Hong Kong regulator outlines new cyber security requirements for online trading firms

Maria Nikolova

The measures proposed include two-factor authentication for clients, as well as stringent password policies, after study shows a steep rise in cyber security incidents.

Cyber security is one of the issues on the agenda of financial market regulators, with the latest example provided by the Hong Kong Securities and Futures Commission (SFC), which has earlier today published a Consultation Paper on enhanced cyber security requirements for Internet trading brokers. The proposed requirements concern securities dealers, futures dealers and/or leveraged foreign exchange traders, and seek to reduce hacking risks associated with Internet trading.

The baseline requirements, which include 20 cyber security control practices, concern three main areas:

  • Protection of clients’ Internet trading accounts;
  • Infrastructure security management;
  • Cyber security management and supervision.

For instance, brokers have to implement stringent password policies and session timeout controls in their internet trading systems. Also, they will have to introduce two-factor authentication for their clients, as well as rigid surveillance mechanisms to prevent unauthorized access to accounts.

Since hacking of Internet trading accounts, corporate websites and trading systems is the most serious cyber security risk faced by licensed corporations in Hong Kong, the SFC conducted a thematic review of the resilience to hacking risks of brokers engaged in Internet trading with the assistance of an external cyber security expert in late 2016. The review helped the regulator identify basic cyber security controls.

The consultation paper proposes to include these controls into guidelines to be issued under the Securities and Futures Ordinance (SFO).

Comments on the proposals are expected no later than July 7, 2017.

The proposals are released as data shows that the number of cyber security incidents handled by the Hong Kong Computer Emergency Response Team Coordination Centre of the Hong Kong Productivity Council reached 6,058 in 2016, up 23% from 2015. For the 18 months ended March 31, 2017, 12 licensed corporations (LCs) reported 27 cyber security incidents, with the bulk of them involving hackers getting access to customers’ Internet-based trading accounts with securities brokers. This unauthorized access has resulted in unauthorised trades totalling more than $110 million.

Read this next

Digital Assets

Valkyrie pulls back on Ether futures merge with Bitcoin ETF

Valkyrie Funds LLC will suspend the purchase of Ether (ETH) futures contracts for its Valkyrie Bitcoin and Ether Strategy ETF (BTF.O). Additionally, the firm will unwind any positions in Ethereum that it has already acquired.  

Digital Assets

Hong Kong police arrest 18 in $1.5B billion JPEX fraud

The investigation into the JPEX crypto exchange scandal continues to unfold as Hong Kong and Macau police arrest four more individuals. These arrests, which include individuals considered “relatively close to the core” of the scandal, bring the total number of detentions to 18.

Digital Assets

Gemini tells Dutch users to withdraw assets by November 17

Gemini, the cryptocurrency exchange founded by Cameron and Tyler Winklevoss, announced that it will cease providing services to customers in the Netherlands, citing regulatory requirements imposed by the country’s central bank.

Digital Assets

SEC puts BlackRock, Valkyrie, and Bitwise Bitcoin ETFs on hold

The U.S. Securities and Exchange Commission has delayed its decisions on several bitcoin exchange-traded fund (ETF) proposals, leaving many in the crypto industry feeling pessimistic for any future blessing from the agency.

Digital Assets

Ripple backs out of Fortress Trust acquisition

Ripple has decided to cancel its planned acquisition of Fortress Trust, a custodian company, less than a month after initially announcing the agreement.


France regulators blacklists 21 FX brokers, FuturBTC

France’s financial markets regulator, the Autorité des Marchés Financiers (AMF), today shed light on several unregulated forex brokers representing their offering under several brands. Notably, the AMF has identified only one crypto-assets provider in its latest warning.  

Digital Assets

Flare and Arkham Collaborate for Enhanced Decentralized Data Access

Flare’s blockchain for decentralized data acquisition integrates with Arkham’s Intelligence Platform, offering users advanced analytics and actionable on-chain insights.

Industry News

iFX EXPO International 2023 Successfully Concludes

The most talked about financial event of the year took place in Limassol, Cyprus.

Retail FX

Plus500 Forex Garners Market Attention In The Latest Expert Ranking

Securing the 58th spot in Traders Union’s Best Forex Brokers of 2023 ranking, Plus500, despite its cautionary overall score of 6.3 out of 10, stands out for its stringent regulatory compliance, user-centric WebTrader platform, and a commendable focus on account security, though it lags in providing advanced trading tools and trust management features.