Blockchain 2020

Last Updated June 17, 2020

Hong Kong

Law and Practice


DLA Piper LLP has been active in Greater China for over 30 years. The firm's Greater China group comprises a team of over 180 fee earners located in three integrated offices in Beijing, Hong Kong and Shanghai, making DLA Piper one of the largest international law firms in the region. The firm's lawyers all have a solid understanding of the local laws and regulations of both Hong Kong and the People’s Republic of China (PRC), and a thorough appreciation of the local business style and approach. The team also has extensive experience guiding clients expanding and operating in Macau and Taiwan. DLA Piper is a market leader in providing legal services to fintech clients. The fintech team brings together the vast and synergistic skill sets of the firm's finance and intellectual property and technology teams to holistically service fintech clients through both a traditional finance perspective and with regard to cutting-edge technology deployment.

Hong Kong is among the top ten fintech hubs in the world. As of April 2020, it has at least 169 registered blockchain startups. 

Initially, Hong Kong largely used blockchain as next-generation infrastructure to enable technological innovations for its large financial services sector. However, other industries are increasingly adopting blockchain technology in Hong Kong and this trend will continue through the next 12 months.

The use of blockchain in Hong Kong businesses include cryptocurrency exchange platforms, asset digitisation solutions and blockchain solutions used to manage supply chain, healthcare, and other corporate-facing services. As a global financial hub, many blockchain companies in Hong Kong cater to fintech/e-payments.

Laws and Regulations on Blockchain/DLT

There is no blockchain-specific legislation or regulatory framework in Hong Kong. Nevertheless, blockchain and DLT will invariably engage existing laws and regulations in Hong Kong, depending on the context in which they are applied.

The Hong Kong Monetary Authority (HKMA), the de facto central bank in Hong Kong, published two white papers on blockchain and DLT in 2016 and 2017 (“DLT White Papers”). The DLT White Papers are one of the first documents by a regulator in Hong Kong which contemplated the legal issues and challenges that may arise from the use of blockchain. These can be summarised in seven broad categories: 

  • validity and enforceability of digitised documents and digital signatures;
  • data protection and privacy (eg, accessibility of data in DLT platforms, immutability of stored data, and implications to data due to cross-border nature of DLT);
  • cross-border and localisation issues (eg, cross-border data flow, data localisation);
  • validity and enforceability of smart contracts;
  • liability associated with participation in DLT platforms (eg, data breaches, hacking);
  • competition/anti-trust laws (eg, fair competition and anti-trust practices); and
  • legal issues in specific applications (eg, trade finance, mortgages/e-conveyancing, asset management).

Blockchain already caught the attention of the Hong Kong Government (especially in the context of cryptocurrencies). Given the growing number of businesses that are keen to leverage the technology, there is no surprise if the Hong Kong Legislative Council introduces new laws and regulations that concern blockchain and cryptocurrencies specifically.

Laws and Regulations on Cryptocurrencies

There is no specific regulatory regime applicable to market participants using cryptocurrency and no retrofitting existing regulatory regime applicable to market participants using cryptocurrencies, apart from the operation of cryptocurrency exchanges involving security tokens. The HKMA has stated that he considered that Bitcoin and other similar currencies were not legal tender but rather “virtual commodities” not regulated by the HKMA.

Similarly, the Hong Kong Securities and Futures Commission (SFC) also considers that cryptocurrency, along with “crypto-assets” and “digital tokens”, belong to an asset class called “virtual assets”, being a digital representation of value.  As such, cryptocurrency is not subject to SFC oversight if it falls outside the legal definition of “securities” or “futures contracts” under the Securities and Futures Ordinance (Cap 571) (SFO).

However, the SFO’s existing regulatory regime would apply if the specific cryptocurrency were deemed to fall within the definition of “securities” under the SFO. For example, such cryptocurrencies are required to be dealt through intermediaries that are licensed by the SFC and an offering memorandum is required to be published when such cryptocurrencies are offered unless an exemption applies. In addition, where a virtual asset trading platform operating in Hong Kong facilitates the trading of a security token, being a virtual asset that falls within the definition of “securities” under the SFO, the platform operator must be licensed and regulated by the SFC. See 4.4 Regulation of Markets.

In general, international standards applicable to blockchain/virtual asset sectors, such as the updated FATF Recommendation 15 and its associated Interpretative Note, and Guidance for a Risk-Based Approach – Virtual Assets and Virtual Asset Service Providers, have only been partially applied in Hong Kong.

Licensing/Registration Requirements

Hong Kong did not adopt the licensing and registration recommendations in Recommendation 15. Recommendation 15 states that, generally, virtual asset service providers (“VASPs”, defined below) are required to be licensed or registered in the jurisdiction in which they are created.

The definition of VASPs captures persons who conduct one or more of the following activities:

  • Exchange between “virtual assets” and fiat currencies. “Virtual assets” is defined to be any digital representation of value that can be traded or transferred, or used for payment, and will include digital coins (eg, Bitcoin), utility tokens (eg, Gotem), and asset-backed, security tokens (eg, DIAM);
  • Exchange between one or more forms of virtual assets;
  • Transfer of virtual assets;
  • Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and
  • Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

The regulatory ambit in Hong Kong is much narrower than the FATF recommendations.


As in 2.1 Regulatory Overview, only virtual assets that are “securities” are subject to regulatory supervision and scrutiny by the SFC. The SFC made it clear that it does not regulate virtual assets that do not fall under the definition of “securities”.

