Governance & Risk Management , Next-Generation Technologies & Secure Development

China Delays Tough Bank Tech Rules

Banking Suppliers Would Have to Share Source Code
China Delays Tough Bank Tech Rules
U.S. Treasury Secretary Jacob Lew met with Chinese leaders March 30.

After U.S. Treasury Secretary Jacob Lew met with Chinese officials March 30, a senior U.S. Treasury official reportedly said China has agreed to delay plans to implement some of its new bank technology rules (see China Wants Banking Backdoors). Among the new requirements, hardware and software suppliers to the Chinese financial services industry would have to submit to source code reviews and share encryption keys with authorities.

See Also: The Need for Cybersecurity Strategies to Evolve: A Zero Trust Guide for Federal Agencies

The Wall Street Journal, which first reported the postponement of the rules, says that it's unclear how many rules are being delayed, how long China will delay the rules and whether China might ultimately suspend any or all of the regulations, which have been condemned by U.S. technology companies.

China's new banking regulations state that 75 percent of all software and hardware products used by the Chinese financial services sector will have to be "secure and controllable" by 2019. As a result, U.S. tech companies that want to sell their products to Chinese banks would have to allow the government to audit the source code; license with the government any personnel before they would be allowed to work with the hardware or software on site; submit copies of all encryption keys used; and agree to give the government the ability to directly monitor their software and hardware via backdoors, among other requirements.

Separately, a draft Chinese cybersecurity bill would require any encryption keys used in any products sold in China - in any sector - to be shared with authorities.

"Promoting innovation and open markets is in our mutual interest," Lew said in a March 30 meeting with Vice-Premier Wang Yang, according to a copy of his remarks provided by the Treasury Department. Wang, a high-ranking Chinese government official, is one of the key figures driving China's economic strategies. "We have already made clear our concerns regarding forced technology transfer and other attempts to bar technological competition, most recently in the banking sector," Yew added.

Refocusing China's Economy

China's cybersecurity and surveillance moves come as the government has been attempting to refocus the country's economy on domestic consumption, create more service-oriented businesses, as well as promote more innovative and "clean" technologies.

That's a marked shift. For the past 20 years, the Chinese government has promoted exports, and this has helped fuel the country's explosive growth, and a gross domestic product that is the world's second largest, behind the United States.

But economists say China's rapid growth is now declining, and that the nation must look beyond exports to fuel growth. That was made clear in the wake of the 2008 global financial crisis, when demand for Chinese goods declined suddenly and an estimated 20 million workers in China's export sector lost their jobs.

Currently, however, internal consumption of goods in China only accounts for about one-third of the country's GDP, compared with a norm of 50 percent or more in countries with more mature economies. In the United States, for example, consumption accounts for about 70 percent of GDP.

Chinese President Xi Jinping, in a March 28 press conference, said that China must no longer focus on GDP to the exclusion of finding new forms of more sustainable and high-quality growth, Reuters reports.

China's economic reforms may also be driving related hack attacks. In recent years, multiple information security analysts have noted that China's apparent corporate espionage campaigns seem to parallel the country's five-year plan to modernize its infrastructure, including creating more advanced naval and satellite-based capabilities.

Lew alluded to the challenges that China faces as it retools its economy, not just from the standpoint of economic policy, but also how it approaches foreign technology. "As you move the Chinese economy toward domestic consumption-led growth and reform the financial sector, there are many areas in which open markets and greater participation by American firms in China's economy can help ensure the success of these reforms," Lew said in a March 30 meeting with premier Li Keqiang, who's China's second-highest-ranking government official. Li, an economist by training, is also a key figure shaping China's economic policies, and has made no secret of the fact that retooling the Chinese economy will be painful.

To help facilitate that economic transformation, Lew said that China must favor openness and transparency. "During this economic transformation, we must continue our bilateral efforts to break down barriers to bilateral trade and investment that keep our economic relationship from achieving its full potential for the people in our two nations," he said.

Asia Infrastructure Investment Bank

Analysts say that Lew's visit - on behalf of President Barack Obama, who is scheduled to meet with Xi in September - appeared to be hastily arranged, and may be a move by the White House to discuss the China-led Asia Infrastructure Investment Bank (AIIB), reports Hong Kong daily newspaper South China Morning Post. Launched by China last summer, the $100 billion AIIB has a deadline of March 31, 2015, for any countries seeking a founding membership.

The U.S. sees the bank as an attempt by China to exert greater influence in the region, and has so far declined to join. Earlier this month, the White House National Security Council said it has continuing concerns about whether AIIB would "incorporate the high standards of the World Bank and the regional development banks ... particularly related to governance, and environmental and social safeguards."

While Canada and Japan have also declined to join the AIIB, Britain and Switzerland were recently announced as founding members, followed by France, Germany and Italy. In recent weeks, numerous other countries, ranging from Brazil and Russia to South Korea and Turkey, have either applied to join the AIIB or already been accepted.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.