- Topic
3k Popularity
3k Popularity
16k Popularity
172 Popularity
42k Popularity
9k Popularity
17k Popularity
6k Popularity
3k Popularity
111k Popularity
- Pin
- 🚨 Gate Alpha Ambassador Recruitment is Now Open!
📣 We’re looking for passionate Web3 creators and community promoters
🚀 Join us as a Gate Alpha Ambassador to help build our brand and promote high-potential early-stage on-chain assets
🎁 Earn up to 100U per task
💰 Top contributors can earn up to 1000U per month
🛠 Flexible collaboration with full support
Apply now 👉 https://www.gate.com/questionnaire/6888
- 🔥 Gate Square #Gate Alpha Third Points Carnival# Trading Sharing Event - 5 Days Left!
Share Alpha trading screenshots with #Gate Alpha Trading Share# to split $100!
🎁 10 lucky users * 10 USDT each
📅 July 4, 4:00 – July 20, 16:00 UTC+8
Gate Alpha 3rd Points Carnival Issue 10 is in full swing!
Trade and post for double the chances to win!
Learn more: https://www.gate.com/campaigns/1522alpha?pid=KOL&ch=5J261cdf
- 🎉 [Gate 30 Million Milestone] Share Your Gate Moment & Win Exclusive Gifts!
Gate has surpassed 30M users worldwide — not just a number, but a journey we've built together.
Remember the thrill of opening your first account, or the Gate merch that’s been part of your daily life?
📸 Join the #MyGateMoment# campaign!
Share your story on Gate Square, and embrace the next 30 million together!
✅ How to Participate:
1️⃣ Post a photo or video with Gate elements
2️⃣ Add #MyGateMoment# and share your story, wishes, or thoughts
3️⃣ Share your post on Twitter (X) — top 10 views will get extra rewards!
👉
Hong Kong Compliance Virtual Asset Trading: New Challenges in Asset Custody and Wallet Management
The Core of Compliance in Virtual Asset Trading in Hong Kong: Secure Wallet Management and Asset Accomplice
Recently, two virtual digital asset exchanges in Hong Kong obtained the virtual asset service provider license approved by the Hong Kong Securities and Futures Commission, officially announcing that they can provide virtual asset trading services to retail investors in Hong Kong. This means that retail investors in Hong Kong only need to register with these two exchanges to directly purchase virtual assets such as Bitcoin and Ethereum. This move undoubtedly injects a strong boost to the position and layout of compliance exchanges in the virtual asset field.
Since October last year, Hong Kong regulators have released a series of measures regarding virtual asset trading. Starting from June 1 this year, more virtual asset exchanges can officially apply to the Hong Kong Securities and Futures Commission for a Compliance virtual asset exchange license.
In such a policy environment, many exchanges hope to apply for licenses in Hong Kong to become compliant centralized exchanges. A certain virtual asset trading platform also plans to formally submit an application to the Securities and Futures Commission by the end of this year, providing value-added services for more practitioners and investors from traditional finance and the Web3 world.
So, what are the specific requirements of the Hong Kong Securities and Futures Commission for centralized exchanges? Apart from a complete set of processes in legal documents, what are the special technical configuration requirements?
In fact, the current compliance trading regulatory framework in Hong Kong has very high technical requirements for exchanges in terms of software and hardware compliance. There are some international vendors that provide various technical services for these exchanges under the compliance framework. Among them, the custody of client assets is a core area and is also the aspect that the Hong Kong Securities and Futures Commission is most concerned about.
Differences in Asset Custody Between Traditional Finance and Virtual Asset Exchanges
In the traditional financial system, users usually purchase stocks through brokers. From the user experience perspective, it seems that funds are deposited into the broker's account, and the broker conducts stock trading and stores them in the account under the user's name.
However, in reality, users' funds are not stored in the brokerage account, because the brokerage, as a non-bank institution, cannot directly hold client funds. Users' funds are actually stored in banks. The bank has a large account for the brokerage, which contains multiple small accounts to hold users' funds. Therefore, the brokerage, as the custodian of users' funds, cannot truly mobilize users' funds. The bank will "act as a gatekeeper," confirming that the brokerage has received client instructions before allowing it to withdraw the deposited funds on behalf of the client.
