What are the sources of payments law in your jurisdiction?
The PRC Law on the People’s Bank of China (promulgated in 1995, amended in 2003) and the PRC Law on Commercial Banks (promulgated in 1995, amended twice in 2003 and once again in 2015) are the primary sources of payments law in China; the People’s Bank of China (PBOC) serves as the essential regulatory body of payment activities in China.
On 16 October 2020, the PBOC published draft amendments to the PRC Law on Commercial Banks for public comment. The draft amendments intend to enhance the market entry requirements for commercial banks and raise the qualification requirements for investors entering into the commercial banking business. On 23 October 2020, the PBOC published draft amendments to the PRC Law on the People’s Bank of China for regulating commercial banks and non-banking financial institutions such as financial leasing companies, auto finance companies, consumer financing companies and any other company involved in offering financing-related services. Among other things, if passed, the draft would recognise the Renminbi in both physical and digital form, coinciding with the PBOC’s pilot scheme for Digital Currency Electronic Payments (DCEP), which is scheduled to continue until after the 2022 Beijing Winter Olympics.
In January 2021, the PBOC proposed a regulation, the Regulation on Non-Bank Payment Institutions, for regulating the payment services offered by non-bank institutions. Among other things, the draft regulation will require payment institutions to deposit their reserves in the PBOC or another qualified commercial bank, and the draft regulation specifies corresponding oversight measures the PBOC will implement to protect consumers’ rights and interests.
As the main regulatory body, the PBOC issues China’s principal payments regulations, including the Measures for Payment and Settlement in 1997 and the Administrative Measures on Payment Services by Nonfinancial Institutions in 2010. However, payment-related matters are not only subject to the oversight of the PBOC and its regulations. For example, the Law of the People’s Republic of China on Anti–Money Laundering may be implicated in payments-related matters and, although the PBOC undertakes anti-money laundering activities, the Ministry of Finance and Commerce and Public Security Bureaus may also get involved. As another example, cross-border payments will generally implicate the State Administration of Foreign Exchange and its regulations.
Can payment services be provided by non-banks, and if so on what conditions?
Yes. The third-party (i.e. non-bank) payment service market in China is in many ways a fully developed market. As of 2021, the Chinese market has over 200 players involved in the non-bank payments industry.
The People’s Bank of China (PBOC) serves as the key regulatory body of third-party payment activities in China, and it issues third-party payment licences (Payment Licences) which permit licence holders to offer online, mobile and offline payment services. To receive a Payment Licence, the applying entity must: have paid-in registered capital of at least RMB 100 million to apply for a nationwide Payment Licence, or paid-in registered capital of at least RMB 30 million to apply for a Payment Licence in a particular province; have at least five senior management personnel who are familiar with payment business; have established anti–money laundering systems that meet the applicable requirements; have payment service systems in place that meet the applicable requirements, including a business operation system and a disaster recovery system which can perform the intended payment business safely and independently; store, process and analyse all personal and financial information collected and generated in China within its territory; if it is necessary to transfer any data abroad for conducting cross-border payments, obtain consent from relevant data subjects and request that the overseas recipients of the data comply with confidentiality obligations; have a well-established organizational structure, internal control system and risk management measures; have business premises and security measures that meet the applicable requirements; and both the company and its senior management personnel must not have been subject to penalties in the last three years for committing any illegal activity or criminal offence using payment services or for providing payment services for any illegal activity or criminal offence.
The PBOC previously restricted foreign-invested entities (FIEs) from obtaining Payment Licences. However, this was changed with the issuance of the Announcement Regarding Certain Issues on Foreign Investment in Payment Institutions (Announcement) by the PBOC in March 2018. According to the Announcement, an FIE can apply for a Payment Licence if it is a PRC-registered limited liability company or joint stock limited company and if it meets the qualifications listed above (the same qualifications that apply to domestic entities). Parties dealing with foreign currency or Chinese currency cross-border payments may need to obtain one or two additional licences: one, for cross-border payments with onshore and offshore Renminbi, also from the PBOC, and another, for cross-border payments in foreign currency, from the State Administration of Foreign Exchange (SAFE).
The draft Regulations on Non-Bank Payment Institutions issued by the PBOC in January 2021 primarily aim to mandate non-bank institutions to improve their management of and mechanisms for safeguarding client funds. For example, in addition to obtaining the PBOC’s pre-approval for establishing a non-bank payment institution, the draft regulations would also require the institution to deposit its reserves with the PBOC or qualified commercial banks. The draft regulations also reflect a growing anti-trust concern, as they include provisions for the PBOC, in consultation with the anti-monopoly authorities, to take (early) action against non-bank payment institutions which exceed certain market share thresholds.
What are the most popular payment methods and payment instruments in your jurisdiction?
