Circular on Strengthening the Administration of Cross-border Financial Network and Information Services

关于加强跨境金融网络与信息服务管理的通知

A 30-day notice in writing is now required from foreign institutions providing cross-border financial network services

Clp Reference: 3610/18.07.11 Promulgated: 2018-07-11 Effective: 2018-07-11

(Issued by the People's Bank of China on, and effective as of, July 11, 2018.)

(中国人民银行于二零一八年七月十一日发布施行。)

Yin Fa [2018] No.176

银发 [2018] 176号

Shanghai Head Office, branches, business management departments, provincial capital central sub-branches and the Shenzhen central sub-branch of the People's Bank of China, China Development Bank, policy banks, state-owned commercial banks, commercial banks limited by shares, the Postal Savings Bank of China, China Foreign Exchange Trade System, Shanghai Gold Exchange, Interbank Market Clearing House Co., Ltd., Payment & Clearing Association of China, China International Payment Service Corp., China Central Depository & Clearing Co., Ltd. and Society for Worldwide Interbank Financial Telecommunication (SWIFT):

中国人民银行上海总部,各分行、营业管理部,各省会(首府)城市中心支行,深圳市中心支行,国家开发银行,各政策性银行、固有商业银行、股份制商业银行,中国邮政储蓄银行,中国外汇交易中心,上海黄金交易所,银行间市场清算所股份有限公司,中国支付清算协会,跨境银行间支付清算(上海)有限责任公司,中央国债登记结算有限公司,环球银行金融电信协会(SWIFT):

With the increasingly extensive opening of China's financial business to the outside world, banking financial institutions in China (Domestic Users) are increasingly using the cross-border financial network and information services provided by foreign institutions such as the Society for Worldwide Interbank Financial Telecommunication (SWIFT) (Foreign Providers). With a view to safeguarding cross-border financial network and information security, organizing the implementation of oversight of financial market infrastructure and effectively guarding against systemic financial risks, we hereby notify you on matters relevant to the administration of cross-border financial network and information services as follows:

随着我国金融业对外开放不断深化,中国境内银行业金融机构(以下简称境内使用人)越来越多地使用环球银行金融电信协会(SWIFT)等境外机构(以下统称境外提供人)提供的跨境金融网络与信息服务。为维护跨境金融网络与信息安全,统筹实施金融市场基础设施监管,有效防范系统性金融风险,现将加强跨境金融网络与信息服务管理事宜通知如下:

For the purposes of this Circular, the term “cross-border financial network and information services” means the provision of cross-border financial information transmission and other such services to Domestic Users by a Foreign Provider through a proprietary financial network using specific messaging standards. Domestic Users and Foreign Providers shall comply with laws, administrative regulations and relevant regulatory provisions of the People's Republic of China, jointly defend against network attacks in accordance with the service agreement entered into by them and safeguard Cross-border Financial Network and Information Service security.

本通知所称跨境金融网络与信息服务,是指境外提供人通过专用金融网络,使用特定报文标准,为境内使用人提供跨境金融信息传输等服务。境内使用人和境外提供人应当遵守中华人民共和国法律、行政法规及有关监管规定,按照双方签订的服务协议约定,共同防御网络攻击,维护跨境金融网络与信息服务安全。

1 . Compliance Obligations of Foreign Providers

一、境外提供人的合规义务

(1)        Prior reporting obligation. A Foreign Provider that is to provide its Cross-Border Financial Network and Information Services to a Domestic User shall carry out reporting procedures with the People's Bank of China in writing (here and hereinafter including by electronic document) within 30 working days before officially providing the services. The contents of such report shall include: the basic particulars of the Foreign Provider and the document evidencing its lawful establishment; its qualifications for providing the services; the materials that the Domestic User is required to provide to access its network; materials evidencing that its online products and services satisfy relevant state requirements; its mechanisms for ensuring network operation security and information security; its internal control systems and organizational structure for combating money laundering and terrorist financing and details of the work thereon; its specific business rules for providing the services and its information transmission handling mechanism; its mechanism for ensuring the rights and interests of customers, its specific measures for safeguarding online product and service security and its measures for the remediation of security risks; and details of its submission to oversight in its home country and other countries or regions.

