Circular to intermediaries Operational resilience and remote working

Intermediaries’ operational resilience, which refers to their ability to prevent, adapt and respond to and recover and learn from operational disruptions, has been stress-tested by the COVID-19 pandemic. While the guidance provided by the Securities and Futures Commission (SFC) on cybersecurity, business continuity plans, internal controls and risk management in its codes, guidelines and circulars¹ has helped licensed corporations maintain resilience amid the COVID-19 outbreak, it is important for them to ensure continued strength by adopting a comprehensive approach to achieve their operational resilience objectives based on common established standards.

For example, many intermediaries transitioned to hybrid working arrangements during the pandemic, with employees working partly from the office and partly from home or other remote locations (ie, remote working). Many intermediaries are considering whether to maintain some form of hybrid working arrangement as a new normal after the pandemic. Intermediaries should be vigilant about the risks involved and implement appropriate risk management measures and internal controls to address them.  

Appendix A to this circular provides operational resilience standards and required implementation measures which supplement the SFC’s existing guidance. Appendix B sets out the expected regulatory standards for managing and mitigating some major possible risks of remote working.

Intermediaries are also encouraged to read the Report on Operational Resilience and Remote Working Arrangements which accompanies this circular. The report aims to provide intermediaries with a better understanding of the regulatory standards and required implementation measures for operational resilience. In addition to providing suggested techniques and procedures, the report shares case examples and lessons learned drawn from the SFC’s review of some licensed corporations’ operational resilience measures during the COVID-19 pandemic and other disruptive events. It also explains the major possible risks of remote working and provides suggested techniques and procedures for risk mitigation.

Intermediaries are encouraged to adopt the suggested techniques and procedures where appropriate in their circumstances.

Should you have any questions regarding this circular, please contact your case officers-in-charge or Ms Seine Luk at 2231 1696.

Intermediaries Supervision Department
Intermediaries Division
Securities and Futures Commission

Enclosure

End

SFO/IS/024/2021