While in certain situations, bank transfers and promissory notes remain standard payment methods, particularly in B2B transactions, there is no doubt that Alibaba’s Alipay and Tencent’s WeChat Pay are the most popular general payment methods for daily B2C/retail transactions in China. Alipay and WeChat Pay have become part of daily life. These services are accepted by a broad range of businesses, from high-end restaurants and designer boutiques to street vendors and taxi drivers, and everything in between. Customers can press the ‘pay’ button on their smartphone, and a Quick Response (QR) code will appear for the vendor to scan using a point-of-sale (POS) device. In contrast, vendors who do not have POS devices often print and display QR codes that the customers can scan on their smartphone and then set the amount to transfer to such vendor’s electronic wallets. Phone-scannable QR codes also mean that anyone can become a merchant. Transfers between individuals are also convenient, simple and free of charge. While still accepted, cash is no longer widely used; Chinese people rarely carry a wallet, cash or bank card. While Alipay and WeChat Pay are essential for general life payments, UnionPay is a competitive option for B2B transactions. Any bank in China issuing a debit or credit card will have it linked to UnionPay, which remains the primary interbank network in China (and more generally the largest card network in the world) while also offering online payment methods alongside Alipay and WeChat Pay. Other clearing networks, such as China’s NetsUnion Clearing Corporation for non-bank payment institutions from China, and VISA, Master Card and American Express for debit and credit cards, are also in the Chinese market.
In addition, comparatively new payment tech, such as NFC and facial recognition, are also gaining traction, which may augment or add new dimensions to existing legal issues, e.g. under privacy and data protection regulation.
Since the end of 2019, the People’s Bank of China (PBOC) has carried out digital Renminbi (or DCEP) pilot tests in Shenzhen, Suzhou, Xiongan and Chengdu, which will continue through the 2022 Beijing Winter Olympics. Starting from November 2020, six new pilot areas were added, in Shanghai, Hainan, Changsha, Xi’an, Qingdao and Dalian. Up to 30 June 2021, there were over 1.32 million pilot scenarios for digital Renminbi, covering areas such as living costs, catering services, transportation, shopping and consumption and government services. More than 20.87 million personal wallets and 3.51 million public wallets were opened, and the total number of transactions was 70.75 million, yielding an amount of approximately RMB 34.5 billion. Digital Renminbi is a legal tender issued by the PBOC, it is mainly positioned as a cash payment voucher (M0). It is different from Alipay or WeChat Pay in many ways, e.g. while Alipay and WeChat Pay need to be bound to a bank card in order to be used, DECP does not – even though it currently requires an account with a commercial bank (transfers between users of DECP are independent of bank accounts, which is the same as Bitcoin and other digital currencies). In addition, DECP is meant to be as transactable as cash, and merchants should not have the option, as long as they have the systems to accept any electronic payments, to refuse it (as they can sometimes refuse Alipay while accepting WeChat Pay or vice versa).
What is the status of open banking in your jurisdiction (i.e. access to banks’ transaction data and push-payment functionality by third party service providers)? Is it mandated by law, if so to which entities, and what is state of implementation in practice?
Open banking is generally understood by the market as a system that provides software developers and related businesses with a network of financial institutions’ data through the use of application programming interfaces (APIs), which are established on the notion that individuals or entities might be willing to share their banking transaction details with third-party developers of APIs so that the individual end-users may enjoy more advanced and cheaper financial services. Although there are no specialised mandates or API standards for open banking in China, Chinese law guides the growth of open banking by imposing specific restrictions on the sharing of bank customer data. Thus, China has not (yet) provided for system-wide open banking or equivalent mechanisms like the UK may have done. However, some major banks in China are beginning to develop some open banking services. For example, Shanghai Pudong Development Bank (SPDB) has developed its API Bank, through which SPDB embeds its banking services into the Shanghai Port Service Office to process trade companies’ international payments or purchase orders online through the Shanghai Port Service Office platform in a matter of minutes. We believe China’s approach to regulating open banking will be pragmatic and organic, allowing industries to develop through experimentation and stepping in to tackle problems as they appear. At the same time, however, a tangential area of growing importance (in China as in other parts of the world), data and privacy protection, may raise barriers to interoperability and other interfacing of service providers, e.g. accessing banks’ transaction data, and thus to the further development of open banking in China. The implementation and enforcement of the existing regulations on protecting financial data, as well as the PRC Data Security Law and PRC Personal Information Protection Law, coming into effect on 1 September 2021 and 1 November 2021, respectively, will likely be key indicators if not sources of such barriers (see below, answer to question 5).
How does the regulation of data in your jurisdiction impact on the provision of financial services to consumers and businesses?
China’s primary data protection legislation is the PRC Cybersecurity Law, the newly promulgated PRC Data Security Law and PRC Personal Information Protection Law and the PRC Law on the Protection of Consumer Rights and Interests. However, some other general legislation concerns data protection as well. For example, illegally collecting, using, processing or transferring personal data is prohibited under civil legislation. Criminal legislation also establishes offences related to the infringement of citizens’ personal data and privacy, such as the offence of sharing personal information of citizens illegally collected without their consent, the crime of refusing to fulfil information network security responsibilities and the violations of stealing, purchasing or illegally disclosing other people’s credit card information. Sector-specific legislation, including banking, insurance, credit information and other sectors, sets out rules for protecting data. For example, the PRC Law on Commercial Banks stipulates principles of confidentiality for commercial banks’ handling of individual savings deposits. Another example is the Interim Measures for the Administration of the Basic Data of Individual Credit Information, issued in 2005, which requires commercial banks and credit information service centres to establish strict internal control and operational procedures to ensure the security of personal credit information, the scope and method of collecting personal credit information in personal credit databases, and ways for individuals to obtain their credit report.
