Data Protection Report - Norton Rose Fulbright

On 19 December 2016, the Hong Kong Monetary Authority (“HKMA”) announced the launch of the Enhanced Competency Framework on Cybersecurity (“ECF-C”).

The ECF-C is a cybersecurity module that runs in parallel with the Professional Development Programme – one of the 3 pillars that underpin the Cybersecurity Fortification Initiative launched by HKMA in May 2016 (see our previous blog post). The aim of the Professional Development Programme is to develop a programme to train and nurture cybersecurity practitioners in Hong Kong financial institutions.

The ECF-C introduces an industry-wide competency framework for the banking sector that enables talent development, and facilitates the building of professional competencies and capabilities of those working in cybersecurity. The HKMA also issued a Guide on Enhanced Competency Framework on Cybersecurity to provide details on the scope of application of the ECF-C, qualification structure, recognised certification and continuing professional development requirements to equip cybersecurity practitioners with “the right skills, knowledge and behaviour.”

Although the ECF-C is not a mandatory licensing regime, the HKMA has encouraged banks to adopt the ECF-C and keep records of the relevant training and qualifications of cybersecurity practitioners. The HKMA will assess the progress of ECF-C implementation by banks, including their efforts in enhancing staff competence in the cybersecurity area, during its ongoing supervisory process.

To subscribe for updates from our Data Protection Report blog, visit the email sign-up page.