The SFC admitted in a key findings report issued in November 2019 that its current regulatory framework for virtual asset portfolio managers, fund distributors and trading platform operators “is not sufficient for fully complying with the revised Recommendation 15 of the FATF”.

Crypto-fiat/Fiat-crypto/Crypto-crypto Exchange Platforms

There is no licensing or registration requirement for crypto-fiat/fiat-crypto/crypto-crypto exchange platforms. Under the Anti-Money Laundering Ordinance (Cap 615) (AMLO), a person must obtain a money service operator license (“MSO License”) from the Hong Kong Customs and Excise Department if it wishes to engage in “money services” in Hong Kong. “Money services” mean money changing services (ie, exchanging of currencies that is operated in Hong Kong as a business) and/or remittance services.

As in 2.1 Regulatory Overview, Bitcoin or other similar coins are not recognised as “money”, “currencies” or “legal tender”. These exchange platforms are also not specifically caught under the MSO License regime.

Crypto-fiat/fiat-crypto/crypto-crypto exchange platforms therefore fall outside regulatory ambit under Hong Kong law, provided that they are not asset or security backed.

AML/CTF Requirements

Under the FATF Recommendations, in identifying, assessing and understanding money laundering and terrorist financing (“ML/TF”) risks emerging from virtual asset activities and VASPs, jurisdictions should continue to apply a risk-based approach to ensure that measures are taken to prevent potential ML/TF risks. The FATF Recommendations also expect VASPs to conduct internal ML/TF risk assessments, taking into account the services each VASP offers, the geographical scope of such services, the customer channel and types and the types of virtual assets that are being dealt with.

In general, Hong Kong is compliant with the FATF’s AML/CTF recommendations and international standards. In particular, Hong Kong is commended for its AML/CTF efforts in FATF’s assessment the compliance and effectiveness of Hong Kong’s AML/CTF regime against international standards (see the Mutual Evaluation Report on Hong Kong in September 2019).

However, the AML/CTF regime in Hong Kong does not have any specific AML/CTF requirements imposed on VASPs. Paul Chan, the Financial Secretary of the Hong Kong Government, clarified in the 2020 annual budget speech that Hong Kong will consider capturing VASPs into the Hong Kong AML/CTF regulatory framework, and will plan to consult the public with detailed proposals in 2020. 

The most relevant regulatory bodies are the HKMA and the SFC. While neither regulator has claimed jurisdiction over blockchain, distributed ledger technology and cryptocurrencies, each has issued guidance on the subject. 

For example, the HKMA has said they do not regulate virtual assets such as Bitcoin which are regarded as “virtual commodity” rather than legal tender, a means of payment or money. This means that Hong Kong’s banking laws and regulations do not therefore apply to an entity accepting, or dealing in, virtual assets unless the entity is an “authorised institution” (ie, a licensed bank, a restricted licence bank or a deposit-taking company).

The SFC took the view that a virtual commodity, virtual asset or digital asset would not subject to the oversight of the SFC unless they fall within the definition of “securities” or “futures contracts” under the SFO. Both HKMA and the SFC have adopted a technology-neutral approach and seek to regulate virtual or digital assets and related activities based on their existing regulatory frameworks.

In Hong Kong, several industry trade groups help to steer policy and develop interest in, and the development of, the blockchain and fintech ecosystems. These are a mix of quasi-government and non-governmental organisations that help to develop the blockchain and fintech communities in Hong Kong by way of education, community building and innovation development. They regularly publish whitepapers and help develop industry best practices on blockchain adoption and fintech use cases/new developments.

There is limited judicial consideration of the use of blockchain technology and the status of cryptocurrencies in Hong Kong.

Given Hong Kong adopts the common law system, judicial cases (particularly those from England) are of high persuasive value in Hong Kong. In particular, in respect of cryptocurrencies, English courts support the view that cryptocurrencies may be recognised as property (see Vorotyntseva v Money-4 Ltd (t/a [2018] EWHC 2596 (Ch), where the High Court of England and Wales found that there was no suggestion that cryptocurrency could not be a form of property).

The UK Jurisdiction Taskforce also issued a legal statement on crypto-assets and smart contracts in November 2019, which confirmed that crypto-assets have all of the indicia of property, and should therefore be in principle treated as property.

Hong Kong's Position

Hong Kong courts might adopt the English law position. Hong Kong courts may now have an opportunity to explore more thoroughly whether Bitcoins convey a property right that can be enforced at law (see Nico Constantijn Antonius Samara v Stive Jean Paul Dan [2019] HKCFI 2718, in which the Hong Kong Court of First Instance granted a Mareva injunction to freeze assets of a French cryptocurrency trader concerning the disputed ownership of Bitcoins. The injunction restrained the defendant from disposing assets valued at over USD2.6 million, including Bitcoins in the face of competing claims to ownership of the Bitcoins). The case is currently ongoing, and we anticipate further guidance to be issued by the Hong Kong courts once the case reaches trial stage.   

No Hong Kong regulator has taken any enforcement action regarding the use of blockchain. In fact, regulators encourage organisations (particularly the financial sector) to adopt blockchain technology. It is also used in government-commissioned projects (eg, the HKMA’s eTradeConnect Platform in 2018).

On the other hand, the regulators take a more cautious approach in respect of virtual assets and participation in ICOs and STOs.

Virtual commodities

As yet, no enforcement action taken by regulators. However, the Hong Kong Government, the HKMA, the SFC and the Hong Kong Police Force have issued numerous public warnings concerning the trading of virtual commodities, including Bitcoin.

