Cybersecurity from within
On 6 May 2016, the SFC banned an individual from re-entering the industry for 12 months for transferring client data from his former employer to his new employer which was detected by the automated email surveillance program of the former employer.
The SFC is sending a deterrent message to employees and the recipients of tainted information of this sort, as well as reminding licensed entities of the need to protect client information.
Licensed companies need to have policies and controls in place to safeguard all confidential information from unintended use and should remind staff of the importance of handling confidential and client information properly and appropriately.
Is your phone being tapped…properly?
On 3 May 2016, the SFC reprimanded and fined a company for failing to record and maintain phone records of client trading instructions for around seven months due to a loose electric cable. It also failed to have procedures in place to safeguard its telephone recording system and monitor clients' phone orders.
Telephone recording is mandatory for regulated entities taking client order instructions via telephones and also protects the interests of both the licensed company and the client.
Licensed companies need to establish procedures to ensure the integrity, reliability and security of the tape recording system. Regular checks on the proper functioning of the recording system; whether the telephone orders reconcile with the actual orders placed for the client; and whether staff have complied with the recording requirements, to ensure the existing procedures are effective.
Handle with care!
On 28 April 2016, a magistrate’s court convicted and fined an individual for making false or misleading representations in his two licence applications in 2012 and 2014. We issued an article called You can’t hide and you can’t lie in March 2013 to remind our readers to read application documents carefully before submission. The SFC conducts wide-ranging checks on the information provided by applicants, including making enquiries of other regulatory bodies in Hong Kong and overseas.