The year 2020 is a critical time for the development of the fintech market in China. If the key words in the first half are “the rise of the fintech giants and innovative business models”, then those in the second half are “to rebuild the rules and strengthen the compliance requirements by the regulators”. The failure of Ant Financial’s IPO is a clear message sent by the Chinese regulators. It appears that the regulators will continue to strengthen supervision in the fintech market in the coming years, while still encouraging innovation, especially in risk prevention in the long term. The prospects for the fintech market in China are still broad, with increasingly diversified market players. As new infrastructure has risen to the height of China’s national strategy, the deep integration of artificial intelligence, blockchain technology, cloud computing and big data will promote the development of fintech into a new stage. The business model may be reshaped so as to better serve the real economy and inclusive finance.
The current predominant business model of fintech in China is internet finance. The traditional financial institutions (eg, banks, securities firms, insurance companies, etc) and innovative internet companies (third-party payment service companies, internet lending service providers, etc) provide their financial products by using new hi-tech tools, eg, big data, cloud computing or even robotic process automation, to approach and serve their customers more efficiently and reduce their exposure to risk.
Like most of the countries in the world, China has not set up or appointed an independent supervisory authority for the regulation of the fintech industry.
Rather, the relevant businesses of the fintech industry, based on the specific attributes of corresponding financial services, are subject to the supervision of the traditional financial regulatory authorities. In particular, the China Banking and Insurance Regulatory Commission (CBIRC) is responsible for the supervision of fintech businesses that rely on services provided by commercial banks (eg, internet banking, internet lending, P2P lending, etc) and insurance companies (such as internet insurance), and services similar to these, even if provided by others. The China Securities Regulatory Commission (CSRC) is responsible for the supervision of fintech businesses that are related to investments in the securities markets, such as internet funds, internet securities, intelligent investment advisers, etc. The People's Bank of China (PBOC) is responsible for the supervision of fintech businesses related to the issuance, circulation and clearing/settlement of currencies, such as third-party payment services, digital currency, etc.
In addition, the local governments in China also play an important role in regulating the fintech industry. For P2P platforms and other “quasi-financial businesses” such as financing leasing, financing guarantee and factoring, the traditional financial regulatory authorities (ie, the CBIRC, CSRC and PBOC) usually will not be directly involved in regulation, but will delegate relevant regulatory authority to the local financial regulatory bureaus of local governments.
Following the principle of “separate supervision”, the PBOC plays a leading and co-ordinating role among the regulatory authorities in the supervision of the fintech industry, and controls the development direction and supervisory approach to the fintech industry from a more macroscopic perspective. For instance, the Guiding Opinions on Promoting the Healthy Development of Internet Finance (“Internet Finance Development Opinions”) issued in July 2015 by ten ministries led by the PBOC, as well as the Fintech Development Plan (2019–2021) issued by the PBOC in 2019, both provide macro guidance on the regulation and development of the fintech industry based on market practice at the time.
In order to regulate the development and application of fintech in the financial services industry, the Chinese government has issued a series of policies and regulations in recent years. The basic principle is that fintech should be used as a technical tool to promote the innovation and development of the financial services industry. The relevant policies and regulations mainly include the macro policies and the regulations for each subdivided field of the fintech industry (see below).
Major Macro Policies
The PBOC is responsible for leading the formulation of fintech’s macro policies in China. These are intended to provide guidelines and plans for the development of fintech:
Major Regulations in Subdivided Fields
The Chinese government has attached great importance to emerging technologies, especially for “cloud computing”, “internet plus”, “big data” and “artificial intelligence”. For each of the aforementioned technologies, the State Council has issued corresponding policies for guidance, mainly including:
With respect to the application of fintech in the financial services industry, the Chinese financial regulatory authorities have issued a series of rules which can be divided into three categories.
Regulations relating to the new business model developed by traditional financial institutions with fintech
These regulations are, for example: (1) for internet insurance business based on “Internet Plus”, the CBIRC issued the draft Original Insurance Interim Measures and the Insurance Supervision, which is expected to be officially issued in the near future to replace the Original Insurance Interim Measures; and (2) for the internet loans of commercial banks, the CBIRC issued the draft Interim Measures for the Administration of Internet Loans of Commercial Banks (Draft for Consultation).
Regulations relating to the new types of institutions utilising fintech
These regulations include : (1) for non-banking payment institutions, the PBOC promulgated the Administrative Measures for the Payment Services Provided by Non-financial Institutions in June 2010 and a series of rules and regulations regarding the payment services provided by non-financial institutions were issued later; and (2) for online lending information intermediary institutions, ie, P2P platforms, four Chinese government departments led by the China Banking Regulatory Commission (replaced by the CBIRC in April 2018) promulgated the Interim Measures for the Administration of the Business Activities of Online Lending Information Intermediary Institutions in August 2016 and a series of rules and regulations for rectifying the industry was issued later.
Regulations in relation to the common issues arising from the application of fintech
These include, for example: (1) for the data management of commercial banks, the CBIRC issued the Guidelines for the Data Management of Banking Financial Institutions in May 2018; and (2) for the protection of personal information, the Standing Committee of the National People’s Congress promulgated the Cybersecurity Law of the People’s Republic of China in November 2016, and the PBOC issued the Personal Financial Information Protection Technical Specification in February 2020.
In addition to the regulations listed above, the Chinese financial regulatory authorities have also promulgated myriad rules on particular financial service aspects, including online fund sales business, loan facilitation services, internet wealth management and digital currency.
It is worth noting that the PBOC issued a notice in December 2019, announcing that the first pilot scheme of fintech innovation supervision (ie, a sandbox regulatory mechanism) would be launched in Beijing. In April 2020, it was announced that the pilot scheme had been expanded to six regions, Shanghai, Chongqing, Shenzhen, Hebei Xiong’an New District, Hangzhou and Suzhou. Meanwhile, in April 2020, four Chinese government departments, led by the PBOC, issued the Opinions on Financial Support for the Construction of the Guangdong-Hong Kong-Macao Greater Bay Area, in which the mechanism “to study and establish a cross-border financial innovation regulatory ‘sandbox’” was proposed, and it is also the first time that the concept of “sandbox regulation” has been directly referred to in Chinese financial regulatory rules.
