New guidance on security companies’ online and externally accessed data systems

By Cao Chunfen, Zhonglun W&D Law Firm
Copy link

Our firm was recently retained by a securities company in respect to proposed online securities-related business under consideration in cooperation with an internet services company. We discussed at that time whether the cooperation would involve external access to the securities company’s data system.

Cao Chunfen Partner Zhonglun W&D Law Firm
Cao Chunfen
Zhonglun W&D Law Firm

The Guiding Opinions on Promoting the Healthy Development of Internet Finance, which took effect on 18 July, encourage banking, securities, insurance, fund, trust and consumer finance institutions to upgrade their traditional finance business and services via online technologies.

The guiding opinions give support to internet companies to lawfully establish online payment mechanisms, lending platforms, equity crowd financing platforms and financial product sales platforms. The guiding opinions also give support to securities, fund, trust, consumer finance and futures institutions in cooperating with internet services companies to broaden their financial products sales channels.

Based on this, adopting a cooperative model founded on an internet company’s existing internet lifestyle service platform with a securities company providing financial product sales services is compliant with state policy.

In the case mentioned above, our discussions focused on whether technical connections in the course of the cooperation between the securities company and the internet services companies would fall within the scope of an externally accessed data system, as well as what regulatory policies that would possibly involve.

If it fell within the scope of an externally accessed data system as defined in the Standards for the Assessment and Certification of the Externally Accessed Data Systems of Securities Companies that took effect on 12 June, the securities company would be required to request assessment and certification as an over-the-counter securities business reporting system by the Securities Association of China (SAC) within one month of executing the client system access agreement. Further, the internet company would need to become an SAC member.

Changes in oversight

The SAC is in the process of gradually relaxing its oversight of externally accessed data systems as evidenced in issuing the guiding opinions, standards and the Technical Guidelines for the Online Securities Data Systems of Securities Companies, which took effect 13 March. The figure below gives further illustration.

Case analysis

Firstly, online finances are in the pilot stage and therefore are pioneering by definition. In April 2014, five securities brokerages secured qualifications for the pilot online securities business projects, the first securities companies to engage in this area.

New guidance on security companies’ online and externally accessed data systems ENGThe guiding opinions also have been recently issued. The first section of the guiding opinions set out that the opinions “encourage innovation and support the stable development of online finance”, and stipulate incentives in six areas.

The proposed online finance business is still in the trial and exploration stage at the regulatory level. Policies and rules in this area thus still require further delineation. SAC conducts personalized oversight over specific securities company projects or requisite individual communication.

The industry as a whole has taken a wait and see attitude toward external data system certification, though certain securities brokerages have made attempts to request assessment from the SAC.

At present, the schedule for assessing third party software access to securities brokerage terminals may not be as anticipated. The new data system access work has yet to be operational, as external data system access standards have yet to be defined.

Secondly, China Securities Regulatory Commission’s (CSRC) oversight of external access to data systems has mostly targeted securities trading. The Opinions of the CSRC on Screening and Rectifying Securities Business Activities That Violate the Law, issued 12 July, specify: “Securities regulators of each region shall procure the securities companies’ compliance in external access to data systems, and check their self-examination results by the end of July. Where the trading of securities is conducted through a securities company’s externally connected data system, it shall stringently review client identity authenticity and the compliance of their trading accounts and trading operations so as to guard against any organization or individual illegally engaging in trading activities via the company’s securities trading channel.”

Here it can be seen that CSRC is currently targeting security companies’ externally accessed data systems primarily to address floor trading. However the project in question involves only over-the-counter trading, and does not involve floor trading. It thus is our understanding that the recent regulatory rules relating to the securities companies’ externally accessed data systems are mainly targeting floor securities accounts, and that the arrangements for over-the-counter wealth management accounts are not the current oversight targets and remain at the pilot stage.

Given that the relevant competent authorities have not yet expressly given a definition of an externally accessed information system, and that a superficial understanding of such a system’s scope can be extremely broad, the author would recommend, for prudence sake, that securities companies maintain communications with the regulator on this issue. The securities company should determine whether to carry out the assessment and certification procedure in accordance with the assessment and certification standards based on the regulator’s opinion.

Cao Chunfen is a partner of Zhonglun W&D Law Firm


19/F Golden Tower

1 Xibahe South Road, Chaoyang District

Beijing, 100028 China

Tel:+86 10 6440 2232

Fax:+86 10 6440 2915/2925

Copy link