Introducing JSM
Homegrown.
Global outlook.
Our story is more than 160 years old. It is a story that demonstrates the resilience, spirit and strength the people of Hong Kong are renowned for, as our city grew from the small provincial port in Southern China to become the leading global financial and legal centre that it is today.
When the world has changed so has our firm – always taking the initiative to find the best course through unchartered territory for our clients, the community and our people.
Our story is more than 160 years old. It is a story that demonstrates the resilience, spirit and strength the people of Hong Kong are renowned for, as our city grew from the small provincial port in Southern China to become the leading global financial and legal centre that it is today.
When the world has changed so has our firm – always taking the initiative to find the best course through unchartered territory for our clients, the community and our people.
Insights
Latest publications
1. Background
Virtual assets (VA) related activities are subject to regulatory regime under the Securities and Futures Ordinance, Cap. 571 Laws of Hong Kong (SFO) and/or the Anti-Money Laundering and Counter-Terrorist Financing Ordinance, Cap. 615 Laws of Hong Kong (AMLO).
The SFO regime applies to activities relating to VA that falls in the definition of “securities” or “futures contracts” under the SFO (Securities VA). The AMLO regime applies to VA not caught by those definitions (Non-securities VA).
The SFO regime is more comprehensive, covering dealing, advisory, asset management and custody activities relating to Securities VA. At present, the AMLO regime only covers operating VA exchange but not the other activities relating to Non-securities VA.
The Financial Services and the Treasury Bureau (FSTB) and the Securities and Futures Commission (SFC) jointly launched public consultations in June 2025 on proposed changes to the AMLO for establishing a licensing regime for dealing and custodian services relating to Non-securities VA.
Consultation conclusions were published on 24 December 2025, along with the launch of further public consultation on proposed changes to the AMLO for establishing the licensing regime for advisory and management services relating to Non-securities VA.11 The target is to introduce a bill to the Legislative Council in 2026.
2. Key takeaways
Alignment of AMLO regime and SFO regime
The expanded licensing regime for Non-securities VA will align with the licensing regime for Securities VA. Both regimes adopt an activity-based approach. This demonstrates the regulatory philosophy and policy of “same activity, same risks, same regulation” principle. Under the SFO, Type 122 licence is required for dealing, Type 433 licence is required for advisory, Type 944 licence is required for portfolio management, and Type 1355 licence is required for custodian services relating to Securities VA. Corresponding licence types are now expected to be established under the AMLO for Non-securities VA.
No transition or deeming arrangements
The FSTB and SFC do not plan to provide transition or deeming arrangements to existing Non-securities VA service providers. This is intended to offer optimal investor protection and avoid creating confusion over licensing status. Accordingly, the licensing regime will take full effect on commencement date(s) to be designated in due course. To alleviate practical difficulties arising from a “hard” commencement date, the Government and the SFC will take into account the time that market participants need to adjust their business models in deciding the appropriate commencement date(s). Existing service providers are strongly encouraged to initiate pre-application processes and early engagement with the SFC or (where the service provider is an authorized institution under the Banking Ordinance, Cap. 155 Laws of Hong Kong) the HKMA.
Expedited licensing and registration process for existing regulated entities
For entities licensed by the SFC under the present regulatory regime for VA-related activities and already engaged in the relevant licensed activities, the SFC will introduce an expedited licensing and registration process for them under the expanded AMLO regime.
Advancing market access and regulatory clarity
Under Pillar A (Access) of its ASPIRe roadmap66, the SFC aims to integrate Hong Kong with global liquidity to foster the continued growth of Hong Kong’s digital asset ecosystem and advance Hong Kong as a global hub for innovation. The enhanced VA regulatory framework offers comprehensive, integrated regulation across the full VA value chain and regulatory clarity.
3. High-level summary of proposed licensing requirements and criteria
(i) VA dealing
What amounts to dealing in Non-securities VA?
The proposed scope aligns with Type 1 licence for dealing in Securities VA under the SFO regime and covers:
Any person, by way of business, making or offering to make an agreement with another person, or
Inducing or attempting to induce another person to enter into or offer to enter into an agreement, with a view to acquiring, disposing of, subscribing for or underwriting VAs.
