Blockchain 2022 Comparisons

Hong Kong is one of the world’s leading fintech hubs.

Initially, Hong Kong largely used blockchain as next-generation infrastructure to enable technological innovations for its large financial services sector. However, other industries are increasingly adopting blockchain technology, and this trend will continue. Non-fungible tokens (NFTs) have risen to prominence globally, including in Hong Kong, and are expected to continue to manifest here in asset classes such as music, film and art.

Hong Kong businesses use blockchain for several different business models, such as cryptocurrency exchange platforms, asset digitisation solutions and blockchain solutions used to manage supply chain, trade finance, healthcare and other corporate-facing services. As a global financial hub, Hong Kong is home to many blockchain companies that cater to fintech/e-payments.

Decentralised finance (DeFi) refers to a new form of finance built on open and permissionless blockchain-based networks, which does not rely on central financial intermediaries such as banks, brokerages and exchanges. Instead, blockchain protocols, smart contracts and cryptocurrencies are used to provide DeFi products and services, including decentralised exchanges, stablecoins, money markets, savings, payments, derivatives and insurance services. While still in its infancy, DeFi has quickly gained traction in the past year. According to a research report conducted by a blockchain data provider in April 2022, the total value locked in DeFi (ie, assets currently being staked using DeFi protocols) is USD239 billion, representing a rise of nearly 40,000% from USD601 million at the beginning of 2020. In Hong Kong, there has been growing interest in DeFi from retail investors.

There are currently no laws or regulations specifically applicable to DeFi in Hong Kong.

However, as noted in 2.1 Regulatory Overview, in May 2021 the Hong Kong Financial Services and Treasury Bureau (FSTB) published the conclusions of its public consultation on proposals to enhance Hong Kong’s anti-money laundering and counter-terrorist financing (AML/CTF) regime. These include a new licensing regime to bring virtual asset services providers (VASPs) within the regulatory ambit of the Securities and Futures Commission (SFC) under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615) (AMLO).

Furthermore, in January 2022 the SFC and the Hong Kong Monetary Authority (HKMA) published a joint circular and appendix relating to Virtual Asset (VA)-related activities (together, the Joint Circular), and the HKMA published a circular to provide guidance to authorised institutions dealing with VAs and VASPs (HKMA Circular). There will be a six-month transition period for intermediaries providing VA-related services to comply with the updated requirements in the Joint Circular.

In addition, DeFi platforms may be subject to applicable licensing requirements, depending on the context in which they operate – ie, the characterisation of the platform, the attributes of each token on the platform and the activities conducted in respect of such tokens; please refer to 7.1 Decentralised Finance Platforms for details. There may also be cross-sector regulatory issues to consider in respect of DeFi, including consumer protection, data protection and tax requirements.

The NFT market is fast-growing in Hong Kong, particularly in art and exhibitions. Auction exhibitions are not only displaying NFT artwork and video features, but are also involved in developing art-related NFT platforms.

In 2022, a Hong Kong-based NFT platform that was established in 2020 received USD10 million of funding from a Hong Kong blockchain game developer. The company was said to be valued at USD110 million during the financing round.

NFTs are in high demand in Hong Kong and have gained popularity as prospective buyers hope to profit. For example, an NFT artwork of an ape reached 30 times its original value within just four months. In another instance, 3,888 NFTs of three-dimensional mushroom avatars created by a local team sold out in under two minutes after launching.

NFTs are also being used to drive interest in the real estate market as Hong Kong developers develop virtual land in the metaverse. As of March 2022, an NFT project has started in Hong Kong to encourage people to invest in shares of virtual real estate created in the metaverse.

Laws and Regulations on Blockchain/DLT

There is no blockchain-specific legislation or regulatory framework in Hong Kong. Nevertheless, the use of blockchain and distributed ledger technology (DLT) will engage existing and contemplated laws and regulations in Hong Kong, depending on the context in which they are applied.

The HKMA, Hong Kong’s de facto central bank, published two white papers on blockchain and DLT in 2016 and 2017 (DLT White Papers). These are among the first documents issued by a Hong Kong regulator to contemplate the legal issues and challenges that may arise from the use of blockchain, and can be summarised in seven broad categories:

• the validity and enforceability of digitised documents and digital signatures;
• data protection and privacy (eg, the accessibility of data in DLT platforms, the immutability of stored data, and implications for data due to the cross-border nature of DLT);
• cross-border and localisation issues (eg, cross-border data flow and data localisation);
• the validity and enforceability of smart contracts;
• liability associated with participation in DLT platforms (eg, data breaches and hacking);
• competition/antitrust laws (eg, fair competition and antitrust practices); and
• legal issues in specific applications (eg, trade finance, mortgages/e-conveyancing and asset management).

Blockchain has already caught the attention of the Hong Kong government (especially in the context of cryptocurrencies). Given the growing number of businesses that are keen to leverage the technology, the Hong Kong Legislative Council is expected to introduce new laws and regulations specifically addressing blockchain and cryptocurrencies.

In May 2021, the FSTB published the conclusions of its public consultation on proposals to enhance Hong Kong’s AML/CTF regime. These include a new licensing regime that will bring VASPs within the regulatory ambit of the SFC under the AMLO (see 2.2 International Standards for the definition of VASPs). The major licensing requirements proposed to be fulfilled by VASP applicants are as follows:

• the applicant must be incorporated in Hong Kong or be a non-Hong Kong incorporated company registered in Hong Kong under the Companies Ordinance;
• the applicant and its responsible officers and ultimate owners must satisfy the fit-and-proper test applicable to other financial institutions under the AMLO;
• the applicant must appoint at least two responsible officers to assume the general responsibility of ensuring compliance and to be held personally accountable in case of non-compliance or contravention;
• the applicant must fulfil the AML/CTF requirements under Schedule 2 of the AMLO, which prescribes certain requirements relating to customer due diligence and record-keeping; and
• the applicant must possess the technological capacity and know-how to operate the VA exchange.

There is no exemption regarding the VASP licensing requirements, except for VA exchanges that are already regulated as a licensed corporation under the existing opt-in regime.

In addition, it is proposed that VASP licensees should be regulated under the AMLO by essentially the same standards as those for exchanges licensed under the opt-in regime of the SFC. VASP licensees may also be required to comply with additional SFC licensing conditions, including only offering services to professional investors, meeting a minimum paid-up share capital requirement, having a proper corporate governance structure and following specified auditing and disclosure requirements.

