Hong Kong regulator outlines new cyber security requirements for online trading firms

Maria Nikolova

The measures proposed include two-factor authentication for clients, as well as stringent password policies, after study shows a steep rise in cyber security incidents.

Cyber security is one of the issues on the agenda of financial market regulators, with the latest example provided by the Hong Kong Securities and Futures Commission (SFC), which has earlier today published a Consultation Paper on enhanced cyber security requirements for Internet trading brokers. The proposed requirements concern securities dealers, futures dealers and/or leveraged foreign exchange traders, and seek to reduce hacking risks associated with Internet trading.

The baseline requirements, which include 20 cyber security control practices, concern three main areas:

  • Protection of clients’ Internet trading accounts;
  • Infrastructure security management;
  • Cyber security management and supervision.

For instance, brokers have to implement stringent password policies and session timeout controls in their internet trading systems. Also, they will have to introduce two-factor authentication for their clients, as well as rigid surveillance mechanisms to prevent unauthorized access to accounts.

Since hacking of Internet trading accounts, corporate websites and trading systems is the most serious cyber security risk faced by licensed corporations in Hong Kong, the SFC conducted a thematic review of the resilience to hacking risks of brokers engaged in Internet trading with the assistance of an external cyber security expert in late 2016. The review helped the regulator identify basic cyber security controls.

The consultation paper proposes to include these controls into guidelines to be issued under the Securities and Futures Ordinance (SFO).

Comments on the proposals are expected no later than July 7, 2017.

The proposals are released as data shows that the number of cyber security incidents handled by the Hong Kong Computer Emergency Response Team Coordination Centre of the Hong Kong Productivity Council reached 6,058 in 2016, up 23% from 2015. For the 18 months ended March 31, 2017, 12 licensed corporations (LCs) reported 27 cyber security incidents, with the bulk of them involving hackers getting access to customers’ Internet-based trading accounts with securities brokers. This unauthorized access has resulted in unauthorised trades totalling more than $110 million.

Read this next

Industry News

ASIC cancels/suspends AFS license of AFSL Group and Quantum Funds Management

ASIC canceled the AFS license of AFSL Group because it failed to lodge statements and audit reports and it did not maintain AFCA membership. The Australian regulator suspended Quantum because it does not have the required professional indemnity insurance coverage.

Executive Moves

BidX Markets hires Shaun French as Research Analyst – Multi Asset

“We believe with his background in the Financial Markets and being based in Dubai, he will be able to provide our clients with access to outstanding research, while also being in a great location to help support our international clients base which is growing at a rapid pace’’.

Institutional FX

Nasdaq migrates US options exchange to AWS with +10% performance in round-trip latency

Nasdaq has announced the successful migration of the core trading system of Nasdaq MRX – one of its six U.S. options exchanges – to Amazon Web Services (AWS).

Institutional FX

TraditionData launches oil swaps pricing data at a critical time in OTC oil traded markets

TraditionDATA has announced the release of a new proprietary Oil Swap Model (OSM) which brings further visibility into illiquid and opaque oil markets.


TNS connects to Tel Aviv Stock Exchange (TASE) as market data vendor

“This latest exchange connection allows TNS to provide access to approved recipients, including exchange members and market data vendors. This project includes market data for TASE’s equities and increases the number of market data feeds we now offer globally.”

Executive Moves

Cowen Digital taps ex-Blockchain.com Taylor S. Cable to lead Europe and Asia operation

“Cowen Digital is a pioneer in delivering institutional grade access to the digital asset ecosystem and I am very excited to join the team at this pivotal time to grow our presence in Europe and Asia.”

Industry News

ASIC sues American Express Australia for lack of TMD on credit cards

“ASIC has now taken multiple actions under the design and distribution regime, including issuing over 20 interim stop orders. This regime turned a new page in the regulation of financial products in Australia and is intended to deliver better outcomes for consumers. It is a priority for ASIC to maximize these increased protections and see the long-term benefits of the DDO regime realized.”

Institutional FX

Eurex reports mixed volumes for November 2022

Deutsche Börse’s derivatives-focused exchange, Eurex today said its total traded derivatives contracts grew by 10 percent in November, from 68.6 million to 75.3 million compared to the same month last year.

Digital Assets

AAX’s Nigerian customers storm local office amid withdrawal halt

According to the Nigerian media, angry consumers of the troubled crypto exchange AAX had stormed its local office hoping they can get their money back after the firm halted operations earlier in November.