On December 7th, 2022, the Hong Kong Legislative Council passed the Anti-Money Laundering and Counter-Terrorist Financing (Amendment) Bill 2022, establishing a licensing regime for VASPs.

The new law requires VASPs to apply for a license with the Securities and Futures Commission (SFC) to operate in Hong Kong. It imposes statutory anti-money laundering and counter-terrorist financing obligations. Similar to traditional financial institutions, licensing will require fitness and properness, financial resources, and risk management policies and procedures. On May 25, 2023, the SFC published AML/CTF Guidelines for SFC-licensed VASPs, which mandated that VASPs comply with the new licensing regime by June 1st, 2023.

Subsequently, Hong Kong introduced a dedicated regulatory framework for stablecoins. Under the Stablecoins Ordinance, which took effect on August 1, 2025, issuance of fiat-referenced stablecoins became a regulated activity requiring a licence from the Hong Kong Monetary Authority (HKMA). The HKMA has published associated guidance, including a Guideline on Anti-Money Laundering and Counter-Financing of Terrorism for Licensed Stablecoin Issuers, setting out AML/CFT expectations such as customer due diligence, Travel Rule compliance monitoring, and reporting for stablecoin issuers licensed under the Ordinance. These measures align stablecoin activities with enhanced financial crime controls alongside the broader virtual asset regulatory regime. 

Timeline of regulatory action

• December 7, 2022 - The Hong Kong Legislative Council passed the Anti-Money Laundering and Counter-Terrorist Financing (Amendment) Bill 2022.
• February 20, 2023 - The Securities and Futures Commission launched a Consultation Paper on the Proposed Regulatory Requirements for Virtual Asset Trading Platform Operators, which includes Travel Rule obligations (pgs. 156-158). The SFC accepted comments until March 31, 2023. The SFC received 152 written submissions from the industry, including one from the Notabene Regulatory and Compliance team.
• May 25, 2023 - The SFC published the "Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (For Licensed Corporations and SFC-licensed Virtual Asset Service Providers)" (“AML/CTF Guideline for SFC-licensed VASPs”)
• June 1, 2023 - The crypto Travel Rule enters into force in Hong Kong.
• May 21, 2025 – The Hong Kong Legislative Council passed the Stablecoins Ordinance, establishing a new licensing and regulatory regime for fiat-referenced stablecoin issuers.
• August 1, 2025 – The Stablecoins Ordinance came into effect, making issuance of fiat-referenced stablecoins a regulated activity requiring a licence from the Hong Kong Monetary Authority (HKMA). Alongside the Ordinance’s commencement, the HKMA published Guidelines on Supervision of Licensed Stablecoin Issuers and Guideline on Anti-Money Laundering and Counter-Financing of Terrorism for Licensed Stablecoin Issuers to set out ongoing regulatory expectations and AML/CFT requirements for stablecoin licence holders.

Is cryptocurrency legal in Hong Kong?

Yes. Cryptocurrency is legal in Hong Kong.

Are there any AML crypto regulations in Hong Kong?

Yes. The Legislative Council passed the Anti-Money Laundering and Counter-Terrorist Financing (Amendment) Bill 2022 (AML/CTF Amendment Bill 2022) on December 7th, 2022. This bill introduced a licensing regime for virtual asset service providers and will impose anti-money laundering (AML), counter-terrorism financing (CTF), and investor protection obligations upon these actors.

Hong Kong has also expanded its AML regulatory perimeter to cover stablecoin activities through the Stablecoins Ordinance. The HKMA has also issued dedicated AML guidance for licensed stablecoin issuers, setting out expectations around customer due diligence, Travel Rule compliance, transaction monitoring, and other AML/CFT controls.

Who regulates cryptocurrency in Hong Kong?

The Securities and Futures Commission (SFC) is the primary regulator for virtual asset trading platforms and virtual asset service providers (VASPs) operating in Hong Kong. The Hong Kong Monetary Authority (HKMA) regulates and supervises stablecoin issuers. 

Are there licensing or registration requirements for VASPs in Hong Kong?

‍Yes. Any person who engages in a virtual asset exchange business in Hong Kong must apply for a license with the SFC. [1]

In addition, under Hong Kong’s Stablecoins Ordinance, any person who carries on a regulated stablecoin activity must obtain a license from the HKMA — including issuing specified stablecoins in Hong Kong, issuing HKD-referenced specified stablecoins outside Hong Kong, and offering or holding out as offering specified stablecoins.

FATF Travel Rule Requirements in Hong Kong

Is the Crypto Travel Rule mandated in Hong Kong?

The Crypto Travel Rule applies to virtual asset transactions, including stablecoins. In Hong Kong, Travel Rule obligations for virtual asset service providers have been in force since June 1, 2023, and the AML/CFT obligations applicable to licensed stablecoin issuers have been in force since August 1, 2025.

Does Hong Kong permit a grace period to comply with the Crypto Travel Rule?

Yes. To provide industries with more time to prepare for the new regulatory regimes, the provisions on VASP regulation introduced by the AML/CTF Amendment Bill 2022, approved on December 7th, 2022, came into effect on June 1st, 2023. Travel Rule and other AML/CFT obligations for stablecoin issuers apply as soon as the issuer is operating under a valid HKMA licence, with the overarching regulatory regime in effect from 1 August 2025.

Complying with the Crypto Travel Rule in Hong Kong

What is the minimum threshold for the Crypto Travel Rule in Hong Kong?