Laws and Regulations on Cryptocurrencies

There is no specific regulatory regime applicable to market participants using cryptocurrencies, and no retrofitting existing regulatory regime applicable to market participants using cryptocurrencies, apart from the operation of cryptocurrency exchanges on which security tokens are traded and the abovementioned proposed VASP licensing regime.

The SFO’s existing regulatory regime would apply if the specific cryptocurrencies were deemed to fall within the SFO’s “securities” definition. For example, such cryptocurrencies are required to be dealt through intermediaries that are licensed by the SFC, and an offering memorandum must be published when such cryptocurrencies are offered, unless an exemption applies. In addition, where a VA trading platform operating in Hong Kong facilitates the trading of a security token, being a VA that falls within the SFO’s “securities” definition, the platform operator must be licensed and regulated by the SFC; see 4.4 Regulation of Markets. Nonetheless, the Joint Circular specifies that all relevant entities are expected to comply with all the regulatory requirements imposed by the SFC and the HKMA when providing VA dealing services, regardless of whether or not the VAs involved are securities.

Please also refer to Laws and Regulations on Blockchain/DLT above in respect of the proposed regulatory regime for VASPs.

In general, international standards applicable to blockchain/VA sectors – such as the updated FATF Recommendation 15 and its associated Interpretative Note (Recommendation 15), and Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers – have only been partially applied in Hong Kong.

Licensing/Registration Requirements

Hong Kong did not adopt the licensing and registration recommendations in Recommendation 15, which states that, generally, VASPs are required to be licensed or registered in the jurisdiction in which they are created.

The definition of VASPs under the FATF Recommendations captures persons who conduct one or more of the following activities:

• exchange between “virtual assets” and fiat currencies; “virtual assets” is defined as any digital representation of value that can be traded or transferred, or used for payment, and will include digital coins (eg, bitcoin), utility tokens (eg, Gotem) and asset-backed security tokens (eg, DIAM);
• exchange between one or more forms of VAs;
• transfer of VAs (ie, moving a VA from one VA address or account to another);
• safekeeping and/or administration of VAs or instruments enabling control over VAs; and
• participation in and provision of financial services related to an issuer’s offer and/or sale of a VA.

The regulatory ambit in Hong Kong is much narrower than the FATF Recommendations.

However, please refer to 2.1 Regulatory Overview regarding the proposed regulatory regime for VASPs, the Joint Circular and the HKMA Circular.

Securities

As set out in 2.1 Regulatory Overview, only VAs that are “securities” are currently subject to regulatory supervision and scrutiny by the SFC, which has made it clear that it does not regulate VAs that do not fall under the definition of “securities”. However, the Joint Circular will bring all cryptocurrencies within the SFC’s regulatory purview, regardless of whether they are “securities” or not.

The SFC admitted in a key findings report issued in November 2019 that its current regulatory framework for VA portfolio managers, fund distributors and trading platform operators “is not sufficient for fully complying with the revised Recommendation 15 of the FATF.”

Crypto-fiat/fiat-crypto/crypto-crypto exchange platforms

There is no licensing or registration requirement for crypto-fiat/fiat-crypto/crypto-crypto exchange platforms in Hong Kong. Under the AMLO, a person must obtain a money service operator licence (MSO Licence) from the Hong Kong Customs and Excise Department (HKCED) if they wish to engage in “money services” in Hong Kong. “Money services” means money changing services (ie, the exchange of currencies operated in Hong Kong as a business) and/or remittance services.

As per the explanation set out in 2.1 Regulatory Overview, bitcoin or other similar coins are not recognised as “money”, “currencies” or “legal tender”. These exchange platforms are also not specifically caught under the MSO Licence regime.

Therefore, crypto-fiat/fiat-crypto/crypto-crypto exchange platforms currently fall outside the regulatory ambit under Hong Kong law, provided that the cryptocurrencies are not asset- or security-backed.

However, please refer to 2.1 Regulatory Overview regarding the proposed regulatory regime for VASPs.

AML/CTF Requirements

Under the FATF Recommendations, in identifying, assessing and understanding money laundering and terrorist financing (ML/TF) risks emerging from VA activities and VASPs, jurisdictions should continue to apply a risk-based approach to ensure that measures are taken to prevent potential ML/TF risks. The FATF Recommendations also expect VASPs to conduct internal ML/TF risk assessments, taking into account the services each VASP offers, the geographical scope of such services, the customer channel and types, and the types of VAs that are being dealt with.

Hong Kong is generally compliant with the FATF’s AML/CTF recommendations and international standards. In particular, Hong Kong is commended for its AML/CTF efforts in the FATF’s assessment of the compliance and effectiveness of Hong Kong’s AML/CTF regime against international standards (see the Mutual Evaluation Report on Hong Kong in September 2019).

The AML/CTF regime in Hong Kong does not currently impose any specific AML/CTF requirements on VASPs. However, in May 2021 the FSTB published the conclusions of its public consultation on proposals to enhance Hong Kong’s AML/CTF regime. These include a new licensing regime to bring VASPs within the SFC’s regulatory ambit under the AMLO (see 4.3 KYC/AML).

The most relevant regulatory bodies are the HKMA and the SFC. Each regulator is increasingly active in the VA space, as shown by the release of the Joint Circular and the HKMA Circular (see 1.3 Decentralised Finance Environment).

The HKMA does not currently regulate VAs such as bitcoin, which it regards as a “virtual commodity” rather than legal tender, a means of payment or money. This means that Hong Kong’s banking laws and regulations do not apply to an entity accepting, or dealing in, VAs, unless the entity is an “authorised institution” (AI) (ie, a licensed bank, a restricted licence bank or a deposit-taking company).

The HKMA Circular provides that:

• AIs must be aware of ongoing international developments, including those of international forums and standard-setting bodies;
• AIs should ensure that their VA activities do not breach applicable laws and regulations in Hong Kong or other jurisdictions, and should seek necessary legal advice;
• AIs should identify and understand all risks before carrying out any VA activities, and should manage and mitigate such risks in light of any legal and regulatory requirements; the HKMA Circular highlights prudential supervision, AML/CTF and financial crime risks and investor protection; and
• AIs proposing to carry out VA activities should discuss this with the HKMA and obtain its feedback on the suitability of the AI’s risk management controls before offering VA products or services.

