Background For nearly two centuries, Hong Kong has adopted a “deeds registration system” under the Land Registration Ordinance (Cap. 128 of the Laws of Hong Kong) (“LRO”). The existing deeds registration system governs priority of instruments registered in the Land Registry, but does not serve as a guarantee of title to the property. As a result, in order to ascertain whether a vendor has good title, it is still common practice for the purchaser to engage solicitors to inspect historical title deeds and documents relating to the relevant property for each conveyancing transaction. This title investigation process is labour-intensive, time consuming, and sometimes inevitably subjective and uncertain. Further, upon completion of each transaction, the purchaser or mortgagee must safekeep the voluminous title deeds and documents, which will similarly be required for future transactions. On the other hand, a “title registration system” recognises the person registered in the title register kept by the Land Registry (“Title Register”) to be the true owner, and the Title Register will be conclusive evidence of title. A title registration system was introduced by the enactment of the Land Titles Ordinance (Cap. 585 of the Laws of Hong Kong) (“LTO”) in 2004, but the LTO has yet to come into operation to date due to a number of unresolved legal and operational issues. After lengthy consultation and discussion, on 28 February 2025, the Hong Kong Government gazetted the Registration of Titles and Land (Miscellaneous Amendments) Bill 2025 (“Amendment Bill”) to amend the LTO, with a view to implementing the title registration system by stages. The title registration system, as modified in the Amendment Bill, will represent a significant step forward in modernising the land system in Hong Kong, which we welcome and support. The Amendment Bill will revamp almost the whole LTO and is a piece of complex and extensive legislation. In the first part of this update, we summarise the legal positions and key differences under the existing regime, the LTO and the Amendment Bill. In the second part, we have selected and further elaborated on some salient features of the Amendment Bill which may be of interest to readers. Any reference to a section of the LTO in this update is a reference to the relevant section of the LTO as may have been amended or added by the Amendment Bill. “New Land First” proposal Before delving into the summary, the most significant feature of the Amendment Bill is certainly the Government’s proposal to adopt the title registration system to “new land” first. The concept of “new land” is introduced in the Amendment Bill to mean land held under a Government lease or an agreement for a Government lease granted on or after the commencement date of the LTO. Subject to certain exceptions (please refer to item 1 of Part 2 below), “new land” generally includes land granted by the Government through land sale, private treaty grant and land exchange (each a “New Land”). New Land is free from prior interests or title defects and provides a clean start to the Title Register. After the implementation of the title registration system to New Land, the Government will work out the mechanism for conversion or transition of the existing land interests into the Title Register. Part 1 – A succinct summary The legal positions and key differences under the existing regime, the LTO and the Amendment Bill are summarised below: View the table in actual size Part 2 – Salient features We have selected some salient features of the Amendment Bill for further elaboration below. 1. Exceptions to New Land Some pieces of land may at first glance appear to fall within the scope of New Land, but are in fact excluded from the title registration system for the time being, namely: land held under short term tenancy from the Government which is usually of temporary nature (typically for seven years or less); land granted to extend the term or size of an existing Government lease (e.g. by an extension letter); land where the lease is modified without being surrendered and re-granted (e.g. by deed of variation or modification letter); land deemed to be held under a new Government lease upon renewal by virtue of the Government Leases Ordinance (Cap.40 of the Laws of Hong Kong); land under a Government lease deemed to be issued upon issuance of Certificate of Compliance by virtue of the Conveyancing and Property Ordinance (Cap.219 of the Laws of Hong Kong); and land held under a direct lease from the Government under the Block Crown Lease (Cheung Chau) Ordinance (Cap.488 of the Laws of Hong Kong). 