{"id":29126,"date":"2023-12-20T13:20:07","date_gmt":"2023-12-20T13:20:07","guid":{"rendered":"https:\/\/prelive-tdw.visibleone.app\/insight-and-news\/the-regulatory-framework-for-security-token-offerings-in-hong-kong\/"},"modified":"2025-11-14T11:00:38","modified_gmt":"2025-11-14T11:00:38","slug":"the-regulatory-framework-for-security-token-offerings-in-hong-kong","status":"publish","type":"insight-and-news","link":"https:\/\/www.tannerdewitt.com\/zh-hant\/insight-and-news\/the-regulatory-framework-for-security-token-offerings-in-hong-kong\/","title":{"rendered":"The regulatory framework for security token offerings in Hong Kong"},"content":{"rendered":"\n    \n\n<div style=\"background-image:url('https:\/\/www.tannerdewitt.com\/wp-content\/themes\/tanner-de-witt\/images\/insightdetails.jpeg')\"\n    class=\"insight-news-detail-hero\" id=\"insight-news-detail-hero\">\n\n\t\t<div style=\"background-color:\" class=\"insight-news-detail-hero-overlay \"><\/div>\n            <div class=\"z-[0]\">\n                <div class=\"insight-news-breadcrumbs flex items-end practice-areas-featured-breadcrumbs \">\n                    <a class=\"page-link no-underline\" href=\"https:\/\/www.tannerdewitt.com\/zh-hant\/\">Home<\/a>                <\/div>\n\n\n                <div class=\"hero-title\">\n                    <h1>\n                        The regulatory framework for security token offerings in Hong Kong                    <\/h1>\n                <\/div>\n                \n                    <div style=\"\" class=\"hero-date \">\n\n                        <span class=\"month\">Dec<\/span>\n                        <span class=\"day\">20<\/span>\n                        <span class=\"year\">2023<\/span>\n                    <\/div>\n\n            <\/div>\n    \n\n    \n\n\n\n<\/div>\n\n\n\n<script >\n    (function () {\n        document.addEventListener(\"DOMContentLoaded\", () => {\n\n            const breadCrumbsContainer = Array.from(document.querySelectorAll(\".practice-areas-featured-breadcrumbs\"));\n\n            breadCrumbsContainer.forEach(container => {\n                const breadCrumbLinks = Array.from(container.querySelectorAll('.page-link'));\n                const breadCrumbSeperators = Array.from(container.querySelectorAll('.separator'));\n\n                if (Array.from(breadCrumbLinks).length === 1) {\n                    const homeNode = breadCrumbLinks[0];\n\n                    if (!homeNode) {\n                        return\n                    }\n\n                    const postTypeNode = homeNode.cloneNode(true);\n                    postTypeNode.textContent = \"Insights and News\";\n                    container.insertAdjacentHTML('beforeend', `<span class=\"separator practice-areas-featured-breadcrumb-item-slash\">\/<\/span>`)\n                    container.insertAdjacentElement('beforeend', postTypeNode)\n                    breadCrumbLinks.push(postTypeNode);\n\n                    if (\"Insights\") {\n                        const categoryNode = homeNode.cloneNode(true);\n\n                        categoryNode.textContent = \"Insights\";\n                        container.insertAdjacentHTML('beforeend', `<span class=\"separator practice-areas-featured-breadcrumb-item-slash\">\/<\/span>`)\n                        container.insertAdjacentElement('beforeend', categoryNode)\n                        breadCrumbLinks.push(categoryNode);\n                    }\n\n\n                    const titleNode = homeNode.cloneNode(true);\n\n                    titleNode.textContent = \"The regulatory framework for security token offerings in Hong Kong\";\n                    container.insertAdjacentHTML('beforeend', `<span class=\"separator practice-areas-featured-breadcrumb-item-slash\">\/<\/span>`)\n                    container.insertAdjacentElement('beforeend', titleNode)\n                    breadCrumbLinks.push(titleNode);\n\n\n\n\n                }\n\n                breadCrumbLinks.forEach((link, index) => {\n\n                    link.classList.add('practice-areas-featured-breadcrumb-item-name');\n                    const origin = window.location.origin;\n                    const href = window.location.href;\n\n                    const originSplitter = window.location.href.includes(\"insight-and-news\") ? \"insight-and-news\" : window.location.href.includes('insights-and-news') ? \"insights-and-news\" : \"\"\n\n                    const paths = href.split(originSplitter);\n                    const links = paths[1].split(\"\/\").filter(Boolean)\n\n\n                    const resolvedOrigin = originSplitter ? (href.split(originSplitter)[0] || \"\") : (origin + \"\/\")\n\n                    if (index === 0) {\n\n                        if (!originSplitter) {\n                            link.href = origin\n                        } else {\n                            link.href = resolvedOrigin;\n                        }\n\n\n                    } else if (index === 1) {\n                        link.href = resolvedOrigin + originSplitter\n\n                    }\n                    else if (index === 2) {\n                        console.log(links)\n                        link.href = resolvedOrigin + originSplitter + \"\/\" + (links[0] || \"\")\n                    }\n                    else if (index === 3) {\n\n                        link.href = resolvedOrigin + originSplitter + \"\/\" + (links[0] || \"\") + \"\/\" + (links[1] || \"\")\n\n                    }\n\n\n\n                    \/\/ const words = link.textContent.split(\" \")\n                    \/\/ if (words.length > 4) {\n                    \/\/     link.textContent = words.slice(0, 4).join(\" \") + \"...\"\n                    \/\/ }\n\n                })\n\n                breadCrumbSeperators.forEach(separator => {\n                    separator.textContent = \"\/\"\n                    separator.classList.add('practice-areas-featured-breadcrumb-item-slash')\n                });\n\n\n            })\n\n\n        })\n        removeDivTag()\n    })();\n\n    function removeDivTag() {\n        console.log(\"remasfljas\");\n        const editorContainer = document.querySelector(\".editor-wysiwyg\");\n        \/\/ editorContainer.innerText = editorContainer.innerText.replace(\"<\/div>\", \"\")\n        Array.from(editorContainer.childNodes).forEach(el => {\n            if (el.textContent.includes(\"<\/div>\")) {\n                el.textContent = \"\"\n            }\n        })\n    }\n<\/script>\n<div class=\"editor-wysiwyg my-[40px]\">\n<div class=\"single-section\"><div class=\"single-section\">\n<p>On 2 November 2023, the Securities and Futures Commission (SFC) published two circulars that outlined and updated regulatory framework for security token offerings in Hong Kong. In this article, <a href=\"https:\/\/www.tannerdewitt.com\/our-people\/padraig-walsh\/\">P\u00e1draig Walsh<\/a>, who leads our <a href=\"https:\/\/www.tannerdewitt.com\/practice-areas\/digital-services\/\">Fintech<\/a> practice group, summarises the key points of these circulars and explores what they mean for the STO landscape in Hong Kong.<\/p>\n<p><strong>Developing the STO landscape in Hong Kong<\/strong><\/p>\n<p>The Hong Kong government is pursuing a policy of encouraging Web 3 development in Hong Kong. This includes creating a robust, clear and sound regulatory environment for trading and other activities in respect of virtual assets.<\/p>\n<p>There are significant potential benefits to tokenisation of financial and real world assets. These include increasing the efficiency of the market, enhancing transparency, reducing settlement time and lowering costs compared to traditional finance. In the medium to long term tokenisation should lead to increased liquidity in markets, increased market depth, disintermediation and simpler transaction structures as well as improved access to more financial products.<\/p>\n<p>These are potential benefits that are not yet fully realised. The recent regulatory developments are targeted at creating a stable and certain framework in which regulated market participants can innovate and develop tokenised financial products, and bring them to investors \u2013 including retail investors.<\/p>\n<p>The position before was broadly that only primary issuance to professional investors of tokenised securities was permitted, and tokenised securities would be regarded as complex products. This has now changed.<\/p>\n<p><strong>Intermediaries and tokenised securities<\/strong><\/p>\n<p>The <a href=\"https:\/\/apps.sfc.hk\/edistributionWeb\/gateway\/EN\/circular\/doc?refNo=23EC52\" target=\"_blank\" rel=\"noopener\">first circular<\/a> generally addresses the updated regulatory approach for intermediaries engaging in tokenised securities-related activities.<\/p>\n<p>The circular characterises tokenised securities as traditional financial instruments such as bonds or funds which use distributed ledger technology in their security lifecycle. These are fundamentally traditional securities with a tokenisation wrapper.<\/p>\n<p>The regulatory approach adopted by the SFC for tokenised securities has two elements. The SFC has confirmed that existing regulatory requirements continue to apply.