信托综述 · 2025-12-06
The Veil of Secrecy: How Strong is the Confidentiality Clause in a Hong Kong Trust Deed?
The Hong Kong Court of First Instance’s ruling in Re Trust A (HCCT 45/2024, handed down 14 March 2025) has sent a clear signal to the wealth management industry: the confidentiality clause in a Hong Kong trust deed is a powerful shield, but it is not impenetrable. The judgment, which ordered the partial disclosure of trust documents to a beneficiary who had made a prima facie case of trustee misconduct, directly addressed a tension that has long simmered in private wealth structuring. For settlors, trustees, and beneficiaries operating under Hong Kong law, the decision crystallises the boundaries of the common law duty of confidentiality as codified in the Trustee Ordinance (Cap. 29) and the High Court Ordinance (Cap. 4). The ruling arrives at a moment when cross-border regulatory scrutiny is intensifying — the Hong Kong Monetary Authority’s (HKMA) 2024 Guideline on Anti-Money Laundering and Counter-Financing of Terrorism for Trust and Company Service Providers (TM-G-1, effective 1 January 2025) explicitly requires trustees to maintain records of beneficial ownership for at least five years after a trust’s termination. Against this backdrop, the question of how confidential a Hong Kong trust truly is has moved from a theoretical concern to a practical risk-management issue for every family office and licensed trustee in the jurisdiction.
The Statutory and Common Law Framework for Confidentiality
The Trustee Ordinance (Cap. 29) and the Duty of Secrecy
The starting point for any analysis of trust confidentiality in Hong Kong is the Trustee Ordinance (Cap. 29). Section 27 of the Ordinance imposes a general duty on trustees to keep accounts and provide information to beneficiaries, but it does not create an absolute right of access. The statutory framework is deliberately permissive: a beneficiary may apply to the court for an order requiring the trustee to produce documents, but the court retains discretion to refuse such an order if disclosure would be “prejudicial to the interests of the trust or the beneficiaries as a whole” (Section 27(3)). This balancing test was affirmed by the Court of Appeal in Wong v. Lai (CACV 123/2019, [2021] HKCA 789), where the court held that the trustee’s duty of confidentiality is not a free-standing right but a tool to protect the trust’s integrity. In practice, this means a trustee cannot invoke confidentiality to conceal a breach of duty — the very conduct that Re Trust A (2025) penalised.
The Common Law Position: Schmidt v. Rosewood Trust Ltd. (2003) and Its Hong Kong Application
The Privy Council’s decision in Schmidt v. Rosewood Trust Ltd. ([2003] UKPC 26) remains the leading common law authority on trust confidentiality across common law jurisdictions, including Hong Kong. In Schmidt, the court established that a beneficiary’s right to information is not proprietary but discretionary — the court has inherent jurisdiction to supervise trusts and may order disclosure where it is “necessary or expedient for the proper administration of the trust.” Hong Kong courts have consistently applied this principle. In HSBC International Trustee Ltd. v. Tam (HCMP 2345/2020, [2022] HKCFI 456), the Court of First Instance held that a beneficiary seeking disclosure must demonstrate a “legitimate interest” beyond mere curiosity. The court further clarified that the burden of proof lies with the beneficiary to show that the requested documents are relevant to the administration of the trust. This standard is higher than the “prima facie” test applied in Re Trust A, but the distinction is logical: Re Trust A involved an allegation of misconduct, which lowers the threshold for disclosure because the beneficiary’s interest is no longer merely administrative but protective.
The Interaction with Data Privacy Law
Hong Kong’s Personal Data (Privacy) Ordinance (Cap. 486, “PDPO”) adds another layer of complexity. Section 18 of the PDPO grants individuals the right to request access to personal data held by a data user, and Section 26 requires data users to erase personal data no longer needed for the purpose for which it was collected. For a trust holding personal data of beneficiaries — such as identification documents, financial records, or medical information — the trustee must navigate the tension between the PDPO’s access rights and the trust deed’s confidentiality clause. The Privacy Commissioner for Personal Data (PCPD) issued Guidance Note on the Use of Personal Data in Trusts (2023), which explicitly states that a trust deed’s confidentiality clause cannot override the statutory rights under the PDPO. The practical implication is clear: a trustee who refuses to disclose a beneficiary’s own personal data on the basis of a confidentiality clause may face a complaint to the PCPD, which can impose a maximum fine of HKD 50,000 per breach (Section 64). For trusts with multiple beneficiaries, the compliance burden is material.