Such legislation and other relevant supporting regulations, including but not limited to the Measures for Administration of Classified Protection of Information Security and Measures for the Security Review of Network Products and Services (Trial), set out rules for providing financial services to consumers and businesses. For example, network operators must publish the rules for collecting and using personal data and expressly notify users of the purpose, methods and scope of such collection and use; also, the collection and use of personal data should abide by the principles of ‘legitimacy, rightfulness and necessity’, which means only collecting personal data relevant and necessary for the provision of services, only processing the minimum type and amount of personal data necessary to fulfil the purpose that the data subject has given consent for, and only processing personal data within a proper and necessary scope.
Under the Circular on Strengthening Personal Financial Information Protection by Banking Financial Institutions, issued by the People’s Bank of China (PBOC), any personal financial information collected within China must be localized within the country. While no personal financial information collected within China can be immediately transferred offshore, a transfer is possible if provided for by laws, regulations and the People’s Bank of China. The personal financial information might be transferred offshore if a series of regulatory requirements are met: (i) the data recipients are affiliated with the domestic financial institutions (e.g. a parent, holding company, branch or subsidiary of the domestic financial institution); (ii) the purpose of the offshore transfer is necessary for the business; (iii) the informed consent of data subjects has been obtained; and (iv) a security assessment regarding the offshore data transfer has been completed. Additionally, the Personal Financial Information Protection Technical Specification, issued by the PBOC and effective as of February 2020, sets out specific requirements concerning the collection, transmission, storage, use and destruction of personal financial information.
The PRC government has generally been treading carefully, anxious not to slow down innovation but rather to establish frameworks and promulgate regulations that support economic growth while at the same time offering greater protection to consumers. China’s cybersecurity laws and regulations have led fintech firms to strengthen their investments in privacy protection and cybersecurity to promote compliance and internal control so that consumers will be protected while enjoying more convenient and cheaper financial payment services brought by fintech innovation.
However, the promulgation of the sweeping PRC Data Security Law and PRC Personal Information Protection Law alongside the high-profile enforcement action against ride-hailing service DiDi and the anticipated revision of the PRC Cybersecurity Review Measures, although none of them fall within the category of ‘financial services’, may be signals that data security and protection will constitute a much more sensitive regulatory area – and potential source of challenges – for financial service providers. The new data and personal information protection laws include many restrictions, regulatory requirements and penalties across the spectrum of processing and related conduct, including heightened consent pre-requisites, a re-iteration and expansion of the pre-requisite for certain network operators to follow certain regulatory procedures or even governmental procedures in certain circumstances, and fines ranging from RMB 1,000,000 to 50 million. That said, these privacy and data protection regulations bear similarities to, and yet are probably in most respects less exacting, than existing and anticipated privacy and data protection regulations of other jurisdictions.
What are regulators in your jurisdiction doing to encourage innovation in the financial sector? Are there any initiatives such as sandboxes, or special regulatory conditions for fintechs?
Chinese regulators generally encourage innovation in the financial sector. Blockchain is an example: it was identified as one of the core aims in the PRC government’s 13th Five-Year Plan in 2016. Since then, 12 authorities (including the Ministry of Commerce) have published guiding opinions on the promotion and development of blockchain in commodity trading markets. In addition, with the growth of mobile payments and online banking, the People’s Bank of China (PBOC) has developed a new consumer credit rating system that monitors an individual’s wealth and debt. The rating system includes household borrowing and utility bills, to give banks or third parties a more comprehensive picture of the individual’s financial position and credit risk so that systemic risks can be better controlled. Furthermore, Alipay and WeChat Pay also launched their credit-scoring system within their respective mobile apps, allowing individuals with high scores to enjoy special privileges, such as cash loans, consumer credit and deposit-free bicycle renting. The 2019 annual ‘Two Sessions’ sent strong signals of support for Chinese fintech development, as the representatives of the PBOC referred to trials of a regulatory sandbox mechanism for the fintech sector as an effective mechanism for accelerating the development of financial innovations and reducing compliance costs. In late 2019, the PBOC announced its Fintech Development Plan 2019 to 2021, which emphasises, amongst other things, the need to adhere to innovation-driven development and to accelerate China’s strategic deployment and secure application of fintech. The Fintech Development Plan demonstrates a firm commitment by the PRC to encourage innovation in the financial sector. By the end of 2020, the PBOC, along with other ministries, shifted to setting out plans to promote greener financing systems, attempting to resolve major financial risk, promoting financial opening-up and cracking down on crypto trading. In December 2019, the PBOC approved the Beijing Fintech Innovation Regulatory Trial, allowing financial institutions holding appropriate licences to launch trial fintech programs in real-world markets under close regulatory supervision. Since then, such sandboxes have been launched in over a dozen other locales, including Shanghai, Shenzhen, Chongqing, the Hebei Xiong’an New District, Hangzhou, Suzhou, Guangzhou and Chengdu, supporting over 100 sandboxed fintech projects. Some locales are going further, e.g. in 2021, Shanghai released several policy documents outlining the vision of developing the city into an international financial centre, citing further liberalisation and opening of the financial industry during the 14th Five-Year Plan period of 2021-2025.
