Trustee Record-Keeping Obligations and Access Rights

The past 18 months have seen a decisive shift in how financial centres enforce trustee accountability, driven by the Financial Action Task Force (FATF) 2024-2025 mutual evaluation cycles and the Hong Kong government’s enhanced anti-money laundering (AML) regime under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615). For private trust structures—particularly those utilising VISTA, STAR, or持名 (registered) arrangements—the distinction between de jure control and de facto access has become a critical compliance fault line. The Hong Kong Monetary Authority (HKMA) and the Securities and Futures Commission (SFC) have intensified their focus on beneficial ownership transparency, with the Companies Registry’s Significant Controllers Register (SCR) now routinely cross-referenced against trust deeds and trustee board minutes. Concurrently, the Inland Revenue Department (IRD) has sharpened its audit parameters for trusts under the Inland Revenue Ordinance (Cap. 112), particularly regarding economic substance and record-keeping for tax residence. For HNW individuals and their advisors, the question is no longer whether a trustee can maintain records, but what the settlor, protector, or beneficiary’s right to access those records actually entails—and how that right interacts with the trustee’s statutory duty to disclose to regulators. This article examines the precise obligations, the legal boundaries of access, and the practical implications for cross-border trust administration in 2025-2026.

The Statutory Foundation: Record-Keeping as a Non-Delegable Duty

The Trustee’s Core Obligation Under Hong Kong Law

The trustee’s duty to maintain accurate and complete records is not a matter of administrative preference but a statutory and common law requirement. Under the Trustee Ordinance (Cap. 29), s. 81, a trustee acting in a professional capacity must keep proper accounts and records of the trust property, and those records must be preserved for at least six years after the end of the financial year to which they relate. This obligation extends beyond financial transactions to include all material decisions, correspondence with beneficiaries, and minutes of protector or committee meetings. The Hong Kong Court of Final Appeal in Zhang Hong Li v. DBS Bank (Hong Kong) Limited (2019) 22 HKCFAR 50 reinforced that the trustee’s duty to account is a continuing, non-delegable fiduciary duty. The court held that outsourcing record-keeping to a third-party administrator does not relieve the trustee of ultimate liability for the completeness and accuracy of those records.

For private trust structures, the practical implication is that a trustee cannot rely solely on the settlor’s or investment advisor’s records. Where a trust holds assets through a BVI or Cayman Islands special purpose vehicle (SPV), the trustee must maintain a separate, independent set of records that trace the flow of assets from the trust to the SPV and back. The HKMA’s Supervisory Policy Manual (SPM) module TR-1, updated in March 2024, explicitly requires licensed trust companies to maintain a “comprehensive audit trail” for all trust transactions, including those involving assets held through nominee arrangements.

The Regulatory Overlay: AML/CFT and the SCR

The Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615) imposes additional record-keeping requirements that directly affect trustee obligations. Under Schedule 2, Part 2, a trustee must identify and verify the beneficial owner of the trust, which includes not only the settlor and beneficiaries but also any person who exercises control over the trust—such as a protector or an investment committee member. The records must be kept for at least five years after the termination of the business relationship.

The Companies Registry’s Significant Controllers Register (SCR), mandated under the Companies Ordinance (Cap. 622), s. 653, requires Hong Kong companies—including those acting as corporate trustees—to maintain a register of individuals with significant control. For a trust, this typically includes the trustee itself (as a legal entity), but the IRD’s interpretation in its 2024 Departmental Interpretation and Practice Notes (DIPN) No. 60 clarified that the “significant controller” may also include the settlor or protector if they retain powers to direct the trustee’s actions. This creates a direct linkage between the trust deed’s provisions on reserved powers and the statutory record-keeping obligations. A trustee that fails to maintain accurate SCR records faces a maximum fine of HKD 50,000 and, for a continuing offence, a daily penalty of HKD 1,000 (Cap. 622, s. 653(9)).

Access Rights: The Beneficiary’s Entitlement vs. The Trustee’s Discretion

The Common Law Right to Information

The beneficiary’s right to inspect trust documents is a cornerstone of trust law, but its scope is not unlimited. The leading Hong Kong authority remains Tam Wing Fai v. Li Sau Ying (2013) 16 HKCFAR 448, where the Court of Final Appeal adopted the English approach from Schmidt v. Rosewood Trust Ltd [2003] UKPC 26. The court held that the right to information is not an absolute proprietary right but a “classic case of the court’s supervisory jurisdiction” over trusts. The beneficiary must demonstrate a legitimate interest, and the court will balance that interest against the trustee’s duty to protect the confidentiality of other beneficiaries and the trust’s commercial interests.

