a HNWI or<br />
considered to be an SCC or High Risk, or where individuals connected to the <strong>Customer</strong>, are PEPs<br />
or where they display higher risk characteristics. EDD procedures may be undertaken at<br />
onboarding, Periodic Reviews, Trigger Events or at any time during the course of the <strong>Customer</strong><br />
relationship.<br />
6.16.4 This section highlights the additional requirements not already captured in the risk based approach<br />
outlined in the Retail Business Banking (RBB) ID&V and KYC chapters.<br />
6.17 Politically Exposed Persons<br />
6.17.1 Refer to Global <strong>RBWM</strong> AML Policy Chapter 13: PEPs for further guidance on Politically Exposed<br />
Persons (PEPs):<br />
6.18 Source of Wealth (SoW) for Ultimate Beneficial Owners (UBOs)<br />
6.18.1 The determination of Source(s) of Wealth for Beneficial Owners is required as follows:<br />
a) For all identified Ultimate Beneficial Owners of High FCRR and SCC <strong>Customer</strong>s, i.e.<br />
those identified as owning 10% or more of the <strong>Customer</strong>; and/ or<br />
INTERNAL<br />
Page | 104
) For all <strong>Customer</strong>s where a PEP has been identified as an Ultimate Beneficial Owner,<br />
irrespective of the <strong>Customer</strong>’s FCRR.<br />
6.18.2 For both scenarios, information must be gathered on the identified UBOs in relation to their Source<br />
of Wealth and income to enable an assessment to be made as to whether this is commensurate<br />
with their holding in the company. Evidence supporting the Source of Wealth information must be<br />
documented in the <strong>Customer</strong>’s <strong>CDD</strong> profile.<br />
6.18.3 The ID&V Matrix sets out, in detail, the information and documentation sources to be obtained to<br />
gather Source of Wealth details for UBOs.<br />
6.18.4 Where it is not possible to obtain SoW information from public sources, the business needs to<br />
provide a support statement detailing the information obtained from the <strong>Customer</strong>, which includes<br />
how the UBOs Source of Wealth has been acquired/ built and confirmation that it is consistent with<br />
their holding in the <strong>Customer</strong> entity. This statement should be stored in the <strong>Customer</strong>’s <strong>CDD</strong> profile.<br />
6.18.5 The business needs to be satisfied that they have collected sufficient information to understand the<br />
UBO’s Source of Wealth. If not, the business should consider ceasing to onboard a <strong>Customer</strong> given<br />
the lack of sufficient Source of Wealth information to assess the risk, and whether the Source of<br />
Wealth is commensurate with the UBOs holding in the <strong>Customer</strong>. Should the business wish to<br />
continue with onboarding, the <strong>Customer</strong> should be escalated to Country FCC for review.<br />
6.19 Doing Business in Sensitive Sanctioned Countries<br />
6.19.1 The Global Sanctions Policy (Risk FIM B.2.19) lists those countries designated by HSBC as<br />
Sensitive Sanctioned Countries and includes those countries designated by jurisdictional<br />
programmes imposed by the United Nations, EU, United Kingdom, Hong Kong or the United States<br />
of America. Such programmes include lists of sanctioned individuals, entities or organisations as<br />
well as imposing sanctions which either prohibit almost all commercial activity with the country or<br />
impose broad prohibitions on commercial activity, such as a ban on imports.<br />
6.19.2 Doing business with Sensitive Sanctioned Countries directly or indirectly represents a reputational<br />
risk to the Group and may ultimately expose HSBC to potential breaches of sanctions laws. HSBC<br />
therefore has a limited appetite with respect to <strong>Customer</strong>s that have business dealings with<br />
Sensitive Sanctioned Countries.<br />
6.19.3 EDD will be required to determine if a <strong>Customer</strong>’s exposure to Sensitive Sanctioned Countries is<br />
within the Group’s risk appetite and managed accordingly.<br />
6.19.4 The risk appetite, with respect to a <strong>Customer</strong>’s exposure to Sensitive Sanctioned Countries is a<br />
function of:<br />
a) Countries the <strong>Customer</strong> has exposure to;<br />
b) Type of exposure a <strong>Customer</strong> has to the Sensitive Sanctioned Country (i.e. <strong>Customer</strong>s<br />
in, supplies from, investments in or operations in);<br />
c) Type of activity (i.e. any industry in which the <strong>Customer</strong> operates);<br />
d) Level of activity as a % of the entity’s total revenue; and<br />
e) Nature of their relationship with HSBC (i.e. Direct Relationship, Direct Support or Indirect<br />
Risk Exposure 45 ).<br />
6.19.5 Further guidance can be found in the Risk/ Compliance FIM B.2.19.<br />
Identification of <strong>Customer</strong> Exposure<br />
6.19.6 HSBC is concerned with a <strong>Customer</strong>’s direct and indirect risk exposure to Sensitive Sanctioned<br />
Countries.<br />
6.19.7 All <strong>Customer</strong>s are required over the course of <strong>CDD</strong> to affirm whether they, or any members of their<br />
group legal entity structure do business in Sensitive Sanctioned Countries. This includes whether<br />
45<br />
Please refer to the Global Sanctions Policy for the definitions of Direct Relationship, Direct Support and Indirect<br />
Risk Exposure.<br />
INTERNAL<br />
Page | 105
the <strong>Customer</strong> has Beneficial Owners resident in, <strong>Customer</strong>s in (exports to), obtaining supplies from<br />
(imports from), investments in (assets in) or operations in (business in) Sensitive Sanctioned<br />
Countries.<br />
6.19.8 Communications to <strong>Customer</strong>s will include the list of current Sensitive Sanctioned Countries.<br />
6.19.9 In addition, a <strong>Customer</strong>’s exposure to Sensitive Sanctioned Countries may be identified as a Trigger<br />
Event through payment/trade finance/message screening, Negative News Screening or over the<br />
course of the <strong>Customer</strong> relationship.<br />
Enhanced Due Diligence Procedures<br />
6.19.10 Where a <strong>Customer</strong> has indicated that they have an exposure to Sensitive Sanctioned Countries,<br />
the following EDD activities will need to be performed at onboarding and then at periodic review to<br />
determine whether the <strong>Customer</strong>’s exposure is within the Group’s tolerance levels.<br />
6.19.11 In reaching this determination, the following information should be considered, where relevant, and<br />
should be documented within the <strong>CDD</strong> profile:<br />
INTERNAL<br />
Page | 106
Fig. 6.19: Sensitive Sanctioned Country Information to be obtained from the <strong>Customer</strong><br />
Information to be obtained from the <strong>Customer</strong><br />
Name of legal entity with exposure to Sensitive Sanctioned Countries<br />
Sensitive Sanctioned Countries that the legal entity has exposure to<br />
Type of exposure to each Sensitive Sanctioned Country (owned by/operates in/invests in/has <strong>Customer</strong>s<br />
in/purchases from)<br />
The level of activity for each type of exposure that the entity has with a Sensitive Sanctioned Country 46 :<br />
Nature of <strong>Customer</strong>’s<br />
exposure with a Sensitive<br />
Sanctioned Country<br />
Information required<br />
Owned by BO(s) resident in<br />
a Sensitive Sanctioned<br />
Country<br />
Operates in a Sensitive<br />
Sanctioned Country<br />
Has investments in a<br />
Sensitive Sanctioned<br />
Country<br />
Selling to <strong>Customer</strong>s in<br />
Sensitive Sanctioned<br />
Countries<br />
Buying from suppliers in<br />
Sensitive Sanctioned<br />
Countries<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
Name of BO(s) (UBOs and IOs), where identified, subject to thresholds<br />
in Retail Business Banking Corporates and Partnerships ID&V and KYC<br />
chapters<br />
Total % ownership held by Beneficial Owner(s) domiciled in a Sensitive<br />
Sanctioned Country<br />
Total revenues and assets of the legal entity (USD or local currency)<br />
% of total revenue from operations in Sensitive Sanctioned Countries<br />
Value of investment in Sensitive Sanctioned Countries and total assets<br />
(USD or local currency)<br />
% of total assets related to investments in Sensitive Sanctioned<br />
Countries<br />
Nature of investment (e.g. type of investment, local partners)<br />
Value of export sales to Sensitive Sanctioned Countries (USD or local<br />
currency)<br />
% of total revenues from trade with Sensitive Sanctioned Countries<br />
Nature of products/ services sold<br />
Value of import purchases from Sensitive Sanctioned Countries (USD or<br />
local currency)<br />
% of total cost of goods sold from purchases from Sensitive Sanctioned<br />
Countries<br />
Nature of products/ services purchased<br />
The entity’s primary business operation, including information on the products and services involved in their<br />
exposure to Sensitive Sanctioned Countries.<br />
Supplementary information regarding:<br />
<br />
<br />
The <strong>Customer</strong>’s business plans with regards to Sensitive Sanctioned Countries (e.g. to reduce or terminate<br />
transactions with a Sensitive Sanctioned Country; for example winding up of a business) and anticipated timing<br />
of such activities;<br />
Description of the <strong>Customer</strong>’s control procedures to monitor transactions with Sensitive Sanctioned Countries<br />
and to ensure compliance with sanctions regulations; and<br />
46<br />
This information needs to be captured in relation to each Sensitive Sanctioned Country which the <strong>Customer</strong> has<br />
exposure to.<br />
INTERNAL<br />
Page | 107
Information required<br />
Whether the legal entities with exposure to Sensitive Sanctioned Countries are HSBC <strong>Customer</strong>s, and if so:<br />
a) Which Products and services are offered to the <strong>Customer</strong>?<br />
b) Do the Products provided have a specific purpose to support trade with Sensitive Sanctioned Countries?<br />
Control and Approvals Process<br />
6.19.12 Once full information about the <strong>Customer</strong>’s exposure to Sensitive Sanctioned Countries has been<br />
received by the business and <strong>CDD</strong> Operating Unit, the <strong>Customer</strong> should be escalated to FCC<br />
Sanctions. FCC Sanctions will determine whether the exposure is within HSBC’s risk appetite and<br />
to determine whether any additional EDD is required.<br />
6.19.13 The table below describes the additional <strong>CDD</strong> control and approvals procedures required:<br />
Fig. 6.20: Additional <strong>CDD</strong> Control and Approval processes<br />
Scenario<br />
Legal entity that HSBC banks has an<br />
exposure to Sensitive Sanctioned<br />
Countries in excess of the exposure<br />
levels (Refer to Global Sanctions<br />
Policy/ FIM)<br />
Legal entity that HSBC banks has an<br />
exposure to Sensitive Sanctioned<br />
Countries within threshold amounts<br />
Controls and Approval processes<br />
a) New <strong>Customer</strong>s should be declined unless a Sanctions Risk<br />
Approval is obtained through a referral to FCC Sanctions and<br />
where necessary the Reputational Risk and Client Selection<br />
Committee (RRCS). The Sanctions Risk Approval Form can be<br />
found in the Global Sanctions SharePoint at:<br />
http://teams.uk.hsbc/compliance/globalsanctions/Blank%20Tem<br />
plates/Forms /AllItems.aspx.<br />
b) For existing <strong>Customer</strong>s, a Sanctions Risk Approval must be<br />
obtained (by referral to FCC Sanctions and where necessary the<br />
RRCS). In the event a Sanctions Risk Approval is declined, the<br />
<strong>Customer</strong> relationship must be exited.<br />
c) The escalation to FCC Sanctions should indicate any risk<br />
mitigations to be considered by FCC Sanctions. If a Sanctions<br />
Risk Approval is granted, the <strong>Customer</strong>’s FCRR must be SCC<br />
d) Where required by FCC Sanctions, the <strong>Customer</strong> must<br />
acknowledge and agree in writing that HSBC will not facilitate<br />
payments to any person or entity listed on a sanctions list or<br />
located in a Sensitive Sanctioned Country. The wording of any<br />
<strong>Customer</strong> undertaking must be approved by FCC Sanctions.<br />
e) It should be noted that depending on the specific sanctions<br />
measures in place any particular transaction may be prohibited<br />
a) <strong>Customer</strong>s with Sensitive Sanctioned Country exposure that falls<br />
within the thresholds can be on-boarded or maintained only with<br />
the approval of the FCC Sanctions Officer.<br />
b) If approval is given to open or maintain the customer relationship,<br />
the Country Sanctions Officer should consider whether the<br />
<strong>Customer</strong> should be categorised as a Special Category Client<br />
(SCC).<br />
c) Where required by FCC Sanctions, the <strong>Customer</strong> must<br />
acknowledge and agree in writing that HSBC will not facilitate<br />
payments to any person or entity listed on a sanctions list or<br />
located in a Sensitive Sanctioned Country. The wording of any<br />
customer undertaking must be approved by FCC Sanctions<br />
d) It should be noted that depending on the specific sanctions<br />
measures in place any particular transaction may be prohibited<br />
INTERNAL<br />
Page | 108
6.20 <strong>Customer</strong>s with Identified Exposure to Countries with a<br />
Transparency International Corruption Perception Index (TI CPI) Score of 22 or Less<br />
6.20.1 HSBC has a limited appetite for <strong>Customer</strong>s with a significant exposure to high risk countries where<br />
the TI CPI score is ≤ 22. These <strong>Customer</strong>s must be risk-rated High, require additional approvals<br />
from the regional/local RRCSC and are subject to the additional EDD as described in this section.<br />
These <strong>Customer</strong>s must be escalated to FCC.<br />
6.20.2 Significant <strong>Customer</strong> exposure to TI CPI ≤ 22 countries is defined as:<br />
a) <strong>Customer</strong> incorporated/registered/formed in a TI CPI ≤ 22 country;<br />
b) <strong>Customer</strong> with a primary business operation in a TI CPI ≤ 22 country;<br />
c) <strong>Customer</strong> with a ≥ 25% UBO whose country of permanent residence is the TI CPI ≤ 22<br />
country; or<br />
d) <strong>Customer</strong> with known business operations in TI CPI ≤ 22 countries of 10% or more from a<br />
single jurisdiction or 25% or more from several jurisdictions, as indicated by:<br />
Total Investments; and/ or<br />
Total Sales; and/ or<br />
Total Supplies; and/or<br />
HSBC products and services provided with the specific purpose of supporting activity in<br />
that country (e.g. provision of a performance guarantee).<br />
6.20.3 Where exposure to a TI CPI ≤ 22 country has been identified over the course of <strong>CDD</strong>, further Nature<br />
of Business information is required. The information required varies according to the nature of the<br />
<strong>Customer</strong>’s exposure, as outlined in the Table below:<br />
INTERNAL<br />
Page | 109
Fig. 6.21: Further Nature of Business Information<br />
Nature of <strong>Customer</strong>’s<br />
Exposure to TI ≤ 22<br />
countries<br />
Incorporated/Registered<br />
/Formed in the Country<br />
Source of Exposure Identification<br />
<strong>Customer</strong> ID&V (see Section 6.6)<br />
Further EDD requirements to be Captured<br />
No additional EDD requirements<br />
Operates in the Country <strong>Customer</strong> ID&V (see Section 6.6) No additional EDD requirements<br />
Owned by BOs<br />
domiciled in country<br />
Has investments in<br />
country<br />
Sells to <strong>Customer</strong>s in<br />
country<br />
Buys from suppliers in<br />
country<br />
UBO ID&V (see Section 6.7)<br />
identifies UBO country of primary<br />
residence for Other Entities and<br />
Country of Incorporation for IO’s.<br />
Nature of Business information (see<br />
Section 6.12) identifies Countries<br />
where the <strong>Customer</strong> does business<br />
AND/OR<br />
Products and Services provided to<br />
the <strong>Customer</strong> have the specific<br />
purpose of supporting investments<br />
with the Country<br />
AND/OR<br />
Based on other <strong>Customer</strong><br />
management/transaction monitoring<br />
information<br />
Nature of Business information on<br />
Countries the <strong>Customer</strong> does<br />
business/Trades with as outlined in<br />
Section 6.12;<br />
AND/OR<br />
Products and Services provided to<br />
the <strong>Customer</strong> have the specific<br />
purpose of supporting business<br />
activity with the Country<br />
AND/OR<br />
Based on other <strong>Customer</strong><br />
management/transaction monitoring<br />
information e.g. from Trade product<br />
information<br />
No additional EDD requirements as UBO<br />
Source of Wealth will be identified, as outlined<br />
in Section 6.18.<br />
a) Value of investment (USD or local<br />
currency, % of total assets) in the<br />
country<br />
b) Nature of investment (e.g. type of<br />
investment, local partners)<br />
a) Value of exports/imports (USD or local<br />
currency, % of total)<br />
b) Nature of exports/imports (e.g.<br />
products/services sold or purchased)<br />
Additionally for all:<br />
<br />
<br />
<br />
Description of any specific control procedures that the <strong>Customer</strong> has to monitor the risks associated with the TI<br />
CPI ≤ 22 country;<br />
Details of <strong>Customer</strong>’s business plans in the market (i.e. expansion through acquisition of new <strong>Customer</strong>s,<br />
expansion of existing relationships, change of existing contracts, Exit from the market etc.) and anticipated<br />
timings for such plans;<br />
Details of HSBC products and services provided with the specific purpose of supporting the <strong>Customer</strong>’s activity<br />
with the Country.<br />
INTERNAL<br />
Page | 110
7. Clubs & Societies<br />
Key Objective<br />
How will the Objective<br />
be achieved?<br />
Scope of Section<br />
To identify, assess and mitigate the risks associated with specific <strong>Customer</strong> types which<br />
pose a higher risk of Financial Crime, and/or where HSBC could be used as a conduit<br />
for Financial Crime activities.<br />
This <strong>Customer</strong> type requires additional and/or specific due diligence to address their risk<br />
attributes, outside the scope of the standard ID&V, KYC and general EDD requirements.<br />
This Section outlines who the <strong>Customer</strong> is for due diligence purposes, and the specific<br />
and/ or additional due diligence requirements for Clubs and Societies.<br />
Section outlines the ID&V procedures with respect to the following:<br />
Definitions and Risks of <strong>Customer</strong> Type<br />
7.1. Introduction<br />
7.2. Definition of <strong>Customer</strong> Type<br />
7.3 Risks Associated with Clubs and Societies<br />
7.4. Key Connected parties<br />
7.5. Prohibited Clubs and Societies and <strong>Customer</strong> Risk Classification<br />
ID&V of the <strong>Customer</strong> and their Connected Parties<br />
7.6. ID&V Requirements for the Club/Society<br />
7.7. ID&V Requirements for Connected Parties<br />
Know Your <strong>Customer</strong> (KYC)<br />
7.8. <strong>Customer</strong> Screening<br />
7.9. Understanding Nature of Business and Source(s) of Wealth<br />
7.10. Understanding the Intended Purpose and Usage of Account<br />
7.11. Enhanced Due Diligence (EDD)<br />
Related Sections<br />
Guidance sources<br />
Global AML Policy: <strong>CDD</strong> Standards - Individuals (ID&V)<br />
Global AML Policy: <strong>CDD</strong> Standards - Corporates & Partnerships (KYC)<br />
Global AML Policy: <strong>CDD</strong> Standards - Corporates & Partnerships (EDD)<br />
Chapter 4 – Trusts (available in this document - <strong>RBWM</strong> <strong>CDD</strong> <strong>Customer</strong> <strong>LoBP</strong>)<br />
Global AML Policy: <strong>CDD</strong> Standards - NPOs<br />
INTERNAL<br />
Page | 111
Definitions and Risks of <strong>Customer</strong> Type<br />
7.1 Introduction<br />