Security-backed virtual assets

In February 2018, the SFC sent letters to seven cryptocurrency exchanges in Hong Kong, warning them that they should not trade cryptocurrencies which are “securities” without a license. Most of these cryptocurrency exchanges either confirmed that they did not provide trading services for such cryptocurrencies, or took immediate rectification measures, including removing the relevant cryptocurrencies from their platform. The SFC may take further enforcement action against these exchanges if they are found to be trading in cryptocurrencies that are “securities”.


In March 2018, the SFC took enforcement action against Black Cell Technology Limited, an ICO issuer, due to its concerns that Black Cell had engaged in potential unauthorised promotional activities and unlicensed regulated activities. The SFC found that Black Cell promoted an ICO to sell digital tokens to investors through its website accessible by the Hong Kong public, with the pitch that the ICO proceeds would be used to fund development of a mobile application, and holders of the tokens would be eligible to redeem equity shares in Black Cell.

The SFC considered Black Cell’s activities may constitute a collective investment scheme and, therefore, a regulated activity which Black Cell is not authorised to conduct without a SFC licence. As a result, Black Cell halted its ICO to the Hong Kong public and agreed to unwind ICO transactions for Hong Kong investors by returning the relevant tokens.

It is, therefore, clear that ICOs are heavily scrutinised by the SFC. 


We are not aware of any enforcement action taken by regulators so far. However, the SFC published a statement on STOs to clarify that security tokens, which are digital representations of ownership of assets (eg, real estate) or economic rights (eg, share of profits or revenue), are likely to be “securities”. Therefore, any person who markets and distributes security tokens is subject to the SFO requirements, including licensing requirements. It is anticipated that the SFC will take enforcement actions against those who fail to comply with the applicable requirements.

The SFC, the HKMA and the Insurance Authority have implemented regulatory sandboxes for fintech businesses in general (including firms that utilise blockchain technology in their business initiatives):

  • for banks and technology firms with fintech initiatives - Fintech Supervisory Sandbox (established in 2016 by HKMA as part of HKMA’s 7 initiatives for smart banking) (FSS); until the end of April 2020, pilot trials of 134 fintech initiatives were allowed in the FSS.
  • for organisations offering regulated securities activities – SFC Regulatory Sandbox (established in September 2017 by the SFC);these organisations are subject to close supervision and dialogue with the SFC on compliance with the SFO.
  • for authorised insurers – insurtech Sandbox (established in September 2017 by the Insurance Authority).

The Hong Kong Inland Revenue Department (IRD), the tax authority of Hong Kong, has issued a revised Departmental Interpretation and Practice Notes No 39 (“DIPN 39”) on 27 March 2020 to set out IRD’s views on applying the existing taxation regime to cryptocurrency. However, please note that the DIPN 39 is not legally binding. The IRD’s position can be summarised as follows:

Categorisation of Digital Assets for Hong Kong Tax Purposes

The IRD clarified the categorisation of digital assets for Hong Kong tax purposes. Digital assets (including cryptocurrencies) includes the following categories:

  • Payment tokens are used as a means of payment for goods or services and encompass cryptocurrencies; they do not provide the holder with any rights or access to goods or services.
  • Security tokens provide the holder with particular interests and rights in a business; they represent ownership interests in the business, a debt due by the business or entitlement to a share of profits in the business.
  • Utility tokens provide the holder with access to particular goods or services which are typically provided using a blockchain platform; the token issuer would normally commit to accepting the tokens as payment for the particular goods or services.


The IRD will review any underlying documents of the ICO to examine what rights and benefits are attached to the digital tokens. For the issuer, the tax treatment of the proceeds from an ICO generally follows from the attributes of the tokens issued.

Digital Assets Bought for Long-Term Investment Purposes

If digital assets are bought for long-term investment purposes, any profits from disposal would be capital in nature and IRD deems such profits not to be subject to profits tax. Whether the digital assets are capital assets or trading stock has to be considered on the basis of the facts and circumstances, where well-established tax principles like the “badges of trade” would continue to be applicable and the intention at the time of acquisition of the digital assets is always relevant.

Cryptocurrency Business

DIPN 39 recognises that common business activities involving cryptocurrency include the trading of cryptocurrency, exchange of cryptocurrency and mining. Whether these activities amount to the carrying on of a trade or business is a matter of fact and degree to be determined upon a consideration of all the circumstances. Factors such as the degree and frequency of the activity, the level of system or organisation (ie, whether the activity is undertaken in a business-like manner) and whether the activity is done for the purpose of making a profit are relevant considerations.

Hong Kong-sourced profits from cryptocurrency business activities are subject to profits tax. The broad guiding principle (ie, determining the person’s relevant operations that produced the profits in question and the place where those profit-generating operations were carried out) will be applied to determine the source of the profits arising from cryptocurrency transactions.

Any amount of a cryptocurrency via an event such as an airdrop or a blockchain fork in the course of a cryptocurrency business is to be regarded as a receipt of the business and would be assessed accordingly.

Cryptocurrency Used for Business Transactions

Transactions involving cryptocurrencies should be accrued based on the prevailing market value as of the date of the transaction.

Cryptocurrency Received as Employment Income

The same salaries tax treatment would apply to the remuneration in cryptocurrency received by employees where the amount to be reported as the employee’s employment income should be the market value of the cryptocurrency at the time of accrual.

The Hong Kong Government is currently looking to release detailed proposals on how it will regulate the cryptocurrency sector to better conform with international anti-money laundering norms. In addition, the HKMA and SFC actively look into, and issue guidance papers in relation to, blockchain benefits and case use studies (and more recently regulations in the case of the SFC). 

