Hong Kong Virtual Asset Trading Platform Operators Licensing Regime: Final VATP Requirements and Key Onboarding Requirements

Finally, the Hong Kong Securities and Futures Commission (HKSFC) has published its Consultation Conclusions on the Proposed Regulatory Requirements for Virtual Asset Trading Platform Operators (Platform Operators) (Consultation Conclusions) and the final Guidelines for Virtual Asset Trading Platform Operators (VATP Guidelines) on 23 May 2023.

PLEASE NOTE THAT THE VATP GUIDELINES WILL BECOME EFFECTIVE ON 1 JUNE 2023.

Following on from our previous posts, below is a snapshot of the HKSFC’s responses in the Consultation Conclusions and changes to the VATP Guidelines for your reference:

^ Reference is made to the pages and chapters in the VATP Guidelines appearing as Appendix A to the Consultation Conclusions.

As amendments relating to the onboarding requirements for clients (Clients) and products (Products) of Platform Operators were made, we have also summarized the VATP Guidelines in this post.

ONBOARDING REQUIREMENTS

For the Platform to operate, it must be capable of onboarding Clients who pays for the use of the Platform and Products that are onboarded onto the Platform to be traded. Under the VATP Guidelines, the Platform Operators are imposed prescriptive guidance as to who, how, what and when Clients and/or Products can be onboarded to the Platform.

1. Clients

At the outset, the VATP Guidelines obligate the Platform Operator to ensure that (x) any representations made and information provided to Clients are accurate and not misleading and (y) invitations and advertisements in respect of its services do not contain information that is false, disparaging, misleading or deceptive. These require the establishment of an elaborate control system in preparing, vetting and dispatching client-facing marketing and communication materials (whether posted on or off the Platform and/or website) to ensure that such materials are factual, fair and balanced.

a. Know Your Client: A Platform Operator is expected to take all reasonable steps to establish the true and full identity of each of its Clients. Except for institutional professional investors and qualified corporate professional investors, each Client’s financial situation (including the Client’s net worth), investment experience and investment objectives. This long-standing requirement is similar to client onboarding requirements prevailing in the traditional financial market services.

b. Access to Trading Services: A Platform Operator is expected to ensure that its services and marketing activities are only provided/conducted in jurisdictions permitting the trading of VAs on its Platform. To this end, the Platform Operator should establish and implement measures including (x) the creation of a list of prohibited prospective clients banned from trading on the Platform (for example, through checking the IP addresses and blocking the prospective client) and (y) implementing appropriate measures to detect and prevent persons attempting to circumvent a ban on trading VA in certain jurisdictions (for example, by masking their IP addresses) from accessing its services.

c. Training: Except for institutional professional investors and qualified corporate professional investors, the Platform Operator is required to conduct knowledge assessments on prospective clients. In particular, a Platform Operator is required to ensure that the Client has sufficient knowledge of VA, including knowledge of their risks, before providing any services to the Client. Failure to pass the assessment necessitates the Platform Operator to provide adequate training to the prospective client prior to opening an account for the prospective Client to access its services.

d. Suitability: Notably, the existing guidance on when and how suitability obligations are triggered and what is expected of intermediaries (including Platform Operators) are identical. For example, except for institutional and qualified corporate professional investors, the performance of an assessment of the Client’s risk tolerance level and risk profile to determine the Client’s suitability for participation in trading of VAs is imposed upon the Platform Operator. Further, considering the Client’s financial situation and personal circumstances (i.e. overall holdings in VA held with the Platform Operator or otherwise), the Platform should set a limit to the Client’s exposure to VAs, notify the Client of the assigned limit and review this limit regularly to ensure that it remains reasonable and appropriate. The Platform Operator should act diligently and carefully in providing advice and recommendations that are based on thorough analysis having considered available alternatives. If orders in VAs are placed directly on the Platform without any solicitation or recommendation made by the Platform Operator, compliance with suitability obligations under paragraphs 9.21 and 9.22 of the VATP Guidelines for such transactions is not required.

e. Client Agreement: Finally, before trading services are provided to the Client, a Platform Operator should enter into a written client agreement including the following provisions:

(i) the full name and address of the Client as verified by a retained copy of the identity card, relevant sections of the passport, business registration certificate, corporation documents, or any other official document which uniquely identifies the Client;

(ii) the full name and address of the Platform Operator’s business including the Platform Operator’s licensing status with the HKSFC and the CE number;

(iii) undertakings by the Platform Operator and the Client to notify the other in the event of any material change to the relevant information provided in the Client agreement;

(iv) a description of the nature of services to be provided to or available to the Client;

(v) a description of any remuneration (and the basis for payment) that is to be paid by the Client to the Platform Operator; and

(vi) the risk disclosure statements¹ and requisite contractual clause as specified in the VATP Guidelines.

