In light of the continuous and fast-paced developments in cybersecurity and technology and the presence of increasingly dynamic and complex cyber threats, the Hong Kong Monetary Authority has conducted a review of its Cybersecurity Fortification Initiative (CFI) to improve the cybersecurity of the banking systems. 

An enhanced scheme, CFI 2.0, has now been introduced, with a structured implementation timeline starting in mid-2021 and continuing through 2023.

In this two-page summary, KPMG outlines changes to the three main components of the CFI: the Cyber Intelligence Sharing Platform (CISP), Cyber Resilience Assessment Framework (C-RAF), and the Professional Development Programme (PDP).  In addition, we break down how the changes will affect the various areas of cybersecurity coverage that affect banks: including governance, identification, protection, detection, response and recovery, situational awareness and third-party risk management.  

Connect with us