Activities within scope may include payment service providers offering to buy or sell Non-securities VA to facilitate transactions, margin trading in Non-securities VA, Non-securities VA staking, Non-securities VA borrowing and lending, and possibly peer-to-peer transactions, or provision of decentralised or technological services if the activities fall within the scope of the licensing requirements having regard to their nature and substance.
Exemptions
Exemptions being considered by the FSTB and SFC include: transactions conducted through SFC-regulated VA dealers, transactions conducted as principal, intra-group transactions, use of Non-securities VA by purchasers of goods/services as payment for goods/services and stablecoin activities conducted by HKMA-licensed stablecoin issuers, as well as activities relating to Non-securities VA generated as rewards for ledger maintenance, or minted through SFC-regulated intermediaries.
(ii) VA custodian
What amounts to custody services for Non-securities VA?
The proposed scope aligns with the relevant scope of Type 13 licence for providing depositary services for relevant collective investment schemes under the SFO regime and covers:
Custodians which, by way of business, safekeep private keys or similar instruments enabling the transfer of Non-securities VA
Entities within scope may include associated entities of SFC-licensed VATPs, entities holding Type 13 licence under the SFO, and entities holding Type 9 licence under the SFO – if they provide VA custodian services by way of safekeeping the private keys (or similar instruments).
Exemptions
Exemptions being considered by the FSTB and SFC include top-layer trustees or fund managers delegating Non-securities VA custody to third-party custodians and HKMA-licensed stablecoin issuers only providing custody of stablecoins issued by them to clients.
Pending publication of the legislative bill setting out details of amendments to the AMLO, below is a high-level summary of some potential eligibility requirements and minimum criteria for obtaining licences for conducting Non-securities VA activities under the expanded AMLO regime.
VA dealing
VA custodian
Corporation
An applicant must either be:
(i) a locally incorporated company with a permanent place of business in Hong Kong, or (ii) a company incorporated elsewhere but registered in Hong Kong under the Companies Ordinance, Cap. 622 Laws of Hong Kong
Same as dealer
Financial resources
Except for banks which are subject to HKMA’s capital requirements, a dealer should have adequate financial resources for operating its Non-securities VA business. These include minimum paid-up share capital of HK$5 million and a minimum required liquid capital of up to HK$3 million (depending on business model). The SFC will also retain flexibility to impose additional financial resources requirements where necessary (e.g. excess liquid capital equivalent to at least 12 months of its actual operating expenses)
Except for banks which are subject to HKMA’s capital requirements, a custodian should have adequate financial resources for operating its Non-securities VA business. These include baseline financial resources of a minimum paid-up share capital of HK$10 million and a minimum required liquid capital up to HK$3 million (depending on the business model). The SFC will also retain flexibility to impose additional financial resources requirements where necessary (e.g. additional requirements calibrated with reference to scale of business)
Fit and proper tests
The applicant, its substantial shareholders, ultimate owners, directors and personnel carrying out the dealing functions are required to satisfy the fit and proper tests prescribed by the SFC
Same as dealer
Responsible officers
At least two responsible officers approved by the SFC or two executive officers approved by the HKMA (as the case may be) to be generally responsible for ensuring compliance with anti-money laundering/counter-financing of terrorism requirements and other regulatory requirements, and be held personally accountable in case of non-compliance
Same as dealer
Knowledge, experience and risk management
A dealer is required to have proper corporate governance structure with suitable personnel having necessary knowledge and experience to discharge their responsibilities effectively, and to put in place appropriate risk management policies and procedures for managing money laundering/terrorist financing and other risks
Same as dealer
Conduct of business
A dealer is required to act honestly, fairly, with due skill, care and diligence, in the best interests of its clients and integrity of the market, as well as comply with all statutory and regulatory requirements applicable to the conduct of its business activities
Same as dealer
Financial reporting and disclosure
A dealer should observe prescribed auditing and disclosure requirements and submit audited accounts
Same as dealer
Record keeping
A dealer is required to maintain proper records in relation to its business activities, with the SFC/HKMA having right of access as part of the regulator’s ongoing supervision
Same as dealer
Investor protection
A dealer should put in place measures to ensure investor protection and suitability of its services and products, such as client VA knowledge assessment, client risk assessment and risk profiling, and prevent and disclose actual or potential conflicts of interest
The SFC is still formulating regulatory requirements for mitigating the risks associated with VA custodian services. The SFC will build upon the regulations established for VATPs and use the VATP Guidelines77 (particularly Chapter X on Custody of Client Assets) as baseline reference. The SFC will also actively engage the industry as part of its early engagement process in setting regulatory requirements
Use of SFC-regulated custodians
In the early stage, the SFC will require a dealer to custody client Non-securities VA with SFC-regulated VA custodian service providers to ensure proper asset segregation and reduce insolvency, fraud and cyberattack risks
N/A
Information and notification
A dealer will be required to submit a wide range of information (for example, details in respect of wallet addresses used in the course of business, scope and nature of business, types of services offered to clients)
Same as dealer
4. Further consultations on Non-securities VA advisory and management
Further consultation by the FSTB and SFC on establishing the licensing regime for advisory and management services relating to Non-securities VA is scheduled to end on 23 January 2026.