Moreover, the PBOC, the China Banking and Insurance Regulatory Commission, the China Securities Regulatory Commission and the State Administration of Foreign Exchange jointly issued their Opinions on Financial Support for the Construction of the Guangdong-Hong Kong-Macao Greater Bay Area (Greater Bay Area), proposing a mechanism for a cross-border financial innovation regulatory sandbox in that area. Additionally, up to 30 June 2021, the PBOC had started trial use of its Central Bank Digital Currency in 11 cities and regions in the Yangtze River Delta region, the Perl River Delta region, the Beijing-Tianjin-Hebei region, and the central, western, north-eastern and north-western areas of China.
Do you foresee any imminent risks to the growth of the fintech market in your jurisdiction?
With the growth of the fintech market, risks are constantly emerging, such as the possibility that fintech platforms are used for fraud, money laundering or terrorist financing. There are also issues surrounding cybersecurity, data privacy and credit risks. Fintech businesses face not only these inherent risks but also risks of tightening regulation. For example, fraud risks in the credit market caused Chinese authorities to impose stricter regulations and establish a national credit reporting system. Fraud-related scandals of peer-to-peer (P2P) online lending platforms served as a stark reminder of the risks of using fintech when appropriate regulation and compliance processes are not in place. Fintech is also facing cybersecurity challenges with the rise of cyber-financial crimes. Hackers backed by criminal organisations establish offshore servers to hack into systems to steal money or destroy the reliability and credibility of such systems. Although it has added another layer of complexity, fintech firms need to take a preventive approach towards cybersecurity. For example, new generation ATMs have a much higher level of connectivity with mobile integration and face recognition, making them more vulnerable to software-based attacks and theft of customer card data. As such, the growing cybersecurity framework (intended to combat such issues) can be viewed as a potential curb on the growth of fintech businesses via compliance requirements or as an aid to their safe, stable and ultimately greater growth (see above, answer to question 5).
At the same time, new measures appear for the direct regulation of subsectors of the market. For example, in July 2020, the China Banking and Insurance Regulatory Commission (CBIRC) promulgated the Interim Measures for the Administration of Internet Loans of Commercial Banks, which sets forth several restrictions on pure online lending by commercial banks, e.g. the capped maximum amount of unsecured personal loans for consumption purposes available to a single borrower is RMB 200,000, and the term is also capped at one year if the loan is scheduled for repayment in a lump sum). On 2 November 2020, the People’s Bank of China and the CBIRC jointly published the Interim Administrative Measures on Online Microloan Operations (draft for public opinion). These draft measures aim to restrict further online microloan business, such as those operated by Ant Financial, and regulate online microloan lending companies as quasi banks. For example, the draft measures would limit the operations of online microloan lenders to the province of their locality of registration, except with prior approval from the State Council. The total aggregate online microloan balance for a natural person in China would be limited to RMB 300,000 or one-third of the average annual income of such person for the past three years, whichever is lower. The total aggregate online microloan balance for a legal person or other institution would be limited to RMB 1,000,000. Most importantly, an online microloan company would be restricted to borrowing no more than 1x its net assets via shareholder loans or other ‘non-standard forms of financing’, and 4x its net assets via bonds, asset securitisation products and other ‘standardised’ debt assets. It would not be able to sell any credit assets (i.e. debt owed by borrowers) other than non-performing loans. All of these developments reflect the PRC’s conservative attitude toward the full-fledged application of fintech in the market.
Following the Ant Group IPO event, the government authorities strengthened the supervision and requirements on microloan lending companies and consumer finance companies. The threshold for entering into microloan lending activities has risen, while, on the other hand, many microloan lending companies have exited the market. Reports claim that as of the end of June 2021, 432 companies have exited the lending market. Following the Ant Group IPO event, obtaining a licence for engaging in consumer finance activities is more difficult. Moreover, due to the Ant Group IPO attempt and the monopoly of Tencent and Baidu, the PRC has begun strengthening antitrust regulation, for instance, the introduction of draft amendments to the 2008 Anti-Monopoly Law. In July 2021, the Ministry of Industry and Information Technology launched a 6-month campaign to regulate the internet industry.
What tax incentives exist in your jurisdiction to encourage fintech investment?
Although China does not have tax incentives specifically for fintech, China has adopted tax incentives, subsidies, incubation funds, tax refunds and other preferential government policies for high-tech companies and certain foreign-invested entities. A ‘high-tech company’ recognized by the government is entitled to a variety of preferential policies, including (i) a reduced enterprise income tax (EIT) rate of 15% (compared to the normal rate of 25%), (ii) an exemption of income tax on assignments of nonexclusive licences with a term of five years or more for the first RMB 5 million received from the licence, and a 50% reduction in the income tax to be paid on the amount received from the licence in excess of RMB 5 million; (iii) the allowance of accelerated depreciation of certain fixed assets; and (iv) government subsidies paid to the company and employees hired by the company. In addition, the government provides a temporary waiver of EIT (usually at 10%, unless a preferential tax rate applies under a double tax treaty or arrangement) for non-tax resident enterprises (i.e. foreign investors) that make direct investments in projects and fields for which foreign investments are not banned, with profits distributed by a tax-resident enterprise in the PRC (Tax Deferral), if certain conditions are met. The Fintech Development Plan (see answer to question 6) mentioned that the relevant authorities should explore ways of granting financial support for the development of fintech, including the revision of tax policies, which remains a subject of continued observation.
