China Hong Kong Financial Compliance Guide

Common Problems

Is Huawei Cloud available to financial institutions in Hong Kong SAR, China?

Huawei Cloud is available in Hong Kong SAR, China. Financial institutions can sign up for a Huawei Cloud account and start using Huawei Cloud services. Financial institutions must comply with applicable laws and regulatory requirements when using cloud services.
Who are the financial regulators in Hong Kong SAR, China?

Financial regulators in Hong Kong SAR, China include:

• The Hong Kong Monetary Authority (HKMA) is the institution responsible for maintaining the stability of the currency and banking system in Hong Kong SAR, China. It is primarily responsible for financial policies, bank management, and currency management.

• The Insurance Authority (IA) of the Hong Kong Special Administrative Region of the People's Republic of China ("Hong Kong SAR, China") is an insurance regulatory agency independent of the government. Its purpose is to help insurance institutions comply with international insurance regulatory requirements and maintain the stable development of the insurance industry.

• The Securities and Futures Commission (SFC) of the Hong Kong Special Administrative Region of the People's Republic of China ("Hong Kong SAR, China") is an independent statutory body responsible for regulating the securities and futures markets in Hong Kong SAR, China.
What are the applicable laws, regulations, and regulatory requirements for financial institutions using Huawei Cloud?

The HKMA has issued a series of guidelines and circulars providing practical guidance to Hong Kong financial institutions on IT risk management. The main regulatory guidelines and circulars are as follows:

Supervisory guidelines:

• Supervisory Policy Manual on the General Principles of Technology Risk Management (TM-G-1): Provides authorized institutions (AIs) with guidance on general principles which AIs are expected to consider in managing technology-related risks.

• Supervisory Policy Manual on Outsourcing (SA-2): Sets out the HKMA's supervisory approach to outsourcing and the key points which the HKMA recommends AIs to address when outsourcing.

• Supervisory Policy Manual on Business Continuity Planning (TM-G-2): Sets out the HKMA's supervisory approach to business continuity planning and the sound practices that the HKMA expects AIs to take into consideration in business continuity planning.

• Guideline on the Authorization of Virtual Banks: Sets out the principles that the HKMA will take into account when deciding whether to authorize a virtual bank to conduct banking business in Hong Kong.

Regulatory circulars:

• Customer Data Protection: Remind AIs of the importance of protecting the confidentiality of customer data and some of the key control measures for protecting customer data.

• Incident Response and Management Procedures: Reminds AIs that effective incident response and management capabilities and procedures must be in place to deal with significant incidents and sets out the principles to be followed by AIs in any public communication regarding such incidents.

Huawei Cloud Compliance with the Hong Kong Financial Services Regulations & Guidelines describes how Huawei Cloud can help you meet the regulatory requirements of the financial industry in Hong Kong.
What industry-related laws, regulations, and regulatory requirements do insurance institutions need to comply with when using Huawei Cloud?

The Insurance Authority (IA) of Hong Kong Special Administrative Region of People's Republic of China ("Hong Kong SAR, China") is an insurance regulatory agency independent of the government. Its purpose is to help insurance institutions comply with international insurance regulatory requirements and maintain the stable development of the insurance industry.

To regulate the application of Information Technology (IT) in the insurance industry, the IA has released a series of regulatory requirements and guidelines for institutions and organizations that are authorized to engage in insurance business (authorized insurers) in the areas of cyber security, IT outsourcing, online insurance management and other insurance-related activities. The main regulatory requirements are as follows:

• Guideline on Cybersecurity (GL20): This guideline sets out the minimum standards to be met by authorized insurers in terms of cybersecurity and the general guidelines to be used by the IA in evaluating the cybersecurity frameworks of insurers.

• Guideline on Outsourcing (GL14): This guideline sets out the important considerations that the IA expects authorized insurers to consider in formulating and monitoring outsourcing arrangements, to protect the interests of existing and prospective policy holders. This guideline also sets out the approach for the IA to monitor the outsourcing arrangements of authorized insurers.

• Guideline on the Use of Internet for Insurance Activities, GL8: This guideline outlines the matters that should be considered by authorized insurers when engaging in online insurance activities.

Huawei Cloud Compliance with the Hong Kong Insurance Services Regulations & Guidelines describes how Huawei Cloud can help you meet the regulatory requirements of the insurance industry of Hong Kong, China when using Huawei Cloud, while demonstrating Huawei Cloud’s own compliance.
What industry-related laws, regulations, and regulatory requirements do securities and futures institutions need to comply with when using Huawei Cloud?

The Securities and Futures Commission (SFC) of Hong Kong Special Administrative Region of People's Republic of China (Hong Kong SAR, China) is an independent statutory body responsible for regulating the securities and futures markets in Hong Kong SAR, China.

To regulate the application of Information Technology (IT) in the securities and futures industry, the SFC published a series of regulatory requirements and guidelines, covering the areas of technology risk management and cyber security, use of external electronic data storage, and Internet trading security management for institutions or organizations that are permitted to engage in securities and futures-related activities (licensed corporations, LC for short). The main regulatory requirements are as follows:

• Use of external electronic data storage: This policy document sets out requirements for LCs to store their regulatory records with an external electronic data storage provider (EDSP), and explains the approval requirements for record storage and the regulatory standards to be observed by LCs when information is stored or processed electronically using EDSPs.

• Guideline for Reducing and Mitigating Hacking Risks Associated with Internet Trading: This policy document sets out baseline requirements that reduce and mitigate hacking risks associated with Internet trading. The controls and measures specified in the guideline can only reduce or mitigate hacking risks associated with Internet trading, but cannot eliminate them. It must be emphasized that these are the minimum standards to be met by LCs and are not exhaustive.

• Good industry practices for IT risk management and cybersecurity: This policy document provides a list of industry practices on technology risk management and cyber security that LCs engaged in Internet trading may consider incorporating into their IT and cybersecurity risk management frameworks. This list builds on the controls suggested in past circulars and supplements them with recommendations from an external cybersecurity expert based on the latest technological developments.

Huawei Cloud User Guide to Securities and Futures Industry Regulations & Guidelines in the Hong Kong Special Administrative Region of the People's Republic of China describes how Huawei Cloud can help you meet the regulatory requirements of the securities and futures industry of Hong Kong SAR, China when using Huawei Cloud, while demonstrating Huawei Cloud’s own compliance.