Contributed By DaHui Lawyers
The year 2020 is a critical time for the development of the fintech market in China. If the key words in the first half are “the rise of the fintech giants and innovative business models”, then those in the second half are “to rebuild the rules and strengthen the compliance requirements by the regulators”. The failure of Ant Financial’s IPO is a clear message sent by the Chinese regulators. It appears that the regulators will continue to strengthen supervision in the fintech market in the coming years, while still encouraging innovation, especially in risk prevention in the long term. The prospects for the fintech market in China are still broad, with increasingly diversified market players. As new infrastructure has risen to the height of China’s national strategy, the deep integration of artificial intelligence, blockchain technology, cloud computing and big data will promote the development of fintech into a new stage. The business model may be reshaped so as to better serve the real economy and inclusive finance.
The current predominant business model of fintech in China is internet finance. The traditional financial institutions (eg, banks, securities firms, insurance companies, etc) and innovative internet companies (third-party payment service companies, internet lending service providers, etc) provide their financial products by using new hi-tech tools, eg, big data, cloud computing or even robotic process automation, to approach and serve their customers more efficiently and reduce their exposure to risk.
Like most of the countries in the world, China has not set up or appointed an independent supervisory authority for the regulation of the fintech industry.
Rather, the relevant businesses of the fintech industry, based on the specific attributes of corresponding financial services, are subject to the supervision of the traditional financial regulatory authorities. In particular, the China Banking and Insurance Regulatory Commission (CBIRC) is responsible for the supervision of fintech businesses that rely on services provided by commercial banks (eg, internet banking, internet lending, P2P lending, etc) and insurance companies (such as internet insurance), and services similar to these, even if provided by others. The China Securities Regulatory Commission (CSRC) is responsible for the supervision of fintech businesses that are related to investments in the securities markets, such as internet funds, internet securities, intelligent investment advisers, etc. The People's Bank of China (PBOC) is responsible for the supervision of fintech businesses related to the issuance, circulation and clearing/settlement of currencies, such as third-party payment services, digital currency, etc.
In addition, the local governments in China also play an important role in regulating the fintech industry. For P2P platforms and other “quasi-financial businesses” such as financing leasing, financing guarantee and factoring, the traditional financial regulatory authorities (ie, the CBIRC, CSRC and PBOC) usually will not be directly involved in regulation, but will delegate relevant regulatory authority to the local financial regulatory bureaus of local governments.
Following the principle of “separate supervision”, the PBOC plays a leading and co-ordinating role among the regulatory authorities in the supervision of the fintech industry, and controls the development direction and supervisory approach to the fintech industry from a more macroscopic perspective. For instance, the Guiding Opinions on Promoting the Healthy Development of Internet Finance (“Internet Finance Development Opinions”) issued in July 2015 by ten ministries led by the PBOC, as well as the Fintech Development Plan (2019–2021) issued by the PBOC in 2019, both provide macro guidance on the regulation and development of the fintech industry based on market practice at the time.
In order to regulate the development and application of fintech in the financial services industry, the Chinese government has issued a series of policies and regulations in recent years. The basic principle is that fintech should be used as a technical tool to promote the innovation and development of the financial services industry. The relevant policies and regulations mainly include the macro policies and the regulations for each subdivided field of the fintech industry (see below).
Major Macro Policies
The PBOC is responsible for leading the formulation of fintech’s macro policies in China. These are intended to provide guidelines and plans for the development of fintech:
Major Regulations in Subdivided Fields
The Chinese government has attached great importance to emerging technologies, especially for “cloud computing”, “internet plus”, “big data” and “artificial intelligence”. For each of the aforementioned technologies, the State Council has issued corresponding policies for guidance, mainly including:
With respect to the application of fintech in the financial services industry, the Chinese financial regulatory authorities have issued a series of rules which can be divided into three categories.