\u00a0 So, the prospectus and investment public offering regimes will apply to tokenised securities. Regulated intermediaries engaged in regulated activities related to tokenised securities must fulfil existing conduct requirements for securities-related activities. The SFC has also outlined additional measures that must be met. These measures address risks that specifically arise from tokenisation. These additional measures are summarised below.<\/p>\n<p>The distribution and marketing of a tokenised security is no longer subject to a restriction that it must only be offered to professional investors, though the requirements of the public offering regime in Hong Kong will still apply. In other words, the requirements of the prospectus and investment public offering regimes will apply to public offerings of tokenised securities to the public of Hong Kong. The tokenised security will only be characterised as a complex product if the underlying financial instrument is itself a complex product.<\/p>\n<p>Tokenised securities will not count towards the calculation of the \u201cde minimis threshold\u201d that triggers special terms and conditions to apply to fund managers managing portfolios that include virtual assets. Also, for licensed virtual asset trading platforms (VATPs), the SFC will consider, on application by a VATP, to exclude certain tokenised securities from the required compensation coverage a VATP must have for its clients.<\/p>\n<p>These points are all good examples of the SFC\u2019s principle of same business, same risk, same regulation.<\/p>\n<p>Tokenised securities can be distinguished from other structured, customised or even native digital securities. The SFC referenced examples such as tokenisation of fractionalised interests in real world or digital assets such as artwork or land. These forms of digital securities cannot be offered to retail investors in breach of the public offering regimes in Hong Kong, and will be regarded as complex products. In general, the SFC will require appropriate additional internal controls to address the specific risks and the unique nature of these forms of digital security.<\/p>\n<p>The SFC has indicated a strong preference for using permissioned distributed ledger technology (DLT) networks, whether public or private. The SFC stopped short of expressly rejecting all public permissionless networks. However, the SFC noted heightened cybersecurity risk, lower investor protection, difficulty in tracing investor assets and higher risk of money laundering associated with public permissionless networks. Additionally, the SFC has set out a number of additional considerations on custodial arrangements for bearer-form tokenised securities using permissionless tokens on public-permissionless networks. Those considerations start with the immobilisation of the tokenised security with central custody. Using permissioned networks appears to be the regulatory path forward.<\/p>\n<p><strong>Additional measures to address new risks<\/strong><\/p>\n<p>The key new risks of tokenised securities identified by the SFC are:<\/p>\n<p>(a) <em>ownership risks<\/em>: how ownership interest relating to tokenised securities is transferred and recorded.<\/p>\n<p>(b) <em>technology risks<\/em>: forking, blockchain network outages and cybersecurity risks.<\/p>\n<p>The additional measures required by the SFC address these risks extensively. These include:<\/p>\n<p>1. Intermediaries must have the necessary manpower and expertise to understand, and must manage, the new risks posed by tokenised securities relating to ownership and technology.<\/p>\n<p>2.\u00a0Intermediaries should include due diligence on the technology aspects of the tokenised securities as part of its due diligence on the financial product.<\/p>\n<p>3.\u00a0If intermediaries are involved in the token issuance, then they are and remain responsible for the overall operation of the tokenisation arrangement notwithstanding any outsourcing arrangement.<\/p>\n<p>4.\u00a0Dealers, advisers and fund managers investing in tokenised securities should conduct due diligence on the issuers and their third-party vendors\/service providers involved in the tokenisation arrangement, as well as the features and risks of the tokenisation arrangement. They should also be satisfied with the controls implemented by the issuers and their third-party vendors\/service providers, before engaging in the tokenisation arrangement.<\/p>\n<p>5.