HKMA issued a revised version of the Supervisory Policy Manual module TM-E-1 on risk management of electronic banking (e-banking). This module sets out guidance on the sound risk management principles and practices applicable to authorized institutions’ e-banking services. The guidance took into account the latest developments in banking industry, in relevant technologies, and in supervisory guidance used in other major jurisdictions. The guidance is intended to facilitate further development of e-banking in Hong Kong while enhancing the risk management controls of the industry.
Given that e-banking involves the delivery of financial services through technological means, both general risk management principles applicable to the provision of the underlying financial services and the typical technological controls are applicable to e-banking. This module does not repeat the general guidance of HKMA in these areas, instead it elaborates on how the relevant risk management measures may be applied or refined in case of e-banking for different types of customers. Authorized institutions should use a risk-based approach to managing the risks associated with e-banking. In this connection, authorized institutions should comply with the requirements in this module and should also make reference to other relevant Supervisory Policy Manual modules and HKMA guidance issued from time to time.
As part of the risk governance for e-banking, authorized institutions’ senior management should establish clear policies and accountability to ensure that a rigorous independent assessment is performed before the launch of any new electronic delivery channel of e-banking service, or a major enhancement to existing services. The purpose of the independent assessment is to validate whether the e-banking service complies with applicable regulatory guidance and whether sufficient risk management controls are in place in relation to the service or enhancement concerned. In general, items to be reported in the independent assessment should cover, at a minimum, the areas specified in Annex A, and the report should be submitted to HKMA on request.
Keywords: Asia Pacific, Hong Kong, Banking, E-Banking, Risk Management, Supervisory Policy Manual, Independent Assessment, HKMA
Previous ArticleFDIC Adopts Revisions to Company-Run Stress Testing Requirements
EBA issued a revised list of validation rules with respect to the implementing technical standards on supervisory reporting.
EBA published its response to the call for advice of EC on ways to strengthen the EU legal framework on anti-money laundering and countering the financing of terrorism (AML/CFT).
NGFS published a paper on the overview of environmental risk analysis by financial institutions and an occasional paper on the case studies on environmental risk analysis methodologies.
MAS published the guidelines on individual accountability and conduct at financial institutions.
APRA published final versions of the prudential standard APS 220 on credit quality and the reporting standard ARS 923.2 on repayment deferrals.
SRB published two articles, with one article discussing the framework in place to safeguard financial stability amid crisis and the other article outlining the path to a harmonized and predictable liquidation regime.
FSB hosted a virtual workshop as part of the consultation process for its evaluation of the too-big-to-fail reforms.
ECB updated the list of supervised entities in EU, with the number of significant supervised entities being 115.
OSFI published the key findings of a study on third-party risk management.
FSB is extending the implementation timeline, by one year, for the minimum haircut standards for non-centrally cleared securities financing transactions or SFTs.