Regulations relating to the new business model developed by traditional financial institutions with fintech
These regulations are, for example: (1) for internet insurance business based on “Internet Plus”, the CBIRC issued the draft Original Insurance Interim Measures and the Insurance Supervision, which is expected to be officially issued in the near future to replace the Original Insurance Interim Measures; and (2) for the internet loans of commercial banks, the CBIRC issued the draft Interim Measures for the Administration of Internet Loans of Commercial Banks (Draft for Consultation).
Regulations relating to the new types of institutions utilising fintech
These regulations include : (1) for non-banking payment institutions, the PBOC promulgated the Administrative Measures for the Payment Services Provided by Non-financial Institutions in June 2010 and a series of rules and regulations regarding the payment services provided by non-financial institutions were issued later; and (2) for online lending information intermediary institutions, ie, P2P platforms, four Chinese government departments led by the China Banking Regulatory Commission (replaced by the CBIRC in April 2018) promulgated the Interim Measures for the Administration of the Business Activities of Online Lending Information Intermediary Institutions in August 2016 and a series of rules and regulations for rectifying the industry was issued later.
Regulations in relation to the common issues arising from the application of fintech
These include, for example: (1) for the data management of commercial banks, the CBIRC issued the Guidelines for the Data Management of Banking Financial Institutions in May 2018; and (2) for the protection of personal information, the Standing Committee of the National People’s Congress promulgated the Cybersecurity Law of the People’s Republic of China in November 2016, and the PBOC issued the Personal Financial Information Protection Technical Specification in February 2020.
In addition to the regulations listed above, the Chinese financial regulatory authorities have also promulgated myriad rules on particular financial service aspects, including online fund sales business, loan facilitation services, internet wealth management and digital currency.
It is worth noting that the PBOC issued a notice in December 2019, announcing that the first pilot scheme of fintech innovation supervision (ie, a sandbox regulatory mechanism) would be launched in Beijing. In April 2020, it was announced that the pilot scheme had been expanded to six regions, Shanghai, Chongqing, Shenzhen, Hebei Xiong’an New District, Hangzhou and Suzhou. Meanwhile, in April 2020, four Chinese government departments, led by the PBOC, issued the Opinions on Financial Support for the Construction of the Guangdong-Hong Kong-Macao Greater Bay Area, in which the mechanism “to study and establish a cross-border financial innovation regulatory ‘sandbox’” was proposed, and it is also the first time that the concept of “sandbox regulation” has been directly referred to in Chinese financial regulatory rules.
The following compensation models are observed in market practice:
In each compensation model, a clear rate of service charge must be notified to customers/users in advance, with a written or electronic record of charges provided later.
Legacy players, such as commercial banks, securities firms and insurance companies, are highly regulated in China. Chinese regulators are in the process of setting up a licensing system and adopting new regulatory models with respect to fintech industry participants in innovative practice areas. Take the third-party payment industry, for example: any fintech company involved in payment settlement business is required to obtain a third-party payment licence, compared with legacy players that are not required to do so to conduct payment business given that they are licensed to perform traditional banking services.
Regulatory sandboxes provide regulators with a controlled and supervised environment in which to test innovative products, services or business models without systematic risks. These trial projects form part of China’s Fintech Development Plan (2019–2021). The fintech regulatory trials test the best regulatory methods and provide corresponding space and system guarantees for fintech innovations based on the “regulatory sandbox” regulation model.
In mid-January 2020, the PBOC announced the first batch of trial applications in Beijing. In late April, the PBOC extended the sandbox experimental cities to Shanghai, Chongqing, Shenzhen, Hangzhou and Suzhou, as well as the Xiong’an New Area, a much-anticipated new economic zone. In July 2020, Guangzhou and Chengdu were included in the sandbox experimental cities by the PBOC. By the end of 2020, 70 projects were being tested in these nine sandbox experimental cities.
There is no single regulatory body responsible for the regulation of fintech products and services. Different fintech services and products are regulated by different regulatory bodies, such as the PBOC, CBIRC and CSRC. Other than these three major regulators, some other regulators are involved in certain particular situations, eg, the State Administration for Market Regulation (SAMR) and its local branches are in charge of fintech companies’ registration and normal business conduct; the Ministry of Industry and Information Technology (MIIT) and its local branches are in charge of regulating telecommunications-related services involved in the fintech industry; the Cyberspace Administration of China (CAC) is in charge of regulating network safety, data compliance and other relevant issues arising from internet data exchange and processing involved in the fintech industry; and the Ministry of Public Security (MPS) and its local branches are leading the fight against internet financial crimes.
