20 May 2020
Introduction
As a result of the COVID-19 pandemic, many people have been forced to work from home and this has created new opportunities and very fertile ground for the emergence of cyber threats. Accordingly, on 29 April 2020, the Intermediaries Supervision Department of the Hong Kong Securities and Futures Commission (SFC) issued a circular (Circular) containing examples of controls and procedures firms can put in place to manage their cybersecurity risks.
Cyberattacks can affect any business but SFC licensed firms are subject to various regulatory obligations requiring them to ensure that they have the operational capability to protect their operations and their clients from financial loss arising from theft, fraud and other dishonest acts, and to ensure the integrity and security of all information relevant to their business operations. In the Circular, the SFC pointed to paragraph 4.3 of the Code of Conduct and Part IV of the Internal Control Guidelines as the regulatory sources for this guidance.
We have highlighted below some of the examples provided by the SFC which we think are particularly relevant to asset management clients.
1. |
If a firm allows staff to remotely access the firm’s internal network and system through a Virtual Private Network (VPN):
|
2. |
Where firms allow staff to use videoconferencing platforms:
|
3. |
In addition:
|
For further information, please contact:
Isabella Wong, Deacons
isabellahm.wong@deacons.com.hk