The following compensation models are observed in market practice:
In each compensation model, a clear rate of service charge must be notified to customers/users in advance, with a written or electronic record of charges provided later.
Legacy players, such as commercial banks, securities firms and insurance companies, are highly regulated in China. Chinese regulators are in the process of setting up a licensing system and adopting new regulatory models with respect to fintech industry participants in innovative practice areas. Take the third-party payment industry, for example: any fintech company involved in payment settlement business is required to obtain a third-party payment licence, compared with legacy players that are not required to do so to conduct payment business given that they are licensed to perform traditional banking services.
Regulatory sandboxes provide regulators with a controlled and supervised environment in which to test innovative products, services or business models without systematic risks. These trial projects form part of China’s Fintech Development Plan (2019–2021). The fintech regulatory trials test the best regulatory methods and provide corresponding space and system guarantees for fintech innovations based on the “regulatory sandbox” regulation model.
In mid-January 2020, the PBOC announced the first batch of trial applications in Beijing. In late April, the PBOC extended the sandbox experimental cities to Shanghai, Chongqing, Shenzhen, Hangzhou and Suzhou, as well as the Xiong’an New Area, a much-anticipated new economic zone. In July 2020, Guangzhou and Chengdu were included in the sandbox experimental cities by the PBOC. By the end of 2020, 70 projects were being tested in these nine sandbox experimental cities.
There is no single regulatory body responsible for the regulation of fintech products and services. Different fintech services and products are regulated by different regulatory bodies, such as the PBOC, CBIRC and CSRC. Other than these three major regulators, some other regulators are involved in certain particular situations, eg, the State Administration for Market Regulation (SAMR) and its local branches are in charge of fintech companies’ registration and normal business conduct; the Ministry of Industry and Information Technology (MIIT) and its local branches are in charge of regulating telecommunications-related services involved in the fintech industry; the Cyberspace Administration of China (CAC) is in charge of regulating network safety, data compliance and other relevant issues arising from internet data exchange and processing involved in the fintech industry; and the Ministry of Public Security (MPS) and its local branches are leading the fight against internet financial crimes.
Given that the financial industry is a highly regulated area in China, only a small number of non-material functions of China regulators are outsourced to relevant industry associations, such as the Payment & Clearing Association of China (PCAC), including self-discipline measures, launches of pilot programs and formulation of technical guidelines, standards or rules. Each relevant industry association, being authorised by the competent regulators, has its own charters, self-discipline conventions, rules and regulations governing all its members and their activities.
Different participants in the fintech industry may be subject to different kinds of liability. For fund administrators, the Securities Investment Law of the People’s Republic of China and the Provisional Rules on Supervision and Administration of the Private Equity Investment Fund ("PE Fund Rules") provide that the fund administrator should disclose material information that may have a substantial impact on the lawful interests of the investors, and should not withhold information or provide false information. The operators of any platform (eg, a financial research platform) are required to block, delete and report any improper, suspicious or unlawful behaviour, keep relevant records of such behaviour and report the same to the regulatory authorities.
In 2020, the Chinese government continued the campaign against irregularities in P2P lending and online small loans. The shutdown of most small-to-medium-sized players shows China’s concerns regarding the disorder of this market and the government's ability to enforce the law firmly and quickly. In addition, Chinese regulators curbed the “reckless” push of technology firms into finance, taking aim at a sector where lax oversight fuelled breakneck growth for companies such as Ant Group Co and Tencent Holdings Ltd’s Wechat Pay.
In October 2018, the PBOC, CBIRC and CSRC jointly issued the Anti-laundering and Anti-terrorism Financing Regulations on Internet Financial Institutions (for trial implementation), pursuant to which internet financial institutions shall access the Network Monitoring Platform developed by the PBOC, set up anti-money laundering departments, and report transactions involving large sums of money and dubious transactions through the Network Monitoring Platform.
On 2 January 2020, the SAMR issued the draft Amendment to the Anti-Monopoly Law, which sets forth the supervision of the underlying ecology of the entire digital economy.
On 13 February 2020, the PBOC issued the Financial Industry Standard Concerning the Effective Technical Management for Personal Financial Information Protection (“Standard”), aiming to fill the gaps between current law and practice. For example, the Standard provides that cross-border transfer of personal financial information is conditional on business necessity and a security assessment having been passed. The Standard specifies further detailed requirements for such cross-border transfer, eg, express consent from the data subject, the transferee’s ability to perform undertakings regarding data confidentiality and data deletion and assistance with fighting crime, as well as comprehensive protection requirements for personal financial information in all aspects of the life cycle, including collection, transmission, storage, use, deletion and destruction. Though the Standard is not mandatory, the regulators and Chinese enforcement authorities are likely to refer to the Standard in their investigational and enforcement work.
The National Internet Finance Association of China (NIFA) is recognised as the first nationwide self-regulatory organisation of the internet financial industry. NIFA’s requirements for its members may exceed those imposed by law. For example, NIFA released the Standards on Information Disclosure of Internet Finance: P2P Lending, pursuant to which, members of NIFA must disclose the required information to NIFA on a monthly basis.
On 30 December 2020, the Mobile Finance Committee of NIFA held its work meeting for 2020. At the meeting, NIFA introduced three key tasks in 2021, including:
Online customer-directing platforms for financial products are good examples of the conjunction of unregulated and regulated products. The sale of financial products through the internet is regulated, but the provision of product information is not regulated by financial regulators. In such business models, platform operators enter into co-operation or service agreements with financial product providers that are regulated. When clicking the button shown on the interface of platforms, users are redirected to the websites of the financial product providers or the display pages of the financial products. The financial product providers will pay the platform operators' commission or a technical service fee based on the agreement between them if users are successfully directed to the said websites/pages.