Given that the financial industry is a highly regulated area in China, only a small number of non-material functions of China regulators are outsourced to relevant industry associations, such as the Payment & Clearing Association of China (PCAC), including self-discipline measures, launches of pilot programs and formulation of technical guidelines, standards or rules. Each relevant industry association, being authorised by the competent regulators, has its own charters, self-discipline conventions, rules and regulations governing all its members and their activities.
Different participants in the fintech industry may be subject to different kinds of liability. For fund administrators, the Securities Investment Law of the People’s Republic of China and the Provisional Rules on Supervision and Administration of the Private Equity Investment Fund ("PE Fund Rules") provide that the fund administrator should disclose material information that may have a substantial impact on the lawful interests of the investors, and should not withhold information or provide false information. The operators of any platform (eg, a financial research platform) are required to block, delete and report any improper, suspicious or unlawful behaviour, keep relevant records of such behaviour and report the same to the regulatory authorities.
In 2020, the Chinese government continued the campaign against irregularities in P2P lending and online small loans. The shutdown of most small-to-medium-sized players shows China’s concerns regarding the disorder of this market and the government's ability to enforce the law firmly and quickly. In addition, Chinese regulators curbed the “reckless” push of technology firms into finance, taking aim at a sector where lax oversight fuelled breakneck growth for companies such as Ant Group Co and Tencent Holdings Ltd’s Wechat Pay.
In October 2018, the PBOC, CBIRC and CSRC jointly issued the Anti-laundering and Anti-terrorism Financing Regulations on Internet Financial Institutions (for trial implementation), pursuant to which internet financial institutions shall access the Network Monitoring Platform developed by the PBOC, set up anti-money laundering departments, and report transactions involving large sums of money and dubious transactions through the Network Monitoring Platform.
On 2 January 2020, the SAMR issued the draft Amendment to the Anti-Monopoly Law, which sets forth the supervision of the underlying ecology of the entire digital economy.
On 13 February 2020, the PBOC issued the Financial Industry Standard Concerning the Effective Technical Management for Personal Financial Information Protection (“Standard”), aiming to fill the gaps between current law and practice. For example, the Standard provides that cross-border transfer of personal financial information is conditional on business necessity and a security assessment having been passed. The Standard specifies further detailed requirements for such cross-border transfer, eg, express consent from the data subject, the transferee’s ability to perform undertakings regarding data confidentiality and data deletion and assistance with fighting crime, as well as comprehensive protection requirements for personal financial information in all aspects of the life cycle, including collection, transmission, storage, use, deletion and destruction. Though the Standard is not mandatory, the regulators and Chinese enforcement authorities are likely to refer to the Standard in their investigational and enforcement work.
The National Internet Finance Association of China (NIFA) is recognised as the first nationwide self-regulatory organisation of the internet financial industry. NIFA’s requirements for its members may exceed those imposed by law. For example, NIFA released the Standards on Information Disclosure of Internet Finance: P2P Lending, pursuant to which, members of NIFA must disclose the required information to NIFA on a monthly basis.
On 30 December 2020, the Mobile Finance Committee of NIFA held its work meeting for 2020. At the meeting, NIFA introduced three key tasks in 2021, including:
Online customer-directing platforms for financial products are good examples of the conjunction of unregulated and regulated products. The sale of financial products through the internet is regulated, but the provision of product information is not regulated by financial regulators. In such business models, platform operators enter into co-operation or service agreements with financial product providers that are regulated. When clicking the button shown on the interface of platforms, users are redirected to the websites of the financial product providers or the display pages of the financial products. The financial product providers will pay the platform operators' commission or a technical service fee based on the agreement between them if users are successfully directed to the said websites/pages.
