>>>welcome visitor, haven't logged in. Login
Subscribe Now Contact us  
Font Size:  A A A Search “Fabao” Window English 中文 = 简体  繁体
  Favorite   DownLoad   Print
 
Measures for the Administration of Information Technology Management of Securities Fund Trading Institutions [Revised]
证券基金经营机构信息技术管理办法 [已被修订]
【法宝引证码】

Order of the China Securities Regulatory Commission 

中国证券监督管理委员会令

(No. 152) (第152号)

The Measures for the Administration of Information Technology Management of Securities Fund Trading Institutions, as deliberated and adopted at the 2nd Chairman's Executive Meeting of the China Securities Regulatory Commission (“CSRC”) on March 31, 2017, are hereby issued, and shall come into force on June 1, 2019. 《证券基金经营机构信息技术管理办法》已经2017年3月31日中国证券监督管理委员会2017年第2次主席办公会议审议通过,现予公布,自2019年6月1日起施行。
Chairman of the China Securities Regulatory Commission: Liu Shiyu 中国证券监督管理委员会主席:刘士余
December 19, 2018 2018年12月19日
Measures for the Administration of Information Technology Management of Securities Fund Trading Institutions 证券基金经营机构信息技术管理办法
Chapter I General Provisions 

第一章 总则

Article 1 For the purposes of strengthening the information technology management of securities fund trading institutions, guaranteeing the safe and compliance operation of information systems of the securities fund industry, and protecting investors' lawful rights and interests, these Measures are developed in accordance with the Securities Law, the Securities Investment Fund Law, the Regulation on the Supervision and Administration of Securities Companies and other laws and regulations.   第一条 为加强证券基金经营机构信息技术管理,保障证券基金行业信息系统安全、合规运行,保护投资者合法权益,根据《证券法》、《证券投资基金法》、《证券公司监督管理条例》等法律法规,制定本办法。
Article 2 These Measures shall apply to securities fund trading institutions' securities fund business activities by means of information technologies, and information technology service providers' provision of information technology services for securities fund business activities.   第二条 证券基金经营机构借助信息技术手段从事证券基金业务活动,信息技术服务机构为证券基金业务活动提供信息技术服务,适用本办法。
Article 3 For the purposes of these Measures, “securities fund trading institutions” means securities companies and fund management companies that manage publicly offered funds (hereinafter referred to as “fund management companies”) formed within China with the approval of the CSRC.   第三条 本办法所称证券基金经营机构,是指经中国证监会批准在境内设立的证券公司和管理公开募集基金的基金管理公司(以下简称基金管理公司)。
For the purposes of these Measures, “information technology service providers” means the institutions that provide information technology services for securities fund business activities. The scope of information technology services is as follows: 本办法所称信息技术服务机构,是指为证券基金业务活动提供信息技术服务的机构。信息技术服务的范围如下:
(1) Development, testing, integration and evaluation of important information systems. (一)重要信息系统的开发、测试、集成及测评;
(2) Operation maintenance and daily safety management of important information systems. (二)重要信息系统的运维及日常安全管理;
(3) Other circumstances prescribed by the CSRC. (三)中国证监会规定的其他情形。
The aforesaid institutions are collectively referred to as securities fund trading institutions and service providers. 以上机构统称证券基金经营与服务机构。
Article 4 A securities fund trading institution is the main entity responsible for conducting securities fund business activities. It shall guarantee sufficient investment in information technologies, and under the premises of compliance with laws and regulations and effectively preventing risks, fully utilize modern information technologies to improve the client service system and improve the business operation mode, improve internal management, enhance compliance and risk control capabilities, and continuously reinforce the role of modern information technologies in supporting securities fund business activities.   第四条 证券基金经营机构是从事证券基金业务活动的责任主体,应当保障充足的信息技术投入,在依法合规、有效防范风险的前提下,充分利用现代信息技术手段完善客户服务体系、改进业务运营模式、提升内部管理水平、增强合规风控能力,持续强化现代信息技术对证券基金业务活动的支撑作用。
Article 5 The CSRC and its local offices shall, in accordance with the law, conduct the supervision and administration of securities fund business activities conducted by securities fund trading institutions or service providers' provision of relevant services by means of information technologies.   第五条 中国证监会及其派出机构依法对证券基金经营与服务机构借助信息技术手段从事证券基金业务活动或提供相关服务实施监督管理。
The Securities Association of China and the Asset Management Association of China shall, in accordance with these Measures, develop and improve relevant self-regulatory rules and conduct self-regulatory management of securities fund trading institutions' securities fund business activities or provision of relevant services by means of information technologies. 中国证券业协会及中国证券投资基金业协会依照本办法制定和完善相关自律规则,对证券基金经营机构借助信息技术手段从事证券基金业务活动或提供相关服务实施自律管理。
China Securities Information Technology Services Limited Company (hereinafter referred to as “CSITS”), shall, under the guidance of the CSRC, develop relevant supporting business rules to assist in recordation, monitoring, testing, inspection and other work relating to information technologies. 中证信息技术服务有限责任公司(以下简称中证信息)在中国证监会指导下制定相关配套业务规则,协助开展信息技术相关备案、监测、检测和检查等工作。
Chapter II Information Technology Governance 

