China’s draft cybersecurity rules pose risks for financial firms, lobby group warns

China’s draft cybersecurity rules pose risks for financial firms, lobby group warns


HONG KONG, June 2 (Reuters) – China’s proposed cybersecurity rules for financial companies could pose risks to the operations of Western companies, making their data vulnerable to piracy, among other things. said a leading lobbyist in a letter seen by Reuters.

The latest regulatory proposal comes at a time when a number of Western investment banks and asset managers are expanding their presence in China, either by creating wholly owned units or by taking a larger stake in existing joint ventures. .

The Securities and Exchange Commission of China (CSRC) released the draft administrative measures for the management of network security in the securities and futures industry on April 29 and offered a one-month public consultation. on the proposals.

Register now for FREE and unlimited access to Reuters.com

The draft rules are intended to make it mandatory for investment banks, asset managers and futures companies with operations in China to share data with CSRC, allow regulatory-led testing, and help set up a data backup center. centralized.

Morgan Stanley (MS.N) and HSBC (HSBA.L) are among those who have benefited in recent months from the opening of China’s financial sector to foreigners, after Goldman Sachs (GS.N) and JPMorgan (JPM.N), which won nominations to lead local units last year.

The lobby, the Asian Financial Markets and Securities Industry Association (ASIFMA), in a letter to the CSRC dated May 27, expressed concern among its members about the draft rules, as they anticipate risks when sharing sensitive data.

The contents of the letter, which has been reviewed by Reuters, have not been reported before.

ASIFMA, which has more than 160 members, including leading financial institutions for both buying and selling, banks, law firms and market infrastructure service providers, did not confirm the letter and declined to comment. content.

In response to Reuters’ request for comment, the CSRC said that ASIFMA had submitted its opinion on 31 May, two days after the end of the consultation period.

“However, we still highly value the comments sent by the relevant associations,” he said, adding that the regulator “was carefully studying the views and suggestions” and will continue to communicate with them.

The proposed new data rules for financial companies are also in the context of stricter oversight of Beijing’s data security, mainly in the technology sector, as part of a broader regulatory crackdown, which has affected the country’s stock markets and has stagnated the quotations of offshore companies.

‘GREAT RISKS’

The draft rules require financial companies to share data for various purposes, but the lobby group is concerned that the transmission of sensitive data will make companies in the industry vulnerable to “hackers and other bad actors.”

Global banks and asset managers are also revoking the requirement to introduce a sector-wide data backup center.

“This not only poses major risks to all core institutions and operating institutions individually, but also poses significant systemic risks to the sector in China and globally, given the interconnection of the global financial sector, if the data is compromise or filter. “, said the letter from ASIFMA.

The draft rules also stipulate that the CSRC could conduct penetration tests (a simulated cyberattack against the operating system) and scan the system on securities, futures and fund companies.

However, ASIFMA expressed concern to global banks that penetration testing directed or commissioned by the regulator poses “real risks to companies due to the potentially disruptive nature of penetration testing and the sensitivity of test results. “.

“Testing systems and applications without operational context could create a significant disruption to the company’s operations,” the lobby added.

The regulator has not set a deadline for the issuance of the final rules or for their implementation.

Register now for FREE and unlimited access to Reuters.com

Report by Selena Li; Editing by Sumeet Chatterjee and Kim Coghill

Our standards: Thomson Reuters’ principles of trust.



Source link

Related post

EDUCAUSE 2022: How Data Collection Can Improve Student and Faculty IT Support

EDUCAUSE 2022: How Data Collection Can Improve Student and…

At Indiana University, Gladdin said, to make life easier for students and faculty, they implemented a course template for the Canvas…
UGC, AICTE warn students against online PhD programmes offered by EdTech platforms | Latest News India

UGC, AICTE warn students against online PhD programmes offered…

The University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) on Friday issued a joint advisory against…
UGC, AICTE warn students against online PhD programmes offered by EdTech platforms | Latest News India

UGC, AICTE warn students against online PhD programmes offered…

The University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) on Friday issued a joint advisory against…

Leave a Reply

Your email address will not be published.