Which areas of fintech are attracting investment in your jurisdiction, and at what level (Series A, Series B etc)?
The rapid development of technology, including artificial intelligence, blockchain, cloud computing and big data, has brought tremendous changes in the financial services model. Based on our observations, the following areas are the main fintech areas that are attracting investment in China: payments and e-wallets, supply chain and consumer finance, online insurance and personal finance management. We see fintech entrepreneurial projects from early stage to pre-IPO stage in roughly equal numbers, as well as some fintech IPOs.
If a fintech entrepreneur was looking for a jurisdiction in which to begin operations, why would it choose yours?
In addition to the high levels of internet and mobile penetration, years of sustained economic growth and substantial financial needs of the country, China’s fintech sector benefits from vital fintech ecosystems and critical inputs, including a highly educated workforce, the availability of investment capital, advantageous government policies and great demand. There are numerous specific key pull factors of this jurisdiction for beginning operations. For example, much fintech talent support China’s fintech market, including experts on both the finance and technology sides of the industry and many professionals with top international educations and work experience. Further, the high availability of capital in the Chinese market, mainly from domestic investors, provides investment for fintech firms of all kinds, especially early-stage companies. Moreover, the PRC government has been very active in promoting innovative initiatives to support the growth of fintech companies by offering monetary and tax incentives (see answers to questions 6 and 8). There are also other innovative policy initiatives, e.g. new Shenzhen policies for the fintech market include: (i) permitting the set-up of wholly foreign-owned enterprises in credit investigation and rating service areas; (ii) reducing the start-up time for all wholly foreign-invested enterprises to less than 5 working days; (iii) supporting (including up to RMB 10 million in financial support) foreign investment to set up research and development institutions; (iv) exempting imported supplies for research from import duties, value-added tax and consumption tax and offering a full refund for all value-added tax for purchases of domestic equipment; (v) offering financial companies one-off awards according to paid-in capital, e.g. those with a paid-in capital reaching RMB 1 billion can received a one-off RMB 20 million award.
Access to talent is often cited as a key issue for fintechs – are there any immigration rules in your jurisdiction which would help or hinder that access, whether in force now or imminently? For instance, are quotas systems/immigration caps in place in your jurisdiction and how are they determined?
While the PRC Labour Law, PRC Contract Law and other legislation set out relatively comprehensive rules concerning the relationship between talent and employers, immigration rules make up a less developed framework. The result, however, is a general hospitality to foreign talent, with multiple types of work visas/permits, some not subject to quotas and others with quotas that are very loose. While the process may involve several, typically time-consuming steps (work permit, work visa and residence permit), there is even a fast-track process for certain categories of foreign workers (e.g. leading scientific talent and international entrepreneurs). However, COVID-19 and measures associated with it have somewhat curtailed the flow of talent into China: most foreigners, even those with work and residence permits in China, were not allowed to return to China for a large part of 2020, and entry has in 2021 still generally been subject to additional paperwork and procedures.
If there are gaps in access to talent, are regulators looking to fill these and if so how? How much impact does the fintech industry have on influencing immigration policy in your jurisdiction?
It does not appear that specific gaps have been identified, but China is still ramping up its intake of foreign talent. Further to the fast-track process for special categories of talent, on 1 August 2019, China’s National Immigration Administration (NIA) adopted 12 new and convenient immigration policies in relation to entry and exit matters for foreigners and their accompanying family members, which will further streamline the process for foreign workers, including those in fintech, to come to China. The policies also offer substantial benefits beyond the process itself, e.g.: certain high-level and skilled foreign workers (such as scientific talent who may be involved in fintech) may obtain 5-year residence permits while certain others (such as those who have made significant contributions to China) may obtain 10-year residence permits. Accompanying spouses and children (under the age of 18) of qualifying foreigners are also eligible for such residence permits.
What protections can a fintech use in your jurisdiction to protect its intellectual property?
China is creating an increasingly favourable intellectual property (IP) environment. There are various protections from myriad IP laws and regulations, such as the PRC Patent Law, PRC Copyright Law, E-Commerce Law and PRC Anti-Unfair Competition Law (which covers trade secrets, including know-how and source code). Furthermore, applicants can obtain IP rights ever more quickly and with lower costs. China has also established specialist IP courts in Shanghai, Beijing and Guangzhou, where most IP cases are tried, while an IP tribunal was formed as a new subdivision in the Supreme People’s Courts on 1 January 2019. Amendments to the PRC Copyright Law in 2020 included punitive damages, an increase in statutory damages and an increase in civil fines for infringement.
Fintech may be able to obtain protection on many inventions and creations as well as branding. For example, source code, databases and relevant data are deemed trade secrets protected under the PRC Anti-Unfair Competition Law. Now fintech firms have specialist courts to seek protection and redress, including recourse to China’s highest court. Finally, as programmatic documents specifically for IP reform, such as the Opinions on Several Issues Concerning Strengthening Reform and Innovation in Intellectual Property Trials, are issued by major government players (in the aforementioned case, by the ‘Two Offices’ at China’s highest levels of government), it may not be long until fintech IP is specifically addressed similarly.
