China cybersecurity law likely to harm foreign firms operating on mainland, says Asia finance body chief
Head of Asia Securities Industry and Financial Markets Association says adoption of legislation ‘worrying’
The chief of one of Asia’s most prominent financial trade bodies said on Tuesday new cybersecurity legislation in China could make it harder for foreign companies operating in the country to manage risk as threats increasingly span across borders.
Mark Austen, chief executive of the Asia Securities Industry and Financial Markets Association, told a forum in Hong Kong that the rules marked a “worrying” development because regulators globally have to work together to address cyber risks rather than attempt to isolate their jurisdictions.
China adopted a cybersecurity law on Monday to counter what the government said were growing threats such as hacking and terrorism. Foreign business and rights groups expressed concern that the law could, for instance, bar foreign companies from certain sectors.
The legislation, set to take effect in June 2017, includes requirements for security reviews and for data to be stored on servers in China.
“No matter how well you cut yourself off from the rest of the world, we’re all interconnected,” said Austen. “Favouring the development of domestic IT and forcing firms to use domestic software and not allowing firms to offshore, you can’t manage risk on a global basis.
“The threat is global. This is why we find these Chinese laws so worrying,” he said.
The rules, however, may become more flexible by the time they are implemented next year, he said.
Cybersecurity was propelled to the top of the financial services agenda in February when it emerged hackers stole US$81 million from the Central Bank of Bangladesh via SWIFT, the global financial messaging system. The funds were transferred to accounts in the Philippines and Sri Lanka.
Catherine Simmons, managing director and head of Asia Pacific Government Affairs at Citi, said at the forum that regulators globally would have to work more closely together to address emerging cyber threats.
“The very nature of technology and cyber threats emerging and cyber security risks, it’s cross border. Regulators are not going to just focus on their domestic markets ... they are going to have to talk to other countries about what to do. We are just seeing that discussion emerge,” she said.