HKMA Cybersecurity Fortification Initiative 2.0

December 2021

With the continued rise of digitalisation to revolutionise how businesses work and serve their customers, new technologies such as cloud, the Internet of Things (IoT), biometrics, artificial intelligence (AI), and machine learning are increasingly and widely adopted to improve operational efficiency and deliver higher quality services to clients.

To cope with the fast-changing cybersecurity landscape and in the light of such recent international developments in cybersecurity, the Hong Kong Monetary Authority (HKMA) conducted a holistic and independent review of the Cybersecurity Fortification Initiative (CFI) in 2020. An enhanced version 2.0 was released with a view to streamlining cyber resilience assessment process while maintaining effective control standards that are commensurate with the latest technology trends. The CFI 2.0 came into effect on 1 January 2021 and is being implemented following a phased approach.

PwC was appointed as an independent assessor for a large number of the Group 1 Authorised Institutions (AIs) and new AIs which have not undertaken the C-RAF assessments in the previous cycle. You will find in our publication lessons learnt and our observations from the implementation.