Response to Implementation of Crypto-Asset Reporting Framework and Amendments in Relation to Common Reporting Standard in Hong Kong
Release Date: 2026-01-18
| The Treasury Branch | |
| Financial Services and the Treasury Bureau, | carf@fstb.gov.hk |
| 24/F, Central Government Offices, | |
| 2 Tim Mei Avenue, Tamar, | |
| Hong Kong |
19 January, 2026
Response to Implementation of Crypto-Asset Reporting Framework and Amendments in Relation to Common Reporting Standard in Hong Kong
Hong Kong Securities & Futures Professionals Association response to the questions for consultation.
(1) Will you, as RCASPs, identify and collect information of both reportable and non-reportable persons?
Response:
Yes, the industry generally favors the "wider approach" to data collection. As indicated in the consultation paper and supported by industry practices seen in CRS implementation, segregating clients into "reportable" and "non-reportable" buckets at the onboarding stage creates ongoing monitoring burdens. If a non-reportable client moves to a reportable jurisdiction (or if a jurisdiction is added to the reportable list later), the RCASP would have to re-engage the client to collect data, which is administratively burdensome and risks client friction. While we support the option to collect this data, we emphasize that the legal framework must explicitly protect RCASPs under the Personal Data (Privacy) Ordinance when they collect data on non-reportable persons for anticipated future compliance, ensuring no conflict with data minimization principles.
(2) Do you have any views on the proposed record keeping requirements for RCASPs?
Response:
We generally agree with the six-year retention period to align with existing inland revenue and CRS standards, but we have concerns regarding the obligations placed on individuals post-dissolution. However, the proposal to hold directors or principal officers personally liable for record-keeping after an entity is dissolved (as highlighted by the PwC and FSTB ) poses significant practical challenges. Once a company is dissolved, former officers may lack the resources, secure storage infrastructure, or legal standing to maintain sensitive personal data of former clients securely. We suggest the government allow for the appointment of a designated third-party custodian (such as a liquidator or a licensed corporate service provider) to fulfill this obligation, rather than placing indefinite personal liability and logistical burden on former individual officers.
(3) Do you have any views on the proposed mandatory registration for all RCASPs that meet any of the reporting nexus with Hong Kong?
Response:
We support mandatory registration in principle to ensure a level playing field, but we urge a simplified process for "Nil Reporters." As noted in the consultation, mandatory registration helps the IRD ascertain the total population of RCASPs, preventing compliant entities from being undercut by unregulated shadow players. This aligns with Hong Kong's reputation as a robust financial center. However, for RCASPs that have a nexus but no reportable transactions (e.g., those serving only local Hong Kong residents where HK is not a reportable jurisdiction to itself), the full weight of registration and annual filing can be excessive. We recommend a "lite" registration or a simplified annual declaration process for RCASPs that anticipate filing Nil Returns, to reduce administrative costs while still satisfying the IRD's oversight requirements.
(4) Do you have any views on the proposed penalty framework for CARF (including the administrative penalty mechanism)?
Response:
We support the introduction of an administrative penalty mechanism as an alternative to prosecution but caution against the "per account" penalty structure being applied without a cap for minor technical errors. An administrative penalty mechanism (in lieu of prosecution) is a pragmatic tool. It allows for faster resolution of non-compliance and saves legal costs for both the industry and the government. (Similar point of view highlighted by PWC too) The proposal to introduce penalties of "$1,000 per account/user" (similar to the UK model mentioned in the consultation background) could lead to disproportionately astronomical fines for systemic software errors affecting thousands of accounts where there was no intent to defraud. We propose a "reasonable cap" on total penalties for unintentional administrative errors or first-time offenses, ensuring that the "per account" calculation is reserved for cases of willful negligence or intentional evasion.
(5) Do you have any views on the proposed filing mechanism for CARF Returns?
Response:
We welcome the electronic filing mechanism but request an Application Programming Interface (API) solution in addition to XML uploads. For large RCASPs and financial institutions, manual file uploads (even of XML files) via a portal can be prone to operational risk. Direct API connectivity allows for full automation of the reporting process. The filing deadline (proposed as 5 months after year-end) is tight given the complexity of crypto-asset data. We suggest a grace period for the first two years of implementation.
(6) Will you prefer using self-developed software or the data preparation tool provided by IRD in the CARF Portal for preparation of data files?
