17 November, 2020
On October 23, 2020, the China Securities Regulatory Commission (CSRC) issued the Guidelines for the Application of Regulatory Rules – Technology Related Supervision No. 1 (“Guidelines”). The Guidelines provide further clarification on the Administrative Provisions on the Filing of Securities Service Institutions Providing Securities Related Services (“Filing Provisions”) promulgated by the CSRC on July 24, 2020 with respect to the filing of securities service providers.
It is worth noting that, pursuant to Item 5 of the Guidelines, “fund IT service providers” (as defined below) shall refer to the relevant provisions of the Guidelines regarding filing methods and materials when filing in accordance with the Administrative Measures on Information Technology of Securities and Fund Operating Institutions (“Administrative Measures”), which was issued by the CSRC in December, 2018 and officially came into force on June 1, 2019. It can be ascertained that the legal basis for fund IT service providers to complete filing procedures is the Administrative Measures, while the subsequent promulgation of the Guidelines elaborates detailed filling requirements under the Administrative Measures.
We have briefly summarized below the filing requirements for fund IT service providers under the Administrative Measures.
I. Filing Applicants
Pursuant to Article 3 of the Administrative Measures, “fund IT service providers” refer to the institutions that provide information technology (IT) services for the securities and fund business activities of public fund management companies (“FMCs”). The scope of IT services includes: (i) development, testing, integration and evaluation of important information systems; (ii) operation and daily security management of important information systems; (iii) other circumstances stipulated by the CSRC.
In accordance with Article 63 of the Administrative Measures, the aforementioned “important information systems” refer to information systems that support the key business functions of FMCs and service providers for specialized fund businesses, any abnormality of which will cast a significant impact on the securities and futures markets and investors, including centralized trading systems, investment trading systems, financial product distribution systems, valuation and accounting systems, investment monitoring systems, fund unit registration systems, third party depository systems, business systems for margin trading and securities lending, online trading systems, telephone commissioning systems, mobile terminal trading systems, corporate clearing systems, portals for account opening or client information modification, systems for carrying out investment advisory businesses, systems for storing data related to documents of underwriting sponsorship business, professional instant messaging software and other information systems with similar functions to the foregoing information systems.
II. Types of Filing
Pursuant to the Administrative Measures and the Guidelines, the types of filing for fund IT service providers include first filing, filing of major changes and annual filing.
1 First Filing
Article 47 of the Administrative Measures provides that a fund IT service provider shall satisfy the following conditions when making the first filing: (i) for the preceding three years, having not been subject to any administrative penalty or major regulatory measure imposed or taken by regulatory authorities for engaging in illegal financial activities, operating businesses in violation of relevant rules stipulated by financial regulatory authorities or providing information publishing services for illegal financial activities, etc.; (ii) for the preceding 12 months, no record of any major violation of securities and futures laws and regulations by the fund IT service provider and its controlling shareholder, de facto controller as well as other IT service providers controlled by such de facto controller; (iii) having secure and stable IT service capacity; (iv) having timely and efficient emergency response capacity; (v)being familiar with relevant securities and funds businesses, as well as being capable of constantly evaluating whether IT products and services are in compliance with relevant regulatory requirements; (vi) other conditions stipulated by the CSRC.
At the same time, Item 2 of the Guidelines clarifies that a fund IT service provider shall submit the following documents through the IT Service Providers Filing Information Collecting System (“Filing Information Collecting System”) developed by the CSRC when making its first filing, namely, (i) the Filing Form for fund IT Service Provider; (ii) the business license of the fund IT service provider, or relevant approval or filing documents issued by the competent regulators to the fund IT service provider for conducting relevant business activities; (iii) information for the preceding three years regarding cases where the fund IT service provider or its employees filed in accordance with the Filing Provisions were under investigation by the competent regulators or investigated by judicial authorities due to their business activities suspected of violating laws and regulations, as well as information regarding all criminal penalties, administrative penalties, supervisory and regulatory measures, self-disciplinary measures and disciplinary sanctions that have ever been imposed on or taken against the fund IT service provider or its employees due to their business activities; (iv) information about the controlling shareholder, de facto controller and employees of the fund IT service provider; (v) the business plan; (vi) compliance management systems; (vii) information about products and services; (viii) information about clients purchasing products and clients purchasing services from the fund IT service provider; (ix) audit report for financial statements of the preceding year.
2 Filing of Major Changes
Pursuant to Article 48 of the Administrative Measures and Item 2 of the Guidelines, a fund IT service provider shall update and submit relevant documents through the Filing Information Collecting System in a timely manner upon the occurrence of any of the following, namely: (i) change of name; (ii) change of address; (iii) change of legal representative or principal person in charge; (iv) change of the head of quality control; (v) change of the head of risk control; (vi) change of the shareholder holding more than 5% shares in the fund IT service provider, or change of the de facto controller, directors, supervisors, senior executives or partners of the fund IT service provider; (vii) major change in quality control system, risk control system and other internal management systems that are in connection with fund services; (viii) the fund IT service provider or its employees filed in accordance with the Filing Provisions become the subject of investigation by the competent regulators or investigated by judicial authorities due to their business activities suspected of violating laws and regulations, or become subject to criminal penalties, administrative penalties, supervisory and regulatory measures, self-disciplinary measures and disciplinary sanctions due to their business activities; (ix) the fund IT service provider and its employees filed in accordance with the Filing Provisions become involved in any ongoing litigation or arbitration arising from civil disputes with any of its clients or investors due to their business activities; and (x) the fund IT service provider establishes or closes any subsidiaries or branches.
3 Annual Filing
According to Article 53 of the Administrative Measures and Item 2 of the Guidelines, a fund IT service provider, while submitting its annual report, shall also submit its annual specialized report on IT management, specifically, the fund IT service provider shall submit the following documents through the Filing Information Collecting System prior to April 30 of each year: (i) basic information and operation status of the fund IT system service provider; (ii) any change of employees filed in accordance with the Filing Provisions; and (iii) implementation and change of the internal management systems.
III. Statutory Obligations
Apart from the aforementioned filing requirements, the Administrative Measures provide for additional requirements for the internal governance and business activities of fund IT service providers.
1 Internal Governance
Article 50 of the Administrative Measures stipulates that a fund IT service provider shall improve its internal quality control mechanism and periodically monitor relevant products or services. Upon discovering any obvious quality defect in the course of servicing, the fund IT service provider shall immediately investigate the relevant situation, take necessary measures, specify the time limit for repairing the defects as well as complete such repairing work in a timely manner.
2 Prohibited Behaviors in Business Activities
Pursuant to Article 51 of the Administrative Measures, fund IT service providers are prohibited from conducting the following activities while providing relevant services for FMCs: (i) participating in any part of the business services provided by securities and fund operating institutions to their clients, or releasing information to the investors or the public that may mislead them to believe that such fund IT service provider is engaging in any securities and fund businesses; (ii) intercepting, storing, forwarding or using operation data and client information related to securities and fund business activities; (iii) re-entrusting a third party to provide IT services without informing the parties receiving such services; (iv) Violating existing laws and regulations for relevant functions, operating processes, system authorizations or parameter configuration of the products or services provided; (v) shutting down system interfaces or setting up technical barriers without justifiable reasons; (vi) releasing information regarding information security breaches, information system stress test results or any other cybersecurity information to the public or divulging such non-public information; (vii) other activities prohibited by laws, regulations or the CSRC.
We suggest fund IT service providers offering services for FMCs to complete relevant filing procedures in accordance with the Guidelines as soon as possible.
For further information, please contact:
Natasha (Qing) Xie, Partner, Jun He
xieq@junhe.com
