The key phrase for the year 2021 in China is “New Normal”: as the Chinese economy continues to grow despite the continuation of the COVID-19 pandemic and geopolitical tensions, the fintech sector in China also saw good growth. It is also expected that the regulators will continue to strengthen their supervision of the fintech market in the coming years, while still encouraging innovation, especially in risk prevention in the long term. However, the fintech market in China remains dynamic, with increasingly diversified market players, and the prospects are still broad. As new infrastructure has risen to the height of China’s national strategy, the deep integration of artificial intelligence, blockchain technology, cloud computing and big data will continue to promote the development of fintech into a new stage. The business model may be reshaped so as to better serve the real economy and inclusive finance.
The current predominant business model of fintech in China is still internet finance. The traditional financial institutions (eg, banks, securities firms and insurance companies) and innovative internet companies (third-party payment service companies, internet lending service providers, etc) provide their financial products by using new hi-tech tools, eg, big data, cloud computing or even robotic process automation, to approach and serve their customers more efficiently and reduce their exposure to risk.
Like most of the countries in the world, China has not set up or appointed an independent supervisory authority for the regulation of the fintech industry.
Rather, the relevant businesses of the fintech industry, based on the specific attributes of corresponding financial services, are subject to the supervision of the traditional financial regulatory authorities. In particular, the China Banking and Insurance Regulatory Commission (CBIRC) is responsible for the supervision of fintech businesses that rely on services provided by commercial banks (eg, internet banking, internet lending, and P2P lending) and insurance companies (such as internet insurance), and services similar to these, even if provided by others. The China Securities Regulatory Commission (CSRC) is responsible for the supervision of fintech businesses that are related to investments in the securities markets, such as internet funds, internet securities, and intelligent investment advisers. The People's Bank of China (PBOC) is responsible for the supervision of fintech businesses related to the issuance, circulation and clearing/settlement of currencies, such as third-party payment services and digital currency.
In addition, the local governments in China also play an important role in regulating the fintech industry. For P2P platforms and other “quasi-financial businesses” such as financing leasing, financing guarantee and factoring, the traditional financial regulatory authorities (ie, the CBIRC, CSRC and PBOC) usually will not be directly involved in regulation, but will delegate relevant regulatory authority to the local financial regulatory bureaus of local governments.
Following the principle of “separate supervision”, the PBOC plays a leading and co-ordinating role among the regulatory authorities in the supervision of the fintech industry, and controls the development direction and supervisory approach to the fintech industry from a more macroscopic perspective. For instance, the Guiding Opinions on Promoting the Healthy Development of Internet Finance (“Internet Finance Development Opinions”) issued in July 2015 by ten ministries led by the PBOC, as well as the Fintech Development Plan (2019–21) issued by the PBOC in 2019, both provide macro guidance on the regulation and development of the fintech industry based on market practice at the time.
In order to regulate the development and application of fintech in the financial services industry, the Chinese government has issued a series of policies and regulations in recent years. The basic principle is that fintech should be used as a technical tool to promote the innovation and development of the financial services industry. The relevant policies and regulations mainly include the macro policies and the regulations for each subdivided field of the fintech industry (see below).
Major Macro Policies
The PBOC is responsible for leading the formulation of fintech’s macro policies in China. These are intended to provide guidelines and plans for the development of fintech, the most recent and important of which is the Fintech Development Plan (2022–25), promulgated in January 2022, based on China’s 14th Five-Year Plan (2021–25) for National Economic and Social Development and Vision 2035.
Major Regulations in Subdivided Fields
The Chinese government has attached great importance to emerging technologies, especially for “cloud computing”, “internet plus”, “big data” and “artificial intelligence”. For each of the aforementioned technologies, the State Council has issued corresponding policies for guidance, mainly including:
With respect to the application of fintech in the financial services industry, the Chinese financial regulatory authorities have issued a series of rules which can be divided into three categories.
Regulations relating to the new business model developed by traditional financial institutions with fintech
Regulations relating to the new types of institutions utilising fintech
The latest one is the draft Administrative Measures for the Online Micro-lending Business, which was promulgated by the CBIRC for public opinion at the end of 2020.
Regulations in relation to common issues arising from the application of fintech
In addition to the regulations listed above, the Chinese financial regulatory authorities have also promulgated a myriad of rules on particular financial service aspects, including online fund sales business, loan facilitation services, internet wealth management and digital currency.
It is worth noting that the PBOC issued a notice in December 2019, announcing that the first pilot scheme of fintech innovation supervision (ie, a sandbox regulatory mechanism) would be launched in Beijing. In April 2020, it was announced that the pilot scheme had been expanded to six regions, Shanghai, Chongqing, Shenzhen, Hebei Xiong’an New District, Hangzhou and Suzhou. Meanwhile, in April 2020, four Chinese government departments, led by the PBOC, issued the Opinions on Financial Support for the Construction of the Guangdong-Hong Kong-Macao Greater Bay Area, in which the mechanism “to study and establish a cross-border financial innovation regulatory ‘sandbox’” was proposed, and it is also the first time that the concept of “sandbox regulation” has been directly referred to in Chinese financial regulatory rules. In October 2021, the PBOC and the Hong Kong Monetary Authority signed the Memorandum of Understanding on Fintech Innovation Supervisory Cooperation in the Guangdong-Hong Kong-Macao Greater Bay Area.
The following compensation models are observed in market practice:
In each compensation model, a clear rate of service charge must be notified to customers/users in advance, with a written or electronic record of charges provided later.
Legacy players, such as commercial banks, securities firms and insurance companies, are highly regulated in China. Chinese regulators are in the process of setting up a licensing system and adopting new regulatory models with respect to fintech industry participants in innovative practice areas. Take the third-party payment industry: any fintech company involved in payment settlement business is required to obtain a third-party payment licence, compared with legacy players that are not required to do so to conduct payment business given that they are licensed to perform traditional banking services.
Regulatory sandboxes provide regulators with a controlled and supervised environment in which to test innovative products, services or business models without systematic risks. These trial projects form part of China’s Fintech Development Plan (2019–21). The fintech regulatory trials test the best regulatory methods and provide corresponding space and system guarantees for fintech innovations based on the “regulatory sandbox” regulation model.
