On 2 August 2016, Bitfinex, a Hong Kong exchange for the trading of digital currencies, announced that some of its customer accounts were hacked and bitcoins stolen. The value of the stolen bitcoins has been reported to be approximately US$65million or more.

In announcing the breach, Bitfinex suspended all trading on Bitfinex and all digital token deposits to and withdrawals from Bitfinex.

This alert brings together the key facts and the regulatory environment in which this is happening. Importantly, FinTech continues to be the dominant force in financial services. The real takeaway here is the role of risk mitigation as a counter-balance to innovation.

Market impact

The announcement of the hacking led to an initial slump in the value of bitcoin by approximately 15%. However, bitcoin’s value had largely recovered by 3 August.

Customer recourse

The recourse available to customers whose accounts were hacked is currently unclear. Bitfinex has stated that it will “look at various options to address customer losses” and that the theft has been reported to law enforcement.

Where are we at on regulation?

Bitfinex is not regulated by any Hong Kong financial regulator.

The Securities and Futures Commission (“SFC”) and the Hong Kong Monetary Authority (“HKMA”) have both made announcements in recent years focussing on bitcoin and other digital currencies.

To date, they have not sought to regulate bitcoin or other virtual commodities – for now, they sit within a regulatory abyss, depending on their legal structure. Rather, the SFC and the HKMA have focussed on three key issues:

  1. Money laundering and terrorist financing risk associated with virtual commodities, consistent with global concerns, as we reported in this alert. What this means in practice is that financial institutions are expected to exercise extreme caution in forming relationships involving bitcoin exchanges and other virtual commodities players.
  2. Cybersecurity, which is continuing to be a topical issue in the FinTech space and for banks and financial institutions generally. A good example of this is the HKMA’s recent Cybersecurity Fortification Initiative, which will include the establishment of a Cyber Intelligence Sharing Platform by the end of this year.
  3. Meanwhile, nurturing FinTech, to ensure Hong Kong remains competitive. This is a challenging subject for Hong Kong, as it pits financial regulation against innovation. Banks are de-risking to deal with the pressure cooker of local and international regulatory examinations and elevated compliance requirements, meaning that scores of FinTech companies are struggling to open accounts or having their existing accounts closed.

Various measures are underway to help bridge the chasm between these competing factors, including:

  • dedicated regulatory centres – the establishment of a Fintech Contact Point and Fintech Advisory Group by the SFC and a Fintech Facilitation Office by the HKMA; and
  • regulatory relaxations – yet to be announced, but set to help make life easier for start-ups and small businesses to open bank accounts. We are also involved in industry efforts to clarify and enhance the use of technology (including biometrics) as part of customer due diligence process, which should help provide pragmatic solutions.

However, it’s inevitable that the march of progress on innovation will be tempered by security breaches such as that suffered by Bitfinex and felt by its customers. As a result, we expect to see a renewed focus on the regulation of businesses trading in digital currencies

Going forward

FinTech continues to be the dominant force in financial services. The key for any new product or service is to strike the right balance between driving innovation and mitigating risk. The Bitfinex issue shouldn’t put a halt on innovation, but it emphasises the importance of understanding and mitigating risk. This is true for all types of FinTech – for example, see our recent alert on “Design-thinking a blockchain health check”.