A letter to financial firms from Raymond Chan, Executive Director of Banking Supervision at the Hong Kong Monetary Authority, has laid out a series of practices for improving operational resilience following “a few payment-related operational incidents” reported over the past year.
The incidents were most often caused by IT system malfunctions and led to the failures at firms to process payments within regulated cut-off times, the letter said.
“The HKMA would like to remind [authorised institutions] of the importance of maintaining high operational resilience with respect to their payment operations,” Chan said. Prevention measures should be improved with thorough testing of payments platforms, alongside closer monitoring of business operations and better incident reporting.
The circular highlights the need for thorough testing of payments services both before roll-out and in event of upgrades and also ensuring the same level of rigour is used in subsequent testing.
The HKMA also said that it expects continuity plans to be robust, covering a range of scenarios (system outages and degraded services, for example) and should include risk assessments accounting for the time required to act on known disruption.
Authorised institutions are expected to review their current practices, with the HKMA set to increase its surveillance of payments systems.
“In view of the increased number of payment-related operational incidents, the HKMA will step up its surveillance of AIs’ payment operations, including undertaking examinations focused on payment operations,” the letter concluded.
