The Securities and Futures Commission (SFC) today issued a circular to intermediaries to provide guidance on the statutory and regulatory requirements for the use of instant messaging applications to receive orders from clients.
The circular encourages firms to take adequate measures to ensure compliance with the requirements, which include keeping proper records of messages relating to client orders (Note 1) and ensuring they are accessible for monitoring and audit purposes, as well as validating client identities and maintaining adequate safeguards to prevent unauthorised account access and cybersecurity attacks.
Clients should be made aware of the security risks of using instant messaging applications. Firms should also inform clients about their contingency plans to cope with disruptions affecting instant messaging services.
"Brokers should put in place adequate measures to ensure the security and reliability of instant messaging applications used for receiving client orders," said Ms Julia Leung, the SFC's Deputy Chief Executive Officer and Executive Director of Intermediaries. "Investors should fully understand that using instant messaging to place orders exposes them to potential risks such as phishing, account theft and impersonation."
The circular also makes it clear that the SFC may take regulatory action against firms which receive orders through instant messaging applications without taking sufficient measures to ensure compliance with the regulatory requirements.
Notes:
- Under Sections 3(1) and 10(b) and Section 1(d) of the Schedule to the Securities and Futures (Keeping of Records) Rules, intermediaries are required to keep these records for no less than two years.
