Insight,

SFC Releases Detailed Virtual Asset Exchange Guidelines for Market Consultation

HK | EN
Current site :    HK   |   EN
Australia
China
China Hong Kong SAR
Japan
Singapore
United States
Global

On 20 February, the Hong Kong Securities and Futures Commission (SFC), the proposed regulator to oversee Hong Kong’s new virtual asset exchange licensing regime (VA Licensing Regime) released the eagerly awaited consultation paper (Consultation Paper) on the VA Licensing Regime.

The Consultation Paper sets out proposed regulatory requirements applicable to the VA Licensing Regime in the form of various draft guidelines (Regulatory Requirements). The SFC has invited market participants and interested parties to comment on the Regulatory Requirements by 31 March 2023.  

This alert gives you a snapshot of the key things you need to know about the Consultation Paper, and what it means for your business.   

It is structured as follows:

Please contact us anytime if you would like to discuss. We have a large team working with clients to ensure they are ready for the transitional arrangements and full licensing. We’re also actively working with industry bodies and clients on the consultation.

Part A – Key points to know

Where does this consultation fit in?

The VA Licensing Regime commences on 1 June 2023. The Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO) sets out the overarching requirements and framework underpinning the VA Licensing Regime (see our alerts regarding the proposed AMLO bill and further updates). 

The release of the Regulatory Requirements represents a key step for licensees (Licensed Providers) to understand and implement what needs to be in place ahead of 1 June 2023. 

Scope of the Regulatory Requirements

The Regulatory Requirements are a unified framework for exchanges licensed under the AMLO and the Securities and Futures Ordinance (SFO) to ensure there is a consistent approach across the industry. 

The Regulatory Requirements take the form of four key guidelines:

Key topics covered

The Regulatory Requirements covers minimum standards across the following areas: 

In some instances, the requirements impose obligations on the Licensed Provider to ensure its affiliates (for example, its Associated Entity holding client assets), satisfy certain minimum standards. 

What else do I need to know?

Upon commencement of the VA Licensing Regime, Licensed Providers must comply with the final form of the Regulatory Requirements at the relevant time. 

Importantly:

  • Regulatory Requirements are (near but) not final. Market participants are invited to respond to several questions and the Regulatory Requirements generally. Despite this, the Regulatory Requirements are a good indication of the position the SFC is likely to take on a number of key issues. See Part B for some key areas of focus for the industry.
  • Regulatory Requirements will not be law. The Regulatory Requirements do not generally have the force of law, but will affect the interpretation of the AMLO and the ability to obtain and retain a licence. Failure to comply may result in disciplinary action and the refusal or loss of a licence (if a person is considered no longer “fit and proper”). In practice, this means Licensed Providers are expected to comply with the Regulatory Requirements strictly, as licensees.
  • Regulatory Requirements will supersede previous virtual asset exchange requirements. Following 1 June 2023, the SFC will regulate the trading of security tokens via the existing securities licensing regime (SFO regime) and regulate non-security token trading under the VA Licensing Regime. The “Guidelines for Virtual Asset Trading Platform Operators” (VATP Guideline), which forms the key guideline under the VA Licensing Regime will apply to all Licensed Providers under both regimes. This means they will supersede the existing rules for exchanges licensed under the SFO, which we wrote about here. The SFC has implied an expectation that exchanges apply for both AMLO and SFO licences, but this is not strictly mandatory.
  • Consolidation of requirements rather than total re-write. The Regulatory Requirements are long but consolidate many existing SFC concepts and requirements such that they are not totally new and unfamiliar. For example, the SFC has incorporated its guideline on competence into the VATP, albeit some modifications to reflect virtual asset practices and some greater flexibility. This means that many of the requirements are not surprising, although a close review is valuable – there are some important updates that may well require additional resource or benefit from feedback to the SFC.

Part B – A closer look at key thematic areas of the consultation

The following table summarises some of the most topical Regulatory Requirements: 

Company requirements

Key requirement
Further detail
Example uses 2

Who needs to be licensed?

