Hong Kong’s SFC Implements Tighter Crypto Custody Standards in Response to Global Breaches
In a significant move to enhance the security of client assets, Hong Kong’s Securities and Futures Commission (SFC) has mandated stricter custody standards for licensed virtual asset trading platforms (VATPs) as of 2025. This initiative aims to fortify the region’s digital asset ecosystem, ensuring a competitive, sustainable, and trusted environment for investors and stakeholders alike.
Dr. Eric Yip, the executive director of intermediaries at the SFC, stated, “The new requirements serve as a baseline for a forthcoming licensing regime that will encompass standalone virtual asset custodians.” This regulatory shift follows reports of numerous cybersecurity incidents affecting overseas centralized platforms over the past year, which resulted in substantial client losses due to vulnerabilities in wallet systems and insufficient control measures.
As outlined in the SFC’s recent circular, the newly established minimum custody standards are designed to address these issues and improve the overall security framework for VATPs. Key requirements include:
- Implementation of robust cold-wallet infrastructure and operations
- Thorough oversight of third-party wallet providers
- Strict controls for managing private keys and similar credentials
- Use of air-gapped hardware to enhance security
- Systematic verification of transactions
- Strict address whitelisting procedures
- Independent third-party assessments
- Comprehensive staff training to mitigate risks of blind signing
The SFC has also announced plans for a licensing regime that will require any entity involved in the safekeeping of clients’ virtual assets to hold a license. These standards are set to take immediate effect for VATPs and their associated entities, compelling them to establish round-the-clock security monitoring systems. Such measures are expected to lay the groundwork for the upcoming custodian licensing framework.
In conjunction with these new requirements, the SFC is preparing a legislative proposal that will introduce transitional arrangements, expedited approvals for firms already vetted, and an updated fee structure based on a user-pays model. These changes are anticipated to further enhance the regulatory landscape for virtual assets in Hong Kong.
The deadline for public comments on the proposed regulations is August 29, 2025, marking a critical opportunity for industry stakeholders to contribute to the regulatory dialogue. This initiative follows a broader regulatory roadmap unveiled earlier in February 2025, which aims to strengthen the virtual asset ecosystem in Hong Kong. Notably, this comes shortly after the introduction of a stablecoin licensing regime in early August 2025, signaling the SFC’s commitment to maintaining a robust regulatory framework for digital assets.
“We are dedicated to fostering a competitive, sustainable, and trusted digital asset ecosystem,” stated Dr. Yip, reflecting the SFC’s proactive approach to safeguarding investors and enhancing the integrity of the market.
As the regulatory landscape continues to evolve, stakeholders in the virtual asset space must remain vigilant and adaptable to ensure compliance with these new standards and contribute to a secure digital asset environment in Hong Kong.
For more details, visit the official SFC announcement here.
