Circular No. 134/2017/TT-BTC dated December 19, 2017 of the Ministry of Finance on guiding e-transactions in the securities market

CIRCULAR

Guiding e-transactions in the securities market[1]

Pursuant to the June 29, 2006 Law on Securities;

Pursuant to the November 24, 2010 Law Amending and Supplementing a Number of Articles of the Law on Securities;

Pursuant to the November 29, 2005 Law on E-Transactions;

Pursuant to the June 29, 2006 Law on Information Technology;

Pursuant to the November 19, 2015 Law on Cyber-information Security;

Pursuant to the Government’s Decree No. 58/2012/ND-CP of July 20, 2012, detailing and guiding the implementation of a number of articles of the Law on Securities and the Law Amending and Supplementing a Number of Articles of the Law on Securities;

Pursuant to the Government’s Decree No. 60/2015/ND-CP of June 26, 2015, amending and supplementing a number of articles of Decree No. 58/2012/ND-CP of July 20,  2012, detailing and guiding the implementation of a number of articles of the Law on Securities and the Law Amending and Supplementing a Number of Articles of the Law on Securities;

Pursuant to the Government’s Decree No. 42/2015/ND-CP of May 5, 2015, on derivatives and derivatives market;

Pursuant to the Government’s Decree No. 27/2007/ND-CP of February 23, 2007, on e-transactions in financial activities;

Pursuant to the Government’s Decree No. 156/2016/ND-CP of November 21, 2016, amending and supplementing a number of articles of Decree No. 27/2007/ND-CP of February 23, 2007, on e-transactions in financial activities;

Pursuant to the Government’s Decree No. 87/2017/ND-CP of July 26, 2017, defining the functions, tasks, powers and organizational structure of the Ministry of Finance;

At the proposal of the Chairperson of the State Securities Commission;

The Minister of Finance promulgates the Circular guiding e-transactions in the securities market.

Chapter I

GENERAL PROVISIONS

Article 1.Scope of regulation

This Circular guides online securities trading, exchange of e-information on the securities market, and other activities relating to e-transactions in the securities market.

Article 2.Subjects of application

Subject to this Circular include:

1. The State Securities Commission, Stock Exchanges, and Vietnam Securities Depository.

2. Organizations and individuals participating in transactions and conducting activities in the securities market by electronic means, including:

a/ Issuing organizations, listing organizations, organizations registering for trading, and public companies;

b/ Securities companies, fund management companies, and securities investment companies;

c/ Vietnam-based representative offices and branches of foreign securities companies and fund management companies;

d/ Commercial banks, branches of foreign banks being members of the bond market or derivatives market, supervisory banks, depository members, clearing members and fund certificate distribution agents;

dd/ Investors;

e/ Other organizations and individuals participating in transactions and conducting activities in the securities market by electronic means.

Article 3.Interpretation of terms

In this Circular, the terms below are construed as follows:

1. Online securities trading means securities transactions conducted via the information technology system and the Internet, telecommunications or other open networks, including: securities transactions between investors and online securities trading service providers; securities transactions between trading members and the Stock Exchange; securities-related transactions between depository members, clearing members and the Vietnam Securities Depository.

2. Online securities trading system means a system for managing and conducting online securities transactions, including: hardware equipment and devices, software, database, telecommunications, the Internet and computer networks.

3. E-document in the securities sector means a data message about e-transactions in the securities market which is created, sent, received and stored by electronic means.

4. E-order means a data message recording the information included in an order placed at a certain time by an investor via the online securities trading system which is accessible only to such investor through access and order-placing confirmation.

5. Two-factor authentication means a method of authentication requiring two factors to verify an identity. Two-factor authentication is based on information which the user knows such as PIN and password, together with information the user obtains via his/her smartcard, token device or cell phone or his/her biometrics for verifying his/her identity.

6. Cyberinformation security means the protection of cyberinformation and cyberinformation systems from illegal access, use, disclosure, interruption, modification or sabotage in order to ensure the integrity, confidentiality and usability of information.

7. Physical address of order-placing device (also called as media access control - MAC address) means the only code assigned by the manufacturer to identify the device upon placing or aborting an order in the online securities trading system.

8. Telephone number for order placement means a telephone number registered by an investor with an online securities trading service provider to place securities orders.

9. Online securities trading service means a service provided by online securities trading service providers to investors to open accounts, place orders or set requirements on securities transactions or receive trading results via the Internet or telephone.

