Global menu

Our global pages


HKMA publishes DLT Whitepaper 2.0

  • Hong Kong
  • Banking and finance
  • Financial services - Digital Financial Services
  • Technology, Media and Telecoms


On 25 October 2017, the Hong Kong Monetary Authority (“HKMA”) published the Whitepaper 2.0 (“Whitepaper 2.0”) on Distributed Ledger Technology (“DLT”). This Whitepaper 2.0 provides practical advice on over 20 governance, control, legal and compliance issues related to the deployment of DLT, which the HKMA intends to turn into a set of guidelines for the use of DLT by financial institutions in the future.


Whitepaper 2.0 follows the first Whitepaper on DLT released in November 2016. The first Whitepaper provided an in-depth introduction of DLT and described the three Proof-Of-Concept (“POC”) projects carried out by the HKMA, the Applied Science and Technology and Research Institute and other local banks relating to (i) trade finance, (ii) mortgage loan applications and (iii) identity management around digitalization of know your customer. The Whitepaper 2.0 provides an update of the development of DLT and draws experience from these completed POC projects.


The Whitepaper 2.0 identifies and discusses seven baseline compliance issues particularly relevant to any DLT implementation, namely,

  1. anti-money laundering (“AML”) and counter-financing of terrorism (“CFT”);
  2. systemic risk;
  3. technology and operational risks;
  4. reporting and transparency;
  5. governance and controls;
  6. cybersecurity; and
  7. legal issues.

These serve as a solid starting point for financial institutions to understand the risks in deploying DLT to prevent any after-event or “bolt-on” measures. The Whitepaper 2.0 further suggests solutions on how these risks may be mitigated and sets out existing regulations relevant to deploying DLT, especially in the areas of AML and CFT and technology and operational risks.

Governance and control

The Whitepaper 2.0 also explores key general principles in the areas of (i) governance, (ii) security management, (iii) system development and change management; (iv) information processing and (v) communication networks.

It further recommends financial institutions to refer to HKMA’s Supervisory Policy Manuals (SPMs) on General principles for technology risk management (TM-G-1) and Business continuity planning (TM-G-2) and other relevant guidelines when applying the these general principles.

Legal considerations

The legal issues address and apply to all three POC projects and take into account legal requirements in overseas jurisdictions. These issues are:-

  1. legal basis – the validity and enforceability of digitized documents and digital signatures;
  2. data protection and privacy – DLT’s characteristics of accessibility and immutability raises compliance concerns surrounding personal data collection and retention;
  3. cross-border and localisation issues – the cross-border nature of DLT means that financial institutions should be reminded of the potential conflicting regulations relating to data localization and restriction on external transfer of personal data;
  4. smart contracts – the legal basis and effects of smart contracts, in particular, the desirability for parties to have in place a pre-governance structure and an “escape hatch” (i.e. the ability to modify or undo the smart contracts);
  5. liability – the liability of participants associated with the use of DLT platform and how this may be addressed by contractual terms, factoring in sufficient risk capital and/or taking out insurance coverage;
  6. competition/anti-trust – fair competition and anti-trust practice concerns may arise where DLT users impose technological barriers for new members to join the ledger that enable or facilitate monopolies; and
  7. specific DLT applications – legal considerations on asset management, trade finance and digital ID management.

Next steps

Going forward, the HKMA will work with the financial industry and Fintech community to develop these findings and advice in the Whitepaper 2.0 into a set of practical guidelines for the use of DLT in the financial sector in the future. Financial institutions considering whether to deploy DLT designs and solutions are advised to familiarize themselves with the regulatory expectations set out in the Whitepaper 2.0 and to ensure that they have a sound understanding of the technology, as well as the adequate compliance and control measures in place at an early stage of developing DLT projects.