Hong Kong: Dealers urged to protect customers from hacking
02 Nov 2017

Internet traders should bolster their systems in light of increased risks of cyberattacks, Hong Kong regulators said.

The Securities and Futures Commission (SFC) issued guidance for internet traders, aimed at ensuring they provide a safe environment for their customers to operate from.

In order to protect client’s internet trading accounts, firms will have to implement two-factor identification, which is an extra layer of security requiring more than just the usual password and username.

“The implementation of two-factor authentication for clients to login to their internet trading accounts, will take effect on 27 April 2018, while all other requirements will take effect on 27 July 2018,” a SFC statement explained.

They will also have to implement an effective monitoring and surveillance system to detect unauthorised access to clients’ internet trading accounts, the SFC said in a statement.

“A licensed or registered person should implement and update anti-virus and anti-malware solutions on a timely basis to detect malicious applications and malware on critical system servers and workstations,” the guidance stated.

SFC Executive Director Julia Leung said: “Given that passwords have not proven effective to prevent hacking, two-factor authentication is an important part of effective cybersecurity risk management.”

Traders should also back up business records, client and transaction databases, servers and supporting documentation, the SFC said.

The Hong Kong Monetary Authority also issued a circular stating that registered firms should enhance the security of their internet trading services in line with the SFC’s guidelines.

The guidelines are applicable to people engaged in internet trading who are registered with the SFC for dealing in areas such as securities, future contracts and leveraged foreign exchange trading.

HKMA Deputy Chief Executive Arthur Yuen expressed his satisfaction that “consensus has been reached for the banking and the securities industries to adopt two-factor authentication for internet trading and strengthen related cybersecurity controls.

“These enhancements are necessary to protect investors from cyber threats targeted at them,” he said.

KYC360 News

Count this content towards your CPD minutes, by signing up to our CPD Wallet


You must be logged in to post a comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.