How are cryptocurrencies treated under the regulatory framework in your jurisdiction?
Cryptocurrencies, such as Bitcoin, Ethercoin and even stablecoin, are expressly prohibited and generally deemed to have no value. The 23 October 2020 draft amendments to the PRC Law on the People’s Bank of China would provide a legal basis for digital currency electronic payments (DCEP), though they may only apply to the Central Bank Digital Currency (CBDC) in pilot use by the People’s Bank of China. The DCEP pilot schemes started in November 2020, and up to 30 June 2021, totalled over 1.32 million pilot scenarios for digital Renminbi, with more than 20.87 million personal account wallets and 3.51 million public account wallets opened, and yielded a total number of 70.75 million transactions, amounting to a total of RMB 34.5 billion, according to the White Papers on the Progress of the Research and Development of China’s CBDC, published by the PBOC’s Working Group on the Research and Development of CDBC in July 2021. Despite such high volumes of transactions, users have criticized the online wallet system for not being user friendly enough. The DCEP pilot will continue through the Beijing Winter Olympics in 2022.
How are initial coin offerings treated in your jurisdiction? Do you foresee any change in this over the next 12-24 months?
Initial Coin Offerings (ICOs) are officially banned in China. They have been deemed illegal financing activities as per a PBOC circular issued in September 2017. All organisations and individuals are prohibited from engaging in fundraising activities involving ICOs; banks and other financial institutions are also prohibited from involvement in transactions relating in any way to ICOs.
Are you aware of any live blockchain projects (beyond proof of concept) in your jurisdiction and if so in what areas?
The use of blockchain technology beyond its cryptocurrency applications has been welcomed and even encouraged by regulators. On 10 January 2019, the Cyberspace Administration of China (CAC) released the Provisions on the Administration of Blockchain-Based Information Services (Blockchain Provisions), which are the first official rules to regulate the blockchain industry in China and impose clear procedural guidelines for providing non-crypto currency, blockchain-based information services within China. Some key points are noteworthy: blockchain information services in China are defined as information services delivered to the public through the internet or application programs or otherwise and based on blockchain technology or systems. Central and local CAC are responsible for the administration and law enforcement of blockchain information services within their respective administrative regions.
The Blockchain Provisions encourage self-regulation in the blockchain industry to promote the growth and proper development of the blockchain industry. They set out certain requirements for blockchain service providers to ensure compliance with cybersecurity law. For example, blockchain service providers must certify the real identity of blockchain service users by checking relevant organisation codes, identity card numbers and mobile phone numbers and keeping the login records of users for at least 6 months. When a blockchain service provider intends to launch any new products, application programs or functions, it is now required to report to the CAC and undergo a security assessment. While the Blockchain Provisions do not require operating permits for blockchain services, they have a filing requirement concerning blockchain service providers. The PRC’s new ‘regulatory sandbox’ regime (see answer to question 6) also features several trial applications of blockchain technologies in the fintech sector. As of 25 April 2021, the CAC has launched its own Blockchain Service Network (BSN). The BSN is a national blockchain platform led by China’s State Information Centre and backed by giant state-owned companies like China UnionPay, China Mobile and China Merchants Bank. The initiative is meant to provide an economical and efficient way for small and medium-sized enterprises to use blockchain technology and build decentralised apps. BSN integrated Chainlink, the blockchain middleware, into its network while announcing at the same time 6 public chains, Tezos, NEO, Nervos, EOS, IRISnet and Ethereum, to be used on the BSN. With the inclusion of Ethereum, there was a possibility that the BSN would be a way to globalise Chinese blockchain technology, but BSN was split into two entities, BSN International and BSN China.
To what extent are you aware of artificial intelligence already being used in the financial sector in your jurisdiction, and do you think regulation will impede or encourage its further use?
The artificial intelligence (AI) market in China is seeing strong growth, particularly in the following areas within the fintech sector: (i) speech recognition and natural language processing applications, such as smart customer service, deep-dive behaviour analysis and voice data mining; and (ii) machine learning, neural network applications and knowledge maps, each for applications such as wealth management, fraud detection, intelligent risk control and robo-advising. PRC regulators are neither encouraging nor impeding AI technology, though the onerous licencing and other requirements for financial advisory services related to publicly traded funds and securities necessarily entail considerable regulation of AI. Certain ‘intelligent advisers’ in the private investment sector (e.g. asset managers exclusively providing services to qualified investors) are subject to a different set of regulatory requirements regarding the use of AI. The different conditions have been comparatively lax but have recently been subject to increased regulation that will impact China’s fintech sector.
As the latest general guideline for the asset management industry, the Guiding Opinions for Regulating Asset Management Business of Financial Institutions, jointly promulgated by the People’s Bank of China (PBOC), the China Banking and Insurance Regulatory Commission, the China Securities Regulatory Commission and the State Administration of Foreign Exchange on 27 April 2018, further reiterate that any institution which wishes to use AI technology to engage in investment advisory services must obtain an investment advisor licence. The Guiding Opinions provide that nonfinancial institutions are prohibited from engaging in asset management activities under the alternative name of ‘intelligent investment advisers’ if their registered business scope does not include ‘asset management’.
