Key Information

inSight
Speeches
Speeches by Speaker
Norman T.L. Chan
Peter Pang
Eddie Yue
Arthur Yuen
Zeti Akhtar Aziz
Raymond Li
Edmond Lau
Esmond Lee
Meena Datwani
Vincent W.S. Lee
James Lau
Joseph Yam
Y K Choi
William Ryback
David Carse
Tony Latter
Andrew Sheng
Hans Genberg
Simon Topping
Michael Taylor
The Honourable Donald Tsang
Chen Yuan
Dai Xianglong
Don Brash
Jaime Caruana
Andrew Crockett
Mario Draghi
David Eldon
Stanley Fischer
Timothy F. Geithner
Stephen Grenville
Kenneth G. Lay
William McDonough
Ernest Patrikis
Glenn Stevens
Jean-Claude Trichet
Tarisa Watanagase
Zeti Akhtar Aziz
Press Releases
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
1998
1997
Press Releases by Category
Bogus Voice Message Phone Calls
Banking in Hong Kong
Fraudulent Websites, E-mails and Telephone System, and other fraud cases
Granting of Banking Licences
Exchange Fund
Table of Multiples of Notes and Payments for Allotted Amount under non-competitive tender
Table of Multiples of Notes and Payments of Application Amount under non-competitive tender
Tender of Exchange Fund Bills and Notes
Tender Results of Exchange Fund Bills and Notes
Tentative Issuance Schedule for Exchange Fund Bills and Notes
Appointments and Departures
HKMA Pay Review
HKMA Publications
Speeches
The Hong Kong Mortgage Corporation
Hong Kong Note Printing Limited
Hong Kong Institute for Monetary Research
Exchange Fund Investment Limited
Others
Hong Kong Financial Infrastructure
International Relations
Investment Products Related to Lehman Brothers
Monetary Policy
Notes and Coins
Renminbi business
Credit Card Lending Survey
Monetary Statistics
Residential Mortgage Survey
Year 2000
Others
Guidelines and Circulars
Guidelines
Circulars
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
1998
1997
531.2615

Press Releases

SFC and HKMA address hacking risks associated with internet trading

The Securities and Futures Commission (SFC) and the Hong Kong Monetary Authority (HKMA) recognise the need for effective cybersecurity management as cyber risk poses an increasingly significant threat to the integrity, efficiency and soundness of financial markets worldwide. Over the past few years, the SFC and the HKMA have provided a range of guidance on cybersecurity to the intermediaries they regulate (Note 1).

Today the SFC issued Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading requiring all licensed or registered persons engaged in internet trading (Note 2) to implement 20 baseline requirements to enhance their cybersecurity resilience and to reduce and mitigate hacking risks (Note 3). Also today, the HKMA issued a circular requiring registered institutions to enhance the security of their internet trading services having regard to the requirements in the SFC’s guidelines.

One key control, the implementation of two-factor authentication for clients to login to their internet trading accounts, will take effect on 27 April 2018, while all other requirements will take effect on 27 July 2018.

“Robust preventive and detective controls are essential to reduce and mitigate cybersecurity risks,” said Ms Julia Leung, SFC Executive Director. “Given that passwords have not proven effective to prevent hacking, two-factor authentication is an important part of effective cybersecurity risk management.”

Mr Arthur Yuen, Deputy Chief Executive of the HKMA, said, “I am glad that consensus has been reached for the banking and the securities industries to adopt two-factor authentication for internet trading and strengthen related cybersecurity controls. These enhancements are necessary to protect investors from cyber threats targeted at them.”

The release of the SFC’s guidelines follows a public consultation (Note 4) to which 36 responses from the securities and banking industry were received.

 

End

 

Notes:

  1. As defined in Schedule 1 to the Securities and Futures Ordinance, “intermediary” means a licensed corporation or a registered institution. “Registered institutions” are authorised institutions under the Banking Ordinance which are registered with the SFC to conduct regulated activities.
  2. This refers to licensed or registered persons who, through internet-based trading facilities, are engaged in dealing in securities or futures contracts, in leveraged foreign exchange trading or in distributing funds under management.
  3. In Consultation Conclusions on Proposals to Reduce and Mitigate Hacking Risks Associated with Internet Trading, also issued by the SFC today, the application of Paragraph 18 and Schedule 7 of the Code of Conduct for Persons Licensed by or Registered with the SFC is expanded to cover intermediaries which conduct internet trading of securities that are not listed or traded on an exchange.
  4. On 8 May 2017, the SFC issued a Consultation Paper on Proposals to Reduce and Mitigate Hacking Risk Associated with Internet Trading.
Last revision date: 27 October 2017
ABOUT THE HKMA
The HKMA
Tender Invitations
Careers@HKMA
Legislative Council Issues
Links
The HKMA Information Centre
KEY FUNCTIONS
Monetary Stability
Banking Stability
International Financial Centre
Exchange Fund
PUBLICATIONS & RESEARCH
Annual Report
Half-Yearly Monetary & Financial Stability Report
Quarterly Bulletin
HKMA Background Briefs
Reference Materials
Research
MARKET DATA & STATISTICS
CMU Bond Price Bulletin
Economic & Financial Data for Hong Kong
Monthly Statistical Bulletin
Monetary Statistics
KEY INFORMATION
Press Releases
Speeches
Guidelines & Circulars
Forthcoming Events
inSight
OTHER INFORMATION
Information in Other Languages (Bahasa Indonesia, हिन्दी, नेपाली, ਪੰਜਾਬੀ, Tagalog, ไทย, اردو)
Account Opening
Consumer Corner
Consumer Education Programme
Complaints about Banks
Complaints about SVF Licensees
Internet Banking
Fraudulent Bank Websites, Phishing E-mails and Similar Scams
Be Careful of Bogus Phone Calls and SMS Messages
Authenticate the Callers and Bank Hotline Numbers
Register of AIs & LROs
Register of Securities Staff of AIs
Register of SVF Licensees
Investment Products Related to Lehman Brothers
Photo Gallery