The "Anti-Money Laundering Law of the People's Republic of China" (the "Old AML Law"), in effect since January 1, 2007, has significantly improved anti-money laundering regulations, combated money laundering and related crimes, and strengthened international cooperation. However, as socio-economic activities and technology have rapidly advanced, money laundering schemes have become more complex and diverse, rendering the current law insufficient for today's challenges.On April 17, 2019, the Financial Action Task Force ("FATF") released its Mutual Evaluation Report on Anti-Money Laundering and Counter-Terrorist Financing Measures of China (the "FATF Report"). While acknowledging China's progress, the report highlighted areas needing improvement, such as penalties being too low relative to the size of China's financial industry assets, a lack of oversight in specific non-financial sectors, and insufficient transparency regarding beneficial ownership information in legal entities and arrangementsTo address the rapid evolution of the financial industry and the dynamic landscape of anti-money laundering, the Standing Committee of the National People's Congress actively pursued revisions to the anti-money laundering law. Following three reviews, the newly revised "Anti-Money Laundering Law of the People's Republic of China" (the "New AML Law") was passed on November 8, 2024, and will take effect on January 1, 2025. This article is organized into four sections. The first section offers an overview of the regulatory framework established by the New AML Law. The subsequent three sections provide an examination of the law from three perspectives: key considerations for domestic financial institutions, key considerations for foreign financial institutions, and the management system for beneficial ownership information that is relevant to all market participants.Part One: Regulatory Framework Under the New AML Law
Note: Important amendments in the New AML Law compared to the Old AML Law are highlighted in blue bold font.
Part Two: Key Points for Domestic Financial Institutions to Note
The anti-money laundering obligations for domestic financial institutions have been significantly enhanced, encompassing:
1. Regarding internal control and risk management, domestic financial institutions should:a) Establish and enhance their internal control systems for anti-money laundering;
b) Create a dedicated department or designate an internal unit to spearhead anti-money laundering initiatives;
c) Appropriately allocate personnel based on operational scale and the assessed risks of money laundering;
d) Conduct mandatory anti-money laundering training and awareness programs;
e) Regularly assess money laundering risk levels and develop corresponding risk management systems and procedures, implementing relevant information systems as necessary;
f) Ensure the effective implementation of internal control systems through internal or external audits;
Items c) to f) are new additions introduced under the New AML Law.For the specific requirements on implementation of anti-money laundering internal control and risk management, financial institutions can refer to various departmental regulations, including the Administrative Measures for the Supervision of Anti-Money Laundering and Counter-Terrorist Financing of Financial Institutions, the Administrative Measures for Anti-Money Laundering and Counter-Terrorist Financing of Banking Financial Institutions, and the Implementation Measures for Anti-Money Laundering in the Securities and Futures Industry. While these regulations provide detailed guidelines for fulfilling anti-money laundering obligations, the New AML Law codifies these obligations in a higher level of law. This not only supports the existing regulations but also provides a legal foundation for enhancing specific anti-money laundering measures in the future. It is expected that internal control and risk management within domestic financial institutions - particularly in areas like personnel allocation, training, regular assessments, and audit supervision - will be key focal points in upcoming anti-money laundering inspections.2. Regarding customer due diligence, domestic financial institutions should:a) establish a customer due diligence system;
b) conduct customer due diligence in any of the following situations: (1) when establishing a business relationship with a customer or providing a one-time financial service above a specified amount; (2) when there are reasonable grounds to suspect that a customer or a transaction is involved in money laundering activities; (3) when there are doubts about the authenticity, validity, or completeness of previously obtained customer identification information;
c) employ due diligence methods that include identifying and verifying the identity of customers and their beneficial owners, understanding the purpose of establishing business relationships and transactions, and for higher money laundering risks, assessing the source and use of related funds;
d) tailor due diligence to align with money laundering risks, allowing for simplified due diligence in cases of lower risk;
e) continuously monitor the overall condition and transaction situation of the customer throughout the business relationship, understand its money laundering risk, adopt risk management measures that correspond to the risk, and balance the risk management with the optimization of financial services;
f) verify the identity of agents and beneficiaries (under life insurance and trust business);
g) may utilize third parties for due diligence, but need to evaluate the third party for money laundering risks;
h) retain customer identity information and transaction records for at least ten years after the termination of the business relationship or transaction.
