In September 2020, the Securities and Futures Commission (SFC) issued a thematic review report on cybersecurity review of selected internet brokers which provide online trading services on desktop, mobile or designated website platforms with a focus on cybersecurity and vulnerabilities issues.
The thematic review report summarises their key findings and highlights deficiencies and instances of non-compliance covering two-factor authentication (2FA), surveillance mechanism to detect unauthorised access, data encryption & session timeout, security controls for remote connections and IT security patch management among others.
Earlier last year in March 2020, the Hong Kong Monetary Authority (HKMA) also issued a circular on sound risk management practice for algorithmic trading (algo-trading). It is noted that about 40% of the authorised institutions in Hong Kong already undertook algo-trading. In 2019, the HKMA conducted a thematic examination on the algorithms used by international banks for making investment decisions. It covered: governance and oversight, development and testing of algorithms, risk monitoring and controls, and documentation.
Comprehensive pre-trade controls, robust post-trade controls, proper kill functionality and proper documentation of inventory algorithm are areas that the practitioner should be aware of in the above processes among others.
In this webinar, we will focus on:
- Findings of SFC thematic cybersecurity review
- Recommendations of HKMA on algo-trading
- Practical review procedures on online trading systems
About the speakers
PETER PANG, Director of Risk Advisory, BDO
Peter has extensive experiences in managing corporate governance, compliance, risk management, internal control review, internal audit, Sarbanes-Oxley and other assurance projects for local, regional and international financial services clients.
Peter has more than 20 years of risk and assurance experience. Prior to joining BDO, he was the Head of Risk of a listed aircraft leasing company with operations in Asia, Europe and America. He also worked in a large international accounting and advisory firm as head of department.
Peter served clients in the financial services sector, including fund and asset management, trust operation, banking, securities, aircraft leasing, airlines, regulatory and professional organisations. In particular, he has involved in providing internal control review and SOC review assignment for virtual asset servicing companies. Peter is also trained in Blockchain Strategy by Oxford University.
Peter is a Fellow of the Hong Kong Institute of Certified Public Accountants, Fellow of the Institute of Chartered Accountants in England and Wales and Certified FRM of Global Association of Risk Professionals (GARP).
ROGER LO, Senior Manager of Risk Advisory, BDO
Roger Lo has over 10 years of professional experiences in data security on IT infrastructure and systems. With a mixed business and information technology background, he has worked in Fortune 500 companies, insurance, hospital, and telecommunications to provide technical review and policy management on cybersecurity, IT system, sensitive data & IT infrastructure.
His clients are corporations listed in Hong Kong & China, he has conducted data integrity review for a number of regulated businesses, such as securities firms, assets management, casino, hospitality, manufacturing & retail. Particularly, Roger's duties are advising or reengineering these businesses by providing IT risk assessment in compliance to China Cybersecurity Law, ISO 27001 as well as US NIST Cybersecurity Framework.
He is a Certified ISO/IEC 27001 Senior Lead Auditor, member and Certified Information Systems Auditor (CISA) of the Information Systems Audit and Control Association (ISACA), associate member of Cloud Security Alliance (CSA) and was a Cisco Certified Network Associate (CCNA).
This event will incorporate slides which you can view on a PC and audio broadcast technology which requires only the speakers in your device. Therefore, on the day, please ensure the audio volume of your device is turned up. You are recommended to log in the webinar (which will be provided by email after your successful registration) a few minutes before the webinar starts to make sure you have no problem with the connection.
Details are as follows:
||Tuesday, 16 March 2021
||15:30 – 17:00 (webinar session)
||Cantonese, supplemented with English presentation materials
||Free of charge
||1.5 hours (*The recognition of CPD hours by your professional organisations is subject to their CPD policies.)
||1. For any enquiries, please contact contact Ida Cheung at +852 2218 3714 or [email protected]
||2. Login information will be sent to you by email after successful registration.
||3. BDO reserves the final right of acceptance of registration.