What is a TCSP in Hong Kong?

A Trust or Company Service Provider (TCSP) is a licensed entity in Hong Kong that provides incorporation and corporate secretarial services to companies. TCSPs must be licensed under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance.

How can Bridge Corporate Services help set up a TCSP company?

Bridge Corporate Services provides end-to-end consulting for establishing licensed TCSP companies in Hong Kong, including regulatory guidance, license application support, compliance framework setup, and operational implementation.

What compliance requirements do Hong Kong TCSPs need to meet?

Hong Kong TCSPs must comply with AML/CFT regulations, maintain proper KYC procedures, submit regulatory reports, conduct risk assessments, and meet ongoing compliance obligations set by the Companies Registry and other regulatory bodies.

What features does the Bridge TCSP management platform offer?

Our SaaS platform offers comprehensive client management, automated compliance tracking, KYC renewal reminders, secure document storage, regulatory reporting tools, workflow automation, and real-time analytics for TCSP operations.

Bridge Corporate Services | TCSP Consulting & Compliance Solutions Hong Kong

TCSP Regulatory Reporting Requirements: Complete Compliance Framework

TCSP regulatory reporting in Hong Kong requires licensed Trust Company Service Providers to submit structured disclosures to the Companies Registry, maintain detailed AML/CFT records, and fulfil ongoing statutory obligations under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO). These requirements are non-negotiable, carry significant penalties for non-compliance, and form the operational backbone of any compliant TCSP business. Understanding the full reporting framework — from client due diligence documentation to annual returns — is essential for every TCSP operating in or seeking entry to Hong Kong's regulated trust services market.

The Regulatory Foundation: What Governs TCSP Reporting?

Hong Kong's TCSP regulatory framework is administered primarily by the Companies Registry, which acts as the licensing authority under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615). The AMLO, together with the Financial Action Task Force (FATF) recommendations that Hong Kong has adopted, establishes the baseline for what TCSPs must report, to whom, and on what timeline.

As of the most recent FATF Mutual Evaluation of Hong Kong (2019), Hong Kong was rated largely compliant with international AML/CFT standards. However, the evaluation also flagged areas where TCSPs needed to strengthen beneficial ownership reporting and transaction monitoring — areas that have since been tightened through regulatory guidance.

The Hong Kong Companies Registry's Guideline on Compliance with the Anti-Money Laundering and Counter-Terrorist Financing Ordinance by Trust or Company Service Providers (revised 2023) sets out detailed expectations for reporting, record-keeping, and suspicious transaction escalation. Every TCSP — whether newly licensed or long-established — must treat this document as a live compliance reference.

Core Reporting Obligations for Licensed TCSPs

TCSP regulatory reporting covers five primary categories of obligation:

1. Customer Due Diligence (CDD) and Beneficial Ownership Records

TCSPs must conduct CDD on all clients before establishing a business relationship and must document the findings. This includes:

Identifying and verifying the identity of clients and beneficial owners
Obtaining information on the nature and purpose of the business relationship
Verifying that beneficial owners holding 25% or more of a legal entity are identified and recorded
Conducting enhanced due diligence (EDD) for high-risk relationships, including Politically Exposed Persons (PEPs)

All CDD records must be retained for a minimum of five years after the end of the business relationship, as mandated under Schedule 2 of the AMLO.

2. Suspicious Transaction Reports (STRs)

When a TCSP has knowledge or reasonable suspicion that a transaction or funds are connected to money laundering or terrorist financing, it must file a Suspicious Transaction Report with the Joint Financial Intelligence Unit (JFIU) — Hong Kong's central STR body operated jointly by the Hong Kong Police Force and the Customs and Excise Department.

Filing is not discretionary. Failure to report constitutes a criminal offence under section 25A of the Drug Trafficking (Recovery of Proceeds) Ordinance (Cap. 405) and the Organised and Serious Crimes Ordinance (Cap. 455). The JFIU's online STREAMS system is the designated platform for STR submission.

3. Annual Returns and Licensing Renewal Disclosures

Licensed TCSPs must submit annual returns to the Companies Registry confirming their continued eligibility to hold a licence. These returns include:

Confirmation of fit and proper status for directors and beneficial owners
Declaration of any material changes to business structure or ownership
Updated particulars for any new responsible officers
Confirmation that required AML/CFT policies and procedures remain current

Failure to file the annual return on time — or filing with inaccurate information — can trigger licence suspension or revocation.

4. Record-Keeping for Trust and Company Structures

For TCSPs administering trusts or acting as nominee directors or shareholders, a separate layer of record-keeping applies. This includes maintaining registers of:

Trust instruments and related side letters
Nominee arrangements with underlying principals
Corporate structures where the TCSP acts as a service provider

These records must be accurate, up to date, and accessible to regulators upon request.

5. Risk Assessment Documentation

TCSPs are required to conduct and document a firm-wide risk assessment at least annually. This assessment must evaluate exposure to money laundering and terrorist financing risks across client types, geographies, products, and delivery channels. The written risk assessment must be available for inspection and updated whenever material business changes occur.

Jurisdictional Context: How Hong Kong Compares

For TCSPs operating across multiple jurisdictions — including Singapore, London, Cayman Islands, British Virgin Islands, and Switzerland — understanding how Hong Kong's reporting requirements compare is strategically important.

