10 December 2015
Greater scrutiny of financial institutions and contactless credit card payments is now the norm against the backdrop of increasing cybersecurity threats. While financial institutions are clearly subject to stringent regulations on their handling of customer data and money and security obligations, there was no control over new entrants to this market, whose main sphere of activity is non-financial, nor was there any control over the way they could conduct their payment activities. Customer information held by these companies, and money stored on their facilities, are just as vulnerable (maybe even more so) to theft and cyber attacks as is the data held by financial institutions. It no longer made sense to leave this area unregulated.
On 13 November 2015, the new regulatory regime for stored value facilities and retail payment systems came into operation under the Payment Systems and Stored Value Facilities Ordinance (formerly the Clearing and Settlements System Ordinance). The Payment Systems and Stored Value Facilities Ordinance introduces new regulations for all non-financial institutions that issue and operate certain payment systems, which will now be under the scrutiny of the Hong Kong Monetary Authority.