China revives bank cyber rules
BEIJING, Aug 19, (RTRS): China has resumed work on a set of banking cyber security regulations it suspended earlier this year, reviving a potential source of friction with the United States just weeks before Xi Jinping makes his first trip to Washington as China’s president, people with knowledge of the matter said.
At a meeting last week in Beijing, officials from the China Banking Regulatory Commission (CBRC) told representatives from several Western technology companies, including Microsoft , IBM and Cisco Systems, they would seek opinions over the next month on a new version of the bank procurement rules, one of those present at the meeting said.
The previous regulations — containing provisions that required Chinese banks to buy more domestic IT equipment and Western tech vendors to disclose secret source code if they sell to lenders - drew strong protests from foreign business lobbies, the US and European governments.
Chinese regulators suspended the plan in April, saying they would weigh feedback from domestic banks. The suspension was seen as a diplomatic victory for the Obama administration, coming shortly after visits to Beijing by Treasury Secretary Jack Lew and Commerce Secretary Penny Pritzker.
While foreign tech companies were briefly optimistic that the rules would be dropped indefinitely, their resumption now underlines China’s determination to follow through on what is considered a top national security priority for Beijing — and a persistent irritant in relations with Washington.
Xi, who visited California in 2013, will make his first state visit next month to the White House, where cyber security disputes, including the theft of US government personnel data by suspected Chinese hackers, are expected to be on the agenda.
The CBRC did not immediately respond to a fax requesting comment.
Executives at Western companies, which make hundreds of millions of dollars a year selling everything from servers to cloud computing software to China’s big banks, welcomed the opportunity to offer input, but remained skeptical that the procurement rules, even if they were revised, would reverse a recent slump in sales to China’s stateowned banks.
Many fear that even if Beijing formally rolled back some of the more onerous terms, banks would still unofficially be discouraged from purchasing foreign equipment.
People familiar with the meeting said the CBRC provided few details about how they will proceed with the regulations, but there would be more thorough consultations than used for drafting the earlier rules.
“Their attitude and approach were good, but there’s not much optimism,” said the individual who attended the meeting. “What matters is how the sales numbers look.”
High-level executives at Chinese technology companies, which could gain from a retreat of Western rivals in China, were made aware last month that the banking sector rules will not be dropped altogether, said a person from one of those companies.
“No one doubted they were going to come back,” said another of those familiar with last week’s meeting. “We’re all still trying to wrap our heads around it.”
China, fearing the reach of the US National Security Agency’s cyber spying capabilities, has advanced several cyber security measures in recent months. Respected government-affiliated experts have defended these as reasonable and fair, noting that intense political opposition from Capitol Hill has essentially locked out Chinese manufacturers Huawei and ZTE from selling telecom equipment in the United States.
Still, the banking sector regulations have been criticized by the United States and Europe as protectionist measures that unfairly exclude foreign products and potentially violate China’s obligations as a member of the World Trade Organization.
CBRC officials appeared sensitive to the criticism, saying at last week’s meeting they had consulted China’s Ministry of Commerce and WTO experts to ensure that its proposals would meet China’s free-trade obligations, according to the person who attended the meeting.
Spokespeople for Microsoft and IBM said they had no comment on the matter at this time. A Cisco spokesman said the company “does not comment publicly on specific customer meetings.”