Hong Kong SFC mulls array of new digital safeguards

Regulator aims to make online trading and advisory platforms safer, and boost cybersecurity among web-based brokers

Plans to boost the trading and investment community’s protection from digital risks are taking shape at the Hong Kong Securities and Futures Commission (SFC), via two new consultations.

In the first, published on 5 May, the regulator is seeking comments on proposed rules covering online distribution and robo-advisory platforms.

Such outlets, the SFC says, allow all types of investors to access and transact a broad range of investment products easily and quickly.

“They also enable transactions to take place without any interaction with a sales representative,” it notes. “Investors can simply select and purchase a product based on the information and materials posted on the platform.”

This new business model, says the regulator, “brings new opportunities as well as risks”. With that in mind, it has reviewed the conduct rules that currently apply to the distribution of investment products and the provision of financial advice via online platforms.

In particular, the review has explored potential new applications for the SFC’s so-called ‘Suitability Requirement’ – a clause set out in paragraph 5.2 of its Code of Conduct.

The clause states that, when making recommendations or solicitations, SFC-licensed persons must ensure that the suitability of their suggestions is reasonable under all circumstances – in light of details about the client of which the licensed person should be aware, through the exercise of due diligence.

“In the online environment,” says the SFC, “the context and content of [available] materials, coupled with the design and overall impression created by the platform content, will determine whether the Suitability Requirement is triggered.”

It adds: “Only where product-specific materials are not factual, fair and balanced – or where there are other circumstances that may reasonably be expected to influence investors to purchase a specific investment product – will the Suitability Requirement be triggered.”

According to the SFC, the proposals “should enable more distribution channels to flourish, lead to greater investor choice, and generally facilitate the development of online platforms for the benefit of both the industry and investors”.

In the second consultation, published on 8 May, the regulator turns to the theme of hacking – specifically, the question of how internet brokers could be required to improve their cybersecurity.

“Given that hacking of internet trading appears to be the most serious cybersecurity risk faced by licensed corporations in Hong Kong,” says the SFC, “we conducted a thematic review of the resilience to hacking risks of brokers engaged in internet trading, with the assistance of an external cybersecurity expert, in late 2016.

“The review identified certain basic cybersecurity controls that should help internet brokers to reduce and mitigate hacking risks.”

The consultation proposes that those controls should be formalised into special, new guidelines to be issued under Hong Kong’s Securities and Futures Ordinance (SFO).

By introducing a set of baseline requirements, the SFC hopes to:

  1. strengthen control practices across the industry to address known threats and vulnerabilities;
  2. standardise and codify common, local cybersecurity control practices for consistent adoption by internet brokers; and
  3. provide unambiguous and practical guidance to those brokers with regards to the SFC’s expectations on cybersecurity controls.

Commenting on the first consultation, SFC chief Ashley Alder said: “Investors are increasingly managing their finances and investments online.

“The proposed guidelines reflect a balanced regulatory approach, recognising investors should be in a position to take responsibility of their own investment decisions in relation to simple products where they can reasonably be expected to understand their features and risks.”

Turning to the second, he noted: “Hacking of internet trading accounts is the most serious cybersecurity risk faced by internet brokers in Hong Kong. Brokers must strengthen their resilience to hacking and other cybersecurity risks by adopting robust preventive and detective controls.”

Find the online platforms consultation here…

…and find the hacking consultation here.

Scroll to top