Subscribe to GlobalData Explorer to access actionable intelligence spanning 22 industries, 200+ economies and 700k+ companies on a single platform

China’s Draft Cybersecurity Laws Pose a Risk to Foreign Financial Companies

  • The China Securities Regulatory Commission (CSRC) has released draft rules that would require investment banks, asset managers, and futures companies with operations in China to share data with the CSRC.
  • The new cybersecurity guidelines could put the operations of Western financial corporations in danger by exposing their data to cyberattack.
  • Morgan Stanley, HSBC, Goldman Sachs, and JPMorgan set up offices in China recently, with the country opening its financial sector to foreign banks.

According to GlobalData, the financial services industry in China is estimated to be worth $85,749 billion in 2022. The China Securities Regulatory Commission (CSRC) proposed cybersecurity guidelines for financial firms, which could put the operations of Western companies in jeopardy by making their data vulnerable to hackers. The proposed law comes even as a number of Western investment banks and asset managers intend to expand their presence in China either through wholly-owned subsidiaries or by increasing their interest in existing joint ventures. The proposed guidelines would require investment banks, asset managers, and trading companies with operations in China to share data with the CSRC, allow regulator-led testing, and assist in the establishment of a centralized data backup center.

What Does the Regulation Imply?

Investment banks, securities trading and brokerage houses, depositories, and clearing institutions, to name a few, are subject to these restrictions, as are their IT providers. Companies in this industry will be required to establish a cybersecurity management system and file a report with the CSRC. The draft measures include requirements for the handling of sensitive data, core data, and personal information. Notably, the systems and procedures of companies, which process this critical data, must meet the cybersecurity criteria of the Chinese regulator.

The CSRC could designate some institutions to create data centers for strategic backup, which would enable centralized data backup. Data must be submitted to these data centers by the companies and their supporting companies. Important data, core data, and personal information must be included in this data.

Risk Impact on Foreign Companies

Among the major global financial institutions, Morgan Stanley, HSBC, Goldman Sachs, and JPMorgan established offices in recent months in China as the Asian giant opened its financial sector to foreign banks. Financial organizations are concerned that sharing sensitive data could expose them to hackers and criminal entities. Global banks and asset managers are also opposing the requirement to establish a sector-wide data backup center. They contend that if the data is stolen or released, this would pose individual risks to core institutions and operating institutions, besides major systemic risks for the financial services sector in China and across the world owing to the interconnectedness of the global financial sector.


Because of the potentially disruptive nature of penetration testing and the sensitivity of testing results, the Asia Securities Industry & Financial Markets Association (ASIFMA) has raised the concerns of global banks that regulator-led or regulator-commissioned penetration testing poses real risks to firms. ASIFMA also stated that testing systems and applications in isolation from their operating context could cause severe interruption to the company's operations. The CSRC has not yet set a deadline for the publication or implementation of the final rules. Financial institutions operating in China, as well as their IT providers, must keep up with the latest developments and be ready for new standards that will be implemented soon.

Explore, track and compare industries, economies and companies in a single platform through GlobalData Explorer.​

Single License $700 per month (billed Annually)
Multiple Licenses Connect with a GlobalData representative to discover our offers for multiple licenses​
  • 700K+Companies
  • 22Industries
  • 15K+Reports
  • 200+Countries & Regions
Still looking?

Don’t wait - discover a universe of connected data & insights with your next search. Browse over 28M data points across 22 industries.


Access more premium companies when you subscribe to Explorer

Get in touch about GlobalData Company Analytics

Contact the team or request a demo to find out how our data can drive your business forward