At a high level, the VA Licensing Regime is intended to capture centralised automated trading systems for virtual assets, where those assets come into the custody of the operator. A footnote to the Consultation Paper makes clear that order routers, bulletin boards and peer-to-peer platforms are not generally caught. This makes the regime a narrow one and will leave multiple platforms out of scope.   

The SFC pre-vets and oversees the Licensed Provider, plus their responsible officers (ROs) and licensed representatives (LRs). In addition, there is indirect oversight of substantial shareholders / owners, directors, other personnel and the Associated Entity that must hold its client assets.  More on this below.

Position on key activities

Exchanges will be largely limited in relation to their exchange functions.

The SFC has formed a view on several key points of particular interest to the market:

  • Proprietary trading is largely restricted. This applies to both the platform and affiliates. There is an exemption for certain back-to-back transactions where the platform takes no market risk (ie effectively trades to fulfil a client buy/sell order). There is also a restriction on the platform from conducting market making activities. However, the Regulatory Requirements signal there may be “other limited circumstances permitted by the SFC on a case-by-case basis” in which proprietary trading may be permitted. 
  • Derivatives is an open question. The Regulatory Requirements maintain a strict line on the operator not conducting any offering, trading or dealing activities in futures or derivatives, but the SFC has specifically called out the need for derivatives as a point of difficulty for the industry and invites feedback on what business models and products industry would like to see.
  • Non-prefunded trades and lending may be possible in limited circumstances. Trades need to be fully funded and neither the platform nor any affiliate can provide any financial accommodation. However, off-platform trades can be on a non-prefunded basis as long as they are settled intra-day; and the SFC has signalled that affiliates may be able to provide financial accommodation “in exceptional circumstances” and if approved by the SFC. 
  • Algorithmic trading is out. The Regulatory Requirements ban the platform offering of algorithmic trading services. However, this is not an outright ban on others trading on an algorithmic basis.
  • Investment products are out. Licensed Providers are also restricted from making any arrangements that generate returns for clients or other parties. 

Pathway for retail

Retail investors will be able to participate, but have more protections in place. Several requirements will capture all individuals regardless of net worth. Overall, there has been significant progress made on retail participation across multiple public and private consultations.

A few key points:

  • Investor protection. Licensed Providers are not expected to grant access to all retail clients, the SFC expects vetting to be undertaken to ensure adequate investor protection is in place.
  • Limited assets. The Regulatory Requirements only permit retail to access “large-cap virtual assets” which are defined to be those that have been included on at least two acceptable indices issued by at least two index providers. In practice, this restricts the retail to an exceptionally small pool of assets. 
  • Assessments. The SFC expects Licensed Providers to take all reasonable steps to understand a client’s financial situation, investment experience and objectives. 
  • Appropriate limits must be applied to retail clients’ trading depending on the outcome of know-your-client procedures.
  • Suitability. Licensed Providers will need to build onboarding procedures that ensure they understand the client’s risk profile and tolerance level to determine whether the client is suitable for VA trading. That knowledge will need to be used to set trading limits such that the client’s exposure to virtual assets is suitable for their personal circumstances and financial situation. 
  • Other protections including disclosure obligations, minimum client agreements and continuing requirements apply to retail – many of these replicate existing standards for other SFC-regulated entities.

Client asset protection 

Protection of client assets has long been a key focus area for the SFC. 