In mid-January 2020, the PBOC announced the first batch of trial applications in Beijing. In late April, the PBOC extended the sandbox experimental cities to Shanghai, Chongqing, Shenzhen, Hangzhou and Suzhou, as well as the Xiong’an New Area, a much-anticipated new economic zone. In July 2020, Guangzhou and Chengdu were included in the sandbox experimental cities by the PBOC. Since 2021, the PBOC is gradually expanding the regions adopting the sandbox mechanism, and it is expected that the first group of fintech technologies successfully completing the sandbox test will be made available to the market soon.
There is no single regulatory body responsible for the regulation of fintech products and services. Different fintech services and products are regulated by different regulatory bodies, such as the PBOC, CBIRC and CSRC. Other than these three major regulators, some other regulators are involved in certain particular situations:
Given that the financial industry is a highly regulated area in China, only a small number of non-material functions of China regulators are outsourced to relevant industry associations, such as the Payment & Clearing Association of China (PCAC), including self-discipline measures, launches of pilot programs and formulation of technical guidelines, standards or rules. Each relevant industry association, being authorised by the competent regulators, has its own charters, self-discipline conventions, rules and regulations governing all its members and their activities.
Different participants in the fintech industry may be subject to different kinds of liability. For fund administrators, the Securities Investment Law of the People’s Republic of China and the Provisional Rules on Supervision and Administration of the Private Equity Investment Fund ("PE Fund Rules") provide that the fund administrator should disclose material information that may have a substantial impact on the lawful interests of the investors, and should not withhold information or provide false information. The operators of any platform (eg, a financial research platform) are required to block, delete and report any improper, suspicious or unlawful behaviour, keep relevant records of such behaviour and report the same to the regulatory authorities.
In 2020, the Chinese government continued the campaign against irregularities in P2P lending and online small loans. The shutdown of most small-to-medium-sized players shows China’s concerns regarding the disorder of this market and the government's ability to enforce the law firmly and quickly. In addition, Chinese regulators curbed the “reckless” push of technology firms into finance, taking aim at a sector where lax oversight fuelled breakneck growth for companies such as Ant Group Co and Tencent Holdings Ltd’s Wechat Pay.
In March 2021, the CBIRC, PBOC and three other authorities jointly issued the Notice Concerning Further Standardising Supervisory and Regulatory Work for University Student Online Consumer Loans, aiming to crack down on the growing online lending operation targeting university students, who are traditionally considered “vulnerable” to unregulated online borrowing.
Since May 2021, the Chinese government launched a series of policies and campaigns to crack down on cryptomining operations in China, at the height of which, in September 2021, the National Development and Reform Commission, the PBRC, and another nine authorities jointly issued the Notice on Regulating Virtual Currency “Mining” Activities. Consequently, China's traditional crypto “mining hub” regions and provinces, such as Inner Mongolia, Qinghai, Yunnan and Sichuan, all announced campaigns to ban new mining projects, to order existing mining operations to close, and to require power plants to cut off power supply to suspected mining operations. The crackdown is said to have led to nearly 70% of the world’s mining capacities going offline, at least for some time, before being moved to jurisdictions that still allow cryptomining.
In October 2021, the standing committee issued the draft Amendment to the Anti-Monopoly Law for public opinion. The draft proposes to further strengthen the supervision of the underlying ecology of the entire digital economy along with the Anti-monopoly Guidelines on Platform Economy issued by the Anti-monopoly Commission of the State Council.
2021 has seen a series of new laws and regulations on personal information protection and cybersecurity, which are also crucial topics in the fintech domain, including:
In May 2021, China’s Supreme People’s Court amended the Regulations on the Prevention and Treatment of Illegal Fund-raising, requiring relevant governmental departments to actively and timely investigate and identify illegal fund-raising activities “in the name of virtual currency”. Thereafter, the Interpretation of the Supreme People's Court of Several Issues on the Specific Application of Law in the Handling of Criminal Cases about Illegal Fund-raising was amended (on 23 February 2022). The amended interpretation further expressly provides that the “trade of virtual currency” as a way of illegal fund-raising may be considered a crime under PRC criminal law. Therefore, the legal risks associated with the trade of cryptocurrency in the PRC market are further escalated.
The National Internet Finance Association of China (NIFA) is recognised as the first nationwide self-regulatory organisation of the internet financial industry. The NIFA is tasked by the PBOC to conduct a filing for mobile financial client applications ("Financial Mobile Apps") such as mobile banking applications and securities trading applications. By February 2022, the NIFA had conducted filings for over 20 batches of Finical Mobile Apps.
Online customer-directing platforms for financial products are good examples of the conjunction of unregulated and regulated products. The sale of financial products through the internet is regulated, but the provision of product information is not regulated by financial regulators. In such business models, platform operators enter into co-operation or service agreements with financial product providers that are regulated. When clicking the button shown on the interface of platforms, users are redirected to the websites of the financial product providers or the display pages of the financial products. The financial product providers will pay the platform operators' commission or a technical service fee based on the agreement between them if users are successfully directed to the said websites/pages.
In practice, different local regulators have different attitudes towards this kind of business model, and it is uncertain as to whether this business model will be subject to regulation by financial supervision in the future. However, there is a trend for regulation in this regard to be tightened to prevent the sale of financial products by a technology company without a competent sales permit.
The PBOC issued the Measures for the Supervision and Administration of Combating Money Laundering and Financing of Terrorism by Financial Institutions in 2021, and jointly with the CSRC and the CBIRC issued the Administrative Measures for Customer Due Diligence and Preservation of Customer Identity Information and Transaction Records of Financial Institutions in 2022. Both measures cover only regulated entities, ie, they do not cover entities that are not considered regulated financial institutions in the Chinese market.
The above said, under China’s highly regulated financial regime, there are comparatively few categories of fintech companies that are not regulated. Most fintech companies operating in compliance with PRC laws are required to hold at least one or two financial permits or licences, eg, the payment licence, the investment advisor licence, and the mutual fund manager permit. These regulated entities must comply with all the AML rules in the PRC, and the regulatory hurdle is further heightened by the above-mentioned measures.
