Hong Kong Compliance
Introduction
ChainGuard operates within Hong Kong as a security + identity layer that provides non-custodial Web3 security infrastructure. This page explains how ChainGuard complies with Hong Kong regulatory requirements.
What ChainGuard Is NOT
ChainGuard does NOT:
- Custody funds
- Store private keys
- Transmit virtual assets
- Execute transactions
- Mediate payments
- Act as an exchange
- Act as a broker
- Fall under custodial wallet rules
- Qualify as a money transmitter
- Process fiat payments
- Take control of user funds
This protects ChainGuard from being misclassified under Hong Kong regulatory regimes.
Applicable Regulations
| Regulation | Applies? | Explanation | Details |
|---|---|---|---|
| SFC Virtual Asset Framework | ⚠ Partial | Does NOT apply as custodial VASP | We do NOT custody virtual assets, store private keys, or operate as a virtual asset service provider with custody (see "What ChainGuard Is NOT" above). Our non-custodial vaults and identity services fall outside SFC custodial VASP definitions. However, we may assist VASPs with compliance tools. |
| Anti-Money Laundering Ordinance | ✔ | Customer due diligence and monitoring | We implement AML-compatible controls including customer identification, transaction monitoring, and suspicious activity reporting. See VAT & AML. |
| PDPO | ✔ | Personal data protection compliance | We implement PDPO-compliant measures including data collection and use principles, data subject rights, data security requirements, data breach notification, and cross-border data transfer compliance. See Data Protection & Privacy. |
| Securities and Futures Ordinance | ❌ No | Does NOT apply - not dealing in securities | We do NOT deal in securities, provide investment advice, or operate as a securities dealer (see "What ChainGuard Is NOT" above). Securities and Futures Ordinance licensing requirements do not apply to our non-custodial infrastructure services. |
Regulatory Position
ChainGuard's non-custodial architecture means:
- SFC Licensing: Evaluating virtual asset service provider licensing requirements
- PDPO Compliance: Full compliance with Hong Kong data protection laws
- AML Obligations: Customer due diligence and transaction monitoring
- Securities Regulation: Not subject to securities licensing requirements
Compliance Framework
SFC Requirements
- Virtual asset service provider classification
- Licensing requirements (if applicable)
- Operational compliance
- Regulatory reporting
PDPO Compliance
- Data collection and use principles
- Data subject rights
- Data security requirements
- Data breach notification
- Cross-border data transfer compliance
AML Compliance
- Customer due diligence (CDD)
- Enhanced due diligence (EDD)
- Suspicious transaction reporting
- Record-keeping requirements
Ongoing Compliance
We continuously monitor:
- SFC regulatory guidance
- Privacy Commissioner updates
- AML/CFT policy developments
- Industry best practices
Contact
For questions about ChainGuard's Hong Kong compliance posture, please contact our compliance team.
