Hong Kong's Stablecoin Second Round Is Forming: Here Is What the HKMA Will Be Watching

This is the second article in a series on Web3 infrastructure readiness for Hong Kong's regulated stablecoin ecosystem. Read Part 1: 

Hong Kong’s Stablecoin Issuers Licensing Is Coming — Is Your Web3 Infrastructure Ready?

TL;DR * Hong Kong is preparing to launch its stablecoin licensing regime, accelerating the development of a regulated digital asset ecosystem. * Institutions seeking a stablecoin issuer license will need infrastructure that supports operational resilience, security, governance, and auditability. * The HKMA Stablecoin Issuer Guidelines emphasize requirements such as operational risk management,

NoditNodit Team

TL;DR

• Asia is responsible for 60% of global stablecoin payment volume, around $245 billion a year. The infrastructure serving that market is nowhere near as developed as in the US or Europe.
• The HKMA issued 2 licenses from 36 applications. Before it considers more, it will watch how those two perform in a live market. Eddie Yue called it explicitly: test first, expand later.
• Bank of China (Hong Kong), a note-issuing bank, was reportedly among those planning to apply — and didn't make the first batch. What got institutions approved was preparation, not who they are.
• The HKMA doesn't hand out compliance. It watches for it. How an institution operates day-to-day is its compliance record, because that's what regulators actually look at.
• When new licenses do come, there won't be many. The time to prepare is now, before the line gets long again.

Asia Is Where the Volume Is, and Where the Standard Is Now Being Set

According to McKinsey & Company's February 2026 report, stablecoin payments originating from Asia represent 60% of global volume, approximately $245 billion annually, driven by Singapore, Hong Kong, and Japan. B2B payments alone grew 733% year-over-year in 2025, making Asia not only the largest stablecoin market by volume but the fastest-growing by use case.

Despite Asia’s leading role in stablecoin adoption, the supporting infrastructure remains relatively limited. Institutions in the United States and Europe can choose from a mature ecosystem of providers across payments, custody, compliance and settlement. In Asia, only a small number of providers serve the market, and several categories of institutional-grade infrastructure are still developing.

Hong Kong’s Stablecoins Ordinance, which took effect in August 2025, established one of Asia’s most comprehensive regulatory frameworks for stablecoin issuers. On April 10, 2026, the HKMA granted its first two licenses to HSBC and to Anchorpoint Financial, the Standard Chartered-led joint venture with Animoca Brands and HKT. Two approvals from 36 applications, a 5.6% approval rate.

The second round is now forming. For the 34 institutions still in the queue, and any institution newly considering an application, the benchmark is no longer theoretical. It has been demonstrated. The question is what meeting it actually requires.

The License Is Not the Finish Line. It Is the Beginning of Observation.

One detail has received less attention than it deserves: as of May 2026, neither licensed issuer has launched a stablecoin in circulation.

In remarks to legislators on May 5, 2026, Eddie Yue made the HKMA’s approach clear. The regulator will first observe how the initial stablecoins perform in live market conditions before considering additional approvals. This review will focus on whether actual risks and operational performance align with what issuers presented in their applications. Only after that assessment is complete will the HKMA determine whether to move forward with another licensing round.

Yue also noted that the number of licenses is expected to remain limited and will depend on market demand, operational outcomes, and any new risks that emerge. In practical terms, the HKMA has adopted a “test first, expand later” approach. The framework is deliberate and measured, with expansion based on demonstrated performance rather than market momentum alone. (Wen Wei Po, May 5, 2026)

Deputy Chief Executive Darryl Chan added further precision to what institutions must demonstrate before going live. The pre-launch checklist the HKMA expects issuers to clear includes systems meeting the required standard, risk controls operating properly, teams fully staffed and ready, foreign regulatory approvals secured for any cross-border use cases, and in some areas, independent third-party verification has been completed.

