China’s top banking and insurance industry regulator is working on new rules designed to contain risks from financial institutions’ information technology (IT) outsourcing practices, Caixin learned.

The China Banking and Insurance Regulatory Commission (CBIRC) recently released for industry comment a set of proposed rules that would introduce new requirements for financial institutions’ hiring of IT outsourcing providers and management of related risks.

The draft rules stipulate that financial institutions retain in-house supervision of IT management, build their own capacity in key technologies, and enhance risk monitoring and oversight of outsourced IT operations, according to documents reviewed by Caixin.