tl;dr
The Hong Kong Securities and Futures Commission (SFC) has mandated immediate implementation of stringent controls for licensed digital asset custodians, focusing on safeguarding client assets through enhanced security measures such as detecting unauthorized wallet access, restricting withdrawals to ...
The Hong Kong Securities and Futures Commission (SFC), the territory’s top finance regulator, issued a circular mandating immediate implementation of stringent controls for licensed custodians of digital assets. These updated requirements set minimum standards for virtual asset trading platforms (VATPs), focusing on safeguarding client assets through mechanisms such as detecting unauthorized access to wallet infrastructure, permitting withdrawals only to whitelisted addresses, and maintaining around-the-clock monitoring of systems, networks, wallets, and infrastructure.
Dr. Eric Yip, the SFC’s Executive Director of Intermediaries, emphasized that client asset protection remains paramount to fostering a competitive and trusted digital asset ecosystem in Hong Kong. The new guidelines serve as a practical framework for firms to enhance custody practices, especially as global cyber risks in digital assets intensify. The SFC’s move comes after identifying multiple custody vulnerabilities overseas and an internal review that revealed weaknesses in some virtual asset service providers’ cybersecurity controls.
Key concerns cited include compromised third-party wallet solutions, inadequate transaction verification, and poor access controls over approval devices. Among the notable changes, the SFC banned the use of smart contracts in cold wallets to minimize exposure to online threats linked to public blockchain smart contracts. Strong authorization controls and systematic transaction verification are now required to prevent unauthorized transfers from cold wallets, with strict oversight on whitelist modifications.
The circular also demands platforms reconcile on-chain client assets with ledger balances in real time, promptly flagging any discrepancies. These measures take effect immediately, and operators must review their custody frameworks to ensure compliance.
Hong Kong has been progressively establishing itself as a digital asset hub throughout 2024. The Hong Kong Monetary Authority launched a supervisory initiative early in the year to assist banks in blockchain adoption. Legislators passed a landmark ‘Stablecoin Ordinance’ in May, instituting a licensing regime for stablecoin issuers linked to the Hong Kong dollar. In June, the SFC announced plans to allow digital asset derivatives for professional investors, enhancing the diversity of fintech offerings.
Most recently, the government unveiled its “Policy Statement 2.0 on the Development of Digital Assets,” introducing the ‘LEAP’ framework that strengthens regulation of stablecoins, asset tokenization, and unifies oversight of virtual asset service providers. While ramping up regulatory scrutiny, the SFC stressed that these updated custody requirements aim to build a solid foundation for the digital asset industry in Hong Kong, rather than imposing unnecessarily burdensome rules on this innovative sector.