Questions of ownership and transfer of a digital asset will depend on whether the digital asset is deemed to be “property” under Hong Kong law. 

This issue has not yet been considered in depth in Hong Kong. Under common law, property is deemed to be either real or personal property. All personal property is either a chose in possession (tangible property) or a chose in action (an enforceable legal right).

A digital asset does not necessarily fit neatly into these categorisations as it might only be constituted as data on a distributed ledger or blockchain. Where a holder of a digital asset is given a right, Hong Kong courts should regard such a right as a form of property. In 2019, the Singapore International Commercial Court held in B2C2 Ltd v Quoine Pte Ltd [2019] SGHC(l) 3 that virtual currencies were property. Similarly, in 2012 the Chancery Division of the High Court of England and Wales held in Armstrong DLW GmbH v Winnington Networks Ltd [2012] EWHC 10 (Ch) that European Union carbon trading allowances were property.

If Hong Kong follows these approaches and considers a digital asset as property, the ownership and transfer of a digital asset should be consistent with the ownership and transfer of other intangible property.

On 6 November 2019 the SFC published a position paper stating that a “security token” is a virtual asset that falls within the definition of “securities” in the SFO.

Although the term “utility token” is not defined under Hong Kong law, the distinctions between digital assets treated as “securities”, “commodities” or other types of assets are reasonably straightforward for market participants to determine. The term “commodity” is defined in the Commodity Exchanges (Prohibition) Ordinance (Cap 82).

The stance of the HKMA is that cryptocurrency is not a currency but rather a virtual asset. Similarly, cryptocurrencies and digital tokens have been, by default categorised by SFC as virtual commodity or virtual asset which is not a specifically regulated instrument. Both the HKMA and the SFC have adopted a technology-neutral approach and seek to regulate cryptocurrencies including stablecoins and related activities based on their existing regulatory frameworks.

Currently, there are no laws or regulations specific to stablecoins or cryptocurrencies. However, where a stablecoin displays features of an item under the current regulatory frameworks, then it is subject to those regulations. No distinctions have been made between stablecoins backed by deposits of fiat currency and “algorithmic” stablecoins that use a formula to maintain their peg.

Further, depending on the nature of the specific stablecoin and the proposed role of the issuer, service providers and participants of the specific stablecoin, the following activities may require regulatory licensing, registration and/or authorisation:

  • where there is an element of taking a deposit (or receiving a loan) from another person, the business may be regulated as a deposit-taking company by the HKMA;
  • if there is any form of negotiation, arrangement or facilitation of currency trading and/or a deposit or loan involving a bank, the relevant person would be required to be approved by the HKMA;
  • if the stablecoin or any product relating to it resembles a stored value facility which may be used for storing the value of an amount of money in the context of making payments for goods or services involving the issuer, it would be regulated as a stored value facility by the HKMA under the Payment Systems and Stored Value Facilities Ordinance (Cap 584) (“PSSVFO”);
  • if there is a clearing and settlement system or retail payment system that is of such materiality as to be designated for regulatory supervision, it would be regulated as a designated retail payment system by the HKMA under the PSSVFO; and
  • if there is any form of loan, credit or lending facility involved, the relevant persons would be regulated as a money lender under the Money Lenders Ordinance (Cap 163).

Hong Kong allows payments to be made with cryptocurrencies. There are no notable limitations on the use of cryptocurrencies for payment purposes.

Currently, there are no laws or regulations specific to NFTs. Both the HKMA and the SFC have adopted a technology-neutral approach and seek to regulate cryptocurrencies including stablecoins and related activities based on the existing regulatory framework.

See 3.3 Stablecoins.

Hong Kong does not currently have any licensed digital asset exchanges.

The SFC currently does not accept licence applications from decentralised exchanges; however, cryptocurrencies do not fall under the definition of “securities” and as such their trading is still not a regulated activity in Hong Kong.

Several cryptocurrency exchanges in Hong Kong allow for deposits in fiat currency to be exchanged and spent on cryptocurrencies. Some exchanges even allow for cryptocurrency to be purchased via credit card on their platforms.

Cryptocurrency-to-cryptocurrency exchanges are similarly easily made in Hong Kong by way of these same digital asset exchange services.

However, given that a cryptocurrency is not deemed to be a currency or money, a cryptocurrency exchange may not be considered to be a “money service operator”, which would require a licence pursuant to AMLO. The MSO regime also currently does not contemplate fiat-crypto/crypto-crypto transactions.

There is currently no AML/KYC legislation which specifically applies to digital asset transactions and VASPs. Instead, digital asset transactions will invariably engage rules in the existing AML/KYC regime in Hong Kong. As discussed in 2.2 International Standards, the Hong Kong Government plans to address this by incorporating VASPs within the existing AML/KYC regime, and will conduct public consultation on this legislative exercise in 2020.


The AML/KYC regime in Hong Kong is comprised of a suite of legislation, including:

  • Anti-Money Laundering and Counter Terrorist Financing Ordinance (Cap 615) (AMLO);
  • Drug Trafficking (Recovery of Proceeds) Ordinance (Cap 405) (DTROP);
  • Organized and Serious Crimes Ordinance (Cap 455) (OSCO); and
  • United Nations (Anti-Terrorism Measures) Ordinance (Cap 575) (UNATMO).