China-based robo-advisers tend to be more restricted, compared with robo-advisers in other jurisdictions. Robo-advisers in China typically provide portfolio recommendations, but the investment decisions ultimately have to be undertaken by users due to regulatory limitations.
Pilot Mutual Funds Advisory Scheme
China's pilot launch of a mutual funds advisory scheme in October 2019 may, however, ease this restriction. The scheme will allow asset managers and fund distributors to provide customised investment advice and maintain discretionary control over clients' investment portfolios, which will be constructed with publicly offered mutual funds. Robo-advisers operating under this scheme will therefore be allowed to execute trades automatically without requiring client consent each time, providing a more seamless experience for users.
The CSRC launched the scheme with the aim of promoting an alignment of interests between investors and fund distributors. Traditionally, China's asset management industry has been sales-oriented, as fund distributors generate revenue from transaction fees on the products they sell. This scheme will see a shift towards a fee-based advisory model, with providers charging a fee of no more than 5% of a client's net asset values in exchange for providing asset allocation services tailored to that customer's financial needs.
In November 2021, the CSRC issued a Notice on Regulation of Fund Investment Advisory Activities, which requires fund distributors to refrain from controlling clients' investment portfolios unless they are qualified to do so pursuant to the mutual funds advisory scheme. As a result, many banks and other fund distributors stopped providing quasi-advisory services such as “one-stop fund selector” to clients purchasing mutual funds.
Though the concept of robo-advisers was first acknowledged by regulators under the Guiding Opinions on Regulating the Asset Management Business of Financial Institutions jointly issued by the PBOC, CSRC, CBIRC and SAIF on 17 April 2018, to date China has not adopted any specific robo-adviser laws or regulations regarding the best execution of customer trades.
See 3.2 Legacy Players' Implementation of Solutions Introduced by Robo-Advisers.
From a business perspective, different loan providers target different loan borrowers based on risk appetite. For example, online lending platforms operated by traditional commercial banks tend to issue loans to small business owners, while other online lending platforms, operated by non-bank entities (like Ant Financial or JD), tend to target individual borrowers, capitalising on different risk assessment methods, eg, certain online lending platforms have access to the online shopping history of individual borrowers, and use this to analyse their consumption curve changes and assess the potential risks.
From a legal perspective, however, there is no clear line drawn between individual borrowers or small business owner borrowers, as the Interim Measures for the Administration of the Business Activities of Online Lending Information Intermediary Institutions, jointly issued by the CBIRC, MIIT, CAC and MPS on 17 August 2016 (“Interim Measures of Online Lending Intermediaries”), has set the framework of regulation on online lending platforms without expressly categorising loans vis-à-vis individuals or entities.
Online lending platforms are generally considered as intermediaries that collect basic personal information about borrowers, categorise the information with repayment capacity and provide lenders with such standardised information. Paipai Dai is a leading company that adopts this business model.
Other underwriting models previously existed, eg, with platforms acting as guarantors, providing a guarantee on the repayment of loans, or as creditors, collecting proceeds from investors or repurchasing debt from individual lenders. However, these business models have been prohibited by the Interim Measures of Online Lending Intermediaries since 2016.
P2P lending refers to technology-based platforms that allow investors to participate as investors in loan assets, with a direct claim on payments of interest and repayments of principal. The platform itself has no claim on these payments, but instead earns fees for related services, including the assessment of credit risk, the matching of investors with borrowers, and the servicing of loans, including the collection and allocation of payments of interest and principal. It is understood that there were virtually no pure P2P lending companies left in operation in China by the end of 2021.
Online lending platforms have been prohibited from being involved in the securitisation business since 2016, according to the Interim Measures of Online Lending Intermediaries, although they seek to circumvent such regulation in various ways.
With the concern that online lending platforms may engage in illegal fund-raising and misuse of proceeds, licences are required for various aspects of online lending, and co-operation with third-party institutions is restrained.
It is rare to see syndications used in the online lending business. The more common approach is for online lending firms to provide analyses of borrower information to be assessed by other participants, such as commercial banks, and such participants will provide funds for such borrowers in return.
Payment processors (eg, traditional commercials banks and innovative payment service providers like Alipay Pay and WeChat Pay) in China must use payment rails that are managed by certain licensed entities. Those payment processors are not allowed to create new payment rails on their own. Currently, available payment rails include the payment processing platforms managed by China UnionPay and China Nets Union. China UnionPay is a bridge connecting all sorts of banks. China Nets Union is an online payment clearing platform for non-bank payment institutions, mainly to provide unified and public payment clearing services for online payments. Since China Nets Union only serves as a clearing platform, it connects the licensed payment processors and the banking system.
Cross-border payments and remittance are highly regulated in China. The major regulators are the PBOC and the State Administration of Foreign Exchange (SAFE). The PBOC regulates cross-border payments in offshore RMB carried out by banks and licensed payment processors. SAFE regulates cross-border payments in foreign exchange carried out by banks and licensed payment processors (which obtain the special permit necessary to engage in foreign exchange cross-border payment businesses issued by SAFE).
Fund administrators are classified as those that manage publicly-offered funds (“public fund administrators”) and those that manage private equity funds (“private fund administrators”). Public fund administrators are subject to approval by the CSRC while private fund administrators used to be subject only to registration/filing with the China Securities Investment Funds Association. The CSRC officially took responsibility to supervise and regulate private fund administrators after the Interim Measures for the Supervision and Administration of Private Investment Funds came into effect in August 2014, which laid down the current regulatory system on private investment funds.
On 31 July 2020, the CSRC released the draft Measures for the Supervision and Administration of Publicly Offered Securities Investment Fund Managers. These new regulations mainly raise the financial requirements of fund company shareholders on the entry threshold and require long-term fund performance as a core assessment indicator in corporate governance. These revisions mainly focus on the following:
On 23 December 2019, the Asset Management Association of China (AMAC) released the Instructions for the Record-filing of Private Investment Funds, aiming to reinforce the requirements previously requested by the CSRC, issued in April 2018, and supplementing specific requirements of AMAC.
