Lobby Group Warns China’s Draft Cybersecurity Rules Risky for Financial Firms

According to a top lobby group, the cybersecurity rules that have been proposed for financial firms in China could turn out to be quite risky for western companies that are operating in the country. This is because these rules could make the data of these companies vulnerable to hacking, along with other risks. This recent regulatory proposal has popped up at a time when a number of western asset managers and investment banks are expanding their operations is China. They are doing so by either increasing their share in existing joint ventures or by establishing entire units.

On April 29th, a draft of the rules had been released by the China Securities Regulatory Commission (CSRC) and a public consultation was offered for a time duration of one month. If the draft rules are put into effect, futures companies, asset managers and investment banks that are operating in China will be mandated to share their data with the CSRC. They would also have to allow testing led by the regulator and also set up a data backup center that would be fully centralized. In recent months, China had decided to allow foreign entities to enter its financial sector.

Last year, JP Morgan and Goldman Sachs had obtained permission to set up local units and the recent beneficiaries of this move were names like HSBC and Morgan Stanley. The Asia Securities Industry and Financial Markets Association (ASIFMA) is a lobby group and on May 27th, it sent a letter to the CSRC to talk about the cybersecurity rules that have been proposed. The letter highlighted the concerns of the group’s members because sharing sensitive data, as required by the rules, would pose a significant risk for them. The content of the letters had not been disclosed earlier.

There are more than 160 members of ASIFMA and these include some of the top financial institutions that belong to the buy as well as sell-side, law firms and banks and even those offering market infrastructure services. However, they did not comment on the letter or give any confirmation. The CSRC disclosed that they had received the letter from the ASIFMA on May 31st, which meant that the consultation period had already come to an end by then. But, it added that they valued the feedback that had come. It also stated that they would take the suggestions and opinions into account and would communicate with relevant associations.

These cybersecurity rules for financial firms have come after data security oversight measures were tightened mostly in the tech space in accordance with Beijing’s regulatory crackdown. Due to these steps, the Chinese stock markets have been dealing with a great deal of turmoil and offshore company listings have also come to a halt. As per the draft rules, financial firms would have to share their data for numerous purposes, but the lobby group believes that companies would become vulnerable if they pass on sensitive data. The requirement for setting up a centralized data center hasn’t received a positive response either.

Leave a Comment