In today’s global marketplace, disputes are growing in number and complexity. Businesses are facing intense competition and must manage the risks and challenges in doing business locally and internationally. Higher accountability standards and tighter regulatory scrutiny increase exposure and vulnerability.

Cyber fraud continues to pose a significant threat to businesses and individuals in Hong Kong and elsewhere around the world. According to the official statistics for Hong Kong, 2022 saw a significant increase of deception cases of over 8,000 cases, over 70% of which were Internet-related. The Hong Kong Police has developed a ‘No Consent Regime’, which encompassed a practice of issuing so-called ‘Letters of No Consent’ to banks for accounts which contain suspected proceeds of crime, thereby triggering informal bank freezes on these accounts.

While Hong Kong has yet to enact specific legislation on cybercrime or cybersecurity, this will soon change with the announcement of the proposal to enact a new cybersecurity law during the Chief Executive’s 2021 Policy Address and the issuance of a consultation paper on “Cyber-dependent crimes and jurisdictional issues” by the Hong Kong Law Reform Commission.

Since finding that the Police’s use of a “No Consent Regime” (“Regime”) in freezing accounts that contain suspected proceeds of crime was unlawful and unconstitutional, the Hong Kong Court of First Instance has now handed down its decision on relief and costs in Tam Sze Leung & Ors v. Commissioner of Police [2022] HKCFI 772.
The Court declared that the Letters of No Consent (LNCs) in issue and the Regime “as operated” by the Police are: (i) ultra vires Sections 25 and 25A of the Organized and Serious Crimes Ordinance (OSCO) (Cap. 455); and (ii) incompatible with Articles 6 and 105 of the Basic Law, as the Regime as operated by the Police is not prescribed by law and is disproportionate