Blog: Fintech Laws and Regulations Report 2022 The FinTech Regulatory Regime in China –

1. Definition of FinTech

The Financial Stability Board (“FSB”) defines Financial Technology (“FinTech”) as “technologically enabled innovation in financial services that could result in new business models, applications, processes or products with an associated material effect on financial markets and institutions and the provision of financial services”.1  Such definition has been recognised worldwide, including by the People’s Bank of China (the “PBOC”), which is the forerunner in regulating FinTech in China and has referred to such FSB definition in its FinTech Development Scheme (2019–2021) (《金融科技(FinTech)发展规划(2019–2021年)》, the “PBOC FinTech Development Scheme”) issued in August 2019.

To fully understand FinTech and its development in China, first of all it helps to distinguish such term from the similar concept of internet finance (互联网金融).  As indicated by its name, internet finance primarily refers to the use of the internet in financial activities, whilst FinTech broadly covers innovation in financial services enabled by various types of technology.  In China, internet finance used to be more hotly discussed and primarily associated with online financing platforms such as peer-to-peer (“P2P”) lending and crowdfunding.  Notably, the term internet finance was often used by PRC financial regulators in official documents issued in past years such as 2014–2016.  In recent years, the term FinTech has more frequently appeared in relevant regulations.  Some view internet finance as an early version of FinTech in the PRC.2  Indeed, in the 2019 version of the PBOC FinTech Development Scheme, the PBOC emphasises the use of artificial intelligence (“AI”), big data, cloud calculation and the Internet of Things (“IoT”), rather than merely the internet.

As to the specific types of FinTech, it may be classified into four categories as below:

  • Category 1: payment, clearing and settlement services, which have been widely used by many jurisdictions.  In the retail sector, it may take the form of mobile wallets and so-called “digital currencies”; and in the wholesale sector, foreign exchange wholesale and digital exchange platforms.  China has been widely renowned for its convenient mobile payment tools such as Alipay and WeChat Pay.  China has also launched its e-CNY, which is recognised as a special form of Chinese yuan.
  • Category 2: deposit, loan and financing services, such as mobile banking, internet lending and credit rating.  For retail sectors, China leads the world in these areas, with large internet companies playing an important role in internet lending and consumer credit rating.
  • Category 3: investment management services, such as the use of FinTech in investment decision-making and high-frequency trading.  In recent years, the use of FinTech in the investment management industry has been a hot issue in China, drawing attention and investment from both domestic financial institutions and foreign asset managers who are keen to explore China’s huge asset management market.
  • Category 4: market support services, such as IoT, data applications (e.g. big data analysis and machine learning), blockchain, cloud calculation and AI.  China has been investing heavily in 5G and IoT development and paid much attention to blockchain and AI.

2. Overview of Regulators/Regulatory Development

As mentioned in Section I above, in earlier days, internet finance was a major form of FinTech in China, and thus relevant regulations focused on internet finance.  In July 2015, several PRC regulators jointly issued the Guiding Opinions on Promoting the Healthy Development of Internet Finance (《关于促进互联网金融健康发展的指导意见》, the “Internet Finance Development Guiding Opinions”).  As emphasised in the Internet Finance Guiding Development Opinions, internet finance is still finance in nature, and thus shall be subject to the regulation of relevant authorities.  According to the Internet Finance Development Guiding Opinions, the major authorities and the areas subject to their regulation include:


■ Internet payments (by banking financial institutions and third-party payment institutions).

CBIRC (China Banking and Insurance Regulatory Commission)*

■ Online lending, including P2P online lending and internet small-amount lending.

■ Internet insurance.

CSRC (China Securities Regulatory Commission)

■ Equity crowdfunding.

■ Internet fund sales.

* The CBIRC was established in March 2018 by merging the former China Bank Regulatory Commission and the former China Insurance Regulatory Commission.

In April 2016, the General Office of the State Council issued the Implementation Plan for Specialized Rectification Work of Internet Finance Risks (《互联网金融风险专项整治工作实施方案》, the “Internet Finance Risk Rectification Plan”), which was aimed at dealing with financial risks caused by illegal internet finance activities.3

Notably, the Internet Finance Development Guiding Opinions were issued by various authorities jointly and the Internet Finance Risk Rectification Plan was issued by the General Office of the State Council.  At around the same time, joint efforts were made by PRC authorities to enhance financial regulation.  In July 2017, the Financial Stability and Development Committee (the “FSDC”) was established under the State Council, which is in charge of, among others, coordinating financial regulation across various financial industries.  With respect to FinTech specifically, in May 2017, PBOC established a FinTech Committee to enhance coordinated efforts on FinTech development.4  The PBOC FinTech Committee has issued, in addition to the aforesaid 2019 version of the PBOC FinTech Development Scheme, the updated 2022 version titled the FinTech Development Scheme (2022–2025) (《金融科技(FinTech)发展规划(2022–2025年)》).

FinTech regulation has been rapidly developing in recent years in China (especially after the promulgation of the aforesaid Internet Finance Risk Rectification Plan in 2016 and the establishment of the FSDC and the PBOC FinTech Committee in 2017).  These past few years have also witnessed the jump in AUM of the asset management industry, the growing power of large internet companies and their expansion to the financial sectors, and increased concerns over data security.  As such, the development of China’s FinTech regulation is highlighted by key regulations and events that have strengthened regulation over FinTech adopted in the asset management industry, financial businesses of large internet companies, and cyber security and data protection.  Whilst it is difficult to set out all the major developments in China’s FinTech regulation that have taken place in recent years, those summarised in Sections III to IV might be among the most noteworthy ones.