The requirement for independent third-party verification is particularly important. It indicates that internal assessments alone are not sufficient. Institutions must be able to support their operational readiness with evidence validated by an external party.

For second-round applicants, this reframes what preparation means. The goal is not to pass a submission review. It is to build an operational environment that a regulator can observe over months rather than days and find nothing to question. Because the HKMA will take its time between rounds, the institutions that begin building now are the ones that will be ready when the window opens.

In this context, compliance is not a one-time exercise or a set of documents prepared for review. It is an ongoing operational standard that infrastructure must support continuously under real-world conditions.

What Financial Regulators Actually Evaluate, and Why It Is an Infrastructure Question

The HKMA's supervisory approach is not unique to stablecoins. It reflects the standard that financial institution regulators have applied to payment systems, settlement infrastructure, and custody platforms for decades.

Regulators do not primarily evaluate whether a system performs well under normal conditions. Their primary concern is how the institution responds when something goes wrong.

At the core of every financial institution compliance review are three fundamental questions.

When the flow breaks, does the system keep running?

Node failures, transaction errors, data feed interruptions: every financial system encounters them. What regulators evaluate is whether the architecture has redundancy, failover mechanisms, and continuity controls that engage without manual intervention. An institution that cannot answer this with operational evidence rather than design documentation has not met the standard.

When an issue is identified, can it be resolved without delay?
Defined escalation paths, on-call protocols, a team with clearly assigned responsibilities in the right timezone and available at any hour. At its core, the HKMA's operational risk management requirements ask one thing: when something breaks at 3:00 AM Hong Kong time, what exactly happens next, and how fast?

After an issue, is there auditable evidence of what happened and why?

Not a summary that the problem has been resolved, but a structured Root Cause Analysis documenting what caused the incident, what was done immediately, and what systemic change prevents recurrence. This is the evidence chain regulators examine in supervisory reviews, and what separates operational accountability from operational luck.

These are infrastructure questions. They cannot be answered with policy documents or governance frameworks alone. They require a technical stack designed to answer them from the start, with logging, observability, incident management, and RCA processes built in rather than retrofitted before a deadline.

For a licensed stablecoin issuer operating under active HKMA observation, an infrastructure failure is not a technical incident. It is a compliance event, and one the regulator is specifically watching for before deciding whether to expand the list.

What the First Round Tells Second-Round Applicants

The first licensing outcome is more instructive than it appears, not because we know why 34 applications were not approved, but because of what the two approved institutions had demonstrably built.

1. HSBC HK

HSBC's path is equally instructive. Rather than entering through the sandbox, HSBC arrived at its license with an existing operational track record built through its Tokenised Deposit Service, which was already live across corporate clients in Hong Kong, Singapore, the UK, and Luxembourg before the stablecoin application was filed. What the HKMA observed was not a new technology proposal. It was a financial infrastructure already running in production.

2. Anchorpoint Financial

Anchorpoint Financial began exploring stablecoin issuance in early 2023. It entered the HKMA's Stablecoin Issuer Sandbox in July 2024 and filed its license application on August 1, 2025, the first day the Stablecoins Ordinance took effect. By the time the HKMA reached its April 10, 2026 decision, it had nearly two years of direct operational observation of Anchorpoint's systems, controls, and team performance in a supervised environment.

The sandbox work was not conceptual. Anchorpoint conducted live cross-border settlement trials that reportedly reduced transaction costs from $15,000 to $500 on $10 million transfers. The HKMA did not approve a business plan. It approved an institution whose operational capabilities had been demonstrated and observed over time.

Two institutions followed different paths. HSBC demonstrated its readiness through live operational deployment, while Anchorpoint Financial built its track record through the HKMA’s sandbox. Both were approved for the same reason: they provided operational evidence that the Hong Kong Monetary Authority could review and validate.

This reinforces a key point. The HKMA was not selecting the most compelling product vision. It was approving institutions that had already proven they could operate to the required standard.