第二章 信息技术治理

Article 6 A securities fund trading institution shall improve the power and responsibility allocation mechanism in the process of using information technologies, establish and improve the information technology management rules and operating procedures, guarantee the investment in information technologies commensurate with the scale and complexity of business activities, and continuously satisfy the requirements for the availability, security and compliance of information technology resources.   第六条 证券基金经营机构应当完善信息技术运用过程中的权责分配机制,建立健全信息技术管理制度和操作流程,保障与业务活动规模及复杂程度相适应的信息技术投入水平,持续满足信息技术资源的可用性、安全性与合规性要求。
Article 7 The board of directors of a securities fund trading institution shall be responsible for deliberating on the company's information technology management objectives, assume responsibility for the effectiveness of information technology management, and perform the following duties:   第七条 证券基金经营机构董事会负责审议本公司的信息技术管理目标,对信息技术管理的有效性承担责任, 履行下列职责:
(1) Deliberating on information technology strategies to ensure their consistency with the company's development strategies, risk management strategies and capital strength. (一)审议信息技术战略,确保与本公司的发展战略、风险管理策略、资本实力相一致;
(2) Establishing information technology human resource and fund guarantee programs. (二)建立信息技术人力和资金保障方案;
(3) Assessing the overall effects and efficiency of the annual information technology management work. (三)评估年度信息技术管理工作的总体效果和效率;
(4) Other information technology management functions as prescribed by the company's bylaws. (四)公司章程规定的其他信息技术管理职责。
Article 8 The management of a securities fund trading institution shall be responsible for implementing information technology management objectives, assuming responsibilities for the information technology management work, and performing the following duties:   第八条 证券基金经营机构经营管理层负责落实信息技术管理目标,对信息技术管理工作承担责任,履行下列职责:
(1) Organizing the implementation of relevant resolutions of the board of directors. (一)组织实施董事会相关决议;
(2) Establishing an information technology management organization structure with definite responsibilities and clear procedures, and specifying management duties, work procedures and coordination mechanisms. (二)建立责任明确、程序清晰的信息技术管理组织架构,明确管理职责、工作程序和协调机制;
(3) Improving the performance assessment and accountability mechanism. (三)完善绩效考核和责任追究机制;
(4) Other information technology management duties prescribed by the company's bylaws or authorized by the board of directors. (四)公司章程规定或董事会授权的其他信息技术管理职责。
Article 9 A securities fund trading institution shall establish an information technology governance committee or designate a special committee (hereinafter collectively referred to as the “information technology governance committee”) under the management of the company to formulate information technology strategies and deliberate on the following matters:   第九条 证券基金经营机构应当在公司管理层下设立信息技术治理委员会或指定专门委员会(以下统称信息技术治理委员会)负责制定信息技术战略并审议下列事项:
(1) Information technology planning, including but not limited to information technology construction planning, information security planning and data governance planning. (一)信息技术规划,包括但不限于信息技术建设规划、信息安全规划、数据治理规划等;
(2) Information technology investment budget and distribution plan. (二)信息技术投入预算及分配方案;
(3) Important information system construction or major transformation and project launching and major modification plan. (三)重要信息系统建设或重大改造立项、重大变更方案;
(4) Information technology emergency response plan. (四)信息技术应急预案;
(5) Reports on the examination of relevant business activities conducted by means of information technologies and annual assessment reports. (五)使用信息技术手段开展相关业务活动的审查报告以及年度评估报告;
(6) Matters brought to the members of the information technology governance committee for deliberation. (六)信息技术治理委员会委员提请审议的事项;
(7) Other matters that have a significant impact on information technology management. (七)其他对信息技术管理产生重大影响的事项。
The information technology governance committee shall consist of senior executives and the persons in charge of the compliance management department, risk management department, audit department, major business departments, information technology management department and other departments, and may retain external professionals to serve as members or consultants of the information technology governance committee. 信息技术治理委员会应当由高级管理人员以及合规管理部门、风险管理部门、稽核审计部门、主要业务部门、信息技术管理部门等部门负责人组成,可聘请外部专业人员担任信息技术治理委员会委员或顾问。
Article 10 A securities fund trading institution shall designate a senior executive who is familiar with the securities and fund businesses, has professional background in information technologies, employment experience, and ability to perform duties as the chief information officer to be responsible for information technology management and he or she shall have the following office qualifications:   第十条 证券基金经营机构应当指定一名熟悉证券、基金业务,具有信息技术相关专业背景、任职经历、履职能力的高级管理人员为首席信息官,由其负责信息技术管理工作,并具备下列任职条件:
(1) He or she has conducted the work on information technologies for ten years or more, of which he or she has conducted the work on information technologies in the securities and fund industry for three years or more, or has worked in the securities regulatory authority or self-regulatory organization of the securities and fund industry for eight years or more. (一)从事信息技术相关工作十年以上,其中证券、基金行业信息技术相关工作年限不少于三年;或者在证券监管机构、证券基金业自律组织任职八年以上;
(2) In the most recent three years, it has not been given any administrative penalty or taken against any major administrative regulatory measure by the financial regulatory authority. (二)最近三年未被金融监管机构实施行政处罚或采取重大行政监管措施;
(3) Other conditions prescribed by the CSRC. (三)中国证监会规定的其他条件。
Article 11 A securities fund trading institution shall establish an information technology management department or designate a specialized body (hereinafter collectively referred to as the “information technology management department”) to be responsible for the implementation of information technology planning, information system construction, information technology quality control, information security guarantee, operation maintenance management and other work.   第十一条 证券基金经营机构应当设立信息技术管理部门或指定专门机构(以下统称信息技术管理部门)负责实施信息技术规划、信息系统建设、信息技术质量控制、信息安全保障、运维管理等工作。
Chapter III Information Technology Compliance and Risk Management 

