“Digitalization is blurring the boundaries of traditional industries. This is a real financial revolution.”

As early as 2017, McKinsey described the digital wave in its report "Competing in a Borderless World". As the world gradually accepts virtual assets, the potential behind them has also triggered discussions among regulators. When tokens are regarded as financial instruments, security tokens have become the focus of regulators in various countries, including the Securities and Futures Commission (SFC) of Hong Kong.

Looking back at the “Policy Statement on the Development of Virtual Assets in Hong Kong” issued by Hong Kong on October 31, it reiterated the potential and prospects of tokenization. In addition, just last month, Huang Lexin, head of the Hong Kong SFC’s fintech department, stated that security tokens and real-world assets (RWA) will no longer be classified as “complex” product definitions, and mentioned that there may be a new version of the security token issuance (STO) regulations.

The issuance and trading of financial assets are usually subject to strict regulation, with securities being the most representative. Security tokens are similar to traditional securities, so exploring the regulation of security tokens is one of the token types that regulators can most easily expand their regulatory scope.

Hong Kong regulation is getting started

Since the beginning of this year, OKLink Research Institute has participated in the Hong Kong government's advice on virtual asset platforms and has continued to conduct in-depth exchanges with all sectors of Hong Kong. In this process, the author believes that SFC has a "boosting" attitude towards security tokens, specifically the following points:

1. License plate No. 1+7

Hong Kong regulators have different requirements for licenses depending on whether the trading service provided is a security token and the nature of the institution itself. Specifically, virtual asset trading platforms that provide or actively promote security token trading services in Hong Kong need to obtain a Type 1 regulated business (securities trading) and Type 7 regulated business (providing automated trading services) license issued by the Hong Kong Securities and Futures Commission. Platforms that provide non-security tokens also need to obtain a VASP license.

Any person or entity that promotes and distributes security tokens (whether in Hong Kong or targeting Hong Kong investors) must be licensed or registered for Type 1 regulated activity (dealing in securities) under the Securities and Futures Ordinance, unless an applicable exemption applies.

2. Remove the 12-month post-issuance track record requirement

Security tokens no longer require a 12-month post-issuance track record. However, licensed platform operators need to comply with the general token inclusion criteria under the Virtual Asset Trading Platform Guidelines and the Security Token Distribution Guidelines to be issued by the SFC in due course.

3. Reasonable due diligence

Platform operators are ultimately responsible for conducting reasonable due diligence on security tokens that are to be included in platform transactions, and are also required to ensure that internal control measures, systems, and technologies are able to support any specific risks.

Transactions and compliance on the chain

When faced with the issuance and trading of such high-speed and around-the-clock financial instruments , financial institutions, in addition to obtaining a license as the first step in conducting business, relevant parties such as platform operators, dealers and brokers should conduct self-internal monitoring and risk management measures, and focus on anti-money laundering and counter-terrorism financing (AML&CFT).

According to public information, the total amount of anti-money laundering (AML) fines last year was nearly $5 billion. Most of the penalties were related to improper implementation of identity verification and "know your customer" (KYC) solutions or inadequate internal policies and risk management systems. In addition, the Legislative Council passed the "Anti-Money Laundering and Terrorist Financing (Amendment) Bill 2022" in December last year, which completed the regulatory framework, and only then did Hong Kong stride into Web3.

Source: Sumsub

When transactions are “on the chain”, AML compliance also needs to be “on the chain”. Then according to the internationally recognized Financial Action Task Force (FATF) recommendations , the three aspects of customer identification and risk assessment, continuous monitoring and reporting, and control measures that AML &CFT focuses on also need to be adjusted accordingly.

Taking security tokens as an example, during the issuance phase, virtual asset trading platforms, dealers, brokers, etc. require trading parties to provide KYC, which is off-chain information collection for customer identity identification. This step is a routine measure in traditional financial compliance. When investors provide an on-chain account address (wallet) and use their on-chain assets for transactions, KYC should also be extended to on-chain identification. The figure below shows that comprehensive identification of customer identity runs through the entire process .

Source: ResearchGate

When security tokens can circulate freely without relying on intermediaries, KYA (Know Your Address, Note 1) and KYT (Know Your Transaction, Note 2) on the chain become particularly important.

This is different from traditional securities, which are mainly centralized structures, and the compliance of transactions between institutions is ensured by the KYC of institutions. The most effective approach for financial institutions is to use on-chain compliance tools such as OKLink, Chainalysis, and Elliptic to track the movements of customers' virtual assets on the chain, so as to conduct full-process supervision and full-chain tracking, aiming to prevent money laundering where the account (on-chain address) is disconnected from the real identity.

The following figure takes OKLink's Onchain AML as an example to illustrate how financial institutions use on-chain compliance tools to conduct risk management throughout the entire life cycle and achieve mutual cooperation between on-chain and off-chain:

Financial institutions such as Barclays Bank in the UK have tried to use on-chain compliance financial tools to identify risks and prevent risks brought by AML&CFT as early as 2015. In addition, financial institutions including banks and financial technology companies such as payment have invested in on-chain compliance tools. According to public information statistics, the largest round of investment amount reached 60 million US dollars, and the valuation of the leading companies in the on-chain compliance tool track has reached nearly 10 billion US dollars.

"We have been deeply engaged in the on-chain data field for many years, and our ultimate goal is to become an on-chain navigator for this complex new digital world. With the continuous acceptance of virtual assets by the global and Hong Kong governments, OKLink's launch of Onchain AML will provide reliable compliance guidance for financial institutions and participants." said Nick Xiao, Product Director of OKLink.

Security Tokens, a New Representation of Ownership

Ultimately, security tokens represent ownership , such as equity, real estate, etc. The biggest difference between them and securities is that each asset is built on the blockchain in the form of a token (according to the latest IMF article, a token is a unit established by an entry in a digital ledger using encryption technology). Similar to the securities market, the issuance and trading of security tokens need to comply with financial regulatory regulations and norms.

As a new representation of ownership, security tokens also mean that Web3 is breaking the boundaries of the securities industry with the digital form of its tokens, and is constantly broadening the boundaries of the traditional securities industry through global accessibility, high liquidity, high security and transparency, and automated intelligence. In June this year, Liang Hanjing, head of financial services and financial technology at Invest Hong Kong, said that from the Hong Kong government level, asset tokenization (including security tokens) is seen as a trillion-level business opportunity.

Combining traditional financial instruments with blockchain technology is an eternal topic in the global financial industry. At the same time, this has put forward new requirements for the regulatory authorities' technical regulatory capabilities, but this does not affect the global regulation of securitized tokens and their positioning. In addition to the Hong Kong SFC, the OKLink Research Institute has sorted out the regulatory status of securities tokenization in major countries around the world, as shown in the table below.

The original nature of future business will not change. When transactions are put on the blockchain, the "trillion-dollar business opportunities" will be opened up. Only after ensuring compliance and incorporating it into the blockchain operation, will the mainstream truly recognize a new technology.