· 公众号:业务连续性+

香港金融管理局《OR-2 运营韧性》中文简译

写在前面 :越来越多的人们开始关注运营韧性。事实上,虽然该领域还在快速的发展中,但已经凝聚了一些共识。金融行业是最为关注运营韧性的行业之一,近几年来,多个发达国家/地区的金融监管机构和巴塞尔银行监管委员会陆续发布/修订了运营韧性(Operational Resilience)和业务连续性管理方面的正式文件。为让更多的专业人员和爱好者了解国际运营韧性领域的进展,学习并实践运营韧性的良好实践,在过去两年,我组织了两期公益翻译活动,翻译了巴塞尔银行监管委员会和英国金融监管机构的运营韧性相关资料,包括: 《运营韧性原则》中文简译 (巴塞尔银行监管委员会)(2021年11月23日) 《操作风险稳健管理原则修订》中文简译 (巴塞尔银行监管委员会)(2021年11月29日) 《运营韧性:重要业务服务的影响容忍度》中文简译 (英格兰银行、英国审慎监管局(PRA)和英国金融行为监管局(FCA)联合说明文件)(2022年11月26日) 《政策声明|PS6/21 – 运营韧性:重要业务服务的影响容忍度》中文简译 (英国审慎监管局(PRA)运营韧性政策声明)(2022年11月27日) 《PRA规则手册:CRR机构,Solvency II机构:运营韧性文书2021》中文简译 (英国审慎监管局(PRA)运营韧性政策声明附件1 — PRA规则手册运营韧性部分)(2022年11月28日) 《PRA监管声明|SS1/21 “运营韧性:重要业务服务的影响容忍度”》中文简译 (英国审慎监管局(PRA)运营韧性政策声明附件2 — PRA监管声明SS1/21)(2022年12月1日) 《PRA“运营韧性”政策说明》中文简译 (英国审慎监管局(PRA)运营韧性政策声明附件3 — 运营韧性政策说明)(2022年12月2日)

今年3月,我再次组织了一个公益翻译小组,对美国、爱尔兰、澳大利亚、新加坡和香港等地金融监管机构的运营韧性相关资料进行翻译。7月份前后,翻译小组成员陆续将翻译文稿发送给我,近期我会将这些资料审校完成,陆续在公众号发布。

以下是参与第三期运营韧性资料公益翻译小组的成员 (排名不分前后,按姓氏拼音排序): 高洋(ICBC,william.yang.gao@gmail.com) 江磊(深圳龙华,2014595@qq.com) 刘琪岳(北京) 刘宇(深圳,13316880733@189.cn) 刘元锋(北京农商银行总行,liuyf@bjrcb.com) 林喆(广州,674441632@qq.com) 马骏(埃森哲/大连,patrick.ma2018@outlook.com) 孙宁莉(深圳市韧安咨询服务有限公司,115947186@qq.com) 王舵(大连童安应急管理科技有限公司,prekids@163.com) 徐文静(DNV,wen.jing.xu@dnv.com) 薛春娟(浙江省舟山市,793571689@qq.com) 张锋(北京,zhangfeng76@wo.cn) 周可政(上海,wikikivv@gmail.com) 王曙(新常安科技,kevinwang@vip.sina.com

感谢公益翻译小组的各位专业人员抽出个人时间进行翻译工作。以下译文由我负责最终统一审校定稿,如译文中有任何不准确或理解错误的地方,都是由于我的原因造成,与诸位翻译人员无关。如对译文有意见或修改建议,请给我留言。

王曙(kevinwang) 2023.10.26

这份文件由香港金融管理局(HKMA)于2022年5月31日发布,阐述了香港金融管理局对运营韧性的监管方法,并为认可机构提供在制定运营韧性框架时应考虑的一般原则方面的指导,原文(英文)见: https://www.hkma.gov.hk/media/eng/doc/key-functions/banking-stability/supervisory-policy-manual/OR-2.pdf ;原文(中文繁体)见: https://www.hkma.gov.hk/media/gb_chi/doc/key-functions/banking-stability/supervisory-policy-manual/OR-2.pdf

以下中文简译将先给出(针对英文版)的翻译,再列出英文原文和中文(繁体)原文供参考 。《OR-2 运营韧性》是一个全新的非法定指引。

关于香港金融管理局监管政策手册(SPM)的新模块OR-2和模块TM-G-2修订版的说明

这两个模块旨在实施巴塞尔银行监管委员会(BCBS)于2021年3月发布的运营韧性原则(POR),具体而言: • 新模块OR-2作为指导发布,说明了金管局应对运营韧性的总体方法。它阐述了金管局的期望,即每个认可机构都应具备运营韧性,并就认可机构如何制定一个综合和整体的运营韧性框架来支持这一点提供了高水平的指导。 • 模块TM-G-2修订版补充了新模块OR-2,为业务连续性规划提供了增强的指导,这是有效的运营韧性框架的关键组成部分。它包含了与POR中涵盖的业务连续性规划和测试相关的额外要求,还调整了用于业务连续性规划和运营韧性目的的术语,以提高清晰度。

认可机构应当注意,与运营韧性有关的许多概念和要求并非新鲜事物,并已在金管局现有指导中广泛涵盖。因此,在执行OR-2的要求时,认可机构应参考相关监管政策手册模块。除了模块TM-G-2修订版之外,还包括关于“外包”的SA-2和关于“操作风险管理”的OR-1。

运营韧性 Operational Resilience 運作穩健性

本模块应当与《引言》和包含本手册中使用的缩略语和其他术语的《术语表》一起阅读。如果在线阅读,可点击带蓝色下划线的标题以跳转至相关模块的超链接。 This module should be read in conjunction with the Introduction and with the Glossary, which contains an explanation of abbreviations and other terms used in this Manual. If reading on-line, click on blue underlined headings to activate hyperlinks to the relevant module. 本單元應連同引言與收錄本手冊所用縮寫語及其他術語的辭彙一起細閱。若使用手冊的網上版本,可按動其下面劃有藍線的標題,以接通有關單元。

目的 阐述香港金管局对运营韧性的监管方法,并为认可机构提供它们在制定其运营韧性框架时应考虑的一般原则方面的指导。 Purpose To set out the HKMA’s supervisory approach to operational resilience and provide AIs with guidance on the general principles which they are expected to consider when developing their operational resilience framework. 目的 載明金管局就運作穩健性的監管方法,並為認可機構提供指引,讓它們了解在制定運作穩健性架構時應顧及的整體原則。

分类 金管局作为指导性说明发布的非法定指引。 Classification A non-statutory guideline issued by the MA as a guidance note. 分類 金融管理專員以建議文件形式發出的非法定指引。

取代的原有指南 这是一份新的指引。 Previous guidelines superseded This is a new guideline. 取代舊有指引 本單元為新指引。

适用范围 所有的认可机构。 Application To all AIs. 適用範圍 所有認可機構。

  1. 运营韧性定义
  2. Definition of operational resilience
  3. 運作穩健性定義

1.1 运营扰断(包括因大流行病、网络事件、技术故障和自然灾害造成的)可能会影响单个金融机构的生存能力,进而影响更广泛的金融体系的稳定性。这突显了运营韧性作为监管重点的重要性,并促使全球许多监管机构和标准制定组织发布旨在提高金融机构运营韧性的指导。 1.1 Operational disruptions (including those due to pandemics, cyber incidents, technology failures and natural disasters) can affect the viability of individual financial institutions, and in turn, the stability of the wider financial system. This underscores the significance of operational resilience as a supervisory focus and has motivated many regulators around the world and standard setting bodies to issue guidance that aims to improve the operational resilience of financial institutions. 1.1 運作干擾(包括因疫情、網絡事故、技術故障及天災所引致的干擾)可影響個別金融機構能否持續經營,繼而可影響更廣泛的金融體系的穩定。這凸顯運作穩健性作為監管工作重點的重要,並推動全球不少監管機構及標準制定組織發出旨在提高金融機構的運作穩健性的指引。