In China, fund advisers are purely advisory entities that give investment advice and do not have a responsibility to supervise fund administrators. Under the Securities Investment Law of the People’s Republic of China, the fund trustee is responsible for supervising the fund administrator. In 2020, the CSRC released the draft Administrative Measures on Securities Fund Investment Advisory Business, which sets out certain requirements for Chinese and foreign shareholders of securities fund investment advisers. More generally, it also prohibits securities fund investment advisers from providing advisory services in relation to securities, structured products, derivatives and other high-risk assets to investors other than professional investors. If a non-professional investor insists on receiving such services, the advisers should, among other things, keep records of all procedures in relation to such services if the services are rendered via the internet.
The current major trading platforms nationwide include the following:
The regulatory approach in China is functional regulation, under which different products and platforms are subject to differing supervision by regulators categorised with different asset classes. As set out in 7.1 Permissible Trading Platforms, various regulatory regimes are involved with respect to separate asset classes and services. In other words, multiple licences may be required if a financial services provider engages in business relating to several different types of asset classes. For example, for the sale of insurance, insurance broker licences are required, while for the securities and futures business, operating licences for securities and futures are required.
As an entirely new genre of intangible asset, the emergence of cryptocurrency calls for an upgrading of the technology used in the regulation and innovation of legal theories to incorporate cryptocurrency properly into the existing regulatory system. Uncertainty regarding cryptocurrency and consumer protection in the trading process, and concerns regarding anti-money laundering, have been the major issues addressed by the regulatory authorities.
In September 2017, China officially declared fund-raising through cryptocurrencies and initial coin offerings (ICOs) illegal and shut down platforms facilitating such trades. On 24 August 2018, the CBIRC, PBOC, MPS and two other cabinet-level authorities jointly issued the Notice on the Risks of Illegal Fund-Raising, which used the terms “cryptocurrency” and “blockchain” and warned investors of the risk of Ponzi schemes in such deals. However, the PBOC is moving quickly in researching and developing China’s own Central Bank Digital Currency (CBDC) in reaction to challenges that cryptocurrencies may bring about.
Pursuant to the Measures for the Administration of Initial Public Offerings and Listing of Stocks (2018 Amendment) issued by the CSRC and the relevant listing rules of the Shanghai Stock Exchange and Shenzhen Stock Exchange, there are no IPO requirements specifically for fintech companies. However, certain general standards apply for an IPO of a fintech company, eg, there must have been no major change regarding an issuer's ultimate controller, main business, directors or senior managers within the last three years; the total share capital of the issuer prior to the IPO must be no less than CNY30 million; certain finial requirements of net profit and net cash flow, etc.
In 2021, China launched its third stock exchange, the Beijing Stock Exchange. While conforming to the above-mentioned listing requirements, the Beijing Stock Exchange requires that a listing company must have already been listed on the NEEQ (China’s OTC trading platform) continuously for over 12 months.
Order handling rules also apply in China. The practice in China is that the centralised competitive bidding in securities trading follows the principle of price preference and time preference, ie, a higher purchase-price bid will be accepted in priority to a lower purchase-price bid by the securities trading system, while a lower selling-price ask will be accepted in priority to a higher selling-price ask. In the event that the same purchase prices or selling prices are offered, the price that comes first will be accepted by the securities trading system.
Compared with traditional commercial banks, P2P trading platforms adopt more simplified credit review procedures and offer much faster speeds of loan issuance. Therefore, they used to attract a huge number of small loans for individuals, and were replacing commercial banks as a major provider of small loans for individuals before 2018. However, the fast growth of P2P platforms brought the danger of illegal fund-raising, and the lack of a well-established personal credit system in China triggered a repayment crisis for many big P2P platforms, which posed a potential systematic risk to China’s financial system. Since 2018, the PBOC has been strengthening the regulatory requirements, and cracking down on illegal fund-raising activities jointly with other regulators, such as the MPS. It is understood that currently there are no pure P2P platforms in operation in China.
China has not adopted any specific laws and regulations regarding the best execution of customer trades.
The rules permitting or prohibiting payment for order flow are provided by the Regulations on the Supervision and Administration of Securities Companies (2014 Revision), issued by the State Council, which states that a securities company and its staff may not seek illicit profits from offering investment suggestions to their clients. It is suggested that payment for order flow is not permitted in China, but lawmakers have not put much focus on this issue yet.
China’s capital markets, when assessed in comparison with more mature markets and other emerging markets, still have to catch up on several fronts. China still needs to improve its capital markets in terms of overall scale, internal structure and market efficiency, improve the corporate governance of listed companies, enhance the international competitiveness of securities and futures firms, improve the efficiency and competitiveness of the exchanges, optimise market infrastructure as well as laws, rules and regulations, and provide more effective enforcement.
At present, China’s regulation of high-frequency trading is not labelled as such or centralised as a set of regulations specifically targeting such practices, but rather derives from more generic regulations about technical aspects of trading. For example, the Guidelines of the China Financial Futures Exchange on the Supervision and Controlling of Abnormal Futures Trading (for Trial Implementation), issued by the China Financial Futures Exchange in 2010, describes certain trading activities as abnormal trading and limits or forbids them, eg, when the number of cancellations for a single contract is more than 500, or the trading volume of a single contract is more than 1,000 lots in a single day.
China has no specific laws or regulations on registering as market makers when functioning in a principal capacity.
China has no specific laws or regulations in relation to the distinction between funds and dealers.
China has no specific laws or regulations on programmers and programming.
China has no specific laws or regulations on business operations of financial research platforms. However, as information service providers, financial research platforms are subject to laws and regulations regarding information services in the telecoms sector, and value-added telecoms licences may be required if such services are fee-based.
Pursuant to the Administrative Provisions on Financial Information Services, financial information services providers may not produce, publish or disseminate information that:
Any financial information service providers that violate the requirements above will be subject to various administrative penalties.
In addition, under the Criminal Law of the People’s Republic of China, it is a crime for anyone to disclose insider information, or use such information in trading, or use other non-insider internal information in trading, or create or spread securities or exchange-related false information, or manipulate a securities market or an exchange market with such information.
Under the telecoms and cybersecurity laws and regulations, operators of financial information platforms are requested to collect and verify the real name of the platform users before those users are allowed to use the platform and post any information. The users are aware of the fact and know that they can be traced if they post improper information or conversations.
In addition, at the request of government authorities, operators of financial information services must delete an improper conversation and report details about it to the authorities.