2. Indefeasible title Under the existing LTO, the MR rule allows the court to restore ownership to innocent former owners if they lost their titles as a result of fraud. The Amendment Bill proposes to abolish the MR rule (by repealing the relevant section under the existing LTO). This provides for title certainty to a purchaser who genuinely pay for valuation consideration to buy the property. The innocent former owner would have no recourse against such purchaser, but could instead be potentially compensated through the Indemnity Fund, subject to the revised cap of HK$50 million. However, where the purchaser is a party to the fraud or has knowledge of the fraud or has contributed to the fraud (in other words, the purchaser is not bona fide), the court may still grant an order to rectify the Title Register under section 82 of the LTO. The Land Registrar will also have the power to make a restriction order under section 78 of the LTO to prohibit the registration of property transfer if fraud is suspected. 3. Nature of indemnifiable loss and time limit for application For parties entitled to be compensated for their loss of title through the Indemnity Fund, sections 85 and 85D of the LTO clarify the amount of indemnity payable in case of fraud, mistake or omission. Generally, the amount which a person is entitled to be indemnified in relation to a fraudulent entry is the lesser of: the value of the indemnifiable interest as at the date on which a specified order is made in relation to the entry; and the value determined by the Financial Secretary. On the other hand, the amount indemnifiable in case of mistake or omission is the actual and foreseeable amount of loss suffered as a result of the indemnifiable mistake or omission. Those entitled to be indemnified should be mindful of the time when the application has to be made. If the court is satisfied that an entry was registered or omitted by fraud, mistake or omission, and subsequently makes a specified order to rectify, the party who failed to recover the property must claim for indemnity within one year after the rectification order is made. 4. Introduction of “overriding interests” Under the existing registration system, registrable instruments that are not registered in the Land Registry would be void against bona fide purchaser or mortgagee for valuable consideration, except that this does not apply to a tenancy or lease at market rent for less than three years. The LTO and the Amendment Bill introduce a list of exhaustive definitions of “overriding interests”, which are interests that affect the land despite not being registered, such as (among others) easements out of necessity and rights of way. This means that the registered owners of New Land may be subject to certain unregistered overriding interests. That said, under section 46 of the LTO, generally the vendor will have an obligation to provide the purchaser with the full particulars of the relevant overriding interests which the vendor has, or ought reasonably to have, knowledge. Under section 48 of the LTO, the grant of lease of New Land could only be effectual if such lease is registered in the Title Register. This raises the question of whether a tenancy or lease at market rent held in good faith for less than three years (which is not required to be registered under the existing the LRO) must also be registered in the Title Register. To align with this prevailing legal position, both LTO and the Amendment Bill have already specified such tenancy or lease as an overriding interest, the registration of which in the Title Register is not necessary. 5. Interests of purchasers for valuable consideration not affected by notice Interests not registrable under the existing LRO (such as resulting trust or constructive trust in favour of other family members or occupants of the property) are common in Hong Kong due to informal family arrangement. Under the doctrine of notice, a purchaser who has actual or constructive notice of such non-registrable interests will take the property subject to such non-registrable interests. After section 28A of the LTO comes into operation, purchasers of New Land for valuable consideration without fraud will no longer be affected by such non-registrable interests. The exception is when the purchaser acquired the property as a result of fraud, even though the purchaser has paid valuable consideration for acquiring the property. The operative effect of this section 28A also means that the doctrine of notice in Wong Chim-Ying v Cheng Kam-Wing ([1991] 2 HKLR 253) will cease to apply to New Land, to the extent varied by section 28A. Practically, this means that, in the absence of fraud, even if a purchaser is aware of certain non-registrable interests in a property, their title to the property will not be affected by such non-registrable interests. 