金诚同达保险新规速递2022年第三期(中英双语版)

来源:金诚同达

文章摘要
目录 Contents 1.

目录 Contents
1. 关于保险资金投资有关金融产品的通知
Circular on the Investment of Insurance Funds in Relevant Financial Products
2. 保险资金委托投资管理办法
Administrative Measures for the Entrusted Investment of Insurance Funds
3. 关于加强保险机构资金运用关联交易监管工作的通知
Circular on Strengthening the Regulation of the Fund Use Type of Affiliated Transactions of Insurance Institutions
4. 关于规范和促进商业养老金融业务发展的通知
Notice on Regulating and Promoting the Development of Commercial Pension Financial Business
5. 关于进一步便利境外机构投资者投资中国债券市场有关事宜
Matters Concerning Further Facilitating Foreign Institutional Investors’ Investments in China's Bond Market
6. 数据出境安全评估办法
Security Assessment Measures for Cross-border Data Transfer
1 关于保险资金投资有关金融产品的通知
Circular on the Investment of Insurance Funds in Relevant Financial Products
2022年5月13日,银保监会修订发布了《关于保险资金投资有关金融产品的通知》(“通知”),《中国保监会关于保险资金投资有关金融产品的通知》(保监发〔2012〕91号)和《中国银保监会办公厅关于保险资金投资债转股投资计划有关事项的通知》(银保监办发〔2020〕82号)同时废止。
On May 13, 2022, CBIRC promulgated the revised Circular on the Investment of Insurance Funds in Relevant Financial Products (the “Circular”), which supersedes its old version (Bao Jian Fa [2012] No.91) and the Circular of the General Office of CBIRC on Matters Concerning the Investment of Insurance Funds in Debt-to-Equity Investment Plans (Yin Bao Jian Ban Fa [2020] No.82).
《通知》的一些主要内容如下:
Some of the main contents of the Circular are summarized as follows:
保险资金可投金融产品的范围。《通知》拓宽保险资金可投资金融产品范围,将理财公司理财产品、单一资产管理计划、债转股投资计划等纳入可投资金融产品范围。
Scope of financial products that may be invested with insurance funds. The Circular expands the scope of financial products that may be invested in with insurance funds to cover wealth management companies’ wealth management products, single asset management plans, debt-to-equity investment plans, etc..
保险机构投资金融产品的原则。《通知》强调了保险机构投资金融产品须具备投资管理能力。保险机构投资理财产品、集合资金信托、债转股投资计划、信贷资产支持证券、资产支持专项计划时,须具备相应投资管理能力。《通知》对产品的管理人提出了相关要求,包括公司治理、信誉、审慎经营、投资业绩与守法记录方面。《通知》不再要求保险资金须优先投资在公开平台登记发行和交易转让的金融产品。
Principles for insurance institutions to invest in financial products. The Circular emphasizes that insurance institutions should have investment management capabilities for investing in financial products. When investing in wealth management products, assembled funds trust, debt-to-equity investment plans, credit asset-backed securities and asset-backed special plans, insurance institutions should have the corresponding investment management capabilities. The Circular imposes certain requirements on the product managers, including corporate governance, credit standing, prudent operation, investment performance and compliance record. The Circular no longer requires insurance funds to be invested with priority to financial products that are registered, issued, traded and transferred on public platforms.
单一资产管理计划和面向单一投资者发行的私募理财产品。《通知》明确保险集团公司和保险公司不得委托保险资产管理公司投资。《通知》要求保险资金投资该等计划和产品的,需要制定投资管理人选聘标准和流程、与管理人签订资产管理合同、审慎制定投资指引并定期或不定期进行审核与调整。
Single asset management plans and private wealth management products issued to single investors. The Circular clarifies that insurance group companies and insurance companies should not entrust insurance asset management companies to invest in such plans and products. The Circular requires that, for investment in such plans and products, investment manager selection standards and procedures should be formulated, an asset management contract should be signed with the investment manager and investment guidelines should be formulated prudently and reviewed and adjusted on a periodic and ad hoc basis.
保险资金投资理财产品。《通知》取消产品的外部信用评级要求,删除了对理财产品发行银行信用等级的要求,并增加了理财公司作为理财产品发行人的条件,该理财公司的注册资本不得低于30亿元人民币。
Investment in wealth management products with insurance funds. The Circular removes the external credit rating requirement for wealth management products, deletes the credit rating requirement for banks issuing wealth management products, and adds the requirement that a wealth management company issuing wealth management products should have a registered capital of no less than RMB3 billion.
保险资金投资集合资金信托。《通知》要求保险资金资投资的集合资金信托其基础资产是非标准化债权类资产的,要求保险机构具备信用风险管理能力;而保险资金投资的集合资金信托其基础资产是非上市权益类资产的,则按照穿透原则要求保险机构须具备股权投资管理能力、不动产投资管理能力或股权投资计划产品管理能力、债权投资计划产品管理能力。
Investment in assembled funds trust with insurance funds. The Circular requires that for the assembled fund trust invested in with insurance funds, if the underlying assets of such trust are non-standardized debt assets, the insurance institution should have the capacity to manage credit risks; and for assembled fund trust invested in with insurance funds, if the underlying assets of such trust are non-listed equity assets, the insurance institution should have the capacities for managing equity investment, real estate investment, managing equity investment plan products or managing debt investment plan products in accordance with the look-through principle.