In practice, different local regulators have different attitudes towards this kind of business model, and it is uncertain as to whether this business model will be subject to regulation by financial supervision in the future. However, there is a trend for regulation in this regard to be tightened to prevent the sale of financial products by a technology company without a competent sales permit.
China-based robo-advisers tend to be more restricted, compared with robo-advisers in other jurisdictions. Robo-advisers in China typically provide portfolio recommendations, but the investment decisions ultimately have to be undertaken by users due to regulatory limitations.
Pilot Mutual Funds Advisory Scheme
China's pilot launch of a mutual funds advisory scheme in October 2019 may, however, ease this restriction. The scheme will allow asset managers and fund distributors to provide customised investment advice and maintain discretionary control over clients' investment portfolios, which will be constructed with publicly offered mutual funds. Robo-advisers operating under this scheme will therefore be allowed to execute trades automatically without requiring client consent each time, providing a more seamless experience for users.
The CSRC launched the scheme with the aim of promoting an alignment of interests between investors and fund distributors. Traditionally, China's asset management industry has been sales-oriented, as fund distributors generate revenue from transaction fees on the products they sell. This scheme will see a shift towards a fee-based advisory model, with providers charging a fee of no more than 5% of a client's net asset values in exchange for providing asset allocation services tailored to that customer's financial needs.
Banks, brokerages and internet start-ups have all been developing robo-advisory products in recent years. However, 2020 saw an increase in cases where legacy players started or expanded their co-operation with emerging technology companies focusing on providing robo-advisory solutions to clients, based on the application of big data, cloud computing and AI. For example, in May 2019, Shanghai Pudong Development Bank and Licaimofang, a domestic company focused on the business of intelligent wealth management, jointly developed a robo-advisory product called “G-DISCOVER”. As another example, in March 2019, the Bank of Nanjing, supported by PINTEC, a leading fintech service provider listed on NASDAQ, developed a new intelligent wealth investment product for its customers. With evolving industry practices, a larger diversity of robo-advisory services provided by legacy players may be expected in China.
Though the concept of robo-advisers was first acknowledged by regulators under the Guiding Opinions on Regulating the Asset Management Business of Financial Institutions jointly issued by the PBOC, CSRC, CBIRC and SAIF on 17 April 2018, to date China has not adopted any specific robo-adviser laws or regulations regarding the best execution of customer trades.
From a business perspective, different loan providers target different loan borrowers based on risk appetite. For example, online lending platforms operated by traditional commercial banks tend to issue loans to small business owners, while other online lending platforms, operated by non-bank entities (like Ant Financial or JD), tend to target individual borrowers, capitalising on different risk assessment methods, eg, certain online lending platforms have access to the online shopping history of individual borrowers, and use this to analyse their consumption curve changes and assess the potential risks.
From a legal perspective, however, there is no clear line drawn between individual borrowers or small business owner borrowers, as the Interim Measures for the Administration of the Business Activities of Online Lending Information Intermediary Institutions, jointly issued by the CBIRC, MIIT, CAC and MPS on 17 August 2016 (“Interim Measures of Online Lending Intermediaries”), has set the framework of regulation on online lending platforms without expressly categorising loans vis-à-vis individuals or entities.
Online lending platforms are generally considered as intermediaries that collect basic personal information about borrowers, categorise the information with repayment capacity and provide lenders with such standardised information. Paipai Dai is a leading company that adopts this business model.
Other underwriting models previously existed, eg, with platforms acting as guarantors, providing a guarantee on the repayment of loans, or as creditors, collecting proceeds from investors or repurchasing debt from individual lenders. However, these business models have been prohibited by the Interim Measures of Online Lending Intermediaries since 2016.
P2P lending refers to technology-based platforms that allow investors to participate as investors in loan assets, with a direct claim on payments of interest and repayments of principal. The platform itself has no claim on these payments, but instead earns fees for related services, including the assessment of credit risk, the matching of investors with borrowers, and the servicing of loans, including the collection and allocation of payments of interest and principal. There were less than 50 P2P lending companies left in China at the end of August 2020, down from a peak of 5,000 in 2017, after a two-year government crackdown on dodgy lenders.
