The Securities and Futures Commission (SFC) of Hong Kong has introduced a new compliance roadmap for digital asset providers. To combat the growing sophistication of cyberattacks, platforms are now required to adopt advanced multi-factor authentication methods that prioritize hardware-based security.
The regulatory shift mandates that all virtual asset service providers and online brokerage firms upgrade their login infrastructure. These measures are designed to mitigate risks associated with credential theft and fraudulent account access, ensuring a safer environment for retail and institutional investors alike.
Platforms have been granted a 12-month grace period to transition away from traditional, easily compromised login flows. The regulator expects firms to integrate modern cryptographic standards, such as FIDO2-compliant keys, to harden their defenses against emerging threats.
This initiative underscores Hong Kong's ongoing effort to position itself as a secure, regulated hub for the global crypto economy. By tightening oversight, authorities aim to bolster market integrity and reduce the prevalence of platform impersonation scams.