(一)事前事项报告义务。境外提供人为境内使用人提供跨境金融网络与信息服务,应当在正式提供服务前30个工作日内以书面形式(含电子文件下同)向中国人民银行履行报告手续。报告内容包括:境外提供人的基本信息和依法成立的证明文件;提供服务的资质;境内使用人接入其网络时需要提供的材料;网络产品、服务符合国家相关要求的证明材料;网络运行安全和信息安全保障机制;反洗钱和反恐怖融资内部控制制度、组织架构和工作开展情况;提供服务的具体业务规则和信息传输处理机制;客户权益保障机制,有关网络产品、服务安全维护的具体措施及其安全风险的补救办法;在母国和其他国家或地区接受监管的情况等。

(2)        Service item reporting obligation. A Foreign Provider shall, by July 20 each year and January 20 of the subsequent year, submit a written report on its provision of services in China for the first half of the year and the previous year respectively to the People's Bank of China, including its client list, types and scale of its business, management measures, and measures for the protection of clients' rights and interests.

(二)服务事项报告义务。境外提供人应当于每年7月20日前和次年1月20日前,以书面形式向中国人民银行分别报告上半年和上年度在境内开展服务的情况,包括客户名单、业务种类和规模、管理措施、客户权益保护措施等内容。

(3)        Changed matter reporting obligation. If a Foreign Provider provides services to Domestic Users and there is to be a material change in such services, its business rules or technical means, it shall report the same in writing to the People's Bank of China 30 working days before the change. The contents of the report shall include the preparatory work for, the main details of, the implementing steps for, and the contingency plan for, the change and other information the reporting of which the People's Bank of China requires.

(三)变更事项报告义务。境外提供人为境内使用人提供服务,其服务内容、业务规则和技术手段等有重大变更的应当于变更前30个工作日内以书面形式报告中国人民银行。报告内容包括变更的准备工作、主要内容、实施步骤、应急预案和中国人民银行要求报告的其他内容。

(4)        Emergency matter reporting obligation. A Foreign Provider providing services to Domestic Users shall comply with relevant state laws and regulations such as the PRC Cybersecurity Law, the Measures for the Administration of Internet Information Services (Order of the State Council No.292) and the Measures for the Administration of Security Protection of International Linkups of Computer Information Networks, implement the hierarchical system for protection of national cybersecurity and perform its cybersecurity protection obligations; strengthen emergency management and disaster backup so as to ensure service continuity; establish a mechanism for effective communication with Domestic Users to ensure that routine contact and reporting of issues is smooth and that the handling of emergencies is carried out effectively. In the event of an irregularity arising in its cross-border financial network and information services, the Foreign Provider shall actively assist the Domestic User in solving the same and report the same in writing to the People's Bank of China in a timely manner. The contents of such report shall include a description of the irregularity, its impact and the handling measures that have been taken. If the irregularity affects a key financial institution, the Foreign Provider shall report the same within 30 minutes; if it affects other financial institutions, and the same persists for more than two hours, the report shall be made the same day and if it persists for not more than two hours, the report shall be made within five working days.

(四)应急事项报告义务。境外提供人为境内使用人提供服务,应当遵守《中华人民共和国网络安全法》、《互联网信息服务管理办法》(中华人民共和国国务院令第292号)、《计算机信息网络国际联网安全保护管理办法》等国家有关法律法规,落实国家网络安全等级保护制度,履行网络安全保护义务;应当加强应急管理和灾难备份,保障服务连续性;应当建立与境内使用人的有效沟通机制,确保日常联系和问题反映畅通、应急处置有效开展。对于跨境金融网络与信息服务出现异常的情况,境外提供人应当积极协助境内使用人解决,并及时以书面形式报告中国人民银行。报告内容包括异常情况描述、异常情况影响、已经采取的处理措施等。异常情况涉及重要金融机构的,应当于30分钟内报告;异常情况涉及其他金融机构的,超过2个小时的应当于当日报告,在2个小时以内的应当于5个工作日内报告。

(5)        A Foreign Provider may not construct a proprietary financial network in China to provide financial information transmission and other such services.

