Overview of Crypto trading

According to SFC (Consultation Paper)
last revised 20 February 2023

Safe custody of assets: A platform operator should hold client money and client virtual assets on trust through a wholly-owned subsidiary, ie, “associated entity”. It should ensure that not more than 2% of the client virtual assets are stored in hot wallets. Further, as access to a virtual asset is effected by the usage of a private key, custody of virtual assets primarily concerns the safe management of the private keys. A platform operator should establish and implement written internal policies and governance procedures for private key management to ensure all cryptographic seeds and keys are securely generated, stored and backed up. Additionally, a platform operator should not deposit, transfer, lend, pledge, repledge or otherwise deal with or create any encumbrance over client virtual assets. It is also required to maintain an insurance policy to cover risks associated with the custody of client virtual assets (the proposed requirements based on this are further discussed in paragraphs 53 to 57 below).