Hong Kongers have been promised a virtual banking revolution but they may have to wait a bit longer for it due to cyber-security concerns that could delay the awarding of new banking licenses.
Local regulators have been working to a first-quarter deadline but it could now go down to the wire, a person familiar with the process has told FinanceAsia. So it is now “entirely possible’’ that a final decision on the new licenses could roll over into the second quarter, the person said.
When asked specifically if there was a likelihood that the granting of the licenses could drag on beyond the deadline, a spokesman for the Hong Kong Monetary Authority (HKMA) would only say: "The HKMA endeavours to start granting virtual banking licence(s) in the first quarter of 2019."
Among those still vying for a license are Standard Chartered Bank; WeLab; a consortium led by CASH Financial Services Group; Zhong An Bank allied with Citic Bank and HKT, a joint venture involving the Bank of East Asia, Airwallex and Sequoia Capital China.
That's according to two separate sources, including a cyber-security expert with connections to the licence application as well as the person familiar with the process.
However, several attempts by FinanceAsia to contact these companies to confirm their continuation in the race have so far proved unsuccessful.
The HKMA spokesman also declined to confirm this shortlist of names, but added that about one-third of "around 20 substantially complete applications'' had been shortlisted, including "local and overseas companies, comprising banks, non-financial institutions and technology companies.’’
He described such companies as more promising or better-equipped than others in terms of their business models, technology platforms and financial capabilities. "(This) renders them better positioned to meet the policy objectives of the HKMA in introducing virtual banking, including the promotion of fintech development, new customer experience and financial inclusion."
The HKMA wants the first licences to go to applicants capable of getting to market quickly. They also want to make sure they have the necessary systems in place to ensure the safety of customer data and maintain the overall integrity of the city’s financial system.
So would-be virtual banks and those investing in them will need to factor in the significant and ongoing costs of meeting a level of regulatory oversight that will almost certainly be tougher than what applies to their bricks-and-mortar counterparts.
“The small number of applicants who are still in the race for a license have satisfied the HKMA in terms of their funding, business plans, the background of key personnel and ability to run a virtual banking operation without physical branches,’’ the first person familiar with the process said.
“Now comes the really difficult hurdle: satisfying the regulator that they have the systems in place to secure their online banking operations against a growing tide of cyber attacks, phishing rackets and online fraud,” the person added. “Then you have the complications involved in region-wide co-operation and collaboration on securing virtual banking platforms.”
It is understood that around 30 banks, online lenders and other financial or insurance companies applied for a license in May 2018. However, more than two-thirds of them were rejected on the grounds that the applications were insufficient in detail or did not have adequate funding in place.
Speaking earlier this month, Arthur Yuen Kwok-hang, deputy chief executive of the HKMA said: “We are now in the very detailed interactive process of assessing the individual shortlisted applicants’ risk management systems, and that takes a bit of time.”
Asia’s position as the most digitally connected region on the planet leaves its financial systems the most exposed to potential cybercrime. As such, the region is also seen as one of the most important markets for developing cybersecurity, with its fast-evolving financial services sector and its balance between new legacy-free infrastructure and fast-growing economies.
The prediction of a decision roll-over beyond March-end comes as a top monetary official in rival financial hub Singapore laid out the stark economic cost of cybercrime across the region.
Speaking on January 29 at the launch of a cyber-risk management project, Elean Chin, a deputy director at the Monetary Authority of Singapore, described it as an unfolding “modern-day catastrophe” which in 2017 alone saw Asian economies haemorrhage $1.75 trillion in economic losses, equivalent to 7% of the region’s collective GDP.
“Asia-Pacific saw the highest number of compromised records and security events in the first half of last year, accounting for close to 40% of global cybersecurity incidents and 30% of compromised records worldwide,” she said. “In 2017, Asia suffered $1.75 trillion in economic losses or 7% of its GDP from cyber attacks.”
Cyber risk is also one of the biggest threats to doing business, according to the World Economic Forum’s 2019 Global Risk Report.