2016-11-18
Added · Updated
The Hong Kong Monetary Authority has increased the daily maximum transaction limit for small-value funds transfers via Internet banking without two-factor authentication to HK$5,000 per account. This regulatory change, effective immediately, responds to industry feedback and aims to meet growing customer demand while ensuring associated cyber risks remain manageable. Authorized institutions are also granted greater flexibility in selecting notification channels for these transactions, provided the chosen methods align with their specific risk assessments.
Tel: (852) 2878 8228 Fax: (852) 2878 7127 E-mail: bwmlee@hkma.gov.hk Banking Supervision Department Our Ref.: B1/15C B9/29C 18 November 2016 The Chief Executive All Authorized Institutions Dear Sir/Madam, Small-value payment services through Internet banking I am writing to inform you that, following consultation with the banking industry, the Hong Kong Monetary Authority (HKMA) has adjusted upward the maximum transaction limit for small-value funds transfers conducted via Internet banking without two-factor authentication (2FA) to HK$5,000 per day per Internet banking account. In September last year, the HKMA amended the Supervisory Policy Manual module TM-E-1 on e-banking to provide AIs with greater flexibility in the provision of small-value payment services. After the amendment, AIs may allow customers to make small-value funds transfers to third-party payees through Internet banking, without the need for using 2FA, subject to a maximum aggregate rolling limit per Internet banking account of HK$3,000 over 2 days. Many AIs have since then rolled out small-value payment services, and have gained experience in managing the associated risks. When the HKMA consulted the industry recently, there was a suggestion to increase the maximum aggregate transaction limit to HK$5,000 per day per Internet banking account. The HKMA considers that the industry suggestion, if adopted, can enable AIs to satisfy their customers’ growing demand for more frequent and larger aggregate amounts of small-value payments, while the associated risks will remain manageable. AIs should continue to allow customers to set a lower transaction limit for themselves if they so desire. AIs should also stay vigilant to emerging cyber fraud risks and be prepared to step up their security control and customer education efforts when necessary. Taking the
above into account, the HKMA has decided to take on board the industry’s suggestion with immediate effect. Separately, the HKMA also considers it appropriate to allow AIs more flexibility in determining what channel(s) to be used for sending notifications to customers after small-value payment transactions are initiated, provided that the channel(s) chosen is/are commensurate with AIs’ risk assessment. Should you have any questions regarding this letter, please feel free to contact Mr Tsz-Wai Chiu on 2878-1389 or Mr William Chan on 2878-1600. Yours faithfully, Brian Lee Acting Executive Director (Banking Supervision)