\u00a0Intermediaries must take into account prescribed factors outlined by the SFC, including:<\/p>\n<p>(a)\u00a0the experience and track record of the third-party vendor(s)\/service provider(s) used in the tokenisation arrangement;<\/p>\n<p>(b)\u00a0the technical aspects of the tokenised securities, including smart contract deployment, the robustness of the DLT network, inter-operability issues, and controls relating to private key management, risk of theft, fraud, errors and omissions, and cybersecurity risk;<\/p>\n<p>(c)\u00a0the legal and regulatory status of the tokenised securities, including the legal position on settlement finality, enforceability, and regulatory approval requirements;<\/p>\n<p>(d)\u00a0business continuity planning;<\/p>\n<p>(e)\u00a0data privacy management;<\/p>\n<p>(f)\u00a0money laundering and terrorist financing risks; and<\/p>\n<p>(g)\u00a0appropriate custodial arrangements to manage ownership and technology risks.<\/p>\n<p>6.\u00a0Intermediaries should make adequate clear disclosure to clients of relevant material information specific to tokenised securities. This should include information on:<\/p>\n<p>(a)\u00a0whether off-chain or on-chain settlement is final;<\/p>\n<p>(b)\u00a0limitations imposed on transfers of the tokenised securities;<\/p>\n<p>(c)\u00a0whether a smart contract audit has been conducted;<\/p>\n<p>(d)\u00a0key administrative controls;<\/p>\n<p>(e)\u00a0business continuity planning for DLT-related events; and<\/p>\n<p>(f)\u00a0custodial arrangement.<\/p>\n<p>7.\u00a0Intermediaries must notify the SFC before starting any activities in respect of tokenised securities.<\/p>\n<p><strong>Tokenisation of SFC authorised investment products<\/strong><\/p>\n<p>The <a href=\"https:\/\/apps.sfc.hk\/edistributionWeb\/gateway\/EN\/circular\/doc?refNo=23EC53\" target=\"_blank\" rel=\"noopener\">second circular<\/a> addressed the requirements for authorisation by the SFC for the tokenisation of investment products.<\/p>\n<p>The key change is that the SFC will now allow primary dealing of tokenised SFC-authorised investment products, as long as the underlying product can meet the usual product authorisation requirements and additional safeguards relating to the tokenisation arrangement prescribed by the SFC. The additional requirements are:<\/p>\n<p>1.\u00a0Product providers will remain ultimately responsible for the management and operation of the tokenisation arrangement. This includes ensuring a proper record keeping of ownership interests is maintained, and that the tokenisation arrangement is operationally compatible with service providers involved.<\/p>\n<p>2.\u00a0Product providers must manage and mitigate cybersecurity risks, data privacy, system outages and recovery, and have a comprehensive and robust business continuity plan.<\/p>\n<p>3.\u00a0Product providers must not use public-permissionless blockchain networks without additional and proper controls.<\/p>\n<p>4.\u00a0Product providers must confirm and be able to demonstrate to the SFC the management and operational soundness of the tokenisation arrangement, record keeping of ownership and the integrity of the smart contracts. The SFC may request product providers to obtain and produce third party audit or verification in this regard.<\/p>\n<p>5.\u00a0The SFC may request product providers to obtain satisfactory legal opinion to support its application.<\/p>\n<p>6.\u00a0The offering documents must have clear disclosures on the tokenisation arrangement, whether off-chain or on-chain settlement is final, the nature of ownership interest represented by the tokens, and all relevant associated risks with the tokenisation arrangement.<\/p>\n<p>7. Distributors must be regulated intermediaries such as SFC-licensed corporations or registered institutions, and must comply with applicable requirements such as client onboarding requirements and investor suitability assessments.<\/p>\n<p>8. Product providers should confirm to the SFC that they have at least one competent staff with relevant experience and expertise to operate and supervise the tokenisation arrangement, and to manage the ownership and technology risks arising from the tokenisation arrangement.<\/p>\n<p>9. Product providers must consult with the SFC for existing or new investment products that have tokenisation features.<\/p>\n<p>This is a good example of the \u201csame product, same risk, same regulation\u201d principle adopted by the SFC, and is a welcome advance in the regulatory framework.<\/p>\n<p>Different considerations arise though for secondary trading of tokenised SFC-authorised investment products. The SFC believes secondary trading activities need more consideration to ensure the regulatory framework can provide the appropriate level of investor protection. Basically, there are different risks, so the approach to regulation will need to be different. The SFC will consult with the industry in future to assess the response to its plans in this regard.