Overview
With the aim of supporting capacity building and talent development for banking professionals, the Hong Kong Monetary Authority (HKMA) has been working together with the banking industry to introduce an industry-wide competency framework - "Enhanced Competency Framework (ECF) for Banking Practitioners.
Since the implementation of ECF in 2018, various programmes for different job functions in banking industry have been developed and integrated into The Hong Kong Institute of Bankers' ("HKIB") flagship Certified Banker (CB) Programme which offer generalist, specialist, and strategic topics. The rationale for putting all programme under one professional banking qualification is to promote an industry-based common qualifications benchmark. While ECF programmes offer "role-based" knowledge and certification to Relevant Practitioners (RPs), CB is offering a vocational qualification pathway for further career advancement, being continuously enhanced to nurture more holistic banking professionals and ultimately, supporting the industry to develop a continuous learning culture and a sustainable talent pool so as to maintain the competitiveness of Hong Kong as an international financial centre.
The Enhanced Competency Framework on Cybersecurity (ECF-C) is a non-statutory framework which sets out the common core competences required of cybersecurity practitioners in the Hong Kong banking industry. The objectives of the ECF-C are twofold:
(a) to develop a sustainable talent pool of cybersecurity practitioners for the workforce demand in this sector; and
(b) to raise and maintain the professional competence of cybersecurity practitioners in the banking industry.
Although the ECF-C is not a mandatory licensing regime, authorised institutions (“AIs”) are encouraged to adopt the ECF-C for the following reasons:
(a) to serve as a benchmark to determine the level of competence required and to assess the ongoing competence of individual employees;
(b) to support relevant employees to attend training programmes and examinations that meets the ECF-C benchmark;
(c) to support the continuing professional development (CPD) of individual employees; and
(d) to specify the ECF-C as one of the criteria for recruitment purposes.
Please refer to HKMA Circular on "Guide to Enhanced Competency Framework on Cybersecurity" for details.
Scope of Application
The ECF-C is intended to apply to RPs engaged by AIs whose primary responsibilities are performing cybersecurity roles ensuring operational cyber resilience.
The following categories of staff are excluded from the definition of RPs:
(a) Those who are not required to perform the three key roles specified under the ECF-C (i.e. IT Security Operations and Delivery, IT Risk Management and Control, and IT Audit); and
(b) Those who performing key roles solely in the information technology operating function of an AI, such as system developers, system operators, helpdesk operators, and IT support.
Competency Standards
The competency standards of the ECF-C are set at two levels:
(a) Core Level - applicable to entry-level staff with less than 5 years of relevant work experience in the cybersecurity function.
(b) Professional Level - applicable to staff with 5 and above years of relevant work experience in the cybersecurity function.
The competency standards is driven by the key roles based upon the three lines of defence concept under cyber risk governance:
(i) first line of defence: IT Security Operations and Delivery
(ii) second line of defence: IT Risk Management and Control
(iii) third line of defence: IT Audit
Certification
RPs may apply to HKIB for certification as Associate Cybersecurity Professional (ACsP) upon completing the above qualifications and fulfilling the minimum relevant work experience requirement.
Training and Examination
The Core level training programme of ECF-C consists of 15 hours of tuition. A core level training award "Advanced Certificate for ECF on Cybersecurity" will be given to candidates who have completed the training and obtained a pass at the examination.
Entry Requirement
The Programme is open to members and non-members of the HKIB. Candidates must fulfil the stipulated minimum entry requirements:
- Students of Associate Degree (AD) / High Diploma (HD) in any disciplines (QF L4); OR
- Equivalent qualifications or above; OR
- Mature Applicants* with 3 years of relevant banking experience with recommendations from employer
* Mature applicants (aged 21 or above) who do not possess the above academic qualifications but with relevant banking experience and recommendation from their employers will be considered on individual merit.
Training Duration and Fee
| Training |
|
| Training Hours |
15 Hours |
| Training Session |
5 |
| Programme Fee |
HKD4,050# ^ |
#A digital version of training material (i.e. Study Guide and PPT Slides) will be provided before the training commencement. Printed version will only be available at an additional cost of HKD600 (including delivery fee) on request by learners.
Examination Format and Fee
| Examination Mode |
Paper-based Examination |
| Examination Duration |
2.5 Hours |
| Question Type |
Multiple-choice Type Questions (MCQ) |
| No. of Questions |
80 |
| Passing Mark |
70% |
| Examination Fee |
HKD1,150^ |
^ HKIB student members can enjoy 25% off training fee discount and 50% off examination fee discount respectively.
Training and Examination Enrolment
Applicants can submit the application via MyHKIB.
Late entries for training programmes will be accepted up to 7 days after the stipulated application deadlines. An additional late entry fee of HKD200 will apply.
Late entries examinations will be accepted up to 14 days after the stipulated application deadlines. An additional late entry fee of HKD200 will apply.
Grandfathering
Grandfathering arrangement is not applicable under the ECF on Cybersecurity.
Annual renewal of certification and CPD Requirements
Certification of ACsP is subject to annual renewal by HKIB.
Certification holders are required to comply with the annual CPD Scheme in order to renew their Certification. The requirement is a minimum of 20 verifiable CPD hours each year and a minimum of 120 CPD hours over every 3 years period.
Any excess CPD hours accumulated within a particular calendar year cannot be carried forward to the following year.
No CPD is required in the year when the ACsP Professional Qualifications is granted.
For details, please refer to the Overview of HKIB CPD Scheme and HKIB CPD Requirements webpage under HKIB website.
Integration of ECF in Certified Banker (CB)
The “ECF-C (Core Level)” is integrated in the CB (Stage I) as one of the elective modules.
CB (Stage I) is a professional banking qualification programme developed and offered by HKIB. It is intended to raise the professional competency of banking and financial practitioners in Hong Kong to meet modern demands, while providing a transparent standard with international recognition.
Individuals who have completed the “ECF-C (Core Level)” programme and obtained a pass at the relevant examination are encouraged to join the CB (Stage I) Programme.
General Enquiry / Feedback
|
Hotline
|
Email
|
|
(852) 2153 7800
|
cs@hkib.org
|
Please click HERE to view the schedule in PDF.