Overall, assets such as stocks and bonds in the traditional financial world are held in highly centralized institutions with very high security guarantees. These institutions have comprehensive security protections in terms of software and hardware, including network and internal controls. Securities service providers essentially only assist clients in the custody management process, backed by large financial institutions that have undergone multiple generations of technological updates to custody and protect assets for users. This is also why people feel very secure in traditional financial transactions.
Under the compliance virtual asset trading framework in Hong Kong, the asset custody for users is significantly different. Hong Kong's regulatory requirements for compliant virtual asset trading require exchanges to take on roles similar to banks, with customers' virtual assets directly held in the exchange's cold Wallet. This essentially requires the functions of various traditional financial custody systems, such as banking and custody, to be centralized within the compliant exchange entity, which is responsible for customer assets. Therefore, for any compliant exchange, the required hardware and software technology standards far exceed those of brokerage firms, approaching bank levels, while also needing to incorporate cryptographic dimensions.
Security Issues in the Virtual Asset Trading Field
From a security perspective, blockchain can be simply divided into on-chain and off-chain. On-chain smart contracts are programs that execute automatically after preset conditions are met, and they may face various hacker attacks, exploiting vulnerabilities in smart contracts for fund transfers or leaks, etc. Off-chain is a system engineering of security capability for the operating platform: from the user-side authentication system to the internal network security, terminal security, emergency response mechanisms of the enterprise, and then to the choice of the technical route for custody.
From a compliance perspective, the virtual asset industry has gradually transitioned from a period of rampant growth before 2018 to a more regulated state. Although the policy formulation and regulatory policies in mainland China and Hong Kong are largely prohibitive and expulsive, Japan was one of the earliest countries in Asia to initiate a licensing system back in 2017, where Japanese financial institutions manage the licensing of exchanges and have proposed a series of requirements related to cybersecurity, data security, and other safety aspects.
The regulatory system in Hong Kong may be the most significant among the recent policies of Singapore and Hong Kong. Part of the reason for these policies is that last year's FTX incident made people realize that compliance and regulation cannot be superficial; management rules and systems must be clearly implemented to truly protect investors' interests. Therefore, Hong Kong has released very clear regulatory policies for virtual asset licenses this year, starting with trading platforms.
Regulatory Requirements for Asset Custody Compliance
A certain security company has licensed clients in places such as Hong Kong, Japan, and Singapore. Through a horizontal comparison of the licensing requirements in various regions, it believes that the regulatory policies of the Hong Kong Securities and Futures Commission/Hong Kong government are very strong in terms of logic and comprehensiveness.
Mainly reflected in the following aspects:
First of all, considering geopolitical factors, the Hong Kong government clearly requires that the private keys behind digital assets must be located locally in Hong Kong.
Secondly, from the perspective of regulatory maturity, the considerations are very comprehensive. Currently, Hong Kong does not have a mature and complete third-party custody regulatory system, therefore the Hong Kong government's regulatory policy requires virtual asset license applicants to build their own virtual asset security custody system, and lists many detailed requirements. For example, in terms of the selection of technical routes, one important criterion for the Hong Kong government is the maturity of the technology itself.
The maturity is reflected in whether the key technical links used in this technological route are recognized by mainstream authoritative security certification bodies internationally, which is a very important evaluation criterion. Therefore, the attitude of the Hong Kong government can be described as "both conservative and open". The conservativeness is reflected in the Hong Kong government's relatively cautious choice of more mature technological routes that have been repeatedly validated in the traditional financial security field; the openness is reflected in the Hong Kong government's examination of many new technological solutions and its expressed openness.
Although the Hong Kong government requires virtual asset trading platforms to self-custody customer assets and has listed clear regulatory requirements, merely claiming to meet the requirements is not sufficient to obtain a license. It is also necessary to have an authoritative third-party assessment agency conduct an evaluation. Only if an authoritative third-party assessment agency certifies that the exchange meets the requirements is it possible to apply for a license.
