Featured Product

    HKMA Announces Banking License, Penalties and Guidance on Data-Sharing

    November 19, 2021

    The Hong Kong Monetary Authority (HKMA) granted a restricted banking license to Korea Development Bank (incorporated in the Republic of Korea) under the Banking Ordinance. HKMA also imposed pecuniary penalties of HKD 44,200,000 against China Construction Bank (Asia) Corporation Limited (CCBA), CTBC Bank Co., Ltd., Hong Kong Branch (CTBCHK), Industrial and Commercial Bank of China (Asia) Limited (ICBCA), and UBS AG, Hong Kong Branch (UBSHK) as well as issued orders for remedying the contraventions where warranted. The investigations followed a series of on-site examinations conducted by HKMA on banks’ systems and controls for compliance with the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO). Additionally, HKMA issued guidance to authorized institutions on sharing of personal data of customers for direct marketing by third parties.

    Given the special trust relationship between authorized institutions and their customers and considering that some of the third parties are not subject to any regulatory regime like that of authorized institutions, for the sake of better safeguarding personal data of banking customers, HKMA considers that the banking industry should aspire to a higher standard regarding sharing of customers’ personal data with third parties for the purpose of direct marketing. Under the guidance, there are two general approaches that authorized institutions may adopt for sharing customers’ personal data for direct marketing by third parties by:

    • asking customers to directly approach the third parties such that the customers may provide their personal data directly to the third parties; or
    • redirecting the customers from authorized institutions’ website/mobile apps to the websites/mobile apps of the third parties for provision of their personal data and/or consent for direct marketing by such third parties.

    The guidance also stipulates how redirection should be made, the types of customers’ personal data that may be shared with third parties in different circumstances under the redirection approach, and other guiding principles on the sharing of customers’ personal data to third parties. The guidance will take effect on January 01, 2022 such that any new applicable initiatives to be launched by authorized institutions from that date should comply with the guidance. For authorized institutions’ existing applicable arrangements, authorized institutions are expected to comply with the guidance as soon as practicable and in any case not later than six months from the effective date (that is, by June 30, 2022).


    Keywords: Asia Pacific, Hong Kong, China, Banking, Bank Licenses, AMLO, AML/CFT, Penalty, Internal Controls, Operational Risk, Data Sharing, Guidance, HKMA

    Related Articles

    EBA Clarifies Use of COVID-19-Impacted Data for IRB Credit Risk Models

    The European Banking Authority (EBA) published four draft principles to support supervisory efforts in assessing the representativeness of COVID-19-impacted data for banks using the internal ratings based (IRB) credit risk models.

    June 21, 2022 WebPage Regulatory News

    BIS Hub Updates Work Program for 2022, Announces New Projects

    The Bank for International Settlements (BIS) Innovation Hub updated its work program, announcing a set of projects across various centers.

    June 17, 2022 WebPage Regulatory News

    US Senate Members Seek Details on SEC Proposed Climate Disclosure Rule

    Certain members of the U.S. Senate Committee on Banking, Housing, and Urban Affairs issued a letter to the Securities and Exchange Commission (SEC)

    June 16, 2022 WebPage Regulatory News

    EIOPA Consults on Review of Securitization Framework in Solvency II

    The European Insurance and Occupational Pensions Authority (EIOPA) published a consultation paper on the advice on the review of the securitization prudential framework in Solvency II.

    June 16, 2022 WebPage Regulatory News

    UK Authorities Issue Regulatory and Reporting Updates for Banks

    The Prudential Regulation Authority (PRA) issued a statement on PRA buffer adjustment while the Bank of England (BoE) published a notice on the statistical reporting requirements for banks.

    June 15, 2022 WebPage Regulatory News

    BaFin Consults on Resolvability Requirements for Resolution Planning

    The Federal Financial Supervisory Authority of Germany (BaFin) proposed to amend the “Capital Investment Conduct And Organization Ordinance” and issued a draft circular on the minimum resolvability requirements for resolution planning.

    June 10, 2022 WebPage Regulatory News

    EBA Consults on Certain Standards and Guidelines Under CRR and BRRD

    The European Banking Authority (EBA) proposed guidelines, for the resolution authorities, on the publication of the write-down and conversion and bail-in exchange mechanic, with the comment period ending on September 07, 2022.

    June 08, 2022 WebPage Regulatory News

    OJK Publishes Regulatory Updates for Financial Sector Entities

    The Financial Services Authority of Indonesia (OJK) is strengthening cooperation with the Australian Prudential Regulation Authority (APRA) and the Japanese Financial Services Agency (JFSA)

    June 03, 2022 WebPage Regulatory News

    EU Publishes Rules on DLT and Data Governance

    The European Parliament and the Council published Regulation 2022/868 on European data governance (Data Governance Act).

    June 03, 2022 WebPage Regulatory News

    EBA Publishes Phase 2 of Reporting Framework 3.2

    The European Banking Authority (EBA) published phase 2 of its reporting framework 3.2. The technical package supports the implementation of the updated reporting framework by providing standard specifications

    June 03, 2022 WebPage Regulatory News
    RESULTS 1 - 10 OF 8267