As stated above, the Joint Circular widens the regulatory reach of the SFC beyond “securities” and “futures contracts” as defined in the SFO to all VAs.

Please also refer to 2.1 Regulatory Overview regarding the proposed regulatory regime for VASPs.

Several Hong Kong industry trade groups help to steer policy and develop interest in the blockchain and fintech ecosystems, and the development thereof. These are a mix of quasi-governmental and non-governmental organisations that help to develop the blockchain and fintech communities in Hong Kong by way of education, community building and innovation development. They regularly publish white papers and help to develop industry best practices on blockchain adoption and fintech use cases/new developments.

There is limited judicial consideration of the use of blockchain technology and the status of cryptocurrencies in Hong Kong.

As Hong Kong adopts the common law system, judicial cases (particularly English cases) are of high persuasive value in Hong Kong. In particular, English courts have recognised cryptocurrencies as property under English law (see AA and Persons Unknown & Others, Re Bitcoin [2019] EWHC 3556 (Comm), where the High Court of England and Wales granted a proprietary injunction sought by the applicant insurance company on the basis that cryptocurrencies constitute property under English law, and are therefore capable of being the subject of interim proprietary injunctions). This decision is consistent with the legal statement issued by the UK Jurisdiction Taskforce on crypto-assets and smart contracts in November 2019, which confirmed that crypto-assets have all of the indicia of property and should therefore be – in principle – treated as property.

Hong Kong's Position

It is not yet certain whether Hong Kong courts will adopt the English law position. However, the Hong Kong courts have had a case involving cryptocurrency (Nico Constantijn Antonius Samara v Stive Jean Paul Dan [2019] HKCFI 2718 and [2021] HKCFI 1078), in which the Hong Kong Court of First Instance granted a Mareva injunction to freeze the assets of a French cryptocurrency trader concerning the disputed ownership of bitcoins, and granted a further proprietary injunction in respect of such assets. The injunctions restrained the defendant from disposing of assets valued at over USD2.6 million, including bitcoins, in the face of competing claims to their ownership.

Even though this case did not explicitly address the question of whether the ownership of bitcoins and other cryptocurrencies constitutes a property right that is enforceable under Hong Kong law, the court’s approach to remedy is arguably to treat the underlying bitcoins as a form of property. Further guidance on this issue is anticipated from the Hong Kong courts in the future.

No Hong Kong regulator has taken any enforcement action regarding the use of blockchain; in fact, regulators encourage organisations to adopt blockchain technology, particularly in the financial sector. It is also used in government-commissioned projects (eg, the HKMA’s eTradeConnect Platform in 2018).

However, regulators are cautious regarding VAs and participation in initial coin offerings (ICOs) and security token offerings (STOs). Regulators are also expected to become more proactive in terms of enforcement when the proposed licensing regime for VASPs is enacted (see 2.1 Regulatory Overview).

Virtual Commodities

No Hong Kong regulator has taken any enforcement action in respect of virtual commodities. However, the Hong Kong government, the HKMA, the SFC and the Hong Kong Police Force have issued numerous public warnings concerning the trading of virtual commodities, including bitcoins.

Security-Backed VA

In February 2018, the SFC wrote to seven cryptocurrency exchanges in Hong Kong, warning them that they should not trade cryptocurrencies that are “securities” without a licence. Most of these cryptocurrency exchanges either confirmed that they did not provide trading services for such cryptocurrencies or took immediate rectification measures, including removing the relevant cryptocurrencies from their platform. The SFC may take further enforcement action against these exchanges if they are found to be trading in cryptocurrencies that are “securities”.

ICOs

In March 2018, the SFC took enforcement action against Black Cell Technology Limited, an ICO issuer, due to its concerns that Black Cell had engaged in potential unauthorised promotional activities and unlicensed regulated activities. The SFC found that Black Cell promoted an ICO to sell digital tokens to investors through its website, which was accessible by the Hong Kong public, with the pitch that the ICO proceeds would be used to fund the development of a mobile application, and that holders of the tokens would be eligible to redeem shares in Black Cell.

The SFC considered that Black Cell’s activities may constitute a collective investment scheme and, therefore, a regulated activity that Black Cell is not authorised to conduct without an SFC licence. As a result, Black Cell halted its ICO to the Hong Kong public and agreed to unwind ICO transactions for Hong Kong investors by returning the relevant tokens.

It is therefore clear that the SFC scrutinises ICOs heavily.

STOs

As far as is known, no regulator has taken enforcement action regarding STOs. However, the SFC published a statement in 2019 on STOs to clarify that security tokens that are digital representations of the ownership of assets (eg, real estate) or economic rights (eg, share of profits or revenue) are likely to be “securities”. Therefore, any person marketing and distributing security tokens is subject to the SFO requirements, including licensing requirements. It is anticipated that the SFC will take enforcement action against those who fail to comply with these requirements. It is possible to structure token offerings to avoid tokens being “securities”.

The SFC, the HKMA and the Insurance Authority have implemented the following regulatory sandboxes for fintech businesses in general (including firms that utilise blockchain technology in their business initiatives):

• for banks and technology firms with fintech initiatives: Fintech Supervisory Sandbox (FSS) (established in 2016 by HKMA as part of its seven initiatives for smart banking) – pilot trials of 236 fintech initiatives were allowed in the FSS up to the end of January 2022;
• for organisations offering regulated securities activities: SFC Regulatory Sandbox (established in September 2017 by the SFC) – these organisations are subject to close supervision and dialogue with the SFC on compliance with the SFO; and
• for authorised insurers: Insurtech Sandbox (established in September 2017 by the Insurance Authority).

Hong Kong's tax authority (the Hong Kong Inland Revenue Department – IRD) issued the revised Departmental Interpretation and Practice Notes No 39 (DIPN 39) on 27 March 2020 to set out its views on applying the existing taxation regime to cryptocurrency. However, the DIPN 39 is not legally binding. The IRD’s position can be summarised as follows.

