Key Functions

Monetary Stability
Linked Exchange Rate System
Interest Rate Adjustment Mechanism
EFAC Currency Board
Sub-Committee
Transparency of Currency Board Operations
Notes & Coins of
Hong Kong
Notes
Coins
Milestones of Monetary Reform
History of Hong Kong's Exchange Rate System
Banking Stability
Banking Policy & Supervision
The Three-tier Banking System
Regulatory Framework
Advisory Committees
Supervisory
Co-operation
Electronic Banking & Technology Risk Management
Regulation of the Issue of Multi-purpose Stored Value Cards
Regulation of Money Brokers
Consumer Corner
HKMA’s Work in Relation to Strengthening Financial Consumer Protection
Frequently Asked Questions
Complaints about Banks
Internet Banking
Security Controls for ATM Services
Guide to Authorization
Supervisory Policy Manual
Oversight of Financial
Market Infrastructures
Basel III
Review of the HKMA's Work on Banking Stability
Sharing of Mortgage Data
International Financial Centre
International & Regional Financial Co-operation
International & Regional Financial Co-operation
Participation in Multilateral Agencies & International Forums
Co-operation with Other Central Banks
Application of the "One Country, Two Systems" Principle
Renminbi Business in Hong Kong
Debt-market Development
Exchange Fund Bills & Notes
Government Bond Programme
Important Policy Initiatives Affecting The EFBN Programme & Other Hong Kong Dollar Debt Instruments
Infrastructure
Financial Infrastructure in Hong Kong
Payment Systems
CMU
OTC Derivatives Trade Repository
System Links
International
Co-operation
Pan-Asian CSD Alliance
Useful Links
Exchange Fund
History
Management
Transparency
31.2506

Electronic Banking & Technology Risk Management

The HKMA aims to create a safe and sound environment for electronic banking (e-banking) development in Hong Kong without standing in the way of progress. The HKMA has implemented a comprehensive e-banking and technology risk management supervisory framework for the banking industry in Hong Kong. The supervisory framework comprises the following major components:

Development of Policies and Guidance

Risk Management and Information Security
The HKMA has issued a series of circulars to set out its regulatory approach on e-banking services and to provide authorized institutions with recommendations on the risk management for these activities. While institutions do not need to seek formal approval from the HKMA to offer their e-banking services, they should discuss their plans and risk management measures with the HKMA in advance.

Information security is one of the key focuses of the HKMA. While absolute information security does not exist, institutions are expected to implement information security arrangements commensurate with the risks associated with the types and amounts of transactions allowed, the electronic delivery channels adopted and the risk management systems of individual institutions. The HKMA has issued a Guidance Note on Management of Security Risks in Electronic Banking Services.

The HKMA expects senior management of institutions to commission periodic independent assessments of the information security aspects of their e-banking services. The HKMA expects such independent assessments to be carried out by trusted independent experts before launch of the services, and thereafter at least once a year, or whenever there are substantial changes to the risk assessment of the services or major security breaches. To this end, the HKMA has issued a Guidance Note on Independent Assessment of Security Aspects of Transactional E-banking Services.

Authorization of Virtual Banks
A virtual bank is a company which delivers banking services primarily, if not entirely, through the Internet or other electronic channels. The term does not refer to existing licensed banks which use the Internet or other electronic means as an alternative channel to deliver their products or services to customers.

The Guide to Authorization issued by the HKMA contains a chapter on Authorization of Virtual Banks, setting out the principles that the HKMA will take into account in deciding whether to authorize virtual banks. The main principle is that the HKMA will not object to the establishment of virtual banks in Hong Kong provided that they can satisfy the same prudential criteria that apply to conventional banks. In summary, virtual bank applicants must satisfy the following requirements:

  • maintenance of a physical presence in Hong Kong
  • maintenance of a level of security appropriate to their proposed business
  • establishment of appropriate policies and procedures to deal with the risks associated with virtual banking
  • development of a business plan which strikes an appropriate balance between the desire to build market share and the need to earn a reasonable return on assets and equity
  • clearly setting out in the terms and conditions for their services the rights and obligations of customers
  • compliance with the HKMA's guidelines on outsourcing of computer operation.

In line with existing authorization policies for conventional banks, a locally incorporated virtual bank cannot be newly established other than through the conversion of an existing locally incorporated authorized institution or the subsidiarisation of existing Hong Kong operation of an overseas-incorporated bank. Furthermore, local virtual banks should be at least 50% owned by a well-established bank or other supervised financial institutions. For applicants incorporated overseas, they must come from countries with an established regulatory framework for electronic banking. In addition, they must have total customer deposits and assets (less contra items) of not less than HK$3 billion and HK$4 billion respectively. They must also have a paid up capital (including share premium) of not less than HK$300 million (in respect of the applicant as a whole). These requirements are the same for all applicants for a banking licence.

