The Hong Kong banking regulatory system is a comprehensive multi-tiered and multi-dimensional framework designed to safeguard the soundness and transparency of the financial system, while also promoting innovation and development. The framework mainly comprises the following core components: international regulatory frameworks and agreements, legislation, Guide to Authorization (GTA), the Supervisory Policy Manual (SPM), Circulars (CIR), Guidelines (GLI), Codes of Practice (COP), Industry-Guided Guidelines (IGL), and Consultation Papers (CPR).
1. International Regulatory Frameworks and Agreements
Hong Kong’s banking supervision is not isolated but is deeply embedded within the global financial regulatory architecture. The Hong Kong Monetary Authority (HKMA), as a member of major international standard-setting bodies such as the Basel Committee on Banking Supervision (BCBS) and the Financial Stability Board (FSB), commits to fully incorporating international standards into the local regulatory regime. This level constitutes the “legal and conceptual source” of Hong Kong’s regulatory rules.
1.1 Basel Committee on Banking Supervision (BCBS) Agreements
The Basel Accords are the cornerstone of global prudential bank regulation. One of HKMA’s policy objectives is to ensure that Hong Kong’s regulatory regime remains aligned with the standards issued by the BCBS to maintain international market confidence in Hong Kong’s banking system.
1.1.1 Evolution from Basel I to Basel III
Hong Kong’s capital regulatory system has undergone the complete evolution from Basel I to Basel III. Hong Kong has fully implemented the Basel III framework, which aims to enhance the resilience of the banking system in times of financial stress.
(a) Capital quality and levels: Basel III strictly defines the composition of regulatory capital, emphasizing Common Equity Tier 1 (CET1) as the core instrument for absorbing losses.
(b) Risk coverage: The accord expands the coverage of risk-weighted assets (RWA), particularly for counterparty credit risk (CCR) and securitization exposures.
(c) Macroprudential elements: Introduction of the Capital Conservation Buffer and the Countercyclical Capital Buffer (CCyB), empowering HKMA to require banks to accumulate additional capital during periods of credit overheating.
1.1.2 Basel III Endgame (Basel 3.1)
HKMA is currently working on implementing the final reform package of Basel III—often referred to as Basel 3.1. This phase of reform centers on reducing excessive variability in risk-weighted asset calculations and restoring market confidence in capital ratios.
(a) Enhancement of standardized approaches: The standardized approaches for credit risk, market risk, and operational risk have been significantly revised to be more risk-sensitive and to serve as a floor for internal models (Output Floor).
(b) Restrictions on internal models: Banks’ use of internal models in certain risk categories (e.g., operational risk) is restricted to ensure comparability of capital adequacy across banks.
1.1.3 Liquidity Standards
The Basel III framework introduced two major quantitative liquidity metrics, which HKMA has incorporated into local rules:
(a) Liquidity Coverage Ratio (LCR): Ensures banks hold sufficient High-Quality Liquid Assets (HQLA) to survive a severe short-term stress scenario (30 days).
(b) Net Stable Funding Ratio (NSFR): Requires banks to maintain a stable funding structure and limits excessive reliance on short-term wholesale funding to support long-term assets.
1.2 Financial Stability Board (FSB) Standards
As a member of the FSB, Hong Kong actively adopts its recommendations on systemic risk and resolution regimes.
1.2.1 Resolution Regimes & “Too Big to Fail”
Pursuant to the FSB’s Key Attributes of Effective Resolution Regimes, Hong Kong has established a resolution framework based on the Financial Institutions (Resolution) Ordinance (Cap. 628). This ensures that if a Systemically Important Bank (SIB) fails, authorities have the necessary legal tools (such as bail-in) to maintain critical financial functions without resorting to taxpayer funds.
1.2.2 Total Loss-Absorbing Capacity (TLAC)
The FSB’s TLAC standard applies to Global Systemically Important Banks (G-SIBs). Although most local systemically important banks in Hong Kong are Domestic SIBs (D-SIBs), HKMA has adopted TLAC principles in its local Loss-Absorbing Capacity (LAC) requirements, which mandate banks issue debt instruments with write-down or conversion features to absorb losses in resolution.
1.3 Other International Organization Standards
1.3.1 Financial Action Task Force (FATF)
Hong Kong’s Anti-Money Laundering and Counter-Terrorist Financing Ordinance strictly follows FATF’s 40 Recommendations to ensure AML/CFT effectiveness.
1.3.2 International Organization of Securities Commissions (IOSCO) & CPMI
For banks engaged in securities business and financial market infrastructures (such as clearing systems), HKMA adopts the Principles for Financial Market Infrastructures (PFMI) and relevant international standards for non-centrally cleared derivative margining.
