Annette Lu, Head of Compliance APAC at Hex Trust, works at the intersection of regulation and institutional digital assets in one of the world’s most dynamic regions. In this interview with CP Media, she discusses how APAC jurisdictions such as Singapore and Hong Kong are shaping global standards for digital asset regulation. She also discusses why compliance has become a competitive advantage and how the industry is moving from Web3 experimentation to institutional-grade financial infrastructure. Her perspective offers a clear view into how regulation is defining the next phase of digital asset adoption across the region.
APAC’s Regulatory Landscape and Global Positioning
How would you describe the current regulatory landscape for digital assets across APAC? Which jurisdictions are shaping the direction of the market today?
The regulatory landscape for digital assets across APAC is defined by gradual convergence, while still preserving distinct jurisdictional characteristics. Unlike regions that have moved slowly or reacted only after market pressure, many APAC jurisdictions have taken a proactive approach. They have deliberately designed licensing frameworks that manage risk while supporting innovation.
Today, Singapore and Hong Kong are setting the direction for the region. Singapore’s Payment Services Act provides a principles-based, utility-driven licensing regime with a strong focus on asset safeguarding, segregation, technology risk management, and AML/CFT controls. Hong Kong, under the Securities and Futures Commission, is rapidly translating policy intent into full market infrastructure. It is building a comprehensive framework covering custody, dealing, intermediaries, and tokenised products, while positioning itself as a bridge between traditional capital markets and regulated Web3 innovation. Together, these approaches are shaping the regional benchmark for institutional digital asset adoption.
In your view, what has driven APAC to become a major hub for digital asset development? Is it innovation, competition among regulators, or something else?
The momentum comes from a unique convergence of proactive regulation and pragmatic institutional demand. It’s not simply regulatory competition. It reflects a deliberate commitment to setting global standards.
APAC regulators have shown a clear understanding that if they fail to define the regulatory structure, innovation will migrate outside regulated channels. By licensing institutional-grade players such as Hex Trust and establishing clear rules of engagement, regulators have created meaningful regulatory clarity. That clarity is the foundation required to attract large-scale traditional capital. Combined with Asia’s financial agility and deep talent pool, this structural certainty is what positions APAC as a global hub.
You’ve worked with multiple licensing regimes, including MPI in Singapore, VASP in the UAE, TCSP in Hong Kong, and MSO in Hong Kong. What are the most important differences in how these regions approach regulation?
While the statutory frameworks differ, the key distinction lies in each regulator’s primary focus.
Singapore’s MPI regime places strong emphasis on investor protection, asset safeguarding, and AML/CFT controls under the Payment Services Act. A central requirement is that client assets are held on trust, with bankruptcy-remote segregation.
Hong Kong’s TCSP and VATP regimes focus heavily on investor protection and alignment with existing financial legislation under the Securities and Futures Ordinance. The approach is to structure digital asset services so they meet traditional securities compliance thresholds.
The UAE’s VASP framework adopts a more accelerator-style model. It aims to establish the jurisdiction as a global hub by offering clear and efficient regulatory guidance, while still enforcing strict compliance with global AML/CFT standards, including the FATF Travel Rule.
Across all regions, the unifying shift is away from regulating assets themselves and toward regulating activities. The focus is on ensuring custody, dealing, and issuance functions meet institutional-grade governance standards, regardless of the underlying asset.
Regulatory Convergence and Global Alignment
Do you see global regulatory standards moving toward greater alignment, or are governments drifting further apart in their approaches?
We are clearly moving toward greater alignment, even if the process is gradual. The digital asset market is too globally interconnected for long-term divergence. Transactions routinely span multiple legal frameworks, which makes interoperability unavoidable.
Global standard-setting bodies such as the FATF and IOSCO are already defining baseline principles for AML/CFT and securities regulation. What we’re seeing now is jurisdictions learning from one another, particularly on issues such as stablecoin reserves, custody standards, and asset segregation. The objective is to move beyond fragmented national frameworks and establish a robust global compliance baseline.
How do you think the tightening regulatory environment in the US and the rollout of MiCA in Europe will affect APAC? Could this shift where Web3 businesses choose to operate?
Both MiCA and the evolving US regulatory environment act as powerful catalysts for clarity. When jurisdictions of that scale define their regulatory expectations, it forces a global reassessment.
MiCA introduces a single-market framework that sets a clear standard for European operations. It also becomes a global reference point for best practices, particularly around issuance and market conduct.
The US approach, while still fragmented, reinforces a critical message. Licensed and regulated operations are non-negotiable.
Taken together, this dynamic strengthens APAC’s position. It validates the early regulatory strategies of jurisdictions such as Hong Kong and Singapore. For Web3 businesses seeking stability and institutional credibility, the gravitational pull will increasingly favor markets where regulatory foundations are already established, particularly across APAC.
Regulators, Web3, and Institutional Engagement
How is the attitude of traditional financial regulators toward Web3 companies changing? Are they becoming more open to dialogue and innovation?
