Cryptocurrency/Cybersecurity

In February 2017, SFC issued a statement that it had written to seven cryptocurrency exchanges in Hong Kong that they should not trade cryptocurrencies which may constitute “securities” under the SFO, without complying with the SFO requirements. SFC issued another statement in September 2017 relating to existing regulations that could apply to initial coin offerings (“ICOHK”). ICOHKs involved the issuance of digital tokens, created and disseminated by blockchain technology. An ICOHK is a type of fundraising similar to the initial public offering of stock, in which the public is allowed to buy coins in the offering. Depending on the facts and circumstances of an ICOHK, digital tokens that are offered or sold may be “securities” as defined under the SFO, and therefore subject to the SFO. The SFC has advised that parties engaged in dealing in, advising on, managing or marketing a fund investing in these tokens targeting the Hong Kong public to acquire an interest or participate in a collective investment scheme (“CIS”) may constitute a regulated activity that is required to be licensed or registered with the SFC, irrespective of where they are located.

On Cybersecurity, SFC issued in October 2017 guidelines requiring implementation of 20 baseline cybersecurity measures by firms in two phases in April and July of 2018. Firms were expected to be scrutinized on issues relating to compliance, systems and control, emphasising on individual responsibility.