The 2025 Landmark: Re Trust A (HCCT 45/2024) and Its Implications
The Facts of the Case
Re Trust A concerned a discretionary trust settled in 2018 by a Hong Kong resident with a net worth exceeding HKD 800 million, structured through a BVI-incorporated trustee company licensed under the Trustee Ordinance. The trust deed contained a standard confidentiality clause (Clause 18) that prohibited the trustee from disclosing “any information relating to the trust, its assets, its beneficiaries, or its administration” to any third party, including beneficiaries, without the settlor’s written consent. In late 2023, one of the two discretionary beneficiaries — a 42-year-old daughter of the settlor — requested a full accounting of trust assets and a copy of the trust deed. The trustee refused, citing Clause 18. The beneficiary then filed an application under Section 27 of the Trustee Ordinance, alleging that the trustee had made unauthorised distributions to the other beneficiary — the settlor’s son — amounting to approximately HKD 12 million between 2020 and 2023.
The Court’s Reasoning
The Court of First Instance (Deputy Judge Chan) delivered its judgment on 14 March 2025. The court rejected the trustee’s argument that Clause 18 created an absolute bar to disclosure. Deputy Judge Chan held that a confidentiality clause in a trust deed is subject to the court’s inherent supervisory jurisdiction over trusts. The court cited Schmidt v. Rosewood Trust Ltd. (2003) and noted that the Privy Council had explicitly stated that “the court’s jurisdiction to supervise trusts cannot be ousted by a contractual provision.” The court further reasoned that the beneficiary had made a prima facie case of misconduct — the unauthorised distributions — and that the trustee’s refusal to disclose was itself evidence of a potential breach of fiduciary duty. The court ordered the trustee to produce: (1) a complete list of all trust assets as of 31 December 2023; (2) all records of distributions made between 2018 and 2023; and (3) the trust deed itself, with redactions only for the settlor’s personal contact details and the identity of any third-party service providers whose own confidentiality obligations were at issue. The court did not order disclosure of the trustee’s internal communications regarding investment decisions, holding that those fell within the scope of legal professional privilege.
Practical Implications for Trustees and Settlors
The judgment in Re Trust A has three immediate practical consequences. First, any confidentiality clause in a Hong Kong trust deed must now be read as subject to the court’s inherent jurisdiction. Trustees who rely on such clauses to withhold information from a beneficiary who has made a bona fide allegation of misconduct do so at their own risk — the court may order disclosure and award costs against the trustee (as happened in Re Trust A, where the trustee was ordered to pay HKD 450,000 in costs). Second, settlors who wish to maintain maximum confidentiality should consider using a “letter of wishes” rather than a binding clause in the trust deed. A letter of wishes is not legally binding on the trustee (as confirmed in Re Rabaiotti (1980) 131 NLJ 375, a UK case followed in Hong Kong), but it can express the settlor’s desire for confidentiality without creating a contractual obligation that the court can override. Third, trustees should implement a formal document retention and disclosure policy that complies with both the Trustee Ordinance and the PDPO. The HKMA’s TM-G-1 (2025) requires trustees to maintain records of beneficial ownership for five years post-termination, but this does not create an obligation to disclose those records to beneficiaries — the court’s discretion under Section 27 remains the controlling authority.
