Call us Contact us now
+44 (2038) 07 15 07


  • Home
  • Blog
  • Cyber risks rules compliance. New rules in Hong Kong

Cyber risks rules compliance. New rules in Hong Kong

May 17, 2018

Top Hong Kong trading companies informed their customers on upcoming changes of security and rules on cyber risks. These changes were released by the Securities and Futures Commission (SFC). As of April 27th, 2018, two-factor authentication will become obligatory for every company that provides trading services in Hong Kong.

Such brokers as Monex Boom,, Phillip Securities (HK) Ltd and Guotai Junan International Hold. Limited have already informed their customers about these changes. In order to adhere to the newly set requirements, changes were made to the account access procedures and related mobile applications. New technologies allow receiving a one-time password by means of a mobile app, a phone or e-mail and it is easy and secure at the same time. Online trading is becoming more secure and the Securities and Futures Commission continues its work to maintain this high level of security.

What types of businesses are subjects of these changes and 2FA implementation requirements? Currently 4 types of trading activities are affected by these changes: dealing in securities, dealing in futures contracts, leveraged foreign exchange trading and asset management.

Later this summer there will be more security rules changes for trading businesses in Hong Kong. These will include updates for data encryption, login security and data transfers between providers and customers.

Client login information must be delivered in a secure way in the course of the first information transfer to the customer, as well as during the process of password reset. Moreover, session timeouts are to be implemented. The Securities and Futures Commission created these rules to ensure that every trader has the same security guarantees. According to new rules, companies have to control and prevent cybercrimes, protect customers’ data and records. These changes aim to reduce risks of possible attacks, cyber incidents and other possible negative events.

Back to list