Crypto Regulations

Hong Kong Expands Crypto Licensing: New Rules for Dealers and Custodians

Hong Kong financial district skyline symbolizing the city’s expanding crypto licensing rules for dealers and custodiansHong Kong is moving to expand its crypto regulatory perimeter beyond licensed...

Ayhan Dastan
Ayhan Dastan
December 25, 2025 Updated on February 23, 2026
Hong Kong financial district skyline symbolizing the city’s expanding crypto licensing rules for dealers and custodians

Hong Kong financial district skyline symbolizing the city’s expanding crypto licensing rules for dealers and custodiansHong Kong is moving to expand its crypto regulatory perimeter beyond licensed exchanges. New proposals would bring two of the most sensitive parts of the market under a formal licensing umbrella: virtual asset dealers (including many over-the-counter models) and virtual asset custodians (firms that safeguard client crypto and keys). The direction is clear: if you are facilitating trades or holding other people’s crypto in Hong Kong, regulators want you inside the rulebook — with stricter governance, AML controls, and operational standards.

Table Of Content

Important note:

  • This article is for general information only and does not constitute legal, tax, or investment advice.
  • Regulatory frameworks evolve; always verify requirements from official sources and professional counsel.

What’s changing: a broader licensing net

Hong Kong’s regulators have been building a “licensed-first” architecture for digital assets. In 2025, authorities pushed forward with multiple tracks — including stablecoin legislation and exchange-market rule refinements — to strengthen Hong Kong’s profile as a regulated digital asset hub.

Now, the focus is shifting to two areas that can create systemic risk quickly if left lightly supervised:

  • Dealers: businesses that arrange, execute, or facilitate virtual asset trades for clients — often outside exchange order books.
  • Custodians: businesses that provide safekeeping, key management, and operational control over clients’ virtual assets.

These proposals are outlined in two consultation papers: one on regulating dealing in virtual assets and another on a licensing regime for providers of virtual asset custodian services.

Why regulators are targeting dealers and custodians

From a consumer-protection standpoint, dealers and custodians are “high-impact” gatekeepers:

  • Dealers control onboarding (who can trade, with what checks, and under what disclosures).
  • Custodians control access (who can move assets, how keys are secured, and how losses can occur).

In practice, many major failures in crypto have involved either weak custody practices or opaque dealing models. Regulators globally have responded by tightening licensing requirements for firms that touch client assets or intermediate execution — and Hong Kong is aligning with that direction.

Who is likely to be treated as a “virtual asset dealer”

While the exact scope depends on the final legislation and regulator guidance, the proposals are designed to capture businesses that carry on a business of dealing in virtual assets — not just traditional exchanges.

That typically includes many familiar market models:

  • OTC desks and brokers that quote prices and execute conversions for clients (crypto↔fiat or crypto↔crypto).
  • Agency brokers that match buyers and sellers or route orders for execution.
  • Dealer-style platforms that “sell from inventory” or provide RFQ (request-for-quote) style execution.

Why this matters: licensing obligations usually attach to how the service is provided (and to whom), not just to the marketing label (“OTC” vs “broker” vs “platform”). If a business is effectively enabling client trades as an ongoing commercial service, regulators often treat it as a regulated dealing activity.

Who is likely to be treated as a “virtual asset custodian”

The custody consultation focuses on establishing a licensing regime for providers of VA custodian services — i.e., businesses that safeguard or control client virtual assets, including private keys and signing processes.

In real-world operations, that can include:

  • Qualified custody providers offering institutional custody (segregated wallets, governance, audits).
  • Technology-driven custodians providing MPC/HSM key management, transaction policies, and approvals.
  • Custody-as-a-service for funds, fintech apps, OTC dealers, or trading venues.

Why this matters: custody is not just “holding coins.” It’s key generation, access control, transaction authorization, recovery workflows, and incident response — the core of crypto security.

What “strict new mandate” usually means in practice

Consultations are where the high-level architecture becomes a compliance checklist. Based on the direction in the consultation materials and how comparable licensing regimes are designed, firms should expect expectations across six pillars:

1) Fit-and-proper governance

  • Clear accountable leadership, compliance function, and documented decision-making.
  • Controls around conflicts of interest (especially for dealers that internalize flow).

