China urges US IPO-linked firms handy over management of information – business insurance
(Reuters) – Chinese regulators are considering urging data-rich companies to hand over the management and oversight of their data to third-party firms if they want US stock listings, sources said as part of Beijing's unprecedented scrutiny of private sector companies.
Regulators believe that engaging outside information security firms, ideally government sponsored, to manage and monitor the data of IPO hopefuls could effectively limit their ability to transfer Chinese onshore data overseas, one of the people said.
This would help allay Beijing's growing concerns that foreign listing could force such Chinese companies to share some of their data with foreign companies and undermine national security, the person added.
The plan is one of several proposals under scrutiny by Chinese regulators as Beijing has tightened its hold over the country's internet platforms in recent months, including efforts to tighten scrutiny of foreign listings.
The crackdown, which smashed stocks and severely hurt investor sentiment, specifically targeted unfair competition and how internet companies deal with vast amounts of consumer data after years of being more laissez-faire.
A final decision on the data handover plan of the IPO-tied companies is pending, the sources said, who declined to identify due to the sensitivity of the matter.
Regulators have discussed the plan with capital market participants, one of the sources said, in order to strengthen supervision of all Chinese offshore listed companies.
The IPO advisors hope that a formal framework for the data handover issue could be provided in September, the source said.
The China Securities Regulatory Commission and the Cyberspace Administration of China did not respond to faxed requests for comment.
Chinese regulators recently suspended plans to list companies overseas, particularly in the United States, pending new data security rules.
Last month, the CAC proposed a draft rule that would require companies with over 1 million users to undergo security audits before listing abroad.
The U.S. The Securities and Exchange Commission, which oversees US listings, did not immediately respond to a request for comment.
Beijing's data transfer plan comes as US politicians raise concerns that Chinese companies are violating US rules that require public companies to disclose a number of potential risks to their financial performance to investors.
"This is further proof that there are no private companies in the People's Republic of China – they are all under the control of the Chinese Communist Party," said Rep. Michael McCaul, Republican chief on the House Foreign Affairs Committee. in a statement.
"Any company doing business in the PRC has to answer to the CCP, which threatens investor transparency, consumer privacy and national security," he added.
A total of 37 Chinese companies have raised $ 12.6 billion via US exchanges so far this year, almost double the $ 6.6 billion year-over-year, according to Dealogic.
Plans to step up oversight of overseas-listed Chinese companies came days after Beijing launched a cybersecurity investigation into ride-hailing giant Didi Global Inc., which was valued at 4.4 after its listing on the US stock exchange Billion US dollars.
Didi is currently in talks with state-owned Westone Information Industry Inc. to handle its data management and monitoring activities, Reuters reported earlier this month.
Under the discussed plan, Westone could access Didi's servers across the country to track their data collection, usage, and transfers – which, according to the report, could effectively prevent the company's data from getting into the hands of a foreign company.
Didi said at the time that media reports about the transfer of control over the data were untrue.
The proposed restrictions on Didi could become a possible template for other data-rich Chinese companies looking to go public in the US, one of the people said.
Beijing's increasing sensitivity to the collection and use of onshore data is due to the fact that the top legislature passed a new law on Friday to protect the privacy of online users. It will implement the directive from November 1st.
In September, China will also implement its data protection law, which requires companies that process "critical data" to conduct risk assessments and submit reports to the authorities.
In recent years, the government has increasingly viewed user data as key to the country's financial and social stability, pushing tech giants like Ant Group, Tencent and JD.com to share consumer credit data to prevent excessive borrowing and fraud, Reuters reported in January .
Ant is also in the process of outsourcing its consumer credit data operations as part of the business overhaul to revive its public stock sales.