The Hong Kong Securities and Futures Commission ("SFC") announcedon 29 September 2017 the launch of its regulatory sandbox (the "Sandbox"), where the regulator finally caught up with other Asian jurisdictions such as Singapore and Malaysia, as well as the Hong Kong Monetary Authority ("HKMA") (see our previous postfor further information about the sandboxes launched by the Monetary Authority of Singapore ("MAS"), Bank Negara Malaysia and HKMA. Note that the MAS has issued the final sandbox guidelines in November 2016). Prior to the launch of the Sandbox, the only major Fintech-related initiatives that the SFC has taken was the establishment of a “Fintech Contact Point” and a “Fintech Advisory Group” back in March 2016.

Similar to sandboxes in other jurisdictions, the Sandbox aims to provide a confined regulatory environment for qualified firms to operate Fintech-driven activities before the related services are provided to the wider investing public. However unlike other sandboxes, the SFC’s proposal is very thin on details, and perhaps more importantly, it does not explicitly refer to any potential relaxation of legal/regulatory requirements for firms that are testing their Fintech solutions in the Sandbox. Indeed, the SFC has stated in its Circular that “[T]he Sandbox should not be viewed as a means to circumvent the applicable legal and regulatory requirements”, although it remains to be seen whether the SFC may consider relaxing certain legal/regulatory requirements on a case-by-case basis, provided that the relaxation “will not compromise regulatory requirements which are key to investor protection”. It is also curious to see the SFC’s emphasis on a qualified firm meeting the financial resources requirements, whereas the MAS has identified requirements on capital adequacy, liquid assets, cash balances, and financial soundness in general as ones that it is prepared to consider relaxing for the duration of the sandbox.

Key features of the Sandbox include:

  • Eligibility: both licensed corporations and start-ups that intend to carry on a regulated activity (such start-ups will be required to apply for and obtain the appropriate licence and to comply with the financial resources requirements the same way as other licensed corporations) may access the Sandbox, provided that the firm: (i) is fit and proper: (ii) utilises innovative technologies; and (iii) can demonstrate a genuine and serious commitment to carry on regulated activities through the use of Fintech. The SFC also expects that the establishment or activities of these firms should increase the range and quality of products and services for investors and benefit Hong Kong‘s financial services industry.


The SFC however has noted that it expects the “great majority” of corporate licence applicants (including firms that use Fintech) would simply go through the regular licensing process without the need to enter the Sandbox.

  • Licensing and supervision: licensing conditions that the SFC may impose on a qualified firm for investor protection purposes may include: (i) limiting the types of clients which the firm may serve or the maximum exposure of each client; (ii) requiring the firm to put in place compensation schemes for investors; and (iii) requiring the firm to submit to periodic audits by the SFC.


Unsurprisingly, qualified firms may be subject to more intense supervision by the SFC when operating in the Sandbox. The SFC hopes that such closer monitoring and supervision would assist firms in refining their business models and addressing risks and compliance concerns at an early stage.

  • Investor protection: qualified firms are expected to have adequate investor protection measures in place to address actual or potential risks or concerns identified while operating in the Sandbox. Such measures may include notificatoin to clients that they are operating in the Sandbox, and disclosure of the potential risks and any available compensation arrangements.


  • Exit from the Sandbox: a qualified firm may apply to the SFC for removal or variation of some or all of the licensing conditions once the firm has demonstrated that its technology is reliable and fit for purpose, and its internal controls have adequately addressed any risks identified. The firm would then be permitted to conduct regulated activities and would be subject to the SFC’s supervision in the same way as licensed corporations that operate outside the Sandbox. 


It is hoped that the SFC will be issuing further guidance on the operation of the Sandbox, including an application template, elaboration on the factors that it would take into account when assessing an application to access the Sandbox, as well as indicative timelines. Clarification on whether the regulator might consider relaxation/suspension of the application of applicable legal/regulatory requirements would also be very welcome.