7.1.1. The procedures below outline the <strong>Customer</strong> Due Diligence (<strong>CDD</strong>) standards that should be<br />
followed for Clubs and Societies. Where the requirements align to the standards for Corporates,<br />
Individuals, or other Legal Entity types, a cross reference is used to indicate related Global<br />
Guidance and <strong>RBWM</strong> <strong>LoBP</strong> sections.<br />
7.1.2. <strong>RBWM</strong> only banks Clubs & Societies, for all categories of Non-Profit Organisations (NPOs) other<br />
than Clubs and Societies, please refer to the Global Procedural Standards for CMB and the<br />
applicable <strong>CDD</strong> standards.<br />
7.2 Definition of <strong>Customer</strong> Type<br />
7.2.1 The majority of Clubs and Societies will have the following characteristics:<br />
a) Legal status defined by the organisation’s aims and purpose;<br />
b) Are self-governing private organisations, which pursue activities for public or private interest<br />
or benefit (e.g. social, literary, or religious purposes);<br />
c) Operate on the principle that funds are raised for a stated cause or “mission” through a<br />
diverse set of Donors/ Members;<br />
d) Funds are distributed to other projects, organisations, or individuals, in accordance with the<br />
aims of the organisation.<br />
7.2.2. Clubs and Societies are usually funded by Donors or Members through:<br />
a) Donations;<br />
b) Membership Dues; and/or,<br />
c) Grants.<br />
7.2.3. Management of funds within Clubs and Societies sits with the Key Controllers of the organisation.<br />
It is the responsibility of the Key Controllers to manage and distribute the funds, which must be<br />
completed in a manner consistent with, and in support of, the objectives of the organisation.<br />
7.2.4. Clubs and Societies generally distribute benefits internally to the Connected Parties of the<br />
organisation (e.g. to its Members)<br />
7.2.5. Descriptions of Clubs and Societies may include:<br />
Figure 7.1: Descriptions of Clubs and Societies<br />
Description<br />
Examples<br />
Clubs and<br />
Societies<br />
<br />
An association of members sharing a common interest by the use<br />
of a structure (formal or informal) through which they can pursue<br />
that interest;<br />
<br />
<br />
Chess club;<br />
Football club.<br />
<br />
Depending on the size, purpose, and jurisdiction, may be<br />
incorporated or unincorporated;<br />
<br />
Only unincorporated Clubs and Societies are permitted within<br />
<strong>RBWM</strong> and will be treated as a Partnership unless otherwise<br />
specified (refer to Global Procedural Standards Corporates and<br />
Partnerships Chapter [6] for additional detail). If any incorporated<br />
Clubs and Societies are identified refer to Country FCC.<br />
INTERNAL<br />
Page | 112
7.2.6. Investment clubs are outside the scope of this section as they are operationally different from other<br />
clubs in terms of funding and purpose and will be covered in the Funds Chapter 10 of the Global<br />
Procedural Standards.<br />
7.3 Risks Associated with Clubs and Societies<br />
7.3.1 Many clubs and societies are small or medium sized organisations and as such are reliant on a few<br />
professionals/volunteers to control their funds and assets. These arrangements may lack the<br />
scrutiny and segregation of roles and responsibilities which is often a feature of large organisations;<br />
7.3.2 Clubs and societies will often lack formally executed documentation and, accordingly, the risk of<br />
misrepresentation or deception may be higher<br />
7.4 Key Connected Parties associated with Clubs and Societies<br />
7.4.1 Establishing the Connected Parties requires an understanding of how the Club/ Society is<br />
structured, how funding is sourced, who has control over the distribution of funds, and to whom the<br />
funds are distributed.<br />
7.4.2 The following table defines key Connected Parties requiring <strong>CDD</strong> for clubs and Societies in <strong>RBWM</strong>:<br />
Figure 7.2: Definition of key Connected Parties requiring <strong>CDD</strong><br />
Role<br />
Description<br />
Beneficial<br />
Owners<br />
<br />
It is important to note that in the case of a Club or Society, there will be no individuals or<br />
entity that will be classed as a “Beneficial Owner 47 . This is due to the purpose and<br />
organisational structure of Clubs and Societies and the absence of share capital 48 ;<br />
Donors Individuals or entities providing funds to the organisation; e.g. Donations outside of<br />
normal membership fees<br />
<br />
<br />
<br />
Donors may provide one-time only payments or regular ongoing funds to the<br />
organisation;<br />
Donors surrender ownership and control of the donated funds to the Club or Society;<br />
Based on the structure of the entity, in certain circumstances Donors can retain control<br />
over the funds<br />
Members would not automatically be considered a Donor unless they meet one of the<br />
requirements above.<br />
Key Controllers Individuals who are elected or appointed to exercise direct control over the <strong>Customer</strong> by<br />
participating in its governance or senior executive activities;<br />
<br />
<br />
The title given to a Key Controller varies according to the type of entity and country of<br />
operation/incorporation<br />
For a Club or Society a Key Controller may be the President of the club, the Treasurer,<br />
or the club Secretary;<br />
Managing<br />
Members<br />
<br />
Managing Members are considered to be individual members who are elected/appointed<br />
to participate in the governance of the organisation and will have a significant amount of<br />
control over the organisation;<br />
49 For a definition of Beneficial Owner refer to Figure 6.2 Corporates and Partnerships Section<br />
50 In the context of the Global Non-Profit Organisations (NPO) Procedural Standards, an entity may have material control over the Club or Society<br />
whether through voting rights, appointment of Senior Management, or direct management of the entity. This may result in a parent and/or<br />
branch/subsidiary relationship for Clubs and Societies.<br />
INTERNAL<br />
Page | 113
Other Connected<br />
Parties<br />
<br />
<br />
<br />
<br />
The primary difference between a Managing Member and a Key Controller is that a<br />
Managing Member is part of the membership base of the organisation and directly<br />
benefits from the purpose of the organisation;<br />
Managing Members may exist along with Key Controllers;<br />
Examples of other Connected Parties include, but are not limited to, Authorised<br />
Signatories and Power of Attorney holders, who may be appointed in positions of<br />
effective control of the <strong>Customer</strong>;<br />
Individuals with Sole Authority over the <strong>Customer</strong>’s <strong>RBWM</strong> account/financial affairs are<br />
also considered to be Key Controllers due to the influence they have over the<br />
organisation. Where these parties are not recorded in Product Level Due Diligence, they<br />
may be recorded in the <strong>CDD</strong> Profile.<br />
7.4.3. The following table establishes definitions of Other Related Parties who may require <strong>CDD</strong> based<br />
on their role within the organisation:<br />
Figure 7.3: Other Related Parties who may require <strong>CDD</strong><br />
Role<br />
Description<br />
Members Individuals who have joined a Club or Society*;<br />
<br />
While membership fees are usually collected, the payment of membership fees is not a<br />
prerequisite to be considered a member.<br />
*where the Club or Society has AUM over $10,000 and there are less than 5 members<br />
Volunteers Individuals who engage in activities to help a Club or Society achieve its stated<br />
objective;<br />
<br />
The activity should not be primarily undertaken for financial reward.<br />
7.5 Prohibited Clubs and Societies and <strong>Customer</strong> Risk Classification<br />
7.5.1. Clubs and Societies will be risk rated according to the Financial Crime <strong>Customer</strong> Risk Assessment<br />
Model (FCC-RAM) 49 .<br />
7.5.2. Certain types of Clubs or Societies are prohibited customers. These include:<br />
a) Entities named on sanctions lists issued by Competent Authorities in any jurisdiction.<br />
b) Entities the subject of allegations of links to criminal/terrorist related activities/persons.<br />
c) Entities which have activities or aims that may present a heightened reputational risk (e.g.<br />
Due to high profile/media attention) 50 .<br />
d) Entities which have activities which support a HSBC prohibited <strong>Customer</strong> type.<br />
7.5.3. The following High Risk Indicators are to be considered for Clubs and Societies:<br />
a) Significant exposure (25% or more of annual contributions from or disbursements) to high<br />
risk jurisdictions (cross border fund movement and/or geographical presence outside of the<br />
country of establishment);<br />
b) Majority (50% or more) of the incoming annual funds are collected in cash (where this 50%<br />
is equal to or exceeds US$10k or equivalent local currency).<br />
49<br />
Where a Club or Society is associated with a Political Party, the organisation should be risk rated according to the FCC-RAM. Where a PEP is<br />
identified as a Key Controllers refer to Global <strong>RBWM</strong> Line of Business Procedures - PEPs.<br />
50<br />
Note: where the Business is uncertain as to whether a Club or Society should be considered prohibited, escalate to Country FCC.<br />
INTERNAL<br />
Page | 114
7.6 ID&V Requirements for the Club / Society<br />
7.6.1 The following minimum identification and verification information must be obtained for Clubs and<br />
Societies:<br />
Figure 7.4: Minimum ID&V Requirements<br />
Minimum Identification Requirements – Clubs and Societies (all FCRRs)<br />
a) Full Legal Name;<br />
b) Structure of Club and Society Identification Number or equivalent (e.g. registration number, tax identification<br />
number) (where available);<br />
c) Registered status and name of supervisory body (where applicable); 51<br />
d) Registered 12 address (where applicable);<br />
e) Business 52 address (where applicable);<br />
f) Year of establishment;<br />
g) Website address (where available).<br />
Verification Requirements – Clubs and Societies (all FCRRs)<br />
a) Full Legal Name;<br />
b) Registered address 52 (where applicable);<br />
c) Business Address 52 (where applicable);<br />
d) Identification Number or equivalent (e.g. registration number, tax identification number) (where available).<br />
Verification Sources (all FCRRs):<br />
Two reliable and independent verification sources are required; one of which must be a Primary Document. Please<br />
refer to the Individuals ID&V chapter.<br />
For unincorporated organisations (i.e. organisations with no defined legal entity structure):<br />
Obtain tax related documentation where available ; and<br />
Constitution or Rules of the Organisation (where available)<br />
If address is that of a connected party, verify their address<br />
7.6.2. In addition to the above minimum identification requirements, further information may be obtained<br />
to enhance the <strong>Customer</strong>’s experience or to facilitate communications with the <strong>Customer</strong>; for<br />
example, telephone number and email address.<br />
7.7 ID&V Requirements for Connected Parties (i.e. Key Controller)<br />
7.7.1. The following connected parties should be ID&V’d as per the requirements below The following<br />
Connected Parties should be ID&V’d as per the requirements below. Where additional Connected<br />
Parties exist based on the Legal Entity type being other to that of a Partnership (e.g. Trust), ID&V<br />
of these Connected Parties should be performed as per the requirements of the specific Legal<br />
Entity type.<br />
7.7.2. Where a PEP is identified as a Connected Party, please refer to the Global <strong>RBWM</strong> AML Policy<br />
Chapter 13: PEPs<br />
51<br />
In some jurisdictions certain types of Clubs and Societies will be required to register with a supervisory body. Where the registration details are<br />
not available it is necessary to understand the reasons for this and escalate to Country FCC.<br />
52<br />
Where a Club or Society does not have a business address or registered address, a correspondence address must be obtained and verified.<br />
INTERNAL<br />
Page | 115
Donors<br />
7.7.3. Donors will often not have a material connection to the organisation itself once the funds have been<br />
transferred. As a result, it may prove difficult to gather information that would be captured for similar<br />
Connected Parties of other customer types as no formal relationship exists between the<br />
organisation and the individual Donors.<br />
7.7.4. The following are the ID&V requirements for Donors:<br />
Figure 7.5: ID&V Requirements for Donors<br />
<strong>Customer</strong> FCRR Identification Requirements Verification Requirements<br />
All<br />
<strong>Customer</strong> FCRR<br />
<br />
All Donors (e.g. individuals/ entities making<br />
donations outside of normal membership fees)<br />
that contribute 5% or more (where 5% is equal<br />
to or exceed US$10k or equivalent local<br />
currency) of total annual contributions to the<br />
Club/ Society 53<br />
<br />
No verification requirements<br />
Information to be obtained for all identified Donors (those Donors that contribute 5%<br />
(where 5% is equal to or exceed US$10k or equivalent local currency) of total annual<br />
contributions)<br />
All<br />
Full Legal Name;<br />
Contribution % ;<br />
Additionally for Individuals<br />
Date of Birth;<br />
Permanent Residential Address;<br />
Additionally for Legal Entities<br />
“Trading As” name (where applicable);<br />
Registered Address.<br />
<br />
No verification requirements<br />
7.7.5. It is important to understand the organisation’s Donor base and to ensure that it is in line with the<br />
stated activities of the Club/ Society.<br />
7.7.6. It is also necessary to understand the controls that the <strong>Customer</strong> has in regards to its Donors for<br />
managing money laundering and terrorist financing risks.<br />
Key Controllers<br />
7.7.7. Key Controllers, and Authorised Signatories should be ID&V’d as per the requirements detailed in<br />
the <strong>Customer</strong> Individuals ID&V chapter 1 (for other entities refer to the relevant Legal Entity type<br />
<strong>CDD</strong> chapter).<br />
7.7.8. Where a Sole Authorised Signatory who is not a Key Controller by position with the entity is<br />
identified, the Business should make reasonable efforts to understand the precise nature of the<br />
relationship of the Sole Authorised Signatory to the <strong>Customer</strong> and document the results of this<br />
enquiry in the <strong>CDD</strong> Profile.<br />
7.7.9. For small clubs and Societies ( e.g. local Chess club) it is common to have a sole authorised<br />
signatory, In instances where the nature of the relationship between the Sole Authorised<br />
Signatory and the Club/ Society raises concern as to the true nature of the organisation or its<br />
control structure, the Club should be escalated to Country FCC for review. Due to the potential of<br />
misappropriation of funds for this customer type.<br />
53<br />
Where a single anonymous donor provides funds over the established threshold, the <strong>Customer</strong> should be escalated to Country FCC.<br />
INTERNAL<br />
Page | 116
Members<br />
7.7.10. Clubs and societies usually maintain formal or informal records of its Members. These records may<br />
be used to evidence the existence of a class of Members who seek to benefit from the organisation.<br />
7.7.11. All managing members must be identified and ID&V conducted in line with the Individuals ID&V<br />
Chapter 1. Managing members are individuals that control the operations and / or funds of the<br />
Club / Society (e.g. the Club President or Treasurer).<br />
7.8 <strong>Customer</strong> Screening<br />
7.8.1 The following table sets out the parties and information to be screened where identified (all FCRRs):<br />
Figure 7.6: <strong>Customer</strong> Screening<br />
Party<br />
Official and<br />
Other<br />
Screening<br />
Lists<br />
NegativeNews<br />
Screening<br />
Information Screened<br />
<strong>Customer</strong><br />
Club/ Society Yes Yes Full Names<br />
Connected Parties<br />
Donors Yes Yes Full Name of Identified Donors<br />
Key Controllers Yes Yes Full Name of the individuals identified in<br />
ID&V<br />
Members (Managing) Yes Yes Full Name of Managing Members<br />
Other Related Parties<br />
Other Related Parties Yes Yes Full name of the individuals identified in<br />
ID&V<br />
Negative NewsScreening<br />
7.8.2. Where a Donor or Key Controller is identified as a PEP or High Risk/SCC Negative News Screening<br />
should be carried out.<br />
INTERNAL<br />
Page | 117
7.9 Understanding Nature of Business and Source(s) of Wealth<br />
Nature of Business<br />
7.9.1. It is critical to understand the purpose and activities of the organisation in order to assess the<br />
Financial Crime Risk.<br />
7.9.2. In all cases it is important to understand the following<br />
<br />
<br />
<br />
Nature and purpose of the club/ society business<br />
Country in which they operate, generate funds or hold assets.<br />
Value of membership fees<br />
7.9.3. In addition below is the key additional Business information to be obtained for Clubs and Societies<br />
when the annual turnover of the account is more than $10,000 or equivalent<br />
Figure 7.7: Nature of Business Information for Clubs and Societies<br />
Nature of Business<br />
All Clubs,<br />
Societies<br />
a) Key Financial data including:<br />
<br />
<br />
Most recent level of annual donation/membership fees or expected<br />
donations/membership fees (where applicable);<br />
Details of any government or state funding.<br />
b) Nature and purpose of <strong>Customer</strong>’s operations;<br />
c) Operational Data;<br />
<br />
<br />
<br />
<br />
Number and location of:<br />
employees; and<br />
Volunteer base.<br />
place of Business Operations;<br />
d) Principal place of business and jurisdiction in which the <strong>Customer</strong>, the <strong>Customer</strong>’s<br />
subsidiaries/branches and where applicable its parent is based;<br />
e) Number of branches and/or offices in each country.<br />
f) Countries of Business Focus;<br />
<br />
<br />
<br />
Jurisdictions where the <strong>Customer</strong> generates funding greater than 10% of annual<br />
donations/membership fees;<br />
Jurisdictions where the <strong>Customer</strong> makes distributions greater than 10% of annual<br />
distributions;<br />
Jurisdictions where the <strong>Customer</strong> holds assets greater than 10% of total asset<br />
balance.<br />
g) Details on any cash donations accepted should be obtained from the <strong>Customer</strong> including<br />
details regarding:<br />
<br />
<br />
<br />
Cash value of donations;<br />
What percentage of overall donations are collected in cash;<br />
Maximum value of cash donations accepted per transaction.<br />
h) Details of how Key Controllers (and/or Managing Members) are appointed;<br />
i) Nature of membership base;<br />
j) Number of Members;<br />
k) Details of how membership fees are collected.<br />
7.9.4. Based on the information obtained from the <strong>Customer</strong>, assess whether the organisation’s donation/<br />
membership profile aligns with the mission, aims, purpose and objectives of the organisation.<br />
INTERNAL<br />
Page | 118
7.9.5. Where there are differences between the country of registration, primary operation or permanent<br />
residence of Key Controllers, the rationale for the operating and organisational structure of the Club<br />
or Society should be obtained. Where a reasonably justified explanation is not provided, the<br />
<strong>Customer</strong> should be escalated to Country FCC.<br />
7.9.6. Details of any recent material changes to the <strong>Customer</strong>’s operations (e.g. change in mission, class<br />
of Donors/ Beneficiaries and fundraising activities) should to be understood. At <strong>Customer</strong><br />