第三章 信息技术合规与风险管理

Article 12 A securities fund trading institution shall include the use of information technologies in the compliance and risk management system, and provide the compliance management department and risk management department with information technology resources that are compatible with the scale and complexity of business activities, and establish corresponding examination, monitoring and inspection mechanisms so as to ensure that compliance and risk management cover all links of the use of information technologies.   第十二条 证券基金经营机构应当将信息技术运用情况纳入合规与风险管理体系,为合规管理部门和风险管理部门配备与业务活动规模、复杂程度相适应的信息技术资源,并建立相应的审查、监测和检查机制,确保合规与风险管理覆盖信息技术运用的各个环节。
Article 13 When a securities fund trading institution conducts securities fund business activities by means of information technologies, it shall, when launching the business system, launch the risk management system or relevant functions compatible with the complexity and risk status of business activities (hereinafter collectively referred to as the “risk management system”), so as to identify, monitor, give early warnings on and intervene in risks.   第十三条 证券基金经营机构借助信息技术手段从事证券基金业务活动的,应当在业务系统上线时,同步上线与业务活动复杂程度和风险状况相适应的风险管理系统或相关功能(以下统称风险管理系统),对风险进行识别、监控、预警和干预。
Article 14 A securities fund trading institution shall, before conducting securities fund business activities by means of information technologies, conduct internal examination, verify the following matters and establish archival records:   第十四条 证券基金经营机构借助信息技术手段从事证券基金业务活动前,应当开展内部审查,验证下列事项并建立存档记录:
(1) The process design, function setting, parameter configuration and technical implementation of the business system shall follow the principles of business compliance and shall not violate any law or regulation or provision of the CSRC. (一)业务系统的流程设计、功能设置、参数配置和技术实现应当遵循业务合规的原则,不得违反法律法规及中国证监会的规定;
(2) The risk management system has complete functions and clear authority, and can be launched and operated when the business system is launched. (二)风险管理系统功能完备、权限清晰,能够与业务系统同步上线运行;
(3) It has complete information security protection measures and can guarantee the security and integrity of business data and clients' information. (三)具备完善的信息安全防护措施,能够保障经营数据和客户信息的安全、完整;
(4) It has the information system backup and operation maintenance management capability satisfying relevant requirements so as to ensure the safe and smooth operation of relevant systems. (四)具备符合要求的信息系统备份及运维管理能力,能够保障相关系统安全、平稳运行。
Article 15 A securities fund trading institution shall identify various risks involved in the securities fund business activities by means of information technologies, and establish a continuously effective risk monitoring mechanism. The securities fund trading institution shall handle the identified risks in a timely and stable manner, and monitor the effectiveness of the risk monitoring mechanism and the implementation thereof at least once each year.   第十五条 证券基金经营机构应当识别借助信息技术手段从事证券基金业务活动的各类风险,建立持续有效的风险监测机制。证券基金经营机构应当及时、稳妥处置发现的风险问题,并至少每年开展一次风险监测机制及执行情况的有效性评估。
Article 16 A securities fund trading institution shall conduct special audits of information technology management work on a periodical basis and at least once a year, and the auditing of all information technology management matters shall be completed within three years, including but not limited to information technology governance, information technology compliance and risk management, information technology security management and emergency management.   第十六条 证券基金经营机构应当定期开展信息技术管理工作专项审计,频率不低于每年一次,确保三年内完成信息技术管理全部事项的审计工作,包括但不限于信息技术治理、信息技术合规与风险管理、信息技术安全管理、应急管理。