Categorisation of Digital Assets for Hong Kong Tax Purposes

The IRD clarified the categorisation of digital assets for Hong Kong tax purposes. Digital assets (including cryptocurrencies) include the following categories:

• payment tokens – used as a means of payment for goods or services and encompass cryptocurrencies; they do not provide the holder with any rights or access to goods or services;
• security tokens – provide the holder with particular interests and rights in a business; they represent ownership interests in the business, a debt due by the business or an entitlement to a share of profits in the business; and
• utility tokens – provide the holder with access to particular goods or services that are typically provided using a blockchain platform; the token issuer would normally commit to accepting the tokens as payment for the particular goods or services.

ICOs

The IRD will review any underlying ICO documents to examine any rights and benefits attached to the tokens. For the issuer, the tax treatment of the proceeds from an ICO generally follows from the attributes of the tokens issued.

Digital Assets Bought for Long-Term Investment Purposes

If digital assets are bought for long-term investment purposes, any profits from disposal would be capital in nature, and the IRD deems such profits not to be subject to profits tax. Whether the digital assets are capital assets or trading stock must be considered on the basis of the facts and circumstances, where well-established tax principles like the “badges of trade” would continue to apply, and the intention at the time of the acquisition of the assets is always relevant.

Cryptocurrency Business

DIPN 39 recognises that common business activities involving cryptocurrency include the trading of cryptocurrency, the exchange of cryptocurrency and mining. Whether these activities amount to the carrying on of a trade or business is a matter of fact and degree to be determined upon a consideration of all the circumstances. Relevant considerations include factors such as the degree and frequency of the activity, the level of system or organisation (ie, whether the activity is undertaken in a business-like manner) and whether the activity is done for the purpose of making a profit.

Hong Kong-sourced profits from cryptocurrency business activities are subject to profits tax. The broad guiding principle (ie, determining the person’s relevant operations that produced the profits in question and the place where those profit-generating operations were carried out) will be applied to determine the source of the profits arising from cryptocurrency transactions.

Any amount of a cryptocurrency via an event such as an airdrop or a blockchain fork in the course of a cryptocurrency business is to be regarded as a receipt of the business and would be assessed accordingly.

Cryptocurrency Used for Business Transactions

Transactions involving cryptocurrencies should be accrued based on the prevailing market value as of the date of the transaction.

Cryptocurrency Received as Employment Income

The same salaries tax treatment would apply to the remuneration in cryptocurrency received by employees where the amount to be reported as the employee’s employment income should be the market value of the cryptocurrency at the time of accrual.

The Hong Kong government is currently looking to release detailed proposals on how it will regulate the cryptocurrency sector to better conform with international anti-money laundering norms. In addition, the HKMA and SFC actively look into, and issue guidance papers in relation to, blockchain benefits and case use studies (and more recently regulations in the case of the SFC).

Questions of the ownership and transfer of a digital asset will depend on whether the digital asset is deemed to be “property” under Hong Kong law.

This issue has not yet been considered in depth in Hong Kong (although see 2.5 Judicial Decisions and Litigation). Under common law, property is deemed to be either real or personal property. All personal properties are either a chose in possession (tangible property) or a chose in action (an enforceable legal right).

A digital asset does not necessarily fit neatly into these categorisations as it might only be constituted as data on a distributed ledger or blockchain. Where a holder of a digital asset is given a right, Hong Kong courts should regard such a right as a form of property. In 2019, the Singapore International Commercial Court held in B2C2 Ltd v Quoine Pte Ltd [2019] SGHC(l) 3 that virtual currencies were property. Similarly, in 2012 the Chancery Division of the High Court of England and Wales held in Armstrong DLW GmbH v Winnington Networks Ltd [2012] EWHC 10 (Ch) that European Union carbon trading allowances were property.

If Hong Kong follows these approaches and considers a digital asset as property, the ownership and transfer of a digital asset should be consistent with the ownership and transfer of other intangible property.

On 6 November 2019, the SFC published a position paper stating that a “security token” is a VA that falls within the definition of “securities” in the SFO.

Although the term “utility token” is not defined under Hong Kong law, the distinctions between digital assets treated as “securities”, “commodities” or other types of assets are reasonably straightforward for market participants to determine. The term “commodity” is defined in the Commodity Exchanges (Prohibition) Ordinance (Cap 82) to refer to an exhaustive list in the Schedule, such as gold and coffee.

The HKMA’s stance is that a cryptocurrency is not a currency or legal tender but rather a VA. Similarly, the SFC considers cryptocurrencies and tokens to be virtual commodities or VAs, which are not specifically regulated instruments. Both the HKMA and the SFC have adopted a technology-neutral approach and seek to regulate cryptocurrencies including stablecoins and related activities based on their existing regulatory frameworks.

Currently, there are no laws or regulations that are specific to stablecoins or cryptocurrencies. However, where a stablecoin displays features of an item under the current regulatory frameworks, it is subject to those regulations. No distinctions have been made between stablecoins backed by deposits of fiat currency and “algorithmic” stablecoins that use a formula to maintain their peg.

Furthermore, depending on the nature of the specific stablecoin and the proposed role of the issuer, service providers and participants of the specific stablecoin, the following activities may require regulatory licensing, registration and/or authorisation:

• where there is an element of taking a deposit (or receiving a loan) from another person, the business may be regulated as a deposit-taking company by the HKMA;
• if there is any form of negotiation, arrangement or facilitation of currency trading and/or a deposit or loan involving a bank, the relevant person would require HKMA approval;
• if the stablecoin or any related product resembles a stored value facility that may be used for storing the value of an amount of money in the context of making payments for goods or services involving the issuer, it would be regulated as a stored value facility by the HKMA under the Payment Systems and Stored Value Facilities Ordinance (Cap 584) (PSSVFO);
• if there is a clearing and settlement system or retail payment system that is of such materiality as to be designated for regulatory supervision, it would be regulated as a designated retail payment system by the HKMA under the PSSVFO; and
• if there is any form of loan, credit or lending facility involved, the relevant persons would be regulated as money lenders under the Money Lenders Ordinance (Cap 163).

Hong Kong allows payments to be made with cryptocurrencies, with no notable limitations on the use of cryptocurrencies for payment purposes. As a matter of fact, there are already businesses accepting cryptocurrencies as a form of payment in Hong Kong, ranging from telecommunications service providers to small-sized enterprises.

Currently, there are no laws or regulations specific to the creation, marketing or sale of NFTs. Both the HKMA and the SFC have adopted a technology-neutral approach and seek to regulate cryptocurrencies including stablecoins and related activities based on the existing regulatory framework. However, the marketing or sale of NFTs may be regulated if they constitute “securities” or “futures contracts” under the current regime or, pursuant to the Joint Circular, in future, whether or not they constitute “securities” (see 2.1 Regulatory Overview).

