The Securities and Futures Commission (SFC) of Hong Kong issued on Thursday a statement, informing that it is checking on the security processes of brokers’ online trading systems. The regulator has launched a review to assess the cybersecurity preparedness, compliance and resilience of brokers’ internet and mobile trading systems.
The findings will show whether brokers are effective in preventing and detecting cyberattacks and will be used to improve the overall resilience of the markets.
The regulator’s review will have three different components. On one hand, the watchdog will perform on-site inspections and in-depth technology assessment of selected brokers. On the other hand, the SFC will distribute questionnaires to a mix of small to medium-sized brokers to assess relevant cybersecurity features of their Internet and mobile trading systems. As part of the review, the SFC will also benchmark the regulatory requirements and market practice in Hong Kong against those of other major financial services regulators, both local and overseas.
The SFC said it decided on the move after receiving numerous reports from securities brokers that the security of some customers’ internet and mobile trading accounts has been compromised and unauthorized securities trading transactions were conducted through these accounts. In the past 12 months alone, in 16 instances seven securities brokers were involved in unauthorized trades with a combined value of more than $100 million.
The SFC would also organize workshops to share the summary of the overall findings with the industry. It notes, however, that even before that brokers should review and enhance their controls to combat cyberattacks, including measures aimed at mitigating hacking risks and enabling them to spot and alert clients to suspicious activities so as to stop further unauthorized trading where security has been compromised.
The Hong Kong gave several words of advice to investors who use online trading platform. Following are the regulator’s guidances:
- set a strong password and properly safeguard their login ID and password;
- closely monitor their online accounts by reviewing trade confirmations;
- type the website address (URL) or use a bookmark to enter the broker’s website;
- ensure the security of computer/mobile devices used for online trading by installing anti-virus programs and updating them regularly; and
- not use public computers or unknown and unsecure networks to access their online accounts.
Hong Kong’s SFC is a statutory body authorized to license, supervise, and discipline entities, including brokers, investment advisors, fund managers and financial intermediaries, that operate on the local securities and futures markets.