Hong Kong’s SFC Updates Guidance on Tokenised Securities-Related Activities

November 10, 2023

On November 2, 2023, Hong Kong’s Securities and Futures Commission (“SFC”) published two circulars providing guidance to intermediaries engaging in tokenised securities-related activities (the “Tokenised Securities Circular”),[1] and on the tokenisation of SFC-authorised investment products (the “Investment Products Circular”) (collectively, the “Circulars”).[2]

As further explained below, the Circulars reflect a distinct evolution in the SFC’s views on tokenised securities, in particular by explicitly superseding the SFC’s previous March 2019 statement characterising security tokens as complex products requiring extra investment protection measures and restricting their offering to professional investors (the “March 2019 Statement”).[3] Instead, the SFC has made it clear in the Tokenised Securities Circular that it now considers tokenised securities to be traditional securities with a tokenisation wrapper, as discussed further below, and has noted that there is a growing interest in tokenising traditional financial instruments in the market, including the issuance and distribution of tokenised funds by fund managers and management of funds that invest in tokenised securities. The two Circulars aim to assist intermediaries interested in exploring tokenisation by providing more guidance on regulatory expectations with respect to tokenised securities-related activities and how to address the risks specific to tokenised securities.

I. The Tokenised Securities Circular represents an important evolution in the SFC’s views of Tokenised Securities

As a starting point, the SFC has indicated that for the purposes of the Tokenised Securities Circular, it considers tokenized securities to be traditional financial instruments (e.g. bonds or funds) that are securities (as defined in the Securities and Futures Ordinance (“SFO”)) which utilise distributed ledger technology (e.g. blockchain technology) (“DLT”) or a similar technology in their security lifecycle (“Tokenised Securities”).[4] In the SFC’s words, these securities are “fundamentally traditional securities with a tokenisation wrapper”. Given this, the SFC has emphasised in the Tokenised Securities Circular that the existing legal and regulatory requirements for securities will continue to apply to Tokenised Securities.

In taking this approach, the Tokenised Securities Circular represents an important step forward from the March 2019 Statement, which characterised Security Tokens as complex products and imposed a “professional investor-only” (“PI-only”) restriction on the distribution and marketing of these securities. However, the SFC has now made it clear that tokenisation should not alter the complexity of the underlying security. Therefore, instead of a blanket categorisation of Tokenised Security as a “complex product”, the SFC now instructs intermediaries to adopt a “see-through approach”. In other words, intermediaries should determine the complexity of a Tokenised Security by assessing the underlying traditional security against the factors set out in the Guidelines on Online Distribution and Advisory Platforms and the Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission (the “Code of Conduct”),[5] as well as guidance issued by the SFC from time to time.

Similarly, the SFC has indicated that as Tokenised Securities are fundamentally traditional securities with a tokenisation wrapper, there is no need to impose a mandatory PI-only restriction. However, the offerings of Tokenised Securities to the Hong Kong public will continue to be subject to the prospectus regime in the Companies (Winding Up and Miscellaneous Provisions) Ordinance and offers of investments regime under Part IV of the SFO (“Public Offering Regimes”). As such, Tokenised Securities that have not complied with the prospectus requirements or offers of investments regime can only be offered to PIs.

The SFC has also noted that existing conduct requirements for securities-related activities will apply to the distribution of or advising on Tokenised Securities, management of funds investing in Tokenised Securities and secondary market trading of Tokenised Securities on virtual asset trading platforms.

II. Key regulatory expectations when engaging in Tokenised Securities-related activities

The Tokenised Securities Circular goes on to set out guidance regarding the SFC’s expectations for intermediaries choosing to engage in Tokenised Securities related-activities, as summarised below.

Risk management considerations

The SFC has emphasised in the Tokenised Securities Circular that its approach remains “same business, same risks, same rules”. However, the SFC considers that tokenisation has created new risks for intermediaries in relation to ownership (e.g. in relation to how ownership interests are transferred and recorded) and technology risks (e.g. forking, network outages and cybersecurity risks).

These risks can vary depending on the type of the DLT network utilised for the Tokenised Securities, with the SFC flagging that intermediaries should apply particular caution in relation to Tokenised Securities in bearer form issued using permissionless tokens on open, public network that does not restrict access for privileges and offers decentralised, anonymous, and large-scale user base (“Public-Permissionless Network”). This is on the basis that these sorts of securities are exposed to increased cybersecurity risks due to the lack of restrictions for public access and the open nature of these networks. In the event of a cyberattack, theft or hacking, the SFC has flagged that investors may experience increased difficulties in recovering their assets or losses, and may face potentially substantive losses without recourse. Intermediaries should address such risks accordingly by adopting adequate safeguards and controls.