Circulars, Guidelines and FAQs

The AML/KYC regime is also supplemented by circulars, guidelines and FAQs issued by regulators in the financial services space. By way of illustration, this includes:

  • the HKMA (for licensed banks, licensed virtual banks and stored value facility licensees);
  • the Hong Kong Customs (for money service operator licensees);
  • the Companies Registry (for money lender licensees); 
  • the SFC (for securities intermediaries); and
  • the Insurance Authority (for insurers and other insurance-related intermediaries).

These circulars, guidelines and FAQs are only intended to show how regulators interpret the AML/KYC rules. They are also intended to assist respective licensees to comply with the requisite AML/CTF requirements. They do not have the force of law. However, non-compliance may expose these licensees to the risk of breaching their respective licensing conditions and also the relevant statutory AML/KYC requirements.

Actions to be Taken

In summary, organisations (including VASPs) should take the following actions:

First, designing and implementing internal AML/CTF policies, procedures and controls to manage and mitigate ML/TF risks. Organisations should only take AML/CTF measures which are commensurate to the risks identified in order to manage and mitigate them effectively.

Second, conducting institutional ML/TF risk assessment to identify, assess and understand its ML/TF risks in relation to:

  • its customers;
  • jurisdictions in which its customers are from or in;
  • the jurisdictions in which the organisation has operations; and
  • the products, services, transactions and delivery channels of the organisation.

Third, designing and implementing an appropriate customer risk assessment framework (for risks associated with proposed customer relationships) having regard to the following customer risk factors:

  • country risk factors; or
  • product, service, transaction or delivery channel risk factors.

Fourth, customer due diligence measures: Financial institutions and designated non-financial businesses and professions (eg, solicitors, accountants, trust companies) are required to perform customer due diligence in specific situations (eg, at the outset of business relationships, or before performing any occasional transaction that is valued at HKD120,000 or more, or if a customer/an account is suspected of being involved in ML/TF).

Fifth, continuous monitoring of customer activities: institutions should in particular identify transactions that are complex, large or unusual, and examine the background and purposes of these transactions.

And finally, suspicious transaction reports: Institutions are required to report to the relevant authorities (eg, Joint Financial Intellectual Unit) where the institution knows or suspects that a property represents proceeds of crime or terrorist property. Failure to report may be a criminal offence.

There is no specific regulation of markets for digital assets, see 2.3 Regulatory Bodies.

Type 1 and Type 7 Licences

The SFC has announced that where a virtual asset trading platform (“platform operator”) operating in Hong Kong facilitates the trading of at least one security token, being a virtual asset that falls within the definition of “securities” under the SFO, the Platform Operator may obtain a Type 1 (dealing in securities) and Type 7 (providing automated trading services) licence under the SFO. The SFC expects a platform operator to be capable of meeting robust regulatory standards comparable to those which apply to licensed securities brokers and automated trading venues but also incorporate additional requirements to address specific risks associated with virtual assets. For example, the SFC will impose licensing conditions requiring that platform operators offer their services exclusively to professional investors and only serve clients who have sufficient knowledge of virtual assets and maintain stringent criteria for the inclusion of virtual assets on their platforms.

SFO authorisation

In addition, the SFC has stated that any platform offering virtual assets which are considered “futures contracts” under the SFO is required to be licensed or authorised under the SFO unless an exemption applies. In view of the SFC announcing that it has not licensed or authorised any person in Hong Kong to offer or trade virtual asset futures contracts, and imposing a term under the proposed “Terms and Conditions for Virtual Asset Trading Platform Operators” for granting a licence which prohibits the offering, trading or dealing of virtual asset futures contracts or related derivatives, it is unlikely that a virtual asset trading platform would be able to offer virtual asset futures contracts or related derivatives in the near future.

Regulatory limits on the ability of a digital asset exchange to re-hypothecate applies only for platform operators that facilitate trading of security tokens.


Under the SFC’s position paper on “Regulation of Virtual Asset Trading Platforms” and the published “Licensing Conditions and Terms and Conditions for Virtual Asset Trading Platform Operators”, the SFC addresses the risk for platform operators to trade virtual assets as principal dealers trading their own book. To avoid any conflict of interest, the platform operator is not permitted to engage in proprietary trading or market-making activities on a proprietary basis. This will include any rehypothecation of client virtual assets. The SFC also requires the platform operator to have written policies governing employee dealings in virtual assets to eliminate and avoid potential or actual conflicts of interest.

Internal Policies and Governance

Platform operators should also establish and implement written internal policies and governance procedures to ensure that they would not deposit, transfer, lend, pledge, repledge or otherwise deal with or create any encumbrance over the virtual assets of a client except for the settlement of transactions, and fees and charges owed by the client to the exchange operators in respect relevant activities carried out by the exchange operators on behalf of the client or in accordance with the client’s written instructions.

These requirements do not apply to virtual asset platform operators or exchanges that deal with non-security digital tokens or coins only.

There are regulations which apply to custody of security tokens by platform operators in general. This includes the use of hot and cold wallets.

Under the SFC’s position paper on “Regulation of Virtual Asset Trading Platforms” and the published “Licensing Conditions and Terms and Conditions for Virtual Asset Trading Platform Operators”, platform operators should hold client digital assets on trust through a company (“associated entity”) which:

  • is an “associated entity” of the platform operator under the SFO;
  • is incorporated in Hong Kong;
  • holds a “trust or company service provider licence” under the AMLO; and
  • is a wholly owned subsidiary of the platform operator.