In China, the typical underwriting process of insurance is simple. A consumer will initiate the process by filling in an application form and, after the insurer gathers all the necessary information to evaluate the risk exposure, the insurance policy will be approved (or rejected). With the rising trend of insurtech, many insurance companies are beginning to offer insurance policies and complete the initial customer evaluation on online platforms. However, after online approval of the insurance policy, most insurance companies still require the insurance applicants to execute various contracts offline. Insurance regulators mainly implement exit management to strengthen the supervision of insurance products through monitoring during and after the event.
Under the Insurance Law of the People’s Republic of China, an insurer is forbidden to engage concurrently in the businesses of life insurance and property insurance. Correspondingly, there are two departments of CBIRC, the Property Insurance Regulatory Department and the Personal Insurance Regulatory Department, which separately regulate the business of insurance of persons and insurance of property. The rationale might be the concern that the proceeds received from personal insurance purchasers may be misappropriated to satisfy the huge need for cash in the property insurance business.
China has no specific law or regulations on regtech providers. However, the Chinese government embraces regtech as a good opportunity and method for making sure that fintech companies comply with the law. In 2017, the PBOC formed the Fintech Committee and announced its main purpose was to reinforce the research and application of regtech. In 2018, the CSRC pushed for the adoption of regtech measures amid broader efforts by Beijing to rein in the Chinese financial sector. In April 2020, the Beijing Fintech Industry League announced the founding of the Regtech Specialist Committee.
In June 2020, the CSRC announced the establishment of a new internal regtech office. The CSRC’s Tech Department will have the goal of creating a big data supervisory and regulatory system for Chinese capital markets that will incorporate various existing data sources. With encouragement from the government, regtech companies in China are expected to grow fast in the next couple of years, but as they help the regulators in monitoring the daily activities of fintech companies by tracing, collecting and processing data, the need for legislation to protect state secrets has become urgent. Furthermore, in the future where more powers are delegated to such regtech providers by the regulators, there will be more requirements of duties imposed on them by law.
When dealing or co-operating with a technology provider, financial services firms are always seeking contractual protection to safeguard their trade secrets, prevent leakage of customer information and ensure the satisfaction of all regulatory requirements on data compliance by the technology provider. For example, all data collected and processed by the technology provider must be uploaded and stored on the financial services firm’s own server and any data transmission to a third party or any unauthorised use without permission is forbidden. Some of those contractual terms are reflected in the regulations or technical norms of the relevant industry, in principle or in detail.
Currently, blockchain technology in China is mostly used in clearing, cross-border trade, supply chain, information identification and digital currency. For example, China Merchants Bank has built the "Blockchain Platform of China Merchants Bank Direct Payment" – the first commercial bank in China to apply blockchain technology in the fields of cross-border direct clearing and global cash management.
Blockchain technologies are generally permitted and even encouraged in China. A white paper published in October 2016 by the China Blockchain Technology and Industrial Development Forum, under the guidance of the MIIT, analysed the state of blockchain technology in China and its potential future applications, set out a roadmap for blockchain development in China and called for a formal set of national blockchain standards to provide industry guidance to existing and potential market players. To date, however, no blockchain-related standards have been released.
The Blockchain Services Provisions
On 10 January 2019, the CAC promulgated the Provisions on Administration of Blockchain-Based Information Services (the “Blockchain Services Provisions”), which represent the first administrative guidelines for providers of non-cryptocurrency, blockchain-based services in China. The Blockchain Services Provisions define blockchain-based service providers as entities or nodes that provide blockchain-based information services, or any institution or organisation that provides technological support to such entities (“blockchain service providers”). By the end of 2021, the CAC had publicly released 6 lists of over 1,000 registered blockchain services projects.
Responsibilities of Blockchain Service Providers
Under the Blockchain Services Provisions, blockchain service providers are responsible for information security and should build internal management systems for user registration, information censorship, emergency response and security protection. The Blockchain Services Provisions require blockchain service providers to conduct a record-filing with the CAC or its provincial-level branch to report certain key information, such as the type and scope of services, application sectors and server addresses, within ten business days after launching their services. Blockchain service providersare also required to undertake a security evaluation administered by the CAC or its provincial branches, and to authenticate the identities of their users based on ID card numbers, organisational codes (for PRC entities) or mobile phone numbers before providing services to such users, in accordance with the Cybersecurity Law of the People’s Republic of China.
Position of the Chinese Government
The Chinese government has taken a hard line against private cryptocurrencies and ICO fundraising. In 2017, regulators instituted an outright ban on cryptocurrency exchanges and ICOs in China, and also imposed severe restrictions on the use of cryptocurrencies and relevant trading services, which continued in 2020.
Blockchain assets (eg, bitcoin) are generally regarded as virtual property rather than “legal currency” protected by PRC law. However, the Civil Code of the People’s Republic of China, which entered into effect on 1 January 2021, provides for the first time that data and internet virtual property will be protected by law.
Though blockchain assets (eg, bitcoin) are now protected as virtual property in China, the issuance of blockchain assets by private issuers is forbidden. The PBOC has been actively promoting the public use of the virtual currency issued by the PBOC since 2020.
Blockchain asset trading platforms are banned in China.
No funds are allowed to invest in blockchain assets in China.
Private players are not allowed to issue virtual currencies. The PBOC is testing its virtual currency in four commercial banks in Shenzhen.
China has no specific laws and regulations against decentralised finance (“DeFi”) platforms.
As there are various types of NFTs in the market, there is a variety of legal treatment. However, as a general rule, NFTs designed in ways similar to virtual currencies or crypto tokens will likely be subject to China’s strict prohibition against trade of virtual tokens. As mentioned, China’s Supreme People’s Court recently expressly criminalised illegal fund-raising by way of trade of virtual currency, and therefore NFTs that are similar to virtual currencies also likely face huge legal risks in China. Conversely, NFTs that are designed as mere virtual collectibles and may not be traded as currency (but only as virtual items in meta/virtual worlds) are not likely regulated by any fintech-related regulation. The same goes for NFT trading platforms, as their legality under PRC law is largely dependent on what types of NFTs are traded on them.
