Featured Product

    HKMA Publishes First Issue of Regtech Watch Newsletter

    November 12, 2019

    HKMA published the first issue of Regtech Watch newsletter, which provides information on actual or potential regtech use cases rolled out or being explored in Hong Kong or elsewhere. This inaugural issue outlines regtech use cases in the area of cyber defense. It is observed that the application of regtech for cyber risk management is gaining popularity across banks in Hong Kong. This issue of the newsletter summarizes three examples of such use cases involving behavioral biometric techniques, analytics of activity logs, and automation of cyber-security routine tasks.

    Recognising the growing importance of Regtech, HKMA has launched a series of initiatives under the Banking Made Easy initiative to facilitate the adoption of regtech in Hong Kong. A workstream has been established to reach out to artificial intelligence firms, technology firms, and consulting firms to understand latest initiatives and ideas in the regtech space. Over twenty pilot trials of regtech use cases, including remote onboarding technologies, have been allowed under the Fintech Supervisory Sandbox of HKMA while about seventy discussion sessions have since been held through the Fintech Supervisory Chatroom. In the process, HKMA has picked up a broad range of local and overseas regtech use cases on prudential risk management and regulatory compliance. Out of these use cases, the newsletter showcases the following: 

    • Behavioral biometric techniques. In a regtech use case, behavioral biometric techniques were adopted to step up user authentication and fraud detection using multi-factor authentication. These techniques can also be used to combat automated credential stuffing attacks, as it could be more challenging for automated robots to simulate natural human behaviors.
    • Analytics of activity logs. Some banks started to explore the use of advanced artificial intelligence algorithms to continuously comprehend what normal system, network, and user activities should look like and then use it as a basis to detect potentially abnormal patterns. This provides banks with enhanced anomaly detection capability even for unseen cyber-attacks. Such techniques may also reduce the extent of human workload required to operate these solutions.
    • Automation of cyber-security routine tasks. Human errors can hardly be eliminated in cyber defense even with a robust governance framework, clear operational guidelines, and quality assurance efforts. In view of this, some banks are exploring the use of Robotic Process Automation, a technology that makes use of software robots to observe and learn from standard user behaviors such as how users interact with systems and how users respond to different business inputs or scenarios.

    Apart from these three use cases, HKMA has noted some emerging regtech solutions that may also be relevant to the cyber defense of banks going forward. This includes solutions designed to deter credential stuffing attack. These solutions aim to tactfully reply to the attackers with fake web pages, with the aim to deceive the attackers into believing that the stolen credentials are valid, thus reducing the value of these stolen credentials in the dark market.

     

    Keywords: Asia Pacific, Hong Kong, Banking, Regtech, Cyber Risk, Artificial Intelligence, Regulatory Sandbox, Regtech Watch, Fintech, HKMA

    Related Articles
    News

    BoE Seeks Information Before Migrating Statistical Reporting to BEEDS

    The Bank of England (BoE) published the Statistical Notice 2021/09 requiring additional information from firms and software vendors to assist in the onboarding and testing phases for migrating statistical reporting to the BEEDS portal.

    October 25, 2021 WebPage Regulatory News
    News

    CFRF Publishes Guides to Manage Financial Risks from Climate Change

    The working groups of the Climate Financial Risk Forum (CFRF) published a second round of guides (or Session 2 guides), written by the industry for the industry, to help financial firms manage climate-related financial risks.

    October 21, 2021 WebPage Regulatory News
    News

    EBA Updates Filing Rules for Supervisory Reporting

    The European Banking Authority (EBA) published version 5.1 of the filing rules for supervisory reporting.

    October 19, 2021 WebPage Regulatory News
    News

    ECB Amends Guideline on Procedures for Collection of AnaCredit Data

    The European Central Bank (ECB) Guideline 2021/1829 on the procedures for the collection of granular credit and credit risk data has been published in the Official Journal of European Union.

    October 19, 2021 WebPage Regulatory News
    News

    ECB Amends Guideline on Procedures for Collection of AnaCredit Data

    The European Central Bank (ECB) Guideline 2021/1829 on the procedures for the collection of granular credit and credit risk data has been published in the Official Journal of European Union.

    October 19, 2021 WebPage Regulatory News
    News

    EBA Publishes Standards on Disclosure of Investment Policy Under IFR

    The European Banking Authority (EBA) published the final draft regulatory technical standards on disclosure of investment policy by investment firms, under the Investment Firms Regulation (IFR).

    October 19, 2021 WebPage Regulatory News
    News

    EC Sets Out Work Program for 2022

    The European Commission (EC) adopted the work program for 2022.

    October 19, 2021 WebPage Regulatory News
    News

    APRA Finalizes Guidance for New Prudential Standard on Remuneration

    The Australian Prudential Regulation Authority (APRA) published the prudential practice guide CPG 511 to assist banks, insurers, and superannuation licensees in meeting requirements of CPS 511, the new prudential standard on remuneration.

    October 18, 2021 WebPage Regulatory News
    News

    ESAs Report on Supervisory Independence of Competent Authorities

    The European Supervisory Authorities (ESAs) published individual reports on the supervisory independence of competent authorities in their respective sectors.

    October 18, 2021 WebPage Regulatory News
    News

    FED Updates FR Y-9C Form and Instructions, Proposes to Extend FR 2510

    The Board of Governors of the Federal Reserve System (FED) updated reporting form and instructions, along with the associated supplemental instructions, for the information collection on consolidated financial statements for holding companies (FR Y-9C).

    October 18, 2021 WebPage Regulatory News
    RESULTS 1 - 10 OF 7590