Hong Kong currently has only one licensed digital asset exchange, although another digital asset financial services group in Hong Kong recently announced that it has secured an approval-in-principle from the SFC.

The SFC does not currently accept licence applications from decentralised exchanges; however, cryptocurrencies do not currently fall under the definition of “securities” and as such their trading is not yet a regulated activity in Hong Kong. However, as stated in 2.1 Regulatory Overview, it is proposed that Hong Kong will have a new licensing regime that will bring VASPs within the regulatory ambit of the SFC under the AMLO (whether or not they are markets for digital asset securities, for non-security digital assets or for NFTs). Pursuant to the Joint Circular, intermediaries will only be able to partner with SFC-licensed VA trading platforms to provide VA dealing services, either when introducing clients to the platform for direct trading or establishing an omnibus account with the platform. This currently covers SFC-licensed trading platforms. However, this should also apply to trading platforms licensed by the SFC under the incoming VASP regime.

Several Hong Kong cryptocurrency exchanges allow for deposits in fiat currency to be exchanged and spent on cryptocurrencies. Some exchanges even allow cryptocurrency purchases via credit cards on their platforms.

Cryptocurrency-to-cryptocurrency exchanges are similarly easily made in Hong Kong by way of these same VA exchange services.

However, given that a cryptocurrency is not deemed to be a currency or money, a cryptocurrency exchange may not be considered a “money service operator”, which would require an AMLO licence. The MSO regime also does not currently contemplate fiat-crypto/crypto-crypto transactions.

There is currently no KYC/AML legislation that applies specifically to VA transactions and VASPs. Instead, VA transactions will invariably engage rules in the existing KYC/AML regime in Hong Kong. However, as discussed in 2.1 Regulatory Overview, in May 2021 the FSTB published the conclusions of its public consultation on proposals to enhance Hong Kong’s AML/CTF regime. These include a new licensing regime to bring VASPs within the regulatory ambit of the SFC under the AMLO.

Any person seeking to operate a VA exchange in Hong Kong will need to apply for a licence from the SFC. This will include any exchange that operates outside of Hong Kong but actively markets to the Hong Kong public.

Licensed exchanges will only be able to provide services to professional investors (high net worth and institutional investors).

There will be a 180-day transitional period from the beginning of the licensing regime during which exchange operators can apply for licences.

Legislation

The KYC/AML regime in Hong Kong is comprised of a suite of legislation, including:

• the AMLO;
• the Drug Trafficking (Recovery of Proceeds) Ordinance (Cap 405);
• the Organised and Serious Crimes Ordinance (Cap 455); and
• the United Nations (Anti-Terrorism Measures) Ordinance (Cap 575).

Circulars, Guidelines and FAQs

The KYC/AML regime is also supplemented by circulars, guidelines and FAQs issued by regulators in the financial services space. By way of illustration, these regulators include:

• the HKMA (for licensed banks, licensed virtual banks and stored value facility licensees);
• the HKCED (for money service operator licensees);
• the Companies Registry (for money lender licensees);
• the SFC (for securities intermediaries); and
• the Insurance Authority (for insurers and other insurance-related intermediaries).

These circulars, guidelines and FAQs are only intended to show how regulators interpret the KYC/AML rules. They are also intended to assist respective licensees in complying with the requisite AML/CTF requirements. They are not legally binding, but non-compliance may expose these licensees to the risk of breaching their respective licensing conditions and also the relevant statutory KYC/AML requirements.

Actions to Be Taken

In summary, an organisation (including a VASP) should take the following actions:

• designing and implementing internal KYC/AML policies, procedures and controls to manage and mitigate ML/TF risks. Organisations should only take AML/CTF measures commensurate with the risks identified to manage and mitigate them effectively;
• conducting institutional ML/TF risk assessments to identify, assess and understand its ML/TF risks in relation to:
1. its customers;
2. jurisdictions that its customers are from or in;
3. the jurisdictions in which the organisation has operations; and
4. the products, services, transactions and delivery channels of the organisations;
• designing and implementing an appropriate customer risk assessment framework (for risks associated with proposed customer relationships), having regard to the following customer risk factors:
1. country risk factors; or
2. product, service, transaction or delivery channel risk factors;
• customer due diligence measures – financial institutions and designated non-financial businesses and professions (eg, solicitors, accountants, trust companies) are required to perform customer due diligence in specific situations (eg, at the outset of business relationships, or before performing any occasional transaction valued at HKD120,000 or more, or if a customer/account is suspected of being involved in ML/TF);
• continuous monitoring of customer activities – institutions should particularly identify transactions that are complex, large or unusual, and examine the background and purposes of these transactions; and
• suspicious transaction reports – institutions are required to report to the relevant authorities (eg, the Joint Financial Intellectual Unit) if they know or suspect that property represents the proceeds of crime or terrorist property. Failure to report may be a criminal offence.

There is no specific regulation of markets for digital assets; see 2.3 Regulatory Bodies.

Type 1 and Type 7 Licences

The SFC has announced that where a VA trading platform (platform operator) operating in Hong Kong facilitates the trading of at least one security token that is a VA falling within the definition of “securities” under the SFO, the platform operator may obtain a Type 1 (dealing in securities) and a Type 7 (providing automated trading services) licence under the SFO, permitting the carrying out of the relevant activities with respect to VAs.

The SFC expects a platform operator to be capable of meeting robust regulatory standards comparable to those applicable to licensed securities brokers and automated trading venues, but also to incorporate additional requirements to address specific risks associated with VAs. For example, the SFC will impose licensing conditions requiring platform operators to offer their services exclusively to professional investors, to only serve clients who have sufficient knowledge of VAs and to maintain stringent criteria for the inclusion of VAs on their platforms.

SFO Authorisation

The SFC has also stated that any platform offering VAs that are considered “futures contracts” under the SFO must be licensed or authorised under the SFO, unless an exemption applies. Given that the SFC has not licensed or authorised any person in Hong Kong to offer or trade VA futures contracts, and imposing a term under the proposed “Terms and Conditions for Virtual Asset Trading Platform Operators” for granting a licence that prohibits the offering, trading or dealing of VA futures contracts or related derivatives, it is unlikely that a VA trading platform would be able to offer VA futures contracts or related derivatives in the near future.