The securities fund trading institution shall entrust an external specialized agency to conduct a complete audit of the information technology management work at least once every three years. If administrative penalty measures, regulatory measures or self-regulatory management measures are taken without effective information technology management, a special audit of relevant matters shall be completed within three months. 证券基金经营机构应当委托外部专业机构开展信息技术管理工作的全面审计,频率不低于每三年一次;未能有效实施信息技术管理被采取行政处罚措施、监管措施或者自律管理措施的,应当在三个月内完成对有关事项的专项审计。
The securities fund trading institution shall track the rectification of problems found in the audit. If relevant problems are not rectified in a timely manner, the reasons shall be explained and the audit report shall be submitted to the information technology governance committee for deliberation. The securities fund trading institution shall properly retain the audit report for not less than 20 years. 证券基金经营机构应当跟踪审计发现问题的整改情况,相关问题未能及时整改的,应当说明理由,并将审计报告提交信息技术治理委员会审议。证券基金经营机构应当妥善保存审计报告,保存期限不得少于二十年。
Article 17 Unless it is otherwise prescribed by any law or regulation or by the CSRC, a securities fund trading institution shall directly receive clients' trading orders through its own operation management information system, and record the time of receipt of clients' trading orders.   第十七条 除法律法规及中国证监会另有规定外,证券基金经营机构应当通过自身运营管理的信息系统直接接收客户交易指令,并记录客户交易指令接收时间。
Article 18 A securities fund trading institution shall collect, record, store and report the information on clients' trading terminals in accordance with the relevant provisions of the CSRC, and take effective technical measures to guarantee the veracity, accuracy and integrity of relevant information.   第十八条 证券基金经营机构应当按照中国证监会有关规定采集、记录、存储、报送客户交易终端信息,并采取有效的技术措施,保障相关信息真实、准确、完整。
Where the securities fund trading institution provides trading services to a specific client by means of a specialized trading information system, it shall require the client to register the trading terminal information; if the information changes, it shall require the client to perform the modification procedure so as to ensure the consistency between the client's trading terminal information actually used by the client and registered content. 证券基金经营机构借助专业化交易信息系统向特定客户提供交易服务的,应当要求客户登记交易终端信息;信息发生变更的,应当要求客户履行变更程序,确保客户真实使用的客户交易终端信息与登记内容一致。
Article 19 Where a securities fund trading institution conducts securities fund business activities using an electronic contract, it shall store the electronic contract in a designated information system and provide an open channel for investors and other parties to the contract to consult and download information.   第十九条 证券基金经营机构使用电子合同从事证券基金业务活动的,应当将电子合同存储在指定的信息系统,并提供可供投资者及合同其他相关方查询、下载的公开渠道。
Article 20 A securities fund trading institution engaging in the business relating to securities trading shall, in accordance with the requirements of regulatory provisions and self-disciplinary management rules, ensure that the risk management system has the functions of checking whether the account funds and securities are sufficient, and monitor whether transactions and fund transfer are abnormal, among others.   第二十条 证券基金经营机构从事证券交易相关业务,应当按照监管规定及自律管理规则的要求,确保风险管理系统具备审查账户资金及证券是否充足、监控交易及资金划转是否异常等功能。
Chapter IV Information Technology Security 

