The SFC has issued a circular to guide licensed corporations (LCs) on data risk management practices. The circular emphasizes the need for robust risk governance frameworks and controls to mitigate the risk of operational disruptions, reputational or financial losses arising from inadequate data management practices. To ensure effective management of data risks, LCs should have a sound risk governance framework, defined management responsibilities, and structured protocols for handling data risk incidents. The circular also outlines the expected standards for data collection, classification, usage, retention, transfer, and disposal, and the use of third-party service providers. The SFC’s recent thematic review on data risk management provides detailed guidance to help LCs refine their risk management processes.
resource: https://apps.sfc.hk/edistributionWeb/gateway/EN/circular/intermediaries/supervision/doc?refNo=23EC15