10. Online securities trading service provider means a securities company, fund management company or fund certificate distribution agent that provides online securities trading services.

11. Depository member means a securities company or commercial bank operating in Vietnam and granted by the State Securities Commission a securities depository operation registration certificate and admitted by the Vietnam Securities Depository as one of its depository members.

12. Clearing member means a securities company, commercial bank or foreign bank branch licensed to conduct clearing and payment for derivatives transactions.

13. Serious incident means a technical breakdown occurring in the online securities trading system and leading to the cessation or suspension of the system.

Article 4.Principles of conducting e-transactions in the securities market

E-transactions in the securities market must adhere to the principle of accuracy, fairness, publicity, transparency, safety and efficiency and compliance with the Law on E-Transactions and Law on Cyberinformation Security and guiding documents, and other relevant regulations.

Chapter II

ONLINE SECURITIES TRADING ACTIVITIES

Section 1

REQUIREMENTS ON SERVICES, TECHNICAL INFRASTRCTURE, CONFIDENTIAL SECURITY AND DATA STORAGE

Article 5.Requirements on services

1. The Stock Exchanges and the Vietnam Securities Depository shall:

a/ Elaborate and issue regulations on connection of the online securities trading system, processes of incident response, system backup and risk control in online securities trading activities in compliance with the Law on E-Transactions and Law on Cyberinformation Security and guiding documents, and this Circular;

b/ Ensure the provision of online securities trading services in a public, fair, transparent, safe and efficient manner to all members using the same type of service.

2. Securities companies providing online securities trading services shall:

a/ Provide online securities trading services directly to investors;

b/ Build a website with the domain name already registered on the Internet to provide online securities trading services. Programs and applications used for conducting online securities transactions shall be uploaded to or integrated in such website;

c/ Issue processes of providing online securities trading services, including process of daily operation, monitoring and administration; process of registration and cancellation of use of online securities trading services; process of incident response; process of system and data backup; process of risk control in the provision of online securities trading services to investors, and other processes in compliance with the Law on E-Transactions and Law on Cyberinformation Security and guiding documents, and this Circular, clearly stating the responsibility of process participants;

d/ Deploy employees who possess a degree or certificate of training in information technology for software administration, system administration and information security to manage and supervise activities of the online securities trading system, ensuring they are conducted in a continuous and uninterrupted manner;

dd/ Express the provision and use of online securities trading services to/by investors in contracts or terms and clauses of contracts on opening of securities trading accounts, specifically providing the online securities trading method, risks which might occur when conducting online securities transactions as prescribed in Clause 1, Article 15 of this Circular, responsibility of parties to pay compensation upon occurrence of a risk and other responsibilities related online securities transactions;

e/ Record information about trading requests of investors in the online securities trading system. Such information shall be stored for reference according to time, log-in session, transaction results and balance on accounts of investors before and after transactions;

g/ Notify results of execution of trading orders to investors right after such orders are matched in the online securities trading system.

3. Fund management companies and fund certificate distribution agents that provide online securities trading services must satisfy the requirements prescribed at Points a, b, c, dd, e and g, Clause 2 of this Article.

Article 6.Requirements on technical infrastructure of the online securities trading system

1. For a securities company providing online securities trading service:

a/ The online securities trading system must be physically separated from other trading systems of the company to ensure cyberinformation security, minimize risks and prevent conflicts between systems;

b/ The company shall install a server exclusively for its online securities trading system, neither using a personal computer as the server nor sharing a server with another unit or company. There must be spare information technology equipment and devices for exclusive use for the online securities trading system;

c/ The area where the online securities trading system is located must ensure the security, environmental and system safety conditions: Being isolated, having a magnetic locks or equivalent equipment to control entries and exits and surveillance cameras, special-use fire alarm and extinguishing system, air conditioning system for temperature and humidity monitoring and control,uninterruptible power supply systemand special-use backup generator, and anti-lightning system;

d/ The company may rent a place for location of its online securities trading system at a data center. Such a data center must comply with the regulations on operation of data centers. An online securities trading system located at a data center must have measures to prevent illegal access and data exploitation;

dd/ The online securities trading system must employ measures involving the use of digital certificates and digital signatures of public digital signature authentication service providers and other authentication measures (if any) under Points a and c, Clause 1,
Article 8 of this Circular;

e/ Via-telephone service providers must be equipped with switchboards having the functions of recording, managing and tracing calls and having backups. All order-placing calls of investors shall be fully recorded and archived, ensuring information security and data confidentiality;

g/ The company shall apply technical or managerial solutions to establish securities trading limits as prescribed by law for investors using online securities trading services. Such limits shall be announced to investors on the website for online securities trading and subject to approval in case of a change.

