Contact Us
Search Print
Font Size
A A A
FacebookInstagramLinkedinWechatXYoutube
Select Category
Show All Options
Modification Time
Done
Done
Done
a
Done
News and Media
Press ReleasesR & M ColumnVideos
SpeechesForthcoming Events
inSightPhoto Gallery
Smart Consumers
Overview
e-Banking
Personal Digital KeysInternet BankingATMs
Payment and Transfer
Faster Payment System (FPS)e-Payment and Transfere-Wallets and Prepaid CardsCredit Cards
Loans
Personal CreditMortgagesPremium Financing
General Banking Services
Account Opening and MaintenanceAutopay ServicesInvestment ServicesDeposits
Beware of Fraudsters!
Don't Lend/Sell Your Account
Notes and Coins
2018 Series Hong Kong BanknotesCoin Cart Schedule
Retirement Planning
Practical Information
Barrier-free Bank Branches and ATMsHotlines of Banks & Stored Value Facility LicenseesComplaintsRegisters and ListsPublic Education VideosPublic Education EventsFAQs
Information in Other Languages
Data, Publications and Research
Data & Statistics
Daily Monetary StatisticsMonthly Statistical BulletinEconomic & Financial Data for Hong KongCMU Bond Price Bulletin
Legislative Council Issues
Publications
Annual ReportSustainability ReportHalf-Yearly Monetary & Financial Stability ReportQuarterly Bulletin
Guide to Hong Kong Monetary, Banking and Financial Terms
Research
Research MemorandumsExternal PublicationsHong Kong Institute for Monetary and Financial ResearchOther Research Papers
HKMA's Open Application Programming Interface (API)
Regulatory Resources
Registers and Lists
Register of AIs & LROsRegister of Securities Staff of AIsRegister of SVF LicenseesList of AI-related Trustees
Authorization, Licensing, Designation and Approval
Regulatory Guides
By Subject (Current)Supervisory Policy ManualGuidelinesCircularsGuide to AuthorizationCode of PracticeExplanatory NotePractice NoteAdditional Guidance
Consultations
OpenClosed
Key Functions
Money
Linked Exchange Rate SystemLiquidity FacilitiesHong Kong Currency
Reserves Management
HistoryExchange Fund's Statutory Purposes and Investment ObjectivesInvestment ManagementInvestment PerformanceRisk ManagementResponsible InvestmentExchange Fund Statistics and Publications
Banking
Banking Regulatory and Supervisory RegimeBanking Legislation, Policies and Standards ImplementationBanking Conduct and EnforcementAnti-Money Laundering and Counter-Financing of TerrorismResolution RegimeSmart BankingRegulatory GuidesRegtech Knowledge HubHKMA – BIS Joint ConferenceGreen and Sustainable Banking Conference & Green Fintech Competition
International Financial Centre
Hong Kong as an International Financial CentreFintechBond Market DevelopmentFinancial Market InfrastructureStored Value Facilities and Retail Payment SystemsStablecoin IssuersSoft InfrastructureInternational & Regional Financial Co-operationCentre for Green and Sustainable FinanceHKMA Infrastructure Financing Facilitation OfficeCross-boundary Wealth Management Connect Scheme in the Guangdong-Hong Kong-Macao Greater Bay AreaGlobal Financial Leaders' Investment SummitHKMA – BIS High-Level ConferenceHong Kong Green Week – Finance Stream
About Us
The HKMA
Governance StructureAdvisory CommitteesThe Chief Executive's CommitteeOrganisation ChartInternal AuditSustainable HKMA
Tender Invitations
The HKMA Information Centre
Exhibition AreaLibraryGeneral InformationGuided ToursSouvenirs
Related Organisations and Links
HKMA-related Organisations and LinksHKSAR Government & Related OrganisationsCentral BanksMultilateral OrganisationsOthers
Join Us
Why the HKMA?What We Do?Current VacanciesOpportunities for Students and Graduates to Join the HKMA
News and Media
Smart Consumers
Data, Publications and Research
Regulatory Resources
Key Functions
About Us

SFC and HKMA address hacking risks associated with internet trading

Press Releases

27 Oct 2017

SFC and HKMA address hacking risks associated with internet trading

The Securities and Futures Commission (SFC) and the Hong Kong Monetary Authority (HKMA) recognise the need for effective cybersecurity management as cyber risk poses an increasingly significant threat to the integrity, efficiency and soundness of financial markets worldwide. Over the past few years, the SFC and the HKMA have provided a range of guidance on cybersecurity to the intermediaries they regulate (Note 1).

Today the SFC issued Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading requiring all licensed or registered persons engaged in internet trading (Note 2) to implement 20 baseline requirements to enhance their cybersecurity resilience and to reduce and mitigate hacking risks (Note 3). Also today, the HKMA issued a circular requiring registered institutions to enhance the security of their internet trading services having regard to the requirements in the SFC’s guidelines.

One key control, the implementation of two-factor authentication for clients to login to their internet trading accounts, will take effect on 27 April 2018, while all other requirements will take effect on 27 July 2018.

“Robust preventive and detective controls are essential to reduce and mitigate cybersecurity risks,” said Ms Julia Leung, SFC Executive Director. “Given that passwords have not proven effective to prevent hacking, two-factor authentication is an important part of effective cybersecurity risk management.”

Mr Arthur Yuen, Deputy Chief Executive of the HKMA, said, “I am glad that consensus has been reached for the banking and the securities industries to adopt two-factor authentication for internet trading and strengthen related cybersecurity controls. These enhancements are necessary to protect investors from cyber threats targeted at them.”

The release of the SFC’s guidelines follows a public consultation (Note 4) to which 36 responses from the securities and banking industry were received.

 

End

 

Notes:

  1. As defined in Schedule 1 to the Securities and Futures Ordinance, “intermediary” means a licensed corporation or a registered institution. “Registered institutions” are authorised institutions under the Banking Ordinance which are registered with the SFC to conduct regulated activities.
  2. This refers to licensed or registered persons who, through internet-based trading facilities, are engaged in dealing in securities or futures contracts, in leveraged foreign exchange trading or in distributing funds under management.
  3. In Consultation Conclusions on Proposals to Reduce and Mitigate Hacking Risks Associated with Internet Trading, also issued by the SFC today, the application of Paragraph 18 and Schedule 7 of the Code of Conduct for Persons Licensed by or Registered with the SFC is expanded to cover intermediaries which conduct internet trading of securities that are not listed or traded on an exchange.
  4. On 8 May 2017, the SFC issued a Consultation Paper on Proposals to Reduce and Mitigate Hacking Risk Associated with Internet Trading.
Latest Press Releases
View All View All
Last revision date : 27 October 2017