Complying with the Guidelines for Digital Assets in Hong Kong
Thales helps Authorized Institutions (AIs) with Guidance on Digital Assets by Hong Kong Monetary Authority (HKMA).
As the digital asset sector continues to grow, the Hong Kong Monetary Authority (HKMA) has seen authorized institutions (AIs) increasingly interested in digital asset-related activities, in particular, the provision of custodial services for digital assets for clients and how to apply the distributed ledger technology (DLT) that underlies the Virtual Assets (VA) ecosystem to traditional financial market operations.
The HKMA considers it necessary to guide AIs’ provision of digital asset custodial services and useful to provide more clarity on the key risk management considerations on DLT, the Guidance on Expected Standards on Provision of Custodial Services for Digital Assets and Risk management considerations related to the use of DLT were issued on 20 February and 16 April respectively.
As one of the leaders in data security, Thales enables AIs to comply with Guidelines for Digital Assets to ensure client digital assets in custody are adequately safeguarded and the risks involved are properly managed.
Regulation Overview
What is the “Expected Standards on Provision of Custodial Services for Digital Assets”?
Concerning international standards and practices, the HKMA issued guidance on Expected Standards on Provision of Custodial Services For Digital Assets by AIs on 20 February 2024. This guidance with 8 categories of expected standards aims to ensure the adequate safeguarding and proper management of client digital assets held by authorized institutions (AIs).
The HKMA has mandated that AIs or subsidiaries of locally incorporated AIs already engaging in digital asset custodial activities are to confirm with the HKMA that they meet the expected standards set out in the Guidance within 6 months from 20 February 2024.
What are “Risk management considerations related to the use of distributed ledger technology”?
The HKMA considers it useful to provide more clarity on the key risk management considerations that it has regard to when reviewing the DLT-related proposals of AIs. Since some common risk areas are generally relevant to DLT adoption, the HKMA has prepared a note setting out 3 key supervisory considerations on Governance, Application design and development, and On-going maintenance and monitoring. AIs are encouraged to take into account these considerations when preparing their DLT-related submissions.
Expected Standards on Provision of Custodial Services For Digital Assets
Thales helps AIs comply with Guidance on the Provision of Custodial Services for Digital Assets by addressing the expected standard on Safeguarding of client digital assets.
Guidelines on Expected Standards | Thales Solutions |
---|---|
C. 11) Safeguarding of client digital assets | |
| AIs can secure clients’ digital assets by storing, protecting and managing private keys and seeds of wallets with Thales Hardware Security Modules (HSM). These modules support wallet solution protocols such as BIP32 and SLIP10 and offer a range of curves including SECP256k1, curve25519, and ed25519.
|
C. 11) Safeguarding of client digital assets | |
| AIs can store backups on external HSMs and manage cryptographic keys in HK with on-premises options:
|
Risk Management Considerations Related to The Use of DLT
Thales helps AIs comply with the Risk management considerations related to the use of DLT by addressing the On-going maintenance and monitoring considerations.
Considerations | Thales Solutions |
---|---|
On-going maintenance and monitoring | |
7. Establish level of cybersecurity commensurate with traditional technology applications | Thales Luna HSMs Post-Quantum Cryptography (PQC) Functionality Module (FM) allows AIs to use the round 3 NIST finalists quantum-safe crypto mechanisms to be used today for use cases such as code-signing or others that rely on PKI.
|
On-going maintenance and monitoring | |
8. Securely manage private key | AIs can manage seeds and private keys securely with Luna Network HSMs and ProtectServer HSMs. Both the HSMs support BIP32 and use Functionality Module (FM) to securely perform custom cryptography, or add custom blockchain algorithms. |
8. Securely manage private key | External HSMs allows AIs to store backups with options below:
|
How Thales solutions help Authorized Institutions (AIs) with Guidance on Digital Assets by Hong Kong Monetary Authority (HKMA).As the digital asset sector continues to grow, the Hong Kong Monetary Authority (HKMA) has seen authorized institutions (AIs) increasingly interested...
This ebook shows how Thales data security solutions enable you to meet global compliance and data privacy requirements including - GDPR, Schrems II, PCI-DSS and data breach notification laws.
Traditionally organizations have focused IT security primarily on perimeter defense, building walls to block external threats from entering the network. However, with today’s proliferation of data, evolving global and regional privacy regulations, growth of cloud adoption, and...
Perhaps the most comprehensive data privacy standard to date, GDPR affects any organization that processes the personal data of EU citizens - regardless of where the organization is headquartered.
Any organization that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.
Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbor” clause.