The key requirements include the following:

  • On trust and segregated. Client assets must be held on trust and segregated from the Licensed Provider’s own assets.
  • Held by an Associated Entity. Client assets must be held by a subsidiary (the “Associated Entity”) which is subject to certain requirements indirectly via the Licensed Provider.
  • Safely kept. At least 98% of client virtual assets in cold storage except in limited circumstances the SFC approves.
  • With back-stop protection. The Licensed Provider must have in place a compensation arrangement approved by the SFC that provides an appropriate level of coverage to deal with risk associated with the custody of virtual assets. This compensation may not necessarily solely be in the form of insurance, but could include appropriate reserve funds. In essence, the cover between insurance and the Licensed Provider’s reserve funds must always exceed the amount held in custody. As to the breakdown between insurance and the reserve funds, the SFC has granted the Licensed Provider flexibility to determine this, subject to satisfying the above. The compensation arrangements need to be reviewed and reconciled daily to ensure that clients are always adequately protected.   
  • Subject to detailed policies and procedures. The Licensed Provider and the Associated Entity must also have clear policies that cover these requirements and custody generally.  

Financial resources

Licensed Providers are required to maintain adequate financial resources, including paid-up share capital of at least HKD5,000,000 and liquid capital of at least HKD3,000,000. The Regulatory Requirements also stipulate holding liquid assets equivalent to at least 12 months of actual operating expenses. Critically, virtual assets are not counted. Complex additional rules apply to ensure adequacy.

AML/CTF compliance controls

As expected with an AMLO regime, the Licensed Provider is required to maintain adequate anti-money laundering and counter-terrorist financing (AML/CTF) policies, procedures and controls. This will in practice mean developing strong written policies and procedures for risk-based customer due diligence at onboarding, periodically and on trigger events, name screening, sanctions compliance, transaction monitoring and record keeping. 

The key VA industry specific requirements are set out in Chapter 12 of the Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (For Licensed Corporations and SFC-licensed Virtual Asset Service Providers) (AML/CTF Guideline), plus a thematic version for Associated Entities. 

Key points are summarised as follows.

Compliance with the Travel Rule

Similar to traditional wire transfer rules, Licensed Providers, whether as ordering, intermediate or beneficiary institution, are required to obtain, record and submit, as appropriate to the role, prescribed information relating to the originator and beneficiary (known as the Travel Rule).  

However, under the SFC’s traditional wire transfer rules, the only obligation on what to do with the information collected is to screen the parties involved in a cross-border transfer. The obligations on Licensed Providers under the Travel Rule go further than list screening (though screening is required). Licensed Providers are also required to have procedures to establish whether the counterparty is a VA transfer counterparty or an unhosted wallet with the requirements then flowing from the distinction.

The first obligation for VA transfer counterparties is to identify whether the counterparty is “eligible” to deal with. The “eligibility assessment” includes understanding the:

  • nature of the counterparty’s business;
  • nature and volume of VA transfers;
  • counterparty’s regulation;
  • quality and effectiveness of the AML/CTF regulation and supervision to which the counterparty is subject; and
  • quality of the counterparty’s AML/CTF controls.

Senior management approval is also required. In addition, Licensed Providers are required to assess whether the VA transfer counterparty can comply with the travel rule and conduct a form of risk assessment on the counterparty similar to a client risk assessment. Overall, the requirements are similar to those that apply to cross-border correspondent relationships and the AML/CTF Guideline directly references those rules as providing further guidance on conducting due diligence.

Although onerous, due diligence only needs to be conducted on the VA transfer counterparty on the first transaction, unless there is a suspicion of ML/TF and then periodically as part of ongoing monitoring, it is not required on each transaction.

For VA transfers to or from unhosted wallets, “extra care” is required. The same originator and recipient information must still be collected before the transaction takes place and a risk assessment must be conducted. 

Additional risk mitigation steps

To mitigate the non-face-to-face nature of onboarding expected to be adopted by most Licensed Providers, they are encouraged to obtain the IP address with an associated time-stamp, geo-location data and device identifiers.

Transaction monitoring

On-chain analytics tools are expected to be used that:

  • track the transaction history of virtual assets to more accurately identify the source and destination of the virtual assets; and
  • identify transactions involving wallet addresses linked to illicit or suspicious sources or activities or designated parties. 

