Cyber fraud continues to pose a significant threat to businesses and individuals in Hong Kong and elsewhere around the world. According to the official statistics for Hong Kong, 2022 saw a significant increase of deception cases of over 8,000 cases, over 70% of which were Internet-related. The Hong Kong Police has developed a ‘No Consent Regime’, which encompassed a practice of issuing so-called ‘Letters of No Consent’ to banks for accounts which contain suspected proceeds of crime, thereby triggering informal bank freezes on these accounts.

While Hong Kong has yet to enact specific legislation on cybercrime or cybersecurity, this will soon change with the announcement of the proposal to enact a new cybersecurity law during the Chief Executive’s 2021 Policy Address and the issuance of a consultation paper on “Cyber-dependent crimes and jurisdictional issues” by the Hong Kong Law Reform Commission.

Since finding that the Police’s use of a “No Consent Regime” (“Regime”) in freezing accounts that contain suspected proceeds of crime was unlawful and unconstitutional, the Hong Kong Court of First Instance has now handed down its decision on relief and costs in Tam Sze Leung & Ors v. Commissioner of Police [2022] HKCFI 772.
The Court declared that the Letters of No Consent (LNCs) in issue and the Regime “as operated” by the Police are: (i) ultra vires Sections 25 and 25A of the Organized and Serious Crimes Ordinance (OSCO) (Cap. 455); and (ii) incompatible with Articles 6 and 105 of the Basic Law, as the Regime as operated by the Police is not prescribed by law and is disproportionate

Cyber fraud remains a significant risk to businesses and individuals. In the 11 months to November 2021, over 500 phishing scams, worth more than HKD 1.4 billion in losses, were reported to the Hong Kong Police. The Police have been developing and will soon launch a free software to assist businesses in identifying phishing scams.

Cybersecurity from compliance to crisis – With the ever-increasing threat of ransomware and other cybercrime, we offer a bird’s eye view of cybersecurity strategy focused on addressing risks, keeping up with regulatory and compliance issues, and managing a cyber crisis.
In our Deciphering Data Webinar Series, we provide a global perspective of what’s keeping executives awake at night with the world’s threat actors becoming seemingly more sophisticated every day, and give practical guidance on how to address these risks and concerns and prepare companies for challenges ahead.

We have seen a noticeable increase in the prevalence and sophistication of cyber fraud incidents in recent years. This has led to a substantial rise in civil recovery actions, and as a result, we now have the benefit of key learnings from recent decisions by the Hong Kong Courts and other jurisdictions. This alert discusses some of the common themes and challenges victims of fraud may face in civil recovery actions, particularly in cases involving allegedly “innocent” recipients of tainted funds and competing victims pursuing recovery from the same finite pool of funds.

In brief Victims of cyber fraud have been using vesting orders – a means of direct recovery for victims of fraud – to recover stolen funds from fraudsters and subsequent recipients.  Often applied concurrently with a default judgment, vesting order is thought to be a convenient alternative to garnishee proceedings.…

A recent High Court decision in Yung Wai Tak Abraham William v. Natural Dairy (Nz) Holdings Ltd (in Provisional Liquidation) (17/08/2020, HCLA26/2018) [2020] HKCFI 2067 (“Decision”) held that a Hong Kong listed company and its wholly owned subsidiary were joint employers of the appellant whose main job was to serve the listed company as its company secretary, notwithstanding that the written employment contract was solely made with the subsidiary. The parent company was held liable for, inter alia, unpaid wages, statutory severance payment and payment in lieu of notice owed to the appellant by the subsidiary. In coming to its conclusion, the court applied the “overall impression” test set down by the Court of Final Appeal in Poon Chau Nam v Yim Siu Cheung,1 taking into account all relevant features of the parties’ relationship, including the proper interpretation of the written employment contract, the recruitment process, the services provided by the employee to the companies involved, the employer’s confession, and other contemporaneous documentary evidence.

In brief With the slowdown in economic activity globally due to COVID-19, the number of cyber fraud cases from around the world has surged. The Hong Kong Police, the Action Fraud (UK’s National Fraud & Cyber Crime Reporting Centre), and the Australian Cyber Security Centre, have all recorded a significant…