In practice, different local regulators have different attitudes towards this kind of business model, and it is uncertain as to whether this business model will be subject to regulation by financial supervision in the future. However, there is a trend for regulation in this regard to be tightened to prevent the sale of financial products by a technology company without a competent sales permit.
China-based robo-advisers tend to be more restricted, compared with robo-advisers in other jurisdictions. Robo-advisers in China typically provide portfolio recommendations, but the investment decisions ultimately have to be undertaken by users due to regulatory limitations.
Pilot Mutual Funds Advisory Scheme
China's pilot launch of a mutual funds advisory scheme in October 2019 may, however, ease this restriction. The scheme will allow asset managers and fund distributors to provide customised investment advice and maintain discretionary control over clients' investment portfolios, which will be constructed with publicly offered mutual funds. Robo-advisers operating under this scheme will therefore be allowed to execute trades automatically without requiring client consent each time, providing a more seamless experience for users.
The CSRC launched the scheme with the aim of promoting an alignment of interests between investors and fund distributors. Traditionally, China's asset management industry has been sales-oriented, as fund distributors generate revenue from transaction fees on the products they sell. This scheme will see a shift towards a fee-based advisory model, with providers charging a fee of no more than 5% of a client's net asset values in exchange for providing asset allocation services tailored to that customer's financial needs.
Banks, brokerages and internet start-ups have all been developing robo-advisory products in recent years. However, 2020 saw an increase in cases where legacy players started or expanded their co-operation with emerging technology companies focusing on providing robo-advisory solutions to clients, based on the application of big data, cloud computing and AI. For example, in May 2019, Shanghai Pudong Development Bank and Licaimofang, a domestic company focused on the business of intelligent wealth management, jointly developed a robo-advisory product called “G-DISCOVER”. As another example, in March 2019, the Bank of Nanjing, supported by PINTEC, a leading fintech service provider listed on NASDAQ, developed a new intelligent wealth investment product for its customers. With evolving industry practices, a larger diversity of robo-advisory services provided by legacy players may be expected in China.
Though the concept of robo-advisers was first acknowledged by regulators under the Guiding Opinions on Regulating the Asset Management Business of Financial Institutions jointly issued by the PBOC, CSRC, CBIRC and SAIF on 17 April 2018, to date China has not adopted any specific robo-adviser laws or regulations regarding the best execution of customer trades.
From a business perspective, different loan providers target different loan borrowers based on risk appetite. For example, online lending platforms operated by traditional commercial banks tend to issue loans to small business owners, while other online lending platforms, operated by non-bank entities (like Ant Financial or JD), tend to target individual borrowers, capitalising on different risk assessment methods, eg, certain online lending platforms have access to the online shopping history of individual borrowers, and use this to analyse their consumption curve changes and assess the potential risks.
From a legal perspective, however, there is no clear line drawn between individual borrowers or small business owner borrowers, as the Interim Measures for the Administration of the Business Activities of Online Lending Information Intermediary Institutions, jointly issued by the CBIRC, MIIT, CAC and MPS on 17 August 2016 (“Interim Measures of Online Lending Intermediaries”), has set the framework of regulation on online lending platforms without expressly categorising loans vis-à-vis individuals or entities.
Online lending platforms are generally considered as intermediaries that collect basic personal information about borrowers, categorise the information with repayment capacity and provide lenders with such standardised information. Paipai Dai is a leading company that adopts this business model.
Other underwriting models previously existed, eg, with platforms acting as guarantors, providing a guarantee on the repayment of loans, or as creditors, collecting proceeds from investors or repurchasing debt from individual lenders. However, these business models have been prohibited by the Interim Measures of Online Lending Intermediaries since 2016.
P2P lending refers to technology-based platforms that allow investors to participate as investors in loan assets, with a direct claim on payments of interest and repayments of principal. The platform itself has no claim on these payments, but instead earns fees for related services, including the assessment of credit risk, the matching of investors with borrowers, and the servicing of loans, including the collection and allocation of payments of interest and principal. There were less than 50 P2P lending companies left in China at the end of August 2020, down from a peak of 5,000 in 2017, after a two-year government crackdown on dodgy lenders.
Online lending platforms have been prohibited from being involved in the securitisation business since 2016, according to the Interim Measures of Online Lending Intermediaries, although they seek to circumvent such regulation in various ways.
With the concern that online lending platforms may engage in illegal fund-raising and misuse of proceeds, licences are required for various aspects of online lending, and co-operation with third-party institutions is restrained.
It is rare to see syndications used in the online lending business. The more common approach is for online lending firms to provide analyses of borrower information to be assessed by other participants, such as commercial banks, and such participants will provide funds for such borrowers in return.
Payment processors (eg, traditional commercials banks and innovative payment service providers like Alipay Pay and WeChat Pay) in China must use payment rails that are managed by certain licensed entities. Those payment processors are not allowed to create new payment rails on their own. Currently, available payment rails include the payment processing platforms managed by China UnionPay and China Nets Union. China UnionPay is a bridge connecting all sorts of banks. China Nets Union is an online payment clearing platform for non-bank payment institutions, mainly to provide unified and public payment clearing services for online payments. Since China Nets Union only serves as a clearing platform, it connects the licensed payment processors and the banking system.
Cross-border payments and remittance are highly regulated in China. The major regulators are the PBOC and the State Administration of Foreign Exchange (SAFE). The PBOC regulates cross-border payments in offshore RMB carried out by banks and licensed payment processors. SAFE regulates cross-border payments in foreign exchange carried out by banks and licensed payment processors (which obtain the special permit necessary to engage in foreign exchange cross-border payment businesses issued by SAFE).
