HKMA Announces Banking License, Penalties and Guidance on Data-Sharing
The Hong Kong Monetary Authority (HKMA) granted a restricted banking license to Korea Development Bank (incorporated in the Republic of Korea) under the Banking Ordinance. HKMA also imposed pecuniary penalties of HKD 44,200,000 against China Construction Bank (Asia) Corporation Limited (CCBA), CTBC Bank Co., Ltd., Hong Kong Branch (CTBCHK), Industrial and Commercial Bank of China (Asia) Limited (ICBCA), and UBS AG, Hong Kong Branch (UBSHK) as well as issued orders for remedying the contraventions where warranted. The investigations followed a series of on-site examinations conducted by HKMA on banks’ systems and controls for compliance with the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO). Additionally, HKMA issued guidance to authorized institutions on sharing of personal data of customers for direct marketing by third parties.
Given the special trust relationship between authorized institutions and their customers and considering that some of the third parties are not subject to any regulatory regime like that of authorized institutions, for the sake of better safeguarding personal data of banking customers, HKMA considers that the banking industry should aspire to a higher standard regarding sharing of customers’ personal data with third parties for the purpose of direct marketing. Under the guidance, there are two general approaches that authorized institutions may adopt for sharing customers’ personal data for direct marketing by third parties by:
- asking customers to directly approach the third parties such that the customers may provide their personal data directly to the third parties; or
- redirecting the customers from authorized institutions’ website/mobile apps to the websites/mobile apps of the third parties for provision of their personal data and/or consent for direct marketing by such third parties.
The guidance also stipulates how redirection should be made, the types of customers’ personal data that may be shared with third parties in different circumstances under the redirection approach, and other guiding principles on the sharing of customers’ personal data to third parties. The guidance will take effect on January 01, 2022 such that any new applicable initiatives to be launched by authorized institutions from that date should comply with the guidance. For authorized institutions’ existing applicable arrangements, authorized institutions are expected to comply with the guidance as soon as practicable and in any case not later than six months from the effective date (that is, by June 30, 2022).
Keywords: Asia Pacific, Hong Kong, China, Banking, Bank Licenses, AMLO, AML/CFT, Penalty, Internal Controls, Operational Risk, Data Sharing, Guidance, HKMA
Previous Article
ESMA Updates Q&A, Sets Out Standards on Benchmark TransitionRelated Articles
EC Consults on PSD2 and Open Finance; EU Reaches Agreement on DORA
The European Commission (EC) published a public consultation on the review of revised payment services directive (PSD2) and open finance.
EC Mandates ESAs to Propose Amendments to SFDR Technical Standards
The European Commission (EC) has issued two letters mandating the European Supervisory Authorities (ESAs) to jointly propose amendments to the regulatory technical standards under Sustainable Finance Disclosure Regulation or SFDR.
EBA Examines Supervisory Practices, Issues Deposits Reporting Template
The European Banking Authority (EBA) published its annual report on convergence of supervisory practices for 2021. Additionally, following a request from the European Commission (EC),
US Agency Publications Address Basel, Reporting, and CECL Developments
The Farm Credit Administration published, in the Federal Register, the final rule on implementation of the Current Expected Credit Losses (CECL) methodology for allowances
SEC Extends Comment Period on Climate Risk Disclosures
The U.S. Securities and Exchange Commission (SEC) looks set to intensify focus on crypto-assets and cyber risk and extended the comment period on the proposed rules to enhance and standardize climate-related disclosures for investors.
APRA Reduces Committed Liquidity Facility, Issues Other Updates
The Australian Prudential Regulation Authority (APRA) announced reduction in the aggregate Committed Liquidity Facility and issued an update on the operational preparedness for zero and negative market interest rates.
CMF Consults on Basel Rules, Presents Roadmap to Address Climate Risks
The Commission for the Financial Market (CMF) in Chile published capital adequacy ratios (as of February 2022, January 2022, and December 2021) for 17 banks and for the banking system.
PRA Issues Statement on NPEs and Policy on Trading Activity Wind-Down
The Prudential Regulation Authority (PRA) issued a statement on the European Banking Authority (EBA) guidelines on management of non-performing exposures (NPEs) and forborne exposures.
EBA Updates Standards for 2023 Benchmarking of Internal Approaches
The European Banking Authority (EBA) updated the implementing technical standards that specify the data collection for the 2023 supervisory benchmarking exercise in relation to the internal approaches used in market risk, credit risk, and IFRS 9 accounting.
EIOPA Responds to Stakeholder Views on Blockchain in Insurance
The European Insurance and Occupational Pensions Authority (EIOPA) published a feedback statement on the responses received to the consultation on blockchain and smart contracts in insurance.