Online lending platforms have been prohibited from being involved in the securitisation business since 2016, according to the Interim Measures of Online Lending Intermediaries, although they seek to circumvent such regulation in various ways.
With the concern that online lending platforms may engage in illegal fund-raising and misuse of proceeds, licences are required for various aspects of online lending, and co-operation with third-party institutions is restrained.
It is rare to see syndications used in the online lending business. The more common approach is for online lending firms to provide analyses of borrower information to be assessed by other participants, such as commercial banks, and such participants will provide funds for such borrowers in return.
Payment processors (eg, traditional commercials banks and innovative payment service providers like Alipay Pay and WeChat Pay) in China must use payment rails that are managed by certain licensed entities. Those payment processors are not allowed to create new payment rails on their own. Currently, available payment rails include the payment processing platforms managed by China UnionPay and China Nets Union. China UnionPay is a bridge connecting all sorts of banks. China Nets Union is an online payment clearing platform for non-bank payment institutions, mainly to provide unified and public payment clearing services for online payments. Since China Nets Union only serves as a clearing platform, it connects the licensed payment processors and the banking system.
Cross-border payments and remittance are highly regulated in China. The major regulators are the PBOC and the State Administration of Foreign Exchange (SAFE). The PBOC regulates cross-border payments in offshore RMB carried out by banks and licensed payment processors. SAFE regulates cross-border payments in foreign exchange carried out by banks and licensed payment processors (which obtain the special permit necessary to engage in foreign exchange cross-border payment businesses issued by SAFE).
Fund administrators are classified as those that manage publicly-offered funds (“Public Fund Administrators”) and those that manage private equity funds (“Private Fund Administrators”). Public Fund Administrators are subject to approval by the CSRC while Private Fund Administrators used to be subject only to registration/filing with the China Securities Investment Funds Association. The CSRC officially took responsibility to supervise and regulate Private Fund Administrators after the Interim Measures for the Supervision and Administration of Private Investment Funds came into effect in August 2014, which laid down the current regulatory system on private investment funds.
On 31 July 2020, the CSRC released the draft Measures for the Supervision and Administration of Publicly Offered Securities Investment Fund Managers. These new regulations mainly raise the financial requirements of fund company shareholders on the entry threshold and require long-term fund performance as a core assessment indicator in corporate governance. These revisions mainly focus on the following:
On 23 December 2019, the Asset Management Association of China (AMAC) released the Instructions for the Record-filing of Private Investment Funds, aiming to reinforce the requirements previously requested by the CSRC, issued in April 2018, and supplementing specific requirements of AMAC.
In China, fund advisers are purely advisory entities that give investment advice and do not have a responsibility to supervise fund administrators. Under the Securities Investment Law of the People’s Republic of China, the fund trustee is responsible for supervising the fund administrator. In 2020, the CSRC released the draft Administrative Measures on Securities Fund Investment Advisory Business, which sets out certain requirements for Chinese and foreign shareholders of securities fund investment advisers. More generally, it also prohibits securities fund investment advisers from providing advisory services in relation to securities, structured products, derivatives and other high-risk assets to investors other than professional investors. If a non-professional investor insists on receiving such services, the advisers should, among other things, keep records of all procedures in relation to such services if the services are rendered via the internet.
The current major trading platforms nationwide include the following:
The regulatory approach in China is functional regulation, under which different products and platforms are subject to differing supervision by regulators categorised with different asset classes. As set out in 7.1 Permissible Trading Platforms, various regulatory regimes are involved with respect to separate asset classes and services. In other words, multiple licences may be required if a financial services provider engages in business relating to several different types of asset classes. For example, for the sale of insurance, insurance broker licences are required, while for the securities and futures business, operating licences for securities and futures are required.
As an entirely new genre of intangible asset, the emergence of cryptocurrency calls for an upgrading of the technology used in the regulation and innovation of legal theories to incorporate cryptocurrency properly into the existing regulatory system. Uncertainty regarding cryptocurrency and consumer protection in the trading process, and concerns regarding anti-money laundering, have been the major issues addressed by the regulatory authorities.