保险资金投资债转股投资计划。《通知》不再要求债转股投资计划投资的市场化债转股资产原则上不低于债转股投资计划净资产的60%。
Investments in debt-to-equity investment plans with insurance funds. The Circular no longer requires that assets underlying market-based debt-for-equity investment plans should in principle account for no less than 60% of the net assets of all debt-for-equity investment plans.
保险资金投资信贷资产支持证券。《通知》取消了信贷资产支持证券外部信用评级要求。
Investment in credit asset-backed securities with insurance funds. The Circular removes the external credit rating requirement for credit asset-backed securities.
保险资金投资资产支持专项计划。《通知》取消产品外部信用评级要求,并将担任管理人的证券公司上一会计年度末经审计的净资产最低限额下调为30亿元人民币。
Investment in the asset-back special plans with insurance funds. The Circular removes the external credit rating requirement for such plans, and lowers the minimum unaudited net assets of a securities company serving as a manager of such plans to RMB3 billion as of last year end.
投资禁止行为。《通知》明确保险资金不得投资结构化产品的劣后级,但是保险机构自身所持资产或者资产收益权为基础资产的结构化产品则除外。
Prohibited Investment. The Circular clarifies that insurance funds may not be invested in the inferior tranches of structured products, except for those structured products whose underlying assets are the assets or the rights to asset earnings that are held by insurance institutions themselves.
信息报送义务。《通知》要求保险集团公司和保险公司将投资金融产品情况纳入季度和年度资金运用情况报告,合并后报告频率为每季度结束后30个工作日内和每年4月30日前,分别提交季度报告和年度报告。
Information reporting obligations. The Circular requires that insurance group companies and insurance companies to include the statues of their investment in financial products into the quarterly and annual reports on their use of funds, and to submit quarterly and annual reports within 30 business days after the end of each quarter and prior to April 30 every year respectively.
2 保险资金委托投资管理办法
Administrative Measures for the Entrusted Investment of Insurance Funds
2022年5月9日,银保监会发布《保险资金委托投资管理办法》,于发布当日生效。《保险资金委托投资管理暂行办法》(保监发[2012]60号)同时废止。
On May 9, 2022, CBIRC published the Administrative Measures for the Entrusted Investment of Insurance Funds, which took effect immediately and superseded the Interim Administrative Measures for the Entrusted Investment of Insurance Funds (Bao Jian Fa [2012] No.60).
《办法》主要包括以下内容:(1)明确适用的受托人主体为保险资产管理机构,而原暂行办法中证券公司、基金管理公司等作为投资管理人的要求在《关于保险资金投资有关金融产品的通知》(银保监规[2022]7号)中予以明确。(2)放宽保险资金委托投资范围。此前投资范围仅限于境内市场存款、依法公开发行并上市交易的债券和股票、证券投资基金及其他金融工具,《办法》放宽至银保监会规定的保险资金运用范围,但直接股权投资、以物权和股权形式持有的投资性不动产除外。(3)加强受托人的独立管理义务,要求根据保险资金特性、委托投资指引等构建投资组合,独立进行风险评估并履行完整的投资决策流程,对投资标的和投资时机选择以及投后管理等实施主动管理,对投资运作承担合规管理责任。(4)明确保险资金委托和受托的禁止行为,具体如下:
The Measures include the following main contents: (1) The Measures specify that the applicable entrustees under the Measures are insurance asset management institutions, while the requirements for securities companies, fund management companies and etc. acting as investment managers, previously included in the Interim Measures, are now specified in the Circular on the Investment of Insurance Funds in Relevant Financial Products (Yin Bao Jian Gui [2022] No.7). (2) The Measures expand the scope of entrusted investment of insurance funds to cover all the fund use, other than direct equity investment and investment real estate holding in the form of property rights and equity interests. Previously, the entrusted investment scope was limited to deposits, securities publicly issued and listed bonds and stocks, securities investment funds and other financial instruments in the PRC domestic market. (3) The Measures strengthen the entrustees’ independent management obligation and require the entrustees to establish investment portfolios according to the characteristics of insurance funds, entrusted investment guidelines, etc., independently conduct risk assessment and complete investment decision-making process, actively manage the selection of investment targets, investment timing and post-investment management, and assume compliance management responsibility for investment operation. (4) The Measures clarify the prohibited activities of insurance funds entrustment as follows:
保险公司开展委托投资,不得有下列行为:1)妨碍、干预受托人正常履行职责,包括违反委托投资管理协议或委托投资指引对投资标的下达交易指令等;2)要求受托人提供其他委托人信息;3)要求受托人提供最低投资收益保证;4)非法转移利润或者进行其他利益输送;5)利用受托人违规开展关联交易;6)国家有关法律法规和监管规定禁止的其他行为。
An insurance company entrusting investment to an entrustee shall not: 1) obstruct or interfere with the entrustee’s normal performance of duties, including issuing trading instructions on investment targets in breach of the entrusted investment management agreement or the entrusted investment guidelines; 2) require the entrustee to provide information of any other client; 3) require the entrustee to provide a minimum investment income guarantee; 4) illegally transfer profits or make other transfers of benefits; 5) take advantages of the entrustee to conduct affiliated party transactions in violation of regulations; or 6) act in any other way that is prohibited by relevant laws, regulations or regulatory rules of the PRC.
