Hong Kong’s New Crypto Regulations: An In-Depth Look at CRP-1

The digital asset landscape is rapidly evolving, sparking a global need for clearer and more robust regulatory frameworks. Heightened price swings and potential for misuse necessitate vigilant oversight. In response to these growing concerns, the Hong Kong Monetary Authority (HKMA) released a draft of a new module, CRP-1 (“Cryptoasset Classification”), as an addition to their Banking Supervisory Policy Manual (SPM) in September 2025. The HKMA invited comments from local banking institutions to refine the policy.

This revised regulation seeks to reconcile innovation with prudent risk management, providing enhanced guidance to banks engaging with cryptoassets. This article will analyze the key provisions of CRP-1, juxtapose them with comparable policies in other regions, and assess the changes’ effects on cryptocurrency market participants.

1. Understanding the Core of Hong Kong’s CRP-1 Rules

(I) Fundamental Definitions: Supervision and Scope

The CRP-1 regulation precisely defines the parameters of cryptoasset regulation. Cryptoassets are defined as assets that primarily rely on cryptography and distributed ledger technology (DLT), or similar technological methods, that are applied for payment, investment, or acquisition of goods and services. Digital currencies issued by central banks are specifically excluded from the scope. This precision clarifies the definition of cryptoassets to prevent overreaching regulation while ensuring its distinction from sovereign digital currencies.

These new regulations are applicable to all authorized financial institutions operating within Hong Kong. This includes traditional banks, banks with restricted licenses, and deposit-taking corporations. Given their crucial role in Hong Kong’s financial infrastructure, their engagement in crypto-related activities has direct implications for broader financial stability. Consequently, subjecting their practices to regulation enables proactive risk mitigation.

The new rules employ a comprehensive approach to risk mitigation. Financial institutions must manage risks related to their own holdings of cryptoassets, custody and trading services for clients, and indirect exposure through derivatives. This all-encompassing approach prevents regulatory circumvention by ensuring all crypto-related activities are appropriately managed.

(2) Central Classifications and Risk Grading

A core principle of CRP-1 involves assigning risk grades to cryptoassets, classifying them into Group 1 (low risk) and Group 2 (high risk). This classification is based on their inherent risk mitigation capabilities. Further details are outlined below.

2. Comparing CRP-1 to Global Standards (BCBS)

(1) The BCBS Standard: A Global Perspective

The Basel Committee on Banking Supervision (BCBS) is instrumental in shaping global banking regulations. In December 2022, the BCBS issued the “Prudent Treatment of Crypto-Asset Risk Exposures,” followed by the “Revision of Crypto-Asset Standards” in July 2024. This initiative establishes a globally harmonized framework for cryptoasset oversight. The underlying principle revolves around risk classification coupled with diligent control.

The BCBS standards prioritize preventing and managing risks tied to cryptoassets while maintaining adequate bank capitalization to protect the traditional banking sector and broader financial system from potential instability. The BCBS framework categorizes cryptoassets into Group 1 and Group 2 based on risk, imposing rigorous capital requirements for those deemed high-risk and promoting global regulatory cooperation to prevent jurisdictional arbitrage.

The BCBS standards emerged in response to the burgeoning growth and potential risks within the global crypto market. They offer internationally active banks a unified regulatory benchmark, aiming to balance financial stability with responsible innovation, and serve as a reference for regulators worldwide.

(2) The Integration of CRP-1 and BCBS Frameworks

The new CRP-1 regulations reflect key consistencies with BCBS standards, underscoring Hong Kong’s dedication to aligning with global regulatory practices as an international financial hub. For instance, both CRP-1 and BCBS classify cryptoassets into Group 1 and Group 2, prioritizing an asset’s risk management capabilities as the primary criterion. Compliant stablecoins, deemed relatively low-risk, fall under Group 1 in both frameworks, necessitating transparent legal structures and robust risk management strategies.

For assets carrying higher risks, both regulatory bodies enforce stringent capital reserve requirements to ensure financial institutions adequately manage associated risks, adhering to the principle that increased risk necessitates stricter control. Concerning funding supervision, CRP-1 largely mirrors the BCBS’s prudent management approach. The BCBS mandates that financial institutions maintain a reserve equivalent to 1250% of the asset’s value for certain high-risk cryptoassets to mitigate risk. CRP-1 also adopts this standard for Group 2b assets.

For highly liquid cryptoassets, the BCBS requires trading on regulated exchanges and achieving substantial market size. CRP-1 incorporates similar requirements for Group 2a assets, mandating trading on regulated exchanges and imposing thresholds for market capitalization and trading volumes. These thresholds are designed to ensure invested funds align with the asset’s risk profile.

Both CRP-1 and BCBS emphasize thorough supervision. The regulations encompass cryptoassets held directly by banks, assets involved in customer services, and indirectly associated risks. This comprehensive approach aims to eliminate regulatory gaps and promote cohesive global supervision.

3. Impact of CRP-1 on Cryptoasset Users

The implementation of the new CRP-1 regulations is causing shifts in banks’ cryptoasset operations, affecting trading options, custody practices, and cryptoasset usage. Trading limitations have tightened for assets and channels. High-risk Category 2b assets, like some NFTs and governance tokens, are not permitted through banks, prompting users to seek alternative, potentially less reliable, platforms. Category 1 assets offer greater security, but selection is limited. Category 2a assets require trading on licensed exchanges, necessitating stricter account procedures and higher requirements.

While the new regulations enhance asset security, providing priority fund recovery in the event of platform failures, stringent anti-money laundering requirements may reduce personal privacy. The price volatility of assets also differs across categories.

Holders of Category 2b assets are advised to prioritize platforms regulated by the Hong Kong Monetary Authority or those with international compliance qualifications, diversifying asset storage to avoid keeping everything in one place. Those focused on Category 1 assets can leverage bank security but will face a narrower range of purchasable items. Traders of Category 2a assets must prepare comprehensive documentation for exchange review.

Regardless of the assets held, restructuring portfolios and monitoring bank fees will be necessary to balance security and operational convenience with privacy protection.

Final Thoughts

Hong Kong’s CRP-1 regulation shows considerable foresight in the field of crypto asset regulation, offering new perspectives on industry growth and risk management. Hong Kong’s cryptoasset regulation is evolving and deepening. Moving forward, regulators must closely monitor global trends and bolster cross-border regulatory collaboration. The industry should establish reliable compliance communication mechanisms. Hong Kong is using CRP-1 as an opportunity to enhance regulatory technology, balance investor protection with innovation, and establish a global regulatory standard.