In Hong Kong, Travel Rule requirements apply regardless of the transaction amount. However, a broader scope of information must be transmitted by the Originator VASPs for virtual assets amounting to HKD 8,000 or more. [2]

What personally identifiable information is required to be shared for the Crypto Travel Rule in Hong Kong?

The Originator institution must provide the beneficiary institution with the following information, depending on the transaction amount: [3]

‍

Are there differences in customer PII requirements for cross-border transfers versus transfers within Hong Kong?

There are no differences in customer PII requirements for cross-border versus domestic transfers of virtual assets. However, for wire transfers, the Anti-Money Laundering and Counter-Terrorist Financing Ordinance provides that domestic transfers may include only the originator customer’s account number or, if the originator does not have an account, a unique transaction identifier. [4]

{{training2="/cta-components"}}

What are the non-custodial or self-hosted wallet requirements in Hong Kong?

In Hong Kong, transfers involving self-hosted (unhosted) wallets are permitted, but they trigger specific AML/CFT controls focused on (i) wallet ownership/control verification, and (ii) risk-based monitoring and screening. Requirements differ depending on whether the entity is an SFC-licensed VASP or an HKMA-licensed stablecoin issuer, but the core expectation is the same: a firm must be able to demonstrate who controls the wallet and manage the ML/TF risks appropriately. 

Wallet ownership/control verification (proof the customer controls the wallet)

Both the SFC and the HKMA expect firms to ascertain ownership/control of a self-hosted wallet (especially in higher-risk scenarios), using appropriate measures such as micropayment tests and message signing tests, and/or evidence such as account statements. [5]

Customer information to obtain and record for transfers to/from self-hosted wallets

When transacting with self-hosted wallets, no information transmission requirements apply. However, before sending or receiving virtual assets to or from a self-hosted wallet on a customer’s behalf, firms must still collect information on the transaction’s originator and beneficiary. The required data set mirrors the travel rule requirements, as illustrated in the image above. [6] 

Risk-based approach

Both frameworks require a risk-based approach to managing self-hosted wallet transfers and explicitly reference enhanced monitoring and transaction limits as mitigating measures.

VASPs and stablecoin issuers should assess ML/TF risks associated with self-hosted wallet transfers and take reasonable measures on a risk-sensitive basis.

The relevant guidelines provide examples of such measures, including [7]:

• enhanced monitoring of transfers involving self-hosted wallets;
• only accepting transfers to/from self-hosted wallets assessed to be reliable, taking into account screening results and ownership/control assessment results; and
• imposing transaction limits, where appropriate.

What are the requirements for beneficiary and intermediary VASPs in Hong Kong?

Beneficiary and Intermediary VASPs in Hong Kong must adhere to specific requirements to ensure compliance with regulatory standards, as outlined in the SFC’s  and HKMA Guidance [8]. Below is a concise overview:

Intermediary institutions:

• Must retain comprehensive information about both the originator (sender) and beneficiary (receiver) of a virtual asset transfer.
• Are required to conduct due diligence on the institutions involved in the transaction to verify their identities and ensure their legitimacy.
• Must forward all necessary information about the transaction to the next intermediary or the beneficiary institution in line with specific regulatory guidelines.

Beneficiary VASPs:

• Need to have procedures in place for identifying and handling transfers that arrive with incomplete information about the sender or recipient.
• For transactions above a certain threshold (e.g., HKD 8,000), the beneficiary institution must verify the recipient's identity if it hasn't already been confirmed during the Customer Due Diligence (CDD) process. 
• Should ensure the consistency of recipient information received from the transferring institution with previously verified information and take appropriate actions if discrepancies are found. 

Both beneficiary and intermediary VASPs are expected to:

• Implement measures to detect transfers lacking essential information.
• Establish risk-based policies to decide how to proceed with such transfers—whether to execute, delay, reject, or return them. 
• In cases where the originator institution fails to provide complete information, the intermediary or beneficiary institution should attempt to obtain the missing details promptly. If unsuccessful, they may need to reassess their business relationship with the originator institution to mitigate risks associated with money laundering or terrorist financing. 

Why choose Notabene for Crypto Travel Rule compliance in Hong Kong?

Notabene helps regulated entities, from crypto-native VASPs to fintechs and banks launching digital asset and stablecoin products, meet Travel Rule and related regulatory requirements in Hong Kong with confidence. Our platform is built for compliance teams that need to operationalize evolving expectations set by the Hong Kong’s SFC and the HKMA across real-world transaction flows.

Notabene provides purpose-built infrastructure for Travel Rule compliance, enabling organizations to collect, validate, and securely transmit required originator and beneficiary information before a transaction is executed. Our industry-leading global network connects thousands of VASPs and financial institutions, improving interoperability and reducing friction when transacting across borders and counterparties.

Compliance teams use Notabene to identify counterparties, manage missing or incomplete data, and maintain a defensible audit trail, while minimizing manual reviews and operational overhead. As organizations mature, the same compliance foundation can also support more advanced, revenue-generating payment and settlement use cases by adding business context to regulated transactions.

As regulatory scrutiny increases and regulated transaction volumes grow, Notabene gives growth-focused organizations a scalable foundation for meeting Travel Rule obligations in Hong Kong today, and for expanding safely as requirements and business models evolve.

Talk to our Regulatory & Compliance team to see how Notabene supports Travel Rule compliance in Hong Kong, or request a demo to explore how your compliance infrastructure can scale with your business.