受托人受托管理保险资金,不得有下列行为:1)违反委托投资管理协议或委托投资指引;2)承诺受托管理资产不受损失,或者保证最低收益;3)不公平对待不同资金,包括直接或间接在受托投资账户、保险资产管理产品账户、自有资金账户之间进行利益输送等;4)混合管理自有资金与受托资金;5)挪用受托资金;6)以保险资金及其投资形成的资产为他人提供担保;7)违规将受托管理的资产转委托;8)将受托资金投资于面向单一投资者发行的私募理财产品、证券期货经营机构发行的单一资产管理计划;9)为委托人提供规避投资范围、杠杆约束等监管要求的通道服务;10)利用受托资金为委托人以外的第三人谋取利益,或者为自己谋取合同约定报酬以外的其他利益;11)以资产管理费的名义或者其他方式与委托人合谋获取非法利益;12)国家有关法律法规和监管规定禁止的其他行为。
An entrustee having been entrusted to manage insurance funds shall not: 1) violate the entrusted investment management agreement or the entrusted investment guidelines; 2) undertake to manage the entrusted assets without any losses, or guarantee a minimum return; 3) treat different funds unfairly, including directly or indirectly transferring benefits among the entrusted investment account, insurance asset management product account, and self-owned fund account; 4) conduct mixed management of its own funds and the entrusted funds; 5) misappropriate the entrusted funds; 6) provide a guarantee for any other person using the insurance funds and the assets generated from the investment thereof; 7) sub-entrust the entrusted assets in violation of regulations; 8) invest the entrusted funds in private wealth management products released to a single investor, or single asset management plans issued by securities or futures operators; 9) provide channel services for the client to circumvent regulatory requirements for investment scope, leverage constraints, etc.; 10) use the entrusted funds to seek benefits for the third parties other than the client, or to seek benefits other than the agreed service fees under the contract; 11) conspire with the client to seek illicit benefits in the name of asset management fees or otherwise; or 12) act in any other way that is prohibited by the relevant laws, regulations or regulatory rules of the PRC.
3 关于加强保险机构资金运用关联交易监管工作的通知
Circular on Strengthening the Regulation of the Fund Use Type of Affiliated Transactions of Insurance Institutions
2022年5月27日,银保监会发布《关于加强保险机构资金运用关联交易监管工作的通知》,于发布当日生效。
On May 27, 2022, CBIRC published the Circular on Strengthening the Regulation of the Fund Use Type of Affiliated Transactions of Insurance Institutions, which took effect immediately.
强调保险机构主体责任。保险机构关联方不得干预、操纵资金运用,严禁利用保险资金进行违法违规关联交易。保险机构应当在公司章程和制度中明确规定股东(大)会、董事会、监事会、经营管理层等在资金运用关联交易管理中的职责分工。保险机构应当加强资金运用关联交易决策审批程序管理,严格执行决策审批流程、授权机制及回避机制,不得存在倒签、漏签、授权不符、未遵守回避原则等行为。保险机构应当在公司网站和中国保险行业协会网站发布资金运用关联交易信息披露公告,不得存在任何虚假记载、误导性陈述或重大遗漏。
Emphasizing the responsibilities of insurance institutions. The affiliated parties of an insurance institution should not interfere with or manipulate the use of funds, and are strictly prohibited from using insurance funds to carry out affiliated transactions in violation of laws and regulations. The insurance institutions should specify in their articles of association and internal rules the division of responsibilities among the shareholders (general) meeting, board of directors, board of supervisors, senior management, etc. in the management of the fund use type of affiliated transactions. Insurance institutions should strengthen the management of the decision-making and approval procedures for the fund use type of affiliated transactions, strictly implement the such procedures and the authorization and recusal mechanisms, and should not backdate, omit to sign, act beyond authorization or fail to recuse, etc. Insurance institutions should publish information disclosure announcements of the fund use type of affiliated transactions on their websites and the website of the Insurance Association of China, which should not contain any false record, misleading statement or material omission.