Response:
The industry preference is split based on the size of the institution; therefore, both options must be robustly supported. Major RCASPs and FIs will prefer self-developed software or third-party enterprise solutions to integrate directly with their internal databases. They require detailed XML schema specifications and a testing sandbox well in advance (at least 12 months) of the go-live date. Smaller RCASPs will rely heavily on the IRD’s data preparation tool. It is vital that this tool is user-friendly, supports bulk data import (e.g., from Excel), and includes built-in validation checks to prevent rejection of returns. The IRD should release the XML schema and the test environment for the data preparation tool simultaneously to ensure all market participants, regardless of size, have equal time to prepare.
(7) On reporting of gross proceeds from the sale or redemption of relevant crypto-assets, do you have any views on adopting the default treatment in requiring RFIs to report the relevant information under both CRS and CARF?
Response:
We strongly support the default treatment (dual reporting) over the optional treatment, despite the apparent redundancy. The "optional treatment" (which would allow RFIs to omit CRS reporting if the proceeds are already reported under CARF) introduces significant technical complexity. It would require RFIs to build complex reconciliation logic to check transaction-by-transaction whether a specific asset was reported under CARF before deciding to exclude it from CRS. Adopting the default treatment means RFIs simply report the gross proceeds under CRS regardless of CARF status. This eliminates the risk of under-reporting due to matching errors and reduces the cost of building exclusion logic into reporting engines. And most jurisdictions are expected to adopt the default treatment. Aligning with the global standard ensures that Hong Kong RFIs with regional operations can use a standardized reporting logic across different branches.
8) Do you have any views on the proposed mandatory registration for all RFIs in Hong Kong?
Response:
We accept the proposal for mandatory registration but request a simplified mechanism for "Nil Reporters" and Investment Entities. To our best understanding this proposal stems from OECD peer review recommendations to help the IRD ascertain the full population of RFIs. We acknowledge that Hong Kong must maintain its "compliant" rating to remain a competitive financial center. One of the drawbacks is that, for many private investment entities (which are classified as RFIs but may not have reportable accounts), this adds an administrative layer. We propose that if an RFI is already registered under CARF or has a Business Registration (BR) number, the CRS registration should be a simple "tick-box" activation on the existing portal rather than a completely new application process. Furthermore, as mentioned in the consultation, the requirement to hold a digital certificate (e-Cert) for every single RFI entity is logistically difficult for fund managers managing hundreds of funds; we strongly urge the IRD to consider allowing "service provider" or "fund manager" level authentication for multiple underlying RFIs.
(9) Do you have any views on the proposed amendments to the record keeping requirements for RFIs?
Response:
We generally agree with the alignment of record-keeping periods but, similar to our view on CARF, we have reservations regarding post-dissolution liability. The proposal requires that if an RFI is dissolved, the officers (directors) must ensure records are preserved. For the fund industry, where Special Purpose Vehicles (SPVs) are frequently set up and dissolved after an asset sale, indefinite personal liability for directors is problematic. The legislation should explicitly allow the appointment of a regulated third-party service provider (such as the fund administrator or corporate secretary) to assume the legal responsibility for record retention post-dissolution, relieving individual directors of the personal storage burden provided they have engaged a compliant vendor.
(10) Do you have any views on the enhanced penalty framework for CRS?
Response:
We support the introduction of the administrative penalty mechanism to expedite case resolution but urge a "graduated" approach to the new penalty levels. The current system, which often requires court proceedings for penalties, is slow and costly. An administrative penalty system (as proposed to align with CARF) is more efficient for straightforward cases of late filing. The consultation proposes enhancing penalties to ensure "deterrence," responding to OECD peer reviews. However, penalties based on "per account" or "per day" metrics can escalate rapidly for large financial institutions due to minor data glitches. There should be a cap on penalties for operational errors where no tax evasion intent is found. We suggest a "reasonable excuse" defense be clearly codified for cases where RFIs relied on valid self-certifications that later turned out to be false, provided the RFI performed standard due diligence. As the penalty regime is being "enhanced," the IRD should grant a "soft landing" period (e.g., 12 months) after the law comes into effect where warning letters are issued instead of immediate financial penalties for first-time administrative oversights.
If you have any queries, please feel free to contact Officer, Dr. Ricky Yeung ( / ) or contact me ( / ).
Yours sincerely,
[Signature] [Chop]
Mofiz Chan
Chairman
Hong Kong Securities & Futures Professionals Association
1/F, Siu Ying Commercial Building, 151-155 Queen's Road Central.
Latest Advocacy Papers
Opinion letter of 2026-27 Budget
2026-01-19