In view of the adoption of emerging technologies in e-banking services and the acceleration of the pace of development in virtual banking, the Hong Kong Monetary Authority (HKMA) issued the new TM-E-1 Risk Management of E-banking in October 2019 to cover a wider scope of electronic banking (e-banking) services. The requirements cover phone banking, internet banking, mobile banking, self-service terminals, e-banking services in social media platforms and contactless mobile payments. Additionally, a supplementary document on frequently asked questions (FAQs) for the Supervisory Policy Manual (SPM) TM-E-1 Risk Management of E-banking was issued to further elaborate on the detailed controls pertaining to the provision of e-banking services. The HKMA had previously issued an SPM TM-E-1 Supervision of E-banking in 2004 and 2015, which set out the minimum control standards for e-banking platforms deployed by banks.
The implications of the new requirements for banks in Hong Kong include:
Banks will need to perform a comprehensive review based on the new TM-E-1, identify any material gaps and implement appropriate measures to ensure compliance with the extended scope of requirements by the end of October 2020.
We can meet with you and your team to walk through the detailed changes and discuss implications to your services, applications and control processes.
More guidance on new digital services cover
Stronger fraud risk management controls
Ongoing risk monitoring
KPMG has assisted numerous banks in Hong Kong assess and define controls to comply with HKMA requirements. Our dedicated compliance subject matter team combines industry knowledge and regulatory experience to provide wide-ranging support in regulatory compliance.
What is the compliance status at your bank? KPMG can help you assess your cybersecurity and compliance status. KPMG can help you navigate through the complex regulatory requirements by helping identify gaps which require immediate focus. Our team has in-depth experience assisting banks with their new technology-related initiatives by performing independent assessments as required by the HKMA Risk Assessment Forms, including e-banking, cloud computing, outsourcing and contactless retail payment initiatives. During the course of our independent assessments, we provide valuable insights regarding the regulatory focus areas and common industry practices so that you can be well positioned to obtain regulatory approvals.
Our approach to compliance assessment focuses on people, process and technology. We can help filter your complex requirements, build them into your everyday operational processes, conduct user awareness training and implement the technical tools required to enable the required regulatory controls.