Half a month after the fault occurred, China Merchants Securities Co.Ltd(600999) received the administrative supervision letter from the supervisor.
According to the announcement issued by Shenzhen Securities Regulatory Bureau on April 2, China Merchants Securities Co.Ltd(600999) in the network security incident on March 14, 2022, there were some problems, such as imperfect change management, untimely and inadequate emergency disposal, so it decided to take administrative supervision measures to order China Merchants Securities Co.Ltd(600999) to make corrections.
it is worth noting that in recent years, many securities dealers are constantly strengthening their investment in information technology. Taking China Merchants Securities Co.Ltd(600999) as an example, its investment in information technology reached 1.192 billion yuan in 2021, an increase of 82.54% compared with 653 million yuan in 2019; At the same time, the number of its information technology personnel has reached 1141 in 2021, more than double that of 366 in 2019
transaction failure is concerned by regulators
After the opening on March 14, netizens successively reported that the China Merchants Securities Co.Ltd(600999) trading system had system failures, including problems such as the transaction page could not be closed and could not be withdrawn.
On March 15, China Merchants Securities Co.Ltd(600999) responded that the failure of the previous day was due to the processing delay of the centralized transaction return system, which led to some customers’ failure to receive the transaction return information in time and the cancellation transaction was affected. “We immediately mobilized resources for emergency troubleshooting, repeated verification and testing, the fault has been eliminated, and the system service has returned to normal”.
Shenzhen securities regulatory bureau pointed out in the announcement that the problems of China Merchants Securities Co.Ltd(600999) in the above-mentioned network security incidents violated the relevant provisions of the administrative measures for information security of securities and futures industry and the administrative measures for information technology of securities fund operating institutions. Specifically:
Article 22 in the measures for the administration of information security in the securities and futures industry, core institutions and operating institutions shall fully demonstrate and test the construction projects such as new construction, upgrading, change and replacement of information systems.
Article 32.1 the core institutions and operating institutions shall establish an information security emergency response mechanism, deal with emergencies in a timely manner, restore the normal operation of the information system as soon as possible, and report in accordance with the provisions, without delay, omission or concealment.
Article 22, paragraph 1, of the measures for the administration of information technology of securities fund operating institutions, if the important information system of securities fund operating institutions is launched or has major changes, it shall formulate a special implementation plan, and review, confirm and track the operation behavior of information system launch or change.
Article 36 Where a securities fund operating institution engages in securities fund business activities by means of information technology, it shall establish the organizational structure of information technology emergency management, determine important businesses and their recovery objectives, formulate emergency plans, allocate sufficient resources, handle information technology emergencies safely, and actively carry out emergency drills and the evaluation and improvement of information technology emergency management.
Article 42 A securities fund operating institution shall, in accordance with the relevant provisions of the CSRC, establish a hierarchical response mechanism for information security incidents, clarify the Internal Disposal workflow, and ensure that the relevant information systems resume operation in a timely manner.
Therefore, Shenzhen Securities Regulatory Bureau decided to take administrative supervision measures to order China Merchants Securities Co.Ltd(600999) to make corrections, requiring it to further strengthen the overall planning of the construction of important information systems, fully understand the system architecture and internal operation mechanism, strengthen the management of R & D, testing, launch, upgrading, change and operation and maintenance, improve the emergency response mechanism, ensure the professional ability and quantity allocation of personnel in key positions, and ensure the safe and stable operation of the information system.
Meanwhile, China Merchants Securities Co.Ltd(600999) shall also investigate the internal responsibility of the personnel responsible for the incident, complete the above rectification work within 3 months and submit the rectification report to Shenzhen Securities Regulatory Bureau.
information investment continues to increase
So far, a total of 21 listed securities companies have disclosed information technology investment in their annual reports, and the overall data continues to grow rapidly compared with the same period last year. Of which Huatai Securities Co.Ltd(601688) totally invested 2.228 billion yuan, continuing to lead the industry; At the same time, the information technology investment of China International Capital Corporation Limited(601995) , China Merchants Securities Co.Ltd(600999) , Haitong Securities Company Limited(600837) , China Securities Co.Ltd(601066) and China Securities Co.Ltd(601066) listed securities companies also exceeded 1 billion yuan, namely 1.346 billion yuan, 1.192 billion yuan, 1.176 billion yuan and 1.093 billion yuan.
However, it is worth noting that although Guotai Junan Securities Co.Ltd(601211) securities and Citic Securities Company Limited(600030) did not disclose the amount of information technology investment in 2021, the data of China Securities Association showed that in 2020, the information technology investment of the two securities companies was 1.398 billion yuan and 1.374 billion yuan respectively, second only to Huatai Securities Co.Ltd(601688) .
In fact, securities companies pay more and more attention to information technology. Taking China Merchants Securities Co.Ltd(600999) as an example, the annual report data shows that there were 1141 information technology personnel in 2021, a year-on-year increase of 113% compared with 536 in 2020, far higher than 366 in 2019. From the perspective of the proportion of information technology personnel in the total employees, from 2019 to 2021, the proportion was 4.19% respectively. 5.81% and 9.5%, which fully shows that China Merchants Securities Co.Ltd(600999) attaches importance to it talent recruitment.
In terms of investment amount, in 2021, China Merchants Securities Co.Ltd(600999) information technology investment was 1.192 billion yuan, accounting for 6.32% of the parent company’s operating revenue in 2020. In 2020 and 2019, its information technology investment will be 994 million yuan and 653% million yuan respectively, with an average annual investment increase of 200300 million yuan.
In the 2021 annual report, China Merchants Securities Co.Ltd(600999) said that during the reporting period, the company formulated the “14th five year plan” digital plan and completed the top-level design of financial technology and digital development. The second phase of its new generation core business system with cloud native architecture was successfully launched, and the third phase began trial operation, creating the industry’s first core transaction system with cloud native architecture, and taking the lead in using distributed database for core transaction history query.