Fund administrators are classified as those that manage publicly-offered funds (“Public Fund Administrators”) and those that manage private equity funds (“Private Fund Administrators”). Public Fund Administrators are subject to approval by the CSRC while Private Fund Administrators used to be subject only to registration/filing with the China Securities Investment Funds Association. The CSRC officially took responsibility to supervise and regulate Private Fund Administrators after the Interim Measures for the Supervision and Administration of Private Investment Funds came into effect in August 2014, which laid down the current regulatory system on private investment funds.
On 31 July 2020, the CSRC released the draft Measures for the Supervision and Administration of Publicly Offered Securities Investment Fund Managers. These new regulations mainly raise the financial requirements of fund company shareholders on the entry threshold and require long-term fund performance as a core assessment indicator in corporate governance. These revisions mainly focus on the following:
On 23 December 2019, the Asset Management Association of China (AMAC) released the Instructions for the Record-filing of Private Investment Funds, aiming to reinforce the requirements previously requested by the CSRC, issued in April 2018, and supplementing specific requirements of AMAC.
In China, fund advisers are purely advisory entities that give investment advice and do not have a responsibility to supervise fund administrators. Under the Securities Investment Law of the People’s Republic of China, the fund trustee is responsible for supervising the fund administrator. In 2020, the CSRC released the draft Administrative Measures on Securities Fund Investment Advisory Business, which sets out certain requirements for Chinese and foreign shareholders of securities fund investment advisers. More generally, it also prohibits securities fund investment advisers from providing advisory services in relation to securities, structured products, derivatives and other high-risk assets to investors other than professional investors. If a non-professional investor insists on receiving such services, the advisers should, among other things, keep records of all procedures in relation to such services if the services are rendered via the internet.
The current major trading platforms nationwide include the following:
The regulatory approach in China is functional regulation, under which different products and platforms are subject to differing supervision by regulators categorised with different asset classes. As set out in 7.1 Permissible Trading Platforms, various regulatory regimes are involved with respect to separate asset classes and services. In other words, multiple licences may be required if a financial services provider engages in business relating to several different types of asset classes. For example, for the sale of insurance, insurance broker licences are required, while for the securities and futures business, operating licences for securities and futures are required.
As an entirely new genre of intangible asset, the emergence of cryptocurrency calls for an upgrading of the technology used in the regulation and innovation of legal theories to incorporate cryptocurrency properly into the existing regulatory system. Uncertainty regarding cryptocurrency and consumer protection in the trading process, and concerns regarding anti-money laundering, have been the major issues addressed by the regulatory authorities.
In September 2017, China officially declared fund-raising through cryptocurrencies and initial coin offerings (ICOs) illegal and shut down platforms facilitating such trades. On 24 August 2018, the CBIRC, PBOC, MPS and two other cabinet-level authorities jointly issued the Notice on the Risks of Illegal Fund-Raising, which used the terms “cryptocurrency” and “blockchain” and warned investors of the risk of Ponzi schemes in such deals. However, the PBOC is moving quickly in researching and developing China’s own Central Bank Digital Currency (CBDC) in reaction to challenges that cryptocurrencies may bring about.
Pursuant to the Measures for the Administration of Initial Public Offerings and Listing of Stocks (2018 Amendment) issued by the CSRC and the relevant listing rules of the Shanghai Stock Exchange and Shenzhen Stock Exchange, there are no IPO requirements specifically for fintech companies. However, certain general standards apply for an IPO of a fintech company, eg, there must have been no major change regarding an issuer's ultimate controller, main business, directors or senior managers within the last three years; the total share capital of the issuer prior to the IPO must be no less than CNY30 million; certain finial requirements of net profit and net cash flow, etc.
Order handling rules also apply in China. The practice in China is that the centralised competitive bidding in securities trading follows the principle of price preference and time preference, ie, a higher purchase-price bid will be accepted in priority to a lower purchase-price bid by the securities trading system, while a lower selling-price ask will be accepted in priority to a higher selling-price ask. In the event that the same purchase prices or selling prices are offered, the price that comes first will be accepted by the securities trading system.
Compared with traditional commercial banks, P2P trading platforms adopt more simplified credit review procedures and offer much faster speeds of loan issuance. Therefore, they used to attract a huge number of small loans for individuals, and were replacing commercial banks as a major provider of small loans for individuals before 2018. However, the fast growth of P2P platforms brought the danger of illegal fund-raising, and the lack of a well-established personal credit system in China triggered a repayment crisis for many big P2P platforms, which posed a potential systematic risk to China’s financial system. Since 2018, the PBOC has been strengthening the regulatory requirements, and cracking down on illegal fund-raising activities jointly with other regulators, such as the MPS. There were fewer than 50 P2P platforms left in China at the end of August 2020, down from a peak of 5,000 in 2017.
China has not adopted any specific laws and regulations regarding the best execution of customer trades.
The rules permitting or prohibiting payment for order flow are provided by the Regulations on the Supervision and Administration of Securities Companies (2014 Revision), issued by the State Council, which states that a securities company and its staff may not seek illicit profits from offering investment suggestions to their clients. It is suggested that payment for order flow is not permitted in China, but lawmakers have not put much focus on this issue yet.
China’s capital markets, when assessed in comparison with more mature markets and other emerging markets, still have to catch up on several fronts. China still needs to improve its capital markets in terms of overall scale, internal structure and market efficiency, improve the corporate governance of listed companies, enhance the international competitiveness of securities and futures firms, improve the efficiency and competitiveness of the exchanges, optimise market infrastructure as well as laws, rules and regulations, and provide more effective enforcement.
At present, China’s regulation of high-frequency trading is not labelled as such or centralised as a set of regulations specifically targeting such practices, but rather derives from more generic regulations about technical aspects of trading. For example, the Guidelines of the China Financial Futures Exchange on the Supervision and Controlling of Abnormal Futures Trading (for Trial Implementation), issued by the China Financial Futures Exchange in 2010, describes certain trading activities as abnormal trading and limits or forbids them, eg, when the number of cancellations for a single contract is more than 500, or the trading volume of a single contract is more than 1,000 lots in a single day, etc.
China has no specific laws or regulations on registering as market makers when functioning in a principal capacity.
