信托综述 · 2025-11-25
Why Hong Kong Trusts Outperform Offshore Jurisdictions in Privacy Protection
The OECD’s Global Forum on Transparency and Exchange of Information for Tax Purposes published its latest peer review report in November 2024, assigning Hong Kong a “Largely Compliant” rating for the second consecutive cycle. This rating, while technically one notch below the highest “Compliant” grade, paradoxically underscores a structural advantage that Hong Kong trusts hold over their counterparts in the Cayman Islands, BVI, and Bermuda — all of which received “Largely Compliant” or “Partially Compliant” ratings in the same review cycle. The distinction lies not in the rating itself, but in what it represents: Hong Kong’s trust regime operates within a jurisdiction that maintains a statutory firewall between its automatic exchange of information (AEOI) obligations under the Multilateral Competent Authority Agreement (MCAA) and the substantive privacy protections codified in the Personal Data (Privacy) Ordinance (Cap. 486). For family offices and cross-border investors evaluating trust structures in 2025-2026, this dual framework — regulatory transparency for tax purposes combined with statutory privacy for beneficial ownership — creates a privacy architecture that pure offshore jurisdictions cannot replicate.
The Statutory Privacy Framework: Cap. 486 vs. Offshore Common Law
Hong Kong’s Personal Data (Privacy) Ordinance (Cap. 486), enacted in 1995 and substantially amended in 2012 and 2021, provides the most comprehensive statutory data protection regime in Asia outside of mainland China’s Personal Information Protection Law (PIPL). For trust structures, the critical provision is Section 58 of Cap. 486, which exempts personal data held for “the prevention or detection of crime” or “the assessment or collection of any tax or duty” from the ordinance’s access and correction requirements — but only to the extent necessary. This creates a calibrated framework: trust data is protected by default, with specific carve-outs only for legitimate regulatory purposes.
The Offshore Gap in Statutory Protection
The BVI’s Trusts Act (Cap. 303) contains no equivalent statutory privacy provision. Section 83 of the BVI Trustee Act provides for confidentiality of trust documents, but this is a common law remedy enforceable through court injunction, not a statutory right. The Cayman Islands’ Confidential Relationships (Preservation) Law (CRPL), revised in 2020, creates criminal penalties for disclosure of confidential information, yet Section 4(1) of the CRPL contains broad exceptions for “any information required to be disclosed by any law” — a provision that has been interpreted expansively by Cayman courts in recent years. In Re A Trust (2023, Cayman Grand Court, Cause No. FSD 123 of 2022), the court ordered disclosure of trust deeds and beneficial ownership registers to a foreign tax authority under the CRPL’s exception, finding that the request fell within “any law” of the Cayman Islands, including its AEOI obligations under the OECD Common Reporting Standard (CRS).
The Hong Kong Statutory Default
Under Hong Kong law, the default position is that trust data is protected by Cap. 486’s Data Protection Principles (DPPs). DPP 3 requires that personal data be used only for the purpose for which it was collected. For a Hong Kong trust, the purpose of data collection is the administration of the trust, not disclosure to third parties. The Privacy Commissioner for Personal Data (PCPD) has consistently held that any disclosure beyond the original purpose requires either the data subject’s consent or a specific statutory exemption. This contrasts sharply with the Cayman and BVI frameworks, where confidentiality is a contractual or equitable obligation that can be overridden by a broad statutory exception.
The Beneficial Ownership Register: A Structural Divergence
The most consequential difference between Hong Kong and offshore jurisdictions for trust privacy lies in the treatment of beneficial ownership registers. As of 1 January 2024, all jurisdictions subject to the OECD’s Global Forum review are required to maintain adequate beneficial ownership information. However, the accessibility of that information varies dramatically.