(i) VA advisory
What amounts to advising on Non-securities VA?
The proposed scope aligns with Type 4 licence for advising on Securities VA under the SFO regime and covers:
Giving advice on whether, which, the time at which, or the terms or conditions on which Non-securities VA should be acquired or disposed of, or issuing analyses or reports to facilitate such decisions
Other proposals
Financial resources: Minimum paid-up share capital of HK$5 million; and minimum required liquid capital of HK$100,000 (for not holding client assets) or HK$3 million (in any other case)
Exemptions: Similar exemptions to Type 4 licence under the SFO regime. These may include solely advising wholly-owned group companies, acts wholly incidental to licensed VA dealing or VA fund management, advice of solicitors/counsels/CPAs wholly incidental to their professional practice, acts wholly incidental to registered trust companies’ discharge of duties, etc.
(ii) VA management
What amounts to managing Non-securities VA?
The proposed scope aligns with Type 9 licence for portfolio management of Securities VA under the SFO regime and covers:
Providing a service of managing a portfolio of Non-securities VA for another person
Other proposals
Financial resources: Minimum paid-up share capital of HK$5 million; and minimum required liquid capital of HK$100,000 (not holding client assets) or HK$3 million (in any other case)
Custody requirements: The SFC is considering whether VA management service providers should safekeep the Non-securities VA of private funds they manage only with SFC-regulated VA custodians, or whether they should have the flexibility to appoint any custodian
Exemption: The SFC is considering whether to exempt self-custody by private fund/venture capital fund managers of Non-securities VA up to a limited threshold
5. Further reading
FSTB and SFC conclude consultations on virtual asset dealer and custodian regimes, further consult on two new regimes
Further Public Consultation on Legislative Proposal to Regulate Virtual Asset Advisory Service Providers and Virtual Asset Management Service Providers
Public Consultation on Legislative Proposal to Regulate Dealing in Virtual Assets
Consultation Conclusions Legislative Proposal to Regulate Dealing in Virtual Assets and Further Public Consultation Legislative Proposal to Regulate Virtual Asset Advisory Service Providers and Virtual Asset Management Service Providers
Public Consultation on Legislative Proposal to Regulate Virtual Asset Custodian Services
Consultation Conclusions Legislative Proposal to Regulate Virtual Asset Custodian Services
Legal updates
13 January 2026
Legal updates
8 January 2026
The People’s Bank of China (PBOC) has unveiled The Action Plan for Further Strengthening the Digital Yuan Management Service System and Related Financial Infrastructure Construction (the “Action Plan”) (《关于进一步加强数字人民币管理服务体系和相关金融基础设施建设的行动方案》), which took effect on 1 January 2026.
The Action Plan lays down a new generation of digital yuan measurement framework, management system, operational mechanism and ecosystem.
