ISACA Fintech Govenance Workshop - Cyber Resilience, Audit, and Compliance in the Digital Asset Era
ISACA Fintech Governance Workshop
Cyber Resilience, Audit, and Compliance in the Digital Asset Era
A Hong Kong Web3 Festival 2026 Side Event
Date: Tuesday, 21 April 2026
Time: 09:30 - 16:30 (Registration from 09:00)
Venue: CityU HK Tech 300 IncuHub, 8/F United Centre, 95 Queensway, Admiralty
CPE: 6 Hours
Language: English
80 seats. First come, first served. Lunch and refreshments included.
Upon registration, you will receive an email with a form link to complete registration and payment to confirm your spot.
Enquiry: [email protected] / +852 2528 3772
About This Workshop
Hong Kong's fintech and digital asset landscape is evolving rapidly. Stablecoin licensing, virtual asset platform regulation, and new regulatory frameworks are reshaping what regulated institutions need to govern, audit, and protect.
This full-day, practitioner-led workshop is designed for IT auditors, risk managers, cybersecurity leads, and compliance officers at regulated financial institutions. Move from theory to practice in one day - assess risks, design controls, and respond to a simulated breach.
Every participant leaves with three practical artefacts they can adapt for their own institution.
Programme
09:30 - 10:00 Registration & Welcome Networking
10:00 - 10:05 Opening Remarks
10:05 - 11:00 Session 1: The Regulatory Landscape
What fintech regulation and the Fintech Promotion Blueprint mean for governance, audit, risk, and compliance teams.
KPMG
11:00 - 11:15 Networking & Coffee
11:15 - 11:35 Keynote
The Honourable Duncan Chiu, Legislative Council Member, Technology & Innovation Constituency
11:35 - 12:20 Session 2: Fintech Risk Assessment
Hands-on exercise identifying technology risks in stablecoin and digital asset operations.
EY
12:20 - 13:00 Session 3: Building a Control Programme
Design a control programme for regulated FIs operating digital asset services.
EY
13:00 - 14:15 Networking Lunch
14:15 - 16:25 Session 4: Cyber Resilience Tabletop Exercise
Interactive breach simulation at a regulated FI with digital asset exposure. Three escalating injects to pressure-test decision-making under time pressure.
Deloitte
16:25 - 16:30 Closing Remarks & CPE
What You Walk Away With
Fintech risk assessment template aligned to regulatory expectations
Control programme framework for digital asset operations
Incident response decision log and lessons-learned summary
Keynote Speaker
The Honourable Duncan Chiu
Legislative Council Member, Technology & Innovation Constituency
Duncan has been the driving force behind Hong Kong’s innovation and technology (I&T) development since the early 2000s. He is a prominent advocate of I&T policies, a seasoned entrepreneur and investor, and is often regarded as the leading figure in the local I&T industry. In 2022, Duncan was first elected to the 7th term on the Legislative Council, and was successfully re-elected in 2026. He currently serves as Deputy Leader of AI Efficacy Enhancement Team, Chairman of Steering Committee of the Research, Academic and Industry Sectors One-plus Scheme (RAISe+), and President of the Hong Kong Information Technology Joint Council.
Workshop Leaders
Stanley Sum
Partner, KPMG
Chris Barford
Partner, Financial Services Consulting, EY
Chris Barford is a Partner in EY's Financial Services Consulting practice in Hong Kong, leading the AI & Data team. He advises financial institutions on digitalisation, digital assets, and regulatory risk management, and has authored regulatory responses on digital assets and CBDCs to the HKMA and SFC. Chris sits on EY Hong Kong's Web 3 taskforce and is an elected board member of the FinTech Association of Hong Kong.
Winnie Cheung
Director, FS Consulting, EY
Winnie Cheung is a Director in Financial Services Risk Management at EY Hong Kong, where she has 13 years working experience on advising regulated financial institutions and digital asset companies on risk management, regulatory compliance, and governance frameworks. She has extensive experience helping organisations (e.g. stablecoin issuer applicants, virtual asset trading platforms, banks with web 3 business) navigate the evolving fintech and digital asset landscape, with a focus on building practical control programmes and risk assessment methodologies.
Chris Chui
Director, Cyber Detect & Respond, Deloitte
Chris Chui is a Director in Deloitte's Cyber, Technology & Transformation practice in Hong Kong, with over 20 years of experience in cybersecurity operations. A specialist in Red Team and Blue Team operations, Chris has led Security Operation Centres for leading global technology firms and brings extensive hands-on experience in incident response, threat hunting, and cyber resilience across the Asia-Pacific region.
Philip Mok
Director, Cyber Detect & Respond, Deloitte
Philip Mok is a Director in Deloitte's Cyber, Technology & Transformation practice in Hong Kong, specialising in cybersecurity strategy, identity and access management, and cyber resilience. He has advised regulated financial institutions on the HKMA's Cyber Resilience Assessment Framework (C-RAF) and iCAST compliance, and leads Deloitte's cyber incident readiness and response engagements in the region.
Pricing
Early Bird (until 14 April):
Member (ISACA, HKGCYE, BCS, HKCS): HKD 150
Non-Member: HKD 300
Standard:
Member (ISACA, HKGCYE, BCS, HKCS): HKD 200
Non-Member: HKD 400
Web3 Festival Pass Holder (non-member): HKD 200
Free:
CityU Tech 300 Startup Founders / CityU Students
Registration deadline: 19 April 2026. Please bring relevant proof of eligibility on the day for verification.
Upon registration, you will receive an email with a form link to complete registration and payment to confirm your spot.
Organised by
ISACA China Hong Kong Chapter
Supporting Organisations
CityU HK Tech 300
The Hong Kong General Chamber of Young Entrepreneurs (HKGCYE)
BCS, The Chartered Institute for IT (BCS)
Hong Kong Computer Society (HKCS)
For enquiries, please contact [email protected] / +852 2528 3772