onboarding, a recent change is considered to be one which has occurred within the past 5 years.<br />
At Periodic Review or review as a result of a Trigger Event, information should be updated in the<br />
<strong>CDD</strong> Profile to reflect any changes that have taken place from the last review.<br />
Understanding the Source(s) of Wealth<br />
7.9.7. For Clubs and Societies SoW will likely be derived from Membership dues or a donation from a<br />
single or multiple Donor(s).<br />
7.9.8. The ongoing SoW will be dependent on the Club or Society’s nature of business (i.e. whether the<br />
organisation receives ongoing donations/ funding and/or membership dues or has commercial<br />
activities).<br />
7.9.9. For detailed requirements on SoW refer to Global Procedural Standards - Corporates and<br />
Partnerships Section 6.3.<br />
Understanding Sources of Funds<br />
7.9.10. Refer to Global Procedural Standards - Corporates and Partnerships Section 6.4.<br />
7.10 Understanding the Intended Purpose and Usage of Account<br />
7.10.1. Refer to Global Procedural Standards - Corporates and Partnerships Section 6.5. Where the<br />
intended purpose and usage of the account are not consistent with the type of Club or Society, the<br />
account must be referred to the Country FCC.<br />
7.11 Enhanced Due Diligence (EDD)<br />
7.11.1 Refer to Global Procedural Standards Corporates and Partnerships Section [7– Enhanced Due<br />
Diligence (EDD) for EDD requirements applicable to all entity types.<br />
INTERNAL<br />
Page | 119
8. Personal Investment Vehicles<br />
Key Objective<br />
How will the Objective<br />
be achieved?<br />
Scope of Section<br />
Related Sections<br />
To identify, assess and mitigate the risks associated with Personal Investment<br />
Companies (PICs) and Personal Investment Funds (PIFs) which pose a higher risk of<br />
Money Laundering or Terrorist Financing or where HSBC could be used as a conduit for<br />
financial crime activities<br />
PIFs and PICs require additional and/or specific due diligence to address their risk<br />
attributes, outside the scope of the standard ID&V, KYC, and general EDD<br />
requirements.<br />
This section outlines the specific and/or additional due diligence requirements for these<br />
<strong>Customer</strong>s (and their connected parties, as applicable).<br />
This Section outlines the additional/specific due diligence requirements in relation to the<br />
following:<br />
8.1 8.1 Introduction<br />
8.2 8.2 Definition<br />
8.3 Risks associated with PIVs<br />
8.4 <strong>CDD</strong> Requirements for PIVs<br />
8.5 Identification and Verification (ID&V)<br />
8.6 Know Your <strong>Customer</strong> (KYC)<br />
8.7 <strong>Customer</strong>-specific trigger events<br />
8.8 Other Considerations<br />
Sections [1-3] – <strong>RBWM</strong> Individuals: ID&V, KYC and EDD<br />
Global AML Policy: <strong>CDD</strong> Standards - Corporates & Partnerships (ID&V)<br />
Global AML Policy: <strong>CDD</strong> Standards - Corporates & Partnerships (KYC)<br />
Global AML Policy: <strong>CDD</strong> Standards - Corporates & Partnerships (EDD)<br />
Section [4] – <strong>RBWM</strong> Trusts<br />
Global AML Policy: <strong>CDD</strong> Standards - Funds<br />
Global AML Policy: <strong>CDD</strong> Standards - Foundations<br />
Guidance sources<br />
Global AML Policy: <strong>CDD</strong> Standards - PIVs<br />
INTERNAL<br />
Page | 120
8.1 Introduction<br />
8.1.1. In order to identify, assess and mitigate the risks associated with Personal Investment Vehicles<br />
(PIVs) such as PIFs and PICs, HSBC must apply specific due diligence procedures using a risk<br />
based approach. Specifically, the key <strong>CDD</strong> focus with PIVs relates to the Ultimate Beneficial<br />
Owner(s) since the sole purpose of the PIV (see definition below) is to hold and invest personal<br />
wealth on behalf of an individual or a small number of individuals.<br />
8.1.2. These specific due diligence procedures are to be considered in addition to the standard ID&V,<br />
KYC and EDD requirements outlined in <strong>RBWM</strong> Individuals and Corporates and Partnerships<br />
Chapters.<br />
8.2 Definition<br />
8.2.1. This chapter outlines the due diligence requirements for Personal Investment Vehicles, which<br />
include the following categories of <strong>Customer</strong>s.<br />
Figure 8.1: Personal Investment Vehicles - Definition<br />
<strong>Customer</strong><br />
Definition<br />
PIC<br />
PIF<br />
An incorporated entity (wherever constituted) ultimately beneficially owned by an individual<br />
or a small number of individuals, who are all connected to each other by family<br />
relationship or other, similar close association, the sole purpose of which is holding and<br />
investing the ultimate beneficial owner’s(s’) personal wealth. Assets held may include, but<br />
are not limited to, property, shares, bonds or any negotiable instrument.<br />
Refer to the Global <strong>RBWM</strong> AML Policy Chapter 13: PEPs for the definitions and examples<br />
of family members and close associates.<br />
Note that a PIC is distinct from a Holding Company. Please refer to the definition of<br />
Holding Company in Global Procedural Standards Corporates and Partnerships Chapter 5<br />
– ID&V.<br />
A Fund which satisfies one of the following criteria:<br />
<br />
<br />
Is limited to 10 or fewer investors (whether individuals or entities); or<br />
Is only open to investors (individuals) who are all connected to each other by<br />
family relationship or other, similar close association, or to investors (entities)<br />
which are connected by legal structure, for example entities in the same group<br />
structure.<br />
Refer to the Global <strong>RBWM</strong> AML Policy Chapter 13: PEPs for the definitions and examples<br />
of family members and close associates.<br />
A Fund is an individual pool of assets or investments which are ring-fenced and managed<br />
by a Fund/Investment manager with the intention to provide an economic return, through<br />
capital gain and/or income, to the beneficiaries or owners of those assets.<br />
8.2.2. Please note that Funds as an Entity type (Global Procedural Standards Funds Section 10) are<br />
considered separately to PIVs. The additional and specific procedures for Funds do not apply to<br />
PIFs, as defined above. If there is any doubt as to whether the <strong>Customer</strong> is a Fund or a PIF, refer<br />
to country FCC for guidance.<br />
8.2.3. Private Holding Trusts (“PHTs”) and Private Foundations are also considered separately within<br />
the <strong>RBWM</strong> Procedural Standards and Global Procedural Standards and are not subject to the<br />
requirements outlined below. Please refer to <strong>RBWM</strong> Section 4 Trusts for further information on<br />
PHTs and to Global Procedural Standards Section 15 for the requirements for Foundations<br />
(Section [15] Foundations).<br />
8.2.4. It is sometimes difficult to determine the form of a particular entity since the word ‘trust’ may be<br />
included in its name although the entity is actually a fund. A trust generally involves an individual<br />
INTERNAL<br />
Page | 121
or entity (settlor) passing control/ownership of an asset(s) to the control of a third party (trustee)<br />
for the benefit of another third party (beneficiary). When an investor places money with a fund it<br />
will generally be with the expectation of such funds being returned. If you have any doubt<br />
concerning the precise form of the entity, please refer to country FCC.<br />
8.3 Risks associated with PIVs<br />
8.3.1. There are a number of inherent risks when dealing with Personal Investment Vehicles. These<br />
include, but are not limited to:<br />
Figure 8.3: Risks Associated with Personal Investment Vehicles<br />
Beneficial owners’<br />
source of wealth<br />
The source of wealth of the beneficial owners of the PIC or PIF may be derived from illicit<br />
or prohibited activity. This may be made more difficult to detect by the culture of<br />
confidentiality attached to these structures, where it is usual practice not to disclose<br />
publically the identity of the underlying investors (beneficial owners) or positions held,<br />
unless legally obliged to do so.<br />
Complex structures<br />
Purpose of the<br />
structure<br />
Financial crime risks may be magnified by the existence of structures which may hinder or<br />
complicate establishing the identity of the underlying investors (beneficial owners). This<br />
may be because the unit-holdings are held in nominee names or trusts. The country of<br />
incorporation of the PIC or PIF may also be a factor which affects the complexity of the<br />
structure and should therefore also be considered, where relevant. Where there are three<br />
or more layers in the ownership or control structures around the PIC or PIF, or where<br />
other unusual characteristics are identified, the <strong>Customer</strong> should be escalated to country<br />
FCC for guidance.<br />
There is an increased risk of financial crime associated with PICs and PIFs due to the<br />
potential opacity of the ownership structure and the purpose of the vehicle. While this may<br />
be valid (for example to confer tax advantages legally or to provide a valid level of<br />
confidentiality on the nature of the assets held), it is important to establish that the vehicles<br />
have a genuine and legitimate purpose.<br />
8.4 <strong>CDD</strong> requirements for PIVs<br />
8.4.1. Common chapters have been drafted for ‘Corporates and Partnerships’ which detail the<br />
requirements as a baseline for all other ‘non individual’ customer types in respect of:<br />
Identification and Verification: Global Procedural Standards Corporates & Partnerships ;<br />
Know Your <strong>Customer</strong>: Global Procedural Standards Corporates & Partnerships;<br />
Enhanced Due Diligence: Global Procedural Standards Corporates & Partnerships.<br />
8.4.2. This chapter seeks to outline the additional or different ID&V, KYC and EDD requirements for<br />
PIVs, which may differ or be changed with regard to the baseline chapters as noted above.<br />
8.5 Identification and Verification (ID&V)<br />
8.5.1. There are no specific additional requirements for the ID&V of PIVs as <strong>Customer</strong>s. The core ID&V<br />
requirements outlined in [Global Corporates & Partnerships Procedural Standards Section [5] -<br />
ID&V] must be completed for all PIVs.<br />
8.5.2. However, it is vital to understand the ownership structure as this will assist with determining which<br />
Investors (Beneficial Owners) have control of the PIV, and will establish their true percentage<br />
ownership. In contrast to the core Corporates & Partnerships baseline content, where the<br />
requirements to ID&V the ownership structure and Beneficial Owners of the <strong>Customer</strong> vary<br />
according to its FCRR (refer to Global Procedural Standards Section 5.9.12 for further<br />
information), ID&V of the ownership structure and all Ultimate Beneficial Owners (UBOs) and Key<br />
Controllers must be performed for all PIVs regardless of their FCRR. The ID&V of these UBOs<br />
INTERNAL<br />
Page | 122
and Key Controllers must be performed in accordance with <strong>RBWM</strong> Individuals Section 1.8 (ID&V<br />
– Requirements for an Individual <strong>Customer</strong>).<br />
8.5.3. In certain instances, nominee directors, shareholders, companies, fund managers or other<br />
connected parties may be used in PIV structures. Nominees are commonly used to create a<br />
layer(s) of apparent ownership and control to disguise the actual beneficial ownership and control<br />
structure. A nominee may be an individual or entity and is defined as a party acting on behalf of<br />
another party and only on the specific instruction of that party.<br />
8.5.4. Where nominee or intermediate parties exist, it is only required to identify the name, date of birth<br />
and permanent residential address for individual nominees or the Name, Country of Incorporation<br />
and Regulated / Listed Status (where applicable) for entity nominees and to screen them against<br />
Official and Other Lists and Negative News. Additionally, consideration should be given to<br />
obtaining the nominee agreement(s).<br />
8.5.5. The use of nominees may be limited to the PIV itself or be more complex with multiple layers of<br />
nominee or intermediate parties. Where multiple layers of nominee or intermediate parties exist, it<br />
is key to 'look through' these layer(s) in order to understand who the ultimate beneficial owners<br />
are and the individuals (if different) who exercise real control over the PIV. Please refer to Global<br />
Procedural Standards Corporates and Partnerships Section 5.9.3 for specific requirements<br />
regarding “look through”. If concerns are raised over the complexity of the overall structure,<br />
consideration should be given to verifying certain <strong>CDD</strong> information obtained for the individual and<br />
/ or entity nominees.<br />
8.5.6. Where the <strong>Customer</strong> is a PIF, it may also be required to ID&V and screen the Fund Manager. The<br />
ID&V of the Fund Manager should be performed in accordance with <strong>RBWM</strong> Individuals ID&V<br />
Section 1.9 – ID&V Requirements for Connected Parties.<br />
8.5.7. The ID&V requirements for the UBOs and Key Controllers (nominee or non-nominee) of the PIV<br />
and the Fund Manager (applicable for PIFs only) are summarised in the table below.<br />
Figure 8.3: Personal Investment Vehicles ID&V Requirements<br />
Role Identify Verify Screen against Official and<br />
Other List and Negative News<br />
Ultimate Beneficial Owner (non-nominee and Yes Yes Yes<br />
nominee arrangements)<br />
Key Controller (non-nominee) Yes Yes Yes<br />
Intermediate Owner (nominee) Yes No* Yes<br />
Key Controller/(nominee) Yes No* Yes<br />
Fund Manager with power to withdraw funds Yes Yes Yes<br />
from the PIF<br />
Fund manager with power only to invest funds Yes No Yes<br />
and not withdraw funds from the PIF<br />
* Verification is not required where the Key Controller/ Intermediate Owner is a Nominee, and a Nominee Agreement has been<br />
provided by the UBOs. Verification of information should be considered where concerns are raised over the complexity of the overall<br />
structure.<br />
8.6 Know Your <strong>Customer</strong> (KYC)<br />
8.6.1. Except where outlined below, there are no specific additional KYC requirements for PIVs as<br />
<strong>Customer</strong>s. The requirements outlined as a baseline in Chapter [5] of the Global Procedural<br />
Standards Corporates & Partnerships - Know Your <strong>Customer</strong> (KYC) should be completed.<br />
Understanding Nature of Business<br />
8.6.2. It is important that information be gathered in order to identify the <strong>Customer</strong> as a PIC or a PIF (as<br />
opposed to a Corporate or a Fund). This includes obtaining the constitution document (or another<br />
acceptable document, such as the investment management agreement, shareholder agreement,<br />
INTERNAL<br />
Page | 123
offering memorandum or prospectus) for the structure, for example, from an officer in the<br />
<strong>Customer</strong> entity with an independent control function, such as Company Secretary.<br />
8.6.3. It is also required for all PIVs to understand the reason for use (economic purpose) of the PIV<br />
structure, and to assess that it has a genuine and legitimate purpose. Examples of the economic<br />
purpose of a PIV are generally limited to Tax Management.<br />
Understanding Source of Wealth and Source of Funds<br />
8.6.4. There are no specific additional KYC requirements for PIVs as <strong>Customer</strong>s relating to<br />
understanding the Source of Wealth of the structure.<br />
8.6.5. Source(s) of Wealth must be identified and validated for all UBOs and Investors in the PIV.<br />
8.6.6. The procedures to identify and validate Source of Wealth must be performed in accordance with<br />
the <strong>RBWM</strong> Individuals KYC standards (Refer to Section 2.5 – Source of Wealth).<br />
8.6.7. Sufficient information should be collected to enable HSBC to form a reasonable conclusion that<br />
they have earned or otherwise acquired their accumulated capital legally, that they provided<br />
capital to the structure with a bona fide investment purpose, and that their Source(s) of Wealth is<br />
commensurate with their holding in the <strong>Customer</strong>. The initial and on-going Source of Funds for<br />
PIVs will often reflect <strong>Customer</strong> specific characteristics such as payments originating from other<br />
family members, family businesses or countries where the <strong>Customer</strong> has personal or financial<br />
connections such as residency and existing investments.<br />
8.7 <strong>Customer</strong>-specific trigger events<br />
8.7.1. <strong>RBWM</strong> <strong>CDD</strong> Process Procedural Standards [Chapter 4 – Periodic and Event Driven Reviews]<br />
outlines the procedures to be performed at a Trigger Event. Appendix [8] of the Periodic and<br />
Event Driven Review Procedural Standards lists the Trigger Events applicable to all entities and<br />
the Trigger Events by customer type.<br />
8.8 Other Considerations<br />
Bearer Shares<br />
8.8.1. <strong>RBWM</strong> has a zero appetite for banking Bearer Share Entities. On-boarding of new Bearer Share<br />
PICs is prohibited. Where an existing <strong>Customer</strong> is a Bearer Share entity, it should convert to a<br />
registered share Entity or be exited in accordance with the CSEM policy (see Client Selection and<br />
Exit Management Policy).<br />
8.8.2. Asset Management Group (AMG) and Insurance Group (INS) are permitted to maintain<br />
relationships with, or offer products to, Issued Bearer Share Companies and Bearer Share<br />
Capable Companies where the underlying Line of Business (i.e. CMB or GBM) has applied all<br />
necessary controls outlined in Global Risk FIM; Global Risk Compliance FIM B.2.17.9.<br />
8.8.3. Appropriate written agreements must also be in place with the underlying Line of Business (i.e.<br />
CMB or GBM) which confirms that they are complying with the policy and informing AMG or INS<br />
of any relevant changes of ownership, as well as providing regular relevant FCC MI and/or<br />
indicators of unusual activity noted on the underlying customer.<br />
Reliance<br />
8.8.2. Please note that the procedures outlined in Global Procedural Standards Funds Section 10.6.3 do<br />
not apply to PIFs.<br />
INTERNAL<br />
Page | 124
9. Reliance<br />
Key Objective<br />
To describe the circumstances under which HSBC can rely upon another Firm/Intermediary for<br />
the due diligence and verification of a <strong>Customer</strong> and/or its connected parties and how to gain<br />
assurance that reliance can be placed.<br />
How will the Objective<br />
be achieved?<br />
Scope of Section<br />
HSBC may apply the procedures for placing reliance within the regulations of the<br />
jurisdiction of account opening and where the Intermediary or <strong>Customer</strong> meets HSBC<br />
requirements for placing reliance.<br />
This Section outlines the <strong>CDD</strong> procedures to be undertaken when placing reliance on an<br />
Intermediary.<br />
9.1. Introduction<br />
9.2. Definition of Reliance<br />
9.3. Risks Associated with Reliance<br />
9.4. Risk Appetite for Placing Reliance<br />
9.5. Part A: Reliance on Transfer Agents<br />
9.6. Risks Associated with TA’s<br />
9.7. Requirements for TA’s<br />
9.8. Due Diligence for TA’s<br />
9.9. Terms of Reliance<br />
9.10. Initial and Monitoring reviews of TA’s<br />
9.11. HSBC Responsibilities<br />
9.12. Part B: Reliance on an Instructing Party<br />
9.13. Risks associated with IP’s<br />
9.14. Requirements for IP’s<br />
9.15. Due Diligence for IP’s<br />
9.16. Due Diligence for the <strong>Customer</strong> and its connected parties.<br />
9.17. Terms of Reliance<br />
9.18. Initial and Monitoring reviews of IP’s<br />
9.19. Part C: Other Intermediary types<br />
9.20. Risks associated with Introducing / Managing Intermediaries<br />