China has no specific laws or regulations in relation to the distinction between funds and dealers.
China has no specific laws or regulations on programmers and programming.
China has no specific laws or regulations on business operations of financial research platforms. However, as information service providers, financial research platforms are subject to laws and regulations regarding information services in the telecoms sector, and value-added telecoms licences may be required if such services are fee-based.
Pursuant to the Administrative Provisions on Financial Information Services, financial information services providers may not produce, publish or disseminate information that:
Any financial information service providers that violate the requirements above will be subject to various administrative penalties.
In addition, under the Criminal Law of the People’s Republic of China, it is a crime for anyone to disclose insider information, or use such information in trading, or use other non-insider internal information in trading, or create or spread securities or exchange-related false information, or manipulate a securities market or an exchange market with such information.
Under the telecoms and cybersecurity laws and regulations, operators of financial information platforms are requested to collect and verify the real name of the platform users before those users are allowed to use the platform and post any information. The users are aware of the fact and know that they can be traced if they post improper information or conversations.
In addition, at the request of government authorities, operators of financial information services must delete an improper conversation and report details about it to the authorities.
In China, the typical underwriting process of insurance is simple. A consumer will initiate the process by filling in an application form and, after the insurer gathers all the necessary information to evaluate the risk exposure, the insurance policy will be approved (or rejected). With the rising trend of insurtech, many insurance companies are beginning to offer insurance policies and complete the initial customer evaluation on online platforms. However, after online approval of the insurance policy, most insurance companies still require the insurance applicants to execute various contracts offline. Insurance regulators mainly implement exit management to strengthen the supervision of insurance products through monitoring during and after the event.
Under the Insurance Law of the People’s Republic of China, an insurer is forbidden to engage concurrently in the businesses of life insurance and property insurance. Correspondingly, there are two departments of CBIRC, the Property Insurance Regulatory Department and the Personal Insurance Regulatory Department, which separately regulate the business of insurance of persons and insurance of property. The rationale might be the concern that the proceeds received from personal insurance purchasers may be misappropriated to satisfy the huge need for cash in the property insurance business.
China has no specific law or regulations on regtech providers. However, the Chinese government embraces regtech as a good opportunity and method for making sure that fintech companies comply with the law. In 2017, the PBOC formed the Fintech Committee and announced its main purpose was to reinforce the research and application of regtech. In 2018, the CSRC pushed for the adoption of regtech measures amid broader efforts by Beijing to rein in the Chinese financial sector. In April 2020, the Beijing Fintech Industry League announced the founding of the Regtech Specialist Committee. In June 2020, the CSRC announced the establishment of a new internal regtech office. The CSRC’s Tech Department will have the goal of creating a big data supervisory and regulatory system for Chinese capital markets that will incorporate various existing data sources. With encouragement from the government, regtech companies in China are expected to grow fast in the next couple of years, but as they help the regulators in monitoring the daily activities of fintech companies by tracing, collecting and processing data, the need for legislation to protect state secrets has become urgent. Furthermore, in the future where more powers are delegated to such regtech providers by the regulators, there will be more requirements of duties imposed on them by law.
When dealing or co-operating with a technology provider, financial services firms are always seeking contractual protection to safeguard their trade secrets, prevent leakage of customer information and ensure the satisfaction of all regulatory requirements on data compliance by the technology provider. For example, all data collected and processed by the technology provider must be uploaded and stored on the financial services firm’s own server and any data transmission to a third party or any unauthorised use without permission is forbidden. Some of those contractual terms are reflected in the regulations or technical norms of the relevant industry, in principle or in detail.
Currently, blockchain technology in China is mostly used in clearing, cross-border trade, supply chain, information identification and digital currency. For example, China Merchants Bank has built the "Blockchain Platform of China Merchants Bank Direct Payment" – the first commercial bank in China to apply blockchain technology in the fields of cross-border direct clearing and global cash management.
Blockchain technologies are generally permitted and even encouraged in China. A white paper published in October 2016 by the China Blockchain Technology and Industrial Development Forum, under the guidance of the MIIT, analysed the state of blockchain technology in China and its potential future applications, set out a roadmap for blockchain development in China and called for a formal set of national blockchain standards to provide industry guidance to existing and potential market players. To date, however, no blockchain-related standards have been released.
The Blockchain Services Provisions
On 10 January 2019, the CAC promulgated the Provisions on Administration of Blockchain-Based Information Services (“Blockchain Services Provisions”), which represent the first administrative guidelines for providers of non-cryptocurrency, blockchain-based services in China. The Blockchain Services Provisions define blockchain-based service providers as entities or nodes that provide blockchain-based information services, or any institution or organisation that provides technological support to such entities (“Blockchain Service Providers”). As a consequence of the promulgation of the Blockchain Services Provisions, the CAC publicly released a list of 197 registered blockchain information services projects on 30 March 2019, and a second list of 309 registered products on 18 October 2019.
Responsibilities of Blockchain Service Providers
Under the Blockchain Services Provisions, Blockchain Service Providers are responsible for information security and should build internal management systems for user registration, information censorship, emergency response and security protection. The Blockchain Services Provisions require Blockchain Service Providers to conduct a record-filing with the CAC or its provincial-level branch to report certain key information, such as the type and scope of services, application sectors and server addresses, within ten business days after launching their services. Blockchain Service Providers are also required to undertake a security evaluation administered by the CAC or its provincial branches, and to authenticate the identities of their users based on ID card numbers, organisational codes (for PRC entities) or mobile phone numbers before providing services to such users, in accordance with the Cybersecurity Law of the People’s Republic of China.
Position of the Chinese Government
On the other hand, the Chinese government has taken a hard line against private cryptocurrencies and ICO fundraising. In 2017, regulators instituted an outright ban on cryptocurrency exchanges and ICOs in China, and also imposed severe restrictions on the use of cryptocurrencies and relevant trading services, which continued in 2020.
