HKEX Releases Testing Guidelines for HKIDR Implementation
Hong Kong Exchanges and Clearing Limited (HKEX) has published testing guidelines for market participants and intermediaries ahead of the implementation of the investor identification regime at trading level for the securities market in Hong Kong (HKIDR), according to an official document published by the regulator.
The document, in the form of a letter, written by Hong Kong Monetary Authority Executive Director Raymond Chan, was written to reinforce the HKMA’s supervisory response to the elevated risk of data breach amid a growingly challenging cyber landscape.
HKEX’s objective is to assess the adequacy and effectiveness of authorized institutions’ (AIs’) customer data protection controls.
AIs are expected to put in place proper governance frameworks encompassing risk management process and data security strategy over customer data protection. In addition, AIs should identify and document the locations of their customer data residing in different parts of AIs’ networks, systems and premises. A comprehensive customer data inventory provides visibility of the customer data in custody and enables AIs to better manage the risk of data loss or leakage, according to the document by Raymond.
The regulator wrote AIs should adopt effective security measures to minimize the risk of data breach when handling customer data in transit, at rest and at end of life. He also believes that AIs should implement proper physical and logical security controls to prevent customer data from unauthorized access or theft.
On August 10, 2021, the Securities and Futures Commission (SFC) published its consultation conclusions to proceed with the implementation of HKIDR.
Under the HKIDR, when an order is submitted or arranged to be submitted to the trading system of The Stock Exchange of Hong Kong Limited (SEHK) for execution or where an off-exchange trade is reported to SEHK (OE Trade Reporting) by an Exchange Participant according to SEHK’s Rules of the Exchange, the order or OE Trade Reporting would be required to include an identification code assigned to the relevant client.
This would enhance market surveillance by identifying the originators of the orders and trades, according to an official document from the HKEX.