Hot and Cold Wallets

In respect of hot and cold wallets, the SFC requires both the platform operator and the associated entity to store at least 98% of client virtual assets in cold wallets, and limit its holdings of client virtual assets in hot wallets to not more than 2%. The SFC also requires the platform operator and the associated entity to minimise transactions out of the cold wallet in which a majority of the client assets are held.


The SFC will also require the platform operator to ensure that an insurance policy covering the risks associated with the custody of virtual assets held in both hot storage (full coverage) and cold storage (a substantial coverage, eg, 95%) is in effect at all times.

In addition, in respect of custody of digital assets generally, the platform operator and the associated entity are required to:

  • implement written internal policies and governance procedures to ensure compliance with requirements concerning the custody of client virtual assets;
  • implement detailed procedures to deal with events such as hard forks or air drops from an operational and technical point of view;
  • have adequate processes in place for handling requests for deposits and withdrawals of client virtual assets to guard against loss arising from theft, fraud and other dishonest acts, professional misconduct or omissions; and
  • set up and implement strong internal controls and governance procedures for private key management to ensure all cryptographic seeds and keys are securely generated, stored and backed up.

These requirements do not apply to custodians/virtual asset platform operators that offer hot and cold wallet solutions to only non-security tokens or coins.

Creation and sale of digital tokens as part of an ICO or a STO are regarded as “securities” activity.

In September 2017, the SFC issued a statement, clarifying that digital tokens offered in an ICO will be regarded as “securities”, and therefore subject to the requirements under the SFO:

  • digital tokens will be considered as “shares” (ie, “securities”) if they represent equity or ownership interests in a corporation (eg, right to receive dividends, right to participate in the distribution of the corporation’s surplus upon winding up);
  • digital tokens will be considered “debentures” (ie, “securities”) if they are used to create or to acknowledge debt or liability owed by an issuer; and
  • digital tokens will be considered an interest in a “collective investment scheme” (ie, “securities”) if the token proceeds are managed collectively by the ICO scheme operator to invest in projects, with an aim to enable token holders to participate in a share of the returns provided by the project.

Parties who engage in regulated activities will be required to obtain the requisite licences with the SFC (eg, Type 1 license for dealing in securities).

In March 2019, the SFC further clarified that security tokens which represent ownership of assets (eg, gold or real estate) or economic rights (eg, share of profits) are “securities” under Hong Kong law. Parties should offer security tokens to “professional investors” only, and should obtain a Type 1 licence (dealing in securities) under the SFO.

Under the SFO, if the intermediary digital asset exchange platform offers at least one security token on its platform, it can apply for a licence for Type 1 (dealing in securities) and Type 7 (providing automated trading services) under the SFC’s opt-in licensing mechanism. The exchange platform will be placed into the SFC Regulatory Sandbox. If licensed, it will be required to comply with its licensing conditions and terms and conditions under “Licensing Conditions and Terms and Conditions for Virtual Asset Trading Platform Operators” (eg, custody of client assets, maintaining appropriate risk management measures, etc).

Managing investment Funds or collective investment schemes is a Type 9 (asset management) regulated activity under the SFO. Hence, regulations on asset management activities in digital assets are primarily governed by the SFC. The degree of regulations to be applicable to relevant investment fund vehicles involving digital assets would largely depend on whether the digital assets in such vehicles, as an asset class, would fall under the definition of “securities” or “futures contracts” under the SFO. Digital assets would be “securities” if they carry the same features with any type(s) of financial instruments as listed in Part 1 of Schedule 1 to the SFO, which are, amongst other things, shares, stocks, bonds and/or interests in collective investment scheme.

In circumstances where the digital assets are “securities” or “futures contracts”, management of investment funds or collective investment schemes investing in such digital assets (each, a “Digital Assets Fund”) would require a licence for Type 9 (asset management) regulated activity. Moreover, any activities relating to the Digital Assets Fund will be subject to oversight from the SFC through imposition of specific licensing conditions, subject to a de minimis exemption.

Digital Assets fund Managers

Firms which manage or intend to manage a Digital Assets Fund are required to inform the SFC of such activity. Upon assessment of the relevant transactions and discussion with the relevant firms, the SFC will impose specific terms and conditions (“Terms and Conditions”) for the Digital Assets Fund Manager to follow when it manages a Digital Assets Fund. The Terms and Conditions are by and large principles-based and will vary in respect of each firm in light of its particular business model so as to ensure such Terms and Conditions are reasonable and appropriate.

The Terms and Conditions may cover areas such as, amongst other things, disclosure requirements to prospective investors, specific requirements on safekeeping of digital assets, portfolio valuation, risk management and/or minimum liquid capital requirements.

Digital Assets Fund Managers may rely on the de minimis exemption if they do not wish to be subject to the Terms and Conditions. A de minimis exemption means the fund shall solely intend to invest less than 10% of the gross asset value of its portfolio in digital assets.

Investment Funds/Schemes

Where the digital assets are not “securities” or “futures contracts”, management of investment funds or collective investment schemes investing in such digital assets shall not amount to Type 9 (asset management) regulated activity, although the distribution of the same would still amount to Type 1 (dealing in securities) regulated activity.

In this regard, in addition to compliance with the standard fitness and properness requirement and suitability obligations under the SFC Code of Conduct, firms should also observe the following additional requirements when they distribute such digital assets fund products in Hong Kong.

First, firms should only distribute to professional investors as defined under the SFO. They should assess whether the prospective investor has knowledge of investing in virtual assets or related products prior to effecting the transaction on their behalf. If the investor does not possess such knowledge, firms may only proceed to effect the transaction if, by so doing, they would be acting in the best interests of the investors.