6. Effect of breach of trustee’s duty A trustee may be registered as owner, chargee or lessee of New Land. If the trustee disposes of New Land in breach of the trustee’s duty, the transaction will still be valid and enforceable if the purchaser is bona fide acting in good faith and has provided valuable consideration. The disposition cannot be overturned simply because of the breach of trust. While the above protection is offered to bona fide purchasers, the LTO and Amendment Bill do not extend the indemnity to other affected third parties (such as the beneficiaries of the relevant trusts). In other words, such third parties will probably have to claim relief against defaulted trustees through legal proceedings for breach of duty. 7. Rights of succession The LTO and the Amendment Bill stipulate that certain succession rights in relation to New Land will not be affected by the title registration system. Specifically, under section 58 of the LTO, the right of owners of New Land to dispose of their New Land through a will is preserved. The law governing intestate succession also remains unchanged. Furthermore, the operation of sections 15 and 18 of the New Territories Ordinance (Cap.97 of the Laws of Hong Kong), which address matters related to land in the New Territories, is preserved by the said section 58 (to the extent they apply to New Land). The law of intestate succession is also not affected by the LTO and the Amendment Bill. Nevertheless, it is very common for beneficiaries under intestate estate to enter into deed of family arrangement to reallocate the distribution of estate among the beneficiaries. It remains to be seen how such family arrangement may interact with the title registration system. 8. Stamp duty charge on the registered land The Amendment Bill provides (through a proposed additional amendment to the Stamp Duty Ordinance (Cap.117 of the Laws of Hong Kong)) that there will be a charge in favour of the Collector of Stamp Revenue on the registered land, when an instrument relating to the registered land is submitted to the Stamp Office for adjudication and the adjudication is pending. Such charge will stand until the earlier of the date on which such instrument is stamped, or the date on which the Stamp Office confirms that no stamp duty is payable on such instrument or that such instrument is not chargeable with stamp duty. There is uncertainty (from the text of the LTO and Amendment Bill) as to how this charge impacts on the security of banks and lenders who provide secured financing involving instruments that require adjudication. Banks and lenders may therefore have to seek additional legal protection from the borrower to cover such potential stamp duty exposure. 9. Interaction with Companies Ordinance Section 37(2) of the LTO states that in relation to registered charges, in case of conflict or inconsistency between the provisions of the LTO and the provisions of Part 8 of the Companies Ordinance (Cap.622 of the Laws of Hong Kong), the latter should prevail over the LTO. One important possible consequence is that if a company creates a charge relating to registered land, such charge should be registered in both Title Register and the Companies Registry. However, where the charge is (only) registered in the Title Register but is not registered with the Companies Registry within the prescribed time period, the charge will then be void against any liquidator and creditor of the company by virtue of section 337 of the Companies Ordinance. The registration of the charge in the Title Register cannot cure such defect. Conclusion As mentioned above, we welcome the introduction of the title registration system beginning with New Land first, as we agree that it will offer a higher degree of certainty in property ownership, simplify the traditional conveyancing process and enhance business efficiency in property transactions with respect to New Land. As the Amendment Bill will go through discussions and debate in the Legislative Council, we expect there will be further improvements and clarifications. Inevitably, there are also likely to be teething problems and legal issues arising from the new regime coming into force. Meanwhile, we also look forward to the Government introducing plans in due course for a progressive, comprehensive and seamless conversion of existing lands registered under the LRO to become lands regulated under the title registration system. Our team is prepared to support and guide our clients on any issues relating to the title registration system which they may encounter. Please feel free to reach out to any of us if you have any enquiry or would like to learn more on how we can help you to better prepare for the implementation of title registration system.

After nearly two years of deliberation and consultation with various stakeholders, the Protection of Critical Infrastructures (Computer Systems) Bill (the “Bill”) was passed by the Legislative Council on 19 March 2025. As stated by the Secretary for Security, Chris Tang, the purpose of the law is to “establish legal requirements for organisations designated as critical infrastructure operators”. The Bill is expected to come into effect on 1 January 2026. Last year, we published an update discussing the initial proposed legislative framework (“Proposed Framework”) and another update summarising the Security Bureau’s response to stakeholders’ feedback regarding the Proposed Framework (“Consultation Report”). This legal update provides a brief overview of the scope as well as the main obligations under the Bill. We also discuss specific issues that entities regulated by the Bill should be mindful of. Scope of regulation There are three definitions essential to understanding the Bill and the scope of its regulation: (i) critical infrastructures (“CI”), (ii) CI operators (“CIOs”) and (iii) Critical Computer Systems (“CCS”). Designations of CI and CIOs The Bill imposes various obligations on CIOs, i.e. organisations that operate CI. The Bill provides that CI are those essential to the continuous provision in Hong Kong of an essential service in 8 designated sectors, namely: (1) energy, (2) information technology (IT), (3) banking and financial services, (4) air transport, (5) land transport, (6) maritime transport, (7) healthcare services and (8) telecommunications and broadcasting services (“Designated Sectors”).     