In response to a recent global IT incident linked to a faulty cybersecurity update, the HKMA emphasizes the need for financial institutions to strengthen their management of third-party dependencies and improve operational resilience. The incident revealed issues such as insufficient testing by the service provider and inadequate risk management of third-party software. The HKMA is engaging with major Authorized Institutions to gather insights on effective risk management practices and expects senior management to implement these industry standards, as outlined in their supervisory guidelines. For further inquiries, institutions can reach out via email.
Resources: https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2024/20240927e2.pdf
