To further enhance the cyber resilience of the banking sector in Hong Kong, the Hong Kong Monetary Authority (HKMA) announced today the launch of a “Cybersecurity Fortification Initiative” (CFI) at the “Cyber Security Summit 2016” (the ‘Summit’), in which the HKMA also serves as the Programme Advisor for this prestigious event.
The CFI is a new, comprehensive initiative which aims to raise the level of cybersecurity of the banks in Hong Kong through a three-pronged approach:
- First, a central element of the CFI is a Cyber Resilience Assessment Framework, which seeks to establish a common risk-based framework for banks to assess their own risk profiles and determine the level of defence and resilience required;
- Second, there will be a new Professional Development Programme, which is a training and certification programme in Hong Kong which aims to increase the supply of qualified professionals in cybersecurity; and
- Third, a new piece of infrastructure namely the Cyber Intelligence Sharing Platform will be developed to allow sharing of cyber threat intelligence among banks in order to enhance collaboration and uplift cyber resilience.
Speaking at the Summit today, Mr Norman T.L. Chan, Chief Executive of the HKMA, said “If we wish to raise the cybersecurity of our banking system to a level commensurate with Hong Kong’s position as the leading international financial centre in Asia, we cannot afford to go slow or lose any time. In a spirit of cooperation to achieve this common goal, the HKMA, the banking industry and our partners will work closely together to implement this ambitious but necessary CFI according to plan.”
To implement the CFI as quickly and as effectively as possible, the following actions will be taken:
- The HKMA will issue a formal circular next week to all banks setting out that it is a supervisory requirement for them to implement the CFI;
- Concurrently the HKMA will conduct a three-month consultation with the banking industry on the proposed Cyber Resilience Assessment Framework;
- The HKMA will work with Hong Kong Institute of Bankers (HKIB) and Hong Kong Applied Science and Technology Research Institute (ASTRI) to roll out the first training courses for cybersecurity practitioners by the end of 2016; and
- The HKMA will work with The Hong Kong Association of Banks (HKAB) and ASTRI to establish the Cyber Intelligence Sharing Platform by the end of 2016.
The topic of cybersecurity has gained more attention of the banking industry in Hong Kong and around the world. The Summit, which is co-organised by HKIB, ASTRI, and the Hong Kong Police Force, has proved a timely event that was well-received:
- More than 500 participants joined the Summit;
- Participants included 20 central bank delegates from 14 countries in the Asian region; and
- Over 100 senior executives of global and local banks, leading cybersecurity consulting firms, and other regulators attended the event.
“ASTRI has identified financial technology as our first and foremost key R&D initiative for Hong Kong. Cyber security aside, we are also focusing on big data analytics, block chain, and various other advanced technologies. Our R&D capabilities will bolster Hong Kong’s technical arsenal in the escalating battle against technology crimes. We will continue to work with the HKMA and the banking industry to promote the development of fintech in Hong Kong,” said Dr. Franklin Tong Fuk-kay, Chief Executive Officer, ASTRI.
Being a leader in training for the banking industry, HKIB is also a key partner in the Professional Development Programme. With technical support from ASTRI, HKIB runs the Programme as one of the training and certification schemes under HKIB.
Ms Carrie Leung, Chief Executive Officer, HKIB said, “Cyber threats have emerged as a growing risk to the banking and financial services sector. It is time for us to take collective action to formulate strategies for tackling current and future threats. A key aspect of this is to find ways to build a strong talent pool to uphold and enhance the sector’s cyber security system on an ongoing basis”
The Programme is scheduled to launch by the end of 2016.
“We endeavour to make banking professionals better equipped to face the emerging cyber security challenges. In the long run, we hope that banks will develop their own career frameworks which align with this initiative and illustrate how the Programme can support an individual’s career development and progression,” Ms Leung added.