<\/p>\n<p><strong>Conclusion<\/strong><\/p>\n<p>Security token offerings have taken another step forward in Hong Kong. There is much to welcome in these regulatory developments. Traditional financial products such as bonds and funds can now be wrapped with a tokenisation layer and offered to retail investors, without automatically being considered a complex product. This is an advance and brings the benefits of tokenisation to the market. The additional regulatory requirements focus only on the new risks associated with tokenisation technology and token ownership management. This liberalisation marks an advance and holds out the hope that market participants will be encouraged to adopt common standards and bring products and liquidity to the markets.<\/p>\n<p>There are those who wished for more liberalisation. The SFC has characterised tokenised securities narrowly. Digital securities that are more complex or digitally native will not easily fit within this regulatory framework, and will still be considered complex products available only to professional investors. Secondary trading of tokenised investment products is not yet authorised by the SFC.<\/p>\n<p>The changes reflected in these circulars are consistent with the pragmatic approach of the SFC. The SFC has gradually opened more virtual asset and digital security activities to the market as the SFC and market participants gain more experience. This is still a comparatively new asset class.<\/p>\n<p>We might not yet be able to tokenise the world. However, here in Hong Kong, we can tokenise bonds and fund interests.<\/p>\n<p class=\"has-text-align-right\"><strong><em>P\u00e1draig Walsh<\/em><\/strong><\/p>\n<p>If you want to know more about the content of this article, please contact:<\/p>\n<p><a href=\"https:\/\/www.tannerdewitt.com\/our-people\/padraig-walsh\/\">P\u00e1draig Walsh<\/a><\/p>\n<p>Partner | <a href=\"mailto:padraigwalsh@tannerdewitt.com\">padraigwalsh@tannerdewitt.com<\/a><\/p>\n<p><em>Disclaimer: This publication is general in nature and is not intended to constitute legal advice. You should seek professional advice before taking any action in relation to the matters dealt with in this publication. This article was last updated<\/em> <em>on 20 December 2023<\/em>.<\/p>\n<p><\/p>\n\n<\/div><\/div>\n\n<\/div>\n\n\n\n\n<\/div>","protected":false},"excerpt":{"rendered":"<p>On 2 November 2023, the Securities and Futures Commission (SFC) published two circulars that outlined and updated regulatory framework for security token offerings in Hong Kong. In this article, P\u00e1draig Walsh, who leads our Fintech practice group, summarises the key points of these circulars and explores what they mean for the STO landscape in Hong [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"template":"","meta":{"_acf_changed":false,"footnotes":""},"tags":[],"insight-category":[1121],"insight-month":[1148],"insight-practice-area":[1142],"insight-year":[1161],"class_list":["post-29126","insight-and-news","type-insight-and-news","status-publish","hentry","insight-category-legal-updates-and-insights","insight-month-december","insight-practice-area-technology-media-and-telecommunications-tmt","insight-year-1161"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/insight-and-news\/29126","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/insight-and-news"}],"about":[{"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/types\/insight-and-news"}],"author":[{"embeddable":true,"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/users\/1"}],"version-history":[{"count":1,"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/insight-and-news\/29126\/revisions"}],"predecessor-version":[{"id":30346,"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/insight-and-news\/29126\/revisions\/30346"}],"wp:attachment":[{"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/media?parent=29126"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/tags?post=29126"},{"taxonomy":"insight-category","embeddable":true,"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/insight-category?post=29126"},{"taxonomy":"insight-month","embeddable":true,"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/insight-month?post=29126"},{"taxonomy":"insight-practice-area","embeddable":true,"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/insight-practice-area?post=29126"},{"taxonomy":"insight-year","embeddable":true,"href":"https:\/\/www.tannerdewitt.com\/zh-hant\/wp-json\/wp\/v2\/insight-year?post=29126"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}