As China has increasingly been opening up its asset management market (including its market of securities investment fund managers), allowing seasoned foreign investment management firms such as JP Morgan, BlackRock and Fidelity to set up wholly foreign-owned private fund management services onshore, it is foreseeable that these foreign giants would be able to further tap into the Chinese private intelligent advisory services market by targeting qualified investors in China.
The Fintech Development Plan (see answer to question 6) expressly calls for the optimisation of AI, data resources, algorithm models, hashing power support, and other core artificial intelligence assets and the deep integration of AI technology with financial business in the PRC. In addition, although not expressly prohibited by the PRC Securities Law, after a series of PRC stock market crises in 2015, quantitative algorithmic trading, or so-called ‘high-frequency trading’ using a direct connection to the stock exchanges’ systems, have been effectively banned in the PRC, given that such practices are blamed for causing (at least partially) market meltdowns. However, since late 2019, there appear to be public discussions calling to lift these bans.
As of 2021, the PBOC has started pilot schemes around the country to integrate financial data using artificial intelligence, aiming to explore the application of AI to drive the high-efficiency handling and security of sharing financial data and achieve cross-tier, organisational integration of data applications. The fast-growing technological company, SenseTime, has partnered with the central bank to promote research into AI uses in the financial sector.
Insurtech is generally thought to be developing but some way behind other areas of fintech such as payments. Is there much insurtech business in your jurisdiction and if so what form does it generally take?
The insurance industry has undergone tremendous changes due to technological innovations in the industry. Thousands of enterprises involved in online insurance have been reported established each of the last several years.
Beyond traditional insurance moving online from offline, insurtech has triggered innovations throughout the insurance industry and forged a brand-new ecological model. Ant Financial’s Mutual Aid (Mutual Aid) is an example: it is a health insurance product for lower-income families, similar to conventional health insurance products. Members of Mutual Aid will receive health care coverage for free if they share medical expenses when other members become ill. The Mutual Aid plan is cheaper and more affordable than traditional health insurance: each member pays an amount based on the ratio of members to those who fall ill. This amount is regularly adjusted to match the realities of the membership: recently, for example, it was RMB 15.7 per member per month. However, Ant Financial does cover some of the excess expenses resulting from more members falling ill than figured in the membership fee calculation. Mutual Aid can potentially benefit lower-income families and individuals who do not have full access to medical coverage from public programs or other traditional insurance programs.
However, such mutual aid business models have come under scrutiny from insurance authorities for promoting products as insurance when, according to the authorities, the products differ in significant respects, e.g. not affording the same degree of guarantee of coverage as (traditional) insurance. On 14 November 2020, the Measures on Internet Insurance Business were issued by the China Banking and Insurance Regulatory Commission, effective as of 1 February 2021. These measures will likely limit the kinds of parties that can conduct certain insurtech business, e.g. prohibiting third-party online platforms (as opposed to platforms operated by qualified insurance institutions), while also imposing new compliance requirements and potential penalties.
Are there any areas of fintech that are particularly strong in your jurisdiction?
Mobile payments, dominated by two apps, WeChat Pay and Alipay, have become so common in China that paying with cash is practically unheard-of, even with street vendors and taxi drivers. Competition for a larger market share has propelled innovations such as Alipay’s ‘Smile to Pay’ facial recognition system through which customers can authenticate their payments by having their faces scanned. Such rapid development in mobile payments is partially due to China’s unique fintech ecosystem: a tech-savvy population, an underdeveloped banking industry and a permissive regulatory environment. Tencent’s WeBank was China’s first digital bank, established at the end of 2014, and it was closely followed by Alibaba affiliated MyBank, as well as Baidu and China CITIC Bank’s aiBank. Such digital banks provide financial services to people who do not have access to traditional financial services. For example, WeBank’s most popular service is Weilidai Consumer Loans, available through Tencent’s WeChat app, which provides unsecured personal loans in the range of RMB 500 to RMB 200,000. Weilidai Consumer Loans give borrowers a 24/7 digital banking experience with the flexibility to borrow and return at any time.
What is the status of collaboration vs disruption in your jurisdiction as between fintechs and incumbent financial institutions?
There has been more competition/disruption than collaboration in China between fintech companies and incumbent financial institutions. In particular, WeChat and Alipay have taken huge market shares in the payments space, with it now being estimated that 47 percent of daily expenses go through mobile payments. However, banks themselves have been innovating to try and regain market share in the payments space. For example, UnionPay has connected nearly all mainland banks within one mobile app to expand mobile payment services; and China’s dominant bank card clearing service has launched a nationwide campaign with aggressive discounts on transaction fees on the vendors’ side to attract users of Alipay and WeChat Pay, and has also successfully pushed Alipay and WeChat Pay to charge customers for fund transfers from Alipay or WeChat Pay to bank accounts. However, there have also been some instances of collaboration. For example, fintech companies have established collaborative relationships with commercial banks, such as the one between Ant Financial and the SPDB, whose digital transformation Ant Financial supports with its technological capabilities, and another between WeBank and the Agricultural Bank of China in the fields of mobile payment smart accounts, cross-border payments, credit card business, etc.
To what extent are the banks and other incumbent financial institutions in your jurisdiction carrying out their own fintech development / innovation programmes?