2. Legislation
2.1 Banking Ordinance (Cap. 155)
The Banking Ordinance is the core legislation regulating banking business, deposit-taking activities, and authorized institutions in Hong Kong.
Key provisions and supervisory powers include:
Section 7: Establishes the principal functions of the Monetary Authority (i.e., the Chief Executive of HKMA), including “to promote the general stability and effective working of the banking system.” Section 7(3) provides an important legal basis for HKMA to issue statutory guidance.
Section 16: Grants powers of authorization. HKMA may decide whether to grant a banking license based on whether the applicant meets the Minimum Criteria for Authorization set out in Schedule 7 of the ordinance; Section 16(10) authorizes HKMA to issue guidance on its interpretation.
Section 52: Empowers HKMA to take control actions when a bank is in distress or significantly non-compliant, including appointing managers to take over affairs.
Section 59(2): A strong investigatory tool authorizing HKMA to require external auditors to review internal controls, specific transactions, or data privacy compliance and submit reports.
Section 82: Authorizes HKMA to make rules (as opposed to guidance) to set statutory limits on financial risk exposures of authorized institutions, such as large exposure limits.
2.2 Subsidiary Legislation under the Banking Ordinance
HKMA issues a suite of subsidiary rules under the Banking Ordinance that implement international standards in local law.
2.2.1 Banking (Capital) Rules (Cap. 155L)
The core legal instrument implementing Basel capital standards, detailing how to calculate risk-weighted assets for credit, market, and operational risk, defining CET1 and other capital categories, and stipulating minimum capital ratios.
2.2.2 Banking (Disclosure) Rules (Cap. 155M)
Implements the “Pillar 3” disclosure requirements under Basel, prescribing what authorized institutions must publicly disclose about their financial condition and risk management practices, and specifying formats and frequencies (quarterly, half-yearly, annual).
2.2.3 Banking (Liquidity) Rules (Cap. 155Q)
Transforms Basel III liquidity standards into statutory requirements. Category 1 institutions must comply with LCR and NSFR, while Category 2 institutions are subject to a local Liquidity Maintenance Ratio (LMR) and Core Funding Ratio (CFR).
2.2.4 Banking (Exposure Limits) Rules (Cap. 155S)
Implements Basel’s large exposure framework, strictly limiting total exposure to a single counterparty or a linked group to no more than 25% of Tier 1 capital.
2.2.5 Other Subsidiary Legislation
(a) Banking (Specification of Multilateral Development Banks) Notice (Cap. 155N) — designates international institutions eligible for preferential risk weights.
(b) Banking Ordinance (Deposit-Taking Exemptions) (Consolidation) Notice (Cap. 155A) — lists institutions exempt from certain deposit-taking restrictions.
2.3 Other Legislation
2.3.1 Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615, AMLO)
This is the cornerstone of anti-money-laundering regulation. Schedule 2 sets out statutory requirements for Customer Due Diligence (CDD) and record-keeping. HKMA guidance issued under Section 7 of AMLO has statutory status.
2.3.2 Financial Institutions (Resolution) Ordinance (Cap. 628, FIRO)
Establishes a cross-sector resolution regime. The subsidiary rule Financial Institutions (Resolution) (Loss-Absorbing Capacity Requirements — Banking Sector) Rules (Cap. 628B) mandates banks hold sufficient loss-absorbing capacity instruments.
2.3.3 Payment Systems and Stored Value Facilities Ordinance (Cap. 584, PSSVFO)
Although mainly regulating stored value facility licensees, banks as exempt authorized institutions issuing stored value products (e.g., e-wallets) and operating retail payment systems are regulated by HKMA under this ordinance.
2.3.4 Personal Data (Privacy) Ordinance (Cap. 486, PDPO)
Given banks’ handling of large volumes of sensitive customer data, they must comply strictly with PDPO’s requirements on collection, use, and security of personal data.
2.3.5 Deposit Protection Scheme Ordinance (Cap. 581)
Requires all licensed banks to participate in the deposit protection scheme and contribute to the Deposit Protection Board.
2.3.6 Securities and Futures Ordinance (Cap. 571, SFO)
Banks conducting securities business are Registered Institutions under the SFO. HKMA is the frontline regulator, but applicable conduct standards and regulations primarily derive from the SFO and the Securities and Futures Commission (SFC).
3. Guide to Authorization (GTA)
The Guide to Authorization (GTA) serves as the entry ticket to the banking industry, stipulating how financial institutions should apply for a license (e.g., minimum capital, fit and proper directors) and the ongoing criteria for authorization.
