China: New cybersecurity regulations for banking sector
Published 10 February 2015
The Central Leading Group for Cyberspace Affairs, a division of the Chinese government, has introduced new cybersecurity regulations (the Regulations) for companies in the banking sector, with regulations for other key sectors to follow.
The Regulations require that foreign technology companies that supply software to Chinese banks turn over source code (including encryption), submit to audits, and build “back doors” into hardware and software. Building a “back door” refers to a method of bypassing normal authentication to securely access computers/computer software. The Regulations also mandate that companies that want to sell to banks set up research and development centres in China, obtain permits for workers that service technology equipment and build “ports” to allow Chinese officials to manage and monitor data processed by their hardware.
The Regulations have faced significant opposition from the US in particular, which is concerned with the protectionist agenda they seemingly promote as it argues the only way to achieve the necessary technological innovation necessary to protect against cyber attacks is “through commitment to an open market and global trade”.
More information on the Regulations and the US opposition to them is available here.
What action could be taken to manage risks that may arise from this development?
None – for information only at this stage. Financial services companies should ensure that they keep up to date with further developments in this area.