In the People’s Republic of China (PRC), the year 2023 largely entailed the continuation of recent trends, both in the fintech market and the Chinese economy as a whole. Despite continuing challenges such as geopolitical tensions and slower-than-anticipated rebound from the COVID-19 pandemic, the Chinese fintech industry (in particular) has seen steady development, and this industry’s supporting role within the wider economy is becoming increasingly prominent. Regulators are expected to continue strengthening their supervision of the fintech market in the coming years, while still encouraging innovation, especially in risk prevention in the long-term.

The fintech market in China remains dynamic, with increasingly diversified market players, and the prospects are still broad. As new infrastructure has risen to the height of China’s national strategy, the deep integration of artificial intelligence, blockchain technology, cloud computing and big data will continue to promote the development of fintech into a new stage; and it appears that a virtuous circle of technology-industry-finance has begun to emerge as the general trajectory of the PRC fintech sector.

Internet finance is still the current predominant business model for fintech in China. The traditional financial institutions (eg, banks, securities firms and insurance companies) and innovative internet companies (third-party payment service companies, internet lending service providers, etc) provide their financial products by using new hi-tech tools (eg, big data, cloud computing or even robotic process automation) to approach and serve their customers more efficiently and to reduce their exposure to risk.

Like most countries in the world, China has not set up or appointed an independent supervisory authority for the regulation of the fintech industry.

Rather, the relevant businesses of the fintech industry, based on the specific attributes of corresponding financial services, are subject to the supervision of the traditional financial regulatory authorities. On 18 May 2023, the China Banking and Insurance Regulatory Commission (CBIRC) was replaced by the National Financial Regulatory Administration (NFRA), a new government agency responsible for the supervision of the overall financial industry (except for the securities industry), and the CBIRC was subsequently abolished. The China Securities Regulatory Commission (CSRC) is responsible for the supervision of fintech businesses that are related to investments in the securities markets, such as internet funds, internet securities and intelligent investment advisers. The People’s Bank of China (PBOC) is responsible for the supervision of fintech businesses related to the issuance, circulation and clearing/settlement of currencies, such as third-party payment services and digital currency. 

In addition, the local governments in China also play an important role in regulating the fintech industry. For P2P platforms and other “quasi-financial businesses” such as financing leasing, financing guarantees and factoring, the traditional financial regulatory authorities (ie, the NFRA, CSRC and PBOC) will not usually be directly involved in regulation, but will delegate relevant regulatory authority to the local financial regulatory bureaus of local governments.

Following the principle of “separate supervision”, the PBOC plays a leading and co-ordinating role among the regulatory authorities in the supervision of the fintech industry, and controls the development direction and supervisory approach to the fintech industry from a more macroscopic perspective. For instance, the Guiding Opinions on Promoting the Healthy Development of Internet Finance (the “Internet Finance Development Opinions”) issued in July 2015 by ten ministries led by the PBOC, as well as the Fintech Development Plan (2019–21) issued by the PBOC in 2019 (followed by the Fintech Development Plan (2022–25) issued by the PBOC in 2022), provide macro guidance on the regulation and development of the fintech industry based on market practice at the time.

In order to regulate the development and application of fintech in the financial services industry, the Chinese government has issued a series of policies and regulations in recent years. The basic principle is that fintech should be used as a technical tool to promote the innovation and development of the financial services industry. The relevant policies and regulations mainly include the macro policies and the regulations for each subdivided field of the fintech industry (see below).

Major Macro Policies

The PBOC is responsible for leading the formulation of fintech macro policies in China. These are intended to provide guidelines and plans for the development of fintech, the most recent and important of which is the Fintech Development Plan (2022–25) promulgated in January 2022, based on China’s 14th Five-Year Plan (2021–25) for National Economic and Social Development and Vision 2035. In February 2022, the PBOC and four other regulatory authorities collectively issued the Development Plan for Financial Standardisation during the 14th Five-Year Plan Period, which establishes quantitative targets on the number of financial standards that will be issued by 2025 across a broad set of subject matters.

Major Regulations in Subdivided Fields

The Chinese government has attached great importance to emerging technologies, especially for “cloud computing”, “internet plus”, “big data” and “artificial intelligence”.  For each of these technologies, the State Council has issued corresponding policies for guidance, mainly including:

• the Opinions of the State Council on Promoting the Innovative Development of Cloud Computing and Cultivating New Business Forms of the Information Industry, issued by the State Council in January 2015;
• the Guiding Opinions of the State Council on Vigorously Advancing the “Internet Plus” Action, issued by the State Council in July 2015;
• the Notice of the State Council on Issuing the Action Outline for Promoting the Development of Big Data, issued by the State Council in August 2015;
• the Notice of the State Council on Issuing the Development Plan on the New Generation of Artificial Intelligence, issued by the State Council in July 2017; and
• the 14th Five-Year Plan (2021–25) for National Economic and Social Development and Vision 2035.

With respect to the application of fintech in the financial services industry, the Chinese financial regulatory authorities have issued a series of rules which can be divided into three categories.

Regulations relating to the new business model developed by traditional financial institutions with fintech 

• For internet insurance businesses based on “Internet Plus”, the CBIRC enacted the Administrative Measures on Internet Insurance in 2021, followed by the Notice of Issues Concerning Further Regulating the Internet Personal Insurance Business of Insurance Institutions by the CBIRC.
• For internet loans of commercial banks, the CBIRC issued the Interim Measures for the Administration of Internet Loans of Commercial Banks and the Notice on Further Regulating the Internet Loan Business of Commercial Banks by the General Office of the CBIRC.

Regulations relating to the new types of institutions utilising fintech

• For non-banking payment institutions, the PBOC revised the Administrative Measures for Payment Services Provided by Non-financial Institutions in April 2020, which together with other rules and regulations govern the payment services provided by non-financial institutions. On 17 December 2023, the Regulations on the Supervision and Management of Non-Bank Payment Institutions were issued, which will come into effect on 1 May 2024. As the first administrative regulation governing this area, this new regulation has accounted for the existing regulatory rules previously adopted by the regulatory authorities, and also provides for a comprehensive and continuous supervision throughout the entire payment process, with a continued stress on strict control over the market entry of payment institutions (in an effort to prevent risks such as fund misappropriation and data leaks).
• For online lending information intermediary institutions (ie, P2P platforms), four Chinese government departments led by the China Banking Regulatory Commission (replaced by the NFRA in May 2023) promulgated the Interim Measures for the Administration of the Business Activities of Online Lending Information Intermediary Institutions in August 2016, and a series of rules and regulations for rectifying the industry was issued later.

