1.Good afternoon, everyone. A very warm welcome to “The Journey to Operational Resilience” session, jointly organised by the HKMA and the Hong Kong Association of Banks. The overwhelming response reflects very strong interests in this topic; we have more than a full house, with almost 300 subject matter experts from banks joining today's sharing session.

2.It is evident that large-scale disruptive events with regional or even global impacts have become more frequent in recent years. The Crowdstrike incident in July, which led to the crash of more than 8.5 million computers worldwide, is a strong reminder of the far-reaching consequence of operational disruptions in today's interconnected world.  While the impact of the incident was limited for banks in Hong Kong, it does serve as a wake-up call for banks to promptly implement robust frameworks that enable the continuation of critical operations even in severe but plausible scenarios.

3.Our journey towards operational resilience is guided by the latest international standards and principles set by the Basel Committee on Banking Supervision, while taking into account local circumstances. As guided by our Supervisory Policy Manual module OR-2, all banks in Hong Kong should develop their operational resilience frameworks by May 2023 and become fully resilient by May 2026, following a “1+3 years” timeline.

4.To date, we are only left with 18 months from the 2026 deadline when banks should achieve an adequate level of operational resilience. In this regard, I am pleased to share that all banks in Hong Kong have already developed relevant frameworks, which set out each bank's critical operations, target tolerance levels and severe scenarios, in line with global standards as well as our guidance.  Major banks have also taken on board our supervisory feedback to tighten the tolerance limits for disruption, in some cases from a few days previously to within a few hours now, thus enhancing resilience and recovery for critical operations that are important to the bank, its customers, and the banking sector.

5.Most banks are now in the second critical stage of their operational resilience journey, namely the mapping and scenario testing exercises. These exercises will help identify vulnerabilities and dependencies of each critical operation, thereby facilitating effective remediation.  For instance, a bank found from its mapping and testing exercise some previously unknown reliance of its critical payment operations on another KYC process, and has therefore proactively put in place a workaround to meet various payment cut-off timelines in case the relevant systems cannot be recovered within the bank's disruption tolerance limit.  This contrasts with ex-post recognition of dependencies in the past when banks became aware only after an incident has happened.

6.The HKMA's recent survey indicates that the mapping of around 70% of critical operations of major banks, as defined by each bank, have been completed so far, while about 50% of scenario testing have been completed. And while there was good progress, more work remains to be done in the coming months.

7.We appreciate that mapping and testing are not simple tasks. The increasing complexity of banking operations underlined by multiple dependencies would require a sophisticated GPS on top of a traditional map.  Our speakers today will share their insights in navigating through three key challenges: first, how could mapping be performed effectively to uncover different vulnerabilities; second, how to ensure that testing is fit-for-purpose to identify gaps and weaknesses in critical operations; and third, how to manage the risks associated with third-party dependencies. 

8.As we approach the third and final milestone in May 2026, it is also important to closely track progress of banks in becoming operationally resilient, and flag up any emerging issues as early as possible. It requires dedication and discipline, both by banks themselves through self-assessments and enhancements, and by the HKMA through our ongoing supervisory engagement including today's sharing session.

9.Encouragingly, many banks have already taken proactive steps to address potential issues and make necessary enhancements. The HKMA will continue to provide guidance and support to the industry, including sharing the proceedings of our discussion today, and working together in an interactive and iterative manner towards the finish line for operational resilience.

10.In closing, I would like to express my sincere gratitude to our speakers today, who are senior representatives from HSBC (Hong Kong), Standard Chartered Bank (Hong Kong), Bank of China (Hong Kong), and DBS Bank (Hong Kong).  The panel will share insights and experience in charting the operational resilience journey in their institutions.  I look forward to active participation by everyone to make it a productive and insightful discussion and sharing.  

Thank you.