Circular to intermediaries – Cybersecurity review of selected licensed corporations

The Securities and Futures Commission (SFC) will begin reviewing the cybersecurity practices of licensed corporations (LCs) to evaluate their compliance with cybersecurity regulations and the strength of their information systems against cyber threats. The SFC emphasizes the importance of cybersecurity in its oversight of LCs, who are expected to adhere to security-related requirements outlined in the Code of Conduct. LCs offering internet trading must also meet baseline requirements specified in the Cybersecurity Guidelines and other related documents. The SFC has observed security vulnerabilities and deficiencies, such as the use of outdated software and inadequate protection against remote access and phishing attacks. Additionally, the increasing use of third-party technology vendors and cloud environments introduces additional cyber risks. To assess the industry’s readiness and resilience to cyber risks, the SFC will conduct a cybersecurity review that includes surveys, meetings, and on-site inspections of selected LCs.



Learn with us in small steps

Find out more about us