Financial lobby group Asia Securities Industry and Financial Markets Association voiced worries in a letter to Chinese regulators about the risks involved in newly proposed cybersecurity rules.
Newly proposed cybersecurity rules by the China Securities Regulatory Commission (CSRC) have been met with concerns about the risk of vulnerability to hackers, bad actors and leaks among other issues, according to a «Reuters» report citing a letter from ASIFMA.
The CSRC released the draft rules on April 29 and offered a month-long public consultation period on the proposals to make it mandatory for investment banks, asset managers, and futures companies with operations in China to share data with the regulator, allow regulator-led testing, and help set up a centralized data backup center.
Cybersecurity Risks
According to the letter, ASIFMA expressed concerns that passing on sensitive data will make financial firms vulnerable to «hackers and other bad actors».
On the requirement to introduce a sector-wide data backup center, the lobby group underlined «huge risks» not only for individual firms but also for the global financial sector in the event data is compromised or leaked.
And on regulator-led testing – or a simulated cyberattack against an operational system – ASIFMA noted risks from the «potentially disruptive nature of penetration testing and the sensitivity of testing results».
CSRC Response
According to the CSRC, ASIFMA submitted its opinion on May 31 – 2 days after the month-long consultation period – but it would still study the suggestions.
«[W]e still highly value the feedback forwarded by relevant associations,» said the CSRC, though no timeline has been set on the issuance of the final version of the new cybersecurity rules.