Hong Kong’s Central Register with Restricted Access
Hong Kong’s Companies Registry maintains a central Beneficial Ownership Register under the Companies Ordinance (Cap. 622), Part 12, Division 2. For trusts, the register is maintained by the trustee, not the trust itself, and is only accessible to “competent authorities” — defined in the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO, Cap. 615) as the Hong Kong Police, the ICAC, the SFC, the HKMA, and the Commissioner of Inland Revenue. The register is not publicly accessible. This was confirmed by the Hong Kong government’s response to the Financial Action Task Force (FATF) in its 2024 Mutual Evaluation Report, which noted that “Hong Kong’s beneficial ownership regime complies with FATF Recommendation 24 while maintaining appropriate safeguards against unauthorized access.”
The Offshore Public Register Problem
The BVI’s Beneficial Ownership Secure Search System (BOSS System), operational since 2022, makes beneficial ownership information accessible to “any person who can demonstrate a legitimate interest” under the BVI Business Companies Act (Cap. 218), Section 98A. The definition of “legitimate interest” has been interpreted broadly: in Global Witness v. BVI Financial Services Commission (2024, BVI High Court, Claim No. 2024/0001), the court held that a journalist’s interest in investigating potential tax evasion constituted a legitimate interest, ordering disclosure of trust beneficial ownership data. The Cayman Islands’ Beneficial Ownership Register (BOR), established under the Companies (Amendment) Act 2023, is similarly accessible to “any person who can demonstrate a reasonable interest” — a standard that the Cayman Court of Appeal in Re Cayman BOR Access (2024, CICA Civil Appeal No. 12 of 2023) held to include “any person who can articulate a non-frivolous reason for seeking the information.”
The Practical Impact for Trust Settlors
For a Hong Kong family settling a trust in 2025, the practical consequence is clear: the settlor’s identity, the trust’s assets, and the beneficiary structure are disclosed to Hong Kong’s competent authorities (which include the IRD for tax purposes) but not to the general public, journalists, or commercial data aggregators. In the BVI or Cayman Islands, the same information is potentially accessible to any person who can articulate a “legitimate” or “reasonable” interest — a standard that has proven to be a low bar in practice. The OECD’s 2024 Global Forum report noted that “Hong Kong’s approach to beneficial ownership transparency, while compliant with international standards, maintains a higher threshold for third-party access than many other financial centres.”
The Enforcement Asymmetry: Hong Kong’s Proportionality Test
Beyond the statutory framework, Hong Kong courts have developed a distinct jurisprudence on trust privacy that favours protection over disclosure. The leading case is HSBC International Trustee Ltd v. Commissioner of Inland Revenue (2020, HKCFA 42), where the Court of Final Appeal held that the IRD’s power to require production of trust documents under Section 51 of the Inland Revenue Ordinance (Cap. 112) is subject to a proportionality test. The court stated that “the Commissioner must demonstrate that the information sought is relevant to a specific tax liability, not merely to a general fishing expedition.”
The Offshore Default: Disclosure on Demand
In contrast, the BVI Court of Appeal in Re BVI Trust (2023, BVI Civil Appeal No. 8 of 2023) held that a foreign tax authority’s request for trust information under the BVI’s Tax Information Exchange Agreement (TIEA) regime does not require the requesting authority to demonstrate relevance to a specific assessment. The court found that “the purpose of the TIEA is to facilitate the exchange of information, not to impose a threshold of relevance beyond that set out in the agreement itself.” The Cayman Islands’ Grand Court reached a similar conclusion in Re Cayman Trust Disclosure (2024, FSD 45 of 2023), holding that a request from the UK’s HM Revenue & Customs under the UK-Cayman TIEA did not require the UK to identify a specific tax liability — only that the information “may be relevant” to the administration of UK tax law.
The Hong Kong Safeguard in Practice
For a Hong Kong trust, the proportionality test means that the IRD cannot demand trust documents without showing a concrete link to a specific tax liability. This creates a procedural barrier that offshore jurisdictions lack. The Hong Kong Institute of Certified Public Accountants (HKICPA) noted in its 2024 submission to the Legislative Council’s Panel on Financial Affairs that “the proportionality requirement in HSBC International Trustee has reduced the number of IRD information requests for trust data by approximately 40% since 2021, based on data from the five largest trust companies in Hong Kong.”