9.21. Scenarios for Interim Period (exit of reliance relationship)<br />
9.22. Requirements for Introducing / Managing Intermediaries (to be maintained)<br />
9.23. Due Diligence for Introducing / Managing Intermediaries<br />
9.24. Due Diligence for <strong>Customer</strong><br />
9.25. Terms of Reliance<br />
9.26. Initial and Monitoring review of Introducing / Managing Intermediaries<br />
9.27. HSBC responsibilities<br />
Appendices<br />
Related Sections Global Procedural Standards Corporates & Partnerships section 4.9, 4.6.<br />
Guidance sources<br />
JMLSG (ref pgh.5.6.4, ref pgh.5.6.19), Wolfsberg principles (FAQ’s Q.1), FATF 2010<br />
Global AML Policy: <strong>CDD</strong> Standards - Reliance<br />
INTERNAL<br />
Page | 125
9.1 Introduction<br />
9.1.1 The purpose of this section is to detail the requirements that must be met to place reliance on third<br />
party Transfer Agencies (TA), Instructing Parties (IP) and others to undertake certain elements of<br />
<strong>CDD</strong>.<br />
9.1.2. Placing reliance allows HSBC to reduce the level of <strong>CDD</strong> held relating to a <strong>Customer</strong> by relying on<br />
the TA/IP/Intermediary to perform certain <strong>CDD</strong> tasks. As noted in the JMLSG 54 , “Several<br />
institutions/firms requesting the same information from the same <strong>Customer</strong> not only increase’s the<br />
inconvenience of the customer, it also results in the duplication of efforts by institutions/firms that<br />
are similar and whose aims are to prevent the same financial crime risks”.<br />
9.1.3. This section outlines the contractual requirements for placing initial reliance on<br />
TA/IP/Intermediaries and conducting ongoing monitoring to satisfy our regulatory obligations, since<br />
HSBC remains responsible for <strong>CDD</strong> even when placing reliance. The regulations across<br />
jurisdictions vary in the concessions for placing reliance on TA/IP/Intermediaries however this<br />
chapter provides the minimum requirements that must be met on a global basis.<br />
9.1.4. Notwithstanding HSBC's responsibility for <strong>CDD</strong> on all investors where it acts as fund<br />
manager/promoter/sponsor, the precise nature of the legal structure involved in a specific scenario<br />
may result in <strong>CDD</strong> responsibility being delegated or sub-delegated or assigned to another party.<br />
The precise legal structure of the fund and its’ advisers must be understood in assessing the overall<br />
<strong>CDD</strong> effort being undertaken.<br />
9.1.5. It should be noted however, that investors into HSBC funds (i.e. funds which are sponsored /<br />
promoted by HSBC) are customers of the Bank and, as such, the overarching principle is that HSBC<br />
retains overall responsibility for <strong>CDD</strong> on investors into funds where HSBC acts as fund<br />
manager/promoter/sponsor (except due to local Regulatory requirements as noted below at 9.1.6).<br />
9.1.6. In certain jurisdictions', <strong>CDD</strong>/AML Regulations place the responsibility for undertaking <strong>CDD</strong>/AML<br />
on investors into funds on parties other than the fund manager/sponsor/promoter. In such<br />
circumstances, HSBC does not place reliance on any third party since HSBC does not have<br />
responsibility for <strong>CDD</strong>. Circumstances where this is the case should be fully documented and<br />
approved as a Dispensation providing the relevant regulatory reference/text.<br />
9.2 Definition of reliance<br />
9.2.1 The definition of reliance widely agrees across regulations and jurisdictions. The JMLSG states<br />
‘The ML Regulations expressly permit a firm to rely on another person to apply any or all of the<br />
<strong>CDD</strong> measures, provided that the other person is regulated, and that consent to being relied on<br />
has been given. The relying firm, however, retains responsibility for any failure to comply with a<br />
requirement of the Regulations, as this responsibility cannot be delegated’.<br />
9.2.2 A key principle is the ability of the third party on which reliance is being placed to provide <strong>CDD</strong><br />
regarding the <strong>Customer</strong>(s) on a timely basis to the relying firm when requested to do so.<br />
9.2.3 HSBC must be satisfied with the following:<br />
<br />
<br />
<br />
<br />
The relevant due diligence procedures completed by the TA/IP/Intermediary;<br />
A record of the checks performed by HSBC on the TA/IP/Intermediary’s due diligence<br />
procedures is maintained;<br />
The TA’s/IP/Intermediaries reputation is suitable; and,<br />
The appropriate level of <strong>CDD</strong>/complete financial crime risk checks have been completed<br />
on the TA/IP/Intermediary itself prior to entering into an agreement.<br />
54<br />
The Joint Money Laundering Steering Group (JMLSG) is made up of the leading UK Trade Associations in the Financial Services<br />
Industry. Its aim is to promote good practice in countering money laundering and to give practical assistance in interpreting the UK<br />
Money Laundering Regulations. It is applicable to the UK only.<br />
INTERNAL<br />
Page | 126
9.2.4 As per regulations, HSBC will only place reliance on a TA/IP/Intermediary where there is an ongoing<br />
relationship between HSBC and the TA/IP/Intermediary. The term ‘ongoing relationship’ in this<br />
context means either:<br />
a) The TA/IP/Intermediary has an agreement (by two way agreement either via a signed<br />
agreement or via a two way communication depending on the 3 rd party type) with HSBC to<br />
provide <strong>CDD</strong> to HSBC as and when required regarding the <strong>Customer</strong>. A <strong>CDD</strong> profile will be<br />
created for the TA/IP/Intermediary which is to be updated, no less often than annually (see<br />
Initial and Monitoring review section 9.10 for TA’s, 9.18 for IP’s and 9.26 for Introducing /<br />
Managing Intermediaries); or,<br />
b) The Intermediary has an agreement with the <strong>Customer</strong> to manage the account on an ongoing<br />
basis and the account is held in the name of the Intermediary.<br />
9.2.5 In certain circumstances HSBC will not meet a <strong>Customer</strong> therefore the relationship may be nonface<br />
to face. If HSBC does not meet the <strong>Customer</strong> face to face, this does not necessarily constitute<br />
a reliance situation. The distinction between reliance and other forms of outsourcing arrangements<br />
for the purpose of these procedures are detailed below (9.2.6). The requirements regarding non<br />
face-to-face relationships (which are not a reliance scenario) are outlined in section 9.27.10<br />
(Introducer referral).<br />
9.2.6 The term reliance in some jurisdictions is interchangeable with outsourcing. For the purpose of this<br />
Standards Guidance, this document refers only to reliance.<br />
<br />
The FATF delineates what constitutes third-party reliance from outsourcing through a<br />
functional definition constituted by a set of positive or negative elements which describe<br />
situations or elements which are characteristic of a reliance context (as per the example<br />
in 9.2.5). For example, a third party in a reliance scenario usually has an existing business<br />
relationship with the customer and applies its own procedures to perform the <strong>CDD</strong><br />
measures. This can be contrasted with an outsourcing/agency scenario in which the<br />
outsource entity applies the <strong>CDD</strong> measures on behalf of the delegating financial<br />
institution in accordance with its procedures.<br />
9.2.7 In addition to the above scenarios (9.2.5 and 9.2.6), these procedures do not cover Know Your<br />
Distributor Due Diligence which is covered by Line of Business specific KYDDD procedures.<br />
9.3 Risks Associated with reliance<br />
9.3.1 Where HSBC chooses to place reliance on the TA/IP/Intermediary to conduct elements of <strong>CDD</strong>,<br />
the ultimate responsibility for ensuring compliance with the full <strong>CDD</strong> obligation still resides with<br />
HSBC, although HSBC will not hold full <strong>CDD</strong> documentation.<br />
9.3.2 In order for the Business Unit to rely on a third party, appropriate <strong>CDD</strong> and financial crime risk<br />
checks must be completed on the third party, the third party’s reputation must be suitable and the<br />
third party must be regulated. The Business Unit must review the third party’s due diligence<br />
procedures to ensure that they are compatible with HSBC’s <strong>CDD</strong> standards.<br />
9.3.3 A key risk when placing reliance is the transferring of <strong>Customer</strong> data outside of the HSBC Group.<br />
Data security and retention of <strong>CDD</strong> information are key considerations when placing reliance on a<br />
TA/IP/Intermediary (FIM B2.4.5 Privacy, Data Protection and Cross-Border Data Transfer).<br />
9.3.4 The TA/IP/Intermediary must have adequate controls in place to ensure Business continuity in the<br />
event of an incident and therefore reduce the risk of loss of <strong>Customer</strong> data and ensuring that the<br />
business can continue to function and provide HSBC with any information required in a timely<br />
manner.<br />
INTERNAL<br />
Page | 127
9.4 Risk Appetite for placing reliance<br />
9.4.1 The decision to place reliance is based on the risk appetite that HSBC has towards the following:<br />
a) Placing reliance on the particular TA/IP/Intermediary type within the jurisdiction / business<br />
segment concerned;<br />
b) On commercial considerations such as the cost of maintaining a due diligence<br />
programme to monitor where reliance is being placed versus holding full <strong>CDD</strong>;<br />
c) On regulatory requirements; and,<br />
d) Best practice across similar institutions.<br />
9.4.2 Based on the above considerations, HSBC will principally place reliance upon TA’s/IP’s for<br />
undertaking <strong>CDD</strong> on Investors in funds and on the Fund itself (where applicable). TA’s/IP’s are<br />
generally contractually required to undertake <strong>CDD</strong> on behalf of the Fund Manager/Fund regarding<br />
these Investors and therefore HSBC is able to rely on the TA/IP subject to undertaking a risk<br />
assessment (See sections 9.8 and section 9.15 for reliance on a TA /IP respectively) and initial /<br />
ongoing due diligence on such parties (section 9.10 for TA’s, 9.18 for IP’s).<br />
9.4.3 It is important to ensure that the correct section of this Standard is to apply where reliance is being<br />
placed.<br />
9.4.4 Part A relates to circumstances where:<br />
a) HSBC is the fund manager (i.e. it is an HSBC fund); and<br />
b) Reliance is being placed on a TA (either internal or external to HSBC) to conduct <strong>CDD</strong><br />
on investors into the fund.<br />
In these circumstances the investors into a fund are customers of HSBC and, although reliance is<br />
being placed on the TA to undertake some or all <strong>CDD</strong>, HSBC retains the responsibility for such<br />
<strong>CDD</strong>.<br />
9.4.5 Where HSS acts as a TA on behalf of a HSBC Fund, the requirements in section A apply. Where<br />
HSS acts as a TA on behalf of a non HSBC Fund these procedures do not apply.<br />
9.4.6 Please note that no other section, other than Part A, of the Procedure is applicable to AMG or GPB<br />
where they act as the fund manager and reliance is being placed on a TA.<br />
9.4.7 Part B relates to circumstances where:<br />
a) HSBC banks a third party fund (i.e. it is not an HSBC fund); and<br />
b) Reliance is being placed on an Instructing Party (typically Fund Manager) to that fund to<br />
undertake <strong>CDD</strong> on the fund itself and the underlying investors into such fund.<br />
In these circumstances, the fund is the customer of HSBC and investors into the fund are beneficial<br />
owners of such customer. HSBC despite placing reliance on the TA to collect <strong>CDD</strong>, retains<br />
responsibility for such <strong>CDD</strong> on the fund as customer (including <strong>CDD</strong> on beneficial owners as<br />
applicable based on the appropriate risk rating of the <strong>Customer</strong>).<br />
9.4.8 Part C relates to other circumstances where reliance is being placed on a third party but the<br />
circumstances are not covered by the specific situations noted at Parts A and B above.<br />
9.4.9 Where the Business is uncertain as to which section of the Standard is to be applied, Country FCC<br />
is to be consulted.<br />
9.4.10 Where the Intermediary is not a TA/IP, and HSBC is currently placing reliance on them to manage<br />
the <strong>Customer</strong>’s account, the reliance relationship with the Intermediary is to be exited unless the<br />
Business wishes to maintain the reliance relationship on an exception basis.<br />
9.4.11 Until such a time when the relationship with the Intermediary can be exited, the requirements<br />
outlined in Part C (section 9.19) apply.<br />
INTERNAL<br />
Page | 128
9.4.12 In the instances that HSBC wishes to place reliance on non-TA/IP Intermediaries (treated as an<br />
instance of <strong>CDD</strong> Risk Acceptance), refer to section 9.21.9 for approval requirements. The<br />
contractual requirements for initial and ongoing monitoring would need to be followed in each<br />
instance.<br />
9.5 Part A: Reliance on Transfer Agents where HSBC is the Fund<br />
Manager (N.B. Only to be reviewed where reliance is being placed on a TA).<br />
Definition of a Transfer Agent (TA)<br />
9.5.1 TA’s (also called Registrars) are generally regulated entities that act as an Intermediary between<br />
HSBC (as Fund Manager/Promoter) and the Investor (Fund Unit Holder) in a fund. The TA is<br />
generally responsible for:<br />
<br />
<br />
<br />
<br />
<br />
Maintaining the register of unit holders and processing applications into, and<br />
redemptions from, the fund;<br />
Receiving funds from the investors and passing such funds on to the Fund/Fund<br />
Manager (once the register has been updated to reflect the new investor);<br />
Collecting <strong>CDD</strong> from the new investor to a standard appropriate to the entity type and<br />
the jurisdiction where the TA is regulated (or higher, as required by the Fund/Fund<br />
Manager); and,<br />
Processing requests for redemptions out of the fund, ensuring that these are not<br />
fraudulent, that all required <strong>CDD</strong> is current and requesting sufficient funds from the<br />
Fund/Fund Manager to pay the redemption requests.<br />
TAs may also be responsible for the following requirements;<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
Fielding queries relating to <strong>CDD</strong> documentation;<br />
PEP and Sanctions screening;<br />
SARs recording;<br />
Management of dormant positions;<br />
Transaction monitoring;<br />
Periodic reviews;<br />
Ongoing management of the <strong>Customer</strong>;<br />
Record keeping; and,<br />
Internal risk based testing.<br />
9.5.2 The type of TA that HSBC will consider for reliance purposes may be categorised an HSBC Affiliate<br />
or ‘external’ to the bank. The due diligence requirements where reliance is being placed for each<br />
TA type may differ and a risk based approach should be adopted. For guidance on Affiliate<br />
Management, please refer to Global AML Guidance Document section ’03.01 – Affiliate<br />
Management Guidance’.<br />
INTERNAL<br />
Page | 129
9.5.3 Additional definitions for terms used in section A are as follows:<br />
Fig.9.1: Definitions<br />
Term<br />
The Fund<br />
Definition<br />
An individual pool of assets or investments which are “ring-fenced” and managed by a<br />
Fund/investment manager with the intention to provide an economic return, through<br />
capital gain and/or income, to the beneficiaries or owners of those assets.<br />
A Fund may be one of a variety of different investment vehicles including but not limited<br />
to: Unit Investment Trusts; Hedge Funds; Private Equity Funds; Pension Funds, Fundsof-Funds,<br />
Mutual Funds, Provident Funds and Investment Clubs<br />
Funds may be constituted in a variety of different legal entity types, including<br />
corporations, trusts or partnerships. Common among all of this variation is the pooling of<br />
investment resources by investors (the ultimate beneficial owners) into a vehicle that<br />
works towards investment objectives.<br />
Fund Manager/<br />
Promoter/ Sponsor<br />
(collectively 'Fund<br />
Manager')<br />
A Fund Manager is an individual or Fund management company responsible for making<br />
decisions related to the Fund’s portfolio of investments in accordance with the stated<br />
goals of the Fund. The Fund Manager will receive management fees with respect to the<br />
day-to-day business and operations of the Fund, which are often calculated based on<br />
the net asset value of the units of the Fund. In addition, HSBC acts as Fund Promoter<br />
and Sponsor where it sells funds to investors or otherwise offers such funds to investors.<br />
Transfer Agent/Registrar<br />
(collectively 'Transfer<br />
Agent')<br />
A Transfer Agent is an intermediary who is responsible for maintaining a Fund's share<br />
register of investors and for ensuring that investors into the Fund comply with all<br />
applicable <strong>CDD</strong> regulations.<br />
9.6 Risks Associated with TA’s<br />
9.6.1 In addition to the general risks associated with placing reliance, a specific risk associated with TA’s<br />
is that HSBC may not meet the <strong>Customer</strong> and therefore the relationship may be non-face-to-face.<br />
In most instances a TA will also not meet the customer therefore appropriate controls must be put<br />
in place by the TA and tested by HSBC as part of the reliance process.<br />
9.7 Requirements for TA’s<br />
9.7.1 The key requirements for placing reliance on a TA are as follows:<br />
a) That the TA poses an acceptable financial crime risk; and,<br />
b) That the TA is an Equivalently Regulated Financial Institution (Refer to Global Procedural<br />
Standards Corporates section 5.6.2); and,<br />
c) It is not located in a country assessed as High-risk on the Group FCCRM; and,<br />
d) That the TA is fully aware of, and has agreed to, their responsibilities and the delegation<br />
of these responsibilities is clearly defined in a written agreement.<br />
9.7.2 Point C above is applicable except where the TA is located in the same location as the Fund (e.g.<br />
both the Fund and TA are located in the same High Risk jurisdiction).<br />
9.7.3 Where instances of <strong>CDD</strong> Risk Acceptance are noted, the TA should be escalated to Country FCC.<br />
INTERNAL<br />
Page | 130
9.8 Due Diligence for TA’s<br />
9.8.1 The due diligence process for onboarding a TA consists of three parts;<br />
<br />
<br />
<br />
Risk Assessment of the TA;<br />
Due diligence on the TA; and,<br />
Review of the <strong>Customer</strong> Due Diligence procedures of the TA.<br />
9.8.2 In practise, Enhanced Due Diligence (EDD) on the TA is completed prior to gathering the standard<br />
due diligence relating to the TA as part of the initial Risk Assessment phase. The <strong>CDD</strong> information<br />
regarding the <strong>Customer</strong> is obtained in addition to the above.<br />
Risk Assessment<br />
9.8.3 A risk assessment of the TA’s must be performed by the Specialist team in order to limit the risk to<br />
HSBC of using a third party for reliance purposes.<br />
9.8.4 The risk assessment questionnaire must be completed for all TA’s including those that are existing<br />
<strong>Customer</strong>s, unless they have been risk assessed within the past 12 months. The risk assessment<br />
questionnaire is to be completed prior to the due diligence information being gathered and the TA<br />
profile created and is to be stored locally in the jurisdiction for which reliance is being applied.<br />
9.8.5 The risk assessment questionnaire must cover the following topics and responses to each factor<br />
must be descriptive in nature:<br />
Fig.8.2: Risk Assessment questionnaire: Transfer Agent<br />
Risk Assessment questionnaire: Transfer Agent<br />