1.2 巴塞尔银行监管委员会(BCBS)于2021年3月发布的《运营韧性原则》 (POR) 将运营韧性定义为银行经历扰断交付关键运营的能力。这种能力使银行能够识别威胁和潜在故障并保护自己,进行响应和适应,以及从扰断事件中恢复和学习,以最大程度减少扰断对关键运营交付的影响。 1.2 The Principles for Operational Resilience (POR) issued by the Basel Committee on Banking Supervision (BCBS) in March 2021 defines operational resilience as the ability of a bank to deliver critical operations through disruption. This ability enables a bank to identify and protect itself from threats and potential failures, respond and adapt to, as well as recover and learn from disruptive events in order to minimise their impact on the delivery of critical operations through disruption. 1.2 巴塞爾銀行監管委員會(巴塞爾委員會)於2021年3月發出《運作穩健性原則》,將「運作穩健性」界定為銀行即使遇到干擾仍能繼續維持關鍵運作之能力。這項能力讓銀行能夠識別及防範相關威脅及潛在故障,並因應有關干擾事故作出應對、適應、復原,以及汲取經驗,盡量減少上述事故對維持關鍵運作的影響。

1.3 金管局期望香港所有认可机构都具备运作弹性。如果一家认可机构能够满足以下要求,金管局会认为它具备运营韧性: · 识别并减轻可能威胁关键运营交付的风险。对认可机构而言,“ 关键运营 ”是指:(i)认可机构执行的活动、流程和服务,和(ii)交付此类活动和服务所需的支持性资产(包括人员、技术、信息和设施),一旦扰断,可能会对认可机构本身的生存能力构成重大风险,或影响认可机构在香港金融体系中的作用 [1] 。 · 在发生扰断(包括在严重但可能发生的情景下)时持续交付关键运营。就此而言,认可机构关键运营的扰断不得超过其“ 扰断容忍度 ”,即认可机构可以接受的关键运营的最大扰断程度,并且实际上,更严重的扰断将对认可机构的生存能力构成风险或影响其在香港金融体系中的作用。“ 严重但可能发生的情景 ”是指将导致重大扰断的情况,虽然不太可能(但仍有可能)发生。 · 扰断发生后及时恢复正常运营;和 · 从扰断或未遂事故中吸取教训,不断提高其预防、适应关键运营交付的风险和扰断并从中恢复的能力。 1.3 The HKMA expects all AIs in Hong Kong to be operationally resilient. The HKMA will consider an AI to be operationally resilient if it is able to satisfy the following requirements: Identify and mitigate risks that may threaten delivery of critical operations. In relation to an AI, “ critical operations ” refers to: (i) activities, processes and services performed by the AI, as well as (ii) the supporting assets (including people, technology, information and facilities) necessary for the delivery of such activities and services, which if disrupted, could pose material risks to the viability of the AI itself or impact the AI’s role within the Hong Kong financial system 1 . Continue to deliver critical operations when disruptions occur, including under severe but plausible scenarios. For this purpose, disruptions to an AI’s critical operations must not exceed its “ tolerance for disruption ”, which is defined as the maximum level of disruption to a critical operation that an AI can accept, and is in practice the point after which further disruption would pose risks to the viability of the AI or impact its role within the Hong Kong financial system. “ Severe but plausible scenarios ” refers to situations that would result in significant disruptions, and while unlikely to occur, remain probable. Resume normal operations in a timely manner after disruptions occur; and Absorb learnings from disruptions or near misses to continually improve its ability to prevent, adapt to and recover from risks and disruptions to critical operations delivery. 1.3 金管局預期香港所有認可機構均能夠維持運作穩健,並會視可符合以下規定的認可機構為運作穩健: • 識別及減低可能影響維持關鍵運作的風險——就認可機構而言,「 關鍵運作 」指(i)該機構執行的活動、程序及服務,及(ii)為執行上述活動及服務所需的支援資產(包括人員、科技、資訊及設施),而如果上述活動、服務或所需的支援資產受到干擾,便可能對該認可機構本身能否持續經營構成重大風險,或影響該認可機構在香港金融體系內的角色 1 。 • 當受到干擾(包括在嚴峻但可能發生的情景下)時仍能繼續維持關鍵運作——就此而言,認可機構的關鍵運作所受到的干擾不得超越「 可承受影響上限 」;後者定義為認可機構對某關鍵運作可接受干擾的最高程度。實際上指,如果干擾超越這個上限將對該認可機構能否持續經營構成風險,或會影響其在香港金融體系內的角色。「 嚴峻但可能發生的情景 」指出現機會不大,但仍有可能發生並會導致嚴重干擾的情況。 • 出現干擾後適時恢復正常運作;及 • 從干擾或幾乎發生的干擾事故中汲取經驗——就維持關鍵運作的風險及干擾,不斷提升防範、適應及復原的能力。

  1. 运营韧性框架
  2. Operational resilience framework
  3. 運作穩健性架構

2.1 认可机构应当建立一个运营韧性框架,使其能够满足第1.3节中详述的要求。 2.1 An AI should develop an operational resilience framework which enables it to satisfy the requirements detailed in Section 1.3. 2.1 認可機構應設立運作穩健性架構,以符合第1.3節所載的規定。

2.2 鉴于运营韧性对认可机构经历扰断交付关键运营并在极端情景中保持生存的重要性,认可机构的董事会 [2] 和高级管理层应积极参与建立、实施和监督运营韧性框架。 2.2 Given the importance of operational resilience for an AI to deliver critical operations through disruption and remain viable under extreme scenarios, an AI’s Board of Directors (Board) 2 and senior management are expected to actively participate in establishing, implementing and overseeing the operational resilience framework. 2.2 鑑於運作穩健性對認可機構在受到干擾時能否維持關鍵運作並在極端情景下仍能持續經營非常重要,認可機構的董事局 2 及高級管理層應積極參與有關運作穩健性架構的制定、實施及監察。

2.3 认可机构应当在其运营韧性框架中至少包括以下组成部分。本模块的后续部分提供了关于认可机构如何处理这些组成部分的进一步指导。 • 决定运营韧性指标的机制,即关键运营、扰断容忍度和严重但可能发生的情景。(第 4 节) • 映射工作使认可机构能够深入了解构成关键运营交付基础的相互联系和相互依赖关系,进而确定哪些风险或事件可能影响或扰断关键运营交付。(第 5 节) • 风险管理政策和框架有助于认可机构以综合和整体的方式准备及管理关键运营交付的各种风险。(第 6 节) • 情景测试使认可机构能够定期评估它是否能够在经历扰断(包括在严重但可能发生的情景下)时继续交付关键运营。(第 7 节) • 事件管理程序使认可机构能够有效地响应和管理关键运营交付的扰断。(第 8 节) 2.3 At a minimum, an AI should include the following components within its operational resilience framework. Further guidance on how AIs may approach each of these components is provided in the subsequent sections of this module. Mechanism for determining the operational resilience parameters, namely critical operations, tolerance for disruption and severe but plausible scenarios. (Section 4) Mapping exercises which enable an AI to develop a detailed understanding of the interconnections and interdependencies that underlie critical operations delivery, and in turn, identify what risks or events may affect or disrupt critical operations delivery. (Section 5) Risk management policies and frameworks that help an AI prepare for and manage the various risks to critical operations delivery in an integrated and holistic way. (Section 6) Scenario testing which enables an AI to regularly assess whether it is able to continue delivering critical operations through disruption, including under severe but plausible scenarios. (Section 7) An incident management programme which allows an AI to effectively respond to and manage disruptions to critical operations delivery. (Section 8) 2.3 認可機構應在其運作穩健性架構至少包含以下元素。至於認可機構應如何處理各項元素,本單元其後各章節會有進一步說明。 • 釐定運作穩健性指標的機制——即關鍵運作、可承受影響上限,以及嚴峻但可能發生的情景。(第4節) • 配對工作——認可機構可藉此深入了解賴以執行關鍵運作的各種互連與互倚關係,繼而識別哪些風險或事故可能影響或干擾關鍵運作的執行。(第5節) • 風險管理政策及架構——有助認可機構以綜合及全面方式為各種會影響維持關鍵運作的風險做好準備及管理。(第6節) • 情景測試——讓認可機構定期評估本身在受到干擾(包括在嚴峻但可能發生的情景下)時能否繼續維持關鍵運作。(第7節) • 事故管理計劃——讓認可機構有效應對及處理影響關鍵運作的干擾。(第8節)

