China cybersecurity law could affect trade banks
A draft cybersecurity law in China could have serious implications for international banks, experts have warned.
Opponents have claimed that the wide-reaching Cyber Security Law along with new insurance regulations would allow China access to proprietary systems and would also contravene WTO rules.
The law is viewed as China’s biggest intervention to private international business in years and would require financial institutions to store and process all data on Chinese customers within China.
“The requirement on financial institutions to store and to process only in China data collected in China has significant impact on banking and finance business targeting individual customers. With respect to international banking and finance business, it is customary to store and process personal data in a regional hub which is traditionally located in India, Singapore and Hong Kong as far as the Asian market is concerned,” Yang Xun, of counsel at Simmons and Simmons in Shanghai tells GTR.
This week, a coalition of 46 business groups wrote a letter to Chinese premier Li Keqiang asking him to rethink the proposals around cybersecurity, which they fear signals an era of increased protectionism in China and which they said could negatively affect China’s economy.
While international trade banks may have a limited number of domestic customers in China, the ruling would compromise progress made on opening China up to international markets and cross-border trade.
The requirement prohibits the transfer of data collected in China to regional hubs outside of China, so unless institutions are willing to relocate their hubs to within the country, it may impinge upon the business they wish to do there.
Other solutions could be to depersonalise the data prior to cross-border transfer, a process that could be time-consuming, or to have separate hubs inside and outside of China to treat data differently, which would be costly.
Some companies have already relocated their regional hubs to China. Fidelity Investments, for instance, last year became one of the first western firms to secure a licence to establish a “wholly foreign-owned enterprise” in China. This allows it to take advantage of preferential treatment and talents, and to service customers in the country as it wishes.
In the long run, the cybersecurity law could also affect Chinese banks should they seek to increase their international presence. Currently most domestic FIs bank domestic business, or Chinese companies overseas, but the would be restricted should they wish to utilise offshore data hubs in the future.
The letter of complaint follows a series of gripes from international companies working in China about the worsening business climate. The government floated legislation to intervene in the banking market last year but that has yet to be signed into law. This would require banks to buy products from domestic suppliers, a move that opponents say would be in direct contravention to WTO rules.
China – which joined the WTO in 2001 – is in the midst of an eventful period of its membership. Countries from Australia to the US are suing it over alleged dumping of steel in their markets.
On the investment front, the new UK prime minister Theresa May has put the China-backed nuclear power plant on hold, pending a review. As China looks to reform its relationships with international companies within its borders, so too are governments re-evaluating their relationship with the world’s second-largest country.take me back