(五)境外提供人不得在境内建设专用金融网络提供金融信息传输等服务。

(6)        A Foreign Provider may authorize an institution that it has established in China to perform the relevant reporting obligations.

(六)境外提供人可授权其在中国境内设立的机构履行相关报告义务。

|

2 . Compliance Obligations of Domestic Users

二、境内使用人的合规义务

(1)        Prior reporting obligation. A Domestic User that proposes to use the services offered by a Foreign Provider shall carry out the reporting procedures in advance in writing with the provincial-level sub-branch of the People's Bank of China of the place where its institution with legal personality is located. The contents of the report shall include the details of the services provided by the Foreign Provider; the method of accessing the Foreign Provider's network; the materials the provision of which the Foreign Provider requests; the Domestic User's valid contact person and contact information; and the Domestic User's contingency measures to ensure the continuity of its business. The provincial-level sub-branch of the People's Bank of China shall report to the People's Bank of China within 10 working days from the date of receipt of the report.

(一)事前事项报告义务。境内使用人拟使用境外提供人服务的,应当于事前以书面形式向境内使用人法人机构所在地中国人民银行省级分支机构履行报告手续。报告内容包括:境外提供人提供服务的内容;接入境外提供人网络的方式;境外提供人要求提供的材料;境内使用人的有效联系人和联系方式;境内使用人保障业务连续性的应急措施等。中国人民银行省级分支机构应当于接收报告之日起10个工作日内报告中国人民银行。

(2)        Emergency matter reporting obligation. A Domestic User shall, based on the principle of prudence, take network access security measures consonant with the scale of its business to ensure the continuity of such business, and isolate risk contagion between different domestic and foreign networks. If a Domestic User discovers an irregularity in the cross-border financial network and information services, it shall report the same in writing to the provincial-level sub-branch of the People's Bank of China of the place where it is located in a timely manner. The contents of the report shall include a description of the irregularity, the impact of the irregularity and the measures taken for the handling thereof. A key financial institution shall report within 30 minutes after the occurrence of an irregularity; other financial institutions shall, if the irregularity persists for more than two hours, report on the day in question, or, if it persists for not more than two hours, report within five working days.

(二)应急事项报告义务。境内使用人应当根据审慎原则,采取与其业务规模相适应的网络接入安全措施保障业务连续性,隔离境内外不同网络之间的风险传染。发现跨境金融网络与信息服务异常的,境内使用人应当及时以书面形式向所在地中国人民银行省级分支机构报告。报告内容包括异常情况描述、异常情况影响已经采取的处理措施等。对于重要金融机构应当于异常情况发生后30分钟内报告;对于其他金融机构,异常情况超过2个小时的应当于当日报告,在2个小时以内的应当于5个工作日内报告。

|

3 . Industry Self-regulation Requirements

三、行业自律要求

Foreign Providers and Domestic Users shall join the Payment & Clearing Association of China and submit to administration of industry self-regulation. The Payment & Clearing Association of China shall, in accordance with the requirements hereof, formulate and improve self-regulation codes for the cross-border financial network and information services industry, establish risk assurance and self-regulation sanction mechanisms for cross-border financial network and information services, and duly safeguard the lawful rights and interests of members in cross-border financial network and information services. When a member institution submits a request to the Payment & Clearing Association of China for the protection of its rights and interests, the Payment & Clearing Association of China shall apprise itself of the situation as soon as possible, actively coordinate the resolution and report the same to the People's Bank of China in a timely manner.