Regulations in relation to common issues arising from the application of fintech 

• For the data management of commercial banks, the CBIRC issued the Guidelines for the Data Management of Banking Financial Institutions in May 2018.
• For the protection of personal information:
1. the Standing Committee of the National People’s Congress promulgated the Cybersecurity Law of the People’s Republic of China in November 2016;
2. the PBOC issued the Personal Financial Information Protection Technical Specification in February 2020;
3. the CAC and 12 other governmental agencies issued the Measures for Cybersecurity Review in December 2021; and
4. the CAC issued the Measures for the Security Assessment of Data Exports, which came into effect in September 2022, followed by the Guide to Applications for Security Assessment of Outbound Data Transfers (First Edition).
• For strengthening the anti-money laundering regime, the PBOC:
1. issued the Measures for the Supervision and Administration of Combating Money Laundering and Financing of Terrorism by Financial Institutions in 2021; and
2. jointly with the CSRC and the CBIRC, issued the Administrative Measures for Customer Due Diligence and Preservation of Customer Identity Information and Transaction Records of Financial Institutions in 2022; and
3. jointly with 11 other governmental agencies, issued the Three-Year Plan for Combating and Regulation Against Illegal and Criminal Activities Regarding Money Laundering (2022–24) in 2022.
• For establishing operational, maintenance and regulatory requirements for various forms of financial infrastructure, the PBOC issued the Measures for the Regulation of Financial Infrastructure (Draft for Comment), which was released in December 2022.
• For improving the prevention and disposition mechanism of financial risks, the Standing Committee of the 13th National People’s Congress issued the Financial Stability Law (Draft for Comment) in December 2022.
• For the statistical management of financial institutions, the CBIRC issued the Administrative Measures for Regulatory Statistics of Banking and Insurance Sectors, which came into effect in February 2023.

In addition to the regulations listed above, the Chinese financial regulatory authorities have also promulgated a myriad of rules on particular financial service aspects, including online fund sales business, loan facilitation services, internet wealth management and digital currency.

It is worth noting that the PBOC issued a notice in December 2019 announcing that the first pilot scheme of fintech innovation supervision (ie, a sandbox regulatory mechanism) would be launched in Beijing. In April 2020, it was announced that the pilot scheme had been expanded to six regions: Shanghai, Chongqing, Shenzhen, Hebei Xiong’an New District, Hangzhou and Suzhou.

Meanwhile, in April 2020, four Chinese government departments, led by the PBOC, issued the Opinions on Financial Support for the Construction of the Guangdong-Hong Kong-Macao Greater Bay Area, in which the mechanism “to study and establish a cross-border financial innovation regulatory sandbox” was proposed. This was also the first time the concept of “sandbox regulation” had been directly referred to in Chinese financial regulatory rules. In October 2021, the PBOC and the Hong Kong Monetary Authority signed the Memorandum of Understanding on Fintech Innovation Supervisory Co-operation in the Guangdong-Hong Kong-Macao Greater Bay Area.

The following compensation models are observed in market practice:

• broker fees paid by merchants or by both merchants and customers where a financial product is sold through a platform operated by a fintech service provider;
• handling fees paid by users of third-party payment services;
• membership fees or package fees paid by users of robo-advisory services; and
• technology service fees/information service fees paid by financial institutions that purchase and receive services from a technical company providing fintech solutions.

In each compensation model, a clear rate of service charge must be notified to customers/users in advance, with a written or electronic record of charges provided later.

Legacy players, such as commercial banks, securities firms and insurance companies, are highly regulated in China. Chinese regulators are in the process of setting up a licensing system and adopting new regulatory models with respect to fintech industry participants in innovative practice areas. For instance, in the third-party payment industry, any fintech company involved in payment settlement business is required to obtain a third-party payment licence; compared with legacy players, who are not required to do so to conduct payment business, given that they are licensed to perform traditional banking services. 

Regulatory sandboxes provide regulators with a controlled and supervised environment in which to test innovative products, services or business models without systematic risks. These trial projects form part of China’s Fintech Development Plan (2019–21). The fintech regulatory trials test the best regulatory methods and provide corresponding space and system guarantees for fintech innovations based on the “regulatory sandbox” regulation model.

In mid-January 2020, the PBOC announced the first batch of trial applications in Beijing. In late April, the PBOC extended the sandbox experimental cities to include Shanghai, Chongqing, Shenzhen, Hangzhou and Suzhou, as well as the Xiong’an New Area, a much-anticipated new economic zone. In July 2020, Guangzhou and Chengdu were included in the sandbox experimental cities by the PBOC. Since 2021, the PBOC has been gradually expanding the regions adopting the sandbox mechanism, and it is expected that the first group of fintech technologies successfully completing the sandbox test will be made available to the market soon.

There is no single regulatory body responsible for the regulation of fintech products and services. Different fintech services and products are regulated by different regulatory bodies, such as the PBOC, NFRA and CSRC. Other than these three major regulators, some others are involved in particular situations:

• the State Administration for Market Regulation (SAMR) and its local branches are in charge of fintech companies’ registration and normal business conduct;
• the Ministry of Industry and Information Technology (MIIT) and its local branches are in charge of regulating telecommunications-related services involved in the fintech industry;
• the Cyberspace Administration of China (CAC) is in charge of regulating network safety, data compliance and other relevant issues arising from internet data exchange and processing involved in the fintech industry; and
• the Ministry of Public Security (MPS) and its local branches are leading the fight against internet financial crimes.

Given that the financial industry is a highly regulated area in China, only a small number of non-material functions of Chinese regulators are outsourced to relevant industry associations, such as the Payment and Clearing Association of China (PCAC). These functions include self-discipline measures, launches of pilot programmes and formulation of technical guidelines, standards or rules. Each relevant industry association, being authorised by the competent regulators, has its own charters, self-discipline conventions, rules and regulations governing all its members and their activities.

