Morgan Stanley has barred its interns in China from remotely connecting to the bank’s virtual network, as foreign companies have grown concerned about Beijing’s strict cybersecurity rules.
China’s cybersecurity legal regime covers everything from how data is stored to the type of material used and what can be posted online, with stiff penalties for violators.
The Wall Street bank was installing its interns in China at its offices around the country, where 80% of its staff had returned to work, instead of giving them remote access to work from their homes, said two people close to the situation at the Financial Times. .
Trainees were originally expected to do virtual programs like those of Morgan Stanley’s global peers, they said.
The move was linked to concerns about China’s cybersecurity regime, one of the people said, speaking anonymously at a time when multinationals fear igniting already strained relations between China and the West. . The potential vulnerability of the bank’s technological system in China was also a source of concern, the other added.
Carly Ramsey, a Shanghai-based regulatory specialist at Control Risks, said the Chinese government is constantly releasing new regulations providing additional details on its 2017 cybersecurity law, including a June 1 regulation detailing how critical information infrastructures were subject to national security reviews. Banks were also subject to new industry-specific rules that came into effect this year on sharing customer data across borders.
“There are usually very strict cybersecurity rules, with potentially stiff penalties, and banks are clear targets for enforcement,” she said, adding that companies might not want to train interns on the rules. complexes and then give them remote access in an unsupervised environment. .
Businesses were responsible for anything that users of their system did or posted that broke the rules. Interns who were unfamiliar with companies and who worked unsupervised in a work-from-home environment presented particular risks, a lawyer said.
Morgan Stanley’s decision to deny remote access to its China-based interns makes it an outlier among its American peers.
People familiar with the situation have said that Goldman Sachs offers remote access in China through the same authentication solution used globally, which does not rely on virtual network access. Other major US banks, including Citigroup and JPMorgan Chase, also offered remote access and virtual internships in China.
Cyber security threats have been a key factor in the deterioration of relations between Washington and Beijing.
The pandemic has disrupted banks’ traditionally immersive internship programs lasting eight to ten weeks. Banks have been forced to move the majority of their global workforce out of their offices, including interns.
“We were able to provide a face-to-face experience for our summer interns in China this year with the Covid-19 situation stabilizing,” a Morgan Stanley spokesperson said. He declined to comment on the role of cybersecurity rules in the decision or if the bank had any concerns about the security of its technology system.
One person familiar with the Morgan Stanley situation told the FT that given the complexity of China’s cyber regime, it doesn’t make sense to bring interns to the virtual network for just a few months.
Morgan Stanley had focused more on the vulnerability of its technology systems to bad actors in China, another person said, and decided not to give this year’s interns remote access weeks before their June 29 start date. .
Another major US bank said its systems in China were exposed to frequent cyberattacks of “infinitely greater” magnitude than in many other countries.
Goldman Sachs, Bank of America, JPMorgan and Citigroup all declined to comment on their approaches.