2.4 认可机构可以考虑其特定情况 [3] ,决定最合适的方法来建立其运营韧性框架。认可机构可以参考图 1图示的将不同组成部分组合在一起的方式创建整体的运营韧性框架。重要的是要注意,建立运营韧性是一个迭代的过程。这个过程并不总是线性的。认可机构应当积极应用从其框架实施和实际事件管理中吸取的经验教训,不断提高框架的有效性。 图1:制定整体运营韧性框架的分步方法

2.4 An AI may determine the most appropriate approach to developing its operational resilience framework, taking into account its particular circumstances3. AIs may refer to Diagram 1 for an illustration of how the different components can be brought together to create a holistic operational resilience framework. It is important to note that developing operational resilience is an iterative process. The process will not always be linear. An AI should actively apply learnings from its implementation of the framework and the management of actual incidents to continually improve on the effectiveness of the framework. Diagram 1: Step-by-step approach to developing a holistic operational resilience framework

2.4 認可機構可按照本身具體情況決定制定運作穩健性架構3的最合適方法。認可機構可參考圖1,當中描述認可機構可如何融合不同元素以設計全面的運作穩健性架構。值得注意的是, 建立運作穩健性是一個需要持續優化的過程,而且此過程未必為線性。認可機構應積極應用從實施該架構及處理實際事故中所取得的經驗,不斷提升該架構的成效。 圖1 制定全面的運作穩健性架構的流程

  1. 董事会和高级管理层的角色
  2. Role of the Board and senior management
  3. 董事局及高級管理層的角色

3.1 董事会对批准认可机构的运营韧性框架并监督其实施负最终责任。在审查和批准由高级管理层制定的框架时,董事会应当考虑到认可机构的风险偏好。对于境外注册的认可机构,这一角色应当由总部或地区总部负责监督认可机构在香港运营的管理团队承担。 3.1 The Board should be ultimately responsible for approving an AI’s operational resilience framework and for overseeing its implementation. When reviewing and approving the framework developed by senior management, the Board should take into consideration the AI’s risk appetite. For overseas incorporated AIs, this role should rest with the management team at the head office or the regional headquarters overseeing the Hong Kong operations of the AI. 3.1 董事局應為審批認可機構的運作穩健性架構及監察其實施情況負上最終責任。在檢視及審批高級管理層制定的架構時,董事局應顧及認可機構的風險取向。就境外註冊認可機構而言,這項角色應由認可機構總辦事處或負責監察香港業務的地區總部的管理團隊承擔。

3.2 高级管理层应当实施运营韧性框架,并确保为此目的分配足够的资源(包括财务、技术和其他方面)。为协助董事会的监督,高级管理层应当定期、及时向董事会报告认可机构业务部门正在开展的运营韧性情况,特别是当重大缺陷可能影响认可机构关键运营的交付时。 3.2 Senior management should implement the operational resilience framework and ensure that sufficient resources (including financial, technological and otherwise) are allocated to this purpose. To facilitate the Board’s oversight, senior management should provide regular and timely reports to the Board on the ongoing operational resilience of the AI’s business units, particularly when significant deficiencies could affect the delivery of the AI’s critical operations. 3.2 高級管理層應實施運作穩健性架構,並確保為達致此目的調撥足夠資源(包括財政、 科技及其他方面)。為協助董事局的監察,高級管理層應向董事局定期及適時提交有關業務部門持續保持運作穩健性的報告,相關報告於出現有可能影響認可機構維持關鍵運作的重大不足之處時尤其重要。

3.3 董事会和高级管理层应当积极参与认可机构运营韧性指标的设定和审查。具体来说: • 董事会应当批准并定期审查:(i)决定认可机构关键运营的标准;(ii)关键运营的实际名单。检查应当不少于每年一次,或在发生重大运营变化时进行。 • 董事会负责批准由高级管理层制定的扰断容忍度。在高级管理层的协助下,它还应当至少每年一次或在发生重大运营变化时审查扰断容忍度。 • 高级管理层应当确定并由董事会批准严重但可能发生的情景,这些情景将用于审查认可机构是否具备运营韧性。董事会和高级管理层均应定期审查已确定情景的持续相关性。 3.3 The Board and senior management should actively participate in the setting and review of an AI’s operational resilience parameters. Specifically: The Board should approve and regularly review: (i) the criteria for determining an AI’s critical operations; and (ii) the actual list of critical operations. The reviews should be conducted no less than annually or when major operational changes occur. The Board is responsible for approving the tolerance for disruption developed by senior management. Assisted by senior management, it should also review the tolerance for disruption at least on an annual basis or when major operational changes occur. Senior management should identify and the Board should approve the severe but plausible scenarios which will be used to review whether an AI is operationally resilient. Both the Board and senior management should regularly review the continued relevance of the scenarios identified. 3.3 董事局及高級管理層應積極參與制定及檢視認可機構的運作穩健性指標。具體上: • 董事局應審批及定期檢視:(i)釐定認可機構關鍵運作的準則;及(ii)關鍵運作的實際名單。檢視程序應至少每年進行,或在出現重大的運作變動時進行。 • 董事局負責審批由高級管理層設定的可承受影響上限。在高級管理層協助下,董事局亦應至少每年,或在出現重大的運作變動時檢視該上限。 • 高級管理層應識別並由董事局審批嚴峻但可能發生的情景,以檢視認可機構是否能達到運作穩健。董事局及高級管理層應定期檢視被識別的情景是否持續合適。

3.4 董事会对确保认可机构保持运营韧性负最终责任。这将要求董事会确保高级管理层采取适当行动,以解决认可机构保持在其扰断容忍度范围内的能力方面发现的任何缺陷。如果存在不止一个缺陷源,董事会应当确保高级管理层适当地排定补救措施的优先次序。作为一般原则,董事会应当确保将重点放在对可能导致更大扰断、更高风险或面临更重大缺陷的领域进行改进。例如,认可机构应当优先考虑一个可能更早突破其扰断容忍度而非对时间不太敏感的关键运营,或者是一个偏离其扰断容忍度范围而非基本保持在其扰断容忍度范围内的关键运营。 3.4 The Board bears ultimate responsibility for ensuring that an AI remains operationally resilient. This would require the Board to ensure appropriate action is taken by senior management to address any deficiencies identified in an AI’s ability to remain within its tolerance for disruption. In the event that there is more than one source of deficiency, the Board should ensure that senior management suitably prioritise the remedial actions. As a general principle, the Board should ensure focus is placed on making improvements to those areas that would result in larger disruptions, higher risks or are facing more significant deficiencies. For instance, an AI should prioritise a critical operation that would more sooner breach its tolerance for disruption over one that is less time sensitive, or a critical operation that is further away from remaining within its tolerance for disruption over one that is largely within its tolerance for disruption. 3.4 董事局就確保認可機構能夠維持運作穩健負有最終責任。為此,董事局須確保高級管理層採取適當行動,以處理會影響認可機構能否保持在可承受影響上限内的不足之處。若有多於一項不足之處,董事局應確保高級管理層適當安排補救行動的先後次序。作為整體原則,董事局應重點關注改進較大型干擾、較高風險或涉及更重大不足之處的環節。例如,比較某項會較快超越可承受影響上限的關鍵運作,與另一時間敏感程度較低的關鍵運作;或比較某項較遠離可承受影響範圍的關鍵運作,與另一大致處於可承受範圍之內的關鍵運作,認可機構均應優先處理前者。