Regulatory limits on the ability of a digital asset exchange to re-hypothecate only apply for platform operators that facilitate the trading of security tokens.

Risks

Under its position paper on the “Regulation of Virtual Asset Trading Platforms” and the published “Licensing Conditions and Terms and Conditions for Virtual Asset Trading Platform Operators”, the SFC addresses the risk for platform operators trading VAs as principal dealers trading their own book. To avoid any conflict of interest, the platform operator is not permitted to engage in proprietary trading or market-making activities on a proprietary basis. This will include any re-hypothecation of client VAs. The SFC also requires the platform operator to have written policies governing employee dealings in VAs to eliminate and avoid potential or actual conflicts of interest.

Internal Policies and Governance

Platform operators should also establish and implement written internal policies and governance procedures to ensure that they would not deposit, transfer, lend, pledge, repledge or otherwise deal with or create any encumbrance over the VAs of a client except for the settlement of transactions, and fees and charges owed by the client to the exchange operators in respect of relevant activities carried out by the exchange operators on behalf of the client or in accordance with the client’s written instructions.

These requirements do not apply to VA platform operators or exchanges that deal with non-security digital tokens or coins only.

There are regulations applicable to the custody of security tokens by platform operators generally, including the use of hot and cold wallets.

Under the SFC’s position paper on the “Regulation of Virtual Asset Trading Platforms” and the published “Licensing Conditions and Terms and Conditions for Virtual Asset Trading Platform Operators”, platform operators should hold client digital assets on trust through a company (associated entity) that:

• is an “associated entity” of the platform operator under the SFO;
• is incorporated in Hong Kong;
• holds a “trust or company service provider licence” under the AMLO; and
• is a wholly owned subsidiary of the platform operator.

Hot and Cold Wallets

The SFC requires both the platform operator and the associated entity to store at least 98% of client VAs in cold wallets, and to limit the holdings of client VAs in hot wallets to not more than 2%. The SFC also requires the platform operator and the associated entity to minimise transactions out of the cold wallet in which a majority of the client assets are held.

Insurance

The SFC will also require the platform operator to ensure that an insurance policy covering the risks associated with the custody of VAs held in both hot storage (full coverage) and cold storage (substantial coverage – eg, 95%) is in effect at all times.

In addition, in respect of the custody of digital assets generally, the platform operator and the associated entity are required to:

• implement written internal policies and governance procedures to ensure compliance with requirements concerning the custody of client VAs;
• implement detailed procedures to deal with events such as hard forks or air drops from an operational and technical point of view;
• have adequate processes in place for handling requests for deposits and withdrawals of client VAs to guard against loss arising from theft, fraud and other dishonest acts, professional misconduct or omissions; and
• set up and implement strong internal controls and governance procedures for private key management to ensure all cryptographic seeds and keys are securely generated, stored and backed up.

These requirements do not apply to custodians/VA platform operators that offer hot and cold wallet solutions to non-security tokens or coins only.

The creation and sale of digital tokens as part of an ICO or STO might be regarded as “securities” activities.

In September 2017, the SFC stated that digital tokens offered in an ICO might be regarded as “securities”, and would therefore be subject to the SFO requirements in that:

• tokens might be considered to be “shares” if they represent equity or ownership interests in a corporation (eg, the right to receive dividends and the right to participate in the distribution of the corporation’s surplus upon winding up);
• tokens might be considered to be “debentures” if they are used to create or to acknowledge debt or liability owed by an issuer; and
• tokens might be considered to be an interest in a “collective investment scheme” if the token proceeds are managed collectively by the ICO scheme operator to invest in projects with an aim of enabling token holders to participate in a share of the returns provided by the project.

Parties that engage in regulated activities will be required to obtain the requisite licences from the SFC (eg, a Type 1 licence for dealing in securities, which facilitates such activities with respect to VAs).

In March 2019, the SFC stated that security tokens that represent the ownership of assets (eg, gold or real estate) or economic rights (eg, share of profits) are “securities” under Hong Kong law. Entities seeking to deal in security tokens must offer security tokens to “professional investors” only, and should obtain a Type 1 licence (dealing in securities) under the SFO, which facilitates dealing in VAs.

In January 2022, the Joint Circular stated that although not all digital assets would be “securities” under the SFO and would therefore ordinarily be considered to be outside the regulatory remit of the SFC, the SFC would expect intermediaries to comply with the regulatory requirements for dealing in securities, regardless of whether or not the digital assets are actually securities.

Under the SFO, if an intermediary digital asset exchange platform offers at least one security token on its platform, it can apply for a Type 1 (dealing in securities) licence and a Type 7 (providing automated trading services) licence under the SFC’s opt-in licensing mechanism, each for VAs. The exchange platform will be placed into the SFC Regulatory Sandbox. If licensed, it will be required to comply with the licensing conditions and terms and conditions under “Licensing Conditions and Terms and Conditions for Virtual Asset Trading Platform Operators” (custody of client assets, maintaining appropriate risk management measures, etc).

In Hong Kong, there are no specific regulations applicable to distributions of tokens via an airdrop or similar mechanism that does not necessarily involve a purchase.

Even though a token can be distributed for reasons other than its purchase, the focus would still be on its legal nature or regulatory implications. For example, tokens distributed via an airdrop or a similar mechanism may still be considered as “securities” or “futures contracts” and require registration with the SFC, depending on the particular facts and circumstances.

Moreover, even if tokens are distributed freely, regulatory limitations may be imposed on the type of activity the token is seeking to promote. For instance, if the token is being freely distributed using an airdrop to encourage people to play a game, it could constitute gambling, which is restricted in Hong Kong.

Apart from airdrops, bounty programmes (earndrops) are also common in Hong Kong. They are often used to reward individuals or communities with tokens for performing ancillary tasks to the core activities of the technical teams (such as designing logos, finding bugs or promoting the project). Similar to airdrops, there are no specific regulations applicable to such programmes in Hong Kong; whether or not they fall within one of the existing regulated or licensed activities would, again, depend on the legal nature and regulatory implications.