Based on announcements by The State Council of the People’s Republic of China and various news agency reports, key take-aways compiled from the Action Plan are as follows:
1. Transition from digital cash to digital deposit currency
The Action Plan marks the transition of digital yuan from the digital cash era (数字现金时代) to the digital deposit currency era (数字存款货币时代).
This builds on experience accumulated from extensive domestic and cross-border trials of adopting digital yuan across a wide range of daily uses.
The digital yuan pilot programme covered use cases in retail transactions, dining, tourism, education, healthcare, public services and cross-border settlements.
The pilot established a reliable and scalable model for digital currency in both online and offline scenarios. As of the end of November 2025, China recorded 3.48 billion cumulative digital yuan transactions worth 16.7 trillion yuan (approximately USD2.37 trillion).
2. Objective of the upgraded framework
The enhanced system aims at providing technical support and regulatory framework for future development of digital yuan.
The new generation digital yuan will be account-based bank deposit liabilities of commercial banks – protected by deposit insurance and compatible with distributed ledger technology.
Issued within the financial system and commonly used as digital payment currency, it will be valuated and stored as a currency and perform cross-border payment and settlement.
The account system + coin string/chain + smart contract (账户体系+币串+智能合约) digitalisation plan aims at upgrading the existing bank account system, incorporating digital yuan wallets with emerging technology applications.
The objective is to:
Enhance digitalisation of RMB issuance, circulation, payment and other smart initiatives
Upgrade the digital yuan smart contract service platform and ecosystem to support construction of an open-source smart contract ecosystem
3. Cash-based digital currency 1.0 to deposit-based digital currency 2.0 (数字人民币现金型1.0版 → 存款货币型2.0版)
The Action Plan establishes the operational basis for classifying digital yuan held in commercial bank wallets as bank deposit liabilities.
Under the enhanced system, commercial banks are required to pay interest on real-name digital yuan wallet balances in accordance with deposit rate regulations. These balances are integrated into the regular asset-liability management practices of banks and protected by deposit insurance, in the same way as ordinary bank deposits.
4. Reserve requirement
Digital yuan operations are subject to the reserve requirement framework of the PBOC.
Wallet balances held by authorised commercial banks will be counted in the reserve requirement calculation, while non-bank payment institutions must deposit 100% reserves against the digital yuan under their management.
5. Digital yuan governance
To achieve the set objectives, it is crucial to maintain a stable and secure environment with an ongoing risk management framework.
On regulatory and management, the PBOC has established the Digital Yuan Management Committee (数字人民币管理委员会) to coordinate and supervise the relevant business lines collectively.
On implementation, operational security and continuity, a “two-wing” structure supporting domestic and international dual circulation is put in place. Under the management of the Digital Currency Research Institute (数字货币研究所), the Digital Yuan Operations Management Centre (数字人民币运营管理中心) and the Digital Yuan International Operations Centre (数字人民币国际运营中心) will be respectively responsible for the construction, operation and security safeguarding of the central bank’s digital yuan system and cross-border business system.
Sources:
China to enhance digital yuan management with deposit features starting 2026
数字人民币迎来重大调整__中国政府网
事关数字人民币,央行行动方案出炉,明年1月1日正式实施
央行:新一代数字人民币运行机制将于2026年1月1日正式启动实施–经济·科技–人民网 https://finance.people.com.cn/n1/2025/1229/c1004-40634653.html
数字人民币新方案元旦实施 余额可收息
2026年起数字人民币钱包余额可计息(政策速递)http://gs.people.com.cn/BIG5/n2/2025/1231/c183342-41459775.html
Legal updates
2 January 2026
The Hong Kong Monetary Authority (HKMA) launched the Intellectual Property (IP) Financing Sandbox in collaboration with the Commerce and Economic Development Bureau (CEDB) and the Intellectual Property Department (IPD) on 22 December 2025.
The initiative which was announced in the Chief Executive’s 2025 Policy Address11 aims to provide a collaborative and risk-controlled environment for banks to pilot IP financing arrangements with the support of the insurance, valuation, legal and other professions.
It was launched following engagement by the HKMA, CEDB and IPD with The Hong Kong Association of Banks, Chinese Banking Association of Hong Kong and relevant stakeholders in the IP financing ecosystem.