Blockchain assets (eg, bitcoin) are generally regarded as virtual property rather than “legal currency” protected by PRC laws. However, the Civil Code of the People’s Republic of China, promulgated on 28 May 2020 (effective as of 1 January 2021), provides for the first time that data and internet virtual property will be protected by law.
Though blockchain assets (eg, bitcoin) are now protected as virtual property in China, the issuance of blockchain assets by private issuers is forbidden. The PBOC announced in August 2020 that four major state-owned commercial banks were in the process of testing the virtual currency issued by the PBOC.
Blockchain asset trading platforms are banned in China.
No funds are allowed to invest in blockchain assets in China.
Private players are not allowed to issue virtual currencies. The PBOC is testing its virtual currency in four commercial banks in Shenzhen.
China has no specific laws and regulations against decentralised finance (“DeFi”) platforms.
Open banking is generally understood by the market as a system that provides software developers and related businesses with a network of financial institutions’ data, through the use of application programming interfaces (APIs), which are established on the notion that individuals or entities might be willing to share their banking transaction details with third-party developers of APIs so that the individual end-user may enjoy more advanced and cheaper financial services. Although there are no specialised mandates or API standards for open banking in China, Chinese law guides the growth of open banking by imposing specific restrictions on the sharing of bank customer data. Thus, China has not (yet) provided for system-wide open banking or equivalent mechanisms like the UK may have. It is likely that China’s approach to regulating open banking will be pragmatic and organic, allowing industries to develop through experimentation and stepping in to tackle problems as they appear.
Since the implementation of the Cybersecurity Law of the People’s Republic of China on 1 June 2017, the collection of individuals' personal information has been subject to stricter supervision, and the collection of financial data is the most sensitive category. For example, banks are required to guarantee the security of data during sharing, ie, the shared data should not be stolen or tampered with, and user privacy should be protected from infringement. In terms of authorisation scope and transparency, banks need to ensure that the shared data can only be utilised within the time and space authorised by the customer, and that customers understand what data they have shared, who is using the data, and what the risks are. Some major banks in China are beginning to develop some open banking services – for example, Shanghai Pudong Development Bank (SPDB) has developed its API Bank, through which SPDB has embedded its banking services into the Shanghai Port Service Office to process trade companies’ international payments or purchase orders online through the Shanghai Port Service Office platform in a matter of minutes – even if these banks are exposed to potential risks triggered by regulatory uncertainty regarding data and privacy protection.
In a world of increasing uncertainty, dynamic change may be the only constant in China’s fast-paced fintech market. The past year, 2020, witnessed significant developments in traditionally heavily regulated sectors such as payment services, online lending, intelligent investment advisory services, and blockchain and cryptocurrency. Moreover, there have been major legislative developments that have not only tightened the online lending business, leading to the last-minute suspension of the Shanghai-Hong Kong dual IPO of Ant Financial, but that are also reshaping the horizon of the online lending market and possibly even the fintech market on a larger scale.
The third-party (ie, non-bank) payment service market in China is a well-developed market. The People’s Bank of China (PBOC) serves as the key regulatory body of third-party payment activities in China, as it issues the third-party payment licence ("Payment Licence") that permits qualified parties to offer online, mobile and offline payment services. The PBOC previously restricted foreign-invested entities (“FIEs”) from obtaining Payment Licences. However, this changed with the issuance of the Announcement Regarding Certain Issues on Foreign Investment in Payment Institutions (“Announcement”) by the PBOC in March 2018. According to the Announcement, an FIE can qualify for a Payment Licence if it meets certain requirements – in fact, the same requirements that apply to domestic entities. Parties dealing with foreign currency or Chinese currency cross-border payments may need to obtain one or two additional licences: one for cross-border payments with onshore and offshore yuan, also from the PBOC, and another for cross-border payments in foreign currency, from the State Administration of Foreign Exchange (“SAFE”). Such legal developments no doubt played a role in China's significant market growth in 2020. Among notable deals was PayPal’s 100% acquisition of GoPay (a PRC Payment Licence holder), consummating a 70% holding since 2019. DaHui itself has been involved in several matters relating to the issuance of Payment Licences to FIEs. Also, one of our clients participated in a previous round of fund-raising by Ant Financial, the parent company of Alipay, where some of the funds raised were contributed by foreign investors.
Protection of financial consumers' interests
An important new regulation for Payment Licence holders is the Implementation Measures on the Protection of Financial Consumers' Interests of the People's Bank, which came into effect on 1 November 2020. These measures require Payment Licence holders to provide a general plan and detailed measures to protect financial consumers (ie, individuals who purchase or use financial products or services provided by banking institutions or Payment Licence holders) covering a specific set of areas. The banks and Payment Licence holders are also required to make annual and transaction-specific disclosures on business related to financial consumers, and to keep the financial consumers' information secure and confidential.
Deposit of customer payment reserves
More recently, on 19 January 2021, the PBOC promulgated theMeasures for the Deposit of Customer Payment Reserves by Non-banking Payment Institutions, which came into effect on 1 March 2021. These measures essentially require Payment Licence holders to deposit any customers' money reserved for payment transactions but not immediately paid (eg, until the transaction involving the payment is completed) each day to a designated bank account at the PBOC, and only settle payment transactions with other Payment Licence holders or banks via the PBOC account pursuant to the procedures set forth in these measures. There are a few limited exceptions where the Payment Licence holder may open depository accounts at a designated commercial bank for special payment reserve funds for cross-border CNY/foreign exchange payments, fund sale payments, pre-paid card payments, etc.
Further draft regulations
Finally, there are numerous rules intended to govern Payment Licence holders that remain in draft form, though they may officially be issued, in more-or-less their draft form, in the near future. Among them are theRegulations on Non-banking Payment Institutions (Draft for Comment), the Administrative Measures for Industry Protection Funds of Non-banking Payment Institutions (Draft for Comment), and the Administrative Measures for Reporting Important Matters of Non-banking Payment Institutions (Draft for Comment). While there is nothing revolutionary in these draft rules, they do send a well-orchestrated signal that the PBOC is actively working to establish a system to regulate Payment Licence holders based on the same standards as commercial banks and other financial institutions.
