The Hong Kong Monetary Authority (HKMA) is taking action to tackle cyber security in the banking sector in Hong Kong through the Cybersecurity Fortification Initiative (CFI) – a new comprehensive initiative announced on 18 May, which aims to raise the level of cybersecurity of the banks in Hong Kong. This follows a similar initiative by the Hong Kong Securities and Futures Commission (SFC) with issuing of its Circular to All Licensed Corporations on Cybersecurity (see our previous post).

The aim of the CFI is to raise awareness of cybersecurity in Hong Kong financial institutions in a three-pronged approach:

1. Cyber Resilience Assessment Framework:  a cyber risk assessment tool for banks to assess their own risk profiles and determine their cyber security requirements;

2. Professional Development Programme:  a training and certification programme to increase the number of trained cyber security professionals in Hong Kong; and

3. Cyber Intelligence Sharing Platform: a tool to allow banks to allow industry sharing and collaboration with respect to cyber threat intelligence.

To ensure swift implementation of the CFI, the HKMA will:

  1. issue a formal circular next week to all banks setting out that it is a supervisory requirement for them to implement the CFI; and
  2. cooperate with the various organisations (including the Hong Kong Institute of Bankers, the Hong Kong Applied Science and Technology Research Institute and the Hong Kong Association of Banks) to roll out the initiatives over the next few months.

Our Take: The issuing of the cybersecurity circular by the SFC and the launch of the CFI by the HKMA illustrates the continued and increasing focus on cybersecurity by the Hong Kong regulators. With the emphasis placed on cybersecurity by the SFC and the HKMA, failure to take adequate protective measures could subject organizations to disciplinary actions.

More to come: Once the formal circular is issued next week, we will prepare a more detailed analysis of the new cybersecurity requirements.