明确保险机构开展资金运用的禁止性行为。保险机构不得:(1)通过隐瞒或者掩盖关联关系、股权代持、资产代持、抽屉协议、阴阳合同、拆分交易、互投大股东等隐蔽方式规避关联交易审查或监管要求;(2)借道不动产项目、非保险子公司、第三方桥公司、信托计划、资管产品投资、银行存款、同业拆借,或其他通道、嵌套方式变相突破监管限制,为关联方或关联方指定方违规融资;(3)通过各种方式拉长融资链条、模糊业务实质、隐匿资金最终流向,为关联方或关联方指定方违规融资、腾挪资产、空转套利、隐匿风险等。
Specifying the prohibited activities of insurance institutions in the use of funds. Insurance institutions should not: (1) evade the review or regulatory requirements for affiliated transactions through concealing or covering up affiliated relationships, shareholding entrustment, asset-holding entrustment, under-the-table agreements, dual contracts, split transactions, mutual investment in large shareholders and other hidden means; (2) illegally finance their affiliated parties or parties designated by their affiliated parties by taking advantage of real estate projects, non-insurance subsidiaries, third-party companies as a bridge, trust schemes, asset management product investments, bank deposits, interbank lending, or by other channels or nesting means to bypass regulatory restrictions; and (3) elongate the financing chain, obscure the essence of business, and conceal the ultimate flow of funds by various means, so as to illegally finance their affiliated parties or parties designated by their affiliated parties, transfer assets, carry out arbitrage, hide risks, etc.
加强对违法违规关联交易的处罚。对违法违规股东及关联方,录入不良记录数据库、纳入不良股东名单、社会公开通报、限制或暂停关联交易、限制股东权利、责令转让股权、限制市场准入,督促或责令承担赔偿责任。对违法违规保险机构,逐次计算罚款金额,没收违法所得、限制业务范围、停止接受新业务、吊销业务许可证。对相关责任人特别是董事、监事、高级管理人员,警告、责令改正、记入履职记录并进行行业通报、罚款、撤销任职资格、禁止一定期限直至终身进入保险业,督促或责令承担赔偿责任。对违法违规情节严重、性质恶劣、屡查屡犯的保险机构和个人,从重处罚并进行行业通报和公开披露。
Strengthening punishments for affiliated transactions in violation of laws and regulations. Shareholders and their affiliated parties that violate laws or regulations will be recorded in the database of bad records, included in the black list of shareholders, publicized to the public, required to restrict or suspend affiliated transactions, restricted to exercise their shareholders’ rights, ordered to transfer equity, restricted to enter the market, and urged or ordered to bear liability for compensation. For any insurance institution that violates laws or regulations, the amount of fines will be calculated for each instance, its illegal gains will be confiscated, its business scope will be restricted, it will be stopped from accepting new business, and its business permit will be revoked. Relevant liable persons, especially directors, supervisors and senior executives, will be warned, ordered to make correction, recorded in their performance records and notified within the industry, fined, disqualified from their positions, prohibited from entering the insurance industry for a certain period of time or even permanently, and urged or ordered to bear liability for compensation. Insurance institutions and individuals with serious violations of laws and regulations, adverse nature, and repeated violations will be subject to severe penalties and notification and public disclosure within the industry.
4 关于规范和促进商业养老金融业务发展的通知
Notice on Regulating and Promoting the Development of Commercial Pension Financial Business
2022年4月28日,银保监会发布《关于规范和促进商业养老金融业务发展的通知》。通知主要包括四方面内容。商业养老金融是第三支柱的重要组成部分,通知对商业养老金融的业务规则作出原则性规定,支持银行保险机构开展个人养老金业务。
On April 28, 2022, CBIRC published the Notice on Regulating and Promoting the Development of Commercial Pension Financial Business. The Notice includes the following main contents. Commercial pension finance is an important part of the Third Pillar, the Notice makes principle provisions on the business rules of commercial pension finance and supports banking and insurance institutions to carry out individual pension business.
一是支持和鼓励银行保险机构依法合规发展商业养老储蓄、商业养老理财、商业养老保险、商业养老金等养老金融业务,向客户提供养老财务规划、资金管理、风险保障等服务。
Firstly, it supports and encourages banking and insurance institutions to develop commercial pension savings, commercial pension wealth management, commercial pension insurance, commercial pension annuity and other pension financial services in accordance with the law, and to provide clients with pension financial planning, fund management, risk protection and other services.
二是规定银行保险机构开展商业养老金融业务的基本标准和原则。产品期限符合客户长期养老需求和生命周期特点,并对资金领取设置相应的约束性要求;不得以期限结构化设计等方式变相缩短业务存续期限。
Secondly, the Notice stipulates the basic standards and principles for banking and insurance institutions to carry out commercial pension financial business. The product term should meet the clients’ long-term pension needs and life cycle characteristics, and set corresponding binding requirements for fund collection; the duration of business should not be shortened in a disguised form such as a structured term design.
三是强调银行保险机构要及时、准确、全面披露期限、费用、风险、权益等关键信息。商业养老理财产品不得宣传预期收益率。
Thirdly, the Notice emphasizes that banking and insurance institutions should timely, accurately and comprehensively disclose key information such as term, cost, risk, rights and interests. Commercial pension financial products should not publicize the expected rates of return.
