Mar 19, 2018 07:17 PM

Bank Regulator Toughens Rules on Data Management

The entrance to the headquarters of the China Banking Regulatory Commission is seen in Beijing on March 13. Photo: VCG
The entrance to the headquarters of the China Banking Regulatory Commission is seen in Beijing on March 13. Photo: VCG

China’s banking regulator is getting tough on the collection and use of personal data by lenders amid growing concerns about privacy and potential misuse of information by the country’s financial institutions.

New draft rules will require banks to incorporate data governance into their overall corporate governance system, and place ultimate responsibility for the matter with the the board of directors. Institutions will need to set up a data management framework, and will be encouraged to appoint a chief data officer and create a “good data culture.”

“Data governance urgently needs to be strengthened,” a spokesperson for the China Banking Regulatory Commission said at a news conference on Friday. “There are many problems, such as inaccurate and incomplete data, as well as lack of timeliness and compliance. This is not only holding back an improvement in the quality of banks, it is also affecting the efficiency of regulation.”

Banks must have unified data management, he said, pointing out that in many institutions, the function is often scattered between different departments with no clear lines of responsibility. Institutions need to strengthen awareness of data security, collect data in compliance with laws and regulations, prevent excessive collection and abuse of data, and protect customer privacy in accordance with the law, he said.

The rapid development of the banking industry over the last few years and the explosion of online finance has turned banks into big-data companies, accumulating huge volumes of information on customers and transactions. But some are finding it difficult to protect customer privacy, which has caught the attention of the regulatory authorities.

Cellphones banned

A source from the finance department of a major bank told Caixin that two years ago, his company started to strengthen management over user information by barring customer-facing employees from bringing cellphones to their work stations. Employees are not allowed to take photographs of their computer screens or to search for customer information by themselves. If they want to view customer data, it must be done with the approval of a manager and registered.

But in spite of these procedures, some employees have searched for information on their own, leaked information, and even sold customer data to external sources, the bank employee told Caixin.

Up until now, regulators have focused primarily on risk management, internal management, assets and liabilities, and other key indicators, said Liu Xianrong, deputy general manager of the data management department at China Construction Bank (CCB). The draft rules reflect the increasing importance supervisory authorities are giving to data management at banks, he added.

The growing impact of internet finance and banking has made data an important factor in a bank’s competitiveness, so more and more institutions will manage data as a key asset, Liu said.

The new rules also aim to improve the quality of data banks send to regulators, Liu said. For example, when banks submit data about their public shareholders, they can provide different information even about the same shareholder. This highlights the problems with data accuracy and the need to standardize data collection and the reporting process, he said.

The draft rules are open for public comment until April 16.

Contact reporter Liu Xiao (

You've accessed an article available only to subscribers
Share this article
Open WeChat and scan the QR code