Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
Hong Kong’s financial authority has tightened the regulations concerning the custody of client assets on licensed virtual asset trading platforms (VATP), setting forth minimum security criteria for custodians.
The Hong Kong Securities and Futures Commission (SFC) released a document aimed at operators of licensed virtual asset trading platforms, which immediately enforces mandatory minimum standards for client asset custody along with examples of best practices.
This document addresses management responsibilities, infrastructure, operations related to cold wallets, engagement with external service providers, continuous threat monitoring, and staff training. It will serve as the foundation for the annual external audit of VATPs.
Related Posts
Essential provisions require service providers to:
- Designate a qualified executive accountable for client asset custody and ensure the implementation of effective procedures and oversight.
- Create and store private keys exclusively in secure environments, utilize certified security devices, and routinely audit the providers of these solutions.
- Forbid the use of smart contracts on public blockchain networks for cold storage systems.
- Implement multi-tier transaction verification, keep keys on isolated devices, permit withdrawals solely to pre-approved addresses, and disallow blind signatures.
- Employ distinct devices for signing and verifying transactions, separate from work computers and networks, and verify data integrity prior to submission to the blockchain.
- Conduct comprehensive evaluations of third-party custody solution providers, including code audits, analysis of update processes, and regular security assessments.
- Restrict administrator privileges, log all activities, routinely test disaster recovery plans, and perform drills with contractors.
- Ensure continuous infrastructure monitoring, reconcile blockchain balances with accounting records in real time, and promptly address discrepancies or unauthorized access attempts.
- Provide 24/7 incident response capabilities, including during holidays and nighttime hours.
- Establish procedures for managing incidents of varying severity and ensure oversight from management.
Additionally, crypto custodians are required to deliver appropriate training for staff based on their roles, particularly for those tasked with signing transactions, and to conduct regular drills and attack simulations to mitigate errors and blind signatures.
The introduction of these new digital asset custody standards occurs alongside broader regulatory changes in Hong Kong. A month prior, the Hong Kong financial regulator issued guidelines clarifying the licensing and oversight of stablecoin issuers in anticipation of a new regulatory framework for stablecoins.
Сообщение Hong Kong Approves Standards for Secure Digital Asset Custody появились сначала на CoinsPaid Media.