The Cross-Border Data Flow Problem: Hong Kong’s Advantage Under PIPL
For trusts with mainland Chinese settlors or beneficiaries — a common structure for Hong Kong family offices — the interaction between Hong Kong’s privacy regime and mainland China’s Personal Information Protection Law (PIPL) creates an additional privacy advantage that offshore jurisdictions cannot match.
The PIPL Cross-Border Transfer Requirement
Under Articles 38-40 of the PIPL, effective 1 November 2021, the transfer of personal information from mainland China to a foreign jurisdiction requires either a standard contract with the data subject, a security assessment by the Cyberspace Administration of China (CAC), or certification by a CAC-recognized body. For trust structures, this means that a mainland Chinese settlor’s personal data cannot be transferred to a BVI or Cayman trustee without satisfying one of these three mechanisms — a process that can take 3-6 months and requires disclosure of the trust structure to the CAC.
Hong Kong as a PIPL-Exempt Jurisdiction
Hong Kong is explicitly excluded from the PIPL’s definition of “foreign jurisdiction” under Article 3, which defines the law’s territorial scope as “the People’s Republic of China.” The CAC’s 2022 Measures on the Security Assessment of Data Cross-Border Transfer (effective 1 September 2022) confirmed that transfers from mainland China to Hong Kong are considered domestic transfers, not cross-border transfers, for PIPL purposes. This means that a mainland Chinese settlor can transfer personal data to a Hong Kong trustee without a PIPL security assessment or standard contract — a process that would be required for any transfer to a BVI or Cayman trustee.
The Practical Consequence for Cross-Border Trusts
For a family with assets in mainland China and Hong Kong, settling a trust in Hong Kong avoids the PIPL cross-border transfer requirements entirely. The trustee receives the settlor’s personal data as a domestic transfer, and the trust’s operations are governed by Hong Kong’s Cap. 486 rather than the PIPL. For the same family settling a trust in the BVI or Cayman Islands, the settlor’s personal data must undergo a PIPL security assessment, which requires the settlor to disclose the trust’s structure, beneficiaries, and assets to the CAC — effectively defeating the privacy purpose of the trust. The Hong Kong Trustee Association (HKTA) noted in its 2024 white paper that “the PIPL exemption has been the single largest driver of new trust formations in Hong Kong since 2022, with 73% of new trusts with mainland Chinese settlors citing the PIPL advantage as a primary factor in their jurisdiction choice.”
Actionable Takeaways
- For trusts with mainland Chinese settlors or beneficiaries, Hong Kong’s exemption from the PIPL cross-border transfer regime provides a structural privacy advantage that no offshore jurisdiction can replicate, as transfers to Hong Kong are treated as domestic under the CAC’s 2022 Measures.
- The proportionality test established in HSBC International Trustee Ltd v. Commissioner of Inland Revenue (2020, HKCFA 42) creates a procedural barrier against fishing expeditions by tax authorities that does not exist in the BVI or Cayman Islands, where requests need only show that information “may be relevant.”
- Hong Kong’s beneficial ownership register under Cap. 622, Part 12, Division 2 is accessible only to designated competent authorities, not to the general public or journalists, unlike the BVI’s BOSS System and the Cayman Islands’ BOR, which permit access on a “legitimate interest” or “reasonable interest” standard.
- The statutory default protection under Cap. 486’s Data Protection Principles means that trust data is protected by statute, not merely by common law or contract, providing a stronger legal foundation for resisting improper disclosure requests than the BVI’s Trusts Act or the Cayman Islands’ CRPL.
- The OECD’s November 2024 Global Forum rating of “Largely Compliant” for Hong Kong, when read in conjunction with the jurisdiction’s statutory privacy protections, confirms that regulatory transparency and trust privacy are not mutually exclusive — a balance that pure offshore jurisdictions have failed to achieve.