The regulatory mindset has evolved from scepticism to strategic engagement. Web3 is no longer viewed as a fringe concept. Regulators increasingly recognise it as a transformative layer of financial infrastructure.
Rather than simply enforcing rules, regulators are now actively co-designing frameworks with industry participants. Discussions now focus on practical mechanics, including how to structure tokenised assets safely, enable atomic settlement, and govern private key custody. As a regulated institution, Hex Trust plays a key role in this dialogue by translating technical capabilities into policy-relevant terms.
What are the main challenges crypto companies face when working to meet licensing requirements such as MPI, VASP, MSO, or TCSP?
The primary challenge is not understanding regulatory intent, but operationalising it effectively. Regulators expect high-level principles, such as asset segregation or risk-based AML, to be translated into measurable, auditable, and continuously enforced controls within the technology stack.
In practice, firms must navigate several challenges. These include managing cross-border fragmentation when reconciling divergent national rules for a single digital asset transfer. They must also demonstrate technological assurance by proving the legal and technical bankruptcy-remoteness of client assets through verifiable custody infrastructure, including HSMs and multi-party governance policies. In addition, firms must ensure governance scalability, maintaining consistent oversight and accountability across global entities under a unified risk mandate.
Compliance in Practice: The Hex Trust Experience
Hex Trust operates in several tightly regulated jurisdictions. What have been the most important regulatory milestones for the company, and how have they shaped your compliance strategy?
Hex Trust’s evolution has been defined by regulatory milestones. Each licence, whether Singapore’s MPI, Hong Kong’s TCSP, or the UAE’s VASP, represents more than an authorization. It serves as a structural pillar of our operating model.
These milestones have driven a shift from geographically siloed compliance to centralized governance based on the highest applicable standard. Operating across multiple regulated markets requires us to meet the most stringent requirements across all jurisdictions simultaneously. This results in a compliance-by-design approach, where controls are engineered to be universal, scalable, and institutionally credible. That commitment is a core differentiator for our clients.
From your perspective, what represents the gold standard of compliance for institutional digital asset players today, and how does Hex Trust maintain that standard across jurisdictions?
The gold standard is compliance by design, supported by verifiable data. It goes far beyond submitting policies on paper. It requires embedding risk controls directly into the technology architecture.
At Hex Trust, this standard is upheld through three mechanisms. First, legal and technical segregation ensures client assets are bankruptcy-remote through both trust structures and HSM-based, policy-enforced custody. Second, proactive governance is achieved through our proprietary Policy Engine, which enforces multi-layer approvals and real-time transaction monitoring with auditable outputs. Third, regulatory stacking ensures we comply with the most stringent requirements across all licences, raising our internal baseline globally.
When building a compliance framework from scratch, which 3 components are fundamental?
In the institutional digital asset space, three elements are non-negotiable.
First, cryptographic literacy in governance is essential. Compliance and legal teams must understand private keys, smart contracts, and consensus mechanisms. You can’t govern technical risk without understanding it.
Second, data-driven, real-time oversight is critical. Blockchain analytics and continuous AML/CFT screening must be embedded into daily workflows. Compliance needs to be proactive, not reactive.
Third, fit-for-purpose accountability is required. Legal and operational responsibility must be clearly assigned to qualified individuals who maintain oversight regardless of geography. This is how integrity is embedded at the leadership level.
Leadership, Strategy, and the Future of Compliance
What qualities does a compliance leader need to manage a global team effectively in a fast-moving industry?
A compliance leader in this sector must combine foresight with precision.
Key qualities include strategic curiosity, viewing regulation as a competitive advantage rather than a constraint. Translational expertise is also critical, enabling leaders to convert legal principles into concrete technical requirements for engineers and product teams. Finally, global policy unification is essential. Leaders must establish a single global risk mandate while allowing local entities to comply with jurisdiction-specific nuances.
How can companies turn regulatory compliance from a constraint into a driver of trust and growth?
Compliance provides the foundation for sustainable growth in digital assets.
That shift happens when firms move from reactive legal advisory to strategic risk governance. At Hex Trust, compliance is engineered into products at the design stage. As a result, new offerings, whether staking, tokenisation infrastructure, or trading services, launch with a predefined legal and risk framework.
For institutional clients, this means they are not adopting experimental technology. They are engaging with secure, auditable, and globally regulated financial infrastructure. In this way, compliance becomes a competitive moat that strengthens trust and accelerates institutional adoption.
As digital assets become part of the broader financial system, how do you see the role of compliance evolving?
Compliance will become more strategic, more technology-driven, and more focused on oversight, but its core function will fundamentally change.
It will transition from a checkpoint function into a strategic technology architect. Compliance will rely increasingly on AI-assisted monitoring and automated audit trails to match the speed and scale of digital asset markets. Teams will work directly with engineers to shape product roadmaps. Oversight will remain central, but it will be data-centric, providing real-time transparency to both internal and external stakeholders.
Ultimately, compliance will define the interoperability between traditional finance and the digital economy, becoming one of the most strategically influential functions within financial institutions. In that sense, compliance will not follow the market. It will quietly shape it.