1) Regulated status: The regulated status of the TA must be assessed in order to confirm<br />
that the status meets the requirements stated above (section 9.7).<br />
2) Reputation: The public disciplinary record/market reputation of the TA should be<br />
reviewed and considered when analysing the risk level.<br />
3) Obligations: Research whether there have been any recent lawsuits against the TA and<br />
understand the implications if HSBC is to establish a relationship with the TA.<br />
4) Controls: Confirm that the TA has an adequate existing control infrastructure from a <strong>CDD</strong><br />
perspective necessary to meet the due diligence standards required by HSBC (e.g.<br />
Governance, industry standard reports). Refer to table 9.8.13.<br />
5) Financial: Review the financial strength of the TA (e.g. credit rating) and confirm that all<br />
<strong>Customer</strong> and fund monies held are segregated from the TA’s own funds under all<br />
circumstances<br />
6) Business dealings: Understand the nature of business dealings that the TA is involved<br />
in. This may identify links to higher risk business types (Chapter 10, Restricted and<br />
Prohibited <strong>Customer</strong>s, Special Categories of <strong>Customer</strong>s (SCCs) and Prohibited Products).<br />
7) Data security/IT infrastructure/Business continuity: Identify controls for data security<br />
to reduce the risk of data transfer (such as data retention controls) and obtain information<br />
regarding the stability of the IT infrastructure in order to understand the risk of data loss.<br />
In addition, review procedures for business continuity<br />
8) Products/Services: Consider the services offered by the TA<br />
9) Any other adverse information regarding the TA (e.g. negative news).<br />
INTERNAL<br />
Page | 131
9.8.6 The information above is to be documented in the risk assessment questionnaire and is subject to<br />
approval by the designated individuals (refer to approvals section 9.11.8). The risk assessment<br />
questionnaire must include the above factors at a minimum.<br />
9.8.7 A summary of the key risks and risk mitigating controls managed by the TA is to accompany the<br />
risk assessment questionnaire and is to be completed prior to on-boarding. This summary is to be<br />
updated on a periodic basis and a copy linked to the profile of the TA.<br />
<strong>CDD</strong> on TA<br />
Additional factors for consideration<br />
10) Sales capacity: This information could be used to indicate the level of business activity<br />
of the TA and whether it is indeed valid or potentially a fraudulent operation.<br />
11) Training activities/staff strength: These factors indicate the level of knowledge (such<br />
as AML/CFT/Anti-Bribery and Corruption), resourcing and capacity that the TA has in<br />
order to perform the tasks required to meet the minimum requirements as set out in 9.8.13<br />
and fig 9.3.<br />
12) Rules of Conduct and Complaints: this information could be used to confirm if the TA<br />
is aligned in terms of the treatment of <strong>Customer</strong>s and its wider ethical standards (e.g.<br />
conflict of interest, Inducement etc.)<br />
9.8.8 The Due Diligence (DD) information required for the TA will follow the requirements for their<br />
particular <strong>Customer</strong> type (i.e. Non-Banking Financial Institution or Bank).<br />
9.8.9 TA’s that are not HSBC <strong>Customer</strong>s, will be subject to a similar level of DD required for TA’s that<br />
are existing <strong>Customer</strong>s.<br />
9.8.10 TA’s that are existing <strong>Customer</strong>s will be risk rated as per their <strong>Customer</strong> type. The Product risk<br />
rating will be increased to High risk in the scenario that a reliance relationship is entered.<br />
9.8.11 TA’s that are not <strong>Customer</strong>s will be risk rated as per their classified <strong>Customer</strong> type (e.g. Non-<br />
Banking Financial Institution), and the product rating of the TA will be classified as High Risk in<br />
order to reflect the risk relating to the reliance relationship.<br />
9.8.12 In the instance that the TA is identified as High risk or SCC, approval must be provided by the<br />
Reputational Risk Committee (or equivalent) in order to place reliance.<br />
Review of Underlying <strong>Customer</strong><br />
9.8.13 <strong>CDD</strong> and risk analysis of the <strong>Customer</strong> is to be completed by the TA to meet, as a minimum, local<br />
regulatory and legislative requirements, and the Anti Money Laundering standards for conducting<br />
due diligence as outlined in the Wolfsberg Principles (e.g. in the Wolfsberg Questionnaire), as<br />
applicable to the underlying <strong>Customer</strong> Type. Key control requirements which must be present in<br />
the TAs <strong>CDD</strong> procedures include but are not limited to:<br />
INTERNAL<br />
Page | 132
Fig.9.3: Risk Assessment questionnaire: Transfer Agent<br />
9.8.14 There will be no requirement for TA’s to provide copies of ID&V documents used for verification<br />
purposes to HSBC as part of the due diligence process (unless stated within the agreement),<br />
however these documents must be made available to HSBC within five working days upon request<br />
(or less depending on local regulations).<br />
9.9 Terms of Reliance<br />
Risk Assessment questionnaire: Transfer Agent<br />
1) Risk Rating: TA must take a risk based approach to the rating of <strong>Customer</strong>s.<br />
2) Prohibited <strong>Customer</strong>s: TA is to disclose the methods for the classification and<br />
identification of prohibited customers<br />
3) ID&V: Identification and verification of the <strong>Customer</strong> and its connected parties such as<br />
Beneficial Owners / Key Controllers (where required).<br />
4) Screening: The TA is to have a method of screening <strong>Customer</strong>s and clearing related hits<br />
which is effective and transparent to HSBC.<br />
5) KYC: Information on key KYC topics such as Source of Wealth/Source of Funds/Nature<br />
of Business is gathered.<br />
6) Account Activity Reviews: TA is to perform monitoring of <strong>Customer</strong> activities via the<br />
appropriate methods (including SAR recording). Where HSBC banks the fund in addition<br />
to acting as Fund Manager, it will also undertake transaction monitoring to the standard<br />
set out for that process.<br />
7) Enhanced Due Diligence (EDD): High risk <strong>Customer</strong>s require enhanced due diligence<br />
measures. The TA will be responsible for performing EDD to meet the minimum<br />
requirements, as set out in paragraph 9.8.13 (refer to 9.7.3 for Exception requirements).<br />
The TA undertakes to bring to the attention of HSBC any Investors/Funds that they have<br />
identified that pose a heightened financial crime risk, negative media, or produce a<br />
screening hit, prior to the dealing date.<br />
8) Reliance: TA is to fully disclose the nature of any reliance relationships that they have<br />
with third parties where the TA does not hold full <strong>CDD</strong> on a customer<br />
9.9.1 A written agreement detailing the extent of reliance and the requirements/terms and conditions,<br />
must be signed prior to entering the reliance relationship. This must be a two way agreement<br />
signed by the TA and HSBC under which:<br />
a) The responsibilities of the TA are clearly articulated;<br />
b) The terms and conditions and requirements outlined;<br />
c) HSBC’s rights of access to customer data are documented (including rights to access a<br />
summary of the findings of unusual transaction monitoring activities represented by<br />
financial metrics where required);<br />
d) Visitation and testing documented; and,<br />
e) The written agreement must meet legal and regulatory requirements of the local<br />
jurisdiction.<br />
9.9.2 The documents required in order to enter the reliance arrangement are detailed below. These<br />
documents outline the roles and responsibilities, terms and conditions and evidence of qualification<br />
for the arrangement:<br />
INTERNAL<br />
Page | 133
Fig.9.4: Reliance Agreement and Documents<br />
Reliance Agreement and Documents<br />
a) An agreement detailing the TA’s responsibilities and ongoing <strong>CDD</strong> work to be completed (See<br />
Appendix1). A renegotiation of existing SLA agreements is to occur where the requirements noted are<br />
not currently being followed.<br />
b) HSBC’s standard terms and conditions along with the agreement above must be sent to and signed<br />
(where required) by the TA.<br />
c) The risk assessment questionnaire (See section 9.8) must be completed for all new TA’s and signed by<br />
the relevant approvers.<br />
d) Evidence that the TA is appropriately regulated is to be provided. An annual letter of agreement is to be<br />
provided confirming the regulatory status.<br />
9.9.3 The documents above are to be obtained from the TA in addition to the <strong>CDD</strong> documents required<br />
under the specific <strong>Customer</strong> type section.<br />
9.9.4 If one of these documents is not provided/cannot be completed, the TA relationship must not be<br />
entered, or a current relationship must be exited.<br />
9.10 Initial and Monitoring reviews of TAs<br />
9.10.1 Initial and Monitoring reviews of the <strong>CDD</strong> activities performed on behalf of HSBC are to be<br />
scheduled in order to validate that the <strong>CDD</strong> is being conducted in an equivalent manner to the local<br />
regulatory and legislative requirements and the Wolfsberg principles, to the level of performance<br />
agreed, and that the systems and controls are sound.<br />
9.10.2 Records of the monitoring review are to be maintained by HSBC.<br />
9.10.3 A list of all approved TA parties is to be maintained on a Global basis (procedures for this are to be<br />
established).<br />
Frequency of Testing<br />
9.10.4 TA’s are to be tested both at the beginning of the relationship and on an ongoing basis. The visit<br />
must occur no less often than once a year (or more frequently if deemed necessary).<br />
9.10.5 The frequency of testing (if required more often) is to be determined by Country FCC and<br />
communicated to the TA within the appropriate Fund Board Meeting.<br />
Visitation and Reporting requirements<br />
9.10.6 The requirements for initial testing is reduced compared to those for ongoing testing and are as<br />
follows;<br />
<br />
<br />
<br />
The TA is to be given reasonable notice of visitation to be performed (e.g. at least seven<br />
working days). The Compliance Officer and Senior Operations Staff are to be in<br />
attendance and are to review findings, follow up actions and agree timings.<br />
Review of TA’s AML/<strong>CDD</strong> standard must take place to ensure local regulatory and<br />
legislative requirements and the Wolfsberg principles are adhered to and relevant<br />
correspondence with Regulator(s) is to be reviewed (where permissible by regulatory<br />
body) including details of any breach of regulation, or any sanctions applied in order to<br />
substantiate the TA’s adherence to local requirements.<br />
Operational information is to be obtained e.g. Staff turnover/vacancies and any other<br />
material staffing issues to be investigated, proposed/planned systems changes. Total<br />
INTERNAL<br />
Page | 134
number of complaints and brief description of the substance of these complaints (action<br />
taken, status).<br />
9.10.7 The final testing reports for initial and ongoing testing should include at a minimum:<br />
Fig: 9.5 TA Testing procedures - Reporting<br />
TA Testing procedures – Reporting Initial Periodic<br />
a) Impact of Regulatory changes enacted or in the pipeline.<br />
Yes<br />
Yes<br />
b) Confirmation that the risk assessment questionnaire has been reviewed and<br />
updated where required. Yes Yes<br />
c) Summary of discussions held with the TA Compliance Officer and Head of<br />
Operations regarding any matters of substance related to the maintenance<br />
of an effective AML/<strong>CDD</strong> programme which complies with the obligations<br />
within the TA agreement/contract and all applicable regulatory<br />
requirements.<br />
d) Summary of findings of testing results including applicable management<br />
information (e.g. number of files reviewed, number that passed/failed,<br />
significance of results and any remedial action required and other followup).<br />
Yes<br />
N/A<br />
Yes<br />
Yes<br />
e) For HSBC purposes only, the paper should include the level of risk recorded<br />
for the TA along with the supporting rationale. Yes Yes<br />
9.10.8 Findings (relating to either initial or ongoing testing) are to be summarised in a paper and distributed<br />
to the Key Controllers of the account e.g. the Fund Board 55, Management team of the Fund<br />
Manager, senior HSBC Risk team members, Country FCC and Operations personnel. The Paper<br />
should be presented to the next Fund board meeting and the discussion and conclusion minuted.<br />
The risk summary regarding the TA is to be updated based on the annual testing/review that is<br />
performed and circulated to HSBC parties annually (See section 9.8.6).<br />
9.11 HSBC responsibilities<br />
9.11.1 The internal management of TA’s necessitates that the responsibilities for each part of the process<br />
are clearly defined.<br />
9.11.2 HSBC has a responsibility to be comfortable with the standards of the TA in order to continue in<br />
the role of the Fund Manager of the Fund.<br />
9.11.3 HSBC is responsible for ensuring that any findings noted as a result of review/testing are reported<br />
to the Fund Board on a timely basis.<br />
55 The Fund board is charged with ensuring that the fund is managed in the best interests of the fund's investors, that the<br />
strategic direction of the Fund is line with the expectations/purpose, and with hiring the Fund Manager and other service<br />
providers to the fund.<br />
INTERNAL<br />
Page | 135
Onboarding and Ongoing Management<br />
9.11.4 The level and complexity of the risks associated with TA’s require that a designated team of<br />
Specialists are responsible for managing these relationships within the business. This team is<br />
responsible for:<br />
<br />
<br />
Control Testing<br />
Completing the Risk Assessment Questionnaire; and,<br />
Managing the <strong>CDD</strong> information gathered regarding the TA.<br />
9.11.5 Responsibility for arranging the visitation / control testing to the TA will be held by the Specialist<br />
team (or equivalent).<br />
9.11.6 A representative of Country FCC will lead the visitation and control testing of the TA and may be<br />
supported by other Country FCC and/or operational staff.<br />
Business Sign off<br />
9.11.7 Sign off from key stakeholders of the Business is required for:<br />
Approval for the TA<br />
<br />
<br />
The Testing results reported at onboarding; and,<br />
The Testing results reported on ongoing management.<br />
9.11.8 The approval structure for accepting a TA is detailed below:<br />
<br />
<br />
<br />
<br />
<br />
Controller: Specialist team<br />
Authorizer: Head of Specialist team<br />
Adviser: Country FCC function<br />
Adviser: Regional FCC function<br />
Ultimate Approver: Fund Board<br />
9.11.9 Approval of the TA at onboarding is to be documented within the <strong>CDD</strong> profile.<br />
9.11.10 Approval of the TA on an ongoing basis is to be documented within the <strong>CDD</strong> profile at annual review<br />
(or as the result of a trigger event).<br />
9.11.11 Please note that the approval structure documented in 9.11.8 in the procedures is only in the<br />
context of the <strong>CDD</strong> requirements and that the TA (depending on the nature of the relationship with<br />
HSBC) may still need to be approved through a complete due diligence process (covering aspects<br />
relating to outsourcing such as service capability, systems, contingency, people, etc. etc.) as<br />
required for all service providers.<br />
Change in circumstance<br />
9.11.12 Where the TA is replaced, a comprehensive plan for the transfer of <strong>CDD</strong> documentation undertaken<br />
previously will need to be prepared and a complete review of the relationship with the newly<br />
appointed TA performed.<br />
9.11.13 The plan will need to be approved as per the approval structure for accepting and maintaining a TA<br />
(see section 9.11.8) and will include the date at which responsibilities are transferred from one TA<br />
to the other<br />
INTERNAL<br />
Page | 136
9.12 Part B: Reliance on an Instructing Party (N.B. Only to be reviewed where<br />
reliance is being placed on an IP and the fund is the <strong>Customer</strong> of HSBC).<br />
Definition of an Instructing Party (IP)<br />
9.12.1 Generally, all Funds will appoint a Fund or Investment Manager (Instructing Party) to manage the<br />
assets of the Fund in line with the Fund prospectus/offering memorandum. Some IP’s are<br />
subsidiaries of larger groups such as banks or insurance companies, although they may be<br />
independently owned and even publicly quoted.<br />
9.12.2 The IP may provide <strong>CDD</strong> information to HSBC either if it is an external IP, or an HSBC Affiliate /<br />
Department acting as an IP. The requirements for both IP types are the same.<br />
9.12.3 When HSBC places reliance on an IP for information, the Fund is the <strong>Customer</strong> and the Investor is<br />
a beneficial owner (BO) of the Fund (rather than a <strong>Customer</strong>). The IP completes due diligence on<br />
the Fund itself and the connected parties to the Fund (although it may delegate the latter to another<br />
entity, typically a TA, or Administrator, or Registrar).<br />
9.12.4 Reliance therefore includes, but is not limited to:<br />
<br />
<br />
<br />
<br />
For the Fund (<strong>Customer</strong>) – HSBC identifies the Fund on the basis of information<br />
provided by the IP and relies on the IP to have undertaken verification;<br />
For Key Controllers – HSBC identifies the roles and responsibilities of the parties<br />
associated with the Fund / Fund Controllers on the basis of information provided by the<br />
IP or Administrator and relies on the IP or Administrator to have undertaken verification;<br />
For Investors in the Fund (Beneficial Owners) – the level of reliance that HSBC is able<br />
to place on an IP or Administrator for due diligence regarding BO’s is dependent on the<br />
regulatory status of the IP or Administrator (See section 9.14 below); and,<br />
For Nature of Business, Source of Wealth, Source of Funds, Account purpose – HSBC<br />
may be provided with some or all of the information required regarding these topics and<br />
may rely on the IP or Administrator to have undertaken verification requirements.<br />
9.12.5 Where indicated in Fig. 9.6 below, HSBC may place reliance on the party (or parties) responsible<br />
for <strong>Customer</strong> due diligence of the Fund.<br />
INTERNAL<br />
Page | 137
Fig.9.6: <strong>Customer</strong> for due diligence requirements at Fund level: Scenarios when Reliance can be placed.<br />
Regulated Status<br />
of Instructing IP= Equivalently regulated FI<br />
IP=Not an equivalently regulated FI<br />
Party (IP)*:<br />
HSBC Role: Specific types of engagement**** All types of engagement<br />
<strong>CDD</strong> Profile Requirements<br />
Scope of Role:<br />
Traded Markets Includes e.g. (a) FX, (b)<br />
Debt instruments, (c) OTC derivatives -<br />
(Credit, Rates, Equity, other) (d) Primary<br />
& off-exchange Equity & Debt, (e) Other<br />
markets products, (f) Prime Brokerage<br />
Securities Services includes e.g. (a)<br />
Custody, (b) Trustee/Depository, (c)<br />
Administrator, (d) Transfer Agent, (e)<br />
Clearing/Settlement<br />
Banking includes e.g. (a) Deposit fixed<br />
& notice, (b) Loans, (c) Revolving credit,<br />
(d) PCM, (e) Trade<br />
i) Instructing Party (IP); and<br />
ii) Fund; and<br />
iii) Party on whom reliance is being<br />
placed for due diligence on the Fund<br />
(e.g. Administrator)<br />
Exchange-Traded Products<br />
Traded Markets<br />
Securities Services<br />
Banking<br />
i) Instructing Party (IP); and<br />