Different participants in the fintech industry may be subject to different kinds of liability. For fund administrators, the Securities Investment Fund Law of the People’s Republic of China and the Provisional Rules on Supervision and Administration of the Private Equity Investment Fund (the “PE Fund Rules”) provide that the fund administrator should disclose material information that may have a substantial impact on the lawful interests of the investors, and should not withhold information or provide false information. The operators of any platform (eg, a financial research platform) are required to block, delete and report any improper, suspicious or unlawful behaviour, keep relevant records of such behaviour and report it to the regulatory authorities.

In 2020, the Chinese government continued the campaign against irregularities in P2P lending and online small loans. The shutdown of most small to medium-sized players shows China’s concerns regarding the disorder of this market and the government’s ability to enforce the law firmly and quickly. In addition, Chinese regulators curbed the “reckless” push of technology firms into finance, taking aim at a sector where lax oversight fuelled breakneck growth for companies such as Ant Group Co and Tencent Holdings Ltd’s Wechat Pay.

In March 2021, the CBIRC, PBOC and three other authorities jointly issued the Notice Concerning Further Standardising Supervisory and Regulatory Work for University Student Online Consumer Loans, aiming to crack down on the growing online lending operation targeting university students, who are traditionally considered “vulnerable” to unregulated online borrowing.

Since May 2021, the Chinese government launched a series of policies and campaigns to crack down on cryptomining operations in China; at the height of which, in September 2021, the National Development and Reform Commission, the PBRC, and another nine authorities jointly issued the Notice on Regulating Virtual Currency “Mining” Activities. Consequently, China’s traditional crypto “mining hub” regions and provinces, such as Inner Mongolia, Qinghai, Yunnan and Sichuan, all announced campaigns to ban new mining projects, to order existing mining operations to close, and to require power plants to cut off power supply to suspected mining operations. The crackdown is said to have led to nearly 70% of the world’s mining capacities going offline, at least for some time, before being moved to jurisdictions that still allow cryptomining.

In December 2022, the CSRC said in a statement that it would ask two US-listed companies, Futu Holdings Inc (NASDAQ: FUTU) and Up Fintech Holding Ltd (NASDAQ: TIGR), to stop taking new onshore investors as customers or opening new accounts for them. Existing onshore clients can still trade via brokerage platforms, but additional fund transfers via non-compliant channels to their accounts will be banned. The CSRC also stated that the two companies were engaged in providing cross-border security investment services to onshore invertors without any approval from the CSRC, which had already constituted illegal operation of security business under the Security Law of the People’s Republic of China and other relevant laws and regulations.

On 7 July 2023, the PBOC, NFRA and CSRC announced fines totalling RMB7.1 billion against Ant Group and its affiliated entities. Meanwhile, the online microloan platform “Mutual-Aid” has officially been shut down. The regulatory authorities outlined seven charges against Ant Group, including violations of regulations on the protection of consumer financial information and regulations on the protection of financial consumer rights. The Zhejiang Securities Regulatory Bureau also pointed out Ant Group’s violations in fund sales, including breaching regulations related to the access, promotion and file management of fund products, as well as Ant Group’s violations of regulations on the management of personnel and internal controls of fund sales institutions. The platform under Tencent Group, “Caifutong”, was also fined RMB2.4 billion and suspended for similar reasons.

In June 2022, the Standing Committee of the 13th National People’s Congress issued the amended Anti-Monopoly Law of the People’s Republic of China, which became effective in August 2022. The amended Anti-Monopoly Law further strengthens the supervision of the underlying ecology of the entire digital economy along with the Anti-monopoly Guidelines on Platform Economy issued by the Anti-Monopoly Commission of the State Council.

The year 2022 has seen a series of new laws and regulations on data security, personal information protection and cybersecurity (which are also crucial topics in the fintech domain), including the following.

• The Opinions of the Communist Party of China’s Central Committee and the State Council on Building Basic Systems for Data to Better Play the Role of Data Factors, which came into effect in December 2022 and aims to establish a basic data policy to lower the thresholds for certain data usage and transfers.
• The Privacy Protection Computing Platform in Financial Scenarios – Technical Requirements and Test Methods, which came into effect in November 2022 and delineates the security, function, performance-related and other technical requirements for privacy protection computing platforms involved in the financial industry.
• The Measures for the Security Assessment of Data Exports, which came into effect in September 2022 and formulates a security assessment mechanism for cross-border data transfers covering “important data” and personal information.
• The Circular on Seeking Public Comments on the Decision on Amending the Cybersecurity Law of the People’s Republic of China was promulgated in September 2022 and is expected to:
1. enhance the rules on legal liability for violations of certain general provisions on network operation security;
2. amend the rules on legal liability in relation to the security protection of critical information infrastructure;
3. modify the rules on legal liability in relation to network information security; and
4. revise the rules on legal liability in relation to personal information protection.
• The Guide to Applications for Security Assessment of Outbound Data Transfers (First Edition) was promulgated in August 2022 and provides practical guidance to the implementation of the Measures for the Security Assessment of Outbound Data Transfers.
• The Circular of the Cyberspace Administration of China on the Provisions on the Standard Contract for Outbound Cross-Border Transfer of Personal Information was circulated for public comment in June 2022, and aims to provide a standard contract clause for personal information export activities which market participants will be able to use in their contracts with counterparties.
• The amended Interpretation of the Supreme People’s Court of Several Issues on the Specific Application of Law in the Handling of Criminal Cases about Illegal Fundraising, which came into effect in March 2022 and expressly provides that the “trade of virtual currency” as a way of illegal fundraising may be considered a crime under the Criminal Law of the People’s Republic of China (thereby escalating certain legal risks associated with the trade of cryptocurrency in the PRC market).
• The revised Measures for Cybersecurity Review, which came into effect on 15 February 2022 and apply to the following circumstances:
1. when critical information infrastructure operators (CIIOs) intend to purchase any network product or service that affects or may affect state security;
2. when any data processor carries out any data-processing activities that affect or may affect issues of national security, even if such parties are not CIIOs; and
3. when any company with personal information of more than one million users intends to conduct a stock listing outside the country.
• On 3 August 2023, the China Payment and Clearing Association published its new Guidelines for Personal Payment Information Protection (the “Guidelines”). Compared to its previous version, the new Guidelines clearly define the scope of personal payment information, which refers to any information that is related to individuals and to those involved in payment activities that can be known and processed, and that can identify individuals either individually or in combination with other information.