四是对银行保险机构开展商业养老金融业务组织实施、管理机制、费用政策等方面提出了基本要求,并明确了不规范业务的清理安排。银行保险机构应当制定合理的商业养老金融发展规划,将长期经营效果纳入销售、投资、管理人员考核评价体系。通知要求对名称中带有“养老”但不符合通知规定的金融产品进行更名或清理,各银行保险机构法人应于2022年6月30日前向其直接监管的监管部门报送整改情况。
Fourthly, the Notice has put forward basic requirements on the organization and implementation, management mechanism, expense policy and other aspects of carrying out commercial pension financial business for banking and insurance institutions, and makes clear the arrangement for clearing up non-standard businesses. Banking and insurance institutions should formulate a reasonable development plan for commercial pension finance, and incorporate the long-term operating results into the evaluation system for sales, investment and management personnel. The Notice requires that the name of the financial products with “Yanglao” (pension) in the name but not in line with the provisions of the Notice should be renamed or cleaned up, and each banking and insurance institution should submit the rectifications to the regulatory authority under their direct supervision by June 30, 2022.
5 关于进一步便利境外机构投资者投资中国债券市场有关事宜
Matters Concerning Further Facilitating Foreign Institutional Investors’ Investments in China's Bond Market
2022年5月27日,中国人民银行(”央行”)、中国证券监督管理委员会(”证监会”)、国家外汇管理局(”外管局”)联合发布了《关于进一步便利境外机构投资者投资中国债券市场有关事宜》(央行、证监会、外管局公告[2022]第4号,简称”4号公告”),自2022年6月30日起施行。4号公告按照以”同一套标准、同一套规则“建立中国债券市场的原则,明确了境外机构投资者投资中国债券市场的准入标准、投资范围、资金托管与结算、数据报送等事宜。
On May 27, 2022, the People's Bank of China (“PBOC”), the China Securities Regulatory Commission (“CSRC”), and the State Administration of Foreign Exchange (“SAFE”) jointly issued an announcement on the “Matters Concerning Further Facilitating Foreign Institutional Investors’ Investments in China's Bond Market” ([2022] No.4 Announcement of PBOC, CSRC and SAFE, the “Announcement”). The Announcement came into force on June 30, 2022. The Announcement clarifies the standards of market access, scope of investment products, custody and settlement, data reporting, etc., concerning foreign institutional investors’ investments in the China bond markets, aiming to unify trading standards and rules across different markets.
4号公告主要规定如下:
Key provisions of the Announcement:
(1)境外机构投资者的范围,包括境外央行或货币当局、国际金融组织、主权财富基金(”主权类机构”),境外商业银行、保险公司、证券公司、基金管理公司、期货公司、信托公司及其他资产管理机构等各类金融机构,以及养老基金、慈善基金、捐赠基金等中长期机构投资者(”商业类机构”)。
Types of eligible foreign institutional investors include overseas central banks or monetary authorities, international financial institutions and sovereign wealth management funds (“Sovereign Institutions”), foreign commercial banks, insurance companies, securities companies, fund management companies, futures companies, trust companies and other types of asset management companies and financial institutions, and pension funds, charity funds, endowment funds and other medium- and long-term institutional investors (“Commercial Institutions”).
(2)境外机构投资者应符合的条件。境外机构投资者需依法设立、治理结构健全、资金来源合法、具备风险识别和承担能力,且近三年未因债券投资违法违规受到重大处罚等。
Requirements for foreign institutional investors. Foreign institutional investors have to be duly established, must have sound corporate governance, lawful source of funding, and capabilities to identify and assume investment risks, and must not have received material penalties from regulatory authorities during the past three years for any violation of laws or regulations in bond investments.
(3)投资方式。4号公告允许获准进入银行间债券市场(”CIBM”)的境外机构投资者,以直接或通过互联互通方式投资交易所债券市场。国内债券市场分为CIBM和交易所市场。目前,境外机构投资者已可以通过QFII/RQFII、CIBM直接投资以及债券市场互联互通三种方式投资CIBM,但投资交易所债券市场只能通过QFII/RQFII。根据4号公告,境外机构投资者如已获得CIBM准入,也可以直接或通过互联互通投资交易所债券市场。
Investment channels. Pursuant to the Announcement, foreign institutional investors who have been granted access to the China Interbank Bond Market (“CIBM”) are permitted to invest in bonds traded on stock exchanges directly or through a connect mechanism. Bonds are traded in China on the CIBM and the stock exchanges. Currently, foreign institutional investors can participate in CIBM through QFII/RQFII, CIBM Direct and Bond Connect, but they can only invest in exchange-traded bonds through QFII/RQFII. The Announcement allows foreign institutional investors who have access to CIBM to invest in exchange-traded bonds through CIBM Direct or Bond Connect.
(4)投资范围。4号公告允许境外机构投资者投资债券现券、债券借贷、以风险管理为目的的相关衍生产品、开放式债券指数证券投资基金等。4号公告允许境外机构投资者将QFII/RQFII项下的债券以及托管账户内的资金,与根据4号公告所投资的债券以及开立的账户内的资金,以非交易过户方式进行双向划转。
Investment scope. Under the Announcement, spot trading, bond borrowing and lending, investments in derivatives for risk management purposes and open-end bond index funds, etc., are permitted. The Announcement allows non-trading transfer of bonds and cash from custody accounts under the QFII/RQFII to the accounts opened under the Announcement, and vice versa.
