Hong Kong’s Securities and Futures Commission (SFC), the city’s financial markets regulator, has issued a formal circular warning licensed firms of a sharp increase in AI-enabled cyber threats and calling for strengthened defences across the sector.
According to The Paypers, the guidance, published on 2 June 2026, is directed primarily at internet brokers and virtual asset trading platforms. It instructs these firms to reinforce protections against unauthorised access to client data and the misappropriation of client assets, in response to a threat environment the regulator considers increasingly sophisticated.
Data cited by the SFC from the Hong Kong Computer Emergency Response Team Coordination Centre shows cyber incidents climbed 27% to 15,877 in 2025, compared with 12,536 the previous year. The regulator linked part of this rise to the use of AI tools by malicious actors, which it said enable faster and larger-scale exploitation of system weaknesses. The circular also highlighted that AI is lowering the technical barriers to phishing and social engineering, drawing a wider range of potential threat actors into the space.
Firms are directed to focus remediation efforts across several areas, including patch and vulnerability management, threat detection and monitoring, and incident response and recovery planning. The SFC’s framing positions cyber resilience as a governance matter, with senior management expected to bear primary accountability for protecting client assets rather than delegating responsibility entirely to IT functions.
The SFC’s circular arrives in the context of coordinated regulatory activity across the Asia-Pacific region. Australia’s financial watchdog issued comparable guidance in late April 2026, while Japan’s banking authority established a dedicated forum focused on AI-related cyber threats in mid-May 2026. The pattern suggests that AI-driven cybersecurity risk has emerged as a shared priority among regional supervisors, even without a formal cross-border framework in place.
For virtual asset trading platforms, the circular adds further compliance expectations to an already demanding regulatory environment, given that these firms handle both client funds and digital assets, making them particularly attractive targets for the automated, large-scale attacks described by the SFC.
Copyright © 2026 FinTech Global
Investors
The following investor(s) were tagged in this article.