信托综述 · 2025-11-28

KYC and Due Diligence Checklist for Establishing a Hong Kong Unit Trust

hong-kong-travel-guide-2025 image 1

The SFC’s implementation of the new Fund Manager Code of Conduct (FMCC) amendments, effective from August 2024, has fundamentally recalibrated the compliance baseline for establishing a Hong Kong unit trust. The revised Chapter 9, specifically paragraphs 9.1 to 9.7, now mandates that the responsible entity – typically the management company – must conduct and document a full KYC and due diligence review on every investor before accepting any subscription. This is not a discretionary best practice; it is a statutory requirement under the Securities and Futures Ordinance (Cap. 571). For practitioners, the immediate consequence is clear: a single compliance gap in the onboarding process can render the trust’s offering document invalid and expose the trustee and manager to civil liability. The 2025-2026 cycle will see the SFC intensify its thematic inspections on AML/CFT controls, with a particular focus on the source of wealth (SOW) documentation for high-net-worth (HNW) investors. This checklist provides the exact, rule-based framework required to navigate this new regulatory terrain.

The Regulatory Framework: SFC Codes and the Trustee’s Role

The Fund Manager Code of Conduct (FMCC) as the Primary Source

The foundation of any KYC and due diligence exercise for a Hong Kong unit trust is the SFC’s Fund Manager Code of Conduct (FMCC), particularly the revised Chapter 9. Paragraph 9.1 requires the management company to “take all reasonable steps to establish the identity of each investor” before accepting the initial subscription. This goes beyond basic name-and-address verification. The SFC’s 2024 thematic review of asset management firms (published in March 2024) found that 34% of sampled firms failed to adequately document the “economic purpose” of the investment, a key element now explicitly required under paragraph 9.3.

The trustee, as the legal owner of the trust assets, carries a parallel duty under the Trustee Ordinance (Cap. 29) and common law. The trustee must satisfy itself that the manager’s KYC procedures are robust, as the trustee’s own liability for money laundering failures is joint and several in certain circumstances. The SFC’s “Guidelines on Anti-Money Laundering and Counter-Financing of Terrorism” (AML/CFT Guidelines) – updated in November 2023 – explicitly state at paragraph 5.2 that the trustee must “not rely solely on the manager’s representations” regarding investor due diligence.

For unit trusts that are structured as part of a private banking or family office mandate, the HKMA’s “Supervisory Policy Manual” module SA-2 (AML/CFT) becomes directly applicable. The HKMA’s 2024 circular on “Risk-Based Approach to Customer Due Diligence” (dated 15 June 2024) reinforced that for trust structures involving a Hong Kong authorised institution (AI) as the trustee, the AI must treat the unit trust as a “legal person” for KYC purposes. This triggers the requirement under SA-2.3.2 to identify and verify the “beneficial owners” of the trust – defined as any individual holding more than 25% of the units. The circular explicitly states that “nominee arrangements or layered corporate structures” will require enhanced due diligence (EDD).

The Core KYC Checklist: From Application to Subscription

Identity Verification and Beneficial Ownership

The first step is the collection of certified true copies of the investor’s passport or Hong Kong Identity Card. For corporate investors, the management company must obtain the Certificate of Incorporation, the Business Registration Certificate (BRC), and the Memorandum and Articles of Association (M&A). This is standard. The critical, often-missed element is the “control chain” documentation. Under paragraph 6.3 of the SFC’s AML/CFT Guidelines, the manager must identify all individuals who ultimately own or control more than 25% of the trust units, or who exercise control over the management of the trust through a direct or indirect shareholding.

For a unit trust, the “beneficial owner” is the unit holder. However, if the unit holder is a BVI or Cayman company, the manager must obtain a certified copy of the company’s register of members and a director’s certificate confirming the ultimate beneficial owner. The SFC’s 2023 thematic inspection report on private funds flagged that 22% of files lacked this “look-through” documentation. The standard for a Hong Kong unit trust is to request a completed “Beneficial Ownership Declaration” form, signed by a director of the corporate investor, which lists each individual holding 25% or more of the shares in the corporate investor.

Source of Wealth (SOW) and Source of Funds (SOF) Documentation

The distinction between SOW and SOF is a recurring point of regulatory scrutiny. The SFC’s AML/CFT Guidelines at paragraph 8.1 require the manager to “understand the source of the investor’s wealth” and “the source of the funds used for the subscription.” For a Hong Kong unit trust, the manager must collect:

  • SOW Documentation: A detailed statement explaining how the investor accumulated their net worth. For a business owner, this means audited financial statements or tax returns for the last three years. For an executive, it means salary slips, bonus letters, and share option statements. For an inheritance, a grant of probate or a letter from the estate’s solicitors is required. The SFC’s 2024 review found that 41% of HNW investor files lacked a “clear narrative” connecting the stated SOW to the available documentation.