The aforementioned bold red sections are additions made by the new anti-money laundering law. Several changes are noteworthy:● The "customer identification system" from the old anti-money laundering law has been changed to the "customer due diligence system," which signifies an upgrade in the breadth and depth of "Know Your Customer" ("KYC") requirements. This includes not only the need to "identify" but also to "verify" the customer's identity and that of their "beneficial owners," as well as understanding the purpose of transactions and, in cases of higher risk, the sources and uses of funds.● The circumstances under which customer due diligence (formerly identification) must be conducted are no longer limited to the initial establishment of a business relationship or changes in information. Instead, it has been expanded to include any situation where there are reasonable grounds to suspect that the customer and their transactions may be involved in money laundering activities, thereby reinforcing the gatekeeping responsibilities of financial institutions.● The retention period for customer information and transaction records has been increased from five years to ten years.● The principle of aligning management measures with money laundering risks has been established.Although the Measures for the Administration of Customer Due Diligence and Customer Identity Information and Transaction Record Keeping by Financial Institutions, issued by PBOC, the China Banking and Insurance Regulatory Commission (the predecessor of the National Financial Regulatory Administration), and the China Securities Regulatory Commission in January 2022, provided detailed regulations on how financial institutions should conduct customer due diligence, some small and medium-sized financial institutions raised concerns after its issuance. They pointed out that the measures proposed specific norms and requirements for different financial products and business models, necessitating revisions to internal management systems, information systems, and business processes, as well as staff training. Therefore, on February 21, 2022, the three departments decided to postpone the implementation of these measures. In this context, the New AML Law is of extraordinary significance for establishing the customer due diligence system, as it not only provides a legal foundation at a higher legislative level but also serves as a basis for revising and implementing the aforementioned management measures and other related rules.3. Prevention and Control of New Money Laundering Risks:
Financial institutions should, under the guidance of the anti-money laundering administrative department, pay attention to and assess the money laundering risks brought by new technologies, new products, and new businesses, and take corresponding measures according to the situation to reduce money laundering risks.
According to legislative research by the Financial and Economic Affairs Committee of the National People's Congress, there has been a persistent increase in cross-industry and mass-related money laundering-related crimes, such as telecom network fraud, underground banks, and illegal fundraising. New financial products, technologies, and business models are emerging continuously. Some new business models, such as blockchain, precious metals, online live streaming platforms, and virtual currencies, have been used for money laundering activities. Criminals exploit various methods, such as virtual accounts, shell companies, and complex layering structure, to carry out money laundering and other criminal activities, severely impacting economic and financial security.Therefore, strengthening the prevention and control of new types of money laundering risks is one of the highlights of the revision of the AML law. Although the reference to the new technologies and products is not very specific, the establishment of the upper-level law lays the legal foundation for the formulation of specific regulations in future regulatory work. We believe that the prevention and control of new money laundering risks may become a key focus of anti-money laundering efforts that financial institutions need to strengthen in the future.4. Group Coordination and Information Sharing:a) Financial institutions with branches or controlling other financial institutions at home and abroad, as well as financial holding companies, should coordinate anti-money laundering work at the headquarters or group level.
b) To fulfill anti-money laundering obligations, necessary anti-money laundering information should be shared within the company and among group members. The information-sharing mechanism and procedures should be clearly defined. Sharing anti-money laundering information should comply with relevant information protection laws and ensure that the information is not used for purposes other than anti-money laundering or counter-terrorist financing.
We believe that sharing anti-money laundering information within the company and among group members should comply, on the one hand, with relevant legal requirements for information protection, and on the other hand, adhere to risk isolation (firewall) mechanism in a mixed operation model. 5. Response to Objections:Entities and individuals who have objections to the anti-money laundering risk management measures taken by a financial institution can raise them with the institution. The financial institution must address and respond to these objections within fifteen days; for issues involving basic and essential financial services for customers, they must handle and respond to the parties involved promptly. If the response is not received within the deadline or if the outcome is unsatisfactory, the concerned entities and individuals can lodge a complaint with the anti-money laundering administrative authority; the disputing parties may also directly file a lawsuit in court.Financial institutions must respond promptly to objections within the specified time limit, urging them to implement anti-money laundering measures appropriate to the money laundering risks, balancing anti-money laundering supervision with the protection of customers' legal rights.6. Special Requirements for Domestic Financial Institutions under the Anti-Money Laundering Blacklist System:Financial institutions should identify and assess relevant risks, develop appropriate systems, promptly obtain the list of entities subject to Special Anti-Money Laundering Preventive Measures, conduct checks on customers and their transaction counterparts, take corresponding measures, and report to the anti-money laundering administrative authority.This means that financial institutions should pay active attention to the anti-money laundering blacklist published by relevant national authorities and actively implement the special preventive measures stipulated by the New AML law. Part Three: Key Points for Foreign Financial Institutions to Note
Compared to the Old AML Law, the New AML Law explicitly establishes the extraterritorial jurisdiction of Chinese government agencies. Regarding money laundering and terrorist financing activities conducted outside China, if they endanger China's sovereignty and security, infringe upon the legitimate rights of Chinese citizens, legal persons, and other organizations, or disrupt the domestic financial order, Chinese government agencies have the authority to pursue legal action against the relevant foreign institutions under the New AML Law. We believe that the enforcement against foreign institutions relies on bilateral agreements, international conventions, and judicial cooperation mechanisms, and the effectiveness of these measures needs to be tested in practice.
