Connecting...

W1sizmyilcivc3j2l3d3dy9vbgl2zxivy3vycmvudc9wdwjsawmvchjvzhvjdglvbi9uzxdzlw9ulwnvbxbsawfuy2uvaw1hz2vzl2jhbm5lci1kzwzhdwx0lta5ymvingjmywq4zdg3ota4ogy4y2y1yzq3ywqynmuzlmpwzyjdlfsiccisinrodw1iiiwimjawmhgymdajil1d

Hong Kong Monetary Authority Announces Enhanced Competency Framework On Cybersecurity

W1siziisijiwmtcvmdevmdqvmdkvndivmdcvode2l1ryes1jbmjvdw5klu1hcmtldgluzy10by1uywtllvlvdxitq3lizxjzzwn1cml0es1tdgfydhvwlvjhbmtpbmctvxatsglnac5qcgcixsxbinailcj0ahvtyiisijqzmhgzmjbcdtawm2mixv0

Hong Kong Monetary Authority Announces Enhanced Competency Framework On Cybersecurity

By Pathay Singh on 01/04/17

On 19 December 2016, the Hong Kong Monetary Authority (“HKMA”) announced the launch of the Enhanced Competency Framework on Cybersecurity (“ECF-C”).

The ECF-C is a cybersecurity module that runs in parallel with the Professional Development Programme – one of the 3 pillars that underpin the Cybersecurity Fortification Initiative launched by HKMA in May 2016 (see our previous blog post). The aim of the Professional Development Programme is to develop a programme to train and nurture cybersecurity practitioners in Hong Kong financial institutions.

The ECF-C introduces an industry-wide competency framework for the banking sector that enables talent development, and facilitates the building of professional competencies and capabilities of those working in cybersecurity. The HKMA also issued a Guide on Enhanced Competency Framework on Cybersecurity to provide details on the scope of application of the ECF-C, qualification structure, recognised certification and continuing professional development requirements to equip cybersecurity practitioners with “the right skills, knowledge and behaviour.”

Although the ECF-C is not a mandatory licensing regime, the HKMA has encouraged banks to adopt the ECF-C and keep records of the relevant training and qualifications of cybersecurity practitioners. The HKMA will assess the progress of ECF-C implementation by banks, including their efforts in enhancing staff competence in the cybersecurity area, during its ongoing supervisory process.

Source: Norton Rose Fulbright