Cybersecurity in Hong Kong: SFC’s concerns and recommended controls and HKMA’s cyber security programme

Cybersecurity has been increasingly viewed by Hong Kong regulators as a matter of priority, in light of the ongoing occurrence of cybersecurity incidents across the financial services industry. The Securities and Futures Commission (SFC) issued a circular on 23 March 2016 (Circular) to all licensed corporations (LCs) following its recent review of cybersecurity within selected larger LCs. The Circular sets out the SFC’s key areas of concern and recommended cybersecurity controls which the LCs are expected to follow. Separately the Chief Executive of the Hong Kong Monetary Authority (HKMA) also recently announced the establishment of the Cyber Security Programme for the banking industry following the establishment of its Fintech Facilitation Office. These recent developments highlight the Hong Kong regulators’ collective focus on cybersecurity.

Will Hallatt, Valerie Tao and Rebecca Hui explore the SFC's key areas of concerns and suggested cybersecurity controls, and HKMA's Cyber Security programme in our e-bulletin here.