Platform Operators are generally expected to consider the following factors (where applicable) when conducting due diligence on virtual assets:
(a) the background of the management or development team of a virtual asset or its known key members (if any), for example, the team maintaining the software and releasing updates to address vulnerabilities;
(b) the regulatory status of a virtual asset in Hong Kong, for example, whether it constitutes a security token, and whether its regulatory status would also affect the regulatory obligations of the Platform Operators;
(c) the supply, demand, maturity and liquidity of a virtual asset, for example, its market capitalisation, fully diluted market capitalisation, average daily trading volume, track record (where the virtual asset (except for a security token) should be issued for at least 12 months), whether other Platform Operators also provide trading for the virtual asset, whether there are market-makers or liquidity providers for the virtual asset, whether major holders of the virtual asset are subject to a lock-up period, the availability of trading pairs (eg, fiat currency to virtual asset), and the jurisdictions where the virtual assets have been made available for trading;
(d) the technical aspects of a virtual asset, for example, the security infrastructure of its blockchain protocol, the size of the blockchain and network, and especially how resistant it is to common attacks (eg, a 51% attack1 or similar attacks with an impact on transaction finality), the type of consensus algorithm, and the risks relating to code defects, breaches, exploits and other threats relating to the virtual asset and its supporting blockchain, or the practices and protocols that apply to them;
(e) the development of a virtual asset, for example, the outcomes of any projects associated with it as set out in its Whitepaper and any previous major incidents associated with its history and development;
(f) the market and governance risks of a virtual asset, for example, concentrations of virtual asset holdings or control by a small number of wallets, individuals or entities, price manipulation, fraud, and the impact of the virtual asset’s wider or narrower adoption on market risks;
(g) the legal risks associated with the virtual asset and its issuer (where applicable), for example, any pending or potential civil, regulatory, criminal, or enforcement action relating to its issuance, distribution, or use;
(h) whether the utility offered, the novel use cases facilitated, technical, structural or cryptoeconomic innovation, or the administrative control exhibited by the virtual asset clearly appears to be fraudulent or illegal, or whether the continued viability of the virtual asset depends on attracting continuous inflow into the virtual asset;
(i) the enforceability of any rights extrinsic to the virtual asset, for example, rights to any underlying assets, and the potential impact of the virtual asset's trading activity on the underlying markets; and
(j) the money laundering and terrorist financing risks associated with the virtual asset, for example, risks of a virtual asset with anonymity or privacy enhancing features.
(Key references: Paragraph 7.6 of the VATP Guidelines)