The Guidelines also explicitly state that the use and processing of personal payment information should be strictly limited to its intended purposes. In principle, entities in the payment industry should not use personal payment information in situations unrelated to payment services. Personal payment information should not be provided to non-business-related parties, and it is not allowed to be disclosed publicly. Additionally, the Guidelines outline the security framework for personal payment information and provide more detailed requirements for personnel, systems and management of relevant institutions.

The National Internet Finance Association of China (NIFA) is recognised as the first nationwide self-regulatory organisation of the internet financial industry. The NIFA is tasked by the PBOC to conduct a filing for mobile financial client applications (“Financial Mobile Apps”) such as mobile banking applications and securities trading applications. By February 2022, the NIFA had conducted filings for over 20 batches of Financial Mobile Apps.

Online customer-directing platforms for financial products are good examples of the conjunction of unregulated and regulated products. The sale of financial products through the internet is regulated, but the provision of product information is not regulated by financial regulators. In such business models, platform operators enter into co-operation or service agreements with financial product providers that are regulated. When clicking the button shown on the interface of platforms, users are redirected to the websites of the financial product providers or the display pages of the financial products. The financial product providers will pay the platform operators’ commission or a technical service fee based on the agreement between them if users are successfully directed to said websites/pages.

In practice, different local regulators have different attitudes towards this kind of business model, and it is uncertain whether this business model will be subject to regulation by financial supervision in the future. However, there is a trend for regulation in this regard to be tightened to prevent the sale of financial products by a technology company without a competent sales permit.

As listed in 2.2 Regulatory Regime, the PBOC:

• issued the Measures for the Supervision and Administration of Combating Money Laundering and Financing of Terrorism by Financial Institutions in 2021; and
• jointly with the CSRC and the CBIRC, issued the Administrative Measures for Customer Due Diligence and Preservation of Customer Identity Information and Transaction Records of Financial Institutions in 2022; and
• jointly with 11 other governmental agencies, issued the Three-Year Plan for Combating and Regulating Illegal and Criminal Activities Regarding Money Laundering (2022–24) in 2022.

All three of these measures cover only regulated entities – ie, they do not cover entities that are not considered regulated financial institutions in the Chinese market.

That said, under China’s highly regulated financial regime, there are comparatively few categories of fintech companies that are not regulated. Most fintech companies operating in compliance with PRC laws are required to hold at least one or two financial permits or licences – eg, the payment licence, the investment adviser licence, and the mutual fund manager permit. These regulated entities must comply with all the AML rules in the PRC, and the regulatory hurdle is further heightened by the above-mentioned measures.

China-based robo-advisers tend to be more restricted compared with robo-advisers in other jurisdictions. Robo-advisers in China typically provide portfolio recommendations, but the investment decisions ultimately have to be undertaken by users owing to regulatory limitations.

Pilot Mutual Funds Advisory Scheme

China’s pilot launch of a mutual funds advisory scheme in October 2019 may, however, ease this restriction. The scheme will allow asset managers and fund distributors to provide customised investment advice and maintain discretionary control over clients’ investment portfolios, which will be constructed with publicly offered mutual funds. Robo-advisers operating under this scheme will therefore be allowed to execute trades automatically without requiring client consent each time, providing a more seamless experience for users.

The CSRC launched the scheme with the aim of promoting an alignment of interests between investors and fund distributors. Traditionally, China’s asset management industry has been sales-oriented, as fund distributors generate revenue from transaction fees on the products they sell. This scheme will see a shift towards a fee-based advisory model, with providers charging a fee of no more than 5% of a client’s net asset values in exchange for providing asset allocation services tailored to that customer’s financial needs.

In November 2021, the CSRC issued a Notice on Regulation of Fund Investment Advisory Activities, which requires fund distributors to refrain from controlling clients’ investment portfolios unless they are qualified to do so pursuant to the mutual funds advisory scheme. As a result, many banks and other fund distributors stopped providing quasi-advisory services such as “one-stop fund selectors” to clients purchasing mutual funds.

The PBOC and three other governmental agencies jointly issued the Guiding Opinions on Regulating the Asset Management Business of Financial Institutions on 17 April 2018, which first acknowledged the concept of robo-advisers. Thereafter, the PBOC and seven other governmental agencies jointly issued the Circular on Issuing the Master Plan for the Establishment of Sci-tech Innovation and Financial Reform Pilot Zones in Shanghai, Nanjing, Hangzhou, Hefei and Jiaxing on 11 November 2022, which allowed certain robo-adviser business to be conducted in relevant pilot zones, provided that the robo-adviser business is in compliance with PRC laws and regulations and is subject to reasonable risk-control mechanisms. However, to date, China has not adopted any specific robo-adviser laws or regulations regarding the best execution of customer trades.

See 3.2 Legacy Players’ Implementation of Solutions Introduced by Robo-advisers.

From a business perspective, different loan providers target different loan borrowers based on risk appetite. For example, online lending platforms operated by traditional commercial banks tend to issue loans to small business owners, while other online lending platforms, operated by non-bank entities (such as Ant Financial or JD), tend to target individual borrowers, capitalising on different risk assessment methods – eg, certain online lending platforms have access to the online shopping history of individual borrowers, and use this to analyse their consumption curve changes and to assess the potential risks.

From a legal perspective, however, there is no clear line drawn between individual borrowers or small business owner borrowers, as the Interim Measures for the Administration of the Business Activities of Online Lending Information Intermediary Institutions, jointly issued by the CBIRC, MIIT, CAC and MPS on 17 August 2016 (the “Interim Measures of Online Lending Intermediaries”), has set the framework of regulation on online lending platforms without expressly categorising loans vis-à-vis individuals or entities.

Online lending platforms are generally considered as intermediaries that collect basic personal information about borrowers, categorise the information with repayment capacity and provide lenders with such standardised information. Paipai Dai is a leading company that adopts this business model.

Other underwriting models previously existed – eg, with platforms acting as guarantors, providing a guarantee on the repayment of loans; or as creditors, collecting proceeds from investors or repurchasing debt from individual lenders. However, these business models have been prohibited by the Interim Measures of Online Lending Intermediaries since 2016.

