Following is a question by the Hon Charles Peter Mok and a written reply by the Secretary for Financial Services and the Treasury, Professor K C Chan, in the Legislative Council today (November 26):
The Commission on Strategy Development (CSD), for which the Central Policy Unit provides research and meeting services support, held a meeting on July 31 this year to discuss Hong Kong’s positioning in China’s 13th Five-Year Plan for the National Economic and Social Development. In this connection, will the Government inform this Council:
(1) as some CSD members suggested at the meeting that Hong Kong should explore her participation in the Internet financing business on the Mainland, whether the authorities have drawn up specific plans in this regard; if they have, of the details, including Hong Kong’s positioning as well as how it ensures that the credibility of Hong Kong’s current or future financial regulatory regimes in the international arena will be maintained;
(2) as some CSD members suggested at the meeting that studies be conducted on how to reduce the discrepancies between Hong Kong and the Mainland in respect of Internet security systems relating to financial services, whether the authorities have conducted studies on such discrepancies, including the differences between the two places in the requirements and standards for Internet security systems; if they have conducted such studies, of the details; whether they have considered adopting in Hong Kong the standards for Internet security systems on the Mainland in order to reduce the discrepancies between the two places; if they have considered, of the details; if not, what specific measures the authorities have in place to strengthen Hong Kong’s Internet security set up and promote the adoption of Hong Kong’s standards for Internet security systems on the Mainland, so as to enhance the security levels and international credibility of the Internet security systems in both places; whether the authorities have plans to enhance the cooperation with the Mainland on Internet security systems in areas other than financial services; if they have such plans, of the details; and
(3) whether the authorities have assessed the impacts on Hong Kong’s freedom of information that may be brought by the cooperation between Hong Kong and the Mainland in respect of Internet financing and Internet security systems, and what measures the authorities will take to ensure that the cooperation between Hong Kong and the Mainland will not cause Hong Kong’s freedom of information to be affected by the implementation of Internet censorship on the Mainland; if they have assessed, of the details?
(1) We have been maintaining close communication with relevant Mainland authorities in promoting financial co-operation with the Mainland, seeking to facilitate further participation of the Hong Kong’s financial services sector in the development of the Mainland’s financial market, and at the same time to serve the Mainland’s real economy better, thus resulting in mutual benefits. The Mainland’s Internet financing business is an emerging industry. We will study it carefully and explore potential cooperation opportunities with the Mainland.
A robust and reliable payment platform is conducive to the development of financial services in Hong Kong. In this regard, the Financial Services and the Treasury Bureau and the Hong Kong Monetary Authority (HKMA) are preparing a Bill to establish a legislative framework for stored value facilities (SVF) and retail payment systems (RPS). The proposed regulatory regime seeks to ensure the security and soundness of SVF and RPS in Hong Kong, and to ensure adequate protection of the float in SVF. This helps contribute to the stability and effective working of the financial and payment systems in Hong Kong, and maintain our status as an international financial centre.
(2) and (3) Generally speaking, the security requirements and standards of Internet security systems are formulated in accordance with specific industry regulations and needs of the places which provide Internet services. The Government of the Hong Kong Special Administrative Region is committed to promoting the adoption of internationally recognised information security standards and related industry best practices by local enterprises and Internet service providers in the development of their network systems and electronic services so as to ensure the security of their networks, information systems and data assets. The Government also encourages enterprises to attain third-party certification of their security capabilities to enable continuous improvements in the security and credibility of the related systems.
As regards information and network security, the Office of the Government Chief Information Officer (OGCIO) maintains liaison with international, regional and Mainland security experts in various technical areas. For example, in the development of information security and risk management standards, guidelines and service certification for cloud computing, OGCIO maintains close cooperation with the Economic and Information Commission of Guangdong Province to develop and promote the use of related security standards and best practices by the cloud industry in both places in order to enhance the security and credibility of cloud computing services in the region.
Regarding security matters of Internet financial services, regulators attach considerable importance to the integrity of e-finance, and maintain on-going monitoring of computer systems and internet security of financial institutions. Supervisory guidelines or codes of practice on technology risk management and security measures regarding e-finance have been published in the light of market developments. Financial institutions are required to take adequate precautions to safeguard their systems and data against internet financial frauds and hacking risks, and put in place effective contingency plans.
During the above process, regulators also liaise with the Police, OGCIO, the financial industry, and overseas regulatory bodies (including regulators in the Mainland and other regions) from time to time to share information on such risks and regulatory experiences. With the information gathered, the supervisory focus of regulators is to formulate or update relevant supervisory guidelines that are appropriate for the local situation and needs of Hong Kong, after taking into account the situation of the banking industry and customers, the latest developments of information technology risk management and the trend of technology crime. Furthermore, HKMA reviews from time to time the concrete measures that should be taken to strengthen the electronic banking security in Hong Kong. Recently, HKMA is engaging close discussions with the Hong Kong Association of Banks and has started work to update its supervisory guideline on electronic banking.
In conclusion, the Administration and regulators will continue to improve and enhance the existing regulatory regime and measures, and monitor international trends and developments in information technology and security closely. We will strive to protect the interest of clients and maintain financial stability, by ensuring the safety and sustainable development of our financial infrastructure and systems. This will in turn strengthen the status of Hong Kong as an international financial and trade centre.
Ends/Wednesday, November 26, 2014
Issued at HKT 15:04