Guidelines for Virtual Asset Trading Platforms (VATPs)
Operators in Hong Kong
Thales helps organizations address cybersecurity requirements of the Platform.
Hong Kong Securities and Futures Commission (SFC) issued regulatory guidance for operators of Virtual Asset Trading Platforms (VATPs) in the form of guidelines, FAQs and handbooks on 1st June 2023. The SFC providing clear regulatory expectations is critical to fostering responsible development, especially within Hong Kong’s virtual assets (“VA”) landscape. Adopting the principle of ‘same business, same risks, same rules’, the SFC aims to support and develop the VA industry by ensuring robust investor protection and critical risk management.
As the leader in digital security and identity, Thales helps organizations comply with Guidelines for VATPs Operators by addressing cybersecurity requirements for the Custody of Client Assets and Security of the Platform.
Regulation Overview
Hong Kong Securities and Futures Commission (SFC) issued regulatory guidance for operators of Virtual Asset Trading Platforms (VATPs) in the form of guidelines, FAQs and handbooks.
All centralized VATP exchanges which operate in Hong Kong or actively market to Hong Kong investors must be licensed by the SFC. VATP license applicants must submit a robust license application that proves it can meet all of the conditions, or it risks being ineligible for the arrangement by 31st May 2024. Guidelines for Virtual Asset Trading Platforms (VATPs) Operators set out, among others, safe custody of assets, segregation of client assets, avoidance of conflicts of interest and cybersecurity standards and requirements expected of licensed trading platforms.
Thales helps organizations comply with Guidelines for VATPs Operators by addressing cybersecurity requirements for the Custody of Client Assets and Security of the Platform. VATPs Operators can leverage Thales’ suite of identity and data security solutions to become compliant today and stay compliant in the future.
Address the requirement on “Custody of Client Assets – Client virtual assets”
Secure cold storage with Thales Hardware Security Modules (HSM) with Native Blockchain Algorithm Support BIP32, Milenage and Tuak algorithms and SECP256k1 elliptic curve
Both Luna and ProtectServer HSMs extend native HSM functionality by enabling the development and deployment of custom code within the secure confines of the FIPS 140-2 Level 3 validated Thales HSM as a part of the firmware.
Seamless integration of authentication and HSMs to achieve trusted identity and access management
Store backups on external HSMs with the options below:
Store cryptographic keys securely with on-premises options
Comply the requirement on “Cybersecurity – Security of platform”
Security control with robust authentication, role-based access control and audit logging
Data Encryption
Secure files and backup on OS with data encryption
Protect database with Transparent Database Encryption (TDE) for MS SQL and Oracle
Robust key lifecycle management for database solutions and KMIP clients in hybrid environments
Secure Transfer
Tokenize and mask sensitive & PII data to comply with regulatory requirements
Protect data and encrypt data-in-transit between applications among Bare Metal, Virtual Machine and Container Kubernetes environments with Application Data Encryption and Data Protection Solutions
Secure data-in-transit in different geographical locations
Security tools to detect and block unauthorized access
Monitor the platform with centralized HSM management solution for compliance and visibility
Thales helps organizations comply with Guidelines for VATPs Operators by addressing requirements for the Custody of Client Assets and Security of the Platform.
HashKey Group is an end-to-end digital asset financial services group headquartered in Hong Kong with operations in Singapore and Japan that has a firm-wide commitment of upholding the highest compliance and regulatory standard in the digital asset and blockchain economy. ...
Hong Kong Securities and Futures Commission (SFC) issued regulatory guidance for operators of Virtual Asset Trading Platforms (VATPs) in the form of guidelines, FAQs and handbooks on 1st June 2023. In this webinar, our expert is going to share the cybersecurity requirements in the Guidelines for VATPs and how Thales can help.
To protect blockchain solutions in Hong Kong, the Securities and Futures Commission (SFC) introduced a regulatory framework in late 2018 and position paper in 2019 to license and regulate virtual asset trading platform operators. Join us for a fireside chat to learn how Hashkey Group now brings trust and security to their blockchain solution and how Thales secures core blockchain technologies and communications across the blockchain network.
Blockchain is one of those industry buzzwords that you seem to hear everywhere, but what exactly is it and can you trust it? For the most part, enterprises are implementing blockchain without truly understanding its purpose, and as much as 90% of enterprise blockchain projects...
Secure cold storage of cryptocurrencies such as Bitcoin or Ethereum, is a difficult and complex challenge. Traditional paper wallet-based solutions may be effective for the most basic use cases, but they present a substantial challenge for more complex environments as they do...
Perhaps the most comprehensive data privacy standard to date, GDPR affects any organization that processes the personal data of EU citizens - regardless of where the organization is headquartered.
Any organization that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.
Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbor” clause.