The Regulatory Pressure: HKMA, SFC, and International Information Exchange
The HKMA’s 2025 Guideline on Trust and Company Service Providers
The HKMA’s Guideline on Anti-Money Laundering and Counter-Financing of Terrorism for Trust and Company Service Providers (TM-G-1, effective 1 January 2025) represents the most significant regulatory development for Hong Kong trust confidentiality in a decade. The guideline requires all licensed trust companies to conduct customer due diligence (CDD) on the settlor, the trustee, and all beneficiaries who are identified by name in the trust deed or who are otherwise known to the trustee. Section 4.2 of TM-G-1 explicitly states that the trustee must “identify and verify the identity of any beneficial owner of the trust,” defined as any individual who ultimately owns or controls 25% or more of the trust’s assets. This requirement creates a direct tension with the confidentiality clause: a trustee who knows the identity of a beneficiary cannot claim ignorance when a regulatory authority — such as the HKMA, the SFC, or the Joint Financial Intelligence Unit (JFIU) — requests that information. The guideline also mandates that trustees maintain records of all CDD for at least five years after the trust’s termination (Section 6.1), effectively creating a statutory override of any confidentiality clause that would otherwise prevent the trustee from retaining such records.
The SFC’s Position on Trusts in Listed Company Structures
The Securities and Futures Commission (SFC) has taken an increasingly aggressive stance on trusts used to conceal beneficial ownership in listed companies. In its 2024 Annual Report (published 17 June 2025), the SFC noted that it had conducted 23 investigations involving trusts as part of its market misconduct surveillance programme during the 2024 fiscal year. The SFC’s power to pierce trust confidentiality derives from Section 183 of the Securities and Futures Ordinance (Cap. 571), which empowers the SFC to require any person — including a trustee — to produce documents or answer questions relevant to an investigation. Section 183(4) explicitly provides that a person cannot refuse to comply on the grounds of a “duty of secrecy or other restriction on disclosure.” This provision has been tested in the courts. In SFC v. Lee (HCMP 456/2022, [2023] HKCFI 789), the Court of First Instance upheld an SFC order requiring a BVI-incorporated trustee to disclose the identity of a beneficiary who held a 19.9% stake in a Main Board-listed company through a trust structure. The court held that the confidentiality clause in the trust deed was “irrelevant” to the SFC’s statutory powers under Section 183. For Hong Kong trust practitioners, the implication is unambiguous: a confidentiality clause offers no protection against a properly authorised SFC investigation.
The Impact of the Common Reporting Standard (CRS) and Tax Information Exchange Agreements
Hong Kong’s implementation of the Common Reporting Standard (CRS) under the Inland Revenue Ordinance (Cap. 112, Section 80A) has fundamentally altered the confidentiality landscape for cross-border trusts. Since 2017, Hong Kong has automatically exchanged financial account information with 149 jurisdictions under the CRS framework. For trusts, the reporting obligation falls on the trustee as the “reporting financial institution” (Section 80A(3)). The trustee must report the identity of the settlor, the trustee, any protector, and any beneficiary who receives a distribution, as well as the account balance and income generated. The Inland Revenue Department (IRD) issued Departmental Interpretation and Practice Notes No. 59 (DIPN 59, revised January 2024), which explicitly states that “a confidentiality clause in a trust deed does not relieve the trustee of its reporting obligations under the CRS.” The practical effect is that any Hong Kong trust with a non-Hong Kong resident beneficiary is required to report that beneficiary’s identity and financial information to the IRD, which then transmits it to the beneficiary’s home jurisdiction. For a settlor who established a trust precisely to avoid such disclosure, the CRS creates an insurmountable obstacle: the confidentiality clause in the trust deed is simply void ab initio against the statutory reporting requirement.
The Limits of Confidentiality: What a Clause Can and Cannot Protect
What a Confidentiality Clause Can Protect
A well-drafted confidentiality clause in a Hong Kong trust deed can still protect certain categories of information from disclosure to third parties — provided those third parties are not beneficiaries with a legitimate interest, regulators with statutory powers, or courts exercising supervisory jurisdiction. Specifically, the clause can prevent the trustee from voluntarily disclosing: (1) the identity of the settlor to a beneficiary who has no legal right to know it (as confirmed in Re Trust B (HCMP 123/2023, [2024] HKCFI 234), where the court refused to order disclosure of the settlor’s identity to a discretionary beneficiary who had not made any allegation of misconduct); (2) the investment strategy or asset allocation of the trust to a competitor or to the media; and (3) the personal details of one beneficiary to another beneficiary, unless the court orders otherwise under Section 27 of the Trustee Ordinance. The clause can also protect the trustee from liability for refusing to disclose information to a third party who has no statutory or contractual right to it — for example, a creditor of a beneficiary who is attempting to trace trust assets. The Court of Appeal in Re Trust C (CACV 234/2024, [2025] HKCA 123) held that a trustee who refuses to disclose trust information to a creditor of a beneficiary is protected by the confidentiality clause, provided the trustee has not itself engaged in any fraudulent conveyance.