In September 2017, China officially declared fund-raising through cryptocurrencies and initial coin offerings (ICOs) illegal and shut down platforms facilitating such trades. On 24 August 2018, the CBIRC, PBOC, MPS and two other cabinet-level authorities jointly issued the Notice on the Risks of Illegal Fund-Raising, which used the terms “cryptocurrency” and “blockchain” and warned investors of the risk of Ponzi schemes in such deals. However, the PBOC is moving quickly in researching and developing China’s own Central Bank Digital Currency (CBDC) in reaction to challenges that cryptocurrencies may bring about.
Pursuant to the Measures for the Administration of Initial Public Offerings and Listing of Stocks (2018 Amendment) issued by the CSRC and the relevant listing rules of the Shanghai Stock Exchange and Shenzhen Stock Exchange, there are no IPO requirements specifically for fintech companies. However, certain general standards apply for an IPO of a fintech company, eg, there must have been no major change regarding an issuer's ultimate controller, main business, directors or senior managers within the last three years; the total share capital of the issuer prior to the IPO must be no less than CNY30 million; certain finial requirements of net profit and net cash flow, etc.
Order handling rules also apply in China. The practice in China is that the centralised competitive bidding in securities trading follows the principle of price preference and time preference, ie, a higher purchase-price bid will be accepted in priority to a lower purchase-price bid by the securities trading system, while a lower selling-price ask will be accepted in priority to a higher selling-price ask. In the event that the same purchase prices or selling prices are offered, the price that comes first will be accepted by the securities trading system.
Compared with traditional commercial banks, P2P trading platforms adopt more simplified credit review procedures and offer much faster speeds of loan issuance. Therefore, they used to attract a huge number of small loans for individuals, and were replacing commercial banks as a major provider of small loans for individuals before 2018. However, the fast growth of P2P platforms brought the danger of illegal fund-raising, and the lack of a well-established personal credit system in China triggered a repayment crisis for many big P2P platforms, which posed a potential systematic risk to China’s financial system. Since 2018, the PBOC has been strengthening the regulatory requirements, and cracking down on illegal fund-raising activities jointly with other regulators, such as the MPS. There were fewer than 50 P2P platforms left in China at the end of August 2020, down from a peak of 5,000 in 2017.
China has not adopted any specific laws and regulations regarding the best execution of customer trades.
The rules permitting or prohibiting payment for order flow are provided by the Regulations on the Supervision and Administration of Securities Companies (2014 Revision), issued by the State Council, which states that a securities company and its staff may not seek illicit profits from offering investment suggestions to their clients. It is suggested that payment for order flow is not permitted in China, but lawmakers have not put much focus on this issue yet.
China’s capital markets, when assessed in comparison with more mature markets and other emerging markets, still have to catch up on several fronts. China still needs to improve its capital markets in terms of overall scale, internal structure and market efficiency, improve the corporate governance of listed companies, enhance the international competitiveness of securities and futures firms, improve the efficiency and competitiveness of the exchanges, optimise market infrastructure as well as laws, rules and regulations, and provide more effective enforcement.
At present, China’s regulation of high-frequency trading is not labelled as such or centralised as a set of regulations specifically targeting such practices, but rather derives from more generic regulations about technical aspects of trading. For example, the Guidelines of the China Financial Futures Exchange on the Supervision and Controlling of Abnormal Futures Trading (for Trial Implementation), issued by the China Financial Futures Exchange in 2010, describes certain trading activities as abnormal trading and limits or forbids them, eg, when the number of cancellations for a single contract is more than 500, or the trading volume of a single contract is more than 1,000 lots in a single day, etc.
China has no specific laws or regulations on registering as market makers when functioning in a principal capacity.
China has no specific laws or regulations in relation to the distinction between funds and dealers.
China has no specific laws or regulations on programmers and programming.
China has no specific laws or regulations on business operations of financial research platforms. However, as information service providers, financial research platforms are subject to laws and regulations regarding information services in the telecoms sector, and value-added telecoms licences may be required if such services are fee-based.