2. A fund management company or fund certificate distribution agent providing online securities trading services must satisfy the requirements specified at Points a, b and e, Clause 1, and Clause 3, of this Article.

3. The Stock Exchanges, the Vietnam Securities Depository and online securities trading service providers shall have backup plans for the online securities trading system and provide substitute trading methods in case the online securities trading system encounters an incident.

Article 7.Regulations on information confidentiality and data storage of online securities trading service providers

1. Websites and email systems of online securities trading service providers shall be authenticated by digital certificates.

2. The online securities trading system shall be established in a way that enables it to block any unauthorized access to internal trading systems through online transactions and delegate system privileges among professional sections that have possible conflicts of interest according to the internal control process.

3. Before being commissioned, the applied software system shall be checked and scanned for security vulnerabilities  and assessed in written reports. The environment for operation of the online securities trading software system shall be separated from the testing environment and software development environment. Assessment of cyberinformation security risks of the online securities trading system shall be carried out once a year.

4. The online securities trading system must have technical solutions to ensure cyberinformation security and system data confidentiality.

5. E-documents, e-order slips, e-data and recordings of order-placing calls of clients, including those for order cancellation, shall be archived for at least ten (10) years in the original form.

6. Information about clients using online securities trading services, trading orders and information exchanged in the system shall be encrypted during transmission at the application level and kept confidential in accordance with law, except where competent state management agencies request provision of such information.

Article 8.Regulations on authentication

1. Authentication measures applied in online securities transactions must ensure the minimum security level equivalent to that of two or more factor authentication measures, including:

a/ Two-factor authentication measures;

b/ Authentication measures involving the use of digital certificates;

c/ Other authentication measures permitted by law and compliant with regulations of competent agencies.

2. Upon placing an order via telephone, an investor shall use the telephone number for order placement and provide at least the following information: Identification number of the trading account and authentication information as specified at Point a, Clause 1 of this Article. A transaction may be conducted only when the information provided by the investor is consistent with that registered by the investor and stored in the online securities trading system.

3. An investor may choose an authentication measure provided by an online securities trading service provider when registering to use online securities trading services and may re-register to use another authentication measure when necessary.

Article 9.Regulations on e-order slips

1. An e-order slip must have at least the following information: Number sign of the order, type of order, identification number of the account for order placement, trading method, securities code or name, trading volume and price, trading time (year, month, day, hour, minute), order-placing device and its physical address or other identification information to ensure the singleness of the order-placing device.

2. An order cancellation slip must have information about number sign of the order, cancelled volume and confirmation of order cancellation.

3. An e-order slip must bear a digital signature or shall be logically associated or combined with investor authentication information as specified in Article 8 of this Circular before being sent to the system.

4. An e-order slip in a fund certificate transaction must fully have information under the regulations on fund certificate trading and comply with Clause 3 of this Article.

Section 2

REGISTRATION FOR AND WITHDRAWAL OF APPROVAL OF PROVISION OF ONLINE SECURITIES TRADING SERVICES

Article 10.Subjects eligible for registration for provision of online securities trading services

Eligible for registration for provision of online securities trading service are securities companies that are members of the Stock Exchange(s), have established connection with the trading system of the Stock Exchange(s), and do not fall into the following cases:

1. Being in the process of dissolution, bankruptcy, operation suspension or trading cessation for terminating their membership of the Stock Exchange(s).

2. Having their brokerage operation revoked or being carrying out the procedures for revocation of brokerage operation.

3. Being under control or special control.

4. Other cases of operation suspension in accordance with law.

Article 11.Dossiers of registration for provision of online securities trading services

A dossier of registration for provision of online securities trading services must comprise:

1. A written request for registration for provision of online securities trading services, made according to the form provided in Appendix 1 to this Circular.

2. The list of names and resumes of experts managing the online securities trading system, made according to the form provided in Appendix 2 to this Circular.

3. A report on design of the online securities trading service system, made according to the form provided in Appendix 3 to this Circular.

4. A certified copy of the Stock Exchange’s written approval and record of inspection of the online securities trading system of the trading member.

Article 12.Procedures for approving the provision of online securities trading services

A securities company shall make a dossier specified in Article 11 of this Circular and choose a method of carrying out the procedures with the State Securities Commission via the latter’s online public service system or submit a dossier directly or through public-utility postal service.

