On December 7th, 2022, the Hong Kong Legislative Council passed the Anti-Money Laundering and Counter-Terrorist Financing (Amendment) Bill 2022, establishing a licensing regime for VASPs.
The new law requires VASPs to apply for a license with the Securities and Futures Commission (SFC) to operate in Hong Kong. It imposes statutory anti-money laundering and counter-terrorist financing obligations. Similar to traditional financial institutions, licensing will require fitness and properness, financial resources, and risk management policies and procedures. On May 25, 2023, the SFC published AML/CTF Guidelines for SFC-licensed VASPs, which mandated that VASPs comply with the new licensing regime by June 1st, 2023.
Timeline of regulatory action:
December 7, 2022 - The Hong Kong Legislative Council passed the Anti-Money Laundering and Counter-Terrorist Financing (Amendment) Bill 2022.
May 25, 2023 - The SFC published the "Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (For Licensed Corporations and SFC-licensed Virtual Asset Service Providers)" (“AML/CTF Guideline for SFC-licensed VASPs”)
June 1, 2023 - The crypto Travel Rule enters into force in Hong Kong.
Download the Hong Kong Cryptocurrency Regulation Guide
2. Are there any AML crypto regulations in Hong Kong?
Yes. The Legislative Council passed the Anti-Money Laundering and Counter-Terrorist Financing (Amendment) Bill 2022 (AML/CTF Amendment Bill 2022) on December 7th, 2022. This bill introduced a licensing regime for virtual asset service providers and will impose anti-money laundering (AML), counter-terrorism financing (CTF), and investor protection obligations upon these actors.
3. Who regulates cryptocurrency in Hong Kong?
No single regulatory body currently regulates crypto-assets in Hong Kong. However, several financial regulators have issued guidance on the subject, including the Securities and Futures Commission (SFC) and the Hong Kong Monetary Authority (HKMA).
The SFC oversees Hong Kong’s securities and futures markets and has proactively regulated the blockchain industry. As the primary regulatory authority for blockchain in Hong Kong, the SFC can inspect licensed virtual asset service providers (VASPs), request documents, and investigate non-compliance.
4. Are there licensing or registration requirements for VASPs in Hong Kong?
Yes. Any person who engages in a virtual asset exchange business in Hong Kong must apply for a license with the SFC. 
1. Is the Crypto Travel Rule mandated in Hong Kong?
The Crypto Travel Rule will be effective in Hong Kong as of June 1st, 2023. 
2. Does Hong Kong permit a grace period to comply with the Crypto Travel Rule?
Yes. To provide industries with more time to prepare for the new regulatory regimes, the provisions on VASP regulation introduced by the AML/CTF Amendment Bill 2022, approved on December 7th, 2022, will come into force on June 1st, 2023.
Complying with the Crypto Travel Rule in Hong Kong
1. What is the minimum threshold for the Crypto Travel Rule in Hong Kong?
In Hong Kong, Travel Rule requirements apply regardless of the transaction amount. However, a broader scope of information must be transmitted by the Originator VASPs for virtual assets amounting to HKD 8,000 or more. 
2. What personally identifiable information is required to be shared for the Crypto Travel Rule in Hong Kong?
The Originator VASP must provide the beneficiary institution with the following information, depending on the transaction amount: 
3. Are there differences in customer PII requirements for cross-border transfers versus transfers within Hong Kong?
There are no differences in customer PII requirements for cross-border transfers and transfers within Hong Kong. While in respect to wire transfers, section 12 (6) section 12 (6) of the Anti-Money Laundering and Counter-Terrorist Financing Ordinance foresees that when Hong Kong VASPs handle a money transfer within the same country, they are allowed to include only Originator Customer’s account number or, if that person doesn't have an account, a unique transaction number. 
Further, no distinction between domestic and international transfers is made in the provisions applicable to virtual asset transfers introduced by the HKMA’s AML/CTF(Amendment) Bill 2022.
4. What are the non-custodial or self-hosted wallet requirements in Hong Kong?
In Hong Kong, account ownership verification is required when transacting with self-hosted wallets and higher-risk VASPs. The key requirements for transactions with self-hosted wallets as set out in the AML/CTF Guideline for SFC-licensed VASPs:
4.1 VASPs must verify the customers’ wallet ownership during transactions with self-hosted wallets. Hong Kong’s SFC joins financial legislation in Singapore, Switzerland, Germany and the European Union’s Transfer of Funds regulation in requiring VASPs to verify the customers’ wallet ownership when transacting with self-hosted wallets. This means that Hong Kong VASPs must ascertain their customer’s ownership or control of the wallet address by taking appropriate measures, for example, performing a message signing test. 
