Incidents at HK virtual banks spark concerns
Despite the initial enthusiasm regarding the launch of Hong Kong virtual banks, recent incidents at some of these newly established businesses have raised concerns.
Today, the Hong Kong Secretary for Financial Services and the Treasury, Mr Christopher Hui, had to comment on these concerns in the Legislative Council.
The Hong Kong Monetary Authority (HKMA) has granted banking licences to eight virtual banks so far. It has been reported that the seven virtual banks which have commenced operation have 300,000 customers with deposits totalling around $7.8 billion. However, incidents involving the networks and operating systems of a number of virtual banks have occurred in recent months, including those in which customers were unable to log in, the networks were under cyberattack, and the transaction records as set out in monthly statements were wrong.
In this connection, the Government was asked to explain whether HKMA has required that the networks and operating systems of virtual banks must comply with the specified security standards before such banks may commence operation.
Mr Hui stressed that virtual banks are subject to the same rigorous set of supervisory requirements applicable to conventional banks. On information technology (IT) systems, virtual banks are required to engage a qualified and independent expert to perform a detailed assessment of their computer systems, security procedures and other risk management controls to ensure system security and stability before business commencement. The independent assessment report should be submitted to the HKMA for review.
Before formal launch of services, virtual banks also conducted trials under the HKMA’s Fintech Supervisory Sandbox for around five to eight months to test their systems and gather user feedback.
Nevertheless, intermittent system problems occurred during their initial operations. Although these incidents generally involve only system stability issues without causing real impact on customer interests, the HKMA attaches great importance to these incidents and has demanded the banks concerned to promptly remediate the problems and identify the root causes.
The HKMA has also required the management of these banks to review their risk governance framework in order to ensure that there are adequate controls in place to manage the risks.
To prevent the recurrence of similar incidents, the HKMA will proactively follow up with the virtual banks on the progress of their remedial measures, and conduct timely reviews of the effectiveness of their technology risk and cyber security controls.
“As virtual banking is a new operating model in Hong Kong, the HKMA will require virtual banks to enhance their systems on a continuous basis and endeavour to provide innovative and stable services to further improve customer experience”, Mr Hui concluded.