2. Products

Adopting a cautious approach while permitting retail Client participation in the trading of VAs, the Product onboarding process specifically requires adherence to governance protocols through the establishment of the Committee and detailed due diligence to be performed by Platform Operators prior to admitting a VA onto the Platform.

a. Token admission and review committee: The Platform Operator should or is responsible for:

(i) setting up a function responsible for establishing, implementing and enforcing the criteria for admitting a VA (Token Admission Criteria). Please refer to the section titled “Due diligence” below for further details.

(ii) monitoring all admitted VAs to ensure that they continue to satisfy the Token Admission Criteria and establishing, implementing and enforcing the criteria for suspending or withdrawing a VA from trading (Cease Trading Criteria), along with the options available to Clients holding such VA.

(iii) making the final decision as to whether to admit, suspend and withdraw a VA for Clients to trade based on the Cease Trading Criteria.

(iv) establishing, implementing and enforcing the rules (Rules) which set out the obligations of and restrictions on VA issuers (for example, the obligation to notify the Platform Operator of any proposed voting, hard fork or airdrop, any material change in the issuer’s business or any regulatory action taken against the issuer), if applicable.

(v) reviewing regularly the Token Admission Criteria, Cease Trading Criteria (together, Criteria) and Rules mentioned under subparagraphs (i), (ii) and (iv) above to ensure they remain appropriate.

b. Due diligence: A Platform Operator should perform reasonable due diligence on all VAs before admitting them for trading and on an ongoing basis to ensure that the VAs continue to satisfy the Token Admission Criteria.

1. General Token Admission Criteria – The HKSFC outlined a non-exhaustive factors list for Platform Operators to consider when admitting VAs for trading. Some of the key factors² include, without limitation:

(i) the market and governance risks of a VA;

(ii) the legal risks associated with the VA and its issuer (where applicable);

(iii) whether the utility offered, the novel use cases facilitated, technical, structural or cryptoeconomic innovation, or the administrative control exhibited by the VA clearly appears to be fraudulent or illegal, or whether the continued viability of the VA depends on attracting continuous inflow into the VA;

(iv) the enforceability of any rights extrinsic to the VA (for example, rights to any underlying assets) and the potential impact of the VA’s trading activity on the underlying markets; and

(v) the money laundering and terrorist financing risks associated with the VA.

2. Special Token Admission Criteria – This additional requirement applies to VAs made available to retail clients.

At the outset, a Platform Operator should take reasonable steps to ensure that the VA (x) does not fall within the definition of “securities” under the SFO, unless the offering of such VA complies with the prospectus requirements for offering of shares and debentures under the Companies (Winding Up and Miscellaneous Provisions) Ordinance (Cap. 32 of the Laws of Hong Kong) and does not breach the restrictions on offers of investments under Part IV of the SFO; and (y) is of high liquidity.

The Platform Operator must, at a minimum, ensure that the VA is an eligible large-cap VA before assessing the liquidity of a specific VA for trading by retail Clients.

3. Other reasonable due diligence – The HKSFC specifically stated that Platform Operators (x) should ensure that their own internal controls, systems and technology and infrastructure could support and manage VA-specific risks and (y) are expected to conduct smart contract audits focusing on reviewing that the smart contract layer is not subject to any contract vulnerabilities or security flaws to a high level of confidence, subject to such audit being conducted by an independent assessor engaged by a third party demonstrated to be reliable.

c. Ongoing monitoring: A Platform Operator should conduct ongoing monitoring of each VA onboarded for trading and continued trading on its Platform. The Platform Operator is expected to keep track of any changes to a VA’s legal status to change by virtue of being admitted to the Platform for trading.