Singapore's MAS-regulated trust service providers operate under the Trust Companies Act and face broadly similar CDD and STR obligations, though Singapore's framework places greater prescriptive detail on outsourcing controls. The BVI and Cayman Islands, while offshore in nature, have significantly strengthened their regulatory reporting expectations since the introduction of Economic Substance Requirements in 2018-2019. Switzerland's FINMA-overseen trust reporting aligns with FATF standards but is embedded within a broader financial intermediary framework.

Hong Kong's framework is notable for the Companies Registry's direct supervisory role — unlike some jurisdictions where oversight is delegated to self-regulatory organisations. This creates a more centralised and predictable reporting environment for TCSPs, but also means less flexibility in interpretation.

Hong Kong's centralised TCSP reporting architecture — anchored in AMLO and administered directly by the Companies Registry — offers TCSPs a clear, codified compliance pathway. Firms that build systematic reporting processes from day one consistently outperform those that retrofit compliance onto existing operations.

How Often Are TCSPs Inspected?

The Companies Registry conducts both routine and risk-based inspections of licensed TCSPs. Routine inspections typically occur on a two to four year cycle, though higher-risk TCSPs — those serving offshore structures, high-risk jurisdictions, or PEP clients — face more frequent scrutiny. Inspections assess the adequacy of CDD records, the functionality of internal AML/CFT controls, staff training records, and the accuracy of regulatory filings.

TCSPs that have invested in purpose-built compliance management systems demonstrate substantially stronger inspection outcomes. Platforms that automate record-keeping, flag overdue CDD reviews, and generate audit-ready reporting trails reduce both the administrative burden and the risk of inadvertent non-compliance.

Building a Compliant Reporting Infrastructure

Constructing a regulatory reporting framework that holds up under inspection requires more than a document filing system. It demands an integrated compliance architecture covering people, processes, and technology.

People: Every TCSP must designate a Responsible Officer (RO) who holds personal accountability for AML/CFT compliance. The RO must be fit and proper under the Companies Registry's criteria, must be physically present in Hong Kong for a meaningful portion of the year, and must maintain active oversight of the firm's reporting obligations.

Processes: Documented compliance procedures must cover every stage of the client lifecycle — from onboarding CDD through ongoing monitoring, transaction screening, and offboarding. These procedures must be reviewed annually and whenever regulatory guidance is updated.

Technology: Manual compliance management is increasingly untenable as client volumes and regulatory complexity grow. Purpose-built SaaS platforms for TCSP compliance management — such as those offered by specialist providers — enable automated CDD scheduling, integrated STR workflows, and real-time dashboards for reporting deadlines. Bridge Services' purpose-built SaaS platform for client and compliance management is specifically designed for the Hong Kong TCSP environment, streamlining the documentation, tracking, and reporting obligations that TCSPs face across their client portfolio.

The TCSPs that maintain the cleanest regulatory records are rarely those with the most experienced compliance staff alone — they are the ones who have operationalised compliance through systems that make correct behaviour the path of least resistance.

For firms at the earlier stages of building their compliance infrastructure, reviewing the Hong Kong TCSP compliance requirements in detail provides an essential baseline before constructing reporting workflows.

Frequently Asked Questions About TCSP Regulatory Reporting

Q: What are the consequences of failing to file a Suspicious Transaction Report in Hong Kong?

Failure to file an STR when there are reasonable grounds for suspicion is a criminal offence under Hong Kong law, carrying penalties including fines and imprisonment. The JFIU expects timely reporting, and TCSPs cannot use internal uncertainty as justification for delay. When in doubt, TCSPs are legally required to report.

Q: How long must TCSP regulatory reporting records be retained?

All CDD records, transaction records, and related correspondence must be retained for a minimum of five years from the date the business relationship ends or the transaction is completed. Risk assessment documentation and internal compliance records should also be retained for at least five years to support regulatory inspection.

Q: Does TCSP regulatory reporting apply to companies that only provide nominee services?

Yes. Any company providing nominee director, nominee shareholder, or trust services as a business — regardless of whether those are the primary or ancillary services — requires a TCSP licence and is subject to the full suite of AML/CFT reporting obligations under the AMLO. There is no partial or reduced reporting regime for firms providing a narrower range of trust or company services.

Getting the Framework Right From Day One

For companies seeking TCSP licensing in Hong Kong, the reporting framework outlined above is not a future consideration — it is a condition of licensing from the moment of application. The Companies Registry assesses whether applicants have the systems and personnel in place to meet these obligations before granting a licence.

Bridge Services provides end-to-end TCSP company setup and licensing consulting, including expert guidance on structuring your reporting infrastructure to satisfy Companies Registry requirements from the outset. Rather than building compliance frameworks in isolation, firms working with experienced consultants arrive at licensing — and subsequent inspections — with reporting systems that are already operational, tested, and aligned with current regulatory expectations.

For a comprehensive understanding of the initial licensing process that precedes these ongoing reporting obligations, the complete TCSP licensing guide for Hong Kong details the application steps, documentation requirements, and fit and proper criteria that all TCSP applicants must satisfy.

Regulatory reporting is not the end of compliance — it is the continuous evidence of it. Firms that treat reporting as a strategic function, rather than a bureaucratic obligation, build the regulatory standing that enables sustainable, scalable trust services businesses across Hong Kong and the international jurisdictions they serve.

Last Reviewed: July 2025