HKMA issued a revised version of the Supervisory Policy Manual module TM-E-1 on risk management of electronic banking (e-banking). This module sets out guidance on the sound risk management principles and practices applicable to authorized institutions’ e-banking services. The guidance took into account the latest developments in banking industry, in relevant technologies, and in supervisory guidance used in other major jurisdictions. The guidance is intended to facilitate further development of e-banking in Hong Kong while enhancing the risk management controls of the industry.
Given that e-banking involves the delivery of financial services through technological means, both general risk management principles applicable to the provision of the underlying financial services and the typical technological controls are applicable to e-banking. This module does not repeat the general guidance of HKMA in these areas, instead it elaborates on how the relevant risk management measures may be applied or refined in case of e-banking for different types of customers. Authorized institutions should use a risk-based approach to managing the risks associated with e-banking. In this connection, authorized institutions should comply with the requirements in this module and should also make reference to other relevant Supervisory Policy Manual modules and HKMA guidance issued from time to time.
As part of the risk governance for e-banking, authorized institutions’ senior management should establish clear policies and accountability to ensure that a rigorous independent assessment is performed before the launch of any new electronic delivery channel of e-banking service, or a major enhancement to existing services. The purpose of the independent assessment is to validate whether the e-banking service complies with applicable regulatory guidance and whether sufficient risk management controls are in place in relation to the service or enhancement concerned. In general, items to be reported in the independent assessment should cover, at a minimum, the areas specified in Annex A, and the report should be submitted to HKMA on request.
Keywords: Asia Pacific, Hong Kong, Banking, E-Banking, Risk Management, Supervisory Policy Manual, Independent Assessment, HKMA
Previous ArticleFDIC Adopts Revisions to Company-Run Stress Testing Requirements
BIS published a paper that provides an overview on the use of big data and machine learning in the central bank community.
APRA finalized the reporting standard ARS 115.0 on capital adequacy with respect to the standardized measurement approach to operational risk for authorized deposit-taking institutions in Australia.
ECB published a guide that outlines the principles and methods for calculating the penalties for regulatory breaches of prudential requirements by banks.
MAS and The Association of Banks in Singapore (ABS) jointly issued a paper that sets out good practices for the management of operational and other risks stemming from new work arrangements adopted by financial institutions amid the COVID-19 pandemic.
ACPR announced that a new data collection application, called DLPP (Datalake for Prudential), for collecting banking and insurance prudential data will go into production on April 12, 2021.
BCB announced that the Financial Stability Committee decided to maintain the countercyclical capital buffer (CCyB) for Brazil at 0%, at least until the end of 2021.
EIOPA has launched a European-wide comparative study on non-life underwriting risk in internal models, also kicking-off of the data collection phase.
SRB published an overview of the resolution tools available in the Banking Union and their impact on a bank’s ability to maintain continuity of access to financial market infrastructure services in resolution.
EBA is consulting on the implementing technical standards for Pillar 3 disclosures on environmental, social, and governance (ESG) risks, as set out in requirements under Article 449a of the Capital Requirements Regulation (CRR).
ESAs Issue Advice on KPIs on Sustainability for Nonfinancial Reporting