Banks in China have been investing more in technologies such as AI, biometric identification, big data and blockchain. For example, China Construction Bank, one of the largest state-owned banks, released an app to connect real-estate developers, purchasers, owners and renters in the Greater Bay Area (which covers Hong Kong, Macau and 9 cities in Guangdong province). Among other features, renters can apply for loans for long-term commercial leases through the app. Another bank, the Industrial and Commercial Bank of China, also one of the largest state-owned banks, has launched facial scanning technology at ATMs. UnionPay has linked all the ATMs around the country for any bank, making it the single bank card in China connected to all banks. Banks are reported to be behind the majority of projects in the many fintech regulatory sandboxes launched since January 2020 (see answer to question 6).
Are there any strong examples of disruption through fintech in your jurisdiction?
There have been several strong examples of disruption by fintech companies in China. The most significant disruption has been in the payment space, but there have been others as well. For example, there has been a sharp rise in online lending/deferred payments provided by fintech giants such as Alibaba and JD, which provide loans to shoppers on Taobao or JD (both similar to Amazon/eBay), who can choose to make instalment payments when purchasing products. This move by e-commerce companies into consumer credit pits them against China’s largest credit card issuer, UnionPay, and banks. Deposit-like vehicles are also challenging banks’ funding models. In 2013, Alibaba launched an app called Yuebao that allowed users to seamlessly invest in money market funds, with no minimum amount and the option to withdraw funds. These funds offered higher rates than those associated with bank accounts. In addition, the initial absence of regulations sparked the boom of the online lending market and gave rise to many scams and high-risk financial models. The most headline-grabbing case was Ezubao, in 2016, which was an online peer-to-peer lending platform that promised double-digit annual returns to investors. However, the platform turned out to be a Ponzi scheme. After the Ezubao scandal, P2P platforms faced the first wave of regulation intended to standardise the industry, which placed caps on loan sizes and forced lenders to use custodian banks to hold their deposits. To date, the market has not seen a single P2P platform completing any official registration for such platforms, which is considered de facto governmental approval for the business. The total number of P2P platforms still in operation plunged to 15 by the end of August 2020, a 99% decline from early 2019, according to statistics revealed by the China Banking and Insurance Regulatory Commission in a news release. We believe that the tighter regulatory environment will lead smaller players to either fold or collaborate; as a result, several stable companies will eventually emerge and operate under the heightened regulatory scrutiny to promote the healthy and sustainable development of internet platforms, though shocks can rock even the largest players, e.g. the last-minute suspension of Ant Financial’s Shanghai-Hong Kong dual IPO, previously scheduled for 5 November 2020. After the investigation, other tech giants, such as Tencent, Baidu, Meituan and Bytedance, have been fined for violating competition laws, while other fintech giants, such as JD Group’s JD Digits, have suspended IPO plans.
China: Fintech
This country-specific Q&A provides an overview of Fintech laws and regulations applicable in China.
What are the sources of payments law in your jurisdiction?
Can payment services be provided by non-banks, and if so on what conditions?
What are the most popular payment methods and payment instruments in your jurisdiction?
What is the status of open banking in your jurisdiction (i.e. access to banks’ transaction data and push-payment functionality by third party service providers)? Is it mandated by law, if so to which entities, and what is state of implementation in practice?
How does the regulation of data in your jurisdiction impact on the provision of financial services to consumers and businesses?
What are regulators in your jurisdiction doing to encourage innovation in the financial sector? Are there any initiatives such as sandboxes, or special regulatory conditions for fintechs?
Do you foresee any imminent risks to the growth of the fintech market in your jurisdiction?
What tax incentives exist in your jurisdiction to encourage fintech investment?
Which areas of fintech are attracting investment in your jurisdiction, and at what level (Series A, Series B etc)?
If a fintech entrepreneur was looking for a jurisdiction in which to begin operations, why would it choose yours?
Access to talent is often cited as a key issue for fintechs – are there any immigration rules in your jurisdiction which would help or hinder that access, whether in force now or imminently? For instance, are quotas systems/immigration caps in place in your jurisdiction and how are they determined?
If there are gaps in access to talent, are regulators looking to fill these and if so how? How much impact does the fintech industry have on influencing immigration policy in your jurisdiction?
What protections can a fintech use in your jurisdiction to protect its intellectual property?
How are cryptocurrencies treated under the regulatory framework in your jurisdiction?
How are initial coin offerings treated in your jurisdiction? Do you foresee any change in this over the next 12-24 months?
Are you aware of any live blockchain projects (beyond proof of concept) in your jurisdiction and if so in what areas?
To what extent are you aware of artificial intelligence already being used in the financial sector in your jurisdiction, and do you think regulation will impede or encourage its further use?
Insurtech is generally thought to be developing but some way behind other areas of fintech such as payments. Is there much insurtech business in your jurisdiction and if so what form does it generally take?
Are there any areas of fintech that are particularly strong in your jurisdiction?
What is the status of collaboration vs disruption in your jurisdiction as between fintechs and incumbent financial institutions?
To what extent are the banks and other incumbent financial institutions in your jurisdiction carrying out their own fintech development / innovation programmes?
Are there any strong examples of disruption through fintech in your jurisdiction?