SFC

5 briefs · 1 new

SFC ·

SFC updates FATF monitored-jurisdiction lists for licensees and VASPs

SFC licensees and VASPs must add Bosnia and Herzegovina and Iraq to increased-monitoring country risk and may relax Algeria and Namibia, updating EDD triggers accordingly

SFC ·

SFC bans OTP login and mandates phishing-resistant authentication for internet brokers and VASPs by 8 July 2027

Internet brokers and SFC-licensed VASPs must stop using OTP for login and device binding and adopt phishing-resistant authentication (e.g. passkeys, bound devices) no later than 8 July 2027, with monitoring, incident-reporting and client-awareness measures required sooner

SFC ·

SFC extends listed structured fund authorisation to single-stock L&I and defined-outcome products with added safeguards

Listed structured fund providers and their distributors must now meet SFC naming, disclosure, market-making, capacity-monitoring and single-stock safeguard requirements to offer single-stock L&I and defined-outcome products in Hong Kong.

SFC ·

SFC sets expected standards for VATPs and licensed corporations on Relevant Stablecoin services

VATPs and licensed corporations must adopt revised licensing conditions and update disclosures, client classification, and SFC-notification workflows before conducting Relevant Stablecoin activities

SFC ·

SFC revises authorised VA fund circular to permit direct spot virtual-asset investment and staking

Management companies, custodians, and participating dealers of SFC-authorised VA funds must meet revised eligibility, custody, valuation, and disclosure requirements, and obtain prior SFC consultation and approval before exceeding 10% VA exposure or engaging in staking