Considerations for intermediaries engaging in Tokenised Securities-related activities

In general, the SFC has noted that:

Intermediaries engaging in Tokenised Securities-related activities need to ensure that they have appropriate manpower and expertise to understand and manage the nature of these activities, especially the new risks posed by the underlying technology.
Intermediaries must also ensure that they act with due skill, care and diligence, and perform due diligence on both the underlying product (e.g. the underlying security such as a bond which is being tokenised) and the technology used for the tokenisation.

Issuance of Tokenised Securities

Where intermediaries issue or are substantially involved in the issuance of Tokenised Securities which they also intend to deal in or advise on (e.g. fund managers of tokenised funds), the SFC will consider that these intermediaries remain responsible for the overall operation of the tokenisation arrangement, even if they have entered into outsourcing arrangements with third party vendors or service providers. The SFC has set out a non-exhaustive list of considerations that intermediaries involving in issuance should consider in relation to technical and other risks (see Part A of the Appendix to the Tokenised Securities Circular).[6] These considerations include, for example, the experience of the third party vendors involved in the tokenisation process, the robustness of the DLT network, data privacy risks and enforceability of the Tokenised Security.

The SFC has also stated that for custodial arrangements, intermediaries should consider the features and risks of the Tokenised Securities when considering the most appropriate custodial arrangement in relation to such Tokenised Securities, and that it expects custodial arrangements for bearer form Tokenised Securities using permissionless tokens on Public-Permissionless Networks to take into consideration the factors set out at Part B of the Appendix.[7] These factors include, for example, the custodian’s management of conflicts of interest, its cybersecurity risk management measures and its experience in providing custodial services for Tokenised Securities.

Dealing in, advising on, or managing portfolios investing in Tokenised Securities

Intermediaries should conduct due diligence on the issuers and their third party vendors / service providers, as well as the features and risks arising from the tokenisation arrangement when dealing in, advising on, or managing portfolios investing in Tokenised Securities. Intermediaries should also ensure that they are satisfied that adequate controls have been put in place by the issuers and their third party vendors / service providers to manage ownership and technology risks posed by the Tokenised Security before engaging in any of these activities.

Disclosure obligations

The SFC expects intermediaries to make adequate disclosures to clients of relevant material information (including risks) specific to Tokenised Securities. Such material information should include, for example:

Whether off-chain or on-chain settlement is final;
Any limitations imposed on transfers of the Tokenised Securities;
Whether a smart contract audit was conducted before the smart contract was deployed;
Key administrative controls and business continuity plans for DLT-related events; and
The details of any custodial arrangement where applicable.

III. Other clarifications regarding Tokenised Securities

The Tokenised Securities Circular also includes three important clarifications regarding the SFC’s approach to Tokenised Securities going forward:

The SFC has previously stated that the “de minimis threshold” under the Proforma Terms and Conditions for Licensed Corporations which Manage Portfolios that Invest in Virtual Assets (“Terms and Conditions”) only applies to virtual assets, as defined under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance.[8] [9] Viewed in conjunction with the Circulars, fund managers managing portfolios investing in Tokenised Securities which meet the “de minimis threshold” would not be subjected to the Terms and Conditions unless these portfolios also invest in virtual assets meeting the “de minimis threshold”.
Virtual asset trading platforms (“VATPs”) licensed by the SFC are currently required to set up a SFC-approved compensation arrangement to cover potential loss of security tokens.[10] On application by the VATP, the SFC has indicated that it is willing to consider, on a case-by-case basis, excluding certain Tokenised Securities from the required coverage.
The SFC has also provided guidance in relation to digital securities other than Tokenised Securities – i.e. products which the SFC defines as securities as defined in the SFO which utilise DLT or other similar technology but which are not traditional financial instruments. The SFC has indicated that these sorts of digital securities which are not Tokenised Securities are likely to be complex products on the basis that they are likely to be bespoke in nature, terms and features, and not easily understood by a retail investor. Given this, intermediaries distributing such digital securities would be required to comply with the requirements for sale of complex products. Further, the SFC has reminded intermediaries not to offer these sorts of digital securities to retail investors in breach of the Public Offering Regimes. The SFC has also emphasised that intermediaries should exercise their professional judgment to assess each digital security which they deal with, including whether the security is a Tokenised Security, and should ensure that additional internal controls are implemented to address the specific risks and nature of such digital securities.