3.5 董事会和高级管理层应当定期审查认可机构运营韧性框架的适用性和有效性。这些审查在运营变化后和运营变化生效后的过渡期内尤为重要。 3.5 The Board and senior management should regularly review the suitability and effectiveness of the AI’s operational resilience framework. These reviews are particularly important following operational changes and during the transitory period after an operational change comes into effect. 3.5 董事局及高級管理層應定期檢視認可機構的運作穩健性架構是否維持合適及有效。有關檢討在推行運作變動後以及運作變動生效後的過渡期內尤其重要。

3.6 董事会在建立对认可机构运营韧性框架的广泛了解方面应当发挥积极作用。它应当监督并确保向所有相关方(包括员工、集团内实体和第三方)清楚地传达框架的目标。应当定期向员工提供培训,以加强他们对认可机构运营韧性框架的理解。 3.6 The Board should play an active role in establishing a broad understanding of the AI’s operational resilience framework. It should oversee and ensure clear communication of the objectives of the framework to all relevant parties, including staff, intragroup entities and third parties. Regular training on the AI’s operational resilience framework should be provided to staff to reinforce their understanding. 3.6 董事局應積極建立對認可機構運作穩健性架構的廣泛了解。董事局應監察及確保向所有相關各方(包括員工、集團內部實體及第三方)清楚說明該架構的目標。認可機構應為員工提供定期培訓,加強他們對運作穩健性架構的了解。

  1. 决定运营韧性指标
  2. Determining operational resilience parameters
  3. 釐定運作穩健性指標

4.1 确定关键运营 4.1 Identifying critical operations 4.1 識別關鍵運作

4.1.1 作为制定稳健运营韧性框架的第一步,认可机构应当确定其关键运营。确定的关键运营的数量应当与认可机构运营的规模、性质和复杂程度相称。 4.1.1 As a first step to developing a sound operational resilience framework, an AI should identify its critical operations. The number of critical operations identified should be commensurate with the size, nature and complexity of the AI’s operations. 4.1.1 識別關鍵運作是認可機構制定一個妥善的運作穩健性架構的第一步。被識別出的關鍵運作數目,應與認可機構運作的規模、性質及複雜程度相符。

4.1.2 在确定其关键运营时,认可机构应当考虑一组明确的标准。这些标准应当使认可机构审慎地评估一旦运营发生扰断,是否会影响: (a)认可机构的生存能力。可考虑的因素包括对客户和人员的影响,以及财务、声誉、法律和监管方面的影响。 (b)认可机构在香港金融体系中的作用。可考虑的因素包括扰断如何影响认可机构所发挥的特定市场作用(例如货币发行或清算)以及与银行间市场交易对手的关系。 为免产生疑问,虽然认可机构明确的用于确定关键运营的标准集应当包含上述(a)和(b)的要素,但特定运营无需同时影响(a)和(b)也可以被归类为关键运营。 4.1.2 When identifying its critical operations, an AI should take into consideration a set of defined criteria. These criteria should allow an AI to critically assess whether an operation, if disrupted, would affect: The AI’s viability. Possible factors to consider include the impact on customers and personnel, and financial, reputational, legal and regulatory implications. The AI’s role in the Hong Kong financial system. Possible factors to consider include how disruptions may affect specific market roles played by the AI (e.g. note issuance or clearing) as well as relationships with counterparties in the interbank market. For the avoidance of doubt, while the set of criteria defined by AIs for identifying critical operations should encompass elements of both (a) and (b) above, a given operation need not impact both (a) and (b) in order for it to be classified as a critical operation. 4.1.2 在識別關鍵運作時,認可機構應考慮一系列訂明準則;該些準則應能夠讓認可機構嚴謹評估一旦某項運作被干擾時會否影響以下各項: (a) 認可機構能否持續經營——可考慮的因素包括對客戶及人員的影響,以及財務、聲譽、法律及監管方面的影響。 (b) 認可機構在香港金融體系内的角色——可考慮的因素包括各種干擾如何可能影響認可機構擔當的特定市場角色(例如發行鈔票或結算)及其在銀行同業市場與對手方的關係。 為免產生疑問,認可機構訂明用作識別關鍵運作的一系列準則應包含上述(a)及(b)項元素,但某項特定運作無需同時影響(a)及(b)項才可被列作關鍵運作。

4.1.3 在确定关键运营的过程中,认可机构可以视情况利用其恢复和处置计划中所涵盖的相关概念。 4.1.3 In the process of identifying its critical operations, an AI may, where appropriate, leverage on relevant concepts covered within its recovery and resolution plans. 4.1.3 在識別關鍵運作的過程中,認可機構可在適當情況參考其恢復與處置計劃所涵蓋的相關概念。

4.2 设定扰断容忍度 4.2 Setting tolerance for disruption 4.2 設定可承受影響上限

4.2.1应当为每个关键运营设定扰断容忍度。它应当至少包括一个基于时间的指标,但也可以包括其他定量指标(例如交易量或交易额)和定性指标(例如声誉或法律影响)的组合。 4.2.1 A tolerance for disruption should be set for each critical operation. It should include at least a time-based metric, but may also include a combination of other quantitative (e.g. volume or value of transactions) and qualitative metrics (e.g. reputational or legal implications). 4.2.1 每項關鍵運作均應設定可承受影響上限,當中應至少包含時間為本的指標,但亦可涵蓋不同指標的組合,包括其他計量指標(例如交易量及交易額)及質量指標(例如聲譽或法律影響)。

4.2.2在设定扰断容忍度时,应当考虑到认可机构的运营能力,因为广泛的严重但可能发生的情景都会影响其关键运营。认可机构应当意识到,他们的运营能力可能会因不同的商业周期或因季节因素而有所不同。例如,在更多首次公开发行推出期间,认可机构的交易系统更有可能承受压力,这可能会削弱认可机构应对严重但可能发生情景的能力。 4.2.2 In setting the tolerance for disruption, consideration should be given to an AI’s operational capabilities given a broad range of severe but plausible scenarios that would affect its critical operations. AIs should be aware that their operational capabilities may vary during different business cycles or as a result of seasonal factors. For instance, during the periods of time when more initial public offerings are launched, an AI’s trading systems are more likely to come under stress, which could weaken the AI’s ability to respond under severe but plausible scenarios. 4.2.2 在設定可承受影響上限時,認可機構應考慮本身在不同嚴峻但可能發生而會影響其關鍵運作的情景下的運作能力。認可機構應注意在不同業務周期或受季節因素影響時,其運作能力或會有所不同。例如,遇到較多首次發售新股活動時,認可機構的交易系統有較大機會出現受壓,而這或會削弱其對嚴峻但可能發生的情景的應對能力。

4.3 确定严重但可能发生的情景 4.3 Identifying severe but plausible scenarios 4.3 識別嚴峻但可能發生的情景

4.3.1 认可机构应当确定与其业务和风险状况相关的一系列不同类型、严重程度和持续时间的情景。认可机构可以考虑的情景例子包括但不限于大流行病、自然灾害以及第三方或第三方供应链内的故障或扰断。 4.3.1 AIs should identify a range of scenarios of different nature, severity and duration relevant to its business and risk profile. Examples of scenarios that AIs may consider include, but are not limited to, pandemics, natural disasters, and failures or disruptions at a third party or within the third party’s supply chain. 4.3.1 認可機構應按照本身業務及風險狀況識別一系列不同性質、嚴重程度及持續時間的情景,包括但不限於疫症、天災、第三方或第三方供應鏈内發生故障或受到干擾等例子。