It is worth noting that an infrastructure not within the eight Designated Sectors may still be considered as a CI if damage or loss of functionality to it may hinder or substantially affect the maintenance of critical societal or economic activities in Hong Kong. Examples may include major sports and performance venues or major technology parks. However, the Bill does not provide definitions of the Designated Sectors. The Consultation Report acknowledged that stakeholders had called for a clearer and narrower definition of the IT sector, but the Security Bureau maintained its position and stated that it would communicate with potential CIOs before designating them as such. Designations of CCS The Bill provides that a CCS is one that is accessible by a CIO in or from Hong Kong and that is essential to the core function of a CI. The Bill applies to CCSs and CIs whether they are in-house or outsourced. Extraterritorial application The Consultation Report clarified that the Bill does not have extraterritorial effect. The Commissioner of Critical Infrastructure (Computer-system Security) (the “Commissioner”) will only request information that is accessible by CIOs with offices set up in Hong Kong. With this in mind, CIOs that operate in multiple jurisdictions should carefully consider the access granted to a CIO’s office in Hong Kong. Obligations of CIOs The Bill provides three main categories of obligations to be borne by CIOs: Organisational obligations (Category 1 Obligations) Maintain a physical office in Hong Kong for carrying on the CIO’s business (i.e. it is not merely a correspondence address) Report any change in operatorship of CIs within 1 month from when the change occurs Set up a computer-system security management unit (in-house or outsourced) Preventive obligations (Category 2 Obligations) Notify the following to the Commissioner’s Office within 1 month of its occurrence: material changes in design, configuration, security or operation, etc. of CCS addition / removal of CCS to the CI changes that render an existing system essential to the core function of the CIO Formulate, implement and submit a computer-system security management plan11 within 3 months after receiving designation as CIO (unless an extension is granted) Conduct a computer-system security risk assessment at least once every 12 months and submit a report within 3 months after each assessment period (unless an extension is granted) Conduct an independent computer-system security audit at least once every 24 months and submit a report within 3 months after each audit period (unless an extension is granted) Incident reporting and response obligations (Category 3 Obligations) Participate in a computer-system security drill organised by the Commissioner’s Office Formulate an emergency response plan22 and submit the plan within 3 months after receiving CIO designation Notify the Commissioner of computer-system security incidents: Incidents which have disrupted or are disrupting or likely to disrupt the core function of CI will need to be reported within 12 hours after CIO becoming aware of the incident Other incidents need to be reported within 48 hours after CIO becoming aware of the incident. A written report of the incident shall be submitted within 14 days from the date on which CIO first becomes aware of the incident   Non-compliance with the obligations under the Bill may constitute offences punishable with maximum fines ranging from HK$500,000 to HK$5 million. If it is a continuing offence, the daily additional maximum fine ranges from HK$50,000 to HK$100,000 for every day during which the offence continues. It is important to note that the defences of “due diligence” (i.e. the commission of the offence was due to a cause beyond the defendant’s control and the defendant has taken all reasonable precautions and exercised all due diligence to avoid committing the offence) and “reasonable excuse” (i.e. the defendant has sufficient evidence to raise an issue that it had such a reasonable excuse and contrary is not proved by the prosecution beyond reasonable doubt) are available for certain offences under the Bill. The penalties under the Bill only apply to CIOs at the organisation level and do not extend to senior management at the individual level. However, if the violations involve criminal acts such as providing false information or fraud-related activities, then the relevant individuals may be held personally liable for those criminal acts. Regulatory and enforcement authorities The Bill will be enforced by the Commissioner’s Office, which is expected