Pursuant to the Administrative Provisions on Financial Information Services, financial information services providers may not produce, publish or disseminate information that:
Any financial information service providers that violate the requirements above will be subject to various administrative penalties.
In addition, under the Criminal Law of the People’s Republic of China, it is a crime for anyone to disclose insider information, or use such information in trading, or use other non-insider internal information in trading, or create or spread securities or exchange-related false information, or manipulate a securities market or an exchange market with such information.
Under the telecoms and cybersecurity laws and regulations, operators of financial information platforms are requested to collect and verify the real name of the platform users before those users are allowed to use the platform and post any information. The users are aware of the fact and know that they can be traced if they post improper information or conversations.
In addition, at the request of government authorities, operators of financial information services must delete an improper conversation and report details about it to the authorities.
In China, the typical underwriting process of insurance is simple. A consumer will initiate the process by filling in an application form and, after the insurer gathers all the necessary information to evaluate the risk exposure, the insurance policy will be approved (or rejected). With the rising trend of insurtech, many insurance companies are beginning to offer insurance policies and complete the initial customer evaluation on online platforms. However, after online approval of the insurance policy, most insurance companies still require the insurance applicants to execute various contracts offline. Insurance regulators mainly implement exit management to strengthen the supervision of insurance products through monitoring during and after the event.
Under the Insurance Law of the People’s Republic of China, an insurer is forbidden to engage concurrently in the businesses of life insurance and property insurance. Correspondingly, there are two departments of CBIRC, the Property Insurance Regulatory Department and the Personal Insurance Regulatory Department, which separately regulate the business of insurance of persons and insurance of property. The rationale might be the concern that the proceeds received from personal insurance purchasers may be misappropriated to satisfy the huge need for cash in the property insurance business.
China has no specific law or regulations on regtech providers. However, the Chinese government embraces regtech as a good opportunity and method for making sure that fintech companies comply with the law. In 2017, the PBOC formed the Fintech Committee and announced its main purpose was to reinforce the research and application of regtech. In 2018, the CSRC pushed for the adoption of regtech measures amid broader efforts by Beijing to rein in the Chinese financial sector. In April 2020, the Beijing Fintech Industry League announced the founding of the Regtech Specialist Committee. In June 2020, the CSRC announced the establishment of a new internal regtech office. The CSRC’s Tech Department will have the goal of creating a big data supervisory and regulatory system for Chinese capital markets that will incorporate various existing data sources. With encouragement from the government, regtech companies in China are expected to grow fast in the next couple of years, but as they help the regulators in monitoring the daily activities of fintech companies by tracing, collecting and processing data, the need for legislation to protect state secrets has become urgent. Furthermore, in the future where more powers are delegated to such regtech providers by the regulators, there will be more requirements of duties imposed on them by law.
When dealing or co-operating with a technology provider, financial services firms are always seeking contractual protection to safeguard their trade secrets, prevent leakage of customer information and ensure the satisfaction of all regulatory requirements on data compliance by the technology provider. For example, all data collected and processed by the technology provider must be uploaded and stored on the financial services firm’s own server and any data transmission to a third party or any unauthorised use without permission is forbidden. Some of those contractual terms are reflected in the regulations or technical norms of the relevant industry, in principle or in detail.
Currently, blockchain technology in China is mostly used in clearing, cross-border trade, supply chain, information identification and digital currency. For example, China Merchants Bank has built the "Blockchain Platform of China Merchants Bank Direct Payment" – the first commercial bank in China to apply blockchain technology in the fields of cross-border direct clearing and global cash management.
Blockchain technologies are generally permitted and even encouraged in China. A white paper published in October 2016 by the China Blockchain Technology and Industrial Development Forum, under the guidance of the MIIT, analysed the state of blockchain technology in China and its potential future applications, set out a roadmap for blockchain development in China and called for a formal set of national blockchain standards to provide industry guidance to existing and potential market players. To date, however, no blockchain-related standards have been released.