4.3.2 在确定情景时,认可机构应当参考机构内部或跨金融部门的,以及其他部门或司法管辖区的过往事件或未遂事故,或基于不断变化的运营环境可能导致重大扰断的任何情况。 4.3.2 When identifying the scenarios, AIs should make reference to previous incidents or near misses within the institution or across financial sectors, as well as in other sectors or jurisdictions, or any situations that could result in significant disruptions given the changing operational landscape. 4.3.2 在識別相關情景時,認可機構應參考本身、在金融行業、其他行業或地區曾經出現或幾乎出現的事故,以及在持續變化的運作環境下可能導致重大干擾的任何情況。

  1. 映射构成关键运营基础的相互联系和相互依赖关系
  2. Mapping interconnections and interdependencies underlying critical operations
  3. 配對關鍵運作涉及的互連與互倚關係

5.1 认可机构的适当职能部门应当确定并记录认可机构交付其关键运营所需的:(i)人员、流程、技术、信息、设施;和(ii)这些因素之间的相互联系和相互依赖关系。在考虑第(ii)项时,认可机构还应当包括那些依赖第三方和集团内安排的相互联系和相互依赖关系。 5.1 The appropriate functions within an AI should identify and document: (i) the people, processes, technology, information, facilities; and (ii) the interconnections and interdependencies among these factors that are necessary for the AI to deliver its critical operations. When considering (ii), an AI should also include those interconnections and interdependencies that depend on third parties and intragroup arrangements. 5.1 認可機構應由適當的職能部門識別及記錄該機構為維持關鍵運作所需的:(i)人員、程序、 科技、資訊、設施;及(ii)上述因素之間的互連與互倚關係。在考慮第(ii)項時,認可機構亦應顧及倚賴第三方及集團內部安排的互連與互倚關係。

5.2 映射的方法和颗粒度水平应当足以使认可机构识别漏洞,并促进测试认可机构在扰断期间交付关键运营的能力。认可机构还应考虑在其运营韧性框架下映射采用的方法,是否与为恢复和处置规划目的采用的方法适当协调。 5.2 The approach and level of granularity of mapping should be sufficient to enable the AI to identify vulnerabilities and facilitate the testing of the AI’s ability to deliver critical operations through disruptions. AIs should also consider whether the approach adopted for mapping under its operational resilience framework is appropriately harmonised with that adopted for recovery and resolution planning purposes. 5.2 配對方法及精細程度應足以讓認可機構識別潛在風險,並有助測試認可機構能否在遇到干擾時仍繼續維持關鍵運作。認可機構亦應考慮運作穩健性架構下的配對方法,是否與為恢復與處置規劃目的所用方法適當協調。

5.3 映射文档的编制方式应当与认可机构的大小、规模和复杂程度相称。在发生扰断时,所有相关方也应当可以使用它。 5.3 The mapping documentation should be prepared in a way that is proportionate to the AI’s size, scale and complexity. It should also be usable by all relevant parties in the event of disruptions. 5.3 配對文件的擬備方式,應與認可機構的規模及複雜程度相稱。該文件應具可用性,一旦受到干擾時,所有相關人士均可以使用。

5.4 认可机构应定期,但应至少每年一次或在其运营发生任何重大变化后,审查并按需更新其映射文件。 5.4 AIs are expected to review, and where necessary update, their mapping documentation on a regular basis, but no less than annually or following any material changes to their operations. 5.4 認可機構應定期,但應不少於每年一次或在業務出現任何重大變化後,檢視並按需要更新配對文件。

  1. 为关键运营交付准备和管理风险
  2. Preparing for and managing risks to critical operations delivery
  3. 為維持關鍵運作所面對的風險做好準備及管理

6.1认可机构应当为管理所有可能影响关键运营交付的风险做好准备。由于特定的关键运营可能面临许多风险,认可机构应当酌情利用不同的风险管理框架,为关键运营提供整体和全面的支持。 6.1 AIs should be prepared to manage all risks with potential to affect critical operations delivery. As a given critical operation may face a number of risks, AIs should leverage different risk management frameworks, as appropriate, to offer holistic and comprehensive support to the critical operation. 6.1 認可機構應為管理所有可能影響維持關鍵運作的風險做好準備。由於個別關鍵運作可能面臨多項風險,認可機構應按情況適當地利用不同風險管理架構,為關鍵運作提供整體及全面的支援。

6.2 金管局期望认可机构在运营韧性方面,应当至少考虑以下风险管理组件: • 操作风险管理:由于操作风险管理的重点是预防和尽量减少运营损失,有助于认可机构保持运营韧性工作。因此,操作风险管理应当被视为有效运营韧性框架的关键要素。 • 业务连续性规划和测试:业务连续性规划和测试支持认可机构为紧急情况或灾难做好准备并从中恢复的能力,有助于认可机构在扰断期间继续交付其关键运营的能力。因此,认可机构应当确保其关键运营符合适当的业务连续性规划和测试安排。 • 第三方依赖关系管理:随着认可机构越来越多地聘用第三方或集团内实体提供服务或交付功能,它们应当努力防止这些实体的扰断影响关键运营交付。为确保将关键运营的潜在风险降至最低,认可机构应当和管理外包安排一样,管理其对第三方和集团内实体的依赖关系。在签订支持交付关键运营的安排之前,认可机构应当验证相关第三方或集团内实体是否至少具有与认可机构相当的运营韧性水平。如果此类验证不可行,认可机构应当采取后备措施,确保签约第三方或集团内部实体不会削弱其在发生扰断时交付关键业务的能力。在签约期间,认可机构应当制定适当的安排,以持续确保第三方或集团内实体保持可接受的运营韧性水平。此外,认可机构应当制定适当的业务连续性和应急规划程序以及退出策略,以在第三方或集团内实体发生可能影响其关键业务交付的故障或扰断时保持其运营韧性。认可机构不应当签署或继续任何可能削弱认可机构关键运营的运营韧性的第三方或集团内安排。 • 信息和通信技术(ICT),包括网络安全:越来越多的技术采用,提高了认可机构的关键运营依赖ICT风险管理的可能性,或可能受到ICT风险管理失误的影响。为减低这方面的风险,认可机构应当制定涵盖网络安全的ICT政策,以及确保关键信息资产的机密性、完整性和可用性的安排。 6.2 The HKMA expects that AIs should, at a minimum, take into consideration the following risk management components with respect to operational resilience:- Operational risk management: As operational risk management focuses on preventing and minimizing operational losses, it contributes to an AI’s efforts to maintain operational resilience. Operational risk management should therefore be considered as a crucial element of an effective operational resilience framework. Business continuity planning and testing: Business continuity planning and testing supports an AI’s ability to prepare for and recover from emergencies or disasters, and therefore contributes to an AI’s ability to continue delivering its critical operations through disruptions. Accordingly, AIs should ensure that their critical operations are subject to appropriate business continuity planning and testing arrangements. Third-party dependency management: As AIs increasingly engage third parties or intragroup entities for the provision of services or delivery of functions, they should endeavour to prevent disruptions at these entities from affecting critical operations delivery. To ensure potential risks to critical operations are minimised, AIs should manage their dependencies on third parties and intragroup entities as they would with outsourcing arrangements. Prior to entering into arrangements that support the delivery of critical operations, an AI should verify whether the relevant third parties or intragroup entities have at least equivalent level of operational resilience to that of the AI. Where such verification is not feasible, the AI should take alternative steps to satisfy itself that the engagement of the third party or intragroup entity would not weaken its ability to deliver critical operations in the event of a disruption. During the course of engagement, an AI should have adequate arrangements in place to continually satisfy itself that the third party or intragroup entity has maintained an acceptable level of operational resilience. In addition, an AI should develop appropriate business continuity and contingency planning procedures and exit strategies to maintain its operational resilience in the event of a failure or disruption at a third party or intragroup entity which may impact its delivery of critical operations. An AI should not enter into, or continue, any third party or intragroup arrangements that may weaken the operational resilience of the AI’s critical operations. Information and Communication Technology (ICT) including cyber security: Growing technology adoption raises the likelihood that an AI’s critical operations may depend on or may be affected by lapses in ICT risk management. To minimise risks in this regard, AIs should have in place an ICT policy which covers cyber security, as well as arrangements for ensuring the confidentiality, integrity and availability of critical information assets. 6.2 金管局預期認可機構應至少考慮以下有關運作穩健性的風險管理元素: • 業務操作風險管理:業務操作風險管理的重點是防範及減少運作損失,有助認可機構維持運作穩健性。因此,業務操作風險管理應被視為有效運作穩健性架構的關鍵元素之一。 • 持續業務運作規劃及測試:持續業務運作規劃及測試有助認可機構因應緊急情況或重大事故做好準備及復原,因此有助其在受干擾期間繼續維持關鍵運作。因此,認可機構應為關鍵運作安排適當的持續業務運作規劃及測試。 • 對倚賴第三方的管理:隨着認可機構更多僱用第三方或集團內部實體提供服務或執行功能,它們應致力防止這些實體所受的干擾影響關鍵運作的執行。為確保盡量減少對關鍵運作的潛在風險,認可機構應根據管理外判的安排管理對第三方及集團內部實體的倚賴。在達成有助維持關鍵運作的安排前,認可機構應查核相關第三方或集團內部實體是否至少具有與該機構同等水平的運作穩健性。若此項查核不可行,認可機構應採取替代措施,以確信僱用第三方或集團內部實體不會削弱其在受到干擾時維持關鍵運作的能力。在僱用過程中,認可機構應有足夠安排以持續令該機構確信第三方或集團內部實體已維持可接受的運作穩健性水平。此外,認可機構應制定適當的持續業務運作與應變規劃程序及退場策略,確保一旦第三方或集團內部實體發生可能影響維持關鍵運作的故障或干擾的情況時,該機構仍能保持運作穩健性。認可機構不應與第三方或集團內部達成或繼續任何可能削弱其關鍵運作的運作穩健性的安排。 • 資訊及通訊科技,包括網絡安全:在科技應用日漸普及下,認可機構的關鍵運作有較大機會依賴或受到資訊及通訊科技的風險管理失誤影響。為盡量減少這方面的風險,認可機構應制定資訊及通訊科技政策,當中應涵蓋網絡安全,以及為確保關鍵資訊資產的保密性, 完整性與可用性的安排。