But the interesting part, Bank of China (Hong Kong) is the third note-issuing bank and arguably the institution with the deepest political and institutional connections in Hong Kong's financial system. According to market sources reported at the time, BOCHK was among those planning to apply ahead of the September 2025 deadline, though neither BOCHK nor the HKMA has officially confirmed the status of any application. (Ledger Insights, September 2025) What is confirmed is that BOCHK was absent from the first batch, with no disclosed sandbox participation, no publicly named joint venture, and no observable product roadmap the regulator could evaluate against demonstrated capability.

The lesson is not that BOCHK will never receive a license. It is that institutional weight, even at the level of a note-issuing bank, does not substitute for demonstrated operational readiness built over time. The standard is about what an institution has built and shown, not who it is.

For institutions preparing second-round applications, that distinction matters. The door is not closed based on size, geography, or structure. It is open to any institution that can show the HKMA what Anchorpoint and HSBC each showed it in their own way: a live operational track record, observed over a meaningful period, supported by evidence.

How Infrastructure Connects to Compliance: The Gap Most Applicants Underestimate

As covered in detail in Part 1 of this series, the regulatory expectations set out in the HKMA's Guideline on Supervision of Licensed Stablecoin Issuers are, in substance, a set of infrastructure requirements — spanning system resilience, incident management, secure transaction records, data protection, and governance controls.

Many institutions still approach compliance as a documentation exercise. Governance policies, reserve disclosures, AML frameworks, and capital attestations are all essential, but they represent only the starting point. The real requirement is operational. Institutions must demonstrate that these controls are embedded in their infrastructure and can function reliably in a live production environment.

Each requirement in the table above represents an operational condition that infrastructure must satisfy in real time and in a live production environment.

A policy document describing how these conditions will be met is the starting point. The infrastructure that actually implements them is what the HKMA evaluates in the months following approval. Governance documentation can be written in weeks. Operational infrastructure takes months to build, test, and validate, and longer still to produce the kind of sustained, observable track record that regulatory examination rewards. The institutions that arrive at the next round ahead of this curve are the ones that started early.

What Institutional-Grade Infrastructure Looks Like in Practice

The requirements above are not abstract. They describe operating conditions that some infrastructure environments already meet and others do not.

Nodit supports dedicated node infrastructure for Upbit, Coinone, and Korbit. Especially Upbit is the largest cryptocurrency exchange in APAC by trading volume, processing billions of dollars in real transactions daily and consistently ranking among the highest-volume spot trading platforms in the world. Nodit processes over 1,100 requests per second across its infrastructure, with a combined daily request volume approaching 300 million. These are not benchmark figures from controlled environments. They are live operational metrics from production systems where infrastructure failure carries immediate financial consequences for millions of users.

South Korea operates one of the most rigorous and conservative regulatory environments for digital assets in the Asia-Pacific region. The Financial Services Commission (FSC) and Financial Supervisory Service (FSS) audit exchanges continuously across AML, user asset protection, and operational controls, and they don't let much slide. In this environment, surviving that scrutiny while simultaneously reaching the top three globally and ranking first in APAC for spot trading volume is itself the most credible form of infrastructure validation.

The Upbit FDI integration should be understood in that context. What Nodit supports is not a technical demonstration in a permissive environment. It is live operations under some of the most demanding regulatory conditions in the world.

Upbit's Financial Data Intelligence (FDI) team built the OTS (Onchain Tracer System) on top of Nodit's infrastructure — an AI-powered system that traces the flow of funds across wallets, tracking both deposit sources and withdrawal paths across multiple chains. The OTS provides actionable intelligence for law enforcement and public institutions, operating continuously at institutional scale. This is not a periodic reporting tool. It is a live operational layer purpose-built to follow money in real time, at the standard that regulators and investigators actually require.