Second, firms are required to conduct proper due diligence on such digital assets products, and develop an in-depth understanding on the products, the fund manager and the counterparties to the fund. They should also provide sufficient information in a clear and easily comprehensible manner, so that investors are able to make informed investment decisions.

Dealing activity is a Type 1 (dealing in securities) regulated activity under the SFO, and regulations on dealing activities in digital assets are primarily governed by the SFC. The SFC has made it clear that dealing activities in digital assets which are not “securities” or “future contracts” under the SFO are outside the regulatory remit of the SFC.

On this basis, the SFC has introduced a licensing regulatory framework (“Digital Assets Trading Licensing Regime”) which is:

  • compulsory for digital assets trading operators to follow if the “digital assets” in their business models are “securities” or “futures contracts” under the SFO; and
  • optional for certain digital assets trading operators if the “digital assets” in their business models are not “securities” or “futures contracts” under the SFO.

Such “non-security” digital assets trading operators will only be subject to the Digital Assets Trading Licensing Regime if they elect to do so.

Licensing Conditions

Under the Digital Assets Trading Licensing Regime, the digital assets trading operator may obtain a licence for Type 1 (dealing in securities) and Type 7 (providing automated trading services) regulated activities.

Furthermore, they will be subject to the following key licensing conditions by being a digital asset trading operator, that they should:

  • provide services only to professional investors as defined under the SFO;
  • comply with a specified set of applicable terms and conditions covering various aspects on the business operations of the digital assets trading operator;
  • obtain prior written approval from the SFC, in respect of any plan to introduce or offer a new or incidental service on dealing activities in digital assets;
  • obtain prior written approval from the SFC, in respect of any plan to add any product to its trading platform;
  • provide monthly reports to the SFC on its business activities; and/or
  • appoint an independent firm to conduct annual review of its activities and operations and prepare a report confirming compliance with the licensing conditions and all relevant legal and regulatory requirements.

Smart contracts are not expressly recognised in any statutes, regulations or judicial decisions in Hong Kong. However, the legal chapter of the DLT White Papers, which was edited by the Technology Committee of the Law Society of Hong Kong (the professional body for solicitors in Hong Kong), offered a preliminary analysis on the legality and enforceability of smart contracts in Hong Kong.

Generally, the DLT White Papers clarified that a smart contract has the effect of a contract under Hong Kong law. If a party wants to seek contractual remedies and enforce the smart contract as a contract under Hong Kong law, that party must satisfy the common law requirements of the existence of a legally binding contract:

  • offer;
  • acceptance;
  • consideration;
  • obligation mutuality
  • competency and capacity; and
  • a written instrument in some cases.

A party who suffers as a result of breach of the terms of a smart contract will be entitled to the same remedies as it would have under “typical” contracts (eg, damages, subject to remoteness and mitigation requirements under common law).

Currently, there is no legislation or case law authority suggesting that developers of blockchain-based networks or the code that runs on these networks may be held responsible for losses that arise through the use of this software on the theory that the developers would be considered “fiduciaries”.

There is currently no legislation which prohibits DeFi platforms from operating in Hong Kong. However, they may be subject to applicable licensing requirements, depending on the context in which DeFi platforms operate.

If the DeFi platforms facilitate trade of security tokens (including matching borrowers and lenders of security tokens), then the DeFi platforms may obtain a Type 1 (dealing in securities) and a Type 7 (providing automated trading services) licence from the SFC. The exchange platform will be placed into the SFC Regulatory Sandbox. However, the SFC does not regulate DeFi platforms that facilitate trade of only non-security tokens.

If the business of the DeFi platform is to make loans, or the DeFi platform advertises itself as one which makes loans, the DeFi platform may be required to obtain a money lender’s licence under the Money Lenders Ordinance (Cap. 163). 

Under Hong Kong law, security interest can only be taken over property. The type of security that can be taken over a particular digital asset will depend on the nature of the digital asset. Hong Kong law recognises four types of consensual security: pledge, contractual lien, equitable charge and mortgage.

Pledges and liens can only be created if it is possible to transfer possession of an asset. Since digital assets cannot be possessed, they cannot be an object of a pledge or lien, regardless if they are security tokens, asset-backed tokens, payment tokens or utility tokens.

  • Security tokens (eg, shares over a company) can be taken by way of charge, similar to how security would be taken over shares.
  • Asset-backed tokens (eg, real estate) can be taken by way of mortgage.
  • Payment tokens/utility tokens, on which the position remains unclear regarding the nature of security interest created.

Tokens as Property

On one hand, these tokens are arguably not “property”. These tokens give no rights to the holder which are enforceable against a third party (ie, these tokens are not “choses in action”), because these tokens are fully decentralised, and are not issued by any central issuing authority. No security interest can therefore be granted over them. 

On the other hand, there are cases in England which clarified that Bitcoins may be “property” (see 2.5 Judicial Decisions and Litigation), which in effect would allow for security to be taken over it. The UK Jurisdiction Taskforce also supports in principle that these tokens are “property”. As English case law and rules of interpretation are of high persuasive value in Hong Kong, it will not be surprising if Hong Kong law and Hong Kong courts adopt the same position as English law.

There are no requirements for a professional investor to transfer a digital asset in which it has invested to a custodian.  Pursuant to the AMLO, subject to certain exemptions a person carrying on a trust or company service in Hong Kong must be licensed by the Companies Registry.  The validity period of such a licence is typically three years and it is necessary for fit and proper persons tests to be passed. See 4.6 Wallet Providers.