Another key subsector of the Chinese fintech market is comprised of the mosaic of online lending platforms that operate as intermediaries between lenders and borrowers, online microcredit companies providing direct lending, and auxiliary service providers such as intelligent individual credit rating services. The regulation of the online lending subsector is still generally in quite a juvenile stage compared to that of traditional financial institutions such as commercial banks, but the subsector has grown rapidly as Chinese consumers/borrowers seek substitutes to traditional banking and new methods of borrowing/lending. As a result, the market is currently witnessing a continuous evolution marked by major changes to relevant laws and regulations, as the regulators strive to tackle challenges posed by this dynamic and ever-growing subsector. In fact, a new set of rules released recently has been called “game-changing”.
The initial absence of regulations sparked the boom of the online lending market, but also gave rise to many scams and high-risk financial models. The most headline-grabbing case was Ezubao, in 2016, which was an online peer-to-peer (“P2P”) lending platform that promised double-digit annual returns to investors. However, the platform turned out to be a Ponzi scheme. After the Ezubao scandal, P2P platforms braced for the first wave of regulation intended to standardise the industry, which placed caps on the size of loans and forced lenders to use custodian banks to hold their deposits. Still to this day, however, the market has not seen a single P2P platform completing any official registration for such platform, which would be considered de facto government approval for the business.
Online direct lending and lending facilitation
The P2P platform may have just been the spark for the flame. Since about that time, the Chinese government and key regulatory authorities – including the PBOC, the Ministry of Industry and Information Technology (MIIT), the China Banking and Insurance Regulatory Commission (CBIRC, a combination of the former China Banking Regulatory Commission and the China Insurance Regulatory Commission), and other special regulatory task forces – have promulgated a number of laws, regulations and policies aimed at tightening the rules and supervision of various areas of the online lending industry. Most recently, for example, in July 2020, the CBIRC promulgated the Interim Measures for the Administration of Internet Loans of Commercial Banks, which sets forth a number of restrictions on pure online lending by commercial banks (eg, the maximum amount of unsecured personal loans for consumption purposes available to a single borrower is capped at CNY200,000, and the term is also capped at one year if the loan is scheduled to be repaid in a lump sum).
On 2 November 2020, the PBOC and the CBIRC jointly issued the draft Interim Administrative Measures on Online Microloan Operations, which aims to place restrictions specifically on online microloan business, such as that operated by Ant Financial, and essentially regulates online microloan companies as quasi banks. For example, these draft measures propose to limit the operations of online microloan lenders to the province in which they are registered, except with prior approval from the State Council. Moreover, the total aggregate online microloan balance for natural persons in China would be limited to CNY300,000 or one third of the average annual income of such persons for the past three years, whichever is lower; and the total aggregate online microloan balance for legal persons or other institutions would be limited to CNY1,000,000. Most importantly, an online microloan company would be restricted to borrowing no more than the equivalent of its net assets via shareholder loans or other “non-standard forms of financing”, and four times its net assets via bonds, asset securitisation products and other “standardised” debt assets; and it would not be able to sell any credit assets (ie, debt owed by borrowers) other than its own non-performing loans. This new rule is said to have been one of the causes for the last-minute suspension of the Shanghai-Hong Kong dual IPO of Ant Financial, previously scheduled for 5 November 2020.
Overall, we believe that the tighter regulatory environment will lead smaller players either to fold or to collaborate, and that several stable companies will eventually emerge and operate under heightened regulatory scrutiny.
Online Brokerage/Intelligent Investment Advisory Services
Long-standing regulation of intelligent investment advisory services
The Chinese fintech market has also seen the rise of a variety of intelligent investment advisory service providers, from online trading brokerage and information platforms, such as Tiger Brokers and Snowball, to robo-investment advisers and asset managers, such as Licai Mofang and Latte Bank. Unlike other fintech subsectors, intelligent investment advisory services are subject to an array of long-existing rules that restrict Chinese start-ups from directly engaging with end-users/investors. For example, the China Securities Regulatory Commission (CSRC) promulgated its Interim Rules on Strengthening Supervision of the Use of “Stock Recommendation Software”back in 2013, which defines “Stock Recommendation Software” as a type of software that provides securities investment advisory services to investors. This categorisation makes the use of “Stock Recommendation Software” subject to the CSRC’s overarching regulations on offering investment advisory services, which requires a securities investment adviser licence. Likewise, the online sale of securities products (such as interests in public securities funds) has been classified as CSRC-regulated fund-selling services, which requires a fund distribution licence (notably, Chinese fintech giants, such as Baidu, Tencent and Alibaba, all acquired such a licence by the end of 2018).
Regulation of securities businesses
In 2020, the Securities Lawof the People’s Republic of China was amended. This law governs securities businesses in the PRC, including securities brokerage, futures brokerage, stock option brokerage, and securities and futures investment consulting services. As a general matter, operating such businesses requires a securities brokerage licence or certain other approvals from the CSRC. These reiterated licence requirements further strengthened the regulator's position to require internet securities brokers, such as Tiger Security and intelligent investment advisers, to refrain from conducting regulated services until they satisfy the regulatory and licence requirements.
Also in 2020, the CSRC released the draft Administrative Measures on Securities Fund Investment Advisory Business, which sets out certain requirements for Chinese and foreign shareholders of securities fund investment advisers. More generally, it also prohibits securities fund investment advisers from providing advisory services in relation to securities, structured products, derivatives and other high-risk assets to investors other than professional investors. If a non-professional investor insists on receiving such services, the advisers should, among other things, keep record of all procedures in relation to such services if the services are rendered via the internet.
