Hong Kong SFC rolls out new custody standards for crypto platforms
2025/08/15 20:13
Hong Kong SFC authority has unveiled new guidelines for how licensed crypto platforms handle customer funds, warning that recent failures overseas show the risks of weak custody controls.
Summary
- The Hong Kong Securities and Futures Commission has issued new mandatory custody standards for crypto.
- Service providers must apply stringent governance and security measures to safeguard customer funds.
- The new rules require secure cold wallet infrastructure, robust withdrawal controls, and real-time cybersecurity threat monitoring.
A new circular issued on August 15 by the Hong Kong SFC set out mandatory standards for licensed virtual asset trading platform (VATP) operators in the region.
The measures cover cold wallet infrastructure, transaction controls, third-party wallet oversight, and real-time threat monitoring, in direct response to the trend of industry hacks and scams, which have led to multi-million dollar losses in recent months.
Recent reviews of local operators by the commission found that the majority only had “fundamental” measures in place, with gaps that could leave client assets exposed. In light of the discovery, the SFC’s new framework now lays down minimum standards all VATPs must meet.
Hong Kong SFC new rules regime
- Senior management accountability: Service providers must appoint a designated ‘Responsible Officer or Manager-in-Charge’ to oversee custody operations, ensuring strong governance, internal controls, risk management, and overall compliance in operations.
- Robust cold wallet infrastructure: Private keys should be generated offline in secure environments, using certified hardware security modules (HSMs) and proper backups. The SFC expects thorough due diligence on HSM providers, ongoing patch and certification management, and avoidance of public smart contracts in cold wallet setups to reduce attack surfaces.
- Secure wallet operations: Platforms must guard against asset theft through strict withdrawal controls. Withdrawals must go only to whitelisted addresses, with multiple verification steps, segregation of duties, and air-gapped signing devices to prevent tampering or insider abuse.
- Strict oversight of third-party wallet providers: If a VATP uses an external custody provider, it must apply the same security and governance standards as it would in-house. External custody solutions must pass rigorous due diligence, independent code reviews, and regular disaster recovery drills, with admin access tightly controlled.
- Real-time threat monitoring: Platforms must run a Security Operations Centre to monitor incidents in real time, track balances, unauthorised access, and adapt alerts based on emerging risks.
- Staff training and creation of awareness: All staff involved in custody must undergo role-specific security training, including phishing simulations and blind-signing prevention exercises, to strengthen human defenses.
All requirements are effective immediately, with VATPs expected to assess and upgrade their custody frameworks. The new mandate comes as Hong Kong continues to advance its mission to become a global digital hub.
The first stablecoin bill in its history recently officially came into effect on August 1, creating a licensing regime for issuers. Earlier this year, the government also issued its upgraded policy statement on digital assets, outlining priorities such as regulatory clarity and domestic adoption.
Hong Kong now stands as one of the most pro-crypto regions in Asia and continues to work on cementing its place on the global radar.
Clause de non-responsabilité : les articles republiés sur ce site proviennent de plateformes publiques et sont fournis à titre informatif uniquement. Ils ne reflètent pas nécessairement les opinions de MEXC. Tous les droits restent la propriété des auteurs d'origine. Si vous estimez qu'un contenu porte atteinte aux droits d'un tiers, veuillez contacter service@support.mexc.com pour demander sa suppression. MEXC ne garantit ni l'exactitude, ni l'exhaustivité, ni l'actualité des contenus, et décline toute responsabilité quant aux actions entreprises sur la base des informations fournies. Ces contenus ne constituent pas des conseils financiers, juridiques ou professionnels, et ne doivent pas être interprétés comme une recommandation ou une approbation de la part de MEXC.
Vous aimerez peut-être aussi
Foreign media: OpenAI founder Sam Altman is also interested in acquiring Chrome
PANews reported on August 15 that according to THE VERGE: If the US government forces Google to sell Chrome, OpenAI founder Sam Altman is interested in acquiring it.
Partager
PANews2025/08/15 20:46
Fed's Goolsbee: Latest PPI and CPI inflation data are disturbing
PANews reported on August 15 that Fed Chair Goolsbee stated that the latest PPI and CPI inflation data are disturbing. He said that one should not overreact to one month's
Partager
PANews2025/08/15 20:39
SIX MINING Leads Cloud Mining Revolution Through A Clean Energy-Powered Platform
SIX MINING is an innovative cloud mining platform dedicated to revolutionizing cryptocurrency mining. It offers remote mining solutions powered by clean energy. The platform uses cloud computing technology to allow users to participate in cryptocurrency mining easily. Thus, they can mine cryptos without bearing the high costs of buying and maintaining hardware equipment. Advantages of SIX MINING Significant Cost-effectiveness: Unlike traditional mining, SIX MINING cloud mining does not require users to make a one-time investment in expensive mining equipment. Users do not need to buy ASIC miners or GPUs. This platform also doesn’t require miners to pay high electricity bills and equipment maintenance costs. They only need to pay a relatively low computing power rental fee. It lowers the capital threshold for participating in mining and is suitable for investors at different levels. Convenient and Flexible Operation Users can flexibly choose different computing power packages according to their needs and market conditions, supporting short-term and long-term investments. Moreover, users can monitor mining progress and income anytime and anywhere through the Internet. Thus, they can manage their mining business conveniently and quickly. Low Technical Threshold For ordinary users, there is no need to master complex mining technology and equipment maintenance knowledge. Just pay attention to investment returns and market trends to easily participate in cryptocurrency mining. SIX MINING cloud mining platform usually provides a simple and easy-to-use operation interface and related tools. Thus, it helps users get started quickly. How to join the SIX MINING contract program First, you should complete the registration process to join as a SIX MINING user Now, pick a contract plan best suited for your crypto mining goals. You will have to wait until your crypto mining plan expires. Once it does, you can withdraw the earned funds. Customized Cloud Mining Contracts: Fit Your Investment Rhythm and Enjoy SIX MINING Benefits Security Technical Security Guarantee SIX MINING cloud mining platform adopts advanced blockchain technology and security protocols, such as SSL encryption technology, to protect users’ account information and digital assets. At the same time, the platform will take multiple protection measures, such as DDoS attack protection, to prevent potential network threats and ensure the stable operation of the platform. High Operational Transparency The platform adheres to the principles of transparency and fairness. Moreover, it allows users to fully understand the operation of their investments through real-time data and detailed mining reports. Strictly follow a fair distribution mechanism to ensure that every user can share the mining benefits fairly and enhance users’ confidence in the platform. SIX MINING cloud mining provides a mining model with many advantages for cryptocurrency enthusiasts. It has obvious advantages in cost control, ease of operation, and technical threshold, allowing more people to participate in cryptocurrency mining. Its contract terms are clear, which helps to protect the rights and interests of both users and platforms. In terms of security, through technical means and transparent operations, it provides users with a relatively reliable mining environment.
Partager
CryptoNews2025/08/15 20:37