Business’s Data May Be Vulnerable Under Proposed China Cybersecurity Rules


Proposed cybersecurity rules from China could make it hard for Western financial companies to operate as their data would be vulnerable to hacking and other risks, according to a industry group, Reuters reported Thursday (June 2).

This comes as several Western investment banks and asset managers have been expanding Chinese presences. Some have set up wholly owned units by taking bigger shares in existing joint ventures.

The report noted that the proposed rules would make it mandatory for investment banks, asset managers and futures companies with operations in China to share data with the China Securities Regulatory Commission (CSRC), allow regulator-led testing and set up centralized data backup.

China’s decision to open its financial sector to foreigners has benefited Morgan Stanley and HSBC, along with Goldman Sachs and JPMorgan which got approval to run local units in 2021.

There could be some pushback, though, with the Asia Securities Industry and Financial Markets Association (ASIFMA) saying that the draft rules could create more risks in sharing sensitive data. ASIFMA has over 160 members from leading financial institutions from various sectors, including the buy and sell side, banks, law firms, market infrastructure service providers and more.

Proposed new data rules are coming as Beijing tightens oversight of data security for the tech sector, with a bigger regulatory crackdown making the stock market uncertain and stalling offshore listings.

The draft rules will require data sharing from financial firms. The lobby group is concerned that passing on sensitive data will make companies vulnerable to “hackers and other bad actors.”

Cybersecurity has been taken more seriously as of late, with companies vital to U.S. interests now having to report if they’re hacked or if they pay ransomware.

See also: Hacked US Companies Must Report to Government Under New Law

PYMNTS wrote that the new rule, passed by Congress, is part of a bigger effort from the Biden administration to boost cyber defenses.

This comes after numerous large digital attacks and ransomware, which increase during the pandemic and the ensuing digital transition.

Through requiring businesses to report cyberattacks, the government will highlight the way the hackings take place, the report says. Many private companies currently are not going to authorities when hacking happens.