IV. Key considerations for the tokenisation of SFC-authorised investment products

The Investment Products Circular separately sets out the SFC’s requirements for considering allowing tokenisation of investment products authorised by the SFC for offering to the Hong Kong public. It must be emphasised that the SFC requirements for Tokenised Securities (as set out in Section II above) will also apply to the tokenisation of SFC-authorised investment products.

Echoing the approach taken by the SFC in the Tokenised Securities Circular, the SFC has indicated in the Investment Products Circular that it will take a “see through” approach to tokenised SFC-authorised investment products, and will allow primary dealing of tokenised SFC-authorised investment products provided that the underlying product meets certain specified product authorisation requirements and safeguards, as summarised below.

Tokenisation arrangement	Product providers of tokenised SFC-authorised investment products (“Product Providers”) should: Remain and ultimately be responsible for the management and operational soundness of the tokenisation arrangement and record keeping in relation to ownership, regardless of any outsourcing arrangement; Ensure that proper records of token holders’ ownership interests are maintained; Ensure that the tokenisation arrangement is operationally compatible with involved service providers; Impose additional and proper controls before adopting Public-Permissionless Networks (e.g. use of a permissioned token); Confirm and, where requested by the SFC, demonstrate that the tokenisation arrangement, record keeping of ownership information and integrity of the smart contract is properly managed and operated, and (where requested by the SFC) obtain third party audit or verification of the same; and Where requested by the SFC, obtain a satisfactory legal opinion to support the application for primary dealing of a tokenised SFC-authorised investment product.
Disclosure obligations	The following disclosures must be made clearly and comprehensively in offering documents of a tokenised SFC-authorised investment product: The nature of the tokenisation arrangement, including whether off-chain or on-chain settlement is final; The ownership representation of the tokens, including legal and beneficial title of the tokens, and ownership of or interests in the product; and The associated risks of the tokenisation arrangement, including cybersecurity, system outages, the possibility of undiscovered technical flaws, evolving regulatory landscape and potential challenges in the application of existing laws.
Distribution of tokenised SFC-authorised investment products	Only regulated intermediaries (e.g. licensed corporations or registered institutions) can distribute tokenised SFC-authorised investment products. This requirement extends to Product Providers who wish to distribute their own products. These regulated intermediaries must comply with existing requirements (e.g. client onboarding requirements and suitability assessments) as applicable.
Staff competence	Product Providers must ensure that they have at least one competent staff member with the relevant experience and expertise to operate and/or supervise the tokenisation arrangement and to manage the ownership and technology risks of the arrangement.
Prior SFC consultation or approval	Prior consultation with the SFC will be required for tokenisation of existing SFC-authorised investments and the introduction of new investment products with tokenisation features. Changes made to the tokenisation of existing SFC-authorised investments must also be approved by the SFC. For example, the SFC has noted that its prior approval must be sought before adding the disclosure of new tokenised unit or share class of an SFC-authorised fund to the offering documents for offering to the Hong Kong public, unless the tokenisation arrangement is substantially the same as the existing arrangement.

Meanwhile, driven by investor protection concerns, the SFC has adopted a more cautious attitude towards secondary trading of tokenised SFC-authorised investment products, on the basis that further careful consideration is required in order to provide a substantially similar level of investor protection to investors to that afforded to those investing in a non-tokenised product. The considerations flagged by the SFC include maintenance of proper and instant token ownership record, readiness of trading infrastructure and market participants to support liquidity, and fair pricing of tokenised products. The SFC has indicated that it will continue to engage with the market on proper measures to address risks involved in secondary trading.

V. Conclusion

While the Circulars provide welcome guidance to intermediaries in relation to tokenisation of traditional financial instruments, it is clear that the SFC will expect intermediaries to closely engage with them prior to embarking on any activities in relation to tokenised products. Given the fast-changing nature of the cryptocurrency space, the SFC may provide further guidance or impose additional requirements for Tokenised Securities and/or tokenised SFC-authorised investment products from time to time. In particular, it appears that the SFC may well release further guidance in relation to secondary trading of SFC-authorised investment products following further engagement with market participants. Interested intermediaries should closely monitor such developments and ensure continuous compliance.