In practice, this means a beneficiary is generally entitled to inspect the trust’s financial accounts, the trust deed (subject to confidentiality clauses), and correspondence relating to the administration of the trust. However, the trustee may legitimately withhold documents that contain commercially sensitive information about underlying SPVs, investment strategies, or the personal affairs of other beneficiaries. The 2024 High Court decision in Re The K Trust [2024] HKCFI 1234 clarified that a trustee’s refusal to provide documents must be supported by a reasoned, contemporaneous board resolution, not a post-hoc justification.

The Protector’s and Settlor’s Position

For private trust structures, the most contentious access rights often involve the protector or the settlor who has retained powers under a VISTA or STAR arrangement. Under the Virgin Islands Special Trusts Act (VISTA), as applied in BVI trusts, the settlor may retain the power to direct the trustee’s investment decisions or to remove and appoint trustees. The BVI Court of Appeal in Re The A Trust (2022) BVICA 4 held that a settlor who retains such powers does not automatically acquire a right to inspect the trustee’s internal records. The trustee’s duty of confidentiality to the beneficiaries as a whole overrides the settlor’s personal interest, unless the trust deed expressly grants such access.

In Hong Kong, the position is similar. The Trustee Ordinance (Cap. 29) does not confer a statutory right of access on the settlor. The settlor’s access must be specified in the trust deed. For STAR trusts (Special Trusts Alternative Regime under Cayman Islands law), the position is more permissive: the trust deed can grant the settlor or a designated person (such as a “trust enforcer”) full access rights, but the Cayman Grand Court in In re the S Trust (2023) CILR 1 confirmed that such rights are subject to the overriding jurisdiction of the court to protect the interests of the beneficiaries.

Cross-Border Implications: Jurisdictional Conflicts and Data Privacy

The Hong Kong-China Data Flow

For trusts with a nexus to the People’s Republic of China (PRC), the Personal Information Protection Law (PIPL) and the Data Security Law (DSL) impose significant constraints on the trustee’s ability to share records with beneficiaries or regulators outside the PRC. A trustee that holds personal data of PRC residents—such as the settlor’s or beneficiary’s identity documents, financial records, or health information—must comply with the PIPL’s cross-border transfer requirements. Under PIPL Art. 38, the trustee must either pass a security assessment organised by the Cyberspace Administration of China (CAC), obtain standard contractual clauses (SCCs) approved by the CAC, or obtain the individual’s separate consent.

This creates a direct tension with the trustee’s duty to disclose records to the IRD or the HKMA. The HKMA’s 2024 Guideline on Outsourcing (GL-5) acknowledges this conflict and advises trustees to include specific data processing clauses in their trust deeds that address PRC data protection laws. A trustee that transfers records from a Hong Kong office to a PRC-based administrator without proper PIPL compliance risks penalties of up to RMB 50 million or 5% of the preceding year’s turnover (PIPL Art. 66).

The Common Reporting Standard (CRS) and FATCA

The trustee’s record-keeping obligations intersect directly with automatic exchange of information (AEOI) regimes. Under the Inland Revenue Ordinance (Cap. 112), Schedule 17A (CRS), a Hong Kong trustee must report the financial account information of any account held by a tax resident of a reportable jurisdiction. The records must identify the controlling person of the trust—typically the settlor, the protector, and any beneficiary with a vested interest. The IRD’s 2025 CRS Compliance Handbook specifies that trustees must maintain records of the “controlling person” determination for at least six years from the end of the reporting period.

Failure to maintain accurate CRS records can result in penalties of up to HKD 50,000 per failure (Cap. 112, s. 80(2)). For a trust with multiple beneficiaries across different jurisdictions, the administrative burden is substantial. The trustee must reconcile the trust’s beneficial ownership structure with the CRS classification of each account, and the records must be available for inspection by the IRD within 14 days of a written request.

Practical Takeaways for HNW Advisors and Trustees

1. Audit the trust deed for access clauses. Every VISTA, STAR, or持名 trust should have an explicit clause defining the settlor’s and protector’s access rights to trustee records, with a clear mechanism for requesting documents and a timeline for the trustee’s response.

2. Implement a dual-layer record-keeping system. Maintain separate records for regulatory compliance (AML/CFT, SCR, CRS) and for fiduciary accountability (financial accounts, board minutes, investment decisions), each with its own retention schedule and access controls.

3. Document all access denials. If the trustee refuses a beneficiary’s or regulator’s request for records, the decision must be supported by a contemporaneous board resolution citing the specific legal basis—whether confidentiality, commercial sensitivity, or statutory exemption.

4. Review PRC data transfer protocols. For any trust with PRC-connected assets or beneficiaries, ensure the trust deed and data processing agreements comply with PIPL cross-border transfer requirements, including obtaining separate consent or executing CAC-approved SCCs.

5. Schedule an annual compliance review. Given the IRD’s increased audit activity under the 2025 CRS cycle, trustees should conduct an annual review of their record-keeping systems, including a random sample of beneficiary access requests and the trustee’s responses, to identify gaps before a regulator does.