Open banking is generally understood by the market as a system that provides software developers and related businesses with a network of financial institutions’ data, through the use of application programming interfaces (APIs), which are established on the notion that individuals or entities might be willing to share their banking transaction details with third-party developers of APIs so that the individual end-user may enjoy more advanced and cheaper financial services. Although there are no specialised mandates or API standards for open banking in China, Chinese law guides the growth of open banking by imposing specific restrictions on the sharing of bank customer data. Thus, China has not (yet) provided for system-wide open banking or equivalent mechanisms like the UK may have. It is likely that China’s approach to regulating open banking will be pragmatic and organic, allowing industries to develop through experimentation and stepping in to tackle problems as they appear.
Since the implementation of the Cybersecurity Law of the People’s Republic of China on 1 June 2017, the collection of individuals' personal information has been subject to stricter supervision, and the collection of financial data is the most sensitive category. For example, banks are required to guarantee the security of data during sharing, ie, the shared data should not be stolen or tampered with, and user privacy should be protected from infringement. In terms of authorisation scope and transparency, banks need to ensure that the shared data can only be utilised within the time and space authorised by the customer, and that customers understand what data they have shared, who is using the data, and what the risks are. Some major banks in China are beginning to develop some open banking services – for example, Shanghai Pudong Development Bank (SPDB) has developed its API Bank, through which SPDB has embedded its banking services into the Shanghai Port Service Office to process trade companies’ international payments or purchase orders online through the Shanghai Port Service Office platform in a matter of minutes – even if these banks are exposed to potential risks triggered by regulatory uncertainty regarding data and privacy protection.
In 2021, more legislation and regulation directly touching on fintech sectors was released than any previous year. The main areas affected were data security, payment services, online lending, and blockchain and cryptocurrency. These legal developments have run nearly in parallel with continued growth, in part fuelled by favourable government policies for specific innovation and applications, in China’s fintech market. Following these trends and developments may lead to greater opportunities (though possibly also risks) down the line.
The third-party (ie, non-bank) payment service market in China is a well-developed market. The People’s Bank of China (PBOC) serves as the key regulatory body of third-party payment activities in China, as it issues the third-party payment licence ("payment licence") that permits qualified parties to offer online, mobile and offline payment services. The PBOC previously restricted foreign-invested entities (FIEs) from obtaining payment licences. However, this changed with the issuance of the Announcement Regarding Certain Issues on Foreign Investment in Payment Institutions (the “Announcement”) by the PBOC in March 2018.
According to the Announcement, an FIE can qualify for a payment licence if it meets certain requirements – in fact, the same requirements that apply to domestic entities. Parties dealing with foreign currency or Chinese currency cross-border payments may need to obtain one or two additional licences:
Such legal developments no doubt played a role in China's significant market growth in the last few years. Among notable deals was PayPal’s 100% acquisition of GoPay (a PRC payment licence holder), consummating a 70% holding since 2019.
In April 2021, the PBOC, SAFE, and several other major regulatory bodies jointly issued the Opinions on Financial Support for Hainan's Comprehensive Deepening of Reform and Opening up, which expressly supports foreign payment institutions to apply for payment licenses in Hainan, as part of the continued effort to open up the financial market of Hainan, and it is expected that more payment institutions will enter the Chinese market.
Deposit of customer payment reserves
On 19 January 2021, the PBOC promulgated the Measures for the Deposit of Customer Payment Reserves by Non-banking Payment Institutions, which came into effect on 1 March 2021. These measures essentially require payment licence holders to deposit any customers' money reserved for payment transactions but not immediately paid (eg, until the transaction involving the payment is completed) each day into a designated bank account at the PBOC, and only settle payment transactions with other payment licence holders or banks via the PBOC account pursuant to the procedures set forth in these measures. There are a few limited exceptions where the payment licence holder may open depository accounts at a designated commercial bank for special payment reserve funds for cross-border CNY/foreign exchange payments, fund sale payments, pre-paid card payments, etc.
Elevated reporting obligations
On 20 July 2021, the PBOC promulgated the Administrative Measures for the Reporting of Major Events by Non-bank Payment Institutions, which require that non-bank payment institutions should timely and fully report important matters, including carrying out IPOs and share issuances of the institutions or their controlling shareholders (including through VIE structures), conducting innovative business or engaging in co-operation with other institutions (eg, co-operation with foreign institutions on cross-border payment business), investing in branches, subsidiaries, and other payment institutions in China and abroad, pledging equity or assets, providing security for other parties in excess of 30% of the net assets of the payment institution, investing in other entities in excess of 5% of the net assets of the payment institution, etc. After the crackdown on the Ant Financial IPO, it seems that the regulators are becoming increasingly concerned about IPOs and investments by and of Chinese payment institutions, in the PRC and in other jurisdictions.
Increased AML Obligations
The PBOC issued the Measures for the Supervision and Administration of Combating Money Laundering and Financing of Terrorism by Financial Institutions in 2021, and jointly with major regulators issued the Administrative Measures for Customer Due Diligence and Preservation of Customer Identity Information and Transaction Records of Financial Institutions in 2022. Both measures apply to all fintech businesses that require financial business permits, eg, online banking, online insurance, securities trading, fund sales agencies, and payment institutions, and raise more strict due diligence and record keeping requirements on them.
Further draft regulations
Finally, there are numerous rules intended to govern payment licence holders that remain in draft form, though they may officially be issued, in more-or-less their draft form, in the near future. Among them are the Regulations on Non-banking Payment Institutions (Draft for Comment) and the Administrative Measures for Industry Protection Funds of Non-banking Payment Institutions (Draft for Comment). While there is nothing revolutionary in these draft rules, they do send a well-orchestrated signal that the PBOC is actively working to establish a system to regulate payment licence holders based on the same standards as commercial banks and other financial institutions.
Another key subsector of the Chinese fintech market is comprised of the mosaic of online lending platforms that operate as intermediaries between lenders and borrowers, online microcredit companies providing direct lending, and auxiliary service providers such as intelligent individual credit rating services. The regulation of the online lending subsector is still generally in quite a juvenile stage compared to that of traditional financial institutions such as commercial banks, but the subsector has grown rapidly as Chinese consumers/borrowers seek substitutes to traditional banking and new methods of borrowing/lending. As a result, the market is currently witnessing a continuous evolution marked by major changes to relevant laws and regulations, as the regulators strive to tackle challenges posed by this dynamic and ever-growing subsector. In fact, a new set of rules released recently has been called “game-changing”.