Where blockchain-based service providers collect, use or process personal data from data subjects in Hong Kong, the requirements of Personal Data Privacy Ordinance (PDPO) apply.

The PDPO imposes a number of major principles to ensure that the personal data collected by institutions (“data user”, which includes blockchain-based service providers in this context) is properly stored, kept no longer than necessary, and used only for the purpose for which it is collected. Data users are also required to take practical steps to safeguard this personal data from unauthorised use, and to make their personal data policies and practices known to the public.

The DLT White Papers explain some characteristics of DLT that may present challenges under the PDPO:

Accessibility of Some DLT Platforms

All nodes will have equal access to all stored personal data, regardless of whether they need to see the data. In order to comply with Data Protection Principle (DPP) 1, participants of the DLT platform should be informed about how the DLT platform stores its data in any event.

Immutability of Stored Data

As data cannot be amended or erased, this may contravene DPP 2, which requires data to only be stored for no longer than necessary to achieve the data user’s legitimate purposes.

Cross-Border Transfers and Data Localisation

As participants of the DLT platform are from all around the world, data of those participants in the DLT platform may be shared with other participants across the globe. However, the cross-border transfer rules under Section 33(2) of PDPO are not in force, and there is no clarity on when it will be enforced. If in force, DLT platforms will require consent in writing from participants whose data is being transferred, before any transfer of data can happen. 

Data Subject Rights

DPP 6 provides a data subject the right to access and correct his/ her personal data held by a data user. Given the nature of DLT, every block in it is made unalterable. If a data subject wishes to amend such data, a new block can be created and this correction block must be chained with the original block.

See 8.1 Data Privacy.

There are no specific regulations governing the “mining” of cryptocurrencies in Hong Kong and any guidance issued by a Hong Kong governmental body that discourages, restricts or prohibits cryptocurrency mining activities is not known of.

However, mining activities may be regulated in certain circumstances. Where mining is carried out by means of highly industrialised operations, involving the use of numerous application-specific integrated circuit computers, mining closely resembles large-scale data centre operations. Thus, any regulations that apply to other similar applications such as data centres might also be applicable to cryptocurrency mining sites.

In Hong Kong, the development of data centres is encouraged. The Office of the Government Chief Information Officer is responsible for overseeing the facilitation of such development.

Conducting mining activities in a manner akin to operating large-scale data centres may be restricted under the relevant user restrictions in the documents outlined below. These have been analysed in the context of data centres as we consider these to be similar.

Outline Zoning Plans (OZPs)

Under the statutory OZPs prepared by the Town Planning Board (TPB) under the Town Planning Ordinance (Cap. 131) (TPO), data centres fall within "Information Technology and Telecommunications Industries" ("IT&T industries"). 

According to the Master Schedule of Notes adopted by the TPB:

  • IT&T industries are expressly permitted in the following zones:
    1. Commercial;
    2. Industrial;
    3. Other Specified Uses" (OU) annotated as "Business";
    4. OU annotated as "Industrial Estates"; and
    5. OU annotated as "Mixed Use"; and
  • while in "Comprehensive Development Area" zone, "IT&T industries" require planning permission from the TPB.

Government Lease

The terms and conditions of the Government Lease might prohibit the land from being used to mine cryptocurrencies.  To conduct mining legally it would be necessary to obtain a waiver or lease modification from the Lands Department. A special scheme administered by the Lands Department currently permits the conversion from existing industrial buildings in whole or in part for data centre use.

Occupation Permit

The occupation permit of the building provides the permitted use of the building. If data centre constitutes a material change of use, application would need to be made to the Buildings Authority.

Deed of Mutual Covenant (DMC)

A DMC might also restrict the usage of a building. Also, where large-scale mining activities involve mechanical and electrical installations, the owner or the operator of the these installations should engage a Registered Energy Assessor to certify that such installations have complied with the Buildings Energy Efficiency Ordinance (Cap 610).

For the avoidance of doubt, the above rules would only be likely to apply to large-scale cryptocurrency mining operations.

There are no specific regulations governing the “staking” of tokens in Hong Kong. There is no current awareness of any guidance issued by a Hong Kong governmental body that discourages, restricts or prohibits staking of tokens to secure a blockchain-based network using a “Proof of Stake” consensus protocol. In Hong Kong, there are businesses that provide staking services, but as yet no accompanying regulations applicable to such business model. 

DLA Piper Hong Kong

25th Floor
Exchange Square Block 3
8 Connaught Road
Hong Kong

+852 2103 0808

+852 2310 1345
Author Business Card

Law and Practice


DLA Piper LLP has been active in Greater China for over 30 years. The firm's Greater China group comprises a team of over 180 fee earners located in three integrated offices in Beijing, Hong Kong and Shanghai, making DLA Piper one of the largest international law firms in the region. The firm's lawyers all have a solid understanding of the local laws and regulations of both Hong Kong and the People’s Republic of China (PRC), and a thorough appreciation of the local business style and approach. The team also has extensive experience guiding clients expanding and operating in Macau and Taiwan. DLA Piper is a market leader in providing legal services to fintech clients. The fintech team brings together the vast and synergistic skill sets of the firm's finance and intellectual property and technology teams to holistically service fintech clients through both a traditional finance perspective and with regard to cutting-edge technology deployment.

Compare law and practice by selecting locations and topic(s)


Select Topic(s)

loading ...

Please select at least one chapter and one topic to use the compare functionality.