Gabriela Kennedy and Xiaoyan Zhang delivered a seminar on “China’s New Security Laws: Making Sense of the Small Print” on Monday, 10 August 2015 to HSBC staff members at Mayer Brown’s conference centre.

Gabriela began the seminar with an overview of the key elements of data localisation laws before introducing some of the new laws recently passed in China in the past year concerning national and cyber security, including the Guides on Promoting the Application of Secure and Controllable Information Technology (CBRC Guidelines); the National Security Law (NSL); and the First Draft Cyber-security Law (CSL). Gabriela discussed the key provisions of the CRBC Guidelines, the impact it would have on business operations in mainland China as well as the concerns it would generate in the international community, before further explaining that in March this year, China agreed to delay the implementation of the Guidelines.

Xiaoyan continued the seminar with a comprehensive discussion of the key provisions of the NSL and the CSL, both which contain broad provisions and much open to interpretation. Xiaoyan briefly provided an overview of the similarities and differences between the new laws, followed by an in-depth discussion on the compliance and operational challenges posed by the new laws to international financial institutions operating in China, specifically to HSBC. She then explored some of the strategic steps to address these challenges, including assessing data storage systems; determining the scope and frequency of cross-border transfers within financial institutions, monitoring the release of updates and publication of further guidelines; training and education for staff on national and cyber-security; re-assessing the financial institution’s internal privacy policies and procedures; and keeping inventory of domestic and foreign IT products.