境外提供人和境内使用人应当加入中国支付清算协会,接受行业自律管理。中国支付清算协会应当根据本通知要求,制定完善跨境金融网络与信息服务行业自律规范,建立跨境金融网络与信息服务风险保障和自律惩戒机制,切实维护会员机构在跨境网络与信息服务中的合法权益。会员机构向中国支付清算协会提出权益维护请求时,中国支付清算协会应当尽快掌握情况,积极协调解决,并及时报告中国人民银行。

4 . Duty of Prudential Administration

四、审慎管理职责

In line with the requirements of macroprudential administration, the People's Bank of China shall assess the matters reported by Foreign Providers and Domestic Users, strengthen protection of cross-border financial network and information security, information sharing and oversight, establish regulatory cooperation frameworks with the regulators of the places where Foreign Providers are registered and strengthen coordination, communication and information sharing with them. The sub-branches of the People's Bank of China shall duly perform their local regulation duties, include the implementation of this Circular as a point of emphasis of business inspection and intensify efforts to penalize illegal acts. Where the act of a Foreign Provider or Domestic User violates a law, or a set of administrative regulations or relevant administrative provisions of the People's Bank of China, the People's Bank of China and its sub-branches may impose penalties in accordance with laws and regulations.

中国人民银行根据宏观审慎管理需要,对境外提供人履行报告的事项和境内使用人的报告事项实施评估,强化跨境金融网络与信息安全保护、信息共享和监督管理,并将与境外提供人注册所在地监管当局建立监管合作框架,加强协调沟通和信息共享。中国人民银行分支机构应当切实履行属地监管职责,将本通知执行情况纳入业务检查重点,加大对违规行为的处罚力度。境外提供人、境内使用人的行为违反法律、行政法规以及中国人民银行有关管理规定的,中国人民银行及其分支机构可以依法依规予以处罚。

5 . Miscellaneous Matters

五、其他事项

(1)        Matters relating to the use of cross-border financial network and information services offered by foreign institutions by domestic organizations such as non-banking financial institutions, entities that provide follow-up services for financial transactions and organizations that are not financial institutions shall be handled with reference hereto.

(一)非银行业金融机构、金融交易后续服务相关单位、非金融机构等其他使用境外机构所提供跨境金融网络与信息服务的境内机构参照本通知执行。

(2)        This Circular shall be effective as of the date of issuance. Foreign Providers that provided cross-border services and Domestic Users that used cross-border services before the issuance hereof shall report relevant information to the People's Bank of China in writing within 30 working days from the date of issuance hereof.

(二)本通知自发布之日起施行。本通知发布前,境外提供人已经提供跨境服务的,或者境内使用人已经使用跨境服务的,应当自本通知发布之日起30个工作日内以书面形式向中国人民银行报告有关情况。

(3)        The Shanghai Head Office, branches, business management departments, provincial capital central sub-branches and the Shenzhen central sub-branch of the People's Bank of China shall forward this Circular to urban commercial banks, rural commercial banks, rural cooperative banks, rural credit cooperatives, village and town banks, foreign-funded banks, private banks, non-bank financial institutions, entities that provide follow-up services for financial transactions, organizations that are not financial institutions and other such domestic organizations in their jurisdictions.

clp reference: 3610/18.07.11 issued: 2018-07-11 effective: 2018-07-11

(三)中国人民银行上海总部,各分行、营业管理部,各省会(首府)城市中心支行,深圳市中心支行要将本通知转发至辖区内城市商业银行、农村商业银行、农村合作银行、农村信用社、村镇银行、外资银行、民营银行、非银行业金融机构、金融交易后续服务相关单位、非金融机构等境内机构。

This premium content is reserved for
China Law & Practice Subscribers.

  • A database of over 3,000 essential documents including key PRC legislation translated into English
  • A choice of newsletters to alert you to changes affecting your business including sector specific updates
  • Premium access to the mobile optimized site for timely analysis that guides you through China's ever-changing business environment
For enterprise-wide or corporate enquiries, please contact our experienced Sales Professionals at +44 (0)203 868 7546 or [email protected]