The Blockchain Services Provisions
On 10 January 2019, the CAC promulgated the Provisions on Administration of Blockchain-Based Information Services (“Blockchain Services Provisions”), which represent the first administrative guidelines for providers of non-cryptocurrency, blockchain-based services in China. The Blockchain Services Provisions define blockchain-based service providers as entities or nodes that provide blockchain-based information services, or any institution or organisation that provides technological support to such entities (“Blockchain Service Providers”). As a consequence of the promulgation of the Blockchain Services Provisions, the CAC publicly released a list of 197 registered blockchain information services projects on 30 March 2019, and a second list of 309 registered products on 18 October 2019.
Responsibilities of Blockchain Service Providers
Under the Blockchain Services Provisions, Blockchain Service Providers are responsible for information security and should build internal management systems for user registration, information censorship, emergency response and security protection. The Blockchain Services Provisions require Blockchain Service Providers to conduct a record-filing with the CAC or its provincial-level branch to report certain key information, such as the type and scope of services, application sectors and server addresses, within ten business days after launching their services. Blockchain Service Providers are also required to undertake a security evaluation administered by the CAC or its provincial branches, and to authenticate the identities of their users based on ID card numbers, organisational codes (for PRC entities) or mobile phone numbers before providing services to such users, in accordance with the Cybersecurity Law of the People’s Republic of China.
Position of the Chinese Government
On the other hand, the Chinese government has taken a hard line against private cryptocurrencies and ICO fundraising. In 2017, regulators instituted an outright ban on cryptocurrency exchanges and ICOs in China, and also imposed severe restrictions on the use of cryptocurrencies and relevant trading services, which continued in 2020.
Blockchain assets (eg, bitcoin) are generally regarded as virtual property rather than “legal currency” protected by PRC laws. However, the Civil Code of the People’s Republic of China, promulgated on 28 May 2020 (effective as of 1 January 2021), provides for the first time that data and internet virtual property will be protected by law.
Though blockchain assets (eg, bitcoin) are now protected as virtual property in China, the issuance of blockchain assets by private issuers is forbidden. The PBOC announced in August 2020 that four major state-owned commercial banks were in the process of testing the virtual currency issued by the PBOC.
Blockchain asset trading platforms are banned in China.
No funds are allowed to invest in blockchain assets in China.
Private players are not allowed to issue virtual currencies. The PBOC is testing its virtual currency in four commercial banks in Shenzhen.
China has no specific laws and regulations against decentralised finance (“DeFi”) platforms.
Open banking is generally understood by the market as a system that provides software developers and related businesses with a network of financial institutions’ data, through the use of application programming interfaces (APIs), which are established on the notion that individuals or entities might be willing to share their banking transaction details with third-party developers of APIs so that the individual end-user may enjoy more advanced and cheaper financial services. Although there are no specialised mandates or API standards for open banking in China, Chinese law guides the growth of open banking by imposing specific restrictions on the sharing of bank customer data. Thus, China has not (yet) provided for system-wide open banking or equivalent mechanisms like the UK may have. It is likely that China’s approach to regulating open banking will be pragmatic and organic, allowing industries to develop through experimentation and stepping in to tackle problems as they appear.
Since the implementation of the Cybersecurity Law of the People’s Republic of China on 1 June 2017, the collection of individuals' personal information has been subject to stricter supervision, and the collection of financial data is the most sensitive category. For example, banks are required to guarantee the security of data during sharing, ie, the shared data should not be stolen or tampered with, and user privacy should be protected from infringement. In terms of authorisation scope and transparency, banks need to ensure that the shared data can only be utilised within the time and space authorised by the customer, and that customers understand what data they have shared, who is using the data, and what the risks are. Some major banks in China are beginning to develop some open banking services – for example, Shanghai Pudong Development Bank (SPDB) has developed its API Bank, through which SPDB has embedded its banking services into the Shanghai Port Service Office to process trade companies’ international payments or purchase orders online through the Shanghai Port Service Office platform in a matter of minutes – even if these banks are exposed to potential risks triggered by regulatory uncertainty regarding data and privacy protection.