All "Hacked" Out: The Hong Kong Securities and Futures Commission Issues Proposals to Reduce Hacking Risks

On 8 May 2017, the Hong Kong Securities and Futures Commission (SFC) issued a consultation paper inviting comments on its latest proposals ("Proposal") aimed at reducing the risks of cyber attacks in relation to Internet trading. The consultation period ends on 7 July 2017.

Since the beginning of 2016, at least 12 licensed corporations in Hong Kong have reported 27 cybersecurity incidents, which resulted in losses to investors worth HK$110 million. In January 2017, the police informed the SFC that several securities brokers had been victims of distributed denial of service (DDoS) attacks. The Proposal is the latest in a stream of efforts by financial regulators in Hong Kong to tackle the increasing risk of cyber attacks. Following a review of the cybersecurity preparedness, compliance and resilience of brokers' Internet and mobile trading systems, conducted by the SFC at the end of 2016, the SFC identified several cybersecurity measures to help reduce the risk of cyber attacks. Whilst most of these measures have already been set out by the SFC in its Code of Conduct for Persons Licensed by or Registered with the SFC ("Code of Conduct") and in previous circulars, the SFC's intention is to consolidate them into a single guideline that provides further elaboration on existing recommendations.

This legal update highlights the key parts of the Proposal.