On 28 Jun 2024, the HKMA issued a circular reminding Authorized Institutions of existing regulatory obligations under the Personal Data (Privacy) Ordinance and SPM modules when utilizing the GBA Standard Contract for cross-boundary credit data transfers through CRAs. The circular emphasizes compliance with specific SPM sections governing data security, confidentiality, and CRA engagement for both consumer and commercial credit data flows.
This article was generated using SAMS, an AI technology by Timothy Loh LLP.
SFC Regulation of Virtual Asset Trading Platforms: The Emerging Hong Kong Framework
SFC proposes new regulation of virtual assets through licensing of operators of cryptocurrency and other digital asset trading platforms
Market Misconduct Tribunal: A Guide to Penalties and Other Consequences for Misuse of Insider Information
Market Misconduct Tribunal proceedings for mishandling of insider information can result in fines and disgorgement orders
SPOTLIGHT ON
FAMILY OFFICES
Introduction and Context
On 28 Jun 2024, the Hong Kong Monetary Authority (HKMA) issued a circular reminding Authorized Institutions (AIs) of existing regulatory requirements concerning the cross-boundary flow of personal information involving credit data transfers through Credit Reference Agencies (CRAs) under the newly implemented Greater Bay Area (GBA) Standard Contract framework.
Regulatory Compliance Requirements
The circular mandates that AIs participating in the GBA Standard Contract pilots must comply with the Personal Data (Privacy) Ordinance (Cap. 486) when handling cross-boundary consumer or commercial credit data. Specifically, AIs must adhere to the Privacy Commissioner's Code of Practice on Consumer Credit Data, observe Section 5 (security and confidentiality safeguards) and Section 7 (CRA engagement) of the Supervisory Policy Manual (SPM) module IC-6 for consumer credit data, and follow SPM module IC-7 alongside other relevant requirements for commercial credit data.
View the full article:Source