4. Supervisory Policy Manual (SPM) and Its Branches
The SPM is the primary repository of supervisory requirements issued by HKMA, organized into multiple modules. SPM is further divided into Statutory Guidelines (SPM-SGL) and Non-statutory Guidelines (SPM-NGL).
Statutory Guidelines (SGL) are issued under specific legislation (primarily Section 7(3) of the Banking Ordinance or AMLO). Although breach of a SGL does not automatically constitute a criminal offense, a court may take it as evidence of breach in subsequent legal proceedings.
Non-statutory Guidelines (NGL) are administrative guidance without direct statutory citation and constitute most of the SPM. Violation of an NGL may lead HKMA to consider the institution “not fit and proper”, which can result in licence revocation or restrictions. In practice, banks treat NGLs with the same seriousness as law.
5. Circulars (CIR)
Circulars (CIR) are formal regulatory communications issued by HKMA. CIRs serve to communicate regulatory positions in a timely manner, address emerging risks, clarify policy application, announce implementation arrangements, or set binding interim requirements—especially when the SPM cannot respond quickly due to its lengthy revision process. Unlike the SPM, CIRs are not systematic expositions of long-term regulatory principles but are more timely, targeted, and operational.
When a CIR contains binding requirements that modify, suspend, or add to SPM provisions, the CIR’s provisions prevail even if the SPM has not yet been updated. This mechanism ensures HKMA maintains regulatory agility in rapidly evolving risk environments. Many important policies initially issued via CIRs are later integrated into formal SPM revisions after industry feedback and practice validation.
6. Guidelines (GLI)
Guidelines (GLI) are non-mandatory regulatory documents issued by HKMA to convey supervisory expectations, good practices, or policy directions in specific areas such as customer complaint handling, AML/CFT, green finance, data governance, and outsourcing risk management. While GLIs lack legal enforceability, significant deviation may lead HKMA to question adequacy of a bank’s risk management or compliance arrangements.
7. Codes of Practice (COP)
Codes of Practice (COP) are technical documents with quasi-mandatory effect issued by HKMA under the Banking Ordinance and FIRO. Where SPM tells banks “what” to do, COPs usually tell them “how” to do it. Banks must comply with COPs or otherwise provide credible, reasonable explanations and alternative arrangements; failure to do so may constitute a breach of prudential requirements.
8. Industry-Guided Guidelines (IGL)
Industry-Guided Guidelines (IGL) are typically developed by industry groups (e.g., the Hong Kong Association of Banks, HKAB) or relevant industry bodies in consultation with HKMA, and endorsed or supported by HKMA. Although often voluntary in form, once incorporated into supervisory expectations, they carry substantive regulatory weight.
8.1 Code of Banking Practice
Jointly developed by the Hong Kong Association of Banks (HKAB) and the DCA, and endorsed by HKMA, this code is incorporated into the SPM’s fairness expectations regarding Treating Customers Fairly. While formally voluntary, all licensed banks must sign up and adhere to it, and non-compliance may affect conduct risk ratings.
8.2 Code of Practice for Payment Card Scheme Operators
Jointly formulated by major local payment card schemes under HKMA’s initiative. After HKMA started directly regulating payment card scheme operators in 2021, this code was issued as a statutory regulatory requirement. It covers system reliability, cybersecurity, transaction processing efficiency, incident reporting, independent annual assessments, and immediate HKMA notification of major operational disruptions.
8.3 Guidelines on Banking Services for Persons with Cognitive Impairment
Issued by HKAB with HKMA support to protect vulnerable customers.
8.4 Practical Guidelines on Accessible Banking Services
Ensures persons with disabilities access fair banking services.
8.5 Treat Customers Fairly Charter
Although not a detailed guideline, it establishes high-level principles on fair treatment of customers.
9. Consultation Papers (CPR)
Consultation Papers (CPR) are documents HKMA issues to solicit industry feedback on proposed new or revised regulatory requirements, indicating the direction of future regulations. For example, if HKMA plans to introduce new Basel III standards, it will first issue a CPR before formal inclusion into the SPM. Banks are not required to comply immediately with CPRs, but compliance departments study them to conduct gap analyses and plan budgets for compliance remediation in the upcoming year.