P2P

P2P lending refers to technology-based platforms that allow investors to participate as investors in loan assets, with a direct claim on payments of interest and repayments of principal. The platform itself has no claim on these payments, but instead earns fees for related services, such as the assessment of credit risk, the matching of investors with borrowers, and the servicing of loans, including the collection and allocation of payments of interest and principal. It is understood that there were virtually no pure P2P lending companies left in operation in China by the end of 2021.

Securitisations

Online lending platforms have been prohibited from being involved in the securitisation business since 2016, according to the Interim Measures of Online Lending Intermediaries, although they seek to circumvent such regulation in various ways.

Deposits

With the concern that online lending platforms may engage in illegal fundraising and misuse of proceeds, licences are required for various aspects of online lending, and co-operation with third-party institutions is restrained.

It is rare to see syndications used in the online lending business. The more common approach is for online lending firms to provide analyses of borrower information to be assessed by other participants, such as commercial banks, and for such participants to provide funds for the borrowers in return.

In China, payment processors (eg, traditional commercial banks and innovative payment service providers such as Alipay and WeChat Pay) must use payment rails that are managed by certain licensed entities. These payment processors are not allowed to create new payment rails on their own. Currently, available payment rails include the payment-processing platforms managed by China UnionPay and China Nets Union. China UnionPay is a bridge connecting all sorts of banks. China Nets Union is an online payment-clearing platform for non-bank payment institutions, mainly for providing unified and public payment-clearing services for online payments. Since China Nets Union only serves as a clearing platform, it connects the licensed payment processors and the banking system.

Cross-border payments and remittance are highly regulated in China. The major regulators are the PBOC and the State Administration of Foreign Exchange (SAFE). The PBOC regulates cross-border payments in offshore Chinese yuan carried out by banks and licensed payment processors. SAFE regulates cross-border payments in foreign exchange carried out by banks and licensed payment processors (which obtain the special permit necessary to engage in foreign exchange cross-border payment businesses issued by SAFE).

Fund administrators are classified as those that manage publicly offered funds (“public fund administrators”) and those that manage private equity funds (“private fund administrators”). Public fund administrators are subject to approval by the CSRC, while private fund administrators used to be subject only to registration/filing with the Asset Management Association of China (AMAC). The CSRC officially took responsibility for supervising and regulating private fund administrators after the Interim Measures for the Supervision and Administration of Private Investment Funds came into effect in August 2014, which laid down the current regulatory system on private investment funds.

On 30 December 2022, the AMAC issued a consultation draft of the Measures for Registration and Filing of Private Investment Funds and the ancillary guidelines Numbers 1–3 on private fund manager registration, which are intended to clarify the registration and filing requirements for private fund managers and private funds. In order to better protect the legitimate rights and interests of investors, the State Council issued the Regulations on the Supervision and Management of Private Investment Funds in July 2023, which came into effect on 1 September 2023. The CSRC also proposed a comprehensive revision of the Interim Measures for the Supervision and Administration of Private Investment Funds on 8 December 2023, to ensure better consistency with the Regulations on the Supervision and Management of Private Investment Funds.

On 24 June 2022, the AMAC issued the Guidelines for Private Fund Manager Registration and Private Investment Fund Filing, and provided detailed instructions for the registration of private fund managers and filing of private investment funds.

On 20 June 2022, the Measures for the Supervision and Administration of Publicly Offered Securities Investment Fund Managers came into effect. These new regulations mainly raise the financial requirements of fund company shareholders on the entry threshold and require long-term fund performance as a core assessment indicator in corporate governance. These revisions mainly focus on the following:

• optimising the public offering fund licence system;
• improving the fund governance mechanism;
• strengthening the supervision of licensed public institutions; and
• clarifying the exit mechanism of fund managers and building an orderly industry ecology.

On 2 June 2022, the AMAC released the Circular on Matters Related to the Registration Filing for Private Fund Managers, and updated the List of Registration Materials and the Key Factors to Be Focused On, which also applies to the registration and filing of private fund managers.

On 30 December 2020, the CSRC issued Several Provisions on Strengthening the Regulation of Private Investment Funds, aimed at further regulating private investment fund businesses operated by private fund managers.

On 23 December 2019, the AMAC released the Instructions for the Record-Filing of Private Investment Funds, aimed at reinforcing the requirements previously requested by the CSRC, issued in April 2018, and supplementing specific requirements of the AMAC.

In China, fund advisers are purely advisory entities that give investment advice and do not have a responsibility to supervise fund administrators. Under the Securities Investment Law of the People’s Republic of China, the fund trustee is responsible for supervising the fund administrator. In 2020, the CSRC released the draft Administrative Measures on Securities Fund Investment Advisory Business, which sets out certain requirements for Chinese and foreign shareholders of securities fund investment advisers. More generally, it also prohibits securities fund investment advisers from providing advisory services in relation to securities, structured products, derivatives and other high-risk assets to investors other than professional investors. If a non-professional investor insists on receiving such services, the advisers should, among other things, keep records of all procedures in relation to such services if the services are rendered via the internet.

The current major nationwide trading platforms include the following:

• the stock exchange market, regulated by the CSRC;
• the bond trading market, consisting of the interbank bond market, bond exchanges and commercial banks, mainly regulated by the PBOC;
• the commercial paper exchange market, mainly regulated by the PBOC;
• fund-trading platforms, regulated by the AMAC (an industry organisation under the guidance of the CSRC);
• futures exchange platforms, such as the Shanghai Futures Exchange and the Zhengzhou Commodities Exchange, regulated by the CSRC; and
• emerging online exchange and trading platforms, which have not yet found their position in the financial regulatory system of China and are subject to various authorities, including the CSRC, NFRA and PBOC.

The regulatory approach in China is functional regulation, under which different products and platforms are subject to differing supervision by regulators categorised with different asset classes. As set out in 7.1 Permissible Trading Platforms, various regulatory regimes are involved with respect to separate asset classes and services. In other words, multiple licences may be required if a financial service provider engages in business relating to several different types of asset classes. For example, for the sale of insurance, insurance broker licences are required, while for the securities and futures business, operating licences for securities and futures are required.

Meanwhile, the Regulations on the Supervision and Management of Non-Bank Payment Institutions completely reshaped the licensing of non-bank payment institutions by abandoning the previous classification based on “medium” and “technology” and adopting a functional approach. This move aims to address the limitations of the previous classification system and to better adapt to the rapidly evolving market landscape of payment technologies.