1. Within five (5) working days after receiving a dossier specified in Article 11 of this Circular, if the dossier needs modification or supplementation, the State Securities Commission shall request in writing the dossier supplementation or written explanations in case the dossier is invalid.

2. Within ten (10) working days after receiving the State Securities Commission’s written request for modification or supplementation, the securities company shall complete its dossier and send it to the State Securities Commission. Past the above-said time limit, if the securities company fails to supplement the dossier as requested, the State Securities Commission may disapprove the provision of online securities trading services.

3. Within twenty (20) working days after receiving a complete and valid dossier, the State Securities Commission shall consider and decide to approve the provision of online securities trading services by the securities company. In case of refusal, the State Securities Commission shall issue a written reply, clearly stating the reason.

Article 13.Revocation of approval decisions, suspension of the provision of online securities trading services

1. In case a securities company is suspended from operation or has its securities brokerage operation or all of its operations ceased, it shall suspend the provision of online securities trading services until it remedies the situation.

2. A decision approving the provision of online securities trading services by a securities company will be revoked in the following cases:

a/ The company has registered for stoppage of securities brokerage operation and such stoppage has been approved by the State Securities Commission;

b/ The company is no longer licensed to conduct securities brokerage operation;

c/ The company’s membership of the Stock Exchange(s) is terminated;

d/ The company is merged, divided or consolidated;

dd/ The company is dissolved, falls bankrupt or has its establishment and operation license revoked;

e/ The company fails to maintain or satisfy the conditions prescribed in Clause 2, Article 5; Clauses 1 and 3, Article 6; Article 7; Clause 1, Article 8; and Clause 3, Article 9, of this Circular;

g/ The company’s dossier of registration for provision of online securities trading service contains untruthful information;

h/ Other cases when management agencies so request or the company files an application for permission to stop the provision of online securities trading services.

3. A securities company that has the decision approving the provision of online securities trading services revoked under Point b, c, e or g, Clause 2 of this Article may re-register for provision of online securities trading services.

4. A securities company that has the decision approving the provision of online securities trading services revoked under Clause 2 of this Article shall maintain and store data of the online securities trading system for a prescribed period of time so as to perform its obligations as prescribed by law.

5. The order for revoking decisions approving the provision of online securities trading services by securities companies shall comply with guidance of the State Securities Commission.

Section 3

REPORTING AND INFORMATION DISCLOSURE IN ONLINE SECURITIES TRADING ACTIVITIES

Article 14.Regulations on reporting in online securities trading activities

1. A securities company approved to provide online securities trading services shall send to the State Securities Commission:

a/ Annual report on online securities trading activities, made according to the form provided in Appendix 4 to this Circular, within thirty (30) days from the end of every year;

b/ Report enclosed with related documents upon any upgrade or change in the online securities trading system: Change of system core, change of trading method, change in information technology personnel, or relocation of the system, made according to the form provided in Appendix 8 to this Circular. The time limit for submitting such a report is seven (7) working days after the securities company makes the upgrade or change.

2. The Stock Exchanges shall send to the State Securities Commission:

a/ Annual report on the online securities trading system, made according to the form provided in Appendix 5 to this Circular, within thirty (30) days after the end of every year;

b/ Report on a change in regulations on technology standards applicable to their trading members. Such a report shall be sent within seven (7) working days after the change is made.

3. The Vietnam Securities Depository shall send to the State Securities Commission an annual report on online securities trading, made according to the form provided in Appendix 6 to this Circular within thirty (30) days after the end of every year.

4. Within twenty-four (24) hours after the occurrence of a serious incident related to the online securities trading system, the Stock Exchange, Vietnam Securities Depository and securities company shall send reports, made according to the form provided in Appendix 7 to this Circular.

5. A fund management company or fund certificate distribution agent shall send to the State Securities Commission the documents specified in Clause 3, Article 11 of this Circular at least five (5) working days before commissioning the online securities trading system for investors; and make an annual report on online securities trading activities according to the form provided in Appendix 4 to this Circular within thirty (30) days after the end of every year.

6. Reports shall be sent in electronic files through the e-information exchange systems under guidance of the State Securities Commission.