In summary, it can be seen that the Hong Kong government's regulation is very comprehensive in terms of logic, methods, and details.
Methods to Protect User Asset Security
A cold wallet is a wallet that is completely offline and disconnected from the internet. However, merely being offline and disconnected is not enough; it is also necessary to use internationally recognized cryptographic security devices to form a digital asset vault to protect users' digital assets. At the same time, there are some requirements for the physical environment of the hardware that stores this information (the vault), such as maintaining temperature, humidity, anti-tracking, anti-tail, and signal interference.
In order to prevent user asset losses caused by regulatory loopholes not considered or operational mistakes by the platform, after the technical and implementation plans are established, further protection for user assets is needed, which means mandating the establishment of a risk compensation fund or purchasing specialized insurance, with the capability to compensate clients.
In terms of compliance, anti-money laundering and counter-terrorism financing are areas of great concern for regulators, therefore each exchange needs to be equipped with a professional "Chief Compliance Officer". Compliance runs through the entire trading process, not only must it assess the safety of customer identity and funds (KYC) during the user onboarding phase, but it also needs to determine whether the source and flow of funds for each transaction meet the requirements (Travel Rule).
Risk control is reflected in multiple aspects, and each platform needs to manage market manipulation behavior, user fraud risk, counterparty risk, credit risk, etc.
From a governance perspective, it is necessary to establish a sound governance system, with the core being the clarification of roles:
First, the roles of the entities must be separated. The regulatory requirements for licenses in Hong Kong require that the trading platform is an independent entity, while there must also be another entity responsible for the custody of client asset safety, and this entity must serve 100% of the trading platform entity and cannot serve other entities, meaning that the responsibilities of the entities must be clear.
Secondly, from the perspective of funds, responsibilities must also be clearly defined. It is essential to distinctly differentiate between the funds of the trading platform and the funds of the users, without any mixing of funds. Even the Gas Fee required to complete transactions must be clearly distinguished.
Thirdly, the principle of "separation of roles and responsibilities" is also very important. There should be no single point of risk at any stage of the business process, and situations such as abuse of power must not occur. For example, when transferring funds from the cold Wallet, the "four-eye principle" must be followed.
Possible Solutions to be Introduced in the Future
Under the premise of not affecting the existing level of security, what solutions might Hong Kong compliant virtual asset exchanges introduce in the future for the custody of customer assets to bring more convenience to exchanges and users?
From the perspective of operating a trading platform, there are indeed many excellent technologies in this field, such as the very popular MPC (Multi-Party Computation) technology. Compliance is not about rejecting these technologies, but rather about considering the maturity of the technology. I believe that over time, these excellent technologies will become more mature under globally recognized certification systems.
On the other hand, many trading platforms must consider how to reach more C-end users. Currently, allowing C-end users to settle in and trade through a centralized approach meets a large part of user demand, as users do not need to manage their private keys and mnemonic phrases themselves. At the same time, we also see many innovators in the Web3 world, and in the future, many personal wallet-related solutions may emerge, complementing and even linking with centralized exchanges.
From the operational experience of traditional finance, it is not necessary for every exchange to have its own custody system; the entire market's asset custody can be completely managed by 1-2 custody institutions. In the future, as the security and executability of technologies like MPC receive more recognition from international certification bodies, the custody field may gradually concentrate on a few leading custody institutions to execute the entire localized custody.
Specifically on two levels:
From the perspective of separation of responsibilities and powers: Currently, exchanges applying for licenses still bear the role of an accomplice. It is believed that as the regulatory system is further improved, the supervision of the custodial part should be independently clarified in the future, including how to supervise custody and how exchanges utilize third-party custody services for asset custody for clients. With clear regulations, responsibilities can be separated.
From the perspective of the technical route: Currently, the common requirement is a solution based on encryption machines that meets the security level of traditional finance. In the future, as other new technical routes mature and gain global testing certification endorsements, the choice of technology for custodial service providers will no longer be limited to a single solution, allowing for more options.
We firmly believe that with the continuous advancement of technology and the deepening understanding of this industry by regulators and practitioners, more and more people will inevitably enter this field in the future, and the market will become increasingly prosperous.