HKMA issued a circular requesting all authorized institutions to critically assess the need for setting up a secure tertiary data backup (STDB) to counter the risk of destructive cyber-attacks. All retail banks and foreign bank branches with significant operations in Hong Kong are expected to submit a report containing the result of their assessment to HKMA by November 30, 2021. HKMA will inform institutions individually if they are required to submit the report and will provide them with details of what information needs to be covered by the report.
HKMA had invited the Hong Kong Association of Banks (HKAB) to develop guidelines on secure tertiary data backup that are appropriate for the banking landscape in Hong Kong. In response to the HKMA call, HKAB had formed an STDB Taskforce to oversee the development of the guidelines. After extensive consultation with member institutions, HKAB issued the “Secure Tertiary Data Backup Guideline” on April 30, 2021. The STDB Guideline provides guidance to banks on the factors they need to consider in deciding whether to set up an STDB and what implementation issues they need to overcome in ensuring the effectiveness of the STDB. The Guideline covers eight high-level principles grouped under the headings of Governance, Design, and Data Restoration. HKMA considers STDB an effective measure to enhance cyber resilience and data security of authorized institutions in Hong Kong. It expects all authorized institutions to critically assess the need for implementing an STDB having regard to their risk exposure and taking into account the principles stipulated in the HKAB STDB Guideline. For locally incorporated authorized institutions, the assessment report should be endorsed by the board of directors. For foreign bank branches, the assessment should be conducted under the scrutiny of their head office or regional headquarters.
Keywords: Asia Pacific, Hong Kong, Banking, Cyber Risk, Secure Tertiary Data Backup, Operational Resilience, Cyber Resilience, STDB Guideline, HKMA
Previous ArticleECB Amends Rule on Reporting of Supervisory Financial Information
ECB published Guideline 2021/975, which amends Guideline ECB/2014/31, on the additional temporary measures relating to Eurosystem refinancing operations and eligibility of collateral.
EIOPA published a report, from the Consultative Expert Group on Digital Ethics, that sets out artificial intelligence governance principles for an ethical and trustworthy artificial intelligence in the insurance sector in EU.
HKMA published the seventh and final issue of the Regtech Watch series, which outlines the three-year roadmap of HKMA to integrate supervisory technology, or suptech, into its processes.
EC launched a targeted consultation to improve transparency and efficiency in the secondary markets for nonperforming loans (NPLs).
BIS, Danmarks Nationalbank, Central Bank of Iceland, Norges Bank, and Sveriges Riksbank launched an Innovation Hub in Stockholm, making this the fifth BIS Innovation Hub Center to be opened in the past two years.
FDITECH, the technology lab of FDIC, announced a tech sprint that is designed to explore new technologies and techniques that would help expand the capabilities of community banks to meet the needs of unbanked individuals and households.
EC released the EU Taxonomy Compass, which visually represents the contents of the EU Taxonomy starting with the EU Taxonomy Climate Delegated Act.
FDIC is seeking comments on a rule to amend the interagency guidelines for real estate lending policies—also known as the Real Estate Lending Standards.
EIOPA published its annual report, which sets out the work done in 2020 and indicates the planned work areas for the coming months.
The ESRB paper that presents an analytical framework that assesses and quantifies the potential impact of a bank failure on the real economy through the lending function.