HKMA Expects Banks to Assess Need for Secure Tertiary Data Backup
HKMA issued a circular requesting all authorized institutions to critically assess the need for setting up a secure tertiary data backup (STDB) to counter the risk of destructive cyber-attacks. All retail banks and foreign bank branches with significant operations in Hong Kong are expected to submit a report containing the result of their assessment to HKMA by November 30, 2021. HKMA will inform institutions individually if they are required to submit the report and will provide them with details of what information needs to be covered by the report.
HKMA had invited the Hong Kong Association of Banks (HKAB) to develop guidelines on secure tertiary data backup that are appropriate for the banking landscape in Hong Kong. In response to the HKMA call, HKAB had formed an STDB Taskforce to oversee the development of the guidelines. After extensive consultation with member institutions, HKAB issued the “Secure Tertiary Data Backup Guideline” on April 30, 2021. The STDB Guideline provides guidance to banks on the factors they need to consider in deciding whether to set up an STDB and what implementation issues they need to overcome in ensuring the effectiveness of the STDB. The Guideline covers eight high-level principles grouped under the headings of Governance, Design, and Data Restoration. HKMA considers STDB an effective measure to enhance cyber resilience and data security of authorized institutions in Hong Kong. It expects all authorized institutions to critically assess the need for implementing an STDB having regard to their risk exposure and taking into account the principles stipulated in the HKAB STDB Guideline. For locally incorporated authorized institutions, the assessment report should be endorsed by the board of directors. For foreign bank branches, the assessment should be conducted under the scrutiny of their head office or regional headquarters.
Keywords: Asia Pacific, Hong Kong, Banking, Cyber Risk, Secure Tertiary Data Backup, Operational Resilience, Cyber Resilience, STDB Guideline, HKMA
Previous Article
ECB Amends Rule on Reporting of Supervisory Financial InformationRelated Articles
EBA Publishes Final Regulatory Standards on STS Securitizations
The European Banking Authority (EBA) published the final draft regulatory technical standards specifying and, where relevant, calibrating the minimum performance-related triggers for simple.
ECB Further Reviews Costs and Benefits Associated with IReF
The European Central Bank (ECB) is undertaking the integrated reporting framework (IReF) project to integrate statistical requirements for banks into a standardized reporting framework that would be applicable across the euro area and adopted by authorities in other EU member states.
EBA Publishes Funding Plans Report, Receives EMAS Certification
The European Banking Authority (EBA) has been awarded the top European Standard for its environmental performance under the European Eco-Management and Audit Scheme (EMAS).
MAS Launches SaaS Solution to Simplify Listed Entity ESG Disclosures
The Monetary Authority of Singapore (MAS) set out the Financial Services Industry Transformation Map 2025 and, in collaboration with the SGX Group, launched ESGenome.
BCBS to Finalize Crypto Rules by End-2022; US to Propose Basel 3 Rules
The Basel Committee on Banking Supervision met, shortly after a gathering of the Group of Central Bank Governors and Heads of Supervision (GHOS), the oversight body of BCBS.
IOSCO Welcomes Work on Sustainability-Related Corporate Reporting
The International Organization of Securities Commissions (IOSCO) welcomed the work of the international audit and assurance standard setters—the International Auditing and Assurance Standards Board (IAASB)
BoE Allows One-Day Delay in Statistical Data Submissions by Banks
The Bank of England (BoE) published a Statistical Notice (2022/18), which informs that due to the Bank Holiday granted for Her Majesty Queen Elizabeth II’s State Funeral on Monday September 19, 2022.
ACPR Amends Reporting Module Timelines Under EBA Framework 3.2
The French Prudential Control and Resolution Authority (ACPR) announced that the European Banking Authority (EBA) has updated its filing rules and the implementation dates for certain modules of the EBA reporting framework 3.2.
ECB Paper Discusses Disclosure of Climate Risks by Credit Agencies
The European Central Bank (ECB) published a paper that examines how credit rating agencies accepted by the Eurosystem, as part of the Eurosystem Credit Assessment Framework (ECAF)
APRA to Modernize Prudential Architecture, Reduces Liquidity Facility
The Australian Prudential Regulation Authority (APRA) announced reduction in the aggregate Committed Liquidity Facility (CLF) for authorized deposit-taking entities to ~USD 33 billion on September 01, 2022.
