HKMA Expects Banks to Assess Need for Secure Tertiary Data Backup
HKMA issued a circular requesting all authorized institutions to critically assess the need for setting up a secure tertiary data backup (STDB) to counter the risk of destructive cyber-attacks. All retail banks and foreign bank branches with significant operations in Hong Kong are expected to submit a report containing the result of their assessment to HKMA by November 30, 2021. HKMA will inform institutions individually if they are required to submit the report and will provide them with details of what information needs to be covered by the report.
HKMA had invited the Hong Kong Association of Banks (HKAB) to develop guidelines on secure tertiary data backup that are appropriate for the banking landscape in Hong Kong. In response to the HKMA call, HKAB had formed an STDB Taskforce to oversee the development of the guidelines. After extensive consultation with member institutions, HKAB issued the “Secure Tertiary Data Backup Guideline” on April 30, 2021. The STDB Guideline provides guidance to banks on the factors they need to consider in deciding whether to set up an STDB and what implementation issues they need to overcome in ensuring the effectiveness of the STDB. The Guideline covers eight high-level principles grouped under the headings of Governance, Design, and Data Restoration. HKMA considers STDB an effective measure to enhance cyber resilience and data security of authorized institutions in Hong Kong. It expects all authorized institutions to critically assess the need for implementing an STDB having regard to their risk exposure and taking into account the principles stipulated in the HKAB STDB Guideline. For locally incorporated authorized institutions, the assessment report should be endorsed by the board of directors. For foreign bank branches, the assessment should be conducted under the scrutiny of their head office or regional headquarters.
Keywords: Asia Pacific, Hong Kong, Banking, Cyber Risk, Secure Tertiary Data Backup, Operational Resilience, Cyber Resilience, STDB Guideline, HKMA
Previous Article
ECB Amends Rule on Reporting of Supervisory Financial InformationRelated Articles
BIS and Central Banks Experiment with GenAI to Assess Climate Risks
A recent report from the Bank for International Settlements (BIS) Innovation Hub details Project Gaia, a collaboration between the BIS Innovation Hub Eurosystem Center and certain central banks in Europe
Nearly 25% G-SIBs Commit to Adopting TNFD Nature-Related Disclosures
Nature-related risks are increasing in severity and frequency, affecting businesses, capital providers, financial systems, and economies.
Singapore to Mandate Climate Disclosures from FY2025
Singapore recently took a significant step toward turning climate ambition into action, with the introduction of mandatory climate-related disclosures for listed and large non-listed companies
SEC Finalizes Climate-Related Disclosures Rule
The U.S. Securities and Exchange Commission (SEC) has finalized the long-awaited rule that mandates climate-related disclosures for domestic and foreign publicly listed companies in the U.S.
EBA Proposes Standards Related to Standardized Credit Risk Approach
The European Banking Authority (EBA) has been taking significant steps toward implementing the Basel III framework and strengthening the regulatory framework for credit institutions in the EU
US Regulators Release Stress Test Scenarios for Banks
The U.S. regulators recently released baseline and severely adverse scenarios, along with other details, for stress testing the banks in 2024. The relevant U.S. banking regulators are the Federal Reserve Bank (FED), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
Asian Governments Aim for Interoperability in AI Governance Frameworks
The regulatory landscape for artificial intelligence (AI), including the generative kind, is evolving rapidly, with governments and regulators aiming to address the challenges and opportunities presented by this transformative technology.
EBA Proposes Operational Risk Standards Under Final Basel III Package
The European Union (EU) has been working on the final elements of Basel III standards, with endorsement of the Banking Package and the publication of the European Banking Authority (EBA) roadmap on Basel III implementation in December 2023.
EFRAG Proposes XBRL Taxonomy and Standard for Listed SMEs Under ESRS
The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.
ECB to Expand Climate Change Work in 2024-2025
Banking regulators worldwide are increasingly focusing on addressing, monitoring, and supervising the institutions' exposure to climate and environmental risks.