SPM Module list
| Code | Category Name | Official / Checked Module Name (English) | Thematic Classification |
|---|---|---|---|
| IN | Introduction | Introduction | Authorization / Supervisory Approach |
| SA-1 | Supervisory Approach | Risk-based Supervisory Approach | Climate Risk Management / Supervisory Approach |
| SA-2 | Supervisory Approach | Outsourcing | Internal Controls – In-house / Outsourcing |
| CG-1 | Corporate Governance | Corporate Governance of Locally Incorporated Authorized Institutions | Corporate Governance – Board Functions |
| CG-2 | Corporate Governance | Systems of Control for the Appointment of Managers | Corporate Governance / Compliance / Internal Controls |
| CG-3 | Corporate Governance | Code of Conduct | Corporate Governance – Code of Conduct |
| CG-4 | Corporate Governance | Establishment of Overseas Banking Subsidiaries | Consolidated Supervision / Corporate Governance |
| CG-5 | Corporate Governance | Guideline on a Sound Remuneration System | Corporate Governance – Remuneration |
| CG-6 | Corporate Governance | Competence and Ethical Behaviour | Corporate Governance – Other |
| CG-7 | Corporate Governance | Benchmark Rate Setting (Benchmark Quotations)* | Code of Conduct / Trading Markets |
| IC-1 | Internal Controls | Risk Management Framework | Internal Controls – Risk Management Function |
| IC-2 | Internal Controls | Internal Audit Function | Internal Controls – Internal Audit Function |
| IC-3 | Internal Controls | Reporting Requirements Relating to Authorized Institutions’ External Auditors under the Banking Ordinance | Internal Controls – Other |
| IC-4 | Internal Controls | Complaint Handling Procedures * | Banking Conduct & Regulation – Complaints |
| IC-5 | Internal Controls | Stress-testing | Internal Controls – Other |
| IC-6 | Internal Controls | Sharing of Positive Credit Data through a Credit Reference Agency | Banking Conduct / Internal Controls |
| IC-7 | Internal Controls | Sharing and Use of Commercial Credit Data through a Commercial Credit Reference Agency | Banking Conduct & Regulation |
| CA-B-1 | Capital Adequacy | Countercyclical Capital Buffer (CCyB) – Approach to its Implementation | Capital Adequacy – Capital Buffers |
| CA-B-2 | Capital Adequacy | Systemically Important Banks | Capital Adequacy – Systemically Important Banks |
| CA-B-3 | Capital Adequacy | Countercyclical Capital Buffer (CCyB) – Geographic Allocation of Private Sector Credit Exposures | Capital Adequacy – Capital Buffers |
| CA-D-1 | Capital Adequacy | Guideline on the Application of the Banking (Disclosure) Rules | Disclosure – Pillar 3 Requirements |
| CA-G-1 | Capital Adequacy | Overview of Capital Adequacy Regime | Capital Base / Buffers / Credit Risk |
| CA-G-4 | Capital Adequacy | Validating Risk Rating Systems under the IRB Approach | Credit Risk (Non-securitization) |
| CA-G-5 | Capital Adequacy | Supervisory Review Process | Capital Adequacy – Pillar 2 |
| CA-S-4 | Capital Adequacy | Capital Adequacy Requirements for Investment Guarantees under Mandatory Provident Fund Schemes | Capital Adequacy – Other |
| CA-S-5 | Capital Adequacy | Use of Internal Models to Measure Market Risks for Investment Guarantees under MPF Schemes | Capital Adequacy – Market Risk |
| CA-S-10 | Capital Adequacy | Financial Instrument Fair Value Practices | Capital Adequacy / Disclosure – Other |
| CS-1 | Consolidated Supervision | Group-wide Approach to Supervision of Locally Incorporated Authorized Institutions | Consolidated Supervision / Supervisory Approach |
| CR-G-1 | Credit Risk Management | General Principles of Credit Risk Management | Credit Risk Management – Other |
| CR-G-2 | Credit Risk Management | Credit Approval, Review and Records | Credit Risk Management – Other |
| CR-G-3 | Credit Risk Management | Credit Administration, Measurement and Monitoring | Credit Risk Management – Other |
| CR-G-5 | Credit Risk Management | Country Risk Management | Credit Risk Management – Loan Classification |
| CR-G-6 | Credit Risk Management | Interest Recognition | Credit Risk Management – Other |
| CR-G-7 | Credit Risk Management | Collateral and Guarantees | Credit Risk Mitigation / Risk Transfer |
| CR-G-8 | Credit Risk Management | Large Exposures and Risk Concentrations | Large Exposures & Concentration Risk |
| CR-G-9 | Credit Risk Management | Exposures to Connected Parties | Large Exposures – Connected Parties |
