Guidelines and Circulars: Information system security and other reminders for the Year 2000 rollover

Our Ref.: B9/39C

22 December 1999

The Chief Executive
All authorized institutions

Dear Sir/Madam,

Information system security and
other reminders for the Year 2000 rollover

The Hong Kong Monetary Authority (HKMA) has warned authorized institutions about the risk of Year 2000-related computer viruses - see the HKMA circular issued on 14 May 1999. It is important that institutions should be on the alert for these, and take measures to safeguard themselves over the coming weeks.

In this connection, I enclose a copy of a Joint Year 2000 Council Advisory for your reference. The Advisory provides recommendations to financial institutions on how they can enhance their security programmes during the transition period.

I should also remind you that certain computer viruses could spread via e-mail, e.g. electronic Christmas cards¹. Although many desktop computers are protected by anti-virus programmes, there may be delays before the virus definition file can catch up with the latest viruses. In order to minimise the risk of computer systems getting infected, it is essential that your staff do not run any programmes originating from unknown sources, including via e-mail and the Internet.

Finally, it is important that institutions should explain clearly to counterparties and, if necessary, members of the public the reasons for any action that they might take to temporarily suspend trading or other services during the transition period. Such action might for example be taken so that computer systems can be checked or backed up. In such cases, it is important that institutions do not wrongly give the impression that they are suffering from Year 2000 problems.

I wish to take this opportunity to wish you all a smooth Y2K transition and a prosperous New Year.

Yours faithfully

( D T R Carse )
Deputy Chief Executive (Banking)

Encl.

c.c.	Chairman, HKAB Chairman, DTCA Secretary for Financial Services (Attention: Miss Vivian Lau)

1. For example, it was recently reported in the US that a virus with a Y2K trigger date could spread via e-mail, disguising itself with the ruse of "here's some pictures for you." If a user clicks on an attachment to the message, the virus sends a copy of itself to 50 correspondents found in the user's personal address book. On 1 January 2000, it will try to erase the user's hard drive.