How Upbit Strengthened Its Fraud Detection System with Nodit Web3 Data API

Case Study: Leveraging Nodit’s Web3 API for Blockchain Transaction Tracking With the rising number of crypto-related crimes, accurate and real-time blockchain data has become crucial for building robust fraud detection and investigation systems. Upbit, a leading global cryptocurrency exchange in South Korea, recognized this need and developed Onchain Tracer

NoditNodit Team

When something unexpected goes wrong, Root Cause Analysis kicks in as standard procedure. The goal is not to close the ticket. It is to understand what broke, trace back why it broke, and change something in the system so it cannot break the same way again. Each incident produces a report. Each report produces a change. Over time, the infrastructure gets harder to break, not because nothing goes wrong, but because every failure teaches it something.

Darryl Chan's pre-launch checklist covers systems that withstand stress, controls that function, and teams that are ready. It reads like a description of exactly this. The Upbit FDI story is not about what blockchain can do. It is about what it looks like to run financial infrastructure the way financial institutions actually run it, which happens to be the standard the HKMA now expects from every licensed stablecoin issuer.

Nodit holds SOC 2 Type II certification, that means an independent third-party auditor spent an extended observation period verifying that the security controls, availability commitments, and operational processes were actually running as described — not just written down somewhere. For an institution preparing an HKMA application, that certificate answers one of the hardest questions a compliance review asks: how do you prove your controls actually work, not just on paper?

Why APAC-Native Infrastructure Changes the Equation

Geography matters more here than it usually does.

Nodit runs its own physical infrastructure across Asia, with two data centers geographically separated to avoid any single point of failure. For stablecoin systems running continuously across Asian time zones, this matters directly to regulatory compliance.

Latency and response consistency

Infrastructure routed through data centers in North America or Europe introduces latency that affects settlement accuracy, reconciliation reliability, and the precision of real-time AML monitoring. APAC-native infrastructure eliminates the most common source of cross-regional response variance in institutional deployments.

Incident response without timezone gaps

When a system event occurs at 2:00 AM Hong Kong time, the response team should be awake rather than waking up on the other side of the world. Nodit's operational team works in the same timezone as the markets it serves. The three questions regulators ask — does the system keep running, can issues be resolved immediately, is there auditable evidence — all require a team that is present when incidents occur.

Redundancy by design

A facility-level failure at one IDC triggers automated failover to the second without manual intervention. The high-availability standard financial institutions are required to maintain is built into the architecture rather than configured on top of it.

The choice of infrastructure provider is itself a compliance decision. Every component of the operational stack will be evaluated at application and continuously afterward. An APAC-native partner with independently verified institutional credentials is not a convenience. It is a structural element of the regulatory case being built.

The Second Round Is Real. The Preparation Starts Now.

The HKMA has set its terms clearly. It will watch the first two stablecoins perform in a live market, compare reality against what was projected on paper, and only then decide whether and when to expand the list. The numbers will stay small. The window between now and that decision is not a waiting period. It is a preparation period.

The institutions that succeed in the next round will not be the ones that assembled the strongest application under deadline pressure. They will be the ones that built the right operational foundation early enough for a regulator to observe it over time.

Infrastructure is where that foundation begins. If your institution is preparing for Hong Kong's stablecoin licensing process, the time to build is now, and you do not have to build it alone.

🔎About Nodit

Nodit is an enterprise-grade Web3 platform that provides reliable node and consistent data infrastructure to support the scaling of decentralized applications in a multi chain environment. The core technology of Nodit is a robust data pipeline that performs the crawling, indexing, storing, and processing of blockchain data, along with a dependable node operation service. Through its new Validator as a Service (VaaS) offering, Nodit delivers secure, transparent, and compliant validator operations that ensure stability, performance visibility, and regulatory assurance.

By utilizing processed blockchain data, developers and enterprises can achieve seamless on chain and off chain integration, advanced analytics, comprehensive visualization, and artificial intelligence modeling to build outstanding Web3 products.

Homepage l X (Twitter) l LinkedIn