The IP Financing Sandbox seeks to explore ways to address the unique challenges of using IP assets such as patents, trademarks and copyrights to secure bank financing. These challenges include difficulties in valuating IP assets, the absence of a liquid and transparent secondary market, and the lack of a solid understanding of IP by many lenders and investors.
IP financing and ultimate objective
IP financing serves the unique needs of innovative enterprises – especially small and medium-sized enterprises (SMEs) – that are rich in IP assets but often lack tangible assets to secure bank financing.
The IP Financing Sandbox allows Authorized Institutions (AIs) to test the full lifecycle of an IP financing transaction and accumulate practical experience through real financing transactions.
With support from the other participating stakeholders and feedback from the HKMA, AIs can gain insights on crucial aspects of IP financing – including verifying the validity and enforceability of IP rights, obtaining independent valuation of the IP assets, performing credit risk assessment and credit approval, creating a charge or security interest over the IP assets where appropriate, and fulfilling loan drawdown requests from clients.
The initiative aims to improve access to financing for innovative enterprises with IP assets through promoting awareness of IP assets as a valuable asset class along with collaboration amongst AIs and other stakeholders.
The ultimate objective is to enhance development of an IP trading ecosystem in Hong Kong.
The government and the HKMA will oversee the implementation of the IP Financing Sandbox. The government, through CEDB and IPD, will assess the need for developing a set of local IP valuation guidelines incorporating standards that are acceptable to all stakeholders.
The HKMA will share good practices and consider the need for developing further supervisory guidance on the credit risk management aspect of IP financing.
Hong Kong’s three note-issuing banks are the inaugural participants of the IP Financing Sandbox. They have solicited interest from clients from the biotechnology, electronics and technology sectors to conduct pilot trials through the initiative.
Operating principles of the IP Financing Sandbox
Recognition of IP value: Participating AIs will take into account the value of IP assets owned by the borrowing enterprises, including but not limited to the fair value as defined in the International Financial Reporting Standards22, market value, equitable value/investment value and liquidation value, alongside a host of other relevant factors such as the borrower’s credit demand, overall financial position and repayment ability, in the credit underwriting process.
Independent IP valuation: IP valuation is expected to be conducted by independent IP valuation service providers who are members of reputable local or overseas professional organisations such as the Hong Kong Institute of Surveyors, the Hong Kong Institute of Certified Public Accountants, CFA Society Hong Kong and the Royal Institute of Chartered Surveyors. These IP valuation service providers are expected to use standardised methodologies for IP valuation such as the income, market or cost approach.
Risk management: Participating AIs should comply with applicable supervisory requirements on credit risk management and other risk areas, while participating enterprises should comply with the legal and regulatory requirements in respect of maintaining and developing the IP assets concerned.
Links to HKMA press release and circular
Hong Kong Monetary Authority – HKMA, CEDB and IPD launch IP Financing Sandbox
Intellectual Property Financing Sandbox (Annex)
Legal updates
30 December 2025
The Office of the Privacy Commissioner for Personal Data (PCPD) has issued its first guidance note on the threat of deepfakes.
The “Abuse of AI Deepfakes: Toolkit for Schools and Parents” (the “Toolkit”)11 published on 17 December 2025 explains the risks associated with the deepfake technology and provides tips on risk mitigation and protection of personal data privacy.
The Toolkit additionally warns of potential contraventions of the Personal Data (Privacy) Ordinance, Cap. 486 (PDPO) or other offences which may be associated with deepfakes.
Importantly, while the Toolkit is specifically intended for schools and parents, the legal principles and guidance are broadly relevant to other organisations and individuals in Hong Kong.
A. Deepfakes and common abuses
What is deepfake technology?
The term “deepfakes” refers to the use of deep learning – a technique of artificial intelligence – to create seemingly realistic but falsified images or audio or video content relating to people and/or objects.
