ComplianceOnline

Hong Kong Guidelines for Authorization of Virtual Banks – An Overview and Summary of Requirements

  • By: Staff Editor
  • Date: June 14, 2013
Webinar All Access Pass Subscription

 

This Guideline sets out the principles which the Monetary Authority (MA) uses when deciding whether to authorize virtual banks applying to conduct banking business in Hong Kong.
 
General principles
  • A virtual bank applicant should fulfill the minimum criteria.
    • It should have substance and not just be a concept taking advantage of the popularity of the internet
    • It should have a detailed business plan describing how it intends to conduct its business and how it proposes to comply with the authorization criteria on an ongoing basis.
  • A virtual bank applicant should also take into account conventional banking risks such as credit, liquidity and interest rate risks along with technology risk.
  • The applicant has to satisfy the MA that the controllers, directors and chief executives of the applicant are fit and proper persons.
 
Physical presence
  • An authorized virtual bank applicant should maintain a physical presence in Hong Kong; it should provide a point of contact with the bank in Hong Kong for both customers and the MA.
  • A virtual bank can establish one or more local branches to supplement its cyber network provided
  • A virtual bank should keep a full set of its books, accounts and records of transactions in Hong Kong, to facilitate examination and inspection by the MA.
 
Information technology (IT) security of virtual bank
  • A virtual bank should have “fit for purpose” security controls in place, which are appropriate to the type of transactions which the virtual bank intends to carry out.
  • A virtual bank applicant should commission an independent assessment report on the security of its computer hardware, systems, procedures and controls from a qualified and independent expert.
  • A copy of the security assessment report should be provided to the MA as part of the documents submitted on application.
  • A virtual bank should establish procedures for regular review of its security arrangements to ensure that these are current and up to date with the latest technology
 
Risk Management
  • Virtual bank applicants should understand the types of risk to which they are exposed and put in place appropriate systems to identify, measure, monitor and control these risks.
  • Virtual bank applicants should go through the eight basic types of risk identified in the risk-based supervisory framework of the MA:
    • credit,
    • interest rate,
    • market,
    • liquidity,
    • operational,
    • reputation,
    • legal and
    • strategic risks
  • A virtual bank should analyze to what extent it will be subject to these risks and establish appropriate controls to manage these risks.
 
Business Plan
  • A virtual bank should present a business plan which strikes an appropriate balance between the desire to build market share and the need to earn a reasonable return on assets and equity.
  • To a large extent, the MA would not interfere with the commercial decisions of individual institutions. 
  • The MA would be concerned if a virtual bank aggressively built market share at the expense of recording substantial losses in the initial years of operation.
 
Terms and conditions of service
  • A virtual bank should observe the standards contained in the Code of Banking Practice issued by the Hong Kong Association of Banks and the DTC Association.
  • The terms and conditions should clearly state the respective rights and obligations between the bank and its customers.
  • The terms and conditions should highlight how any losses from security breaches, systems failure or human error would be apportioned between the bank and its customers.
  • According to the MA, unless a customer acts fraudulently or with gross negligence such as failing to properly safeguard his device or secret code for accessing the e-banking service, he should not be responsible for any direct loss suffered by him as a result of unauthorized transactions conducted through his account.
 
Outsourcing
  • Outsourcing of computer operations of a virtual bank to a third party service provider is allowed.
  • Virtual banks should discuss their plans for outsourcing with the MA in advance.
  • Virtual banks should comply with the principles in the SPM module on “Outsourcing” (SA-2)
  • The virtual bank should satisfy the MA that:
    • Computer operation outsourced remains subject to adequate security controls
    • Confidentiality and integrity of customer information would not be compromised
    • Requirements under the Personal Data Ordinance and common law customer confidentiality are complied with
  • The MA can carry out inspections of the security arrangements and other controls in place at the service provider or obtain reports from a relevant supervisory authority, external auditors or other experts.
 
Principles applicable to virtual banks incorporated in Hong Kong
Ownership structure
  • A virtual bank incorporated in Hong Kong should be at least 50% owned by a well established bank or other supervised financial institution in good standing in the financial community and with appropriate experience.
  • The parent bank (or equivalent institution) should undertake to provide additional capital and/or liquidity support when such a need arises.
  • The parent bank (or equivalent institution) should play an active role in overseeing the business and affairs of the virtual bank through its participation in the Board of Directors.
 
Principles applicable to virtual banks incorporated outside Hong Kong
 
Adequacy of home supervision
 
Virtual banks incorporated outside Hong Kong that want to establish themselves in Hong Kong in branch form should come from a country where there is an established regulatory framework for electronic banking.
 
Capital requirement
 
Virtual banks should maintain minimum levels of share capital of HK$300 million (including paid-up share capital and balance of share premium account).

 

Additional Resources

Read the Hong Kong Guidelines for Authorization of Virtual Banks in full.

Compliance Trainings

Business Writing for Financial Professionals
By - Phil Vassallo
On Demand Access Anytime
EDD what are the auditors looking for?
By - Vicki Landon
On Demand Access Anytime

Compliance Standards

Best Sellers
You Recently Viewed
    Loading