| CR-G-10 | Credit Risk Management | Problem Credit Management | Credit Risk Management – Loan Classification |
| CR-G-12 | Credit Risk Management | Credit Risk Transfer Activities | Capital Adequacy / Credit Risk Mitigation |
| CR-G-13 | Credit Risk Management | Counterparty Credit Risk Management | Capital Adequacy / Counterparty Risk |
| CR-G-14 | Credit Risk Management | Margin Requirements for Non-centrally Cleared OTC Derivatives | OTC Derivatives – Margin |
| CR-S-2 | Credit Risk Management | Syndicated Lending | Corporate Lending Credit Risk Management |
| CR-S-4 | Credit Risk Management | New Share Subscription and Share Margin Financing | Credit Risk Management – Other |
| CR-S-5 | Credit Risk Management | Credit Card Business | Retail Lending Credit Risk Management |
| CR-L-1 | Credit Risk Management | Consolidated Supervision of Concentration Risks: BELR Rule 6 | Consolidated Supervision – Concentration Risk |
| CR-L-3 | Credit Risk Management | Letters of Comfort: BELR Rule 57(1)(d) | Large Exposure Limits |
| CR-L-4 | Credit Risk Management | Underwriting of Securities: BELR Provisions on Exposure Limits * | Large Exposures – Other |
| CR-L-5 | Credit Risk Management | Major Acquisitions and Investments: BELR Part 3 | Credit Exposure / Investment Limits |
| MR-1 | Market Risk | Market Risk Capital Charge | Capital Adequacy – Market Risk |
| MR-2 | Market Risk | CVA Risk Capital Charge | Capital Adequacy – Market Risk |
| IR-1 | Interest Rate Risk Management | Interest Rate Risk in the Banking Book (IRRBB) | Interest Rate Risk Management |
| LM-1 | Liquidity Risk Management | Regulatory Framework for Supervision of Liquidity Risk | Liquidity Risk – Regulatory Framework |
| LM-2 | Liquidity Risk Management | Sound Systems and Controls for Liquidity Risk Management | Liquidity Risk – Sound Management |
| RR-1 | Reputation Risk Management | Reputation Risk Management | Strategic & Reputation Risk Management |
| SR-1 | Strategic Risk Management | Strategic Risk Management | Strategic & Reputation Risk Management |
| TA-2 | Trading Activities | Foreign Exchange Risk Management | Market Risk Management – Foreign Exchange |
| TM-C-1 | Technology Risk Management | Supervisory Approach on Cyber Risk Management | Technology Risk Management – Cybersecurity |
| TM-G-1 | Technology Risk Management | General Principles for Technology Risk Management | Technology Risk Management – Other |
| TM-G-2 | Technology Risk Management | Business Continuity Planning | Technology Risk Management / Business Continuity |
| TM-E-1 | Technology Risk Management | Risk Management of E-banking | Technology Risk Management – E-banking |
| TM-E-2 | Technology Risk Management | Risk Management of E-banking – Use of the Internet for Soliciting Deposits* | Banking Conduct & Regulation – Other |
| SB-1 | Securities & Leveraged Transactions | Supervision of Regulated Activities of SFC-registered Authorized Institutions | Wealth Management / SFC-related Supervision |
| SB-2 | Securities & Leveraged Transactions | Leveraged Foreign Exchange Trading | Wealth Management & MPF |
| MP-2 | Mandatory Provident Fund | Provisioning Requirements for Investment Guarantees under Mandatory Provident Fund Schemes | Capital Adequacy – Other |
| RE-1 | Recovery & Resolution | Recovery Planning | Recovery Planning |
| AML-1 | Anti-Money Laundering | Supervisory Approach on Anti-Money Laundering and Counter-Financing of Terrorism | AML / Financial Inclusion |
| AML-2 | Anti-Money Laundering | Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (For Authorized Institutions) | AML Control Measures |
| GS-1 | Green & Sustainable Banking | Climate Risk Management | Green and Sustainable Banking |
| IB-1 | Insurance Intermediary Business | Supervision of Insurance Intermediary Business of Authorized Institutions | Wealth Management – Insurance Products |
| OR-1 | Operational Risk Management | Operational Risk Management | Operational Risk |
| OR-2 | Operational Risk Management | Operational Resilience | Business Continuity / Operational Risk |
| TB-1 | Trust Business | Regulation and Supervision of Trust Business | Trust Business |
| MB-1 | Supervision of Approved Money Brokers | Risk-based Supervision of Approved Money Brokers | Money Broking / Minimum Criteria for Approval |
| CRP-1 | Crypto-assets | Classification of Crypto Assets | Capital Adequacy / Credit Risk (Crypto-assets) |
| GL | Others | Glossary | Authorization Matters / Other |
发表评论