HKMA Announces Banking License, Penalties and Guidance on Data-Sharing
The Hong Kong Monetary Authority (HKMA) granted a restricted banking license to Korea Development Bank (incorporated in the Republic of Korea) under the Banking Ordinance. HKMA also imposed pecuniary penalties of HKD 44,200,000 against China Construction Bank (Asia) Corporation Limited (CCBA), CTBC Bank Co., Ltd., Hong Kong Branch (CTBCHK), Industrial and Commercial Bank of China (Asia) Limited (ICBCA), and UBS AG, Hong Kong Branch (UBSHK) as well as issued orders for remedying the contraventions where warranted. The investigations followed a series of on-site examinations conducted by HKMA on banks’ systems and controls for compliance with the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO). Additionally, HKMA issued guidance to authorized institutions on sharing of personal data of customers for direct marketing by third parties.
Given the special trust relationship between authorized institutions and their customers and considering that some of the third parties are not subject to any regulatory regime like that of authorized institutions, for the sake of better safeguarding personal data of banking customers, HKMA considers that the banking industry should aspire to a higher standard regarding sharing of customers’ personal data with third parties for the purpose of direct marketing. Under the guidance, there are two general approaches that authorized institutions may adopt for sharing customers’ personal data for direct marketing by third parties by:
- asking customers to directly approach the third parties such that the customers may provide their personal data directly to the third parties; or
- redirecting the customers from authorized institutions’ website/mobile apps to the websites/mobile apps of the third parties for provision of their personal data and/or consent for direct marketing by such third parties.
The guidance also stipulates how redirection should be made, the types of customers’ personal data that may be shared with third parties in different circumstances under the redirection approach, and other guiding principles on the sharing of customers’ personal data to third parties. The guidance will take effect on January 01, 2022 such that any new applicable initiatives to be launched by authorized institutions from that date should comply with the guidance. For authorized institutions’ existing applicable arrangements, authorized institutions are expected to comply with the guidance as soon as practicable and in any case not later than six months from the effective date (that is, by June 30, 2022).
Keywords: Asia Pacific, Hong Kong, China, Banking, Bank Licenses, AMLO, AML/CFT, Penalty, Internal Controls, Operational Risk, Data Sharing, Guidance, HKMA
Previous Article
ESMA Updates Q&A, Sets Out Standards on Benchmark TransitionRelated Articles
EBA Publishes Final Regulatory Standards on STS Securitizations
The European Banking Authority (EBA) published the final draft regulatory technical standards specifying and, where relevant, calibrating the minimum performance-related triggers for simple.
ECB Further Reviews Costs and Benefits Associated with IReF
The European Central Bank (ECB) is undertaking the integrated reporting framework (IReF) project to integrate statistical requirements for banks into a standardized reporting framework that would be applicable across the euro area and adopted by authorities in other EU member states.
EBA Publishes Funding Plans Report, Receives EMAS Certification
The European Banking Authority (EBA) has been awarded the top European Standard for its environmental performance under the European Eco-Management and Audit Scheme (EMAS).
MAS Launches SaaS Solution to Simplify Listed Entity ESG Disclosures
The Monetary Authority of Singapore (MAS) set out the Financial Services Industry Transformation Map 2025 and, in collaboration with the SGX Group, launched ESGenome.
BCBS to Finalize Crypto Rules by End-2022; US to Propose Basel 3 Rules
The Basel Committee on Banking Supervision met, shortly after a gathering of the Group of Central Bank Governors and Heads of Supervision (GHOS), the oversight body of BCBS.
IOSCO Welcomes Work on Sustainability-Related Corporate Reporting
The International Organization of Securities Commissions (IOSCO) welcomed the work of the international audit and assurance standard setters—the International Auditing and Assurance Standards Board (IAASB)
BoE Allows One-Day Delay in Statistical Data Submissions by Banks
The Bank of England (BoE) published a Statistical Notice (2022/18), which informs that due to the Bank Holiday granted for Her Majesty Queen Elizabeth II’s State Funeral on Monday September 19, 2022.
ACPR Amends Reporting Module Timelines Under EBA Framework 3.2
The French Prudential Control and Resolution Authority (ACPR) announced that the European Banking Authority (EBA) has updated its filing rules and the implementation dates for certain modules of the EBA reporting framework 3.2.
ECB Paper Discusses Disclosure of Climate Risks by Credit Agencies
The European Central Bank (ECB) published a paper that examines how credit rating agencies accepted by the Eurosystem, as part of the Eurosystem Credit Assessment Framework (ECAF)
APRA to Modernize Prudential Architecture, Reduces Liquidity Facility
The Australian Prudential Regulation Authority (APRA) announced reduction in the aggregate Committed Liquidity Facility (CLF) for authorized deposit-taking entities to ~USD 33 billion on September 01, 2022.
