China’s Strict Cybersecurity Measures Pose Challenges for Foreign Banks

Beijing - A New Report Warns

China’s rigorous cybersecurity regulations have left foreign banks scrambling to comply with the country’s data localization and incident response requirements, a new report warns.

Challenges in Complying with China’s Cybersecurity Regulations

According to a recent analysis by KPMG, China’s cybersecurity measures are designed to protect national security, public interests, and business operations. However, the strict regulations pose significant challenges for foreign banks seeking to expand their presence in the Chinese market.

Three Key Areas of Concern

The report highlights three key areas of concern:

• Data Classification: Under China’s Cybersecurity Review Measures, regulators have the flexibility to conduct extensive investigations into companies’ equipment and technology to ensure adequate security. This may require enterprises to redesign products or configure specific technologies to comply with laws.
• Data Localization: Data localization is another major hurdle for foreign banks, which are required to store data onshore in China. The report notes that this may involve investing in onshore data servers or hiring a local server provider licensed by Chinese regulators.
• Incident Response: Companies must establish an effective incident response plan and notify regulators and impacted parties within 72 hours of a breach. However, if the breach affects more than 100,000 individuals, the notification window is significantly reduced to eight hours.

Recommendations for Foreign Banks

“The Chinese cybersecurity landscape is complex and challenging for foreign banks,” said Matt Miller, Principal at KPMG’s Cyber Security Services. “While compliance with regulations may be difficult, we recommend focusing on critical areas from the start to reduce business and regulatory risks.”

Prioritizing Cybersecurity Considerations

The report concludes that foreign banks seeking to expand their presence in China must prioritize cybersecurity considerations to ensure successful expansion.

About KPMG

KPMG is a global network of independent member firms providing audit, tax, and advisory services. The firm has a strong presence in China and provides tailored solutions to help clients navigate the country’s complex business environment.

Contact Information

• Matt Miller, Principal, Cyber Security Services: matthewpmiller@kpmg.com
• Brittany Weinstein, Manager, Cyber Security Services: brittanyweinstein@kpmg.com
• Ashley Ryan, Associate, Cyber Security Services: ashleyryan@kpmg.com