Internet Advertising Material for Deposits
Under the Banking Ordinance, overseas-incorporated institutions (including virtual banks) intending to solicit deposits from members of the public in Hong Kong are not required to be authorized, provided that the deposits are placed overseas. However, section 92 of the Banking Ordinance requires that advertisements, invitations and documents (advertising material) in respect of deposits to be placed outside Hong Kong have to comply with the disclosure requirements in the Fifth Schedule to the Banking Ordinance. Advertising material complying with the Fifth Schedule shall include, among other information, a prominent warning to the effect that the deposit-taker is not an authorized institution and is therefore not subject to the supervision of the Monetary Authority. The objective is to ensure that material facts are available to enable prospective depositors to make their own judgement on whether to place a deposit with the institutions concerned.

Section 92 of the Banking Ordinance also covers advertising material issued through new technological means including the Internet. Like regulators in other major financial centres, the HKMA regulates only internet advertising material for offshore deposits targeted at members of the public in Hong Kong. Pursuant to section 92(6) of the Banking Ordinance, the Monetary Authority has issued a Guideline on Regulation of Advertising Material for Deposits Issued Over the Internet (PDF File, 92KB) to set out the factors he will consider whether advertising material is targeted at members of the public in Hong Kong.

Business Continuity Planning
The HKMA has issued a circular on business continuity planning offering some lessons learned from the events of 11 September 2011. The HKMA has also developed a Guidance Note on Business Continuity Planning (PDF File, 126KB) for authorized institutions.

Customer Protection, Education and Awareness

The HKMA expects institutions to observe the Code of Banking Practice (PDF File, 181KB) in providing e-banking services to their personal customers. There should be adequate transparency in the provision of e-banking services to help the customers understand what they can reasonably expect of the services and what they should do to help achieve information security.

The HKMA expects institutions to set out clearly in their terms and conditions the respective rights and obligations of the institutions and customers. Such terms and conditions should be fair and balanced. Customers must be made aware of their responsibilities to maintain information security in the use of electronic banking services and their potential liability if they do not. In particular, the terms and conditions should highlight how any losses from security breaches, systems failures or human error will be apportioned between the institutions and its customers. The HKMA's view is that unless a customer acts fraudulently or with gross negligence, such as failing to properly safeguard his device(s) or secret code(s) for accessing e-banking services, he should not be responsible for any direct loss suffered by him as a result of unauthorised transactions conducted through his account. Customers should also be made aware of the means for reporting security incidents or complaints to facilitate the early detection, reporting, response and resolution of potential security incidents or complaints.

The HKMA has established contact with the industry associations, the Office of the Government Chief Information Officer, the Hong Kong Police Force and other relevant bodies to promote the general awareness of e-banking security, establish a common incident reporting and response mechanism for the banking industry and enhance public confidence in e-banking.

Continuous Monitoring and Examinations

In addition to the issuance of supervisory policies on e-banking, the HKMA conducts on-site examinations focusing on authorized institutions' e-banking activities, technology risk management and business continuity planning, by making reference to similar programmes of other bank supervisors in advanced economies and the guidance on e-banking risk management issued by the Basel Committee on Banking Supervision.

International Co-operation

The HKMA is a participant of the Electronic Banking Group of the Basel Committee on Banking Supervision. The HKMA is also active in sharing its experience in supervision of e-banking with other bank supervisors in the Asia Pacific region as well as the Mainland of China.

Top
Last revision date: 1 August 2011

Quick Links

Media
Information

Supervisory
Information

ABOUT THE HKMA
The HKMA
Tender Invitations
Careers@HKMA
Legislative Council Issues
Links
The HKMA Information Centre
KEY FUNCTIONS
Monetary Stability
Banking Stability
International Financial Centre
Exchange Fund
PUBLICATIONS & RESEARCH
Annual Report
Half-Yearly Monetary & Financial Stability Report
Quarterly Bulletin
HKMA Background Briefs
Reference Materials
Research
MARKET DATA & STATISTICS
CMU Bond Price Bulletin
Economic & Financial Data for Hong Kong
Monthly Statistical Bulletin
Monetary Statistics
KEY INFORMATION
Press Releases
Speeches
Guidelines & Circulars
Forthcoming Events
inSight
OTHER INFORMATION
Consumer Corner
Complaints about Banks
Internet Banking
Register of Securities Staff of AIs
Register of AIs & LROs
Investment Products Related to Lehman Brothers