ii) Fund; and<br />
iii) Party on whom reliance is being<br />
placed for due diligence on the<br />
Fund (e.g. Administrator)<br />
Instructing Party (IP)<br />
Administrator<br />
ID&V - Fund<br />
<strong>Customer</strong> <strong>CDD</strong> Profile: refer to sections<br />
9.15.2 to 9.15.6<br />
Due diligence: refer to sections 9.15.7 to<br />
9.15.10<br />
Identification – Obtain information from IP/<br />
Administrator<br />
Verification – Rely on IP/ Administrator<br />
<strong>Customer</strong> <strong>CDD</strong> Profile: refer to sections<br />
9.15.2 to 9.15.6<br />
Due diligence: refer to sections 9.15.7 to<br />
9.15.10<br />
ID&V Fund<br />
Fun<br />
d<br />
ID&V –<br />
BO*****<br />
Administrator<br />
** is<br />
equivalently<br />
regulated<br />
Other<br />
Identification – Rely on IP / Administrator<br />
Verification – Rely on IP / Administrator<br />
Identification – Obtain information from IP/<br />
Administrator<br />
Identification – Obtain information from<br />
Administrator<br />
Verification – Rely on Administrator<br />
ID&V BO's<br />
Verification – Rely on IP/ Administrator<br />
ID&V - Fund Control Structure***<br />
Administrator<br />
** is<br />
Identification – Obtain information from IP/<br />
Administrator<br />
Verification – Rely on IP/ Administrator<br />
Identification – Obtain information from IP/<br />
Administrator<br />
ID&V Structure<br />
Identification – Obtain information from<br />
Administrator<br />
INTERNAL<br />
Page | 138
ID&V –<br />
Controller*****<br />
*<br />
equivalently<br />
regulated<br />
Other<br />
Verification – Rely on IP/ Administrator<br />
Identification – Obtain information from IP/<br />
Administrator<br />
Verification – Rely on Administrator<br />
ID&V Controllers<br />
Verification – Rely on IP/ Administrator<br />
ID&V - Instructing Party (IP)<br />
********<br />
ID&V as Direct Appointee<br />
(if different from Investment Manager or<br />
Controller)<br />
ID&V as Direct Appointee (if different<br />
from Investment Manager or Controller)<br />
* For simplicity, this is assumed to be the Investment Manager in the table above, but can be one of a number of parties that<br />
may be mandated to issue instructions on behalf of the Fund. Where the Instructing Party is the Fund itself, no reliance can<br />
be placed on the Fund.<br />
** For simplicity, this is referred to as the Administrator in the table above, but can be one of a number of parties with<br />
responsibility for conducting due diligence on the Fund and its investors. This may include the Administrator, Fund Trustee,<br />
or Depositary.<br />
*** Fund Control Structure refers to the relationship of Key Controllers to the Fund. The Fund’s structure will typically be<br />
understood by referring to the Fund prospectus or offering memorandum. Specific details are provided in the Global ID&V<br />
matrix.<br />
**** A reliance agreement is required to place reliance on Instructing Party or another party to perform due diligence on a Fund.<br />
Where a reliance agreement is not obtained, the requirements in column for ‘not an equivalently regulated institution’ will<br />
apply. Refer to Appendix 2 for the required content of the reliance agreement.<br />
***** The beneficial owners of the Fund are the investors into the Fund and must be identified to the relevant thresholds determined<br />
by the Fund’s risk rating. Where the <strong>Customer</strong> is a Master Fund, composed of multiple Feeder Funds, this may involve<br />
obtaining the offering memoranda from the Feeder Funds.<br />
****** The Fund’s controllers will be identified via the verification of the Fund structure. It is important to note that controlling<br />
parties may often already have been identified within an Investment Manager’s or Administrator’s <strong>CDD</strong> profile (with a<br />
reference to the Fund’s <strong>CDD</strong> profile).<br />
******* Even if the Instructing Party requires a separate sub-account per Fund, the Instructing Party and not the Fund is the <strong>Customer</strong>.<br />
To denote this, the sub-account must clearly designate both the Instructing Party and Sub-account names.<br />
******** Instructing Party where the Fund has an internal management structure.<br />
INTERNAL<br />
Page | 139
9.13 Risks Associated with IP’s<br />
9.13.1 In addition to the general risks associated with placing reliance, a key risk identified when placing<br />
reliance on an IP, is that the IP also places reliance on an external TA to complete the due diligence<br />
for the Investors and the financial crime risk checks/controls completed on the TA by the IP may<br />
not be to the equivalent standard of HSBC’s.<br />
9.14 Requirements for IPs<br />
9.14.1 The key requirements for placing reliance on an IP are as follows:<br />
a) That the IP poses an acceptable financial crime risk; and,<br />
b) That the IP (and/or Administrator, depending on the requirements 9.14.2 and 9.14.3<br />
below) is an Equivalently Regulated Financial Institution (FI) (Refer to Global Procedural<br />
Standards Corporates and Partnerships section 5.6.2 for definition); and,<br />
c) It is not located in a country assessed as High-risk country on the Group FCCRM; and,<br />
d) That the IP (and Administrator, where applicable) is fully aware of, and has agreed to,<br />
their responsibilities and the delegation of these responsibilities is clearly defined in a two<br />
way written communication. These responsibilities include performing due diligence on<br />
the Fund and its connected parties (where required) in line with local regulatory and<br />
legislative requirements and the Wolfsberg principles.<br />
9.14.2 If both the Instructing Party and the Administrator are equivalently regulated financial institutions,<br />
then reliance can be placed on either party via a two way written notification and acknowledgement<br />
(e.g. e-mail, letter). Without a two way written notification / communication, the reliance relationship<br />
cannot be entered into.<br />
9.14.3 If only one of the Instructing Party or the Administrator is an equivalently regulated financial<br />
institution as outlined in 9.14.1(b), reliance can only be placed on the regulated party via a two-way<br />
signed agreement.<br />
9.14.4 Note that a financial institution that is only subject to an independent Self-Regulating Organisation<br />
(SRO) falls outside the definition of an Equivalently Regulated FI, except where the SRO has been<br />
determined to be acceptable by Global LOB FCC and Global AML.<br />
9.14.5 Where any other instances of <strong>CDD</strong> Risk Acceptance are noted, the IP should be escalated to Global<br />
AML via the applicable Global LOB FCC function.<br />
9.15 Due Diligence for IPs<br />
9.15.1 The due diligence process for onboarding an IP consists of two parts:<br />
<strong>CDD</strong> of IP<br />
<br />
<br />
<strong>CDD</strong> and risk rating of the IP; and,<br />
Understand the <strong>CDD</strong> procedures applied by the IP.<br />
9.15.2 Where it is identified that HSBC has a <strong>Customer</strong> relationship with an Instructing Party (typically an<br />
Investment Manager), or that reliance is being placed on the Instructing Party for the completion of<br />
due diligence on the Fund, then due diligence must be completed on the Instructing Party and<br />
recorded in a <strong>CDD</strong> Profile.<br />
9.15.3 The Instructing Party’s profile must be referenced to the Fund profile<br />
9.15.4 Due diligence must be performed on the Instructing Party in accordance with the <strong>Customer</strong> Due<br />
Diligence procedures in this document. In many cases, it will be most appropriate to treat the<br />
Instructing Party as an NBFI. It is not required to obtain information about the source of wealth of<br />
INTERNAL<br />
Page | 140
an individual who is a beneficial owner of the instructing party, providing both conditions below are<br />
met:<br />
a) the instructing party is an equivalently regulated financial institution and not SCC; and<br />
b) the individual is not a PEP.<br />
9.15.5 The <strong>CDD</strong> Profile will identify the specific questions required for the Instructing Party and a tailored<br />
AML Questionnaire will be required to analyse the appropriateness of the AML controls with regard<br />
to:<br />
a) looking through feeder Fund structures and omnibus account holdings to identify<br />
Beneficial Owners; and,<br />
b) controls to prevent investments in assets which have been derived from the proceeds of<br />
crime.<br />
9.15.6 If the IP is SCC or risk rated High, Country FCC approval of the <strong>CDD</strong> Profile of the IP is required.<br />
Otherwise, please refer to the approvals matrix outlined in the approval Chapter 6 of the <strong>RBWM</strong><br />
<strong>CDD</strong> Process Procedural Standards – Approvals Chapter 6.4.1.<br />
<strong>CDD</strong> of Administrator<br />
9.15.7 Where reliance is being placed on an Administrator to conduct due diligence on the Investors in the<br />
Fund, then a <strong>CDD</strong> Profile must be created.<br />
9.15.8 The profile must be referenced to each Fund <strong>CDD</strong> profile as a related party, where there is reliance.<br />
9.15.9 Where the administrator is an existing <strong>Customer</strong>, a full <strong>CDD</strong> profile will already exist. However, if<br />
this is a new relationship for this party, an Administrative Trigger Event must be raised in<br />
accordance with the requirements of Global <strong>CDD</strong> Process Procedural Standards -Chapter 4<br />
Updating Information – New Accounts and Periodic and Event Driven Reviews to record the new<br />
reliance relationship on the existing <strong>Customer</strong>’s profile.<br />
9.15.10 If the Administrator is not an existing <strong>Customer</strong>, the Administrator profile must be referenced to the<br />
Fund profile and the following limited due diligence procedures completed:<br />
<br />
<br />
<br />
Identify and verify the Administrator (entity);<br />
Screen the Administrator against sanctions terrorist and other lists, PEP and for<br />
negative news;<br />
Identify the nature of business from public sources; and,<br />
Unless directed to do so by Country FCC following an escalation, there is no<br />
requirement to identify or verify Directors or Owners, or to complete an AML<br />
Questionnaire or for visitation.<br />
INTERNAL<br />
Page | 141
9.16 Due Diligence for the <strong>Customer</strong> and its connected parties<br />
9.16.1 <strong>CDD</strong> and risk analysis of the <strong>Customer</strong> is to be completed by the IP to meet, as a minimum local<br />
regulatory and legislative requirements and the Wolfsberg principles specific to the particular<br />
<strong>Customer</strong> type. Key control requirements which must be present in the IPs <strong>CDD</strong> procedures include<br />
but are not limited to:<br />
Fig.9.7: Key Control requirements<br />
Key Control requirements<br />
1) Risk rating of <strong>Customer</strong>s: IP must take a risk based approach to the rating of <strong>Customer</strong>s which<br />
is equivalent to that of HSBC.<br />
2) ID&V: Identification and verification of the <strong>Customer</strong> and its connected parties e.g. Key Controllers<br />
and Beneficial Owners (where required).<br />
3) Screening: IP is to perform PEP and Sanctions screening of Beneficial Owners of the Fund.<br />
4) KYC: Information on key KYC topics such as Source of Wealth/Source of Funds/Nature of Business<br />
is gathered (where required) and reliance is to be placed on the IP for verification (where required).<br />
5) Enhanced Due Diligence (EDD): High risk <strong>Customer</strong>s require enhanced due diligence measures.<br />
The IP will be responsible for performing EDD for the parties concerned. The IP undertakes to bring<br />
to the attention of HSBC any Investors or Key Controllers that they have identified that have a<br />
heightened financial crime risk, negative media, or produce a screening hit, prior to the dealing<br />
date.<br />
6) Reliance: IP is to fully disclose the nature of any reliance relationships that they have with third<br />
parties (e.g. IP places reliance on a TA).<br />
9.16.2 There will be no requirement for IP’s to provide copies of ID&V documents used for verification<br />
purposes to HSBC as part of the due diligence process, however these documents must be made<br />
available to HSBC within five working days upon request (or less depending on local regulations).<br />
9.17 Terms of Reliance<br />
9.17.1 As noted in 8.14.1(d), HSBC and any IP party on which HSBC is relying must document their<br />
agreement to the agreed reliance arrangement. The documents required in order to enter the<br />
reliance arrangement are detailed below. These documents outline the roles and responsibilities<br />
and evidence of qualification for the arrangement:<br />
Fig.9.8: Key Control requirements<br />
Reliance Agreement and Documents<br />
a) An agreement via notification and response to notification, or a signed agreement document (where<br />
required) confirming/detailing the IP’s responsibilities and ongoing <strong>CDD</strong> work to be completed (refer to<br />
section 9.14.2 and 9.14.3).<br />
b) Evidence that the IP or Administrator is appropriately regulated is to be provided (where required). An annual<br />
letter of agreement is to be provided confirming the regulatory status (in addition to interim notifications<br />
regarding a change in status).<br />
9.17.2 Requirements regarding the details within the agreement required for approval purposes are<br />
documented in Appendix 2. A renegotiation of existing SLA agreements is to occur where the<br />
requirements noted are not currently being followed. The documents above are to be obtained<br />
INTERNAL<br />
Page | 142
from the IP (or Administrator where applicable) in addition to the <strong>CDD</strong> documents required under<br />
the specific <strong>Customer</strong> entity type section.<br />
9.17.3 If one of these documents is not provided/cannot be completed, the IP relationship must not be<br />
entered, or a current relationship must be exited.<br />
9.17.4 The agreement must meet legal and regulatory requirements of the local jurisdiction.<br />
9.18 Initial and Monitoring reviews of IP’s<br />
9.18.1 The IP is to provide copies of the required documents noted in the Agreement and confirmation<br />
that the activities will be / are being performed at the initial stage of the <strong>Customer</strong> onboarding and<br />
annually during the relationship.<br />
9.18.2 Where confirmation / documents required within the agreement are not provided, or the <strong>CDD</strong><br />
information provided raises concerns from an AML perspective, visitation and testing of the IP will<br />
be required. Requirements will be determined in consultation with Country FCC.<br />
9.19 Part C: Other Intermediary types (N.B. To be reviewed when reliance is being<br />
placed on an Introducing/Managing Intermediary).<br />
9.19.1 The below Intermediary definitions span the ‘other’ Intermediary type categories that can be relied<br />
upon in the instance that reliance upon an Intermediary has been approved on an exception basis.<br />
Fig.9.9: Key Control Requirements<br />
Introducing<br />
Intermediary<br />
(ongoing)<br />
Intermediary<br />
(Managing)<br />
Introduces the <strong>Customer</strong> to HSBC, shares certain <strong>CDD</strong> with HSBC but does not manage the<br />
account on an ongoing basis. Introducing intermediary must have an ongoing relationship with<br />
HSBC if HSBC is to place reliance e.g. they are required to sign an agreement with HSBC.<br />
The regulated Intermediary acts on behalf of a person or entity as an account holder and/or<br />
acts as a signatory to the account and/or manages the accounts or assets on behalf of the<br />
<strong>Customer</strong> and/or acts as a principal of the entity. The account may be held in the name of the<br />
Intermediary or the <strong>Customer</strong>.<br />
Where the account is held in the Intermediaries name, testing results / <strong>CDD</strong> information<br />
regarding the underlying <strong>Customer</strong> is gathered and maintained within the Intermediaries<br />
<strong>Customer</strong> 56 profile.<br />
9.19.2 As noted in 9.2.5, in certain circumstances HSBC will not meet a customer therefore the relationship<br />
may be non-face to face. If a third party meets a customer (but HSBC does not) and the third party<br />
provides all appropriate <strong>CDD</strong> documentation to HSBC to an acceptable level, this does not<br />
constitute a reliance situation (as HSBC does not place reliance on the party to review and verify<br />
<strong>CDD</strong>).<br />
9.20 Risks Associated with Introducing/Managing Intermediaries<br />
9.20.1 HSBC may place reliance on the Intermediary to meet the <strong>Customer</strong> face-to-face and to verify their<br />
existence. Where the appropriate controls are not in place, there is a risk of fictitious parties opening<br />
an account via the Intermediary.<br />
9.20.2 HSBC has determined that when managing the account of a PEP <strong>Customer</strong>, <strong>CDD</strong> is to be<br />
completed by HSBC rather than the Introducing/Managing Intermediary. The risk of corruption /<br />
political associations with these types of parties is heightened and therefore reliance cannot be<br />
placed.<br />
56<br />
The term <strong>Customer</strong> is used throughout this section of the procedures to refer to the underlying <strong>Customer</strong> even in the scenario that the account<br />
is held in the name of the Intermediary.<br />
INTERNAL<br />
Page | 143
9.21 Scenarios for Interim period (exit of reliance relationship)<br />
9.21.1 Where reliance is currently being placed on Intermediaries that are not approved instances of <strong>CDD</strong><br />
Risk Acceptance, the reliance relationship with the Intermediary is to be exited.<br />
9.21.2 Prior to the exit of these relationships, an analysis of whether the relationship is actually a reliance<br />
relationship as defined within these procedures needs to be completed. If there is any uncertainty<br />
regarding whether the relationship with the Intermediary can be classified as reliance (see definition<br />
section 9.2), refer to Country FCC for advice.<br />
9.21.3 The two methods for exiting these relationships will be as follows:<br />
Strategy 1 (remediation plan)<br />
9.21.4 Current documentation held on the <strong>Customer</strong> (including documentation provided by the<br />
Intermediary) is to be raised to the same standard as for direct <strong>Customer</strong>s via a remediation<br />
plan/project.<br />
9.21.5 The remediation plan is to be documented and approved by the LOB FCC Head.<br />
9.21.6 The timeframe of the remediation plan is to be limited (no less than 12 month project).<br />
Strategy 2 (trigger/periodic review)<br />
9.21.7 Current documentation held on the <strong>Customer</strong> (including documentation provided by the<br />
Intermediary) is to be raised to the same standard as for direct <strong>Customer</strong>s via a time bound trigger<br />
and periodic review process (<strong>RBWM</strong> <strong>CDD</strong> Process Procedural Standards Chapter 4 – Periodic and<br />
Event Driven Reviews).<br />
9.21.8 The timeframe for completion of the gathering of information will depend upon the number of<br />
trigger/periodic reviews required for the <strong>Customer</strong> within a given period. All <strong>Customer</strong>s should be<br />
remediated within five years (the longest periodic review period permissible).<br />
Approvals<br />
9.21.9 In the instances that HSBC wishes to place reliance on an Intermediary in the interim period, these<br />
Intermediaries will be treated as an instance of <strong>CDD</strong> Risk Acceptance and are subject to approval<br />
by the Global Head of FCC for the Line of Business concerned and reported to GAMLO. Such<br />
approval is subject to annual renewal (see sections 9.27.5 to 9.27.7).<br />
Trustee requirements<br />
9.21.10 Where the Managing Intermediary is a Trustee/Trust Company and HSBC is no longer placing<br />
