In light of the increasing demand on the use of internet trading platforms and emerging threats that investors and organisations are facing, in 2019 Hong Kong’s Securities and Futures Commission (“SFC”) conducted a thematic review of 55 selected internet brokers with respect to the Cybersecurity Guidelines (“the Guidelines”) issued in October 2017 and the Code of Conduct, to assess compliance to the relevant baseline requirements including use of Two-Factor Authentication (2FA) of licensed corporations in internet trading business in Hong Kong.
This two-page summary outlines observations from the thematic review and suggests good practices that can help licensed organisations ensure compliance with the baseline requirements set in the Guidelines and enhance current security controls. Areas covered include protecting clients’ trading accounts, infrastructure security management and cybersecurity management and supervision.
Henry Shek
Partner, Technology Consulting
KPMG China
Brian Cheung
Director, Technology Consulting
KPMG China