On 27 October 2017, the Securities and Futures Commission (SFC) in Hong Kong issued a circular and Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading (Guidelines), which require all licensed or registered persons engaged in internet trading to implement 20 baseline requirements to enhance their cybersecurity resilience and reduce and mitigate hacking risks. The Guidelines were issued following the SFC’s publication of their conclusions on the related consultation on the same day.
The SFC has also issued:
- FAQs providing further guidance and practical examples for implementing the Guidelines; and
- A circular attaching Good Industry Practices for IT Risk Management and Cybersecurity which internet brokers may wish to incorporate into their information technology and cybersecurity risk management frameworks.
The implementation of two-factor authentication (2FA) for clients’ system login will take effect on 27 April 2018, while all other requirements will take effect on 27 July 2018.
Our latest bulletin regarding the above can be accessed here. If you wish to discuss this further, please do not hesitate to reach out to our Hong Kong team (the contact details of which are set out in our bulletin) or your usual Herbert Smith Freehills contact.