2) Strong AML/CTF controls

  • Customer due diligence (CDD/KYC) proportional to risk.
  • Transaction monitoring, sanctions screening, and suspicious transaction reporting where required.
  • Risk-based policies for high-risk jurisdictions, mixers, and unusual flows (where applicable).

3) Client asset protection (custody-grade standards)

  • Segregation of client assets vs firm assets (operational and accounting separation).
  • Policies for hot/cold wallet management and approval thresholds.
  • Strict key management (MPC/HSM policies, access logs, least-privilege).

4) Cybersecurity and operational resilience

  • Security architecture, penetration testing, vulnerability management.
  • Incident response playbooks, breach escalation, and business continuity planning.

5) Disclosures, conduct, and suitability (especially where retail is involved)

  • Transparent pricing and execution policies (how spreads/fees are formed).
  • Clear risk disclosures (volatility, custody risks, irreversibility of transactions).

6) Audits, reporting, and ongoing supervision

  • Ongoing reporting obligations and readiness for inspections.
  • Independent assurance around custody controls and financial statements, where required.

What this means for crypto users and investors

If the proposals become binding rules, the practical impact for end users is straightforward:

  • More licensed options — but also fewer “grey-zone” providers operating without oversight.
  • Better defined custody standards — especially around key security, segregation, and governance.
  • More onboarding friction — stronger identity checks and monitoring are likely to be non-negotiable for licensed entities.

For readers who are still building basics, our beginner-friendly guide explains how crypto systems and custody actually work in day-to-day life — and why “who holds the keys” is the real security question. See our complete self-custody security guide.

How to sanity-check a dealer or custodian (simple checklist)

  • Licensing status: Is the firm licensed (or clearly transitioning under a defined legal pathway)?
  • Custody model: Segregated wallets? Clear key management approach? Documented recovery controls?
  • Execution transparency: How do they price? What fees/spreads apply? Is there a best-execution policy?
  • Security posture: Any third-party audits, SOC reports, or security attestations?
  • Client protections: Clear terms for loss events, operational errors, and dispute handling.

Where this sits in the bigger Hong Kong crypto strategy

Hong Kong’s approach is not just “more rules.” It’s a structured expansion of coverage:

  • Stablecoins: Hong Kong passed a stablecoin bill in 2025 introducing a licensing regime for fiat-referenced stablecoin issuers, with the HKMA positioned as the key authority.
  • Licensed exchanges (VATPs): The SFC has continued tuning rules for licensed platforms, including steps intended to support liquidity by allowing order-book sharing with overseas affiliates under the right conditions.
  • Next perimeter: Bringing dealers and custodians into licensing frameworks reduces regulatory gaps where clients can be exposed even if exchanges are regulated.

If you want a broader map of how global rulemaking is converging (and where it’s still fragmenting), this helps contextualize Hong Kong’s direction: Global crypto regulation: where the cracks and harmonization are happening.

Is this already law?

The dealer and custodian frameworks discussed here were presented through consultation materials, which are used to shape final legislation and regulatory rules.

Does this affect only big institutions?

Not necessarily. Licensing regimes are often designed to capture any business carrying on the regulated activity, regardless of size. Smaller OTC dealers or custody providers may feel the impact the most because compliance costs rise sharply.

Will this make crypto “safer”?

It can reduce certain risks (poor controls, weak custody, opaque dealing) by raising minimum standards and enabling enforcement. But it does not remove market risk, volatility, or the possibility of losses.

Share Article

Ayhan Dastan

Ayhan Dastan

Ayhan Dastan is the founder and Editor-in-Chief of MrsCoins.com. With a background in financial technology, AI crypto integration, and digital media analysis, he has been an active observer and participant in the crypto space since 2017. As a dedicated blockchain researcher, Ayhan focuses on delivering high-quality market analysis, exploring the intersection of artificial intelligence and decentralized systems, and simplifying the complexities of decentralized finance (DeFi) for a global audience.

Related Posts

Our site uses cookies. By using this site, you agree to the Privacy Policy and Terms of Use.

Accept