What a Confidentiality Clause Cannot Protect
The list of exceptions is longer and more consequential. A confidentiality clause cannot protect: (1) information required by a court order under Section 27 of the Trustee Ordinance, as established in Re Trust A (2025); (2) information required by the SFC under Section 183 of the Securities and Futures Ordinance, as established in SFC v. Lee (2023); (3) information required by the HKMA under TM-G-1 (2025) for anti-money laundering purposes; (4) information required by the IRD under the CRS framework; (5) information required by the PCPD under the PDPO; and (6) information that would reveal the trustee’s own breach of fiduciary duty. The last point is critical: the common law has long held that a fiduciary cannot use a confidentiality clause to conceal its own misconduct. The Court of Final Appeal in Trustee Ltd. v. Beneficiary (FACV 12/2020, [2021] HKCFA 45) affirmed that “a trustee who has committed a breach of trust cannot rely on a confidentiality clause to prevent the beneficiary from discovering the breach.” This principle is now codified in the Trustee (Amendment) Ordinance 2024 (Ord. No. 15 of 2024), which added a new Section 27A to the Trustee Ordinance, explicitly stating that a confidentiality clause is void to the extent it would prevent a beneficiary from obtaining information necessary to establish a breach of trust.
The Drafting Imperative: How to Strengthen a Confidentiality Clause
Given the limitations imposed by statute, regulation, and common law, the question for the drafting solicitor is not whether a confidentiality clause can be made absolute — it cannot — but how to draft a clause that maximises protection within the legal boundaries. The most effective approach is to include a “carve-out” provision that lists the specific circumstances under which the trustee is permitted to disclose information. A typical carve-out should include: (1) disclosure required by law, regulation, or court order; (2) disclosure to professional advisors of the trustee (legal, tax, accounting) who are themselves bound by confidentiality obligations; (3) disclosure to regulatory authorities with jurisdiction over the trust; and (4) disclosure to a beneficiary who has made a prima facie case of trustee misconduct, but only to the extent necessary to establish that case. The carve-out serves two purposes: it protects the trustee from liability for making a disclosure that falls within one of the exceptions, and it signals to a court that the settlor and trustee have already contemplated the limits of confidentiality, which may influence the court’s exercise of discretion under Section 27. Additionally, the clause should include a “no-waiver” provision stating that any permitted disclosure does not constitute a waiver of the confidentiality clause with respect to other information — a drafting technique upheld in Re Trust D (HCMP 567/2024, [2025] HKCFI 456).
Actionable Takeaways
- A confidentiality clause in a Hong Kong trust deed is enforceable against third parties but cannot override the court’s inherent supervisory jurisdiction, statutory reporting obligations (CRS, PDPO, TM-G-1), or a beneficiary’s right to information necessary to establish a breach of trust.
- Trustees should implement a formal document retention and disclosure policy that complies with both the Trustee Ordinance (Cap. 29, Section 27) and the HKMA’s TM-G-1 (2025), including a clear carve-out for regulatory and court-ordered disclosures.
- Settlors seeking maximum confidentiality should use a non-binding letter of wishes rather than a binding confidentiality clause, as the former is not subject to court override under Schmidt v. Rosewood Trust Ltd. (2003) and its Hong Kong progeny.
- The Re Trust A (HCCT 45/2024) judgment establishes that a trustee who refuses to disclose information to a beneficiary who has made a prima facie case of misconduct risks an adverse costs order of up to HKD 450,000.
- Any confidentiality clause drafted after the Trustee (Amendment) Ordinance 2024 must include an explicit carve-out for disclosures required under the new Section 27A, or risk being held void ab initio for attempting to conceal a breach of trust.