Managing investment funds or collective investment schemes is a Type 9 (asset management) regulated activity under the SFO, so the regulation of the management of digital assets is primarily governed by the SFC. The degree of regulation applicable to relevant investment fund vehicles involving digital assets would largely depend on whether the digital assets in such vehicles, as an asset class, would fall under the definition of “securities” or “futures contracts” under the SFO. Digital assets would be “securities” if they carry the same features as any type(s) of financial instruments listed in Part 1 of Schedule 1 to the SFO, which include shares, stocks, bonds and/or interests in collective investment schemes.

In circumstances where the digital assets are “securities” or “futures contracts”, the management of investment funds or collective investment schemes investing in such digital assets (a Digital Assets Fund) would require a licence for Type 9 (asset management) regulated activity. Moreover, any activities relating to a Virtual Assets Fund will be subject to oversight from the SFC through the imposition of specific licensing conditions, subject to a de minimis exemption.

Virtual Asset Fund Managers

Firms managing or intending to manage a VA Fund (VA Fund Managers) must inform the SFC of such activity. Upon assessing the relevant transactions and discussing with the relevant firms, the SFC will impose specific terms and conditions for the VA Fund Manager to follow when it manages a VA Fund. The terms and conditions are largely principles-based and will vary in respect of each firm in light of its particular business model to ensure that such terms and conditions are reasonable and appropriate.

The terms and conditions may cover areas such as disclosure requirements for prospective investors, specific requirements on the safekeeping of digital assets, portfolio valuation, risk management and/or minimum liquid capital requirements.

Digital Assets Fund Managers may rely on the de minimis exemption if they do not wish to be subject to the terms and conditions. A de minimis exemption means the fund solely intends to invest less than 10% of the gross asset value of the portfolios under its management in VAs.

Investment Funds/Schemes

Where the underlying VAs are not “securities” or “futures contracts” as defined under the SFO, the management of investment funds or collective investment schemes investing in such VAs shall not amount to Type 9 (asset management) regulated activity, although their distribution would still amount to Type 1 (dealing in securities) regulated activity.

In this regard, in addition to compliance with the standard fit and proper requirement and suitability obligations under the SFC Code of Conduct, firms should also observe the following additional requirements when distributing such VA fund products in Hong Kong.

Firms should only distribute to professional investors as defined under the SFO. They should assess whether the prospective investor has knowledge of investing in VAs or related products prior to effecting the transaction on their behalf. If the investor does not, firms may only proceed to effect the transaction if, by so doing, they would be acting in the best interests of the investors.

Firms must conduct proper due diligence on such VA products and develop an in-depth understanding of the products, the fund manager and the counterparties to the fund. They should also provide sufficient information in a clear and easily comprehensible manner, so that investors can make informed investment decisions.

Dealing activity is a Type 1 (dealing in securities) regulated activity under the SFO, and regulations on dealing activities in VAs are primarily governed by the SFC.

On the other hand, the existing VASP voluntary opt-in regime also allows those entities that operate a centralised VA trading platform in Hong Kong and offer trading of at least one security token to apply for a licence from the SFC. Once the mandatory regulatory regime for VASPs is implemented (see 2.1 Regulatory Overview), the operation of a VA exchange or platform will be a regulated VA activity under the AMLO, and will thus require a VASP licence from the SFC.

Smart contracts are currently not expressly recognised in any Hong Kong statutes, regulations or judicial decisions. The HKMA issued a whitepaper on DLT in 2017, in which the legal issues and liabilities of leveraging smart contracts were discussed. For instance, using a smart contract within explicit or carefully drafted contractual terms could cause uncertainty and disputes, and thus affect the enforceability of such a contract. However, a number of common law jurisdictions, such as the UK and Singapore, have expressly recognised the usage of smart contracts as an enforceable contract that is legally binding. It will therefore not be surprising if Hong Kong also takes a similar approach in recognising the application of smart contracts locally in the near future.

Currently, there is no legislation or case law authority suggesting that developers of blockchain networks or the code running on these networks may be held responsible for losses arising through the use of such software on the grounds that the developers would be considered fiduciaries of their clients.

There is currently no legislation that prohibits DeFi platforms from operating in Hong Kong, but they may be subject to applicable licensing requirements, depending on the context in which DeFi platforms operate.

If the DeFi platforms facilitate the trading of security tokens (including matching borrowers and lenders of security tokens), they may obtain a Type 1 (dealing in securities) and a Type 7 (providing automated trading services) licence from the SFC. The exchange platform will be placed into the SFC Regulatory Sandbox. However, the SFC does not regulate DeFi platforms that only facilitate the trading of non-security tokens.

If the business of the DeFi platform is to make loans, or if the DeFi platform advertises itself as one that makes loans, the DeFi platform may be required to obtain a money lender’s licence under the Money Lenders Ordinance (Cap 163).

Please also refer to 1.3 Decentralised Finance Environment.

Under Hong Kong law, a security interest can only be taken over property. The type of security that can be taken over a particular digital asset will depend on the nature of the digital asset. Hong Kong law recognises four types of consensual security: pledges, contractual liens, equitable charges and mortgages.

Pledges and contractual liens can only be created if it is possible to transfer possession of an asset. Since digital assets cannot be possessed, they cannot be the object of a pledge or contractual lien.

Security can arguably be taken over security and asset-backed tokens by way of a charge or mortgage, similar to how security would be taken over shares, but this is yet to be tested in Hong Kong.

Tokens as Property

It is unclear whether payment tokens and utility tokens are “property” and accordingly whether or not consensual security can be taken over them.

On the one hand, these tokens are arguably not “property” as they are not money, goods or land and they do not give personal rights over property that can be claimed or enforced by action or equity (ie, these tokens are not “choses in action”). No security interest can therefore be granted over them.

However, there are English cases that have clarified that bitcoins may be “property” (see 2.5 Judicial Decisions and Litigation), which in effect would allow for security to be taken over them. The UK Jurisdiction Taskforce also supports – in principle – that these tokens are “property”. As far as is known, there is no similar case law in Hong Kong but it would not be surprising if the Hong Kong courts were to give weight to the English position.

There are no requirements for a professional investor to transfer a VA in which it has invested to a custodian. Pursuant to the AMLO, subject to certain exemptions, a person carrying on a trust or company service in Hong Kong requires a Trust or Company Service Provider Licence. Such a licence is typically valid for three years, and requirements such as the fit and proper person tests must be passed (see 4.6 Wallet Providers).