____________________________

[1] “Circular on intermediaries engaging in tokenised securities-related activities”, published by the SFC on November 2, 2023, available at: https://apps.sfc.hk/edistributionWeb/gateway/EN/circular/doc?refNo=23EC52

[2] “Circular on tokenisation of SFC-authorised investment products”, published by the SFC on November 2, 2023, available at: https://apps.sfc.hk/edistributionWeb/gateway/EN/circular/doc?refNo=23EC53

[3] “Statement on Security Token Offerings” published by the SFC on March 28, 2019, available at: https://www.sfc.hk/en/News-and-announcements/Policy-statements-and-announcements/Statement-on-Security-Token-Offerings

[4] “Securities” is defined under section 1 of Part 1 of Schedule 1 to the SFO, available at: https://www.elegislation.gov.hk/hk/cap571

[5] See Chapter 6 of the Guidelines on Online Distribution and Advisory Platforms, published by the SFC in July 2019, available at: https://www.sfc.hk/-/media/EN/assets/components/codes/files-current/web/guidelines/guidelines-on-online-distribution-and-advisory-platforms/guidelines-on-online-distribution-and-advisory-platforms.pdf?rev=689af636b3ad4077929d46a94631e458. See also paragraph 5.5 of the Code of Conduct, published by the SFC, available at: https://www.sfc.hk/-/media/EN/assets/components/codes/files-current/web/codes/code-of-conduct-for-persons-licensed-by-or-registered-with-the-securities-and-futures-commission/Code_of_conduct-Sep-2023_Eng-Final-with-Bookmark.pdf?rev=209e9f3b717e4d70b45bfe45a0bb6288

[6] See Part A of Appendix to the “Circular on intermediaries engaging in tokenised securities-related activities” published by the SFC on November 2, 2023, available here: https://apps.sfc.hk/edistributionWeb/api/circular/openAppendix?lang=EN&refNo=23EC52&appendix=0

[7] See Part A of Appendix to the “Circular on intermediaries engaging in tokenised securities-related activities” published by the SFC on November 2, 2023, available here: https://apps.sfc.hk/edistributionWeb/api/circular/openAppendix?lang=EN&refNo=23EC52&appendix=0

[8] The Terms and Conditions are imposed on licensed corporations which manage or plan to manage portfolios with (i) a stated investment objective to invest in virtual assets; or (ii) an intention to invest 10% or more of the gross asset value of the portfolio in virtual assets (i.e. the “de minimis threshold”). See the Terms and Conditions, published by the SFC in October 2019, available at: https://www.sfc.hk/web/files/IS/publications/VA_Portfolio_Managers_Terms_and_Conditions_(EN).pdf

[9] “Joint Circular on Intermediaries’ Virtual Asset-Related Activities”, jointly published by the SFC and Hong Kong Monetary Authority on October 20, 2023, available at: https://apps.sfc.hk/edistributionWeb/gateway/EN/circular/suitability/doc?refNo=23EC44

[10] See paragraph 10.22 of the “Guidelines for Virtual Asset Trading Platform Operators”, published by the SFC in June 2023, available at: https://www.sfc.hk/-/media/EN/assets/components/codes/files-current/web/guidelines/Guidelines-for-Virtual-Asset-Trading-Platform-Operators/Guidelines-for-Virtual-Asset-Trading-Platform-Operators.pdf?rev=f6152ff73d2b4e8a8ce9dc025030c3b8

The following Gibson Dunn lawyers prepared this client alert: William Hallatt, Emily Rumble, and Jane Lu.*

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact any member of Gibson Dunn’s Global Financial Regulatory team, including the following members in Hong Kong and Singapore:

William R. Hallatt – Hong Kong (+852 2214 3836, [email protected])
Grace Chong – Singapore (+65 6507 3608, [email protected])
Emily Rumble – Hong Kong (+852 2214 3839, [email protected])
Arnold Pun – Hong Kong (+852 2214 3838, [email protected])
Becky Chung – Hong Kong (+852 2214 3837, [email protected])

*Jane Lu is a paralegal in the firm’s Hong Kong office who is not yet admitted to practice law.

Attorney Advertising: These materials were prepared for general informational purposes only based on information available at the time of publication and are not intended as, do not constitute, and should not be relied upon as, legal advice or a legal opinion on any specific facts or circumstances. Gibson Dunn (and its affiliates, attorneys, and employees) shall not have any liability in connection with any use of these materials. The sharing of these materials does not establish an attorney-client relationship with the recipient and should not be relied upon as an alternative for advice from qualified counsel. Please note that facts and circumstances may vary, and prior results do not guarantee a similar outcome.