4.2 VASPs should assess the risks of money laundering and terrorist financing (ML/TF) when making transfers to or from self-hosted wallets.
The Guidelines lay out reasonable measures that VASPs could take on a risk-sensitive basis to mitigate and manage the ML/TF risks associated with transfers to/from self-hosted wallets, including:
Conducting enhanced monitoring of virtual asset transfers with self-hosted wallets;
Accepting virtual asset transfers only to or from self-hosted wallets that the FI has assessed to be reliable, having regard to the screening results of the virtual asset transactions and the associated wallet addresses and the assessment results of the ownership or control of the unhosted wallet, and
Where appropriate, impose transaction limits. A VASP may place appropriate limits on the amount of virtual asset transfers with self-hosted wallets. 
4.3 When transacting with self-hosted wallets, no information transmission requirements apply.
However, VASPs are still required to obtain information from their own customer and record it, as follows :
4. What are the requirements for beneficiary and intermediary VASPs in Hong Kong?
Beneficiary and Intermediary VASPs in Hong Kong must adhere to specific requirements to ensure compliance with regulatory standards, such as those outlined by the SFC’s Guidance. Here's a concise overview:
Must retain comprehensive information about both the originator (sender) and beneficiary (receiver) of a virtual asset transfer.
Are required to conduct due diligence on the VASPs involved in the transaction to verify their identities and ensure their legitimacy.
Must forward all necessary information about the transaction to the next intermediary or the beneficiary VASP in line with specific regulatory guidelines.
Need to have procedures in place for identifying and handling transfers that arrive with incomplete information about the sender or recipient.
For transactions above a certain threshold (e.g., KRW 8,000), beneficiary VASPs must verify the recipient's identity if it hasn't already been confirmed during the Customer Due Diligence (CDD) process.
Should ensure the consistency of recipient information received from the transferring institution with previously verified information and take appropriate actions if discrepancies are found. 
Implement measures to detect transfers lacking essential information.
Establish risk-based policies to decide how to proceed with such transfers—whether to execute, delay, reject, or return them.
In cases where the originator VASP fails to provide complete information, the intermediary or beneficiary VASP should attempt to obtain the missing details promptly. If unsuccessful, they may need to reassess their business relationship with the originator VASP to mitigate risks associated with money laundering or terrorist financing.
Why choose Notabene for Crypto Travel Rule Compliance in Hong Kong?
Notabene provides a comprehensive solution for Crypto Travel Rule compliance in Hong Kong. SafeTransact, our pre-transaction decision-making platform stands up to the stringent requirements set by the Hong Kong’s Securities and Futures Commission (SFC):
This includes the Notabene Network for identifying and reporting suspicious transactions, and SafeGateway for secure transactions within its own or any third-party supported network. SafeTransact ensures all necessary information is included in the Travel Rule message and can request missing details. Additionally, our protocol-agnostic SafePII service secures personally identifiable information using advanced encryption.
The Notabene Network features profiles of over 1000 VASPs, providing real-time regulatory status information. An additional feature allows VASPs to gather more data from their counterparties through a standard due diligence questionnaire, based on the industry standard by the Global Digital Finance group. Most importantly, Notabene enables immediate submission of necessary information as per Hong Kong regulations, ensuring efficient compliance.
Get started today; sign up for our Sunrise Plan to respond to regulated transactions for free using the world’s largest VASP Network.
 Securities and Futures Commission. (2023). Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (For Licensed Corporations and SFC-licensed Virtual Asset Service Providers). Effective 1 June 2023. (Hereinafter referred to as AML/CTF Guidance) Section 12.11.5-9.
This content is provided for general informational purposes only. By using the content, you agree that the information on this content does not constitute legal, financial or any other form of professional advice. No relationship is created with you, nor any duty of care assumed to you, when you use this content. The content is not a substitute for obtaining any legal, financial or any other form of professional advice from a suitably qualified and licensed advisor. The information on this content may be changed without notice and is not guaranteed to be complete, accurate, correct or up-to-date.
Help us keep this page up to date! Any comments, corrections or suggestions on this page can be sent to firstname.lastname@example.org.