Skip to main content

Legal Update

All "Hacked" Out: The Hong Kong Securities and Futures Commission Issues Proposals to Reduce Hacking Risks

16 May 2017
Mayer Brown Legal Update

On 8 May 2017, the Hong Kong Securities and Futures Commission (SFC) issued a consultation paper inviting comments on its latest proposals ("Proposal") aimed at reducing the risks of cyber attacks in relation to Internet trading. The consultation period ends on 7 July 2017.

Since the beginning of 2016, at least 12 licensed corporations in Hong Kong have reported 27 cybersecurity incidents, which resulted in losses to investors worth HK$110 million. In January 2017, the police informed the SFC that several securities brokers had been victims of distributed denial of service (DDoS) attacks. The Proposal is the latest in a stream of efforts by financial regulators in Hong Kong to tackle the increasing risk of cyber attacks. Following a review of the cybersecurity preparedness, compliance and resilience of brokers' Internet and mobile trading systems, conducted by the SFC at the end of 2016, the SFC identified several cybersecurity measures to help reduce the risk of cyber attacks. Whilst most of these measures have already been set out by the SFC in its Code of Conduct for Persons Licensed by or Registered with the SFC ("Code of Conduct") and in previous circulars, the SFC's intention is to consolidate them into a single guideline that provides further elaboration on existing recommendations.

This legal update highlights the key parts of the Proposal.


  • Gabriela Kennedy
    T +852 2843 2380
  • Karen H. F. Lee
    T +852 2843 4452
The Build a Report feature requires the use of cookies to function properly. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently. If you do not accept cookies, this function will not work. For more information please see our Privacy Policy

You have no pages selected. Please select pages to email then resubmit.