For example, the emergence of “QR Code” payment around 2016 did not fit into any of the three typical business types, based on its technical features. This posed significant challenges in regulatory implementation and led to many unreasonable situations. To resolve this, the Regulations divided non-bank payment institutions into two categories: “Stored Value Account Operation” institutions and “Transaction Payment Processing” institutions. Under this new approach, regardless of the external form of payment, payment institutions can be categorised and managed based on the essence of their business, effectively bridging the past regulatory gap. The PBOC mentioned that detailed rules for implementing the Regulations would be formulated to specify the classification of payment businesses, transitional provisions applicable to new and old business types, as well as additional approval and punishment procedures.

As an entirely new genre of intangible asset, the emergence of cryptocurrency calls for an upgrade of the technology used in the regulation and innovation of legal theories to incorporate cryptocurrency properly into the existing regulatory system. Uncertainty regarding cryptocurrency and consumer protection in the trading process, and concerns regarding anti-money laundering, have been the major issues addressed by the regulatory authorities.

In September 2017, China officially declared fundraising through cryptocurrencies and initial coin offerings (ICOs) illegal and shut down platforms facilitating such trades. On 24 August 2018, the CBIRC, PBOC, MPS and two other cabinet-level authorities jointly issued the Notice on the Risks of Illegal Fundraising, which used the terms “cryptocurrency” and “blockchain” and warned investors of the risk of Ponzi schemes in such deals. However, the PBOC is moving quickly in researching and developing China’s own Central Bank Digital Currency (CBDC) in reaction to the challenges that cryptocurrencies may bring.

In December 2022, the Telecoms and Online Anti-Fraud Law of the People’s Republic of China came into effect, which prohibits any individual or entity from providing support or assistance for the carrying out of telecommunications and online fraud activities, including the assistance of others in committing money laundering through cryptocurrency trading.

Pursuant to the Measures for the Administration of Registration of Initial Public Offerings of Stocks issued by the CSRC in February 2023 and the relevant listing rules of the Shanghai Stock Exchange and Shenzhen Stock Exchange, there are no IPO requirements specifically for fintech companies. However, certain general standards apply for an IPO of a fintech company – for instance:

• there must have been no major change regarding an issuer’s ultimate controller, main business, directors or senior managers within the last three years;
• the total share capital of the issuer prior to the IPO must be no less than CNY30 million; and
• certain requirements for net profit and net cash flow apply.

In 2021, China launched its third stock exchange, the Beijing Stock Exchange (BSE). While conforming to the above-mentioned listing requirements, the BSE requires that a listing company must have already been listed on the NEEQ (China’s OTC trading platform) continuously for over 12 months.

Order-handling rules also apply in China. The practice in China is that the centralised competitive bidding in securities trading follows the principle of price preference and time preference – ie, a higher purchase-price bid will be accepted in priority to a lower purchase-price bid by the securities trading system, while a lower selling-price ask will be accepted in priority to a higher selling-price ask. In the event that the same purchase prices or selling prices are offered, the price that comes first will be accepted by the securities trading system.

Compared with traditional commercial banks, P2P trading platforms adopt more simplified credit review procedures and offer much faster speeds of loan issuance. Therefore, they used to attract a huge number of small loans for individuals, and were replacing commercial banks as a major provider of small loans for individuals before 2018. However, the fast growth of P2P platforms brought the danger of illegal fundraising, and the lack of a well-established personal credit system in China triggered a repayment crisis for many big P2P platforms, which posed a potential systematic risk to China’s financial system. Since 2018, the PBOC has been strengthening the regulatory requirements, and cracking down on illegal fundraising activities jointly with other regulators, such as the MPS. It is understood that currently there are no pure P2P platforms in operation in China.

China has not adopted any specific laws and regulations regarding the best execution of customer trades.

The rules permitting or prohibiting payment for order flow are provided by the Regulations on the Supervision and Administration of Securities Companies (2014 Revision), issued by the State Council, which states that a securities company and its staff may not seek illicit profits from offering investment suggestions to their clients. It is suggested that payment for order flow is not permitted in China, but lawmakers have not put much focus on this issue yet.

China’s capital markets, when assessed in comparison with more mature markets and other emerging markets, still need to catch up on several fronts – ie, in terms of:

• overall scale;
• internal structure and market efficiency;
• improving the corporate governance of listed companies;
• enhancing the international competitiveness of securities and futures firms;
• improving the efficiency and competitiveness of the exchanges;
• optimising market infrastructure as well as laws, rules and regulations; and
• providing more effective enforcement.

At present, China’s regulation of high-frequency trading is not labelled as such or centralised as a set of regulations specifically targeting such practices, but rather derives from more generic regulations about technical aspects of trading. For example, the Guidelines of the China Financial Futures Exchange on the Supervision and Controlling of Abnormal Futures Trading (for Trial Implementation), issued by the China Financial Futures Exchange in 2010, describes certain trading activities as abnormal trading and limits or forbids them – eg, where the number of cancellations for a single contract is more than 500, or where the trading volume of a single contract is more than 1,000 lots in a single day.

In January 2015, the CSRC issued the Administrative Measures for the Pilot Scheme on Stock Option Trading and allowed securities companies to engage in the market-making trades of stock options.

In March 2020, the amended Securities Law of the People’s Republic of China came into effect and allowed securities companies to operate in the market-making trades business upon approval by the securities regulatory authority under the State Council, which is currently the CSRC.

In May 2022, the CSRC issued the Regulations on the Pilot Business of Market-Making Trades of Securities Companies on the Science and Technology Innovation Board and provided that securities companies that satisfy the following criteria may apply for a qualification to carry out market-making trades business on China’s Science and Technology Innovation Board (the “STAR Market”):

• the company must be qualified for the business of proprietary securities trading;
• the company’s net capital in the past 12 months on a continuous basis must not have fallen below CNY10 billion;
• the company’s rating under the Provisions on the Classification-based Regulation of Securities in the past three years must have been Class A or above;
• the company’s net capital and other risk control indicators in the past 18 months on a continuous basis must meet certain prescribed standards;
• the company’s internal management system and risk-control system must be sound and effectively implemented;
• the company must have sufficient professional staff qualified for the business, and the executives and chief risk officer of the company managing the business of market-making trades must have a corresponding level of professional competence;
• the company must have a well-prepared implementation plan for the business of market-making trades in stocks on the STAR Market, and a technical system qualified for the business which has passed the evaluation and testing organised by the Shanghai Stock Exchange;
• the company must not have been subject to administrative punishment or held liable for criminal liability for a material breach of laws and regulations in the past year;
• the company must not have had any information security incidents at or above the level of “major information security incidents” in the past year; and
• other conditions prescribed by the CSRC.

