The Hong Kong Monetary Authority (HKMA) today (7 July) issued a Guidance Note on Management of Security Risks in Electronic Banking Services.
This Guidance Note is part of a series of guidance to be issued by the HKMA on electronic banking ("e-banking"). The main purpose of this Guidance Note is to provide senior management of authorised institutions ("AIs") with recommendations on the key principles and sound practices in managing the security risks in transactional e-banking services delivered through the internet and/or wireless communication networks (e.g. mobile phones).
"Given the open nature of the internet, security risks associated with banking transactions conducted over the internet are probably the biggest concern among customers, which could be a barrier to customer acceptance of this new medium. Thus, proper management of security risks in e-banking service is crucial both for an institution's reputation and the promotion of public confidence in this new product," said a HKMA spokesman.
In Hong Kong, the pace of e-banking activities has accelerated in recent months. As a bank regulator, the HKMA's primary responsibility in these e-banking developments is to ensure that the regulatory framework continues to evolve and keep pace with technological developments. While the HKMA has in the past issued a number of circulars to set out the general objectives of security aspects of e-banking services, HKMA considers that it is useful to issue more specific and comprehensive advice to AIs on this issue. In developing this Guidance Note, the HKMA has taken into account the relevant regulatory and industry guidance and standards applied overseas. The HKMA has also consulted the two industry Advisory Committees as well as the Study Group on Electronic Banking. The latter is an informal group established by the HKMA to advise it on the latest technological and industry trends on e-banking developments. It comprises representatives of banks, practitioners in IT, telecommunications and the internet service industry.
It should be stressed that, given the rapid pace of technological development, the Guidance Note is not intended to lay down mandatory requirements or minimum standards, but to assist AIs in implementing appropriate measures to manage the security risks in transactional e-banking services. The recommendations in this Guidance Note are therefore advisory in nature and therefore have a different status from those contained in formal guidelines issued under the Banking Ordinance.
The Guidance Note is available at the website of the HKMA (http://www.info.gov.hk/hkma).
For further enquiries, please contact:
Thomas Chan, Senior Manager (Press), at 2878 1480 or
Caitlin Wong, Manager (Press), at 2878 1687
Hong Kong Monetary Authority
7 July 2000