In the quarter to September 30, 2017, the SFC received 2,128 licence applications, down 6.6% from the same quarter in 2016.
The Hong Kong Securities and Futures Commission (SFC), which was recently slammed over its clumsy procedures, saw a drop in the number of license applications in the quarter to September 30, 2017. The data come from a quarterly report that the Hong Kong regulator released earlier today.
In the quarter, the SFC received 2,128 licence applications, down 6.6% from the same quarter in 2016. Of these, 65 were corporate applications, down 42% year-on-year.
The fall is reported as the Process Review Panel (PRP) criticized certain aspects of SFC’s work during 2016/17. Thus, for instance, PRP reviewed nine licensing applications for different types of regulated activities in the year. The processing time of the cases ranged from seven months to seven years and one month. For all these cases being reviewed, PRP raised concerns about how the case officers, their supervisors and the senior management had monitored the case progress.
PRP recommended that the SFC enhances its monitoring of the processing of licensing applications. Specifically, the senior management should be informed of the status of the outstanding applications so that they could provide timely guidance to the case officers if necessary, and ensure that appropriate resources were allocated for effective processing of the applications.
According to the SFC, as at 30 September 2017, the number of licensees and registrants reached a record high of 43,976, up 3.3% year-on-year, while the number of licensed corporations increased 12.7% to a new high of 2,613.
Among the highlights for the quarter, the SFC mentions its Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading, which will apply to Forex brokers too. The new rules require all licensed or registered entities engaged in online trading to implement 20 baseline requirements to enhance their cybersecurity and to minimize hacking risks.
A key requirement is to implement two-factor authentication for login to clients’ online trading accounts. In addition, the entity should implement monitoring and surveillance mechanisms to detect unauthorised access to clients’ Internet trading accounts. Other requirements concern data encryption of sensitive information such as client login credentials (ie, user ID and password) and trade data during transmission between internal networks and client devices.
The deadline for the implementation of two-factor authentication is April 27, 2018, while all other requirements will take effect on July 27, 2018.