LicenseCompare

Securities and Futures Commission

Hong Kong corporate licensing requirements

Map the entity-level application: legal entity, permissions, ownership, governance, documents, capital/resources, controls, policies, and ongoing obligations.

Corporate requirements

  • - Hong Kong corporation or registered non-Hong Kong company with a real operating model
  • - Fit and proper controllers, directors, substantial shareholders, responsible officers, and managers
  • - Paid-up share capital and liquid capital aligned to the regulated activities and financial resources rules
  • - Compliance, AML/CFT, conflicts, complaints, dealing, custody, outsourcing, and technology controls

Application journey

  1. 1. Map business activities to SFO regulated activities and any exclusions.
  2. 2. Confirm client type, product scope, marketing footprint, and whether Type 1, Type 4, Type 9, or multiple activities apply.
  3. 3. Prepare responsible officer evidence, MIC chart, compliance manual, business plan, financial resources, and supporting policies.
  4. 4. Submit the corporation and individual applications through SFC channels and respond to information requests.
  5. 5. Before launch, align client onboarding, disclosures, dealing flows, AML/CFT, and public register verification.

Documents and controls

  • - People and competence: Shows that named individuals can perform or supervise the regulated work.
  • - Ownership and controllers: Explains who owns, controls, funds, and benefits from the applicant.
  • - Governance and accountability: Allocates decision rights, oversight, senior responsibility, committees, and escalation.
  • - Capital and financial resources: Shows runway, prudential planning, and resource adequacy for the proposed permissions.
  • - AML/CFT and financial crime: Shows customer due diligence, sanctions, monitoring, suspicious activity, and escalation controls.
  • - Compliance framework: Turns rules into owned, scheduled, evidenced operating controls.
  • - Custody and client assets: Explains whether client assets are held, controlled, safeguarded, deducted from, or avoided.
  • - Outsourcing and vendors: Shows that outsourced work is selected, supervised, escalated, and replaceable.
  • - Cyber and technology controls: Shows platform resilience, access control, business continuity, incident response, and data protection.
  • - Complaints and conduct: Shows conduct risk ownership, customer handling, and escalation for complaints or disputes.
  • - Regulatory reporting: Shows that recurring reports, filings, amendments, attestations, and register changes are owned.
  • - Financial forecasts: Connects business plan, revenue assumptions, costs, capital, and runway to the applicant entity.
  • - Wind-down and exit planning: Shows how clients, assets, records, complaints, and obligations would be handled if the business stops.

Capital and timeline

Capital and liquid capital expectations depend on regulated activity, whether client assets are held, and other SFC financial resources requirements.

Timeline estimate: Typically 4 to 8+ months after a serious application pack is ready.

Common bottlenecks

  • - Responsible officers without enough authority, availability, local experience, or activity-specific competence
  • - Business plans that do not match the regulated activities requested
  • - Weak financial resources calculations or unclear custody/client asset model
  • - Outsourcing, trading, conflicts, and AML controls drafted generically rather than around the proposed business