Hong Kong aims to become a key hub for digital assets at the global level, and the city has been exponentially discussing and implementing policies and regulations to create a vibrant, secure environment for retail and institutional investors. 

To better understand the recent happenings, it is important to explore

• The regulatory milestones of Hong Kong’s digital asset industry

• How Amber continuously strives to keep investors’ assets safe and secure

The Hong Kong digital asset environment – Milestones

Hong Kong has been creating a compliant environment for Web 3.0 and crypto businesses to thrive, and for traditional finance actors to enter the Web 3.0 space:

Sources: SFC [1], gov.hk [2] SFC [3], HKMA [4], SFC [5]

Why is it relevant for investors’ asset security?

It is crucial because it means that all trading platforms and exchanges that want to operate in Hong Kong will be subject to its ongoing supervision which include safe custody of assets to guarantee protection to clients investing in crypto. 

What do Virtual Asset Service Provider (VASP) policies and requirements say about asset security?

The “Guidelines for Virtual Asset Trading Platform Operators” flesh out the specific requirements regarding the custody of assets, cybersecurity, and risk management that digital asset platforms need to meet to get licensed – and thus, to stay.  

Custody of Assets 

The custody of assets is a crucial aspect that all investors should consider when selecting their digital asset service provider. Respectable and compliant platforms implement comprehensive measures to ensure that investors’ assets are safe, also during asset transactions.

How Amber protects customers’ assets during custody and transactions:

• Secure custody: We adopt an institutional-level workflow to safeguard the whole asset security cycle including issuance, storage, transfer, and backup. 
• 100% air-gapped storage: We use Hardware Security Module (HSM)-based offline cold storage to protect investors’ assets from cyber attacks.
• Compliance: Amber’s HSM solution conforms with the industry-leading security standard FIPS 140-3 Level 3.
• Fraud detection: We have a comprehensive fraud detection program through user behavior analysis and unusual behavior detection.

Risk Management

Risk management frameworks allow platforms and exchanges to identify, measure, manage, and monitor the risk arising from each key business line.

How Amber guarantees best-in-class risk management:

• Real-time monitoring: 24/7 real-time threat intelligence platform based on a zero-trust risk management approach.

• Cyber-attack management: AI-driven security approach supported by Thoughtworks for risk management and response.

Cybersecurity

Cybersecurity is the protection of internet-connected systems such as software, and data from cyberattacks. In other words, all trading platforms and exchanges should make sure that no one is going to access funds or data without authorization.

How Amber protects its platform from external threats:

• Independently certified security: Best-in-class security standards audited by third parties, e.g., the SOC 2 Type II gold standard of security and privacy certified by Deloitte.

• Privacy framework: Tech-driven privacy framework for comprehensive user privacy and transparency through our Privacy by Design approach.

• InfoSec experts: Independently certified professionals, incl. CISSP, CCSP, CISA, CIPP.

• Award-winning teams: High-level academic collaborations and speaking engagements at Blackhat Asia, Woot, and more.

— 

The Amber InfoSec team is continuously monitoring and carrying out self-analysis assessments to keep our security infrastructure always up to date and to adapt to regulatory requirements within the time frame available. Amber is committed to the highest standards of compliance and security, and we are no short of talent, time, and tenacity to offer best-in-class services to our clients regardless of industry shocks and turbulency. 

To learn more about the new regulatory environment, please visit the guidelines by the SFC.