In August 2022, the Futures and Derivatives Law of the People’s Republic of China came into effect and allowed futures companies to operate in the market-making trades business upon approval by the futures regulatory authority under the State Council, which is currently the CSRC.

In January 2023, the BSE issued the Rules for Stock Market-Making Trades Business at the Beijing Stock Exchange and the Guidelines for Stock Market-Making Trades Business at the Beijing Stock Exchange, which allow securities companies that have obtained qualifications from the CSRC to participate in listed stock market-making trades business to also apply for engaging in the market-making trades business on the BSE.

China has no specific laws or regulations in relation to the distinction between funds and dealers.

China has no specific laws or regulations on programmers and programming.

The financial market in China is primarily overseen by overarching government agencies, such as the People’s Bank of China (PBOC), China Securities Regulatory Commission (CSRC) and other relevant institutions. The key focus of regulatory efforts in China to address data security and privacy concerns share similar goals with DeFi, though there are no specific laws or regulations in place regarding DeFi in China at this time. However, as mentioned previously, certain elements of DeFi, such as cryptocurrency, ICOs, and related transactions and exchanges, currently face major legal obstacles within China, making true DeFi innovation initiatives largely inaccessible for most Chinese market players. 

China has no specific laws or regulations on business operations of financial research platforms. However, as information service providers, financial research platforms are subject to laws and regulations regarding information services in the telecommunications sector, and value-added telecommunications licences may be required if such services are fee-based.

Pursuant to the Administrative Provisions on Financial Information Services, financial information service providers may not produce, publish or disseminate information that:

• is false and endangers national financial security;
• distorts national financial policies;
• instigates others to commit commercial fraud or economic crimes; and
• concerns fake events or news regarding securities, funds, futures, foreign exchange and other financial markets.

Any financial information service providers that violate the requirements above will be subject to various administrative penalties.

In addition, under the Criminal Law of the People’s Republic of China, it is a crime for anyone to:

• disclose insider information;
• use such information in trading;
• use other non-insider internal information in trading;
• create or spread securities or exchange-related false information; or
• manipulate a securities market or an exchange market with such information.

Under the telecommunications and cybersecurity laws and regulations, operators of financial information platforms are requested to collect and verify the real name of the platform users before those users are allowed to use the platform and post any information. The users should be aware of the fact that they can be traced if they post improper information or conversations.

In addition, at the request of government authorities, operators of financial information services must delete an improper conversation and report details about it to the authorities.

In China, the typical underwriting process of insurance is simple. A consumer will initiate the process by filling in an application form and, after the insurer gathers all the necessary information to evaluate the risk exposure, the insurance policy will be approved (or rejected). With the rising trend of insurtech, many insurance companies are beginning to offer insurance policies and complete the initial customer evaluation on online platforms. However, after online approval of the insurance policy, most insurance companies still require the insurance applicants to execute various contracts offline. Insurance regulators mainly implement exit management to strengthen the supervision of insurance products through monitoring during and after the relevant event.

Under the Insurance Law of the People’s Republic of China, an insurer is forbidden to engage concurrently in the businesses of life insurance and property insurance. Correspondingly, there are two departments of the CBIRC, the Property Insurance Regulatory Department and the Personal Insurance Regulatory Department, which separately regulate the business of insurance of persons and insurance of property. The rationale might be the concern that the proceeds received from personal insurance purchasers may be misappropriated to satisfy the huge need for cash in the property insurance business.

China has no specific law or regulations on regtech providers. However, the Chinese government embraces regtech as a good opportunity and method for ensuring that fintech companies comply with the law.

In 2017, the PBOC formed the Fintech Committee and announced that its main purpose was to reinforce the research and application of regtech.

In 2018, the CSRC pushed for the adoption of regtech measures amid broader efforts by Beijing to rein in the Chinese financial sector.

In April 2020, the Beijing Fintech Industry League announced the founding of the Regtech Specialist Committee.

In June 2020, the CSRC announced the establishment of a new internal regtech office. The CSRC’s Tech Department will have the goal of creating a big data supervisory and regulatory system for Chinese capital markets that will incorporate various existing data sources. With encouragement from the government, regtech companies in China are expected to grow rapidly in the next couple of years; but as they help regulators in monitoring the daily activities of fintech companies by tracing, collecting and processing data, the need for legislation to protect state secrets has become urgent. Furthermore, in the future as more powers are delegated to such regtech providers by the regulators, more duty-related requirements will be imposed on them by law. 

When dealing or co-operating with a technology provider, financial service firms are always seeking contractual protection to safeguard their trade secrets, prevent leakage of customer information and ensure the satisfaction of all regulatory requirements on data compliance by the technology provider. For example, all data collected and processed by the technology provider must be uploaded and stored on the financial service firm’s own server, and any data transmission to a third party or any unauthorised use without permission is forbidden. Some of those contractual terms are reflected in the regulations or technical norms of the relevant industry, in principle or in detail.

Currently, blockchain technology in China is mostly used in:

• clearing;
• cross-border trade;
• supply chains;
• information identification; and
• digital currency.

For example, China Merchants Bank has built the “Blockchain Platform of China Merchants Bank Direct Payment” – the first commercial bank in China to apply blockchain technology in the fields of cross-border direct clearing and global cash management.

Blockchain technologies are generally permitted and even encouraged in China. A White Paper published in October 2016 by the China Blockchain Technology and Industrial Development Forum, under the guidance of the MIIT, analysed the state of blockchain technology in China and its potential future applications, set out a roadmap for blockchain development in China and called for a formal set of national blockchain standards to provide industry guidance to existing and potential market players. To date, however, no blockchain-related standards have been released.