to be established by June this year.33 The Bill also designates regulators of certain industries as designated authorities, which now only include the Monetary Authority (to regulate the banking and financial services sector) and the Communications Authority (to regulate the telecommunications and broadcasting services sector). Potential issues for further consideration Being the first legislation of its kind in the city, some concepts in the Bill may require further clarification to enable effective compliance by CIOs. We highlight a few issues below which CIOs may need to consider when preparing for compliance with the Bill. (1) What is a computer-system security incident? CIOs have an obligation to notify and respond to computer-system security incidents (“Security Incidents”). A Security Incident is defined in the Bill to mean an event that involves unauthorised access to the CCS, or any unauthorised acts done on or through the CCS or another computer system that has an actual adverse effect on the computer-system security of the CCS. “Adverse effect” is not defined in the Bill, and it is possible the Commissioner or designated authorities may release further codes of practice to elaborate on this term. The Secretary for Security has clarified the term can generally be understood as “compromising or undermining of the availability, integrity and confidentiality of the information or services of a CCS or its protection ability.”44 The Consultation Report noted the Code of Practice (“CoP”) will provide guidelines and examples on what would amount to Security Incidents. In the meantime, it may be helpful to take reference from similar legislations in other jurisdictions to understand the types of incidents that may constitute “adverse effect” to CCS. Singapore Singapore’s Cybersecurity Act 2018 adopts a similar definition for “cybersecurity incident”, which is defined as “an act or activity carried out without lawful authority on or through a computer or computer system that jeopardises or adversely affects its cybersecurity or the cybersecurity of another computer or computer system“.55 In the Explanatory Statement for Cybersecurity Act 2018, it was further explained that a cybersecurity incident is a cybersecurity threat that has been realised, with the following examples provided:66 The unauthorised hacking of a computer; The accessing of a hyperlink in a phishing email that results in the installation of a malicious computer program; and The opening of an infected document in an email that results in the execution of a malicious computer program. The United Kingdom The United Kingdom’s Network and Information Systems Regulations 2018 provides that essential service operators should report incident (which is defined as any event having an actual adverse effect on the security of network and information systems) which have significant impact on the continuity of the relevant essential services.77 While what may constitute significant impact may vary depending on the industry, the following factors are relevant in determining the significance of impact: The number of users affected by the disruption of essential services; The duration of the incident; and The geographical area affected by the incident. (2) Where do the codes of practice stand in the legislative regime? The Bill provides that a regulating authority may issue codes of practice to provide practical guidance on how CIOs are to comply with their obligations under the Bill. The codes of practice are not part of the Bill and the failure to comply with a code of practice does not give rise to any civil or criminal liability per se. However, CIOs should note that the codes of practice are admissible evidence in legal proceedings and that proof of contravention of such may be relied on by parties to the proceedings. (3) What are regulated organisations? The Bill provides parallel regimes for the regulation of CIOs and regulated organisations. Regulated organisations are CIOs specified in the Bill that are regulated by specified designated authorities. All other CIOs are regulated by the Commissioner. The parallel regimes may prevent double reporting obligations by the regulated organisations. Regulated organisations are not subject to any less obligations than other CIOs under the Bill, but the major difference being that they are regulated by different authorities and thus they have different points of contact when fulfilling their statutory obligations. It is worth noting designated authorities only regulate Category 1 and 2 Obligations. It seems the Bill intends for the Commissioner to regulate Category 3 Obligations (i.e. obligations relating to incident reporting and response) for all CIOs. Therefore, CIOs operating in banking and financial services and telecommunications and broadcasting services sectors are likely to have to notify multiple authorities if they become aware of a Security Incident. Currently, the Bill only specifies the designated authorities and regulated organisations in the table below. It is anticipated that more may be added to the list in the future. Relevant