Hong Kong Regulator Warns of Rising Money Laundering Risks Through Licensed Firms and Virtual Asset Platforms

Hong Kong’s Securities and Futures Commission (SFC) has sounded a strong warning to licensed corporations and virtual asset trading platforms over an emerging trend in money laundering activity, cautioning that illicit actors are increasingly exploiting regulated financial institutions to disguise the origins of criminal proceeds.

In a detailed circular issued to the industry, the SFC said it has identified patterns consistent with “layering” — a critical stage of money laundering in which multiple transactions are used to obscure the trail of illicit funds. The regulator warned that failure to detect and prevent such activity exposes not only individual firms but the entire financial system to significant money laundering and terrorist financing (ML/TF) risks.

According to the SFC, supervisory reviews have revealed suspicious fund movements in client accounts maintained with licensed corporations and SFC-licensed virtual asset service providers. These include frequent and rapid deposits and withdrawals, often with little or no trading activity in between. In many cases, funds were deposited only to be withdrawn almost immediately, suggesting that the accounts were being used as temporary conduits rather than for genuine investment purposes.

“The observed patterns indicate that some client accounts are being misused as depositary accounts to move funds through the financial system while concealing their true origin and destination,” the regulator said.

The SFC noted that these activities often involve structured transactions designed to evade detection, such as multiple small or irregular deposits made within short timeframes, sometimes outside normal banking hours. Once accumulated, the funds are typically withdrawn swiftly — often to different bank accounts held in the same client’s name — and the accounts frequently become dormant thereafter.

Adding to the concern, intelligence shared by the Hong Kong Police Force has pointed to a growing number of scam and deception cases in which victims are instructed to transfer funds to unknown third parties. These funds are then layered through licensed firms, either withdrawn to other bank accounts or converted into virtual assets before being transferred to unhosted wallets, further obscuring the audit trail.

The regulator warned that such schemes may involve illicit actors directly, individuals acting as stooges, or accounts that have been compromised for criminal use.

Despite the presence of these warning signs, the SFC said some licensed firms have failed to identify or act on clear red flags. In certain cases, firms dismissed suspicious activity on the basis that deposits and withdrawals were made only between accounts or wallet addresses held in the client’s own name, overlooking the broader transactional patterns and lack of legitimate trading activity.

The circular reiterates that many of the indicators associated with these schemes are already well documented in existing anti-money laundering and counter-financing of terrorism (AML/CFT) guidelines. These include accounts used primarily to park or transfer funds, structured transactions to avoid monitoring thresholds, frequent changes to bank or wallet details, transactions inconsistent with a client’s financial profile, unexplained conversion of funds into virtual assets, and multiple clients accessing platforms from the same IP address or device.

The SFC placed particular emphasis on the responsibility of senior management — including responsible officers, managers-in-charge, compliance officers, money laundering reporting officers, and boards of directors — to ensure that effective AML/CFT frameworks are in place and operating as intended.

Licensed firms were urged to strengthen transaction monitoring systems, ensuring they are sufficiently sophisticated and proportionate to the risks faced. Monitoring tools should be capable of detecting rapid in-and-out fund movements, structured deposits and withdrawals, short-lived account activity, unusual jurisdictional flows, and repeated conversions between fiat currency and virtual assets.

For firms engaged in virtual asset activities, the SFC stressed the importance of screening wallet addresses using appropriate technological solutions, such as blockchain analytics, both before and after transactions are executed. Any links to illicit activity, including fraud, must be promptly investigated.

Beyond systems and technology, the regulator called for heightened vigilance in day-to-day operations, particularly when processing deposits and withdrawals. Firms were encouraged to adopt holistic controls, including bank account registration or wallet address whitelisting mechanisms, limits on the number of accounts or addresses a client may use, and senior management approval for changes to withdrawal destinations.

The SFC also suggested practical safeguards to reduce the risk of facilitating layering, such as restricting withdrawals to original funding sources and imposing short holding periods to prevent immediate withdrawals following deposits.

Where red flags are identified, firms are expected to conduct prompt and thorough investigations and, where appropriate, file suspicious transaction reports with the Joint Financial Intelligence Unit. Withdrawal requests should not be processed if there is unresolved suspicion of money laundering or terrorist financing.

The regulator made clear that it will continue to closely supervise compliance through inspections, monitoring, and thematic reviews. It also warned that it will not hesitate to take regulatory or enforcement action against firms and senior personnel who fail to meet their AML/CFT obligations. Potential consequences include licensing conditions, business restrictions, fines, suspensions, or licence revocations.

The circular underscores the SFC’s broader message: that safeguarding the integrity of Hong Kong’s financial system requires constant vigilance, particularly as criminals adapt their methods to exploit both traditional financial institutions and rapidly growing virtual asset markets.