On April 7, the Beijing securities regulatory bureau announced the decision to take regulatory measures to order capital securities to make corrections.
On May 18, 2021, the centralized trading system of capital securities was partially interrupted, affecting the trading time for about 20 minutes, reaching the standard of major information security events. Afterwards, it was found that the relevant personnel of the Information Technology Department of capital securities deleted the relevant log and database information during the emergency disposal process and did not backup it, so it was always unable to determine the real cause of the information security incident. The company did not truthfully report the improper emergency treatment in the first report.
Capital Securities responded to the Chinese reporter of the securities firm that the company attached great importance to the incident. After the incident, the company immediately established an emergency disposal and rectification working group and completed the self-examination and rectification of the accident at the request of Beijing Securities Regulatory Bureau. Next, the company will conduct a comprehensive self-examination of the information system in accordance with the relevant requirements of Beijing Securities Regulatory Bureau, strengthen the security management of the information system and the training of information technology personnel, improve the operation and maintenance ability of the information system, and try to prevent the recurrence of such events.
Capital Securities: strive to prevent similar events from happening again
The Beijing Securities Regulatory Bureau said that the above problems reflect the defects in the information security management and information security incident response of the first securities, and violate the relevant provisions of Articles 36 and 54 of the measures for the administration of information technology of securities fund operating institutions (Order No. 152 of the CSRC).
According to the provisions of Article 29 of the measures for the reporting, investigation and handling of information security incidents in the securities and futures industry and Article 57 of the measures for the administration of information technology of securities fund operating institutions, Beijing Securities Regulatory Bureau decided to take administrative regulatory measures for capital securities to order rectification.
Capital securities should conduct a comprehensive self-examination on information security related issues, effectively improve the system operation and maintenance guarantee ability and troubleshooting ability, improve the information security emergency handling mechanism, strengthen the training of information technology personnel, ensure their ability to perform their duties and prevent similar problems from happening again.
Capital Securities told reporters that the trading system failure of the company belongs to an accidental accident, and there are indeed inexperienced places in the processing process. After the accident, the company’s senior management attached great importance to it, actively cooperated with the regulatory requirements, conducted strict internal inspection, took the initiative to deal with and implement the regulatory requirements, continuously improved the internal control system, optimized business processes, strengthened training and education, improved employees’ compliance awareness, and strive to prevent similar events from happening again.
“The scope of this incident is limited, and the company will learn a lesson. At present, the company’s operation and management are normal, and all work is progressing normally.” Capital Securities told reporters.
securities trading system failures occur frequently
Recently, there was also a failure in the trading system of a securities firm.
After the opening on March 14, netizens successively reported that the China Merchants Securities Co.Ltd(600999) trading system had system failures, including problems such as the transaction page could not be closed and could not be withdrawn.
On March 15, China Merchants Securities Co.Ltd(600999) responded that the failure of the previous day was due to the processing delay of the centralized transaction return system, which led to some customers’ failure to receive the transaction return information in time and the cancellation transaction was affected. “We immediately mobilized resources for emergency troubleshooting, repeated verification and testing, the fault has been eliminated, and the system service has returned to normal”.
On April 2, China Merchants Securities Co.Ltd(600999) received the administrative supervision letter from Shenzhen Securities Regulatory Bureau. In the announcement, Shenzhen securities regulatory bureau pointed out that China Merchants Securities Co.Ltd(600999) the problems in the aforementioned network security incidents violated the relevant provisions of the measures for the administration of information security of securities and futures industry and the measures for the administration of information technology of securities fund operating institutions.
Specifically, Article 22 of the measures for the administration of information security in the securities and futures industry shall be fully demonstrated and tested when core institutions and operating institutions carry out construction projects such as new construction, upgrading, change and replacement of information systems. Article 32.1 the core institutions and operating institutions shall establish an information security emergency response mechanism, deal with emergencies in a timely manner, restore the normal operation of the information system as soon as possible, and report in accordance with the provisions, without delay, omission, concealment, etc.
Therefore, Shenzhen Securities Regulatory Bureau decided to take administrative supervision measures to order China Merchants Securities Co.Ltd(600999) to make corrections, requiring it to further strengthen the overall planning of the construction of important information systems, fully understand the system architecture and internal operation mechanism, strengthen the management of R & D, testing, launch, upgrading, change and operation and maintenance, improve the emergency response mechanism, ensure the professional ability and quantity allocation of personnel in key positions, and ensure the safe and stable operation of the information system.
Meanwhile, China Merchants Securities Co.Ltd(600999) shall also investigate the internal responsibility of the personnel responsible for the incident, complete the above rectification work within 3 months and submit the rectification report to Shenzhen Securities Regulatory Bureau.
increase investment in information technology
The reporter found that up to now, more than 20 listed securities companies have disclosed information technology investment in the annual report, and the overall data continues to grow rapidly compared with the same period last year. Of which Huatai Securities Co.Ltd(601688) totally invested 2.228 billion yuan, continuing to lead the industry. At the same time, the information technology investment of China International Capital Corporation Limited(601995) , China Merchants Securities Co.Ltd(600999) , Haitong Securities Company Limited(600837) , China Securities Co.Ltd(601066) and China Securities Co.Ltd(601066) listed securities companies also exceeded 1 billion yuan, namely 1.346 billion yuan, 1.192 billion yuan, 1.176 billion yuan and 1.093 billion yuan.
However, it is worth noting that although Guotai Junan Securities Co.Ltd(601211) securities and Citic Securities Company Limited(600030) did not disclose the amount of information technology investment in 2021, the data of China Securities Association showed that in 2020, the information technology investment of the two securities companies was 1.398 billion yuan and 1.374 billion yuan respectively, second only to Huatai Securities Co.Ltd(601688) .
In fact, securities companies pay more and more attention to information technology. Taking China Merchants Securities Co.Ltd(600999) as an example, the annual report data shows that there were 1141 information technology personnel in 2021, a year-on-year increase of 113% compared with 536 in 2020, far higher than 366 in 2019. From the perspective of the proportion of information technology personnel in the total staff, from 2019 to 2021, the proportion was 4.19%, 5.81% and 9.5% respectively, which fully shows China Merchants Securities Co.Ltd(600999) ‘s attention to it talent recruitment.
In terms of investment amount, in 2021, China Merchants Securities Co.Ltd(600999) information technology investment was 1.192 billion yuan, accounting for 6.32% of the parent company’s operating revenue in 2020. In 2020 and 2019, its information technology investment will be 994 million yuan and 653 million yuan respectively, with an average annual investment increase of 200300 million yuan.
