Financial services publications
You will find here all our publications dedicated to the Financial Services industry.
Insurance Authority Guideline on Cybersecurity (GL20) - December 2024
The revised Guideline on Cybersecurity (GL20) was released on 11 December 2024. This revised guideline highlights that all Authorised Insurers (AI) are required to perform the Cyber Resilience Assessment Framework (CRAF) to assess the implementation of cybersecurity frameworks. This CRAF includes the Inherent Risk Assessment (IRA), the Maturity Assessment (MA) and the Threat Intelligence Based Attack Simulation (TIBAS).
Update on the thematic review of risk management practices related to data risks of licensed corporations by the SFC
Sound risk management is always essential to sustaining the resilience of licensed corporations (“LCs”) amid market uncertainty and volatility.
In March 2023, the Securities and Futures Commission (“SFC”) issued a report on the theme review including the assessment on data risk management practices adopted by 48 LCs. The SFC report summarised the industry practices in risk governance, oversight and management in the respective risk areas covered, together with examples of good practices and areas for improvement observed from the thematic review and other supervisory activities. The SFC’s expected standards for LCs to mitigate these specific risks are also set out in the report.
In March 2023, the Securities and Futures Commission (“SFC”) issued a report on the theme review including the assessment on data risk management practices adopted by 48 LCs. The SFC report summarised the industry practices in risk governance, oversight and management in the respective risk areas covered, together with examples of good practices and areas for improvement observed from the thematic review and other supervisory activities. The SFC’s expected standards for LCs to mitigate these specific risks are also set out in the report.
SFC licensing regime for virtual asset trading platform operators in Hong Kong
To strengthen investor protection and mitigate the risks of money laundering and terrorist financing in the virtual asset industry, new regulations have been introduced in Hong Kong for Virtual Asset Trading Platform Operators (VATPOs) through the "Consultation Conclusions on the Proposed Regulatory Requirements" by the Securities and Futures Commission (SFC). These regulations mandate VATPOs to obtain licenses and adhere to requirements related to risk management, investor protection, financial reporting, as well as implement measures to prevent market manipulation and money laundering.
Update on Supervisory Policy Manual module IC4 on complaint handling and redress by the Hong Kong Monetary Authority
The Hong Kong Monetary Authority has recently issued an updated Supervisory Policy Manual module IC-4 on “Complaints Handling and Redress” (the “Module”) as a statutory guideline in order to align the requirement of the HKMA with the latest industry good practices in financial consumer protection. All authorized institutions are required to implement this updated Module no later than 5 April 2023.
Anti-money laundering and counter-financing of terrorism solutions
To fight against financial crimes, regulators in Hong Kong including the Securities and Futures Commission, the Hong Kong Monetary Authority and the Insurance Authority are continuously updating their anti-money laundering (“AML”) and counter-financing of terrorism (“CFT”) regulations. With the everchanging regulatory requirements in AML/CFT, the challenges that financial institutions have to face become unprecedented
Update on the New Regulatory Requirements for Conducting Bookbuilding and Placing Activities in Hong Kong
To address intermediaries’ conduct issues in Hong Kong’s Equity Capital Market and Debt Capital Market, the Securities and Futures Commission has recently revised its Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission (the “Code”) to include conduct requirements for bookbuilding and placing activities. The relevant requirements have come into effect on 5 August 2022.
Licensing Regime for Dealers in Precious Metals and Stones
A new licensing regime for dealers in precious metals and stones (“DPMS”) was introduced recently. It requires any person who seeks to carry on a business of dealing in precious metals and precious stones in Hong Kong to register with the Commissioner of Customs and Excise starting from 1 January 2023.
Update on the latest regulatory requirements for selling of Protection Linked Plan
With the introduction of a new type of investment-linked assurance scheme (“ILAS”) known as Protection Linked Plan (“PLP”), the Hong Kong Monetary Authority (“HKMA”) have recently published a circular to provide guidance to authorized institutions (“AI”) highlighting on its regulatory requirements and expectations on the selling practice of PLP to enhance customer protection in Hong Kong.
New licensing regime for Virtual Asset Service Providers in Hong Kong
In view of the increasing popularity of virtual asset (“VA”) and VA-related activities to the retail sector in Hong Kong, a new licensing regime for Virtual Asset Service Providers (“VASP”)was introduced in June 2022. Under the new licensing regime, any person who seeks to carry on a business of providing “Virtual Asset Service” is required to apply for a licence from the Securities and Futures Commission. This new licensing regime will further increase the regulatory net for virtual asset-related activities in Hong Kong.
Concurrent SFC-HKMA thematic review on distribution of non-exchange traded investment products
In March 2022, the Securities and Futures Commission and the Hong Kong Monetary Authority announced that they will commence a concurrent thematic review on the distribution of non-exchange traded investment products, such as equity-linked structured products and corporate bonds. The review will focus on selected firms’ compliance with suitability obligations, which aims to assess these firms’ practices with respect to product due diligence, suitability assessments and information disclosure to clients, based on their policies, procedures, systems and controls, as well as senior management oversight of such product distribution.