6.3 认可机构应当注意,与运营韧性相关的大多数风险管理考虑因素并非新鲜事物,并已在金管局现有指导中涵盖。这些包括但不限于:《监管政策手册》(SPM)模块“TM-G-1 科技风险管理的一般原则”、“TM-G-2 业务连续性规划”、“OR-1 操作风险管理”、“SA-2 外包”以及“网络弹性评估框架2.0”。认可机构应当参阅并确保其符合其中所载的监管要求。 6.3 AIs should note that most of the risk management considerations associated with operational resilience are not new, and are already covered by existing HKMA guidance. These include but are not limited to: Supervisory Policy Manual (SPM) modules “TM-G-1 General Principles for Technology Risk Management”, “TM-G-2 Business Continuity Planning”, “OR-1 Operational Risk Management”, “SA-2 Outsourcing”, as well as “Cyber Resilience Assessment Framework 2.0”. AIs should refer to and ensure that they are compliant with the supervisory requirements contained therein. 6.3 認可機構應注意,運作穩健性涉及的大部分風險管理考慮因素並不是新的要求,並已在金管局現有指引中涵蓋。這包括但不限於《監管政策手冊》單元TM-G-1「科技風險管理的一般原則」、TM-G-2「持續業務運作規劃」、OR-1「業務操作風險管理」、SA-2「外判」,以及「網絡防衛評估框架 2.0」。認可機構應參閱上述各項所載監管規定,並確保遵守當中的監管要求。

  1. 测试在严重但可能发生的情景下交付关键运营的能力
  2. Testing ability to deliver critical operations under severe but plausible scenarios
  3. 測試在嚴峻但可能發生的情景下仍可維持關鍵運作的能力

7.1认可机构应当定期测试其运营韧性框架,以确保其能够在经历扰断(包括在严重但可能发生的情景下)时继续交付其关键运营 7.1 AIs should conduct regular testing of their operational resilience framework to ensure that they are able to continue delivering their critical operations through disruptions, including under severe but plausible scenarios. 7.1 認可機構應定期測試其運作穩健性架構,以確保在受到干擾時,包括在嚴峻但可能發生的情景下,仍能繼續維持關鍵運作。

7.2 在考虑测试要求时,认可机构应当考虑以下内容: • 测试演练应当包括现实的假设,并应涵盖认可机构的相互联系和相互依赖关系,包括通过与集团内实体和第三方的关系。 • 测试频率应当根据各种因素决定,包括扰断的潜在影响、认可机构有多少关键运营,以及经营环境是否发生重大变化。 • 不同类型的测试(如基于纸面的、模拟或实时系统测试)有不同的目的,认可机构应当根据具体测试演练的性质或需要调配最合适的测试类型。认可机构还应当考虑并审慎管理测试本身可能引入的风险。 • 认可机构应当调配具有适当专业知识的员工进行测试。测试方法应当规定参与员工的类型,包括其资历、资格及来源职能(例如第一、第二或第三道防线)。 • 认可机构应当考虑如何利用测试演练来提高员工的运营韧性意识和在扰断期间的行动准备,从而提高他们有效适应和应对不同类型扰断事件的能力。 7.2 When considering the testing requirement, AIs should take into account the following: The testing exercises should include realistic assumptions, and should encompass the AI’s interconnections and interdependencies, including those through relationships with intragroup entities and third parties. The frequency of testing should be determined based on a variety of factors, including the potential impact of a disruption, how many critical operations an AI has, and whether the operating environment has materially changed. Different types of testing (e.g. paper-based, simulations or live-systems testing) serve different purposes and AIs should deploy the most appropriate type of testing based on the nature or needs of the specific testing exercise. An AI should also consider and carefully manage the risks that may be introduced by the testing itself. AIs should deploy staff with appropriate expertise to conduct the testing. The testing approach should dictate the type of staff involved, including their seniority, qualifications as well as the function (e.g. first, second or third line of defence) from which they are sourced. AIs should consider how they may leverage the testing exercises to enhance their staff’s operational resilience awareness and readiness to operate during disruptions, thereby improving their ability to effectively adapt and respond to different types of disruptive events. 7.2 就測試要求,認可機構應考慮以下各項: • 測試演習應包括切合現實的假設,並應涵蓋認可機構的互連與互倚關係(包括與集團內部實體及第三方之間的關係)。 • 測試頻率應根據多個因素決定,包括某干擾的潛在影響、認可機構有多少關鍵運作,以及運作環境是否有發生重大變化。 • 不同類別的測試(例如紙本、模擬或實時系統測試)有助達成不同目標,認可機構應根據個別測試的性質或具體需要揀選最合適的測試類別。認可機構亦應考慮並審慎管理測試本身可能引入的風險。 • 認可機構應指派具適當專業知識的人員執行測試。涉及的人員類別,包括其年資、資格及所屬職能(例如屬於第一、第二或第三道防線)應根據測試方法而決定。 • 認可機構應考慮如何利用測試來加強員工對運作穩健性的意識及做好在受到干擾期間仍能維持運作的準備,從而提高他們有效適應及應對不同類別干擾事故的能力。

