TAI EXC Securities Firms Cybersecurity

On Oct. 29, TAI EXC issued guidance on strengthening cybersecurity.

  • TAI EXC provided guidance on strengthening securities firms' cybersecurity operations.
  • Major causes of security incidents include insufficient stress testing, resource allocation, and pre-launch testing; notable incidents involved DDoS attacks.
  • In addition to trading platform overload as well as vendor system issues.
  • Key Requirements
  • Firms must report security incidents within 30 minutes of discovery; formal incident reporting is required within 24 hours of occurrence, incident closure within 3 days.
  • Major incidents include core system issues at top 20 brokers by market share.
  • Trading disruptions exceeding two hours during daily market hours require reporting.
  • The guidelines further specify the system classification for tolerable outage times.
  • Level 1-3 securities firms must establish remote backup facilities, full front, middle, back-office backup systems required; annual cybersecurity audits to verify compliance.
  • Effectiveness
  • The deadline for implementation is Dec. 31, 2024.

Regulators TAI EXC
Entity Types B/D; Corp
Reference Gd, 10/29/2024
Functions BCS; Compliance; Cyber; Operations; Reporting; Risk; Technology
Countries Taiwan
Category
State
Products Corporate; Securities
Regions AP
Rule Type Final
Rule Date 10/29/2024
Effective Date 12/31/2024
Rule Id 231595
Linked to N/A
Reg. Last Update 10/29/2024
Report Section International

Last substantive update on 11/01/2024