Circular issued by the Securities and Futures Commission (SFC) Regarding Information Technology Management

Circulars

18 Mar 2010

Circular issued by the Securities and Futures Commission (SFC) Regarding Information Technology Management

Our Ref:
B1/15C
G16/1C

18 March 2010

The Chief Executive
All Registered Institutions

Dear Sir/Madam,

Circular issued by the Securities and Futures Commission (SFC) Regarding Information Technology Management

I am writing to draw your attention to a circular issued by the SFC on 16 March 2010 ("the SFC Circular"). The SFC Circular sets out certain deficiencies in information technology ("IT") areas identified in the course of the SFC's supervision. The SFC Circular reminds intermediaries of the need to implement adequate controls for guarding against unauthorised alternation of, or intrusion into, the information systems or the data. In addition, the SFC Circular puts forth some recommended control measures for managing IT risks.

A copy of the SFC Circular is enclosed at Annex. Your institution is required to assess the adequacy and effectiveness of its related controls against the requirements set out in the SFC Circular as well as the relevant guidelines1 issued by the Hong Kong Monetary Authority, and where necessary, make appropriate enhancements.

Yours faithfully,

Nelson Man
Executive Director (Banking Supervision)

 

Encl.
Annex (PDF file, 107KB)
c.c.
SFC (Attn: Mr Stephen Po, Senior Director of Intermediaries Supervision)

 

1Including, among others, Supervisory Policy Manual modules on "General Principles for Technology Risk Management", "Supervision of E-banking", "Business Continuity Planning", and circular on "Customer data protection" (2008)

Latest Circulars
Last revision date : 01 August 2011