Video
Let's talk antitrust: Discussing recent cases and emerging competition issues
Recent cases and judgments have shone a light on some emerging themes and trends that companies will want to consider as part of their risk management framework.
Global | Publication | July 2018
On 21 May 2018 China’s Banking and Insurance Regulatory Commission (CBIRC) issued Guidelines on Data Governance for Banking Financial Institutions (the Guidelines), effective as of the issue date. In this briefing, we outline the key features of the Guidelines and discuss the implications for banking financial institutions in China.
Encompassing 55 Articles in seven Chapters, the Guidelines:
The Guidelines clarify the structure of data governance in banking financial institutions, aiming to eliminate ambiguity in the powers and duties among various departments and to create unified data management.
Under the Guidelines, banking financial institutions must build a top-down and coordinated system for data governance, allocating responsibilities among the board of directors, board of supervisors and its senior management team.
Specifically, the board of directors must:
Senior executives are responsible for setting up:
The board of supervisors, on the other hand, must supervise and evaluate the performance of the board of directors and senior executives on data governance.
In addition, banking financial institutions may set up a position of Chief Data Officer (the CDO), even though it is not a mandatory requirement. The institutions can determine whether the CDO is a member of the senior managers based on their business needs. For those CDOs who are considered to be senior managers, they should also be subject to relevant qualification requirements specified by the CBIRC.
The CDO, as a newly created role, currently lacks any more detailed descriptions of its duties and responsibilities in the Guidelines. Generally speaking, in the light of domestic and global data security laws and regulations, the CDO is expected to have a well-balanced mix of technical know-how, analytical skills, expertise in legal and regulatory matters as well as business acumen.
Apart from providing guidance in relation to the data governance framework, the Guidelines also expressly require banking financial institutions to establish a comprehensive data management and data quality control system, as follows:
The Guidelines underscore the CBIRC’s emphasis on technology innovation and data monetisation. They provide that banking financial institutions should embed data applications intotheir business operations, risk management and internal controls. By doing that, banking financial institutions will be able to effectively capture risks and optimise business procedures, as well as promote data-driven development.
One can take from the Guidelines that the Chinese government would appear to be highly encouraging of the development of technology innovation in the banking industry generally. Specifically, banking financial institutions are called upon to enhance their capability in relation to data aggregation in order to satisfy the risk management needs. Similarly the Guidelines encourage banking financial institutions to use cutting-edge technologies, such as Big Data analytics, to advance business and unlock commercial value.
Data is becoming increasingly valuable assets and have significant competitive advantages in the banking industry. Indeed, without high quality data and upward reporting of meaningful management information, financial institutions cannot identify and monitor their risk. Nor can they properly understand the performance of business activities.
In spite of already gathering, processing and storing massive quantities of data, banking financial institutions are still in the early stages of taking full advantage of the opportunities such data present. As technological transformation and innovation expand their ability to profit from data, data-related activities also give rise to new vulnerabilities. Protecting data remains among the most pressing issues facing financial institutions. The Guidelines will, therefore, have significant operational and business implications for all banking financial institutions in China.
The Guidelines are a tangible example of how the Chinese government wishes to encourage banking financial institutions to establish efficient data governance structures and independent comprehensive risk management systems, customised to each institution’s own business operations.
Implementing such measures is likely to strengthen the privacy protection for clients. More importantly, the Guidelines can be taken as an expression of governmental support in relation to technology innovation in the banking industry, encouraging banking financial institutions to use data aggregation and Big Data analytics to fully realise value inherent in data. In order to crystallise such value, and at the same time manage risk, banking financial institutions will need to develop a strategic vision and a clear road map for deployment of technology approaches to data.
While the Guidelines can provide a great opportunity for financial institutions to further explore Big Data, for rolling out innovative business models, and for capturing new business opportunities, they also impose heightened compliance requirements on financial institutions to safeguard data privacy and manage cybersecurity for their business operations in China – an approach which is in line with the evolving regulatory regime in the banking industry in China more generally.
Video
Recent cases and judgments have shone a light on some emerging themes and trends that companies will want to consider as part of their risk management framework.
Publication
After a lacklustre finish to 2022 when compared to the vintage year for M&A that was 2021, dealmakers expected 2023 to see the market continue to cool in most sectors, in response to the economic headwinds of rising inflation (with its corresponding impact on financing costs), declining market valuations, tightening regulatory scrutiny and increasing geopolitical tensions.
Publication
On 18 September 2023, the CMA published its Initial Report (Initial Report) on AI Foundation Models (FM), supplemented in April 2024 with the publication of its “Update Paper” focused on potential antitrust risks associated with FMs and a “Technical Update Report” providing more detail on the development on FMs (collectively the “Reports”). Below, we consider these CMA publications.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023