After consultations with two industry associations,on 25 October 2024, the HKMA issued a revised version of the Supervisory Policy Manual (“SPM”) module TM-E-1 “Risk Management of E-banking” as a statutory guideline under section 7(3) of the BO.
The HKMA’s review and update of the module was part of an ongoing commitment to effective supervision of e-banking services and payment card services provided by AIs. The revised version incorporates relevant requirements from various supervisory documents (such as circulars and the Operational and IT Incidents Watch) to give AIs a more comprehensive understanding of supervisory guidance for these services. This revised module came into effect on 25 October 2024.
The main changes are summarised as follows:
(i) The revised SPM module now includes controls for payment card transactions.
(ii) Relevant security measures from various supervisory documents have been consolidated into the updated SPM module.
(iii) More principle-based guidance has been provided to strengthen AIs’ risk management controls for e-banking and payment card services.
Please click here for the letter issued by the HKMA.
