ECF - Cybersecurity

The ECF-C is intended to apply to RPs engaged by AIs whose primary responsibilities are performing cybersecurity roles ensuring operational cyber resilience.

The following categories of staff are excluded from the definition of RPs:

(a) Those who are not required to perform the three key roles specified under the ECF-C (i.e. IT Security Operations and Delivery, IT Risk Management and Control, and IT Audit); and

(b) Those who performing key roles solely in the information technology operating function of an AI, such as system developers, system operators, helpdesk operators, and IT support.

The competency standards of the ECF-C are set at two levels:

(a) Core Level - applicable to entry-level staff with less than 5 years of relevant work experience in the cybersecurity function.

(b) Professional Level - applicable to staff with 5 and above years of relevant work experience in the cybersecurity function.

The competency standards is driven by the key roles based upon the three lines of defence concept under cyber risk governance:

(i) first line of defence: IT Security Operations and Delivery

(ii) second line of defence: IT Risk Management and Control

(iii) third line of defence: IT Audit

Associate Cybersecurity Professional (ACSP):
RPs may apply to HKIB for certification as ACsP upon completing the programme and fulfilling the minimum relevant work experience requirement.

ECF Affiliate:
Learners who have successfully completed a HKIB professional qualification programme (including training and examination requirements) but yet to fulfil the requirements of Relevant Practitioners or required years of relevant work experience for certification will be automatically granted as ECF Affiliate. Ordinary Membership with membership fee for the awarding year waived will also be granted to learners.

For details about ECF Affiliate, please contact HKIB at (852) 2153 7800 or email at cs@hkib.org.

The Core level training programme of ECF-C consists of 15 hours of tuition. A core level training award "Advanced Certificate for ECF on Cybersecurity" will be given to candidates who have completed the training and obtained a pass at the examination. 

Entry Requirement

The Programme is open to members and non-members of the HKIB. Candidates must fulfil the stipulated minimum entry requirements:

- Students of Associate Degree (AD) / High Diploma (HD) in any disciplines (QF L4); OR

- Equivalent qualifications or above; OR

- Mature Applicants* with 3 years of relevant banking experience with recommendations from employer

* Mature applicants (aged 21 or above) who do not possess the above academic qualifications but with relevant banking experience and recommendation from their employers will be considered on individual merit.

Training Duration and Fee 

#A digital version of training material (i.e. Study Guide and PPT Slides) will be provided before the training commencement.  Printed version will only be available at an additional cost of HKD600 (including delivery fee) on request by learners. 

Examination Format and Fee

^ HKIB student members can enjoy 25% off training fee discount and 50% off examination fee discount respectively.

Applicants can submit the application via MyHKIB.

Late entries for training programmes will be accepted up to 7 days after the stipulated application deadlines. An additional late entry fee of HKD200 will apply.

Late entries examinations will be accepted up to 14 days after the stipulated application deadlines. An additional late entry fee of HKD200 will apply.

Grandfathering arrangement is not applicable under the ECF on Cybersecurity.

Certification of ACsP is subject to annual renewal by HKIB.

Certification holders are required to comply with the annual CPD Scheme in order to renew their Certification. The requirement is a minimum of 20 verifiable CPD hours each year and a minimum of 120 CPD hours over every 3 years period.

For ECF Affiliate, at least 3-hours of CPD within the scopes mentioned in HKIB CPD Scheme is required annually for recertification. 

Any excess CPD hours accumulated within a particular calendar year cannot be carried forward to the following year.

No CPD is required in the year when the ACsP Professional Qualifications is granted. 

For details, please refer to the Overview of HKIB CPD Scheme and HKIB CPD Requirements webpage under HKIB website.

Certified Banker (CB) is a professional banking qualification programme developed and offered by HKIB. This common qualification benchmark is intended to raise the professional competency of banking and financial practitioners in Hong Kong to meet modern demands, while providing a transparent standard with international recognition. The “ECF on Cybersecurity (Core Level)” has already been incorporated in CB (Stage I). You may refer to the CB Programme structure as below to plan for your learning path. Learners who have obtained a pass at the relevant examination can then apply for an exemption for the elective module “ECF on Cybersecurity” of the CB (Stage I) programme.