HKMA Launches Cyber Security Framework

Hong Kong's banking regulator has launched a competency framework for cyber security, as part of a bid to help banks in the territory offer reliable and innovative banking services. The Hong Kong Monetary Authority ("HKMA") on Monday, 19 December, launched the Enhance Competency Framework for cyber security, saying it could enable cyber security talent development and facilitate the building of professional competencies and capabilities of those staff engaged in cyber security duties.

"Given the growing number of cyber attacks to financial institutions in recent years, it is essential to improve AIs' preparedness and capability to defend for such attacks," the HKMA said in a circular to the industry. 

The HKMA said it encouraged banks to make use of the competency framework on cyber security to raise and maintain professional competence of their cyber security practitioners.

It also said banks should keep records of the relevant training and qualifications off those engaged in cyber security duties. 

"The HKMA will assess the progress of implementation of the ECF on cyber security by AIs and AIs' effort in enhancing staff competence in this area during its on-going supervisory process," it said. 

Although the framework is not a mandatory licensing regime, authorized institutions are encouraged to adopt it. This includes:

  • serving as a benchmark to determine the level of competence required and to assess the ongoing competence of individual employees;
  • supporting relevant employees to attend training programmes and examinations that meet the benchmark;
  • supporting the continuing professional development of individual employees; and
  • specifying the framework as one of the criteria for recruitment purposes.

The guideline can be found: here.


North Asia editor for Thomson Reuters Regulatory Intelligence. He is based in Hong Kong.