Market Turnover



CCASS/3 (Central Clearing And Settlement System) is

  • built on an open, robust, secure and flexible modularised architecture with full fledged services that meets the business needs of market participants
  • designed to provide efficient and dynamic clearing and settlement by adhering to international standards for securities messages
  • providing interactive communication with market participants through a standard message-based application programming interface. 

The Securities and Derivatives Network (SDNet) is a robust and high efficiency closed user group network based on Optical Ethernet technology. It adopts the TCP/IP protocols with high security protection by means of firewall and intrusion detection system.

Participants can access the CCASS/3 system through two channels:

  • CCASS/3 Terminal
  • Participant Gateway

Updated 03 Feb 2021

CCASS /3 Terminal

Participants can access CCASS/3 through a browser-based terminal called the CCASS/3 Terminal (C3T).

  • C3T uses market standard Internet technology. Any PC running HKEX supported versions of Microsoft Windows, Internet Explorer and Java Runtime Environment can access C3T
  • All participant functions will be provided with an HTML (windows) based presentation
  • The standard graphical user interface will provide a user-friendly interface and will reduce training needs for participants.

Log on to Client Connect to access the CCASS/3 installation procedures and Terminal User Guide


Updated 31 Aug 2020


SDNet/1 was first launched in 2005 and followed by the upgrade to SDNet/2 in 2012. SDNet/2 is designed for high resilience, higher bandwidth options and lowered network round-trip latency, and SDNet/2 is being supported by multiple carriers, known as Accredited Vendors. 





Ordering, Billing and General Enquiry



2888-2929 or dedicated Account Manager


2112-9000 (Ordering)
121-388 (Billing and General Enquiry)


or email to dedicated Account Manager

Service Hours

Monday – Friday: 9:00 – 18:00

Saturday: 9:00 – 13:00

(except Public Holidays)

24-hour Technical Support/Fault Reporting






HKEX Technical Support Email:

Log on to Client Connect to learn more about the installation guidelines, price, technical specifications and service level of SDNet/2.


Updated 03 Feb 2021

Participant Gateway

Participant Gateway (PG) is a technical device to provide an access point through which a Participant Supplied System (PSS) can access CCASS/3.

In order to reduce the development efforts of participants, Java-based application programming interfaces are provided to participants’ PSS to communicate with CCASS/3 through the PG. The application program is a custom-built Java library that will assist the connection and handle all the subsequent message interactions between participants’ back office system and CCASS/3 Host.

Hypertext Transfer Protocol Secure (HTTPS) is used for communication between PG and CCASS/3 middle tier. Socket is the communication method between PG and PSS. The message format follows the industrial standards ISO 15022.

Network Communication Layer

The SDNet will ensure the reliable transmission of input between the user device and the host. The network will control the transmission of all information within the CCASS/3 system and will help to achieve the shortest possible response time even at the highest data through-put rates, ensuring fast and efficient clearing and settlement services at all times.

Security Measures

Security is a primary concern in the system design of CCASS/3. The following security measures are employed in CCASS/3 to ensure confidentiality and security:

Security measures


Pre-defined User Group Authority

All participant functions are grouped into a member of user groups. The availability of user groups for participants is pre-defined by the system. CCASS/3 allows the delegation of administrative privileges to organisational administrators, allowing them to manage user privileges and benefits within their organisations.

CCASS/3 Terminal Level

Access to the CCASS/3 Terminal is authenticated by a smartcard as the security token using digital certificate X.509 format.

Message Level

Encryption is implemented through standard browser functions, using Secure Sockets Layer (SSL) key to prevent transactions from being exposed to eavesdropping, tampering or message forgery risks.

Participant Gateway Level

As with the CCASS/3 Terminal and message level of security, access to PG is also authenticated by smartcard and all data exchange between the PG and CCASS/3 Host are encrypted using SSL keys.

Network Level

Firewalls, routers and intrusion detection devices are used to protect the CCASS/3 network from unauthorised access through the public internet.


Log on to Client Connect to learn more about the PG acquisition documents, end-to-end test package, messaging specifications and charges involved.


Updated 03 Feb 2021

Register for Client Connect

Click here to learn more about Client Connect. If you have not signed up for Client Connect, please register by submitting the completed on-boarding form.


Updated 31 Aug 2020