Fit and proper requirements 

Key requirement
Further detail
Example uses 2

Fit and proper details - general

The corporate applicant, officers of the applicant (including ROs, LRs, and directors), and the “ultimate owners” of the applicant must be “fit and proper”.

The SFC has set out its prescriptive factors to assess whether a person is “fit and proper”. The criteria largely mirrors existing SFC requirements from the SFO regime, adapted to suit the virtual asset context. Several of the key factors include the financial status of the person, education and qualification and industry experience of the person, the ability to act competently, honestly and fairly, their reputation and character, and any there has been serious convictions (especially relating to AML/CTF or matters going to honesty and probity).

The SFC has provided guidance as to what it will consider as part of each of these factors.

Guidance on competence

Competence forms a key pillar of the fit and proper assessment. The SFC has provided detailed guidance on the matters it will ascertain if a person is competent, and therefore “fit and proper”.  In particular, in the context of the corporate applicant, the SFC will consider the applicant’s business model, governance arrangements, staff competencies, resources, internal controls, risk management framework, operations, and compliance framework as part of the application process.

Licensed persons must be able to demonstrate that they satisfy the following competence requirements, which are more stringent in respect of responsible officers:

  • Academic or professional qualifications: this refers to having obtain a degree of certain professional qualifications in designated areas (eg economics, account, law, etc).  
  • Relevant industry experience: this refers to hands-on working experience acquired through the carrying on of the virtual asset regulated activities in Hong Kong or similar activities elsewhere. In substance, the SFC considers whether the person’s past experience is directly relevant to the proposed activities to be carried on by the Licensed Provider and the licensed person. The SFC has stated it will take a pragmatic approach to these assessments, and may recognise technology experience if the person has played a key role in developing, and ensuring the continuing function of the platform or relevant systems. 
  • Management experience: this refers to the hands-on experience in supervising and managing essential regulated functions or projects in a business setting, including the management of staff engaging in these functions or projects. This requirement only applies to responsible officers.
  • Relevant industry qualifications (RIQ) and local regulatory framework paper (LRP): licensed persons are expected to obtain the RIQs (Hong Kong Securities and Investment Institute (HKSI) administered Licensing Examination for Securities and Futures Intermediaries (LE) Papers 7 & 8) and pass the LRPs (HKSI LE Paper 1 for licensed representatives, HKSI LE Papers 1 & 2 for responsible officers) within three years prior to the submission of the application.

The precise exams that need to be taken depend on satisfaction of the other competence requirements and whether the person is a licensed representative or responsible office but by and large, the expectation is that regulated persons will sit the necessary RIQ or LRP, unless an exemption applies. 

Exemptions to RIQ and LRP requirements

The SFC has introduced several exemptions to the RIQ and LRP requirements. The SFC will consider granting discretionary exemptions if the relevant person has comparable qualifications or industry experience, or the person agrees that they will pass an LRP within six months of the approval. Such discretionary relief may include the imposition of conditions. 

The SFC has also set out a list of full and condition exemptions from RIQ and LRP that responsible officers and licensed representatives may seek to rely on. Most of the exemptions are premised on the person having already the requisite industry qualification or local regulatory knowledge, either through past experience or holding the same licences.  

External attestations: legal opinions and EARs

Besides audit, there are two key forms of external attestation proposed:

If you are intending to apply for a licence soon, it is essential to start work as soon as possible to ensure your policies and procedures reflect the full gamut of the Proposed Regulatory Requirements and then fine-tuned as necessary to reflect the final version, to enable the EARs to be delivered in time. We are already working with several clients and have a full compliance suite available. 

Disciplinary action

The SFC has also proposed Disciplinary Fining Guidelines under Appendix D of the Consultation Paper. The Guidelines indicate the manner in which the SFC will exercise its power to impose fines on regulated persons guilty of misconduct, or where regulated persons are, or were not, fit and proper.

Part C – Transitional arrangements

The AMLO contemplates exchanges operating in Hong Kong at the commencement of the VA Licensing Regime will obtain the benefit of certain provisions while they either apply for a licence or wind down their activities. 

