Circular to Licensed Corporations Engaged in Internet Trading
Implementation of the Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading

27 Oct 2017



The Securities and Futures Commission (SFC) today released Guidelines to Reduce and Mitigate Hacking Risks Associated with Internet Trading (Guidelines) issued under section 399 of the Securities Futures Ordinance. The Guidelines set out 20 baseline preventive, detective and other control requirements for the industry to improve cybersecurity resiliency1. One key control, the implementation of two-factor authentication for clients to login to their internet trading accounts, will take effect on 27 April 2018, while all other requirements will take effect on 27 July 2018.

The SFC also published Frequently Asked Questions to provide further guidance on the implementation of the Guidelines.

In addition, the SFC has worked with the Investor Education Centre (IEC), a subsidiary of the SFC, to launch a cybersecurity awareness campaign to promote good cybersecurity practices for clients to safeguard themselves from online trading threats. 

As part of the campaign, IEC has prepared online banners promoting two-factor authentication (2FA) for internet brokers to download and install on their websites as appropriate. Educational articles on 2FA and cybersecurity tips are also available on The Chin Family website.

If you have any queries regarding the contents of this circular, please contact Ms Remy Cheung at 2231 1186.

Please refer to the below for details:

Press release:

http://www.sfc.hk/edistributionWeb/gateway/EN/news-and-announcements/news/doc?refNo=17PR133

Consultation conclusions paper:

http://www.sfc.hk/edistributionWeb/gateway/EN/consultation/conclusion?refNo=17CP4

Frequently Asked Questions

http://www.sfc.hk/web/EN/faqs/intermediaries/supervision/cybersecurity/cybersecurity.html

Online 2FA banner:

https://goo.gl/pqas8w


Intermediaries Supervision Department
Intermediaries Division
Securities and Futures Commission

End

SFO/IS/041/2017

1 In Consultation Conclusions on Proposals to Reduce and Mitigate Hacking Risks Associated with Internet Trading, also issued by the SFC today, the application of Paragraph 18 and Schedule 7 of the Code of Conduct for Persons Licensed by or Registered with the SFC is expanded to cover intermediaries which conduct internet trading of securities that are not listed or traded on an exchange.


Click here to download the document


Page last updated : 27 Oct 2017