sector Designated authority Regulated organisations Banking and financial services Monetary Authority Authorised institutions Licensees as defined by section 2 of Payment Systems and Stored Value Facilities Ordinance (Cap. 584) Settlement institutions of a designated system System operators of a designated system Tele-communications and broadcasting services Communications Authority Holders of a unified carrier licence Holders of a space station carrier licence Domestic free television programme service licensees Licensees as defined by section 13A(1) of Telecommunications Ordinance (Cap. 106)   (4) What should a computer-system security risk assessment cover? A CIO must conduct regular computer-system security risk assessments, which shall include, among other things, a vulnerability assessment and a penetration test. Vulnerability assessment is defined to mean “an assessment that (a) systematically examines the system for known vulnerabilities; and (b) aims at identifying the vulnerabilities of the system for preventing any exploitation of them.” Penetration test means “a test that (a) simulates an attack on the system by electronic means and (b) aims at identifying the vulnerabilities of the system through the simulated attack.” (5) What are the requirements for computer-system security management plans and emergency response plans? CIOs are required to submit a computer-system security management plan and an emergency response plan that cover matters specified in Schedule 3 of the Bill within 3 months after their designation as CIOs. Importantly, the submission of these plans is some of the earliest obligations that CIOs need to fulfil upon their designation. As the Bill imposes extensive requirements on these plans, potential CIOs should plan and start preparing them in early course. CIOs should review their upcoming budgets and ensure they allocate sufficient resources for complying with the requirements under the Bill, especially when external consultants may need to be engaged. Requirements on computer-system security management plans The Bill provides for general matters that a computer-system security management plan should cover, including: and personnels responsible for the risk management of the CCS; The process of identifying the computer systems essential to the functioning of the critical infrastructures; Policies and guidelines for the identification of risks relating to computer-system security, detection of threats, controlling of access to systems, etc.; and The provision of training to staff whose work relates to the computer-system security of the CCS. A computer-system security management plan should also include an emergency response plan. Requirements on emergency response plans The Bill provides that emergency response plans should at a minimum cover the following matters: The division of work in the team responsible for responding to Security Incidents. The threshold for initiating the emergency response plan. Procedures for reporting Security Incidents. Procedures for investigating causes and impacts of Security Incidents. The recovery plan for resuming the normal operation of the critical infrastructure. The plan for communicating with stakeholders and the public regarding Security Incidents. Post-incident measures for preventing the recurrence of Security Incidents. Policies and guidelines for reviewing any submitted emergency response plans. Concluding remarks The Bill is welcomed as the designated critical infrastructures are essential to the functioning of the city. A cyber security attack on any of the designated sectors will not only bring about serious disruption but economic damage. Greater digitalisation and rising cyber threats highlight the existential risk posed by cyber incidents. The introduction of such a legal regime will result in CIOs adopting more robust cyber security measures to protect not only their own systems, but the larger network of essential services they support. And companies or vendors that interact with CIOs will be required to up their game as well (e.g. these companies will need to implement security protocols and update their cyber defences). For CIOs third-party risk management practices are fundamental. As we highlighted above, the various planning, reporting and response obligations imposed by the Bill and the ambiguities in regulatory scope may present challenges to potential CIOs. Preparation in advance and close communication with the regulating authorities will be essential in ensuring compliance. CIOs should also stay abreast of the regulatory development in this area, particularly with regards to the release of the CoP as it will provide the detailed standards and other guidance on compliance with the Bill. The Cybersecurity Team at JSM has extensive experience advising clients in both public and private sectors on the complex legal issues arising from high-stakes cybersecurity incidents. We also support organisations in pre-incident preparations, including the development of internal policies, procedures, playbooks and response plans, as well as offering trainings and tabletop simulation exercises to ensure that your organisation is prepared to meet the requirements of the Bill when it comes into force. Please feel free to contact us if you have any compliance enquiry or would like to learn more on how we can help you better prepare for legal risks arising from cyber incidents.