The Blockchain Services Provisions

On 10 January 2019, the CAC promulgated the Provisions on Administration of Blockchain-Based Information Services (the “Blockchain Services Provisions”), which represent the first administrative guidelines for providers of non-cryptocurrency, blockchain-based services in China. The Blockchain Services Provisions define blockchain-based service providers as entities or nodes that provide blockchain-based information services, or as any institution or organisation that provides technological support to such entities (“blockchain service providers”). By the end of 2021, the CAC had publicly released six lists of over 1,000 registered blockchain service projects.

Responsibilities of Blockchain Service Providers

Under the Blockchain Services Provisions, blockchain service providers are responsible for information security and should build internal management systems for:

• user registration;
• information censorship;
• emergency response; and
• security protection.

The Blockchain Services Provisions require blockchain service providers to conduct a record-filing with the CAC or its provincial-level branch to report certain key information, such as the type and scope of services, application sectors and server addresses, within ten business days after launching their services. Blockchain service providers are also required to undertake a security evaluation administered by the CAC or its provincial branches, and to authenticate the identities of their users based on ID card numbers, organisational codes (for PRC entities) or mobile phone numbers before providing services to such users, in accordance with the Cybersecurity Law of the People’s Republic of China.

Position of the Chinese Government

The Chinese government has taken a hard line against private cryptocurrencies and ICO fundraising. In 2017, regulators instituted an outright ban on cryptocurrency exchanges and ICOs in China, and also imposed severe restrictions on the use of cryptocurrencies and relevant trading services, which continued in 2020.

Blockchain assets (eg, Bitcoin) are generally regarded as virtual property rather than “legal currency” protected by PRC law. However, the Civil Code of the People’s Republic of China, which came into effect on 1 January 2021, provides for the first time that data and internet virtual property will be protected by law.

Though blockchain assets (eg, Bitcoin) are now protected as virtual property in China, the issuance of blockchain assets by private issuers is forbidden. The PBOC has been actively promoting the public use of a centralised virtual currency issued by the PBOC since 2020.

Blockchain asset-trading platforms are banned in China.

No funds are allowed to invest in blockchain assets in China.

Private players are not allowed to issue virtual currencies. The PBOC is testing its virtual currency in 26 cities and provinces.

China has no specific laws and regulations against decentralised financial (DeFi) platforms. Rather, most DeFi financial platforms would need certain types of financial business permits from the perspective of PRC law, which are each quite difficult (if not practically impossible) to obtain.

As there are various types of NFTs in the market, the legal treatment varies accordingly. However, as a general rule, NFTs designed in ways similar to virtual currencies or crypto-tokens will likely be subject to China’s strict prohibition against trade of virtual tokens. As mentioned, China’s Supreme People’s Court recently expressly criminalised illegal fundraising by way of trade of virtual currency, and therefore NFTs that are similar to virtual currencies also likely face huge legal risks in China.

Conversely, NFTs that are designed as mere virtual collectibles and that may not be traded as currency (but only as virtual items in meta/virtual worlds) are not likely regulated by any fintech-related regulation. The same goes for NFT trading platforms, as their legality under PRC law is largely dependent on what types of NFTs are traded on them.

In January 2023, the Hangzhou Intermediary People’s Court ruled that NFTs that are designed as mere virtual collectibles are considered virtual property and are protected by PRC law. This ruling came from a case involving a dispute between a copyright holder of a comic book character and an NFT collectibles seller on the Metaverse.

Open banking is generally understood by the market as a system that provides software developers and related businesses with a network of financial institutions’ data, through the use of application programming interfaces (APIs), which are established on the notion that individuals or entities might be willing to share their banking transaction details with third-party developers of APIs so that the individual end user may enjoy more advanced and cheaper financial services.

Although there are no specialised mandates or API standards for open banking in China, Chinese law guides the growth of open banking by imposing specific restrictions on the sharing of bank customer data. Thus, China has not (yet) provided for system-wide open banking or equivalent mechanisms such as the UK may possess. It is likely that China’s approach to regulating open banking will be pragmatic and organic, allowing industries to develop through experimentation and stepping in to tackle problems as they appear.

Since the implementation of the Cybersecurity Law of the People’s Republic of China on 1 June 2017, the collection of individuals’ personal information has been subject to stricter supervision, and the collection of financial data is the most sensitive category. For example, banks are required to guarantee the security of data during sharing – ie, the shared data should not be stolen or tampered with, and user privacy should be protected from infringement. In terms of authorisation scope and transparency, banks need to ensure that the shared data can only be utilised within the time and space authorised by the customer, and that the customer understands what data they have shared, who is using the data, and what the risks are.

Some major banks in China are beginning to develop open banking services, even if these banks are exposed to potential risks triggered by regulatory uncertainty regarding data and privacy protection – for example, Shanghai Pudong Development Bank (SPDB) has developed its API Bank, through which SPDB has embedded its banking services into the Shanghai Port Service Office to process trade companies’ international payments or purchase orders online through the Shanghai Port Service Office platform in a matter of minutes.

In terms of criminal law, fraud related to financial services and fintech in China will involve offences that constitute various crimes under the PRC Criminal Law, depending on the specific conditions and circumstances, including but not limited to “the crime of illegally taking in deposits from the general public” under Article 176, “fundraising fraud” under Article 192, and “fraud by means of credit card” under Article 196. Each of these forms of criminal fraud has its own specific set of elements that courts will look to in order to determine whether or not fraud has been committed. For instance, in order to establish fundraising fraud, law enforcement needs to establish the following elements:

• an illegal intent of possession;
• unlawfully raising funds;
• using fraudulent means; and
• the amount involved must be relatively large or huge. 

As the digital economy continues to develop, financial fraud has evolved from simple account theft and credit card fraud to involving more complex methods (such as pyramid schemes, online shopping refunds, financial management, virtual currencies and other forms of fraud), with telecommunications network fraud emerging as a major area of new fraudulent activities.

As a result, the prosecution authorities have:

• strengthened protections on sensitive personal information related to financial accounts;
• continuously monitored the personal information security of financial consumers; and
• cracked down on telecommunications network fraud.

In addition, the National Financial Regulatory Administration has issued risk reminders aimed at better protecting consumer rights, warning consumers to be highly vigilant against fraudulent online investment and financial management fraud, and to guard against property losses.