(i) Should a Platform Operator decide to suspend or withdraw a VA from trading, the Platform Operator should as soon as practicable notify Clients of its decision and its rationale, inform Clients holding that VA of the options available and ensure that Clients are treated fairly.

(ii) Should a VA traded by retail Clients subsequently falls within the definition of “securities” under the SFO, the Platform Operator should cease to offer that VA for trading by retail Clients.

SIDLEY’S INSIGHT

1. Can/Should training lead to accessibility to the Platform?

Relative to the prescriptive Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (For Licensed Corporations and SFC-licensed Virtual Asset Service Providers) (AML Guideline), the onboarding requirements relating to Clients appear relatively aligned with the HKSFC’s published guidance applicable to existing asset classes in the financial markets, with the exceptions where Platform Operators are to:

• create a list of prohibited prospective clients that are to be banned from trading on the Platform; and
• provide training to prospective clients that failed to pass the knowledge assessment.

The HKSFC did not elaborate on whether the prohibited prospective client list to be created will need to be published or shared with the regulator (locally or elsewhere) nor how the HKSFC will deal with non-compliance of the prohibition. For example, in the event of any changes in the onboarded Clients’ eligibility status to trade on the Platform, are Platform Operators expected to immediately terminate the onboarded Client’s access to the Platform? Further, with regards to the provision of training to prospective clients, must these trainings be provided by an independent third party? Would the training materials need to be submitted for pre-vetting by the HKSFC? And, would prospective clients be expected to re-sit the assessment and to have passed before Platform Operators may onboard the prospective clients?

2. Would the relaxing of Specific Token Admission Criteria translate to greater diversity of VAs being offered to retail Clients?

Having assumed expectations of financial market intermediaries that Hong Kong will introduce the most comprehensive suite of regulations that balance investor protection and promote the development of VA as a new asset class, the introduction of the Committee reflects the HKSFC’s cautious venture into this newfound land.

The requisite Committee is tasked with establishing, implementing and enforcing the Token Admission Criteria, the Cease Trading Criteria and the Rules for the introduction of VA to the retail public. Following relaxation of the determination as to what is an eligible large-cap VA, the greater flexibility may translate into a level of ambiguity resulting in Platform Operators being more inclined to seek the HKSFC’s views and pre-vetting of a VA for admission onto the Platform.

Therefore, though the HKSFC has relaxed the selection criteria seemingly with regards to the Specific Token Admission Criteria, the fallback position may remain to be an obstacle for the introduction of a wide-ranging suite of Products that will be accessible to retail Clients.

The HKSFC should be applauded for its efficiency in processing 152 responses within seven weeks of the closure of the consultation period of the consultation paper and for maintaining its firm conviction to opening the opportunity for VA trading to be made available to retail Clients. This is sound evidence of the HKSFC’s adherence to its mission statement to strive to strengthen and protect the integrity and soundness of Hong Kong’s securities and futures (as well as VA) markets for the benefit of investors and the industry.

The updated draft AML Guideline has also been revised by the HKSFC. Please see here for Sidley’s analysis.

¹ Mandatory risk disclosure statements have been included in Schedule 2 of the final VATP Guidelines.
² Except as underlined herein, the factors below appear originally in the Terms and Conditions for VA Trading Platform Operators issued by the HKSFC on 10 December 2020. (q) the background of the management or development team of a VA or any of its known key members (if any); (r) the regulatory status of a VA in Hong Kong and whether its regulatory status would also affect the regulatory obligations of the Platform Operator; (s) the supply, demand, maturity and liquidity of a VA, including its track record, where the VA (except for a security token) should be issued for at least 12 months; (t) the technical aspects of a VA; and (u) the development of a VA. However, the highlighted factors appearing in the body text are reflective of the HKSFC’s views post the collapse of the world’s second largest VA exchange as of November 2022 – FTX.
³ One of the indices should be issued by an index provider which (i) complies with the IOSCO Principles for Financial Benchmarks and (ii) has issued an index tracked by an SFC-authorised index fund preferably to demonstrate that it has experience in publishing indices for traditional non-VA financial market.
⁴ The index should be (i) investible (constituent VAs are sufficiently liquid) and (ii) be objectively calculated and rules based. The index provider should possess the necessary expertise and technical resources to construct, maintain and review the methodology and rules of the index that are well documented, consistent and transparent.