Article 15.Information disclosure in online securities trading activities

1. The official website and application software serving online securities trading by investors of a securities company, fund management company or fund certificate distribution agent must disclose regulations on online securities trading services and risks which might occur when investors conduct online securities transactions. Such risks include:

a/ When transmitted via the Internet, a trading order may be suspended, stopped or postponed or have a data error;

b/ The identification of an organization or investor is inaccurate or there is a security error;

c/ Market prices and other securities information are erroneous or false;

d/ Possible risks of order placement-confirming methods incurred by investors;

dd/ Other risks which a competent state management agency, securities company, fund management company or fund certificate distribution agent finds it necessary to disclose.

2. The Stock Exchanges shall publish on their websites regulations relevant to e-transactions in the securities market and documents on e-transactions they have issued.

3. The Vietnam Securities Depository shall publish on its website the list of online securities trading products and services permitted to be provided, regulations relevant to e-transactions in the securities market and documents on e-transactions it has issued.

4. The State Securities Commission shall publish  on its portal the list of securities companies licensed to provide online securities trading services, procedures and dossiers of registration for provision of online securities trading services, and list of securities companies that have decisions approving provision of online securities trading services.

Chapter III

E-INFORMATION EXCHANGE

Article 16.Regulations on e-information exchange

1. E-information to be exchanged includes information exchanged via the Internet or local networks and related to the following activities:

a/ Public offering of securities, securities registration, depository, listing, trading registration and trading;

b/ Management of organizations and individuals under Clause 2, Article 2 of this Circular;

c/ Information disclosure in the securities market;

d/ Other activities related to the securities market in accordance with the law on securities.

2. E-information exchange service providers shall:

a/ Develop their websites on the Internet to serve as entry portals for e-information exchange services;

b/ Keep confidential information for subjects registering for use of e-information exchange services and ensure information security for the e-information exchange system;

c/ Issue regulations guiding e-information exchange services.

3. Participants in e-information exchange shall register to use e-information exchange services and comply with guiding regulations of e-information exchange service providers.

4. The use of digital certificates and signatures in e-information exchange activities must comply with the regulations on e-transactions in financial activities.

Chapter IV

RESPONSIBILITIES OF AGENCIES, ORGANIZATIONS AND INDIVIDUALS PARTICIPATING IN E-TRANSACTIONS IN THE SECURITIES MARKET

Article 17.Responsibilities of organizations and individuals participating in e-transactions in the securities market

1. To comply with regulations on securities trading and securities market.

2. To comply with regulations on protection of information in e-transactions and regulations on confidentiality, personnel and data systems.

3. To retain all dossiers and documents related to their online securities trading activities; to make and certify dossiers of registration for provision of online securities trading services containing truthful information, and modify or supplement such dossiers when detecting untruthful information and ensure that no important content as prescribed by law is omitted; to preserve reported information in accordance with law.

4. Securities companies may not provide online securities trading services without approval from the State Securities Commission or when approval decisions are revoked.

5. To report within the prescribed time limit on all contents required by law or by the State Securities Commission.

Article 18.Examination and supervision of e-transactions in the securities market

1. The State Securities Commission shall regularly or irregularly supervise and examine the Stock Exchanges, the Vietnam Securities Depository, securities companies, fund management companies, fund certificate distribution agents and other organizations and individuals regarding e-transactions which they conduct in the securities market under regulations or upon occurrence of incidents affecting interests of investors and safety of the securities market.

2. The Stock Exchanges and the Vietnam Securities Depository shall coordinate with each other in supervising online securities trading activities of online securities trading service providers and related organizations and individuals at the request of the State Securities Commission.

3. Organizations and individuals participating in e-transactions on the securities market shall promptly and fully provide information, data and documents related to e-transactions when so requested by competent agencies.

Chapter V

IMPLEMENTATION PROVISIONS

Article 19.Effect

This Circular takes effect on March 1, 2018, and replaces the Minister of Finance’s Circular No. 87/2013/TT-BTC of June 28, 2013, guiding e-transactions in the securities market.

Article 20.Organization of implementation

1. Securities companies that are licensed by the State Securities Commission before the effective date of this Circular to provide online securities trading services shall, within six (6) months from such date, improve the online securities trading system and fulfill the requirements on services, technical infrastructure, confidentiality, authentication and data storage under this Circular.

2. The State Securities Commission shall guide and promulgate technical standards on application of information technology in e-transactions in the securities market.

3. The State Securities Commission, the Stock Exchanges, the Vietnam Securities Depository and organizations and individuals participating in e-transactions on the securities market shall implement this Circular.-

For the Minister of Finance
Deputy Minister
TRAN XUAN HA

* The appendices to this Circular are not translated.