China drafts rules to strengthen financial cybersecurity oversight
China's top financial regulators unveiled draft rules on Friday to strengthen cybersecurity management in the financial sector to better protect critical information infrastructure in the sector and guard against cyber risks evolving into financial risks.
The People's Bank of China said that it, together with the National Financial Regulatory Administration, the China Securities Regulatory Commission and the State Administration of Foreign Exchange, had jointly drafted the proposed measures to implement the Cybersecurity Law and safeguard financial stability and security.
According to the central bank, the draft measures will improve the cross-department cybersecurity regulatory framework for the financial sector, while defining the bottom line for financial industry cybersecurity compliance and the legal responsibilities that should be borne when the bottom line is violated.
"These steps are necessary to ensure the continuous and stable operation of the financial system and help prevent the transformation of cybersecurity risks into financial risks," the PBOC said, acknowledging the risks from organized and high-intensity cyberattacks and the deep integration of emerging technologies with financial business operations.
The draft, which contains 33 articles in five chapters, is now open for public comment. It requires financial institutions to take primary responsibility for their own cybersecurity, establish dedicated governance and decision-making mechanisms and ensure adequate funding and staffing for cybersecurity work.
It also stipulates that institutions failing to promptly halt the transmission of malicious programs or prohibited information would have their cases transferred to relevant authorities. Cases involving failures to use commercial encryption as required would also be referred to cryptography authorities for handling.




























