As President Obama and Chinese President Xi Jinping get set to hold their highly anticipated summit meeting next week, USCIB joined twelve business organizations in signing a letter to the Chinese Banking Regulatory Commission (CBRC), urging China to implement regulations that reflect global banking principles rather than localized solutions.
China’s proposed new banking regulations would require foreign technology companies to give source code and encryption keys to Beijing officials. The global business community has argued that these regulations discriminate against foreign providers of information and communications technologies (ICTs) and would effectively shut foreign firms out of China’s banking sector.
In a letter whose signatories represent companies from Asia, Europe and North America and do business across all industry sectors in China, USCIB and others encouraged China to “implement a prudential regulatory framework which reflects [internationally recognized] principles, allowing appropriate industry-level benchmarking and avoiding the pitfalls associated with mandating prescriptive mechanisms of technology and cybersecurity standard-setting.”
The letter summarizes a list of principles for enhancing IT security in the banking sector on which signatories encourage China to base its regulations. These high-level principles include:
- Transparency in the policymaking process – together with sufficient time for consultation with industry on proposed approaches.
- Polices that are flexible and adaptable to confront emerging threats while enabling companies to continue to innovate.
- A risk-based approach to examining whole systems for cyber threats to foster a prudential regulatory framework that can be more efficient and more effective than focusing on individual functions or processes.
- Reliance on global security standards based on consensus industry processes, which will ensure that the best practices from around the world are incorporated and that security requirements will be regularly updated to respond to evolving threats.
- An important role for market-based approaches that achieve desirable outcomes.
“Use of such standards also avoids the insurmountable challenge of asking international firms with global platforms to comply with conflicting rules and regulations between markets,” the letter stated. “To that end, we urge the CBRC to consult with other national regulators for rules that avoid exclusive use of localized solutions, prescriptive technologies and restrictions on data flows.”
The signatories noted that the best approach for developing technology policies is “open and transparent formulation and implementation, which allows stakeholders to provide helpful input to regulators.” They urged China to base its banking regulations on internationally accepted principles to ensure that global financial systems are as secure as possible.