The chief of one of Asia’s most prominent financial trade bodies on Tuesday said new cyber security rules in China could make it harder for foreign companies operating in the country to manage risk as cyber threats become increasingly cross-border. Speaking at the Thomson Reuters Pan-Asian Regulatory Summit in Hong Kong, Mark Austen, chief executive of the Asia Securities Industry and Financial Markets Association (ASIFMA), said the rules marked a “worrying” development because regulators globally have to work together to address cyber risks rather than attempt to isolate their jurisdictions.
China adopted a cybersecurity law on Monday to counter what the government said were growing threats such as hacking and terrorism. Foreign business and rights groups expressed concern that the law could, for instance, bar foreign companies from certain sectors. The legislation, set to take effect in June 2017, includes requirements for security reviews and for data to be stored on servers in China.
“No matter how well you cut yourself off from the rest of the world, we’re all interconnected. Favouring the development of domestic IT and forcing firms to use domestic software and not allowing firms to offshore [means] you can’t manage risk on a global basis,” said Austen.
“The threat is global. This is why we find these Chinese laws so worrying on the face of it,” he said. However the rules may become more flexible by the time they are implemented next year, he said. Cyber security was propelled to the top of the financial services agenda in February when it emerged hackers stole $81 million from the Central Bank of Bangladesh via SWIFT, the global financial messaging system. The funds were transferred to accounts in the Philippines and Sri Lanka.
Speaking at the same event in Hong Kong, Catherine Simmons, managing director and head of Asia-Pacific Government Affairs at Citi, said regulators globally would have to work more closely together to address emerging cyber threats.
“The very nature of technology and cyber threats emerging and cyber security risks, it’s cross-border. Regulators are not going to just focus on their domestic markets … they are going to have to talk to other countries about what to do. We are just seeing that discussion emerge.”