reliance on the Trustee, the terms and conditions relating to the Trust (the <strong>Customer</strong>) will state the<br />
obligation of the Trustee to provide HSBC with information regarding changes to the entitlement of<br />
Beneficiaries of the Trust (e.g. new beneficiaries, beneficiaries become named or value of<br />
entitlement changes).<br />
9.22 Requirements for Introducing /Managing Intermediaries (to be<br />
maintained)<br />
9.22.1 In the case of strategy 2 above, Introducing/Managing Intermediaries must meet the following<br />
requirements:<br />
a) The Introducing/Managing Intermediary pose an acceptable financial crime risk; and,<br />
b) Is not assessed as a High-risk country on the Group FCCRM; and,<br />
c) The Introducing/Managing Intermediary is fully aware and has agreed to their responsibilities<br />
and the delegation of these responsibilities clearly defined in a written agreement. These<br />
responsibilities include;<br />
INTERNAL<br />
Page | 144
Performing due diligence on relevant parties. The due diligence and testing<br />
requirements completed by the Introducing/Managing Intermediary on these must be<br />
equivalent to HSBC’s AML Standards.<br />
9.22.2 The Introducing/Managing Intermediary (if an individual) is required under the law of the jurisdiction<br />
concerned to be registered or licensed, or is regulated under the law of that jurisdiction that meets<br />
the equivalent criteria to the domestic jurisdiction of account opening.<br />
9.22.3 If the Intermediary is an individual, an AML confirmation from the Professional firm employing the<br />
Intermediary is required. If the Professional firm has several individuals acting as intermediaries,<br />
only one AML confirmation is required to be completed and signed by the individual and the<br />
Professional Firm.<br />
9.22.4 HSBC will only place reliance on an Intermediary where the requirements are met, and where it is<br />
operationally/commercially viable. Where we are placing reliance on an Introducing/Managing<br />
Intermediary for a limited number of <strong>Customer</strong>s, there should be an analysis of the impact of placing<br />
reliance versus the impact of onboarding the <strong>Customer</strong> directly.<br />
9.22.5 If there are international Intermediaries that do not meet the above criteria, however there is still a<br />
case to put forward for placing reliance on the Introducing/Managing Intermediary, escalate to<br />
Country FCC.<br />
9.23 Due Diligence for Introducing / Managing Intermediaries (to be<br />
maintained)<br />
Risk Assessment<br />
9.23.1 A risk assessment of the Introducing / Managing Intermediary must be performed by the Specialist<br />
team 57 in order to limit the risk to HSBC of using a third party for reliance purposes.<br />
9.23.2 The risk assessment questionnaire must be completed for all Introducing / Managing Intermediary<br />
including those that are existing <strong>Customer</strong>s, unless they have been risk assessed within the past<br />
12 months. The risk assessment questionnaire is to be completed prior to the due diligence<br />
information being gathered and Intermediary profile created.<br />
9.23.3 The risk assessment questionnaire must cover the following topics and responses to each factor<br />
must be descriptive in nature:<br />
Fig.9.10: Risk Assessment questionnaire: Intermediaries<br />
Risk Assessment questionnaire: Intermediaries<br />
1) Regulated status: The regulated status of the Introducing / Managing Intermediary must be<br />
assessed in order to confirm that the status meets the requirements stated above (section 9.22).<br />
2) Reputation: The public disciplinary record/market reputation of the Introducing / Managing<br />
Intermediary should be reviewed and considered when analysing the risk level.<br />
3) Obligations: Research whether there have been any recent lawsuits against the Introducing /<br />
Managing Intermediary and understand the implications if HSBC is to establish a relationship with<br />
the Introducing / Managing Intermediary.<br />
4) Controls: Confirm that the Introducing / Managing Intermediary has an adequate existing control<br />
infrastructure from a <strong>CDD</strong> perspective, necessary to meet the due diligence standards required by<br />
HSBC. Refer to table 9.24.1.<br />
57<br />
The term ‘Specialist Team’ is being used to refer to a team of designated individuals within the line of business that have the appropriate<br />
knowledge and experience.<br />
INTERNAL<br />
Page | 145
Risk Assessment questionnaire: Intermediaries<br />
5) Financial: Review the financial strength of the Introducing / Managing Intermediary and confirm<br />
that all <strong>Customer</strong> monies held are segregated from the Introducing / Managing Intermediary’s own<br />
monies under all circumstances.<br />
6) Business dealings: Understand the nature of business dealings that the Introducing / Managing<br />
Intermediary is involved in. This may identify links to higher risk business types (<strong>CDD</strong> Process<br />
Chapter 10, Special Categories of <strong>Customer</strong>s and Prohibited <strong>Customer</strong>s).<br />
7) Data security/IT infrastructure/Business continuity: Identify controls for data security to reduce<br />
the risk of data transfer (such as data retention controls) and obtain information regarding the<br />
stability of the IT infrastructure in order to understand the risk of data loss. In addition, review<br />
procedures for business continuity.<br />
8) Products/Services: Consider the services offered by the Introducing / Managing Intermediary.<br />
9) Any other adverse information regarding the Introducing / Managing Intermediary (e.g. negative<br />
news).<br />
Additional factors for consideration<br />
10) Sales capacity: This information could be used to indicate the level of business activity of the<br />
Introducing / Managing Intermediary and whether it is indeed valid or potentially a fraudulent<br />
operation.<br />
11) Training activities/staff strength: These factors indicate the level of resourcing and capacity that<br />
the Introducing / Managing Intermediary has in order to perform the tasks required to meet the<br />
minimum requirements, as set out in paragraph 9.24.1 and fig 9.11.<br />
9.23.4 The information above is to be documented in a risk assessment questionnaire and is subject to<br />
approval by the designated individuals (refer to 9.27.5 to 9.27.7). The risk assessment<br />
questionnaire must include the above factors at a minimum.<br />
9.23.5 A summary of the key risks and risk mitigating controls managed by the Introducing / Managing<br />
Intermediary is to accompany the risk assessment questionnaire and is to be completed prior to<br />
on-boarding. This summary is to be updated on a periodic basis.<br />
<strong>CDD</strong> of Introducing/Managing Intermediaries<br />
9.23.6 The Due Diligence (DD) information required for the Introducing / Managing Intermediary will follow<br />
the requirements for their particular <strong>Customer</strong> type (i.e. Non-Banking Financial Institution or Bank).<br />
A HSBC profile will be set up and maintained for both Introducing and Managing Intermediaries.<br />
9.23.7 Introducing / Managing Intermediary that are not HSBC <strong>Customer</strong>s, will be subject to a similar level<br />
of DD required for Introducing / Managing Intermediary that are existing <strong>Customer</strong>s and will be risk<br />
rated accordingly. For Introducing / Managing Intermediaries that are non HSBC <strong>Customer</strong>s, the<br />
Product Risk Rating to be applied will be High risk.<br />
9.23.8 In the case of Managing Intermediaries, the <strong>Customer</strong> account may be set up in the name of the<br />
Managing Intermediary and HSBC deals with the Intermediary rather than the underlying <strong>Customer</strong><br />
(e.g. ABC Intermediary Co Ltd as Trustee of the XYZ Trust), or an account may be set up for the<br />
<strong>Customer</strong> and a <strong>CDD</strong> profile will be created for the Managing Intermediary party.<br />
9.23.9 In the instance that the Introducing / Managing Intermediary is identified as High risk or SCC,<br />
approval must be provided by the Reputational Risk Committee (or equivalent) in order to place<br />
reliance.<br />
INTERNAL<br />
Page | 146
9.24 Due Diligence for <strong>Customer</strong><br />
Review of Underlying <strong>Customer</strong><br />
9.24.1 <strong>CDD</strong> and risk analysis of the <strong>Customer</strong> is to be completed by the Introducing / Managing<br />
Intermediary to a level equivalent to the HSBC Global AML procedures specific to the particular<br />
<strong>Customer</strong> type. Key control requirements which must be present in the Introducing / Managing<br />
Intermediaries <strong>CDD</strong> procedures include but are not limited to:<br />
Fig.9.11: Key Control requirements<br />
Key Control requirements<br />
1) Risk Rating: Introducing / Managing Intermediary must take a risk based approach to the rating of<br />
<strong>Customer</strong>s.<br />
2) ID&V: Identification and verification of the <strong>Customer</strong>.<br />
3) Screening: The Introducing / Managing Intermediary is to have a method of screening <strong>Customer</strong>s<br />
and clearing related hits which is effective and transparent to HSBC.<br />
4) KYC: Information on key KYC topics such as Source of Wealth/Source of Funds/Nature of<br />
Business is gathered.<br />
5) Account Activity reviews: Introducing / Managing Intermediary is to perform transaction<br />
monitoring of account activities via the appropriate methods. Where HSBC banks the fund in<br />
addition to acting as Fund Manager, it will also undertake transaction monitoring to the standard<br />
set out for that process.<br />
6) Enhanced Due Diligence (EDD): <strong>Customer</strong>s identified as having a heightened financial crime risk<br />
require enhanced due diligence measures. The Intermediary will be responsible for performing<br />
EDD for the parties concerned. Where an SCC <strong>Customer</strong> is identified, reliance cannot be placed<br />
on an Intermediary (See section 9.24.9)<br />
9.24.2 Introducing Intermediaries will be responsible for the verification of the <strong>Customer</strong>/Connected<br />
Parties and the gathering of <strong>CDD</strong> information (where requested/it can be provided) depending on<br />
the terms of the Engagement letter. Any <strong>CDD</strong> information not obtained from the Introducing<br />
Intermediary (as per agreed terms) must be gathered by HSBC.<br />
9.24.3 The Introducing/Managing Intermediary must review the original documents required for verification<br />
purposes only. They cannot place reliance on an additional party for this information. Accepting a<br />
‘copy of a copy’ is not permissible for placing reliance. Any reliance relationships must be disclosed<br />
to HSBC as part of the agreement.<br />
9.24.4 There will be no requirement for Introducing / Managing Intermediaries to provide copies of ID&V<br />
documents used for verification purposes to HSBC as part of the due diligence process, however<br />
these documents must be made available to HSBC within five working days upon request (or less<br />
depending on local regulations).<br />
9.24.5 Reliance will not be placed on Introducing/Managing Intermediaries for the following <strong>CDD</strong>:<br />
a) The identification of the <strong>Customer</strong>/Connected Parties: Details of all UBO’s, Director’s, and<br />
Controller’s must always be fully disclosed to HSBC. Refer to <strong>Customer</strong> type for the definitions<br />
of each of these parties.<br />
b) Screening requirements: HSBC will screen (including PEPs and sanctions) all<br />
<strong>Customer</strong>s/connected parties in line with <strong>Customer</strong> type requirements based on the<br />
identification information captured.<br />
c) Validation of SoW/SoF: Wider <strong>CDD</strong> information including SoW/SoF will still need to be<br />
obtained in all cases in line with the Global Standard Procedures. Understanding the SoW/SoF<br />
INTERNAL<br />
Page | 147
is important for analysing the risk of the <strong>Customer</strong>. The validation of this information may vary<br />
between Institutions even when regulated in the same manner.<br />
Enhanced Due Diligence (EDD)<br />
9.24.6 Under the terms and conditions of the Agreement, the Introducing / Managing Intermediary<br />
undertakes to bring to the attention of HSBC any <strong>Customer</strong>s that have a heightened financial crime<br />
risk, negative media, or produce a screening hit, prior to the referral of the <strong>Customer</strong> to HSBC.<br />
9.24.7 According to HSBC Global Standards policy, High risk <strong>Customer</strong>s require enhanced due diligence<br />
measures.<br />
9.24.8 The Introducing / Managing Intermediary will perform the EDD to a level equivalent to local<br />
regulatory and legislative requirements and the Wolfsberg principles.<br />
9.24.9 Where an SCC <strong>Customer</strong> is identified, reliance cannot be placed on an Intermediary and the<br />
<strong>Customer</strong> must be directly managed by HSBC.<br />
9.25 Terms of Reliance<br />
9.25.1 A written agreement detailing the extent of reliance and the requirements/terms and conditions,<br />
must be signed prior to entering the reliance relationship. This must be a two way agreement<br />
signed by the Introducing / Managing Intermediary and HSBC under which the responsibilities of<br />
the Introducing / Managing Intermediary are clearly articulated, the terms and conditions and<br />
requirements outlined and HSBC’s rights of access to customer data and visitation and testing<br />
documented.<br />
9.25.2 Amendments to the terms are required where the Intermediary is an individual rather than a legal<br />
entity.<br />
9.25.3 The documents required in order to enter the reliance arrangement are detailed below. These<br />
documents outline the roles and responsibilities, terms and conditions and evidence of qualification<br />
for the arrangement:<br />
Fig.9.12: Reliance Agreement and Documents<br />
Reliance Agreement and Documents<br />
a) An agreement detailing the Introducing / Managing Intermediaries responsibilities and ongoing <strong>CDD</strong> work<br />
to be completed (See Appendix A – 1). A renegotiation of existing SLA agreements is to occur where the<br />
requirements noted are not currently being followed.<br />
b) HSBC’s standard terms and conditions along with the agreement above must be sent to and signed (where<br />
required) by the Introducing / Managing Intermediary.<br />
c) The risk assessment questionnaire (See section 9.23.1 to 9.23.5) must be completed for all new Introducing<br />
/ Managing Intermediaries and signed by the relevant approvers.<br />
d) Evidence that the Introducing / Managing Intermediary is appropriately regulated is to be provided. An<br />
annual letter of agreement is to be provided confirming the regulatory status.<br />
9.25.4 The documents above are to be obtained from the Introducing / Managing Intermediary in addition<br />
to the DD documents required under the specific <strong>Customer</strong> type section.<br />
9.25.5 If one of these documents is not provided/cannot be completed, the Introducing / Managing<br />
Intermediary relationship must not be entered, or the current relationship must be exited.<br />
INTERNAL<br />
Page | 148
9.26 Initial and Monitoring Review of Introducing / Managing<br />
Intermediary (to be maintained)<br />
9.26.1 Initial and Monitoring reviews of the <strong>CDD</strong> activities performed on behalf of HSBC are to be<br />
scheduled in order to validate that the <strong>CDD</strong> is being conducted as per local regulatory and<br />
legislative requirements and the Wolfsberg principles to the level of performance agreed, and that<br />
the systems and controls are sound.<br />
9.26.2 Records of the monitoring review are to be maintained by HSBC.<br />
9.26.3 A list of all approved Introducing / Managing Intermediary parties is to be maintained on a Global<br />
basis (procedures for this are to be established).<br />
Frequency of Testing<br />
9.26.4 Introducing / Managing Intermediaries are to be tested both at the beginning of the relationship and<br />
on an ongoing basis. The visit must occur no less often than once a year (or more frequently if<br />
deemed necessary).<br />
9.26.5 The frequency of testing (if required more often) is to be determined by Country FCC and<br />
communicated to the Introducing / Managing Intermediaries.<br />
INTERNAL<br />
Page | 149
Visitation and Reporting requirements<br />
9.26.6 Testing procedures for visitation /testing of Introducing / Managing Intermediaries are detailed below:<br />
Fig.9.13: Reliance Agreement and Documents<br />
Introducing/Managing Intermediaries<br />
testing procedures – Visitation<br />
a) The Introducing / Managing Intermediary is to be given reasonable notice of<br />
visitation to be performed (e.g. at least seven working days).<br />
b) Where possible, HSBC will obtain a copy of the tracked changed version<br />
(since the last agreed standard) of the Introducing / Managing Intermediaries<br />
AML/<strong>CDD</strong> policies and procedures. Otherwise, the latest copy of the<br />
procedures is to be provided and a comparison to the previous completed.<br />
c) Attendance of the Compliance Officer and Senior Operations Staff of<br />
Introducing / Managing Intermediary is required.<br />
d) A representative sample of customer files is to be selected for review against<br />
local regulatory and legislative requirements and the Wolfsberg principles to<br />
include those categorised as per the below table.<br />
AML File status<br />
‘AML complete’<br />
‘AML complete’<br />
‘AML incomplete’<br />
<strong>Customer</strong> / Investor Status<br />
Active<br />
Closed<br />
Review all AML incomplete cases over 60 days<br />
since the account has been opened<br />
Sample checks should be risk based and skewed towards entity and account<br />
types and larger balances which carry a higher risk of financial crime such as<br />
International Business Companies, Trusts and higher value accounts. Pooled<br />
accounts should also be sample checked to ensure that the Introducing /<br />
Managing Intermediary has received appropriate comfort from the pooled<br />
account holder that there are no prohibited customers under HSBC’s Global<br />
<strong>CDD</strong> standards and that they hold all applicable <strong>CDD</strong>.<br />
Initial testing<br />
Yes<br />
N/A but review of<br />
AML/<strong>CDD</strong> standard must<br />
take place to ensure<br />
meets local regulatory<br />
and<br />
legislative<br />
requirements and<br />
Wolfsberg principles.<br />
Yes<br />
N/A It is not possible to<br />
test customer files since<br />
Intermediary has not yet<br />
started undertaking <strong>CDD</strong><br />
Periodic<br />
Yes<br />
Yes<br />
Yes<br />
Yes<br />
INTERNAL<br />
Page | 150
e) Correspondence with Regulator(s) is to be reviewed.<br />
Yes<br />
Yes<br />
f) Staff turnover/vacancies and any other material staffing issues to be<br />
investigated. Yes Yes<br />
g) Findings are to be reviewed with Compliance Officer and Senior Operations<br />
staff of Introducing / Managing Intermediary and follow up actions and timings<br />
agreed as required.<br />
Yes<br />
Yes<br />
h) Proposed/planned systems changes are to be reviewed.<br />
Yes<br />
Yes<br />
INTERNAL<br />
Page | 151
9.26.7 The testing report should include at a minimum:<br />
Introducing/Managing Intermediaries Testing procedures – Reporting Initial Periodic<br />
a) Impact of Regulatory changes enacted or in the pipeline.<br />
Yes<br />
Yes<br />
b) Confirmation that the risk assessment questionnaire has been reviewed and<br />
updated where required. Yes Yes<br />
c) Summary of discussions held with the Introducing / Managing Intermediary<br />
Compliance Officer and Head of Operations regarding any matters of<br />
substance related to the maintenance of an effective AML/<strong>CDD</strong> programme<br />
which complies with the obligations within the agreement/contract and all<br />