Given the increasingly tightened regulatory and licensing hurdles within China’s online brokerage/investment advisory services space, it is not easy for start-ups to offer or directly participate in brokerage/intelligent advisory services within China without appropriate financial licences. Instead, we have seen a number of companies opt to provide such services in co-operation with licensed financial institutions, or even attempt to acquire certain licence holders, in China and other jurisdictions.
Blockchain and Cryptocurrency
CAC guidelines for providers of non-cryptocurrency, blockchain-based services
Chinese regulators have exhibited a divided attitude when it comes to blockchain technologies and cryptocurrency exchange and initial coin offerings (ICOs) in China. On the one hand, the benefits of the wider integration of blockchain applications in the fintech sector and overall Chinese economy have been recognised and even encouraged at the highest levels of the Chinese government. On 10 January 2019, the Cyberspace Administration of China (CAC) issued the Provisions on Administration of Blockchain-Based Information Services, which set clear procedural guidelines for providers of non-cryptocurrency, blockchain-based services within China, including a mandatory filing with the CAC in relation to blockchain service providers, a reporting obligation to the CAC before launching any new products, and a mandatory security assessment for such products. Consequently, the CAC has publicly noted that a total of 1,015 blockchain information services projects were registered by 30 October 2020.
PBOC initiative and Central Bank Digital Currency
In addition to the CAC’s regulatory framework, the PBOC has also undertaken a large-scale initiative to develop a blockchain-based, interbank trade finance platform in China, which has reportedly been accelerated since President Xi Jinping expressed his support of blockchain technologies at a public speech on 24 October 2019. The Supreme People’s Court has also ruled that blockchain evidence is a legally admissible form of evidence in Chinese courts. And, as is well known, especially since 2020, the Chinese government is keen to promote its Central Bank Digital Currency (CBDC), which is currently in the trial stage in the Greater Bay Area, the Beijing-Tianjin-Hebei region, the Yangtze River Delta region, and certain other cities in the middle and west of China, covering some of the most economically dynamic cities in China.
Chinese government's crackdown on cryptocurrency and illegal blockchain activities
On the other hand, the Chinese government has taken a hard line against private cryptocurrencies and ICO fund-raising. In 2017, regulators instituted an outright ban on cryptocurrency exchanges and ICOs in China, and also imposed severe restrictions on the use of cryptocurrencies and relevant trading services. This continued in 2020, as both the PBOC and a government group working on internet financial risk rectification announced an “all around” crackdown on cryptocurrency and illegal blockchain activities. Although some market players have continued to conduct limited cryptocurrency operations in China, these actions have attracted increased government scrutiny, with regulators vowing to impose additional restrictions and strengthened monitoring of cryptocurrency-related activities throughout the near future. What is more, the National Internet Finance Association of China, known as "NIFA" (an industry self-disciplinary organisation for internet financing activities approved by the Chinese government) issued a Notice on Risks Relating to Participation in Investment and Trading via Foreign Virtual Currency Trading Platforms, requiring its members not to provide any convenience for such cross-border investment and trading of cryptocurrencies. It is also reported that since 2019, the Chinese police force have arrested over 500 people involved in criminal and fraudulent activities related to cryptocurrency.
Curb on growth or aid to greater growth?
Fintech is also facing cybersecurity challenges, with the rise of cyber-financial crimes in which hackers backed by criminal organisations establish offshore servers to hack into systems to steal money or to destroy the reliability and credibility of such systems. Although it has added another layer of complexity, it is important for fintech firms to take a preventative approach towards cybersecurity. For example, new generation ATMs have a much higher level of connectivity with mobile integration and face recognition, which makes them more vulnerable to software-based attacks and theft of customer card data. As such, the growing cybersecurity framework (intended to combat such issues) can be viewed as a potential curb on the growth of fintech businesses, via compliance requirements, or as an aid to their safe, stable and ultimately greater growth. On 1 June 2017, the Cybersecurity Law of the People’s Republic of China (“Cybersecurity Law”) came into effect as the first national-level law to address cybersecurity and data privacy protection issues. In 2020, the most notable further legislative developments were the Measures for Cybersecurity Review,officially released on 13 April 2020, and the draft Personal Information Protection Law of the People’s Republic of China (“PI Protection Law”) and draft Data Protection Law of the People’s Republic of China (“Draft Data Security Law”). In addition, although not mandatory or legally enforceable, the standardisation organisations in China, such as the National Information Security Standardisation Technical Committee, have also contributed a number of national and industrial standards to the cybersecurity domain.
The draft PI Protection Law
The draft PI Protection Law’s 70 articles comprise both high-level and specific rules for a broad range of issues related to the processing of personal information of individuals. On the one hand, its coverage overlaps with several laws, regulations, recommended national standards, etc promulgated in the last few years, such as the Cybersecurity Law, the Civil Code of the People’s Republic of China, and the Information Security Technology-Personal Information Security Specification, and thus it may serve as a synthesis of rules, and will supersede existing rules that conflict with the draft PI Protection Law. On the other hand, it both contains new or extended rules and leaves some aspects of the protection of personal information to other sets of rules, including the draft Data Security Law. Furthermore, even if the draft PI Protection Law is promulgated substantially in its present form, its use will be limited until implementing rules are issued to further guide regulators, businesses, and private individuals.
Despite all these legislative moves, due to the fast-paced development of China’s fintech industry, considerable uncertainty still remains as to how the Cybersecurity Law is being or will be applied in the fintech sector and what practical steps need to be taken to be compliant.
The Chinese fintech space continues to present a fertile ground for further advancements to this important global technology, thereby providing unique opportunities for entrepreneurs and established participants. At the same time, as government regulations concerning the Chinese fintech industry and wider cybersecurity considerations in China continue to formalise over time, this increasingly intricate web of laws and regulations may present some operational challenges, and will surely and constantly shape/reshape fintech’s development in China long into the future. Although there may be growing pains in this process, we ultimately view this as a healthy situation: ensuring that China adopts the best global standards in cybersecurity and data-handling practices, while encouraging further innovations that will keep China as a leading player in the fintech space for years to come.