Deepfakes can convincingly mimic and change a person’s face, voice or actions using personal data contained in images, videos or voice recordings. Common types include:
Face swapping: Replacing one person’s face with another in a photo or video
Face re-enactment (puppetry): Copying one person’s facial movements (e.g. expressions and/or lip movements) onto another person in real time or a recorded video
Face generation: Generating realistic images of people who do not exist
Lip-syncing: Matching a video of a person’s lip movements to an audio track, often cloned or altered, making it appear that the person is saying something that is never actually said
Voice cloning: Producing speech that closely resembles a person’s voice, including the accent and intonation
Potential and common abusive uses
Common types of abusive deepfakes include:
Image-based sexual violence
Cyberbullying and harassment
Scams and frauds
Fake news and disinformation
Abusive or malicious use of deepfakes is often designed to cause reputational damage, severe emotional or psychological harm, humiliation, defamation, sensitive personal data extraction, distortion of truth, or loss of money or other property.
Rising trend in personal data fraud
The PCPD received 1,158 enquiries relating to suspected personal data fraud in 2024 – an increase of 46% compared to 793 similar enquiries in 2023.22 The PCPD also noted the emergence of scams using AI deepfake technology to swindle money and/or personal data.
Fraudsters’ use of deepfakes include:
Manipulating public footage, using photos or audio recordings of government officials or celebrities to produce videos using AI deepfake technology to deceive people into investing in fake investment schemes
Impersonating scammed victims’ friends, relatives or colleagues by deepfake images or videos using their biometric data such as facial images or voice from social media, video calls or online public footage
Impersonating other people and pretending to be interested in developing a relationship with the scammed victims
B. Potential contraventions of PDPO and other offences
Abusive or malicious use of deepfakes may fall foul of the PDPO and other laws.
PDPO
Data Protection Principles 1 and 3
The use of personal data to create and/or share deepfake materials may contravene Data Protection Principle 3, which limits use of personal data to the original purpose of data collection (or a directly related purpose). Any use beyond such purposes is only permitted if the individual concerned has given express and voluntary consent.
The requirements of Data Protection Principle 1 on collection of data may also be contravened if personal data is collected on an unlawful or unfair basis.
Doxxing
Creating or disclosing malicious deepfake materials may constitute a criminal offence.
Specifically, sharing deepfake material containing personal data of an individual without their consent may constitute doxxing under section 64 of the PDPO.
This will be the case if the person shared the material with intent to cause or was reckless about whether any specified harm33 (including bodily or psychological harm) would be caused, or would likely be caused, to the individual or their family members.
Other criminal offences
Perpetrators using abusive or malicious deepfakes may commit other criminal offences, including:
Publication or threatened publication of altered intimate images created by deepfake technology without consent – sections 159AA and 159AAE, Crimes Ordinance (Cap. 200)
Producing child pornography using deepfake technology – section 3, Prevention of Child Pornography Ordinance (Cap. 579)
Using deepfake technology to commit fraudulent activities – sections 16A and 17, Theft Ordinance (Cap. 210)
C. Risk mitigation and protection of personal data security
Risks faced by organisations
How organisations may fall victim to fraud and impersonation:
Fraudsters may use cloned voices or videos to impersonate individuals, including customers, employees and business partners to extract sensitive personal data or swindle organisations out of money or other property.
How organisations may also face the risk of facilitating use of deepfakes:
Organisations involved in abusive or malicious use of deepfakes may be exposed to legal, compliance, reputation risk and other liabilities.
Practical tips for organisations:
Strengthen personal data security and enhance identity verification process, particularly for high-risk transactions and communications
Put in place a response plan with clear procedures for responding to deepfake incidents, with a designated crisis management team for handling these incidents
Raise awareness within the organisation by providing suitable training on a regular basis to staff and personnel, including fraud detection techniques
For further advice or assistance, please contact our lawyers Sara Or and Michelle Ng.
People
Find a lawyer
Learn more about our lawyers and the work they do for clients in Hong Kong, across the region and globally.
View all
Responsible business
Explore
Careers
At Johnson Stokes & Master, we provide a pathway for your professional growth and advancement. With our deep-rooted and extensive history, we invite you to explore current opportunities to join us, thrive in a supportive environment, and make a meaningful impact for our clients.
View more
