CSRC Releases Measures on IT in Securities and Fund Operations

On May 5, the China Securities Regulatory Commission (CSRC) released the Administrative Measures on Information Technology of Securities and Fund Operation Institutions (referred to as Measures hereafter) for public comments, with a deadline of June 4, 2017.  The Measures are developed in accordance with the Securities Law, Securities Investment Fund Law, Cyber Security Law (CSL) and Regulation on the Supervision and Administration of Securities Companies among others. The CSRC measures is yet another information security regulation in the financial sector, following CBRC and CIRC's draft security regulations.

The measures aim to safeguard the security of information systems in the securities and fund industry and ensure IT compliance. It applies to information technology service providers who supply development, testing, integration, and certification services, operation, maintenance and routine security management services, leasing of computer facilities services and any other services that fall under "important information systems" in the securities and fund industry.