In light of the status quo in market information safety, the Shanghai Stock Exchange (SSE) has recently issued the "Detailed Rules on Technical Management of Member's Trading and Related Systems" (hereinafter shortened as the "Detailed Rules on Technical Management") to implement the "Rules on Supervision over Securities Companies" and the "Rules on Risk Disposal of Securities Companies" as well as information safety requirements of the China Securities Regulatory Commission in securities and futures industries.
Ensure Safety of Securities Information Systems
At present, fully-electronic trading systems of China's securities market cover all segments of securities trading. A safe and stable securities market depends on safe securities information systems, which calls for safety of trading and relevant systems. However, a few members' trading and technical management are still weak in technical system capacity, system management and safety, response to bullish markets and treatment to disasters and emergencies. Members' trading activities are realized by connecting to the SSE through relevant technical systems, so whether their connecting systems are in line with the SSE's relevant technical standards and whether their technical management is satisfactory are essential to the normal operation of the SSE's trading system, the foundation of the whole securities market's safe operation. As an organizer of the securities market, the SSE has worked out the "Detailed Rules on Technical Management" to standardize members' safety management of technical systems, thus preventing market trading risks and strengthening members' technical safety management.
To introduce the SSE's effective management mode and flow in safe operation to its members, the "Detailed Rules on Technical Management" specifies the lowest standards of connecting members' systems of trading, market data, communication and backup to the SSE's system and raises the management requirements of members' daily operation such as safe operation, terminal connection, communication safety, emergency schemes and system tests, in hope of helping members further improve technical management standards and optimize information technology development plans.
Six Requirements to Improve Members' Technology Management
Rationalizing major problems in information safety on the current securities market and considering features of China's securities market, the "Detailed Rules on Technology Management" proposes some standardized requirements to the members' technology management. Firstly, members are required to establish scientific and reasonable systems of technology management organization and security guarantee, strengthen the construction of information technology governance structure and work out overall plans of business development and technology management.
Secondly, members should strengthen the construction of information technology management system and formulate management systems including system construction, safe operation, emergency treatment, data management and safety protection, and periodically check the systems' implementation.
Thirdly, members are supposed to establish an internal responsibility system of information safety and implement an accountability system of safety accidents according to the principles of "Personnel in charge take the responsibilities" and "Operators take the responsibilities". Fourthly, members are required to plan the information technology input and talents team construction in line with demands of business development. Fifthly, members should establish real-time monitoring systems, timely discovering and dealing with the technical malfunction and intrusive activities of hackers and lawbreakers. Sixthly, members are supposed to make compliance check, technology audit and periodical risk evaluation to trading and relevant systems as well as their safety management.
According to the SSE, after the promulgation of the "Detailed Rules on Technology Management", members should conduct an overall self-check to their information safety according to the Rules. Besides, heads of members, as the first responsible persons for information safety, are required to intensify their safety awareness and strengthen the technology management. In the future, the SSE will implement the "Detailed Rules on Technology Management" in members' internal technology management systems to ensure the safety and stableness of the securities market by carrying out on-spot inspections and driving members to reach the stipulated technology standards.