The Hong Kong Monetary Authority has revised its supervisory policy manual module TM-E-1 (SPM) on risk management of e-banking. This SPM is a non-statutory guideline issued as a guidance note.
The revisions are intended to strengthen risk management controls for e-banking given the rise in cyber threats and fraud risks, introduce changes to cater for virtual banking, and clarify certain existing requirements relating to new digital banking services.
Authorized Institutions (AIs) are expected to identify any material gaps in their existing risk management framework against the revised SPM and implement appropriate measures. The deadline for AIs to achieve full compliance with the revised SPM is 24 October 2020, unless there are other controls in place to effectively manage the relevant risks.
A copy of the revised SPM issued on 24 October 2019 can be accessed here.