HK regulator publishes cyber security draft rules to guard against broker hacks

(Reuters) — Hong Kong's securities regulator on Monday published a proposal to tighten information security rules after a series of embarrassing hacks at the city's brokers.

The draft rules by the Hong Kong Securities and Futures Commission (SFC) will include requirements for two-step authentication for account log-in and for brokers to notify clients when a transaction had been made, the proposal said.

In addition, the SFC proposes to expand the scope of existing cyber security requirements that currently apply to the trading of on-exchange shares to cover internet trading of a range of securities, including unit trusts, mutual funds.

The SFC said last month it planned to introduce the new rules after a series of digital pump-and-dump schemes targeting brokerages — a little-known type of computer-generated fraud that surged in the Chinese territory last year.

The consultation will be open for two months.