There are two aspects to the transition arrangements, summarised below:

GRACE PERIOD FOR EXISTING OPERATORS
DEEMING ARRANGEMENTS
Example uses 2

A person will not contravene the requirement to hold a licence for the period until 1 June 2024 if the:

  • operator is a corporation;
  • operator has been carrying on business of a virtual asset service (as defined in the AMLO) in Hong Kong immediately before 1 June 2023 with “meaningful and substantial” presence; and
  • regulated activity is done within the grace period (between 1 June 2023 to 31 May 2024).

The VA Licensing Regime proposes a mechanism to deem persons as licensed, while their application is being assessed. 

An existing virtual asset exchange will not be considered to have contravened the AMLO and SFC rules between 1 June 2023 and 31 May 2024, if certain prescribed conditions are met. This means they will be able to continue to operate until they are licenced. See our alert (here) for a full list of the applicable conditions. 

Following this, if a person’s application is still being assessed, a person will be deemed licensed from 1 June 2024 until that application is formally approved (unless withdrawn or rejected). 

The Consultation Paper provides further guidance on the eligibility requirements to be deemed licensed, and a breakdown of key dates and implementation details. 

If a virtual asset exchange is not eligible, then from 1 June 2023, it must not perform any virtual asset services in Hong Kong until its licence application is approved.

SFC registers

The SFC proposes to maintain public registers covering licensed, deemed licensed, closing-down and unlicensed platforms. The last of these is perhaps the most challenging in practice, given the limits of the proposed VA Licensing Regime and complex interpretational questions. We expect this to be a focus area in consultation responses to ensure fairness while still protecting the public from unscrupulous actors.

Part D – Next steps

Responses to the Consultation Paper are due by 31 March 2023. We encourage market participants to provide feedback given the Regulatory Requirements are not final.  

From here, there is a short lead time to commencement of the VA Licensing Regime. We expect the SFC to swiftly confirm any changes and the final state of the Regulatory Requirements. In that time, we encourage those seeking to apply for a licence to take steps to:

  • check the nature and scope of your business;
  • check that you and your proposed regulated individuals are eligible for the transitional arrangements;
  • prepare a high quality licence application;
  • ensure policies, procedures and operations are in place;
  • create all necessary compliant client agreements and disclosures; and
  • arrange external legal opinions and EARs. 

Other market participants, such as SFC-licensed corporations and HKMA-regulated banks will also need to consider the impacts of the new regime on their relationships with virtual asset exchanges and onboarding procedures.

Please contact us to discuss, anytime.

 

Any reference to “Hong Kong” or “Hong Kong SAR” in this article shall be construed as a reference to “Hong Kong Special Administrative Region of the People’s Republic of China”.

LATEST THINKING
Insight
Charting the progress of Hong Kong law from the pro-arbitration approach in Lasmos, to Re Guy Lam, Re Simplicity, and Re Shandong Chenming, and in light of the recent UK Privy Court decision in Sian Participation, this Chapter sets out the current position in Hong Kong on the relationship between the winding-up jurisdiction and arbitration. Read about the position in Singapore, Australia and in the United Kingdom – using the links above – for a wider comparative understanding of the legal landscape on this topic.

14 November 2024

Insight
Analysing recent Singapore court decisions in AnAn Group (Singapore) Pte Ltd v VTB Bank (Public Joint Stock Co)[2020] 1 SLR 1158, BWG v BWF [2020] 1 SLR 1296, and Founder Group (Hong Kong) Limited (in liquidation) v Singapore JHC Co Pte Ltd [2023] SGCH 159, this article maps and explains the current Singapore approach when faced with a disputed debt governed by an arbitration agreement. Read about the position in Hong Kong, Australia and in the United Kingdom – using the links above – for a wider comparative understanding of the legal landscape on this topic.

14 November 2024