Market Turnover



The post-trade (securities) infrastructure is composed of Central Clearing And Settlement System (CCASS/3) and VaR Platform.

CCASS/3 is:

  • built on an open, robust, secure and flexible modularised architecture with full fledged services that meets the business needs of market participants
  • designed to provide efficient and dynamic clearing and settlement by adhering to international standards for securities messages
  • providing interactive communication with market participants through a standard message-based application programming interface 

VaR Platform is:

  • a risk engine for risk monitoring & calculation for Hong Kong securities market, Shanghai-Hong Kong Stock Connect (Shanghai Connect) and Shenzhen-Hong Kong Stock Connect (Shenzhen Connect) markets; where Value-at-Risk model only applied to Hong Kong securities market.
  • performing marks, margin, stress testing,  Mainland Settlement Deposit (MSTD) and Mainland Security Deposit (MSCD) calculation and pass the calculation results to CCASS/3 for the collateralisation and payment processing

Below is the overview of the CCASS/3 and VaR Platform infrastructure:

Updated 30 Sep 2022


Participants can access the CCASS/3 system through two channels, including:

1. CCASS/3 Terminal (C3T)

  • C3T uses market standard Internet technology. Any PC equipped with supported versions of Microsoft Windows and browser can access C3T online functions
  • All participant functions will be provided with an HTML (windows) based presentation
  • The standard graphical user interface will provide a user-friendly interface, which is easy to use with reference to respective User Guides

Log on to Client Connect to access the CCASS/3 installation procedures and User Guides.

2. Participant Gateway (PG)

PG is a technical device to provide an access point through which a Participant Supplied System (PSS) can access CCASS/3.

In order to reduce the development efforts of participants, Java-based application programming interfaces are provided to participants’ PSS to communicate with CCASS/3 through the PG. The application program is a custom-built Java library that will assist the connection and handle all the subsequent message interactions between participants’ back office system and CCASS/3 Host.

Hypertext Transfer Protocol Secure (HTTPS) is used for communication between PG and CCASS/3 middle tier. Socket is the communication method between PG and PSS. The message format follows the industrial standards ISO 15022.

Network Communication Layer

The SDNet will ensure the reliable transmission of input between the user device and the host. The network will control the transmission of all information within the CCASS/3 system and will help to achieve the shortest possible response time even at the highest data through-put rates, ensuring fast and efficient clearing and settlement services at all times.

Security Measures

Security is a primary concern in the system design of CCASS/3. The following security measures are employed in CCASS/3 to ensure confidentiality and security:

Security measures


Pre-defined User Group Authority

All participant functions are grouped into a member of user groups. The availability of user groups for participants is pre-defined by the system. CCASS/3 allows the delegation of administrative privileges to organisational administrators, allowing them to manage user privileges and benefits within their organisations.

CCASS/3 Terminal Level

Access to the CCASS is authenticated by 2-Factor Authentication (2FA) with regular password and One-Time Password (OTP) generated from the ForgeRock Authenticator App or email.

Message Level

Encryption is implemented through standard browser functions, using Secure Sockets Layer (SSL) key to prevent transactions from being exposed to eavesdropping, tampering or message forgery risks.

Participant Gateway Level

For message level of security, access to PG is authenticated by smartcard and all data exchange between the PG and CCASS/3 Host are encrypted using SSL keys.

Network Level

Firewalls, routers and intrusion detection devices are used to protect the CCASS/3 network from unauthorised access through the public internet.


Log on to Client Connect to learn more about the PG acquisition documents, end-to-end test package, messaging specifications and charges involved.


Updated 27 Nov 2023

VaR Platform

VaR Platform offers tools for Clearing Participants (CPs) to conduct their own risk monitoring and control, including:

  1. Report Access Platform (RAP), a centralised report platform for retrieval of VaR Platform reports and data files; and

  2. VaR Online, to conduct margin and stress test simulation

    -Click Here to watch the VaR Online Margin Simulator Demo, the demo is designed to provide Clearing Participants with an understanding of the general settings and how to perform margin and stress test simulation in VaR Online.  

CPs can gain access to RAP and VaR Online access by submitting the RAP Registration and Maintenance Form (eService: TechS 8) and the VaR DA Application Form (eService ID: DA 1) respectively via Technical Setup section via Client Connect. The user guide and technical guide of RAP and VaR Online are available via Client Connect.

Updated 05 Oct 2022


Securities and Derivatives Network (SDNet) is an integrated Optical Ethernet network infrastructure for supporting HKEX securities and derivatives trading, clearing and settlement, market data services.

SDNet/1 was first launched in 2005 and followed by the upgrade to SDNet/2 in 2012. SDNet/2 is designed for high resilience, higher bandwidth options and lowered network round-trip latency, and SDNet/2 is being supported by multiple carriers, known as Accredited Vendors. 

Vendor Contact Information





Ordering, Billing and General Enquiry



2888-2929 or dedicated Account Manager


2112-9000 (Ordering)
121-388 (Billing and General Enquiry)


or email to dedicated Account Manager

Service Hours

Monday – Friday: 9:00 – 18:00

Saturday: 9:00 – 13:00

(except Public Holidays)

24-hour Technical Support/Fault Reporting






HKEX Technical Support Email:

Log on to Client Connect to learn more about the installation guidelines, price, technical specifications and service level of SDNet/2.


Updated 05 Oct 2022

Register for Client Connect

Click here to learn more about Client Connect. If you have not signed up for Client Connect, please register by submitting the completed on-boarding form.


Updated 31 Aug 2020