Skip to content

Menu

ChannelsPublishersSubscribe
LexBlog, Inc. logo
LexBlog, Inc. logo
ProductsSub-MenuBlogsPortalsTwentySyndicationMicrositesResource Center
Join
Search
Close
Join the Movement. Blog 4 Good

Hong Kong Monetary Authority Strengthens Cybersecurity Controls on Banks

By Anna Gamvros (HK) & Ruby Kwok (HK)
May 20, 2016
EmailTweetLikeLinkedIn
Norton Rose Fulbright - Data Protection Report blog

The Hong Kong Monetary Authority (HKMA) is taking action to tackle cyber security in the banking sector in Hong Kong through the Cybersecurity Fortification Initiative (CFI) – a new comprehensive initiative announced on May 18, 2016, which aims to raise the level of cybersecurity of the banks in Hong Kong. This follows the Hong Kong Securities and Futures Commission’s (SFC) similar initiative of issuing the Circular to All Licensed Corporations on Cybersecurity (see our previous post).

The Cybersecurity Fortification Initiative

The aim of the CFI is to raise awareness of cybersecurity within Hong Kong financial institutions through a three-pronged approach:

  1. Cyber Resilience Assessment Framework: a cyber risk assessment tool for banks to assess their own risk profiles and determine their cyber security requirements;
  2. Professional Development Programme: a training and certification programme to increase the number of trained cyber security professionals in Hong Kong; and
  3. Cyber Intelligence Sharing Platform: a tool to allow banks to allow industry sharing and collaboration with respect to cyber threat intelligence.

To ensure swift implementation of the CFI, the HKMA will:

  1. issue a formal circular next week to all banks setting out that it is a supervisory requirement for them to implement the CFI; and
  2. cooperate with several organisations (including the Hong Kong Institute of Bankers, the Hong Kong Applied Science and Technology Research Institute and the Hong Kong Association of Banks) to roll out the initiatives over the next few months.

Our Take

The HKMA’s launch of the CFI, coupled with the SFC’s issuance of the cybersecurity circular, illustrates Hong Kong regulators’ continued and increasing focus on cybersecurity. Given the SFC’s and HKMA’s focus on cybersecurity, an organisation’s failure to take adequate protective measures could lead to disciplinary actions.

Once the formal circular is issued next week, we will prepare a more detailed analysis of the new cybersecurity requirements.

To subscribe for updates from our Data Protection Report blog, visit the email sign-up page.

Photo of Anna Gamvros (HK) Anna Gamvros (HK)
Read more about Anna Gamvros (HK)Email
Photo of Ruby Kwok (HK) Ruby Kwok (HK)
Read more about Ruby Kwok (HK)Email
  • Posted in:
    Privacy & Data Security
  • Blog:
    Data Protection Report
  • Organization:
    Norton Rose Fulbright
  • Article: View Original Source

Stay Connected

Facebook LinkedIn Twitter RSS
Real Lawyers

Company

  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service

Products

  • Products
  • Blogs
  • Portals
  • Twenty
  • Syndication
  • Microsites

Support

  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center

New to the Network

  • Redefined Blog
  • Global Trade Law Blog
  • The Quick Take
  • Consumer Privacy World
  • Energy Law Report
Copyright © 2021, LexBlog, Inc. All Rights Reserved.
Powered By LexBlog