The initial absence of regulations sparked the boom of the online lending market, but also gave rise to many scams and high-risk financial models. The most headline-grabbing case was Ezubao, in 2016, which was an online peer-to-peer (P2P) lending platform that promised double-digit annual returns to investors. However, the platform turned out to be a Ponzi scheme. After the Ezubao scandal, P2P platforms braced for the first wave of regulation intended to standardise the industry, which placed caps on the size of loans and forced lenders to use custodian banks to hold their deposits. To this day, however, the market has not seen a single P2P platform completing any official registration for such a platform, which would be considered de facto government approval for the business. By the end of 2021, it is said that there is not a single pure P2P lending platform that is still in operation.
Online direct lending and lending facilitation
The P2P platform may have just been the spark for the flame. Since about that time, the Chinese government and key regulatory authorities – including the PBOC, the Ministry of Industry and Information Technology (MIIT), the China Banking and Insurance Regulatory Commission (CBIRC, a combination of the former China Banking Regulatory Commission and the China Insurance Regulatory Commission), and other special regulatory task forces – have promulgated a number of laws, regulations and policies aimed at tightening the rules and supervision of various areas of the online lending industry.
During 2020 and 2021, the CBIRC promulgated the Interim Measures for the Administration of Internet Loans of Commercial Banks and the Notice on Further Regulating the Internet Loan Business of Commercial Banks, which working together set forth a number of restrictions on pure online lending by commercial banks (eg, the maximum amount of unsecured personal loans for consumption purposes available to a single borrower is capped at CNY200,000, and the term is also capped at one year if the loan is scheduled to be repaid in a lump sum).
On 2 November 2020, the PBOC and the CBIRC jointly issued the Interim Administrative Measures on Online Microloan Operations, which aims to place restrictions specifically on online microloan business, such as that operated by Ant Financial, and essentially regulates online microloan companies as quasi banks. For example, these draft measures propose to limit the operations of online microloan lenders to the province in which they are registered, except with prior approval from the State Council. Moreover, the total aggregate online microloan balance for natural persons in China would be limited to CNY300,000 or one third of the average annual income of such persons for the past three years, whichever is lower; and the total aggregate online microloan balance for legal persons or other institutions would be limited to CNY1,000,000.
Most importantly, an online microloan company would be restricted to borrowing no more than the equivalent of its net assets via shareholder loans or other “non-standard forms of financing”, and four times its net assets via bonds, asset securitisation products and other “standardised” debt assets; and it would not be able to sell any credit assets (ie, debt owed by borrowers) other than its own non-performing loans. This was said to have been one of the causes for the last-minute suspension of the Shanghai-Hong Kong dual IPO of Ant Financial in November 2020.
Overall, it is believed that the tighter regulatory environment will lead smaller players either to fold or to collaborate, and that several stable companies will eventually emerge and operate under heightened regulatory scrutiny.
Online Brokerage/Intelligent Investment Advisory Services
Long-standing regulation of intelligent investment advisory services
The Chinese fintech market has also seen the rise of a variety of intelligent investment advisory service providers, from online trading brokerage and information platforms, such as Tiger Brokers and Snowball, to robo-investment advisers and asset managers, such as Licai Mofang and Latte Bank. Unlike other fintech subsectors, intelligent investment advisory services are subject to an array of long-existing rules that restrict Chinese start-ups from directly engaging with end-users/investors. For example, the China Securities Regulatory Commission (CSRC) promulgated its Interim Rules on Strengthening Supervision of the Use of “Stock Recommendation Software” back in 2013, which defines the same as a type of software that provides securities investment advisory services to investors.
This categorisation makes the use of “stock recommendation software” subject to the CSRC’s overarching regulations on offering investment advisory services, which requires a securities investment adviser licence. Likewise, the online sale of securities products (such as interests in public securities funds) has been classified as CSRC-regulated fund-selling services, which requires a fund distribution licence (notably, Chinese fintech giants, such as Baidu, Tencent and Alibaba, all acquired such a licence by the end of 2018).
In October 2019, the CSRC launched a mutual funds advisory scheme that will allow asset managers and fund distributors to provide customised investment advice and maintain discretionary control over clients' investment portfolios, which will be constructed with publicly offered mutual funds. Thereafter, in November 2021, the CSRC required fund distributors to refrain from controlling clients' investment portfolios unless they are qualified to do so pursuant to the mutual funds advisory scheme. As a result, many banks and other fund distributors stopped providing quasi-advisory services such as “one-stop fund selector” to clients purchasing mutual funds. Apparently, the Chinese regulators do not consider robo-advisory services to be unregulated territory.
Regulation of securities businesses
The Securities Law of the People’s Republic of China, last amended in 2020, governs securities businesses in the PRC, including securities brokerage, futures brokerage, stock option brokerage, and securities and futures investment consulting services. As a general matter, operating such businesses requires a securities brokerage licence or certain other approvals from the CSRC. These reiterated licence requirements further strengthened the regulator's position to require internet securities brokers, such as Tiger Securities and intelligent investment advisers, to refrain from conducting regulated services until they satisfy the regulatory and licence requirements.
Also in 2020, the CSRC released the draft Administrative Measures on Securities Fund Investment Advisory Business, which sets out certain requirements for Chinese and foreign shareholders of securities fund investment advisers. More generally, it also prohibits securities fund investment advisers from providing advisory services in relation to securities, structured products, derivatives and other high-risk assets to investors other than professional investors. If a non-professional investor insists on receiving such services, the advisers should, among other things, keep records of all procedures in relation to such services if the services are rendered via the internet.
Given the increasingly tightened regulatory and licensing hurdles within China’s online brokerage/investment advisory services space, it is not easy for start-ups to offer or directly participate in brokerage/intelligent advisory services within China without appropriate financial licences. Instead, we have seen a number of companies opt to provide such services in co-operation with licensed financial institutions, or even attempt to acquire certain licence holders, in China and other jurisdictions.
