Morgan Stanley blocks remote network access for China interns
Morgan Stanley has blocked its interns in China from logging on remotely to the bank’s virtual network, as reported by the Financial Times.
The FT reports that the news comes “as foreign companies become increasingly concerned about Beijing’s tough cybersecurity rules”, despite China’s cybersecurity laws covering similar regulations to the EU’s General Data Protection Act (GDPR) or the EU Cybersecurity Act.
The Wall Street bank was basing its interns in China in its offices in the country, where 80% of its staff had returned to work, instead of giving them remote access to work from home, two people familiar with the situation tell the FT.
The interns were originally set to do virtual programmes like those at Morgan Stanley’s global peers, they say.
“The decision was linked to concerns about China’s cybersecurity regime,” says one of the people speaking anonymously.
“The potential vulnerability of the bank’s technology system in China was also a worry,” the other person adds.
Carly Ramsey, a Shanghai-based regulatory specialist at Control Risks, says: “There are generally really strong cyber security rules, with potentially severe penalties, and banks are clear targets for enforcement.”
She adds that companies might not want to train interns on the complex rules and then give them remote access in an unsupervised environment.
Companies were responsible for anything their system’s users did or posted that breached the rules. Interns working in companies that did not know the rules well, and who were operating without supervision in a work-from-home environment, posed particular risks, according to one lawyer speaking to the FT.
Morgan Stanley’s decision to deny remote access to its China-based interns makes it an outlier among its US peers.
People familiar with the situation said Goldman Sachs was offering remote access in China via the same authentication solution it used globally, which did not rely on virtual network access. Other large US banks including Citigroup and JP Morgan Chase were also offering remote access and virtual internships in China.
The pandemic has disrupted banks’ traditionally immersive internship programmes of eight to 10 weeks. Banks have been forced to move the majority of their global workforces out of their offices, including interns.
“We have been able to provide an in-person experience for our summer interns in China this year with the COVID-19 situation stabilising,” says a Morgan Stanley spokesman. He declined to comment on the role cyber security rules played in the decision or whether the bank had concerns about the security of its technology system.
One of the people familiar with Morgan Stanley’s situation tells the FT that, given the complexity of China’s cybersecurity laws, it did not make sense to bring interns on to the virtual network for only a couple of months.
According to another person, Morgan Stanley had become more focused on the vulnerability of its technology systems to bad actors in China and had decided against giving this year’s interns remote access several weeks before their 29 June start date.
Another large US bank said its systems in China were exposed to frequent cyber-attacks that were of “infinitely greater” magnitude than many other countries.
Goldman Sachs, Bank of America, JP Morgan and Citigroup all declined to comment on their approaches.