Hong Kong’s SFC hints at inspections to evaluate compliance with cybersecurity requirements

Maria Nikolova

The Hong Kong regulator says it will conduct surveys and inspections of licensed entities to assess their compliance with the requirements soon.

How secure is your brokerage against cyber attacks?

More than a year has passed since the Hong Kong Securities and Futures Commission (SFC) posted its Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading. The rules require all licensed or registered entities engaged in online trading to implement 20 baseline requirements to enhance their cybersecurity and to minimize hacking risks.

Today, as the Hong Kong regulator published the latest “SFC Compliance Bulletin: Intermediaries“, it indicated it would check how companies comply with the new requirements.

To mitigate hacking risks, the SFC mandated two-factor authentication (2FA) along with 19 other baseline requirements for all Internet brokers, including companies that offer leveraged foreign exchange trading. Since April 27, 2018, logging into online trading systems requires authentication utilising two of the following factors: what you know (such as your login password), what you have (such as an SMS one-time password received via your mobile) and who you are (such as your fingerprint). Other baseline requirements came into effect in July 2018, including prompt notification to clients upon system login and timely patch management.

“To assess compliance, we will conduct surveys and inspections of LCs on a sample basis soon”, the SFC said.

The regulator did not specify how it would choose the companies to be subject to inspections.

Let’s recall that the rules concern data encryption of sensitive information such as client login credentials (ie, user ID and password) and trade data during transmission between internal networks and client devices.

Also, a licensed or registered person has to establish and implement effective policies and procedures to ensure that a client login password is generated and delivered to a client in a secure manner during the account activation and password reset processes. The entities must have in place stringent password policies and session timeout controls and should deploy a secure network infrastructure.

The rules also require from online trading companies to outline contingency plans for cyber incidents. The companies must make all reasonable efforts to cover possible cyber-attack scenarios such as DDoS attacks and total loss of business records and client data resulting from cyber-attacks (eg, ransomware) in the contingency plan and crisis management procedures.

Read this next

Retail FX

Banxso announces 8.7% interest rate on deposits in South Africa

“With Banxso, they can enjoy the benefits of both worlds – earning competitive interest and having the freedom to trade, all within the same platform.”

Industry News

FINRA to publish transaction details in U.S. Treasury securities

“Consistent with our longstanding practice, FINRA is introducing greater transparency in a calibrated and careful manner, benefiting liquidity and resilience in this critical market while also mitigating potential information leakage concerns.”

Institutional FX

OpenYield launches “cheap and easy” fixed income trading for brokers

“We’re on a mission to make bonds cheap and easy to trade, and are excited about the opportunity to build generational capital markets infrastructure.”

Digital Assets

Sumsub and Mercuryo publish a guide for VASPs: “Mastering Travel Rule Compliance”

“At Sumsub, we’ve concentrated our efforts on filling the gap in understanding the complexity of Travel Rule regulation and helping organizations find the best solution to stay safe and compliant while minimizing costs and avoiding potential risks of non-compliance. This guide we created with Mercuryo, our trusted partner, is the ultimate navigation tool all VASPs can consult.”

Digital Assets

Bitget Wallet Leads with Record Swap Volume & New Crypto Innovations

This week, Bitget Wallet achieved a milestone by surpassing Metamask with a record 388,757 Swap order transactions, securing the global lead. The significant 7-day trading volume, almost 68,000 more than its rival, underscores its liquidity and user trust. This robust activity signals Bitget Wallet’s prominent role and reliability in the dynamic crypto market.

Digital Assets

Embarking on a Digital Currency Journey

Imagine you’ve stumbled upon a treasure map, leading you to untold riches hidden in the vastness of the internet. Instead of gold coins and jewel-encrusted goblets, this treasure comes in the form of digital currencies, the modern-day loot coveted by many.

Reviews

Traders Union Experts Share The Trading Analyst Review For 2024

Navigating options trading in rapidly shifting markets poses a considerable challenge. This is where options trading alert services become invaluable. They aid traders in keeping abreast of evolving opportunities and market trends. In this assessment, Traders Union experts scrutinize The Trading Analyst alert service to ascertain its efficacy. 

Digital Assets

BlockDAG’s Presale Achieves $9.9M: Aiming For A 5000-Fold ROI As Cardano’s Price Rises And Fantom Launches Sonic

Explore Cardano’s surge, Sonic’s efficiency, and why BlockDAG’s growth makes it the top crypto choice. A deep dive into the future of blockchain investments.

Digital Assets

US, UK probe $20 billion Tether transfers tied to Russian exchange.

U.S. and UK authorities are investigating the movement of $20 billion in the USD-pegged stablecoin tether (USDT) through Moscow-based exchange Garantex.

<