Nov 13, 2020 03:52 AM

Exclusive: Regulators Take Aim at IT Outsourcing Risks at Financial Institutions

What’s new: China’s top banking and insurance industry regulator is working on new rules designed to contain risks from financial institutions’ information technology (IT) outsourcing practices, Caixin learned.

The China Banking and Insurance Regulatory Commission (CBIRC) recently released for industry comment a set of proposed rules that would introduce new requirements for financial institutions’ hiring of IT outsourcing providers and management of related risks.

The draft rules stipulate that financial institutions retain in-house supervision of IT management, build their own capacity in key technologies, and enhance risk monitoring and oversight of outsourced IT operations, according to documents reviewed by Caixin.

What’s the context: The draft rules reflect financial regulators’ rising concerns over technology-related risks in the financial system

China first put up rules to regulate financial institutions’ IT system management and related risk controls more than 10 years ago. The latest draft further emphasizes institutions’ responsibility for technology risk control and proposes different levels of risk management requirements on different types of technology outsourcing practices.

Quick Takes are condensed versions of China-related stories for fast news you can use. To read the full story in Chinese, click here.

Contact reporter Han Wei ( and editor Bob Simison (

Support quality journalism in China. Subscribe to Caixin Global starting at $0.99.

You've accessed an article available only to subscribers
Share this article
Open WeChat and scan the QR code