The draft paper on proposed Hong Kong requirements will turn virtual asset providers into banks with sky-high costs. finews.asia does a take.
Some virtual asset providers are likely looking at the Securities and Futures Commission (SFC) consultation paper released on Monday like a deer caught in the headlights.
A brief look at the executive summary of the planned regulatory requirements is likely to result in a city-wide run for compliance specialists along with desperate pleas to the big four accountants for anything that looks like help.
Veteran bank experts, however, will be wearily familiar with much of the goings-on.
June Launch
But first, some background. As finews.asia reported Tuesday, the city’s new licensing regime of virtual asset trading platforms comes into effect at the start of June and everyone will need to get licensed whether they provide trading services in security tokens or not.
Ahead of that, they released a consultation paper on Monday that asked for comment from the industry and the public by the end of March.
In the paper, the SFC got down to the matter on hand from the get-go, writing about the events of the past 12 months in its introduction by directly naming the collapses of Luna, Terra, and FTX.
Risks Exposed
The substantial investor losses and billions of dollars of customer assets that were subsequently wiped out exposed the risk of «increasing interconnectedness» in the virtual asset ecosystem, underlining the need for effective regulation and oversight.
The SFC added that many jurisdictions appear to be shifting away from a «light-touch» approach to a more comprehensive one that regulates providers from the point of view of ensuring suitable investor protections, not only money-laundering risks, as had previously generally been the case.
It also stated that the regulation virtual asset providers are to be subject to should be very comparable to that securities brokers follow, saying matter-of-factly «same business, same risks, same rules».
Challenging Response
So what does this all mean in practice? The basic guidelines get right down to it.
Providers will have to provide safe custody of assets and hold money at a wholly-owned subsidiary while ensuring that not more than 2 percent of virtual assets are stored in hot wallets where private keys are kept online and vulnerable to hacking.
They must manage private keys safely and establish and write internal policies and governance procedures to make sure that they do. That means secure generation of cryptographic seeds and keys, including storage and backup.
No Pledging
Beyond that, they should make sure that the assets are not pledged or repledged. I don’t know about you but that sounds like a team of four or five at a minimum to compensate for vacations and general fluctuation rates typical in Hong Kong.
The second point relates to KYC. Here they must have procedures that establish and confirm client identities while also making sure they understand each client’s financial situation, investment experience, and investment objectives.
They also must make sure that clients have the necessary knowledge of virtual assets and knowledge of risks before providing any services. In truth, going by the track record of wealth managers having to comply with source of funds and source of wealth requirements, keeping all of that up-to-date can easily keep a team of 10 people occupied full-time if the virtual asset provider has more than, say, a couple of thousand clients.
Waivers and Training
Beyond that, they will need a host of external training sites, online or real, to make sure clients are aware of everything they need to be. Not to mention getting them to sign any number of waivers and documents confirming that they do.
They need adequate AML/CFT policies and asset tracking tools, while not engaging in any kind of proprietary trading and also make sure that employees do not have any conflicts of interest if they do.
By June, the operators will need to have a specific function for admitting virtual assets according to specific criteria and other ones for suspending or withdrawing them and they have to do reasonable due diligence on the assets.
Policies and Controls
They will have to prevent market abuse and establish policies and controls that prevent it from happening. As part of that, they will need to have a market surveillance system that is provided by a reputable and independent provider.
They will have to provide monthly reports to the SFC on business activity and an externally audited annual report noting whether it has breached any of the SFC’s requirements in the past year or not.
I don’t know about you, but I count at least 40 highly paid full-time specialists before the virtual asset provider even gets off the ground.
Retail Access
But if this seems so cut and dry, the question remains as to what they are even consulting everyone about. They have ten specific questions, but only the first two are worth commenting on before things get overly technical.
The first was a question that was pointed out by several media outlets, including finews.asia, relating to whether retail investors should be given access. But there is a big if in the suggestion.
The operators will need to provide additional safeguards and robust measures that go above and beyond the training currently required.
Suitability Part Two
The SFC suggests they will have to assess the client’s risk tolerance and profile and then make a judgment as to whether each can trade the virtual asset in question.
They will have to set limits and ensure the client’s exposure to virtual assets is reasonable and then review that regularly. In soft consultations ahead of the release of the paper, the SFC said some respondents suggested hard limits for retail investors, but the supervisor indicated they did not think that was an appropriate measure.
The response does shed a light on where many virtual asset operators likely stand in this new regime. A strict limit is easy to comply with, and relatively cheap to maintain. A shifting limit that considers retail clients’ life-savings and personal circumstances against shifting market prices requires a team to manage. In other words, it is expensive.
The second question goes on to ask the public and industry participants about token admission criteria and suggests, in the same breath, that virtual asset providers will need to establish a token admission and review committee to make sure they follow all the necessary principles.
Becoming a Bank
In all this, they are following the «same business, same risks, same rules» mantra right down to the specific individual committees they intend to see convened.
But that also brings the old duck test to mind. In other words, if a virtual asset provider looks like a bank, swims like a bank, and quacks like a bank, then it probably is a bank.
That would also mean from June on that most virtual asset providers will struggle to eke out any kind of profit in Hong Kong, something that has afflicted many foreign bank branches operating in the city for years.