applicable regulatory requirements.<br />
d) Summary of findings of testing results including applicable management<br />
information (e.g. number of files reviewed, number that passed/failed,<br />
significance of results and any remedial action required and other followup).<br />
e) For HSBC purposes only, the paper should include the level of risk recorded<br />
for the Introducing / Managing Intermediary along with the supporting<br />
rationale.<br />
Yes<br />
Yes<br />
Yes<br />
Yes<br />
N/A<br />
Yes<br />
9.26.8 Findings (relating to all points a) to e) above) are to be summarised in a paper and distributed to<br />
the Key Controllers of the account, senior HSBC Risk team members, Country FCC and Operations<br />
personnel.<br />
9.26.9 The risk summary regarding the Introducing / Managing Intermediary is to be updated based on<br />
the annual testing/review performed and circulated to HSBC parties annually (See section 9.23.5).<br />
9.27 HSBC responsibilities<br />
Onboarding and Ongoing Management<br />
9.27.1 The Business will be responsible for managing the relationship with the Introducing/Managing<br />
Intermediary. This team is responsible for:<br />
<br />
<br />
<br />
Control Testing<br />
Completing the Risk Assessment Questionnaire;<br />
Managing the <strong>CDD</strong> information gathered regarding the Introducing/Managing<br />
Intermediary; and,<br />
Managing the <strong>CDD</strong> information gathered regarding the <strong>Customer</strong>.<br />
9.27.2 Responsibility for arranging the visitation/control testing to the Introducing/Managing Intermediary<br />
will be held by the RM/ the Business located where the account is being opened.<br />
9.27.3 A representative of Country FCC will lead the visitation and control testing of the<br />
Introducing/Managing Intermediary.<br />
INTERNAL<br />
Page | 152
Business Sign off<br />
9.27.4 Sign off from key stakeholders of the Business is required for:<br />
<br />
<br />
The Testing results reported at onboarding; and,<br />
The Testing results reported on ongoing management.<br />
Approval of Introducing / Managing Intermediary<br />
9.27.5 Approval of the Introducing/Managing Intermediary at onboarding is to be documented within the<br />
<strong>CDD</strong> profile.<br />
9.27.6 Approval of the Introducing/Managing Intermediary on an ongoing basis is to be documented within<br />
the <strong>CDD</strong> profile at annual review (or as the result of a trigger event).<br />
9.27.7 The approval structure for accepting an Introducer/Managing Intermediary is detailed below:<br />
<br />
<br />
<br />
<br />
<br />
Change in circumstance<br />
Controller: RM / the Business, or equivalent<br />
Authorizer: Head of division (Local)<br />
Adviser: Head of Country FCC<br />
Adviser: Regional Head of FCC<br />
<strong>Final</strong> Authorizer: Global Head of FCC and AML for the Line of Business;<br />
9.27.8 Where the Introducing/Managing Intermediary is replaced, a comprehensive plan for the transfer<br />
of <strong>CDD</strong> documentation undertaken previously will need to be prepared and a complete review of<br />
the relationship with the newly appointed Introducing/Managing Intermediary performed.<br />
9.27.9 The plan will need to be approved as per the approval structure for accepting an<br />
Introducing/Managing Intermediary (see section 9.27.7) and will include the date at which<br />
responsibilities are transferred from one Introducing/Managing Intermediary to the other.<br />
Introducer (referral)<br />
9.27.10 In instances where the <strong>Customer</strong> is introduced to HSBC via a third party and the relationship with<br />
the <strong>Customer</strong> is non-face to face, the risk to the bank is viewed as increased due to the limited<br />
interaction between HSBC and the <strong>Customer</strong> in person.<br />
9.27.11 The relationship between the third party and HSBC may not be a reliance relationship (as per the<br />
regulatory definition), however entering into this type of relationship results in additional<br />
requirements such as the requirement to record the name of the referrer within the <strong>Customer</strong><br />
profile.<br />
INTERNAL<br />
Page | 153
Appendix 1) Terms of Agreement – Transfer Agent<br />
Transfer<br />
Agent<br />
a) TA will make available on request (potentially after the relationship between HSBC and the party<br />
has ended), copies of the verification and other documents relating to due diligence (e.g. register<br />
data).<br />
b) This information will be made available with reasonable notice (including where a potential law<br />
enforcement enquiry has been made to the bank).<br />
c) The TA must provide a copy of the verification documents used to verify the identity of the<br />
<strong>Customer</strong>, or its connected parties where required (e.g.).<br />
e) The TA will in turn not place reliance on any other party/firm to complete verification or to meet<br />
the <strong>Customer</strong> face-to-face.<br />
f) TA will undertake to retain <strong>CDD</strong> information and documents for at least 5 years, or longer if<br />
required under local regulatory requirements and that these documents will be available on<br />
request with reasonable notice;<br />
Yes<br />
Yes<br />
Yes<br />
Yes<br />
Yes<br />
h) Confirmation of regulated status is required. Yes<br />
j) <strong>Customer</strong> Due Diligence (<strong>CDD</strong>), including EDD as required, of the <strong>Customer</strong>/Connected Parties<br />
is undertaken for each entity type.<br />
k) There is a sufficient number of staff trained to the appropriate level in order to meeting the<br />
requirements above.<br />
l) That TA will advise if its license or registration is revoked or if the circumstances relating to the<br />
<strong>Customer</strong>s introduced have changed. A complete <strong>CDD</strong> profile on the Intermediary must be kept<br />
on file and kept up to date<br />
m) There are procedures and training in place to detect and prevent the commission of an offence<br />
relating to money laundering and financing of terrorism<br />
n) TA consents to testing of the above requirements, as requested by HSBC to provide ongoing<br />
assurance that it is a suitable party on which to rely. This also includes agreement to perform<br />
testing of TA where the IP is the third party.<br />
o) TA will provide information on:<br />
number of accounts with incomplete <strong>CDD</strong>, KRIs/KPIs/SLAs;<br />
correspondence with Regulators;<br />
Suspicious Transaction reports filed (full details). Internal procedures must ensure that all<br />
unusual activity or behaviour relating to transactions or activities are reported to the<br />
Country Head of AML;<br />
staff turnover/vacancies;<br />
complaints received and their disposition;<br />
impact of actual or proposed Regulatory changes and any other material issues in line with<br />
testing requirements.<br />
p) TA will attend Fund Board meetings no less often than quarterly and other meetings as required<br />
to report on the above.<br />
q) TA will require approval from HSBC for any material systems’ changes/developments during the<br />
terms of the agreement.<br />
Yes<br />
Yes<br />
Yes<br />
Yes<br />
Yes<br />
Yes<br />
Yes<br />
Yes<br />
r) TA may not to be sold without express written consent of HSBC. Yes<br />
INTERNAL<br />
Page | 154
s) TA must provide register information after each dealing date for screening against sanctions’ lists<br />
or any other lists as deemed appropriate by HSBC or for any other lawful purpose such as<br />
marketing.<br />
t) TA will hold and make available with reasonable notice customer files for five years (or longer if<br />
local regulations require) after final redemption to investor.<br />
Yes<br />
Yes<br />
u) TA will provide the SLA relating to incomplete cases over sixty days old. Yes<br />
v) TA must notify HSBC of any changes to local legislation / regulation that may impact their ability<br />
to deliver the service outlined within the agreement.<br />
w) TA will maintain data security and the confidentiality of <strong>CDD</strong> information in line with local<br />
regulatory requirements.<br />
Yes<br />
Yes<br />
x) TA consents under a formal written agreement to be relied upon to the extent set out above. Yes<br />
INTERNAL<br />
Page | 155
Appendix-2) Terms of Agreement – Instructing Party, Introducing and Managing Intermediaries<br />
Instructing Party /<br />
Administrator<br />
Introducing<br />
Intermediary<br />
Managing<br />
Intermediary<br />
a) IP/Intermediary will make available on request (potentially after the relationship between HSBC and the<br />
party has ended), copies of the verification and other documents relating to due diligence (e.g. register<br />
data).<br />
b) This information will be made available with reasonable notice (including where a potential law<br />
enforcement enquiry has been made to the bank).<br />
c) The IP/Introducing Intermediary must provide a copy of the verification documents used to verify the<br />
identity of the <strong>Customer</strong>, or its connected parties where required.<br />
e) Intermediary will in turn not place reliance on any other party/firm to complete verification or to meet the<br />
<strong>Customer</strong> face-to-face.<br />
f) IP Intermediary will undertake to retain <strong>CDD</strong> information and documents for at least 5 years, or longer<br />
if required under local regulatory requirements and that these documents will be available on request<br />
with reasonable notice.<br />
g) Where reliance is placed by the IP on a third party, a complete <strong>CDD</strong> profile on the third party on whom<br />
reliance is being placed by the IP must be on file.<br />
Yes Yes Yes<br />
Yes Yes Yes<br />
Yes Yes Yes<br />
Yes Yes Yes<br />
Yes Yes Yes<br />
Yes No No<br />
h) Confirmation of regulated status is required. Where applicable Yes Yes<br />
i) Confirmation that /Intermediary will identify and verify any Investors/Beneficial Owners/Beneficiaries of<br />
the Fund / account equivalent to local regulatory and legislative requirements and the Wolfsberg<br />
principles.<br />
k) <strong>Customer</strong> Due Diligence, including EDD as required, is undertaken for the <strong>Customer</strong>/Connected Parties<br />
for each entity type and the IP undertakes to bring to the attention of HSBC any Investors or Key<br />
Controllers that have a heightened financial crime risk, negative media, or produce a screening hit, prior<br />
to the dealing date.<br />
l) There is a sufficient number of staff trained to the appropriate level in order to meeting the requirements<br />
above.<br />
m) That IP/ Intermediary will advise if its license or registration is revoked or if the circumstances relating<br />
to the <strong>Customer</strong>s introduced have changed. A complete <strong>CDD</strong> profile on the Intermediary must be kept<br />
on file and kept up to date<br />
No Yes Yes<br />
Yes Yes Yes<br />
Yes Yes Yes<br />
Yes Yes Yes<br />
INTERNAL<br />
Page | 156
n) There are procedures and training in place to detect and prevent the commission of an offence relating<br />
to money laundering and financing of terrorism<br />
o) IP / Intermediary consents to testing of the above requirements, as requested by HSBC to provide<br />
ongoing assurance that it is a suitable party on which to rely. This also includes agreement to perform<br />
testing of TA where the IP is the third party.<br />
p) Intermediary will provide information on:<br />
number of accounts with incomplete <strong>CDD</strong>, KRIs/KPIs/SLAs,<br />
correspondence with Regulators,<br />
Suspicious Transaction reports filed (full details),<br />
staff turnover/vacancies,<br />
complaints received and their disposition,<br />
impact of actual or proposed Regulatory changes and any other material issues in line with testing<br />
requirements.<br />
q) IP Intermediary will attend Fund Board meetings no less often than quarterly and other meetings as<br />
required to report on the above.<br />
Yes Yes Yes<br />
Yes Yes Yes<br />
No Yes Yes<br />
Yes Yes Yes<br />
r) "Systems used for AML/KYC purposes by IP must be fit for purpose in line with the requirements of the<br />
local Regulations" Yes No No<br />
s) IP may not to be sold without express written consent of HSBC. Yes No No<br />
t) IP must provide register information after each dealing date for screening against sanctions’ lists or any<br />
other lists as deemed appropriate by HSBC or for any other lawful purpose such as marketing.<br />
Yes No No<br />
u) IP will hold and make available with reasonable notice customer files for five years (or longer if local<br />
regulations require) after final redemption to investor.<br />
Yes<br />
No<br />
No<br />
v) IP will provide the SLA relating to incomplete cases over sixty days old. Yes No No<br />
w) IP/Intermediary must notify HSBC of any changes to local legislation / regulation that may impact their<br />
ability to deliver the service outlined within the agreement.<br />
x) IP/Intermediary will maintain data security and the confidentiality of <strong>CDD</strong> information in line with local<br />
regulatory requirements.<br />
Yes Yes Yes<br />
Yes Yes Yes<br />
y) IP/Intermediary consents under a formal written agreement to be relied upon to the extent set out above. Yes Yes Yes<br />
INTERNAL<br />
Page | 157
10. Insurance Specific <strong>CDD</strong> Procedures (for<br />
customers where the standard <strong>CDD</strong> Procedures are<br />
not applicable)<br />
Key Objective<br />
How will the<br />
Objective be<br />
achieved?<br />
To summarise the identification, assessment and mitigation of the risks<br />
associated with insurance products which pose a risk of Financial Crime,<br />
and/or where HSBC could be used as a conduit for Financial Crime activities.<br />
Insurance products can pose specific risk attributes which can be distinct form<br />
the level of the standard ID&V, KYC and general EDD requirements. Hence, a<br />
different level of due diligence is required for these types of insurance products<br />
in certain situations.<br />
Scope of Section<br />
This Section outlines the ID&V procedures with respect to the following:<br />
10.1. Introduction<br />
10.2. <strong>CDD</strong> Requirements for <strong>Customer</strong>s with Minimal Risk Insurance<br />
Products<br />
Related Sections<br />
Global <strong>Customer</strong> Type <strong>CDD</strong> Procedural Standards<br />
Global AML Insurance Standard<br />
Chapter 3 – Screening<br />
Chapter 1 – Individuals ID&V<br />
Chapter 2 – Individuals KYC<br />
INTERNAL<br />
Page | 158
10.1 Introduction<br />
10.1.1 Insurance products can be purchased by a <strong>Customer</strong> within any Line of Business (LoB).<br />
10.1.2 In the context of Insurance for <strong>CDD</strong> purposes, a Proposer, Applicant or Policyholder will be<br />
considered customers.<br />
10.1.3 The level of <strong>Customer</strong> Due Diligence (<strong>CDD</strong>) required varies depending on the type of insurance<br />
product purchased by <strong>Customer</strong>.<br />
10.1.4 There are subsets of insurance products that are categorised as Minimal Risk Insurance<br />
Products 59 and Lower Risk Insurance Products 601 .<br />
10.1.5 A Minimal Risk Insurance Product is a product which has all of the following characteristics:<br />
<br />
<br />
<br />
<br />
<br />
<br />
Non-life Insurance policy<br />
Duration of 12 months or less;<br />
No surrender or maturity value;<br />
No investment value;<br />
Only pays out on loss from an insured event; and<br />
Additional/top up payments by a <strong>Customer</strong> is not possible.<br />
10.1.6 A Lower Risk Insurance Product is a product which has all of the following characteristics:<br />
<br />
<br />
<br />
Pure Protection Insurance policy (Including Temporary Insurance Protection)<br />
Duration of certain period or specific “term” of years;<br />
Fixed rate of premium; with no additional/top up payments available;<br />
Low cost premium 61<br />
<br />
<br />
<br />
No investment value;<br />
No surrender or maturity value; and<br />
Only pays out on loss from insured event<br />
A list of Minimal Risk and Lower Risk Insurance Products will be maintained by Insurance FCC<br />
and reported to GAMLO.<br />
59 Examples include Motor, Household, Travel and Pet.<br />
60 Examples include Term assurance, Critical Illness and Income Protection.<br />
61Annual premium the lesser of USD$1000 or EUR€1000 or a single premium the lesser of USD$2500 or EUR€2500.<br />
INTERNAL<br />
Page | 159
10.1.7 Where countries offer a “Insurance” product that complies with all the attributes of a Lower Risk<br />
Insurance Product, they must obtain agreement from Group Insurance Compliance for the<br />
product to be treated as or Lower Risk to enable application of reduced due diligence. Once<br />
agreement has been obtained; the details of the product must be recorded locally.<br />
10.1.8 For all other types of Insurance product, full <strong>CDD</strong> must be performed, in accordance with the<br />
<strong>Customer</strong> Type.<br />
10.2 <strong>CDD</strong> Requirements for <strong>Customer</strong>s with Minimal Risk Insurance<br />
Products<br />
10.2.1 The following table outlines the levels of <strong>CDD</strong> required, for customer purchasing Minimal Risk<br />
Insurance Products.<br />
Figure 10.1: <strong>CDD</strong> Requirements<br />
<strong>Customer</strong> Type<br />
Minimal Risk Insurance Products only<br />
Existing HSBC customer (is<br />
not a standalone Insurance<br />
customer )<br />
HSBC standalone Insurance<br />
customer<br />
All <strong>Customer</strong> Types<br />
Individual*<br />
<strong>Customer</strong>s<br />
All customer types<br />
(excluding<br />
individuals)<br />
Use existing <strong>CDD</strong> (as per <strong>Customer</strong> type)<br />
Where attestation is being utilised, ensure that the <strong>CDD</strong><br />
profile lists the Insurance product to be purchased /<br />
purchased and the HSBC entity providing the product (for<br />
further guidance on Attestation refer to <strong>CDD</strong> Process –<br />
Chapter 6.9 Approvals)<br />
<strong>CDD</strong> applies (see section 10.2.2), provided that the<br />
Individual is not a true match for screening (reference to<br />
screening Chapter 3 – Resolution of Screening matches)<br />
Full <strong>CDD</strong> required (as per <strong>Customer</strong> type)<br />
* Including Sole traders purchasing insurance policies in their own name. This would not include sole<br />
traders purchasing insurance policies in the name of the sole trader entity.<br />
10.2.2 The information requirements and the <strong>CDD</strong> process for customers purchasing Minimal Risk<br />
Insurance Products is summarised in the table below:<br />
INTERNAL<br />
Page | 160
Figure 10.2: <strong>CDD</strong> - Information Requirements for customers purchasing Minimal Risk Insurance Products<br />
<strong>CDD</strong> Process for <strong>Customer</strong>s purchasing Minimal Risk Insurance Products only<br />
At On - Boarding At Payment<br />
<br />
Identification Requirements<br />
Full Name;<br />
Date of Birth;<br />
Residential Address 611<br />
Nationality(where legally permissible);<br />
Yes No*<br />
Verification No Yes**<br />
<br />
Screening against Sanction and Counter Yes Yes<br />
Terrorist Financing Lists<br />
FCC RAM Rating No*** n/a<br />
*Identification at payment – If the sum assured recipient is different to the original applicant then identification and<br />
verification is required.<br />
**Unless the sum assured is to be credited to the same bank account from which the payment was received.<br />
***An FCCR of Low Risk will apply unless identified as a true match for sanction screening.<br />
10.3 <strong>CDD</strong> Requirements for <strong>Customer</strong>s with Lower Risk Insurance<br />
Products<br />
10.3.1 The information requirements and the Reduced Due Diligence process for customers purchasing<br />
Lower Risk Insurance Products is available Individuals ID&V and KYC sections above.<br />
62 “Residential address” as defined in the Glossary.<br />
INTERNAL<br />
Page | 161