(5)投资备案。主权类机构需向中国人民银行提交申请,商业类机构需向中国人民银行上海总部提交申请,且4号公告允许以电子化方式提交材料。
Investment filing. Sovereign Institutions should file the applications for investments under the Announcement with PBOC, and Commercial Institutions should file the applications with the Shanghai Head Office of PBOC. The Announcement allows electronic filings.
(6)托管结算。境外机构投资者可以在债券登记结算机构直接开立债券账户,也可以直接或通过其境外托管银行,委托符合条件的境内托管银行进行债券托管。
Custody and settlement. Foreign institutional investors can open bond accounts at the bond depository and clearing institution or can appoint or have their overseas custodian banks appoint qualified domestic custodian banks for bond custody.
(7)数据报送。境外托管银行应当向境内托管银行按时上报境外机构投资者信息和其托管结算数据。交易所、境内外托管银行、债券登记结算机构应记录并定期向中国人民银行上海总部报送境外机构投资者的交易、托管、结算等数据。
Data reporting. Overseas custodian banks should report to the domestic custodian banks information regarding foreign institutional investors and their custody and settlement data promptly. Stock exchanges, overseas and domestic custodian banks and depository and clearing institutions should record trading, custody and settlement data of foreign institutional investors and report periodically to the Shanghai Head Office of PBOC.
6 数据出境安全评估办法
Security Assessment Measures for Cross-border Data Transfer
2022年7月7日,国家互联网信息办公室(“国家网信办”)颁布了《数据出境安全评估办法》(“《办法》”)。《办法》规定了数据出境安全评估的范围、流程和内容等。
On July 7, 2022, the Cyberspace Administration of China (“CAC”) promulgated the Security Assessment Measures for Cross-border Data Transfer (the “Measures”), which provides for the scope, procedures and focuses, etc. of the security assessment of cross-border data transfers.
1. 合规和整改截止日期
Compliance and Rectification Deadline
《办法》将于2022年9月1日起施行。已经开展的不符合《办法》规定的数据出境活动,应当在《办法》施行后6个月内完成整改(即2023年2月末)。违反《办法》规定的数据出境活动,依据《中华人民共和国网络安全法》《中华人民共和国数据安全法》《中华人民共和国个人信息保护法》等法律法规处理;构成犯罪的,依法追究刑事责任。
The Measures will come into force on September 1, 2022. Ongoing cross-border data transfers that are not in compliance with the Measures are required to be rectified within 6 months thereafter (i.e., by end of February 2023). Cross-border data transfers in violation of the Measures will be subject to penalties in accordance with the PRC Cybersecurity Law, the PRC Data Security Law, the PRC Law on Protection of Personal Information and other laws and regulations, and criminal liabilities may be pursued if a crime is committed.
2. 数据出境活动的含义
Meaning of Cross-border Data Transfer
根据国家网信办就《办法》相关问题的答记者问,《办法》所称的数据出境活动主要包括 (i) 数据处理者将在中国境内运营中收集和产生的数据传输、存储至境外,以及 (ii) 数据处理者将收集和产生的数据存储在中国境内,境外的机构、组织或个人访问或调用。
According to the CAC’s media Q&A on the Measures, the cross-border data transfers referenced in the Measures mainly include (i) data processors transferring and storing abroad the data collected or generated from PRC domestic operations, and (ii) data processors storing the collected or generated data within the PRC, but allowing overseas institutions, organizations or individuals to visit or utilize the data.
3. 国家网信部门安全评估的范围
Scope of Security Assessment by Cyberspace Regulatory Authority
数据出境有下列情形之一的,应向国家网信部门申报数据出境安全评估:
Cross-border data transfers involving any of the following circumstances will be subject to a security assessment by the cyberspace regulatory authority:
(1)数据处理者向境外提供重要数据,《办法》将重要数据定义为一旦遭到篡改、破坏、泄露或者非法获取、非法利用等,可能危害国家安全、经济运行、社会稳定、公共健康和安全等的数据;
provision of important data abroad by data processors; important data meaning those data, once altered, destroyed, leaked, or illegally obtained or used, that may harm national security, economic operation, social stability, public health and safety, etc.;
(2)关键信息基础设施运营者和/或处理100万人以上个人信息的数据处理者向境外提供个人信息;
provision of personal information abroad by data processors that are critical information infrastructure operators (CIIOs) and/or data processors that process the personal information of 1 million or more individuals;
(3)自上年1月1日起累计向境外提供10万人个人信息或者1万人敏感个人信息的数据处理者向境外提供个人信息;敏感个人信息,根据中国个人信息保护法的规定,是指一旦泄露或者非法使用,容易导致自然人的人格尊严受到侵害或者人身、财产安全受到危害的个人信息,包括生物识别、宗教信仰、特定身份、医疗健康、金融账户、行踪轨迹等信息,以及不满十四周岁未成年人的个人信息;或
provision of personal information abroad by data processors that have transferred abroad either the personal information of an aggregate of 100,000 or more individuals, or sensitive personal information of an aggregate of 10,000 or more individuals, since January 1 of last year; sensitive personal information means, according to the PRC Law on Protection of Personal Information, the personal information that, once leaked or illegally used, may easily cause harm to the dignity of natural persons, or endanger the personal or property security, including information on biometric characteristics, religious beliefs, specially-designated status, medical health, financial accounts, individual location tracking, etc., as well as the personal information of minors under the age of 14; or
(4)国家网信办规定的其他情形
other circumstances specified by the CAC.