Blockchain and Cryptocurrency
CAC guidelines for providers of non-cryptocurrency, blockchain-based services
Chinese regulators have exhibited a divided attitude when it comes to blockchain technologies and cryptocurrency exchange and initial coin offerings (ICOs) in China. On the one hand, the benefits of the wider integration of blockchain applications in the fintech sector and overall Chinese economy have been recognised and even encouraged at the highest levels of the Chinese government. On 10 January 2019, the Cyberspace Administration of China (CAC) issued the Provisions on Administration of Blockchain-Based Information Services, which set clear procedural guidelines for providers of non-cryptocurrency, blockchain-based services within China, including a mandatory filing with the CAC in relation to blockchain service providers, a reporting obligation to the CAC before launching any new products, and a mandatory security assessment for such products.
PBOC initiative and Central Bank Digital Currency
In addition to the CAC’s regulatory framework, the PBOC has also undertaken a large-scale initiative to develop a blockchain-based, interbank trade finance platform in China, which has reportedly been accelerated since President Xi Jinping expressed his support of blockchain technologies at a public speech on 24 October 2019. The Supreme People’s Court has also ruled that blockchain evidence is a legally admissible form of evidence in Chinese courts. And, as is well known, especially since 2020, the Chinese government is keen to promote its Central Bank Digital Currency (CBDC) in a number of pilot areas in China.
Chinese government's crackdown on cryptocurrency and illegal blockchain activities
The Chinese government has taken a hard line against private cryptocurrencies and ICO fund-raising. In 2017, regulators instituted an outright ban on cryptocurrency exchanges and ICOs in China, and also imposed severe restrictions on the use of cryptocurrencies and relevant trading services. This continued in 2020, as both the PBOC and a government group working on internet financial risk rectification announced an “all around” crackdown on cryptocurrency and illegal blockchain activities.
Although some market players have continued to conduct limited cryptocurrency operations in China, these actions have attracted increased government scrutiny, with regulators vowing to impose additional restrictions and strengthened monitoring of cryptocurrency-related activities throughout the near future. What is more, the National Internet Finance Association of China, known as "NIFA" (an industry self-disciplinary organisation for internet financing activities approved by the Chinese government) issued a Notice on Risks Relating to Participation in Investment and Trading via Foreign Virtual Currency Trading Platforms, requiring its members not to provide any convenience for such cross-border investment and trading of cryptocurrencies. It is also reported that since 2019, Chinese police forces have arrested over 500 people involved in criminal and fraudulent activities related to cryptocurrency.
Potentially criminalising virtual currency trade
Recently, the Interpretation of the Supreme People's Court of Several Issues on the Specific Application of Law in the Handling of Criminal Cases about Illegal Fund-raising on 23 February 2022 was amended. The amended interpretation further expressly provides that the “trade of virtual currency” as a means of illegal fund-raising may be considered a crime under PRC law. Therefore ICOs, ITOs and other types of fundraising activities utilising virtual currencies may be criminalised in China. Furthermore, NFTs that are offered and traded in a way similar to virtual currencies may also face similar risks.
Financial mobile apps filing
Since 2021, the NIFA has been tasked by the PBOC to conduct a filing for mobile financial client applications ("financial mobile apps") such as mobile banking applications and securities trading applications. By February 2022, the NIFA had conducted filings for over 20 batches of financial mobile apps. It is currently unclear if an app without the NIFA filing, eg, if it is not operated by a PRC entity or if the operating entity lacks necessary permits, would face difficulties, eg, in being made available on app stores.
Curb on growth or aid to greater growth?
Fintech is also facing cybersecurity challenges, with the rise of cyber-financial crimes in which hackers backed by criminal organisations establish offshore servers to hack into systems to steal money or to destroy the reliability and credibility of such systems. Although it has added another layer of complexity, it is important for fintech firms to take a preventative approach towards cybersecurity. For example, new generation ATMs have a much higher level of connectivity with mobile integration and face recognition, which makes them more vulnerable to software-based attacks and theft of customer card data. As such, the growing cybersecurity framework (intended to combat such issues) can be viewed as a potential curb on the growth of fintech businesses, via compliance requirements, or as an aid to their safe, stable and ultimately greater growth.
On 1 June 2017, the Cybersecurity Law of the People’s Republic of China (the “Cybersecurity Law”) came into effect as the first national-level law to address cybersecurity and data privacy protection issues. In 2020, the most notable further legislative developments were the Measures for Cybersecurity Review, officially released on 13 April 2020, and the Personal Information Protection Law of the People’s Republic of China (the “PI Protection Law”) and the Data Security Law of the People’s Republic of China (the “Data Security Law”), both enacted in 2021. In addition, although not mandatory or legally enforceable, the standardisation organisations in China, such as the National Information Security Standardisation Technical Committee, have also contributed a number of national and industrial standards to the cybersecurity domain.
The PI Protection Law
The PI Protection Law’s 74 articles comprise both high-level and specific rules for a broad range of issues related to the processing of personal information of individuals. On the one hand, its coverage overlaps with several laws, regulations, recommended national standards, etc, promulgated in the last few years, such as the Cybersecurity Law, the Civil Code of the People’s Republic of China, and the Information Security Technology-Personal Information Security Specification, and thus it may serve as a synthesis of rules, and will supersede existing rules that conflict with the draft PI Protection Law. On the other hand, it both contains new or extended rules and leaves some aspects of the protection of personal information to other sets of rules, including the Data Security Law. Furthermore, its use will be limited until implementing rules are issued to further guide regulators, businesses, and private individuals.
Despite all these legislative moves, due to the fast-paced development of China’s fintech industry, considerable uncertainty still remains as to how the Cybersecurity Law is being or will be applied in the fintech sector and what practical steps need to be taken to be compliant.
The Chinese fintech space continues to present a fertile ground for further advancements in this important global technology, thereby providing unique opportunities for entrepreneurs and established participants. At the same time, as government regulations concerning the Chinese fintech industry and wider cybersecurity considerations in China continue to formalise over time, this increasingly intricate web of laws and regulations may present some operational challenges, and will surely and constantly shape/reshape fintech’s development in China long into the future. Although there may be growing pains in this process, this is ultimately viewed as a healthy situation: ensuring that China adopts the best global standards in cybersecurity and data-handling practices, while encouraging further innovations that will keep China as a leading player in the fintech space for years to come.