HKMA eases rules for virtual banks
In a reprieve for banks planning to set up Internet operations, the Hong Kong Monetary Authority has scrapped a condition computer systems used for this business should be based in the SAR.
The licensing condition - contained in a draft authorisation by the HKMA published in March - has been amended in A Guideline on the Authorisation of Virtual Banks issued yesterday.
All remaining conditions apply, among them provisions that a virtual bank should maintain a physical presence in Hong Kong.
But in a move widely flagged in a number of speeches by deputy chief executive David Carse following the release of the draft conditions, the HKMA has backed down on its original insistence that computer systems should be based in Hong Kong.
The logic behind that draft condition was that the HKMA was charged with ensuring banks had taken adequate measures to deal with security risks, and the HKMA wanted local access to computer systems in order to ensure that this was the case.
But the growing tendency by smaller banks to consolidate their computing requirements and outsource them - in some cases to overseas service providers - appears to have prompted the HKMA to change its mind.
The HKMA now says virtual banks may outsource their computer operations to 'a third party service provider'.
'[Virtual banks] should demonstrate that the principles in the HKMA's guidelines on outsourcing will be complied with,' reads the guideline. 'In particular, the HKMA must be satisfied that the computer operation outsourced remains subject to adequate security controls . . . and that the requirements under the Personal Data (Privacy) Ordinance are complied with.
'The HKMA must have the right to carry out inspections of the security arrangements and other controls in place in the service provider or to obtain reports from a relevant supervisory authority, external auditors or other experts,' it adds.