7.3 在可行的情况下,认可机构可利用现有的测试安排,包括为业务连续性规划目的而设计的测试安排,以符合运营韧性相关的测试要求。认可机构应当能够证明现有的测试演练如何使其能够实现运营韧性情景测试的特定目标。 7.3 Where practicable, AIs may leverage on existing testing arrangements, including those devised for business continuity planning purposes, to fulfill the testing requirement relating to operational resilience. An AI should be able to demonstrate how an existing testing exercise enables it to achieve the specific objectives of scenario testing for operational resilience purposes. 7.3 在切實可行的情況下,認可機構可借助現有的測試安排,包括就持續業務運作規劃設立的安排,以符合運作穩健性相關的測試規定。認可機構應能展示現有的測試安排如何令其能夠達致運作穩健性的情景測試的特定目標。

7.4 每次测试演练后,认可机构应当准备一份正式的测试报告,记录发现的任何差距或弱点,并记录计划的补救措施。认可机构的高级管理层应当审查这些报告。 7.4 After each testing exercise, an AI should prepare a formal testing report to record any gaps or weaknesses identified, as well as document the remedial actions planned. The reports should be reviewed by the AI’s senior management. 7.4 每次測試結束後,認可機構應擬備正式測試報告,記述識別的任何落差或不足之處,並載明計劃的補救行動。該報告應由認可機構高級管理層審查。

  1. 响应和从事件中恢复
  2. Responding to and recovering from incidents
  3. 應對事故及復原

8.1 虽然认可机构应当投入足够的努力预防扰断,但它应当认识到,无论其运营韧性框架如何健全,扰断仍会发生。因此,认可机构应当为管理和从事件中恢复做好准备。 8.1 While an AI should dedicate adequate efforts to preventing disruptions, it should recognise that disruptions will occur no matter how robust its operational resilience framework is. An AI should therefore be prepared to manage and recover from incidents. 8.1 認可機構應致力防範干擾。然而亦應注意即使具備完善的運作穩健性架構,干擾事故仍會發生。因此,認可機構應做好準備妥善管理事故及致力復原。

8.2 具体而言,认可机构应当建立有效的事件管理计划来管理所有事件,特别是可能影响其关键运营的事件。该计划应当涵盖因依赖关系而可能发生的事件,包括与第三方和集团内实体相关的事件。 8.2 Specifically, an AI should establish an effective incident management programme to manage all incidents, especially those that may impact its critical operations. The programme should cover those incidents that may arise due to dependencies, including those on third parties and intragroup entities. 8.2 具體而言,認可機構應設立有效的事故管理計劃來管理所有事故,尤其是可能影響關鍵運作的事故。該計劃應涵蓋因倚賴關係而可能出現的事故,包括涉及第三方及集團內部實體的關係。

8.3 事件管理计划应当涵盖任何事件的整个生命周期,并包括: • 根据预定义标准对事件严重程度的分级。这应当使认可机构能够确定优先级并分配资源以应对事件。 • 事件响应和恢复程序。应当定期对其进行审查、测试和更新。它们与认可机构业务连续性、灾难恢复和其它相关管理计划和程序的联系也应当明确地形成文件。 • 根据事件情况的需要,向所有相关方(包括内部和外部各方)报告事件的沟通计划。在适当的情况下,应当在事件期间(例如,提供绩效指标)和之后进行沟通,包括传达对经验教训的分析。 • 事故的根本原因分析,以帮助预防或最大程度地减少再次发生。 8.3 The incident management programme should capture the full lifecycle of any incidents and involve: Classification of an incident’s severity based on predefined criteria. This should enable the AI to prioritise and allocate resources to respond to an incident. Incident response and recovery procedures. These should be reviewed, tested and updated on a regular basis. Their connection to the AI’s business continuity, disaster recovery and other associated management plans and procedures should also be clearly documented. Communication plans for reporting incidents to all relevant stakeholders, including both internal and external parties, as the circumstances of the incident may require. Communication, where appropriate, should take place during the incident (e.g. to provide performance metrics), and after, including to convey analysis of lessons learned. Root cause analysis of incidents to help with the prevention or minimisation of recurrence. 8.3 事故管理計劃應涵蓋有關事故的整個周期,並包含: • 按照預設準則將事故嚴重程度分類——此舉讓認可機構安排資源優次及進行調撥,以應對事故。 • 事故應對及復原程序——認可機構應定期檢視、測試及更新這些程序,亦應清楚記錄相關程序與持續業務運作、 事故復原及其他相關管理計劃與程序的關聯。 • 根據事故狀況所需,向所有相關持份者(包括內部及外部各方)報告事故的傳訊計劃——認可機構應適當地在事故過程傳達訊息,包括在事故期間(例如提供表現指標)及事故過後(包括提供從事故汲取經驗的分析) 。 • 事故成因分析——以防止或減少事故再次出現的情況。

8.4 事件管理计划应当得到内部和第三方资源清单的支持,以便能够及时响应事故和恢复。它还应当反映从以住事件中吸取的教训,包括其他方经历的教训。 8.4 The incident management programme should be supported by an inventory of internal and third party resources to enable prompt incident response and recovery. It should also reflect the lessons learned from previous incidents, including those experienced by others. 8.4 事故管理計劃應輔以載明內部及第三方資源的清單,以助即時應對事故及復原。該計劃亦應反映從以往事故(包括別方面對的事故)汲取到的經驗。

8.5 认可机构应当注意,上述要求补充了现有的金管局事故管理指导。这些包括但不限于SPM模块“TM-G-2 业务连续性规划”和“TM-G-1 科技风险管理的一般原则”,和金管局于2010年6月发布的关于“事件响应和管理程序”的通告。认可机构应当审查相关材料,并确保其符合其中所载的监管要求。 8.5 AIs should note that the above requirements complement existing HKMA guidance on incident management. These include but are not limited to SPM modules “TM-G-2 Business Continuity Planning” and “TM-G-1 General Principles for Technology Risk Management”, and the HKMA’s circular on “Incident Response and Management Procedures” issued in June 2010. AIs should review relevant materials and ensure that they are compliant with the supervisory requirements contained therein. 8.5 認可機構應注意上述規定補足金管局現有的事故管理指引,當中包括但不限於TM-G-2「持續業務運作規劃」與TM-G-1「科技風險管理的一般原則」,以及金管局於2010年6月發出的「事故應變及管理程序」通告。認可機構應檢視相關資料,並確保遵守各項監管規定。

  1. 实施运营韧性要求
  2. Implementation of operational resilience requirements
  3. 實施運作穩健性規定

9.1 适用范围 9.1 Application 9.1 應用範圍

9.1.1 本模块中包含的要求适用于所有认可机构。本地注册的认可机构应当致力于就其附属机构和境外运营实施本模块的指导,境外注册的认可机构则就其香港运营实施指导。。 9.1.1 The requirements contained in this module apply to all AIs. Locally incorporated AIs should endeavour to implement the guidance of this module with respect to their subsidiaries and overseas operations, and for overseas incorporated AIs with respect to their operations in Hong Kong. 9.1.1 本單元所載規定適用於所有認可機構。本地註冊認可機構應致力就其附屬公司及境外業務實施本單元的規定,境外註冊認可機構則應就香港業務實施這些規定。

9.1.2 根据金管局风险为本的监管方法,认可机构应以相称的方式实施要求,并制订“切合目的”的运作韧性框架,即与其性质、规模、复杂程度和风险状况相称。 9.1.2 In line with the HKMA’s risk-based approach to supervision, AIs are expected to implement the requirements in a proportionate manner and develop an operational resilience framework that is “fit for purpose”, i.e. commensurate with their nature, size, complexity and risk profile. 9.1.2 根據金管局的風險為本的監管方法,認可機構應相稱地實施上述規定,並制定「切合目的」的運作穩健性架構,即該架構應與機構的業務性質、規模、複雜程度及風險狀況相稱。