Where blockchain service providers collect, use or process personal data from Hong Kong data subjects, the requirements of the Personal Data (Privacy) Ordinance (Cap 486) (PDPO) apply.

Under the PDPO, personal data is defined as any information relating to a living individual that can be used to identify that individual and existing in a form that makes access or processing practicable. This includes any direct or indirect identifiers – ie, information that may identify an individual in combination with other information held by the data user. In a blockchain context, this could apply to any information recorded on a blockchain as well as keys and wallet addresses.

The PDPO prescribes six major data principles (DPP) to ensure, among other things, that the personal data collected and processed by data users is securely stored, kept no longer than necessary, and used only for the purpose for which it is collected (unless the data subject consents). Data users are required to inform data subjects of certain information, such as the purpose of collection and to whom their data may be transferred, on or prior to collection. Data users are also required to take practical steps to safeguard this personal data from unauthorised use or access, and to make their personal data policies and practices known to the public. Data subjects can access and correct their data.

Accessibility of Some DLT Platforms

All nodes will have equal access to all stored personal data, regardless of whether they need to see the data. To comply with Data Protection Principle (DPP) 1, DLT platform participants should be informed about how the DLT platform stores its data in any event.

Immutability of Stored Data

As data cannot be amended or erased, this may contravene DPP 2, which requires data to be stored for no longer than necessary to achieve the data user’s legitimate purposes.

Cross-Border Transfers and Data Localisation

As participants of the DLT platform are from all around the world, the data of those participants in the DLT platform may be shared with other participants across the globe. Even though section 33 of the PDPO (ie, the provision that governs cross-border transfer) is not yet in force, the Privacy Commissioner for Personal Data has issued Guidance on Personal Data Protection In Cross-border Data Transfer (CDT Guidance). Data users are encouraged to adopt the practices recommended in the CDT Guidance as part of their corporate governance responsibility to protect personal data.

Data Subject Rights

DPP 6 provides data subjects with the right to access and correct their personal data that is held by a data user. Given the nature of DLT, every block in it is immutable. To comply with the PDPO, if a data subject wishes to amend such data, a new block can be created and this correction block must be chained to the original block.

See 8.1 Data Privacy.

There are no specific regulations governing the “mining” of cryptocurrencies in Hong Kong and, as far as is known, no Hong Kong governmental body has issued any guidance discouraging, restricting or prohibiting cryptocurrency mining activities.

However, mining activities may be regulated in certain circumstances. For instance, where mining is carried out using highly industrialised operations involving numerous application-specific integrated circuit computers, such mining activity may be considered as large-scale data centre operations, and thus be subject to data centre laws.

Outline Zoning Plans (OZPs)

Under OZPs prepared by the Town Planning Board (TPB) under the Town Planning Ordinance (Cap 131) (TPO), data centres fall within the definition of "Information Technology and Telecommunications Industries" (IT&T industries).

According to the Master Schedule of Notes adopted by the TPB:

• IT&T industries are expressly permitted in the following zones:
1. Commercial;
2. Industrial;
3. "Other Specified Uses" (OU) annotated as "Business";
4. OU annotated as "Industrial Estates"; and
5. OU annotated as "Mixed Use"; and
• while in a "Comprehensive Development Area" zone, "IT&T industries" require planning permission from the TPB.

Government Lease

The terms and conditions of a Government Lease might prohibit land from being used to mine cryptocurrencies. To conduct mining legally it would be necessary to obtain a waiver or lease modification from the Lands Department. A Lands Department scheme permits the conversion from existing industrial buildings in whole or in part for data centre use.

Occupation Permit

The building’s occupation permit prescribes the building’s permitted use. If using a building as a data centre constitutes a material change of use, an application would need to be made to the Buildings Authority.

Deed of Mutual Covenant (DMC)

A DMC might also restrict a building’s usage. Also, where large-scale mining activities involve mechanical and electrical installations, the owner or the operator of these installations should engage a Registered Energy Assessor to certify that such installations have complied with the Buildings Energy Efficiency Ordinance (Cap 610).

There are no specific regulations governing the “staking” of tokens in Hong Kong. As far as is known, no Hong Kong governmental body has issued guidance that discourages, restricts or prohibits the staking of tokens to secure a blockchain-based network using a “proof of stake” consensus protocol. In Hong Kong, there are businesses that provide staking services, but there are no accompanying regulations applicable to such a business model as yet.

In Hong Kong, the concept of DAOs is not as popular and widely adopted as NFTs and other crypto products.

In terms of regulation, and depending on their functions, features and implications, if DAO tokens fall within the definition of “securities” or “futures contracts” under the SFO, then any dealing or advising on such token activities will be considered regulated activities. Intermediaries conducting regulated activities regarding “securities” or “futures contracts” must also comply with the applicable licensing or registration requirements, and with the AML/CTF requirements of the AMLO. Moreover, if the underlying DAO fulfils all elements of a collective investment scheme (see 5.1 Initial Coin Offerings), it is an offence to issue an invitation to invest in the DAO, unless the invitation comes with the SFC’s authorisation or an exemption applies.

DAOs are governed by artificial intelligence in the form of self-executing smart contracts as opposed to articles of association for the governance of companies. The smart contract-encoded rules of a DAO can include using DAO tokens to buy things within the ecosystem like NFTs, digital magazine subscriptions or virtual land.

Once the DAO’s code is deployed onto the blockchain, it can only be changed by collective voting of all members. Voting rights typically accompany the tokens.

Given the flexibility and extendibility of the concept of DAOs, they may adopt a wide range of governance structures similar to those of companies, partnerships or even collective investment schemes. However, for the avoidance of doubt, the adaptation of a particular governance structure will not render or entitle the DAO to claim a legal recognition under the existing Hong Kong law. For instance, DAOs where token holders vote on key corporate matters are not entitled to be registered as companies at the Companies Registry.

The simple use of governance structures similar to legal entities, such as a company limited by shares, will not confer a separate legal identity upon a DAO in Hong Kong. Consequently, if a DAO generates losses, its investors could be held to be partners and personally liable. In light of this, some may argue that a DAO could be considered a partnership in the sense that DAO members might be held personally liable for the actions of the DAO under the general partnership regime. However, the precise adaptation of a DAO to Hong Kong’s partnership legal landscape – for instance, the relationship among the DAO members as opposed to partners – still needs to be examined and clarified.