Hong Kong regulator tells online trading firms to implement two-factor authentication by April 2018

Maria Nikolova

New guidelines require all licensed or registered entities engaged in online trading to implement 20 baseline requirements to boost their cybersecurity.

stealing leads

Hong Kong’s Securities and Futures Commission (SFC) is apparently taking cybersecurity seriously. Today, the regulatory posted its Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading. The new rules require all licensed or registered entities engaged in online trading to implement 20 baseline requirements to enhance their cybersecurity and to minimize hacking risks.

These Guidelines apply to entities that are engaged in online trading and are licensed by, or registered with, the SFC for:

  • Type 1 regulated activity (dealing in securities);
  • Type 2 regulated activity (dealing in futures contracts);
  • Type 3 regulated activity (leveraged foreign exchange trading);
  • Type 9 regulated activity (asset management).

A key requirement is to implement two-factor authentication for login to clients’ online trading accounts. In addition, the entity should implement monitoring and surveillance mechanisms to detect unauthorised access to clients’ Internet trading accounts. Other requirements concern data encryption of sensitive information such as client login credentials (ie, user ID and password) and trade data during transmission between internal networks and client devices.

A licensed or registered person should also establish and implement effective policies and procedures to ensure that a client login password is generated and delivered to a client in a secure manner during the account activation and password reset processes. The entities should have in place stringent password policies and session timeout controls and should deploy a secure network infrastructure.

The rules also require from online trading companies to outline contingency plans for cyber incidents. The companies should make all reasonable efforts to cover possible cyber-attack scenarios such as DDoS attacks and total loss of business records and client data resulting from cyber-attacks (eg, ransomware) in the contingency plan and crisis management procedures.

Also, the licensed entity should make sure that the officer(s) or executive officer(s) responsible for the overall management and supervision of the online trading system define a cybersecurity risk management framework, and set out key roles and responsibilities. Examples of such responsibilities include reviewing and approving cybersecurity risk management policies and procedures, as well as reviewing and approving the budget and spending on resources for cybersecurity risk management.

The guidelines also stipulate that licensed and/or registered entities should take all reasonable steps to remind clients about and alert them to cybersecurity risks and recommended preventive and protection measures when using the trading system.

The deadline for the implementation of two-factor authentication is April 27, 2018, while all other requirements will take effect on July 27, 2018.

Although the Guidelines do not have the force of law, a failure to follow their spirit may reflect adversely on the person’s fitness and properness.

Read this next

Retail FX

Midas raises $45 million to expand brokerage beyond Turkey

Midas has raised $45 million in equity funding to expand and roll out three new products: cryptocurrency trading, mutual funds, and savings accounts.

Institutional FX

Appital launches liquidity creation functionality for buyside

“In today’s fragmented market, the likelihood of having natural market contras at size, in multiple days ADV, which also match price ambitions, is incredibly unlikely. What’s more, matching technology alone is no longer enough.”

Crypto Insider

Shiba Inu Secures $12 Million Investment to Advance its Blockchain Technology and Expand Global Ecosystem

Shiba Inu, an expansive digital assets ecosystem constructed on the Ethereum blockchain, featuring the globally recognized cryptocurrency $SHIB, today proudly announced securing a $12 million investment.

Retail FX

99.81% of NAGA shareholders approve merger with CAPEX.com

“Securing this vote will allow us, after the regulatory approvals for the merger, to execute the new business plan. We are expanding the global reach of NAGA and upgrading the SuperApp to offer a true all-in-one user experience, unique in the world of Fintech.”

Market News

Chinese Insurance Giant Leads Market in Face of US Tech Slump

Chinese insurer China Pacific Insurance has emerged as a standout performer amidst the recent flurry of activity in the Asia Pacific markets, capturing the attention of investors and traders alike.

Retail FX

Public strikes deal to acquire Stocktwits

“After launching bonds, a high-yield cash account, and options trading, Public’s platform has earned the right to be the primary brokerage platform for many investors, and we look forward to offering the full breadth of our platform to Stocktwits customers.”

blockdag

BlockDAG’s Impressive 30,000x ROI Potential and Moon-Based Keynote Captivate Solana And Bitcoin Cash Crypto Investors

Discover BlockDAG’s impressive moon keynote launch and its promise of a 30,000x ROI that is drawing investors from Solana and Bitcoin Cash.

Market News

This is it, the USD Strength has Come to an End

In the aftermath of Israel’s retaliatory strikes in Iran, the currency markets have entered a phase of heightened volatility, reflecting the intricate interplay between geopolitical tensions and economic fundamentals.

blockdag

BlockDAG Leads DeFi Innovation with $19M Presale, Overshadowing Cardano and Binance Coin With 30,000x ROI and DAG Structure

Learn about BlockDAG’s growth in its presale, surpassing $19M, and its impact on the DeFi landscape, overshadowing movements in Cardano and Binance Coin (BNB).

<