9.2 实施时间表 9.2 Timeline for implementation 9.2 實施時間表

9.2.1 金管局期望在最终模块发布后1年内,认可机构: (a)制定运营韧性框架;和 (b)决定实施运营韧性框架和达到运营韧性的时间表。 9.2.1 By 1 year after the date upon which the final module is issued, the HKMA expects an AI to have: (a) Developed its operational resilience framework; and (b) Determined the timeline by which it will have implemented the operational resilience framework, and become operationally resilient. 9.2.1 金管局預期認可機構應在本單元最終版本發出日期後1年內: (a) 制定運作穩健性架構;及 (b) 決定實施運作穩健性架構及達到運作穩健要求的時間表

9.2.2 就9.2.1(a)而言,认可机构应确定运营韧性指标,并开始制定基本的映射计划。后者对于确保认可机构充分理解构成其关键运营基础的相互联系和相互依赖关系至关重要,进尔,能够制定其运营韧性框架的其他组成部分,包括确定影响关键运营交付而需要解决的特定类型风险,以及如何最合适地进行测试。金管局认识到,认可机构可能无法在最初阶段做出达到全面复杂程度的映射,相反,随着认可机构在实施其运营韧性框架方面获得更多经验,它们会不断改进。 9.2.2 For the purposes of 9.2.1(a), AIs are expected to have identified the operational resilience parameters and commenced a basic programme of mapping. The latter will be crucial to ensuring that an AI adequately understands the interconnections and interdependencies that underlie its critical operations, and in turn, is able to develop the other components of its operational resilience framework, including to identify the specific types of risks to critical operations delivery that need to be addressed, as well as how to most suitably conduct testing. The HKMA recognises that AIs may not be able to produce mapping that reaches the full level of sophistication at the initial stage, and instead, would expect AIs to make continual improvements as they obtain more experience in implementing their operational resilience frameworks. 9.2.2 就第9.2.1(a)節而言,認可機構應識別運作穩健性指標及展開基本配對工作;後者對確保認可機構充分了解本身關鍵運作涉及的互連與互倚關係具關鍵作用,進而能夠制定運作穩健性架構其他組成部分,包括識別影響關鍵運作而需要處理的具體風險類別,以及如何以最合適方法進行測試。金管局明白認可機構在最初期的配對工作未必能達到最成熟的程度,因此金管局期望認可機構應隨着執行運作穩健性架構方面取得較多經驗後持續予以改善。

9.2.3鉴于营运韧性的重要性,金管局期望认可机构在切实可行的情况下尽快具备运营韧性。尽管如此,金管局也认识到,达到运营韧性是一项资源密集型工作(原因包括它涉及映射工作,对于较大的认可机构来说可能更复杂,并且可能涉及重大的系统变更)。考虑到需要容纳不同规模和复杂程度的认可机构,金管局决定允许认可机构在最长3年具备运营韧性。换言之,第9.2.1(b)节规定的时间表不应超过从最终模块发布之日起1年扩展到3年。在此时间点之后,认可机构应全面实施其运营韧性框架,包括进行情景测试,并能够满足第1.3节的要求。尽管时间限制为3年,但鼓励认可机构在情况允许的情况下尽快具备运营韧性。金管局参与和认可机构的积极讨论,以审查其提议的时间表是否合适。 9.2.3 Given the importance of operational resilience, the HKMA expects AIs to become operationally resilient as soon as practicable. That said, the HKMA also recognises that becoming operationally resilient is a resource-intensive exercise (for reasons including that it involves mapping exercises which may be more complex for larger AIs, and could involve substantial system changes). Taking into consideration the need to accommodate AIs of different size and complexity, the HKMA has decided to allow AIs up to 3 years to become operationally resilient. In other words, the timeline specified under Section 9.2.1(b) should not extend beyond 3 years from 1 year after the date upon which the final module is issued. After this point in time, an AI will be expected to have fully implemented its operational resilience framework, including to have conducted scenario testing, and be able to satisfy the requirements in Section 1.3. Notwithstanding the 3-year time limit, AIs are encouraged to become operationally resilient as soon as their circumstances allow. The HKMA will engage in active discussions with AIs to review the suitability of their proposed timelines. 9.2.3 鑑於運作穩健性的重要,金管局預期認可機構在切實可行情況下盡快達到運作穩健。儘管如此,金管局亦明白達到運作穩健是一項須動用大量資源的工作(例如,當中的配對工作可能對規模較大的認可機構而言會較為複雜,亦可能牽涉重大的系統變動)。考慮到須容納不同規模及複雜程度的認可機構的需要,金管局決定容許認可機構在最長3年期內達到運作穩健。換言之,第9.2.1(b)節所訂的時間表不應超越由本單元最終版本發出日期起計1年後的3年時限。在此時限過後,認可機構應已經全面實施運作穩健性架構,包括進行情景測試,並能符合第1.3節所載規定。儘管上述時限訂明為3年,金管局鼓勵認可機構在情況容許下盡快達到運作穩健。金管局會與認可機構積極商討,檢視其擬定的時間表是否合適。

9.3 监管方法 9.3 Supervisory approach 9.3 監管方法

9.3.1 根据风险为本的监管方法,金管局通过以风险为重点的现场检查、非现场审查和审慎会议,评估认可机构运营韧性框架的有效性。如有需要,认可机构可能需要提交对其保持运营韧性能力的自评估报告。 9.3.1 Following its risk-based supervisory approach, the HKMA will assess the effectiveness of the operational resilience frameworks of AIs through a combination of risk-focused onsite examinations, off-site reviews and prudential meetings. Where needed, AIs may be required to submit self-assessments of their ability to remain operationally resilient. 9.3.1 根據風險為本監管方法,金管局會透過風險為本現場審查、非現場審查及審慎監管會議評估認可機構運作穩健性架構的成效。如有需要,金管局或會要求認可機構提交自我評估報告,載明它們是否能夠保持運作穩健。

这些应当包括《金融机构(处置机制)条例》所界定并在实务守则《CI-1 处置计划 – 核心资料规定》中阐述的可能由认可机构执行的任何“关键金融功能”。These should include any “critical financial functions”, as defined in the Financial Institutions (Resolution) Ordinance and elaborated on in the Code of Practice “CI-1 Resolution Planning – Core Information Requirements”, that may be performed by the AI. 應包括在《金融機構(處置機制)條例》界定並在《實務守則》篇章CI-1「處置規劃──核心資料規定」詳述而可能由該認可機構執行的任何「關鍵金融功能」。 ↑ 本模块中对董事会职责的提及可由董事会自身或被指派监督运营韧性事务的董事会级委员会履行。References to the Board’s duties within this module may be discharged by the Board itself or a Board-level committee assigned to oversee operational resilience matters. 本單元所指的董事局職責, 可由董事局本身或被指派負責監察運作穩健性事項的董事局委員會執行。 ↑ 金管局准备接受认可机构利用其集团的运营韧性框架,只要该框架能够使认可机构能在实质上实现本模块的要求。有意利用这种灵活性的认可机构应当事先与金管局讨论。The HKMA is prepared to accept an AI to leverage on its group’s operational resilience framework so long as the framework enables the AI to materially fulfill the objectives and requirements of this module. An AI wishing to make use of this flexibility should discuss with the HKMA in advance. 金管局可以接受認可機構倚賴其集團的運作穩健性架構,前提是該架構能讓認可機構很大程度地履行本單元所載的目標及規定。若認可機構擬利用這方面的彈性,應事先與金管局商討。 ↑

本公众号(ID:bcmplus)专注于业务连续性和运营韧性知识的普及和传播,关注业务连续性、应急和危机管理的朋友请关注本公众号。

由于公众号注册时腾讯已调整政策,未能开通留言功能,希望交流和讨论业务连续性和运营韧性问题、或获取相关资料的朋友,可长按以下二维码加入知识星球参与讨论(另,公众号每月只能发4次文章,会有一些内容直接在知识星球分享而不在公众号发布)。

原文发表于公众号”业务连续性+” | 原文链接