Hong Kong's Securities and Futures Commission (SFC) has issued a circular to intermediaries to provide guidance on the statutory and regulatory requirements for the use of instant messaging (IM) applications to receive orders from clients.
The use of IM technology poses new supervisory and record-keeping challenges, noted the SFC. Most IM service providers do not provide users with tools to save, retrieve or monitor IM communications.
The 4 May circular encourages firms to take adequate measures to ensure compliance with the requirements, which include keeping proper records of messages relating to client orders and ensuring they are accessible for monitoring and audit purposes, as well as validating client identities and maintaining adequate safeguards to prevent unauthorised account access and cybersecurity attacks.
Under current rules, intermediaries are required to keep the records for no less than two years.
The circular also highlighted that clients should be made aware of the security risks of using instant messaging applications and their features and limitations. Firms should also inform clients about their contingency plans to cope with disruptions affecting instant messaging services.
"Brokers should put in place adequate measures to ensure the security and reliability of instant messaging applications used for receiving client orders," said SFC deputy chief executive officer and executive director of intermediaries Ms Julia Leung.
"Investors should fully understand that using instant messaging to place orders exposes them to potential risks such as phishing, account theft and impersonation."
SFC said that intermediaries should prohibit their staff members from receiving client orders through IM applications if the above requirements are not fully met. It added that it may take regulatory action against firms which receive orders through instant messaging applications without taking sufficient measures to ensure compliance with the regulatory requirements.