第四章 信息技术安全

Section 1 Information System Security 

第一节 信息系统安全

Article 21 A securities fund trading institution shall establish a special development testing environment independent of the production environment to avoid risk transmission; if the development testing environment uses data without data masking, it shall take the safety control measures same as the production environment.   第二十一条 证券基金经营机构应当建立独立于生产环境的专用开发测试环境,避免风险传导;开发测试环境使用未脱敏数据的,应当采取与生产环境同等的安全控制措施。
Where the securities fund trading institution conducts important information system technology or business testing in the production environment, it shall examine the testing procedures and results. 证券基金经营机构在生产环境开展重要信息系统技术或业务测试的,应对测试流程及结果进行审查。
Article 22 Where an important information system of a securities fund trading institution is launched or has any material modification, a special implementation plan shall be made, and the launching or modification operation of the information system shall be examined, confirmed and tracked.   第二十二条 证券基金经营机构重要信息系统上线或发生重大变更的,应当制定专项实施方案,并对信息系统上线或变更操作行为进行审查、确认和跟踪。
Where the securities fund trading institution plans to cease the use of an important information system, it shall conduct technical and business impact assessment, make a complete plan for ceasing the use of system and data migration and custody, and organize necessary review and safety check after the use of the system is ceased.
......
 证券基金经营机构重要信息系统计划停止使用的,应当开展技术和业务影响评估,制定完整的系统停用和数据迁移保管方案,并组织必要的评审及停用后的安全检查。
......

Dear visitor, as a premium member of this database, you will get complete access to all content.Please go premium and get more.

1. To become a premium member, please call 400-810-8266 Ext. 171.

2. Binding to the account with access to this database.

3. Apply for a trial account.

4. To get instant access to a document, you can Pay Amount 【¥1100.00】 for your single purchase.
 
您好:您现在要进入的是北大法宝英文库会员专区。
如您是我们英文用户可直接 登录,进入会员专区查询您所需要的信息;如您还不是我们 的英文用户;您可通过网上支付进行单篇购买,支付成功后即可立即查看本篇内容。
Tel: +86 (10) 82689699, +86 (10) 82668266 ext. 153
Mobile: +86 13311570713
Fax: +86 (10) 82668268
E-mail:info@chinalawinfo.com
     
     
Scan QR Code and Read on Mobile
【法宝引证码】        北大法宝en.pkulaw.cn
Message: Please kindly comment on the present translation.
 
Confirmation Code:
Click image to reset code
 
  Translations are by lawinfochina.com, and we retain exclusive copyright over content found on our website except for content we publish as authorized by respective copyright owners or content that is publicly available from government sources.

Due to differences in language, legal systems, and culture, English translations of Chinese law are for reference purposes only. Please use the official Chinese-language versions as the final authority. Lawinfochina.com and its staff will not be directly or indirectly liable for use of materials found on this website.

We welcome your comments and suggestions, which assist us in continuing to improve the quality of our materials as we dynamically expand content.
 
Home | About us | Disclaimer | Chinese