4. 国家网信部门安全评估前的风险自评估
Self-assessment of Risks before Security Assessment by Cyberspace Regulatory Authority
《办法》要求数据处理者在向国家网信部门申报安全评估前,开展数据出境风险自评估,重点评估的事项如下:
The Measures require data processors to conduct a self-assessment of risks related to cross-border data transfers before applying for the security assessment by the cyberspace regulatory authority. The self-assessment should focus on the following items:
(1)数据出境和境外接收方处理数据的目的、范围、方式等的合法性、正当性、必要性;
the legality, justifiability and necessity of cross-border data transfers and the purpose, scope and method, etc., of data processing by overseas recipients;
(2)出境数据的规模、范围、种类、敏感程度,数据出境可能对国家安全、公共利益、个人或者组织合法权益带来的风险;
the scale, scope, types and sensitivity of data to be transferred abroad, and the possible risks of such transfer to national security, public interest and the rights and interests of any individuals or organizations;
(3)境外接收方承担的责任义务,以及履行责任义务的管理和技术措施、能力等能否保障出境数据的安全;
whether the responsibilities and obligations undertaken by overseas recipients, and their corresponding managerial and technical measures and capabilities, can ensure security of the data to be transferred abroad;
(4)数据出境中和出境后遭到篡改、破坏、泄露、丢失、转移或者被非法获取、非法利用等的风险,个人信息权益维护的渠道是否通畅等;
the risks of the data being altered, destroyed, leaked, lost, transferred or illegally obtained or used during or after cross-border data transfers, and the effectiveness of channels for the individuals to safeguard their rights and interests to their personal information;
(5)与境外接收方拟订立的合同或者其他法律文件是否充分约定了数据保护的责任和义务;以及
whether the contracts or other legal documents to be entered into with overseas recipients have adequately provided for data protection responsibilities and obligations; and
(6)其他可能影响数据出境安全的事项。
other items that may impact the security of cross-border data transfers.
5. 国家网信部门的安全评估
Security Assessment by Cyberspace Regulatory Authority
国家网信部门将在数据处理者完成风险自评估后进行安全评估。国家网信部门评估的主要程序如下:
The security assessment will be conducted by the cyberspace regulatory authority after data processors complete their self-assessment of risks. The main procedures for the assessment by the cyberspace regulatory authority are as follows:
(1)数据处理者应向省级网信部门提交申报材料(包括书面申报书、自评估报告、数据处理者与境外接收方拟订立的法律文件等),省级网信部门应当自在5个工作日内进行齐备性查验,如果申报材料齐全,应报送国家网信办;国家网信办应自收到申报材料之日起7个工作日内,书面通知数据处理者是否受理申报。
data processors should submit an application package (including a written application, a self-assessment report, the legal documents between data processors and overseas recipients, etc.) to provincial-level cyberspace regulatory authorities, which should conduct a completeness check within 5 working days, and, if the application package is complete, should pass it on to the CAC; and the CAC will notify the data processors in writing within 7 working days thereafter about whether to accept the application.
(2)国家网信办受理申报后,将组织国务院有关部门、省级网信部门和专门机构等进行安全评估。
after its acceptance of an application, the CAC will organize a security assessment involving other relevant ministries, provincial-level cyberspace regulatory authorities, and professional institutions, etc.
(3)国家网信部门应当在45个工作日内完成安全评估;情况复杂或者需要补充、更正材料的,可以适当延期并告知数据处理者预计延长的时间。
the CAC is required to complete the security assessment within 45 working days, but can extend the timeline if the cases are complicated or additional or amended materials are necessary, in which event the CAC should notify data processors of the expected timeline.
(4)数据处理者将被书面通知评估结果,评估结果的有效期为2年。数据处理者可以在收到评估结果后15个工作日内向国家网信办申请复评。复评结果为最终结论。
data processors will be notified in writing of the assessment result, which will remain valid for two years. Data processors can apply to the CAC for a re-assessment within 15 working days after receiving the assessment result. The re-assessment result will be final.
(5)评估结果有效期届满,数据处理者需要继续开展数据出境活动的,应当在有效期届满60个工作日前重新申报评估。
data processors should file an application for an assessment again at least 60 working days before the expiry of the assessment result, if they will continue to transfer data abroad.