Additionally, for foreign financial institutions that open agency accounts in China or have other close financial ties with China, the New AML Law stipulates more explicit regulatory mechanisms. Specifically, during investigations into money laundering and terrorist financing activities, relevant state authorities may request these foreign financial institutions to cooperate based on the principle of reciprocity or following consultations with the relevant countries. If these institutions do not cooperate, the anti-money laundering administrative authority of the State Council may impose penalties depending on the severity of the situation, (1) a fine of up to 5 million RMB and may restrict or prohibit their related business; (2) a fine of up to 200,000 RMB on responsible individuals, and depending on the circumstances, revoke their qualifications or prohibit them from engaging in relevant financial sector work; and (3) include them on the list of entities subject to Special Anti-Money Laundering Preventive Measures.Part Four: Beneficiary Information Management System
In addition to strengthening the anti-money laundering obligations of various financial and non-financial institutions, the New AML Law addresses the issue of insufficient transparency in beneficial ownership information of legal entities and arrangements, as highlighted in the FATF Report. This law establishes a management system for the information of ultimate beneficial owners ("UBOs") for legal persons and other entities, requiring them to maintain and timely update UBO information, and truthfully submit it to the registration authorities as required. This system impacts all market participants and is worth attention. The term "UBO" refers to the natural person who ultimately owns or controls a legal person or an unincorporated organization, or who enjoys the ultimate benefits from such entities. The specific criteria for identification will be formulated by the anti-money laundering administrative authority of the State Council in collaboration with relevant departments.
At the administrative regulation level, one week before the official promulgation of the New AML Law, on November 1, 2024, PBOC and the State Administration for Market Regulation issued the Beneficial Owner Information Management Measures, which have come into effect. These measures require the State Administration for Market Regulation to coordinate and guide the construction of relevant registration systems and to timely push the collected beneficial ownership information to PBOC.Under the Beneficial Owner Information Management Measures, a natural person is considered a UBO of a registered entity if they meet any of the following conditions:1. They ultimately own a 25% or more of the equity, shares, or partnership interest of the registered entity, either directly or indirectly;2. Although they do not meet the first criteria, they ultimately enjoy 25% or more of the benefits or voting rights of the registered entity;3. Although they do not meet the first criteria, they exercise actual control over the registered entity alone or jointly (including but not limited to controlling the entity through agreements or closely related persons, such as deciding the appointment or dismissal of legal representatives, directors, supervisors, senior management, or executive partners, making major business and management decisions, determining financial expenditure, or having long-term actual control over important assets or main funds).If none of these conditions are met, the individuals responsible for the daily management of the registered entity should be registered as the UBO. For wholly state-owned or state-controlled companies, the legal representative should be registered as the UBO.For entities registered before the implementation of these measures, although the measures require that registration be completed by November 1, 2025, we have noted that in some areas (such as Shanghai), the market supervision departments require the completion of UBO information registration before proceeding with other business registration changes, otherwise, such changes may not be processed.The introduction of the New AML Law, anchored in robust regulation and guided by a "risk-based" principle, substantially refines and enhances the existing anti-money laundering frameworks. This legislation is crucial for preventing and managing financial risks while ensuring financial security. Additionally, it elevates the internationalization of China's anti-money laundering efforts and strengthens global cooperation in this domain. Ultimately, it lays a solid institutional foundation for China as it prepares for the upcoming round of FATF evaluations.
