You can disable it either client-side (on the AAD Connect server) or server-side (via the corresponding PowerShell cmdlet). In the former scenario, objects continue to be managed on-premises, any updates you make will not be synchronized of course and you will eventually start receiving emails telling you that no recent sync has occurred. If you disable it server-side, objects will be "converted" to cloud-only and can be managed directly in Azure AD/Office 365.
Now, if password is the only thing they want, the above is mute. You can have different passwords configured in the cloud vs on-premises, even when password sync is enabled. But if that's the way they want it, you should disable the password sync feature by rerunning the AAD Connect config wizard. So TL;DR answer is, depends on what your end goal is here.