(6)如下事项出现变更时,数据处理者应当重新申报评估:a)向境外提供数据的目的、方式、范围、种类和境外接收方处理数据的用途、方式发生变化,影响数据安全的,或者延长个人信息和重要数据境外保存期限的;或者b)境外接收方所在国家或者地区数据安全保护法律、法规、政策和网络安全环境发生变化以及发生其他不可抗力情形,或者数据处理者或境外接收方实际控制权发生变化,或者数据处理者与境外接收方法律文件变更等影响出境数据安全的。
the data processors should file an application for an assessment again under any of the following circumstances: a) a change that may impact the data security occurs to the purposes, methods, scope or types of the data transfer or to the purposes and methods of data processing by overseas recipients, or the duration is extended of overseas storage of personal information and critical data; or b) a change occurs to the local laws, regulations and policies related to data security and protection or to the cybersecurity environment in the countries or regions of overseas recipients, a force majeure event occurs, a change of actual control occurs to data processors or overseas recipients, or a change occurs to legal documents between data processors and overseas recipients, if in any such case the security of the data to be transferred abroad may be affected.
数据出境安全评估重点评估数据出境活动可能对国家安全、公共利益、个人或者组织合法权益带来的风险,主要包括以下事项:
The security assessment of cross-border data transfers will focus on the possible risks of cross-border data transfers to national security, public interest and the lawful rights and interests of individuals and organizations, and will mainly cover the following items:
(1)数据出境的目的、范围、方式等的合法性、正当性、必要性;
the legality, justifiability and necessity of the purpose, scope and method, etc., of cross-border data transfers;
(2)境外接收方所在国家或者地区的数据安全保护政策法规和网络安全环境对出境数据安全的影响;境外接收方的数据保护水平是否达到中国法律、行政法规的规定和强制性国家标准的要求;
the impact on the security of data to be transferred abroad of the local laws, regulations and policies related to data security and protection and of the cybersecurity environment in the countries or regions of overseas recipients; whether the data protection level of overseas recipients satisfies the requirements of PRC laws, administrative regulations and mandatary national standards;
(3)出境数据的规模、范围、种类、敏感程度,出境中和出境后遭到篡改、破坏、泄露、丢失、转移或者被非法获取、非法利用等的风险;
the scale, scope, types and sensitivity of data to be transferred abroad, and the risks of data being altered, destroyed, leaked, lost, transferred or illegally obtained or used during or after cross-border data transfers;
(4)数据安全和个人信息权益是否能够得到充分有效保障;
whether data security and personal information rights and interests can be adequately and effectively safeguarded;
(5)数据处理者与境外接收方拟订立的法律文件中是否充分约定了数据安全保护责任义务;
whether legal documents to be entered into between data processors and overseas recipients have adequately provided for data security and protection responsibilities and obligations;
(6)遵守中国法律、行政法规、部门规章情况;以及
status of compliance with PRC laws, regulations and regulatory rules; and
(7)国家网信办认为需要评估的其他事项。
other matters deemed necessary to be assessed by the CAC.
参与安全评估工作的相关机构和人员对在履行职责中知悉的国家秘密、个人隐私、个人信息、商业秘密、保密商务信息等数据应当依法予以保密,不得泄露或者非法向他人提供、非法使用。
The entities and individuals participating in the security assessment should keep confidential the state secrets, personal privacy, personal information, trade secrets, confidential business information and other data made known to them during the security assessment, and should not leak, illegally provide to others or illegally use such data.
6. 数据出境的法律文件
Legal Documents concerning Cross-border Data Transfer
《办法》要求数据处理者与境外接收者之间的合同等法律文件明确其数据安全责任和义务,至少应包括以下内容:
The Measures require the contracts and other legal documents between data processors and overseas recipients to specify their responsibilities and obligations for data security, which should at least cover the following items:
(1)数据出境的目的、方式和数据范围,境外接收方处理数据的用途、方式等;
the purposes and methods of cross-border data transfers and the scope of data to be transferred abroad, and the purposes, methods, etc., of the data processing by overseas recipients;
(2)数据在境外保存地点、期限,以及达到保存期限、完成约定目的或者法律文件终止后出境数据的处理措施;
the location and duration of overseas storage of the data, and the measures for handling the data upon the expiry of the duration of storage, fulfilment of the agreed purpose and termination of the legal documents;
(3)对于境外接收方将接收到的数据转移给其他组织和/或个人的约束性要求;
restrictions on overseas recipients’ transfer of the received data to other organizations and/or individuals;
(4)境外接收方在实际控制权或者经营范围发生实质性变化,或者所在国家、地区数据安全保护政策法规和网络安全环境发生变化以及发生其他不可抗力情形导致难以保障数据安全时,应当采取的安全措施;
security measures to be taken in the event that: a) a material change occurs to the actual control or scope of business of the overseas recipient, b) a change occurs to local laws, regulations and policies related to data security and protection or to the cybersecurity environment in the countries or regions of the overseas recipient, or another force majeure event occurs, which makes it difficult to ensure data security;
(5)违反法律文件约定的数据安全保护义务的补救措施、违约责任和争议解决方式;以及
remedies, liabilities and dispute resolution for a breach of the data security protection obligations agreed in legal documents; and
(6)出境数据遭到篡改、破坏、泄露、丢失、转移或者被非法获取、非法利用等风险时,开展应急处置的要求和个人维护其个人信息权益的途径。
requirements for emergency responses in the event that the data transferred overseas are at risk of being altered, destroyed, leaked, lost, transferred or illegally obtained or used, and channels for individuals to safeguard their rights and interests to their personal information

技术驱动法律,专业成就未来