On 19 December 2016, the Hong Kong Monetary Authority (“HKMA”) announced the launch of the Enhanced Competency Framework on Cybersecurity (“ECF-C”).
The ECF-C is a cybersecurity module that runs in parallel with the Professional Development Programme – one of the 3 pillars that underpin the Cybersecurity Fortification Initiative launched by HKMA in May 2016 (see our previous blog post). The aim of the Professional Development Programme is to develop a programme to train and nurture cybersecurity practitioners in Hong Kong financial institutions.
The ECF-C introduces an industry-wide competency framework for the banking sector that enables talent development, and facilitates the building of professional competencies and capabilities of those working in cybersecurity. The HKMA also issued a Guide on Enhanced Competency Framework on Cybersecurity to provide details on the scope of application of the ECF-C, qualification structure, recognised certification and continuing professional development requirements to equip cybersecurity practitioners with “the right skills, knowledge and behaviour.”
Although the ECF-C is not a mandatory licensing regime, the HKMA has encouraged banks to adopt the ECF-C and keep records of the relevant training and qualifications of cybersecurity practitioners. The HKMA will assess the progress of ECF-C implementation by banks, including their efforts in enhancing staff competence in the cybersecurity area, during its ongoing supervisory process.