On May 19, the Financial Times broke the story that earlier this year, Morgan Stanley issued iPhones and iPads to over 300 employees across its Hong Kong investment banking team—ranging from junior analysts to managing directors—for use during business trips to mainland China. According to five people familiar with the matter, these devices have limited functionality; only work-related email and online meeting apps are accessible. The bank provided no explanation for implementing this policy, which currently applies solely to trips to mainland China and does not affect daily operations in Hong Kong. Reuters also confirmed these arrangements based on sources directly informed of them. Morgan Stanley declined to comment. As one of the leading underwriters for Chinese companies listing in Hong Kong, the bank’s Hong Kong investment banking team frequently travels to mainland China for client meetings and due diligence—one Hong Kong banker noted he made five such trips to multiple cities in April alone.
This move is quite unusual; similar data security measures typically apply only to U.S.-based executives traveling to China, rather than teams already stationed in Hong Kong. Interviews conducted by the Financial Times revealed that employees at Goldman Sachs and JPMorgan reported having no comparable policies regarding dedicated devices for trips to mainland China. Against this backdrop, both China and the United States increasingly view cross-border data flows as a national security issue: China’s Cybersecurity Law and Personal Information Protection Law (PIPL) impose strict restrictions on local data storage and cross-border transfers, while U.S. security concerns continue to mount. By extending its dedicated device policy to its entire Hong Kong investment banking team, Morgan Stanley is viewed as taking another step in adapting to the ongoing competition between China and the U.S. over data sovereignty.