Banks have certain activities related to insurance, such as referrals, premium financing and trust arrangements. Under Section 64G of the Insurance Ordinance Cap. 41 (“Ordinance”), a person cannot carry on regulated activities without an insurance intermediary licence. Regulated activities include negotiating or arranging a contract of insurance, inviting or inducing a person to enter into, or make a material decision on, a contract of insurance, and giving regulated advice. Material decision and regulated advice refer to activities such as making an insurance application, renewing, cancelling or assigning an insurance policy. Given the broad definition of regulated activities, certain insurance-related activities of the bank may be regarded as regulated activities. A copy of the Explanatory Note can be access here. The Insurance Authority has provided some guidance under the Explanatory Note in relation to the licensing requirements for banks under the new regime. However, whether an activity amounts to a regulated activity will depend on full factual context and this will need to be considered objectively. The Explanatory Note clarifies that “inviting or inducing” requires an element of encouraging, convincing or persuading a person, and is more than just mere provision of information. A summary of the FAQs in the Explanatory Note is set out below. Activity Not likely a regulated activity if a bank staff … Likely a regulated activity if a bank staff … Referral Discusses general concepts of insurance as part of financial planning (e.g., discuss concept of annuity) and refers clients to a licensed insurance intermediary if clients have expressed interest Informs clients the conditions of lending (e.g., fire insurance is a requirement for mortgage application) and refers clients to a licensed insurance intermediary Actively approaches clients to discuss specific insurance products Encourages clients to purchase particular insurance products from a licensed insurance intermediary (e.g., offers preferential premium financing rates for specific insurance products) Obtains a direct remuneration for successful referrals Premium financing Provides clients with the terms of a loan and the credit underwriting criteria Encourages clients to apply for premium financing and to assign the policy to the bank Takes the initiative to introduce premium financing to clients (this is regarded as encouraging or persuading clients to apply for insurance) Policy assignment Informs clients that policy assignment is a condition of lending Goes beyond merely providing the terms of a loan and recommends particular insurance products Exercising rights under insurance policy Exercises rights under the loan (e.g., exercising rights as an assignee of an insurance policy) Trust arrangement Provides information about possible holding structure options, including trusts. Bank staff should make it clear that they are not providing any recommendation or opinion about using trust structure, and should recommend clients to discuss this with a licensed insurance intermediary. Reminds clients to check the terms of their insurance contract and whether there are any restrictions against trust structures Provides recommendation to hold insurance policy on trust Having known about the restrictions in the insurance contract against trust structures, encourages or persuades clients to purchase another insurance policy with no such restriction   Comment The Explanatory Note provides useful guidance to the banking sector in carrying out various insurance-related activities, including whether such activities may constitute regulated activities and therefore require an insurance intermediary licence. The entire factual context will need to be considered and it should be viewed objectively (from the client’s perspective) as to whether the activities may be seen as encouraging or persuading the client to apply for, or make a material decision on, insurance, or advising about insurance matters. In particular, when providing premium financing terms or other lending terms, bank staff need to be careful to only inform clients of the terms and conditions of lending and not to encourage or persuade clients to apply for certain insurance products, or to give opinions about the suitability of particular insurance products. Banks should also review the remuneration structure of staff who are involved in referral activities to ensure there is no direct incentive for any non-licensed person to carry out regulated activities. Banks should also ensure there is proper monitoring and supervision of staff, as well as dedicated policies and procedures, in respect of insurance-related activities. * This legal update was first published in 2019 and JSM was known as Mayer Brown when it was issued.