The extended scope of non-financial institutions, stricter cross-border data sharing rules, and personal data protection are some of the key changes under China’s amended anti-money laundering law.
Shutterstock.com/Canadadude3D
China is strengthening its anti-money laundering (AML) regime to make improvements to the modern financial regulatory system.
“In recent years, anti-money laundering work has revealed several problems, and it is necessary to base oneself on China’s actual situation and take into account the new requirements of the new situation,” Pan Gongsheng, Governor of the People’s Bank of China on behalf of State Council, said in a statement on 8 November 2024. The revisions were adopted on the same day.
The amendments to the AML Law 2007 will be effective on 1 January 2025. The amended law clarifies its application scope, strengthens the supervision and management of AML, and increases AML obligations.
Experts have stated that the amendments aim to address systemic gaps in AML risk management, emphasising a risk-based approach that challenges financial and non-financial institutions to develop more comprehensive strategies for detecting and preventing money laundering risks.
Lexology PRO explores the key changes to the amended AML Act 2007 and its key implications for businesses.
What are the key changes introduced by the new law?
Extraterritorial application
The amended law extends its jurisdiction to any overseas money laundering and terrorist financing activities that may threaten the country’s sovereignty and security. Compared to the previous version of the AML Law 2007, the amended law combines territorial jurisdiction with protective jurisdiction for overseas AML enforcement. The extraterritorial AML protections aim to address cross-border enforcement challenges that arise from inconsistent frameworks around the world.
Expanded definition of money laundering
The AML law defines money laundering as an activity that hides the origins and nature of profits from specific crimes. The amendment expands its scope by adding “other criminal proceeds” to its previous list of seven specific crimes, which include:
- drug-related crimes;
- organised crime and gang activities;
- terrorist activities;
- smuggling;
- corruption and bribery;
- financial regulatory violations; and
- financial fraud.
The broadened definition covers hiding profits from any type of criminal activity, including terrorist financing. Experts have said the changes leave room for potentially increasing supervision of other types of upstream money laundering offences not explicitly defined in the law.
Extended scope for non-financial institutions
The law now extends AML obligations to a broader range of non-financial institutions. The expanded list includes:
- real estate developers;
- accounting firms;
- law firms;
- precious metal dealers; and
- other entities involved in transactions that could potentially be used to conceal illegal funds.
The expanded application intends to address the lack of AML supervision identified across various industries, as highlighted in the Financial Action Task Force’s 2019 report on China. The FATF report found a general lack of awareness about money laundering risks and compliance obligations among non-financial institutions.
Establishment of a beneficial ownership system
The Chinese authorities will establish a system to manage information of beneficial owners for legal entities and non-legal organisations. The amended law mandates financial and non-financial institutions to identify beneficial ownership information in addition to existing obligations, like KYC due diligence and legal ownership.
Under the law, financial and non-financial institutions must verify the beneficial ownership information provided by their clients. Such measures include independently reviewing the due diligence documentation to assess the accuracy of such information and provide feedback when information is incorrect, inconsistent, or incomplete.
Penalties
The amended AML law increases financial penalties from 500,000 yuan (US$69,242) to 2 million yuan (US$276,968) for minor violations, such as failing to establish a robust internal AML compliance system or conduct customer due diligence. Financial institutions may face fines of up to 10 million yuan (US$1.38 million) for serious violations involving criminal proceeds or terrorist financing.
In 2023, Chinese authorities significantly increased enforcement actions relating to AML violations, according to a local news report on 4 January 2024. The Central Bank issued 55 fines, totalling 54.42 million yuan (US$7.49 million), to non-financial institutions – an 181.89% increase from the previous year. The banking sector also faced a 29.7% rise in fines for AML-related violations. Examples of some of the violations in the banking sector include:
- failing to fulfil the obligation of identifying each account holder;
- failing to report large transactions;
- insufficient AML management controls; and
- engaging in transactions with unidentified customers.
Key implications for businesses
Comply with personal data protection and data security
Under the amended law, regulators, businesses, or individuals must protect collected personal information during AML processes. The law mandates strict confidentiality for customer identity data, transaction details, and investigative information and prohibits unauthorised disclosure. The law limits the use of such personal information to specific legal purposes, such as AML investigations and criminal litigation.
Adhere to cross-border data-sharing restrictions
The AML law imposes more stringent requirements for cross-border investigations and data sharing. Foreign financial institutions must obtain regulatory approval from Chinese authorities when requesting international information sharing or investigations with domestic institutions. In addition, overseas businesses must comply with China’s personal data protection and security laws when requested information sharing involves sensitive personal data.
Fulfil customer due diligence requirements
The amended law expands compliance requirements for financial institutions, transforming due diligence from a routine process to a comprehensive risk management strategy. Businesses must comply with the following obligations:
- mandatory identity verification;
- deeper scrutiny of transaction purposes; and
- enhanced monitoring of high-risk scenarios, with specific requirements for identifying beneficial owners and verifying agency relationships.
Under the amended law, institutions must consistently monitor customer transactions and implement risk management measures for suspicious transactions based on their money laundering risk profile. The law also extends the retention period of customer documents from five to ten years following the termination of the business relationship.