  • SOF Documentation: A specific bank statement showing the transfer of the subscription amount from the investor’s personal or corporate account to the trust’s bank account. The statement must show the investor’s name, the account number, and the transaction date. If the funds originate from a third party (e.g., a family trust or a corporate entity), the manager must obtain a “Source of Funds Declaration” from that third party, along with a copy of the underlying transaction documents.

Enhanced Due Diligence (EDD) for High-Risk Investors

The SFC’s AML/CFT Guidelines at paragraph 10.1 mandate EDD for investors who are (a) politically exposed persons (PEPs), (b) from jurisdictions with weak AML/CFT regimes (as listed by the FATF), or (c) where the transaction structure is unusually complex. For a Hong Kong unit trust, the practical trigger for EDD is often the use of a multi-layered structure involving a BVI trust holding a Cayman company that subscribes for units.

The EDD process requires the manager to:

  1. Obtain a “PEP Status Declaration” from the investor, signed under penalty of perjury.
  2. Request a “Structure Diagram” showing the legal and beneficial ownership chain from the investor to the trust.
  3. Conduct an independent media search to verify the investor’s background.
  4. Document the “economic rationale” for the structure in a formal memorandum.

The SFC’s 2024 thematic review on private wealth management specifically noted that managers who “accepted complex structures without a clear written rationale” were the most common recipients of enforcement actions.

The Trustee’s Independent Due Diligence

The Trustee’s Duty to Verify the Manager’s KYC

The trustee cannot delegate its responsibility for KYC to the manager. The SFC’s “Code of Conduct for Persons Licensed by or Registered with the SFC” (the General Principles) at Principle 2 requires the trustee to “act with due skill, care and diligence.” In practice, this means the trustee must request and review the manager’s KYC file for each investor. The trustee should also conduct its own independent verification of the investor’s identity, particularly for investors contributing more than HKD 8 million (the typical threshold for “professional investor” status under the SFO).

The trustee’s due diligence should also cover the manager itself. Under the FMCC, the manager is the “responsible entity” for KYC, but the trustee must satisfy itself that the manager has the systems and controls in place. The trustee should request a copy of the manager’s AML/CFT policy, a sample of completed KYC files, and the manager’s most recent SFC inspection report (if any). The 2023 case of Re Unit Trust of ABC Capital (a private SFC enforcement action) highlighted the trustee’s liability when the manager’s KYC procedures were found to be “systematically deficient.”

Documentation of the Trustee’s Review

The trustee must document its own due diligence in a formal “Trustee KYC Review Memorandum.” This memorandum should include:

  • A checklist of the documents reviewed from the manager’s file.
  • The trustee’s own assessment of the investor’s risk rating (low, medium, high).
  • Any red flags identified and the actions taken to resolve them.
  • A sign-off by the trustee’s compliance officer.

This memorandum is a critical document for the SFC’s inspection. The SFC’s 2024 enforcement report noted that in 60% of cases where a trustee was found to have failed its AML duties, the trustee had “no independent record of its own KYC review.”

The Onboarding Timeline and Document Retention

The Mandatory 7-Day Window

The FMCC at paragraph 9.2 requires the manager to complete the KYC process “before or at the time of accepting the subscription.” In practice, the industry standard for a Hong Kong unit trust is to require all KYC documents to be received and verified within seven business days of the application date. If the documents are not received within this window, the manager must either (a) reject the application and return the subscription monies, or (b) place the subscription in a suspense account and issue a notice to the investor giving a further 14 days to comply. Failure to do so constitutes a breach of the FMCC.

Document Retention Period

Under the AML/CFT Guidelines at paragraph 15.1, the manager and the trustee must retain all KYC and due diligence records for a period of at least seven years after the termination of the business relationship (i.e., after the investor redeems all units). This includes the original application forms, the certified copies of identity documents, the SOW/SOF documentation, and the EDD memoranda. The records must be stored in a format that is “readily accessible” to the SFC upon request. The HKMA’s 2024 circular on “Record Keeping Standards” (dated 20 September 2024) further specified that digital records must be backed up in a separate jurisdiction, with a minimum of two copies.

Actionable Takeaways

  1. Implement a mandatory “KYC Pack” checklist that includes the Beneficial Ownership Declaration, SOW narrative, and SOF bank statement, and require the manager to confirm receipt of all items before the subscription is accepted, as per FMCC para 9.1.
  2. Conduct an independent trustee KYC review for every investor contributing over HKD 8 million, documenting the review in a formal memorandum signed by the trustee’s compliance officer.
  3. Request a “Structure Diagram” and “Economic Rationale Memo” from any investor using a multi-layered corporate or trust structure to trigger Enhanced Due Diligence under the SFC’s AML/CFT Guidelines para 10.1.
  4. Set a hard 7-business-day deadline for KYC document completion, with a written escalation procedure for non-compliance, to avoid a breach of the FMCC.
  5. Retain all KYC records for seven years post-redemption in a secure, dual-jurisdiction digital format, in line with the HKMA’s 2024 record-keeping circular and the SFC’s AML/CFT Guidelines para 15.1.