3. Fintech for Asset Management

Generally, PRC authorities require entities that provide financial-related services via FinTech to obtain the appropriate licence.  As far as asset management-related businesses are concerned, the types of financial licences involved mainly include the investment advisory licence, the investment management licence, and the investment product sales licence.  With respect to the investment advisory/management licences, the Guiding Opinions on Regulating Asset Management Business of Financial Institutions (《关于规范金融机构资产管理业务的指导意见》, commonly referred to as the “New Asset Management Rules”) promulgated in April 2018 require that conducting investment advisory businesses by making use of AI shall be subject to the investment advisory licensing requirements, and non-financial institutions may not engage in asset management businesses in a disguised form by making use of AI.  In particular, to carry out asset management businesses by making use of AI, financial institutions still need to meet general regulatory requirements in respect of investor suitability, investment scope, information disclosure and risk segregation.

To facilitate regulation over investment activities driven by AI, under the New Asset Management Rules, financial institutions are required to report trading parameters and investment portfolio logic of AI models to financial regulators for record, and financial institutions shall also fully disclose to investors the inherent defects and relevant risks of AI algorithms.  Further, the trading positions, risk limits, transaction categories and pricing authority of intelligently managed accounts shall be closely monitored.

One major market development is the application of AI in mutual fund investments.  On October 25, 2019, the CSRC issued the Circular on Carrying Out the Pilot Work of Investment Advisory Business for Publicly Offered Securities Investment Funds (《关于做好公开募集证券投资基金投资顾问业务试点工作的通知》, the “Fund Investment Advisory Circular”), launching the pilot programme of fund investment advisory business.  Entities that have been approved to provide fund investment advisory services under the Fund Investment Advisory Circular include traditional fund management companies, securities companies, commercial banks, and also large internet companies.  Among such entities, the most reported one is Vanguard Investment Advisors (Shanghai) Investment Consultancy Co., Ltd. (先锋领航投顾(上海)投资咨询有限公司, the “Ant-Vanguard JV”), a joint venture established by Ant Group and Vanguard.  The Ant-Vanguard JV has launched its “Helping You to Invest” (帮你投) investment advisory service, which profiles and advises users by making use of AI, big data and cloud calculation.  “Helping You to Invest” is reported to be leading in the fund investment advisory market and has attracted more investors than any other fund investment advisor.

4. Financial Businesses of Large Internet Companies

As mentioned in Section I above, PRC regulators have been regulating FinTech broadly rather than limiting their attention to internet finance.  That said, at least in the past two years, the regulators have been taking particular efforts to strengthen regulation over large internet companies (e.g. Alibaba and Tencent) and their financial businesses.

Among such efforts, the most well-known event might be the suspension of Ant Group’s IPO in November 2020.  Meanwhile, the market discussed whether to view and evaluate Ant Group as a technology company or as a financial institution.5  From the PRC regulators’ perspective, the answer appears to be that regulation over financial activities of FinTech companies shall be strengthened.  Also, in November 2020, the CBIRC and the PBOC issued the Interim Measures on Internet Microloan Business Administration (Draft for Consultation) (《网络小额贷款业务管理暂行办法(征求意见稿)》, the “Microloan Measures”).  The Microloan Measures set out restrictions on microloan companies, such as:

  • for a joint loan (which, in practice, may refer to a loan jointly extended by a FinTech company through its microloan company and a commercial bank), the fund contributed by the microloan company may not be less than 30%; and
  • the outstanding amount of funds obtained via issuing bonds or ABS may not be over four times its net assets.

Such rules, once implemented, might substantially restrict the financial business scale of certain large internet companies, which is achieved through the so-called “originate-to-distribute” business model.  Whilst the Microloan Measures have not been finalised yet, the trend of strengthening regulation over large internet companies is clear.  In January 2021, in their 2021 work meetings, the PBOC and the CBIRC emphasised that they would strengthen the prudential regulation over financial activities of internet platform companies.6

More broadly, Chinese authorities appear to be concerned about the overall business risks of large internet companies and their strong presence in various business sectors.  Such concern of Chinese authorities might be more serious than regulators in many other jurisdictions, since large Chinese internet companies are equipped with both big data and various financial licences (credit rating, payment, asset management, etc.).  They are active across various types of financial services and have dominant market shares in areas such as mobile payments, making them more powerful than their foreign counterparties.7

Notably, the business form of large internet companies has been recognised by authorities as “platform economy” (平台经济), which requires coordinated regulation by various authorities.  In December 2021, the Several Opinions on Promoting Compliant and Healthy Sustained Development of Platform Economy (《关于推动平台经济规范健康持续发展的若干意见》, the “Platform Economy Opinions”) were issued by nine authorities jointly, including, among others, the PBOC, the National Development and Reform Commission and the Cyberspace Administration of China.  The Platform Economy Opinions provide that all financial activities must be subject to financial regulation and be carried out by licensed entities.  The Platform Economy Opinions also require that platform economies be regulated from such perspectives as data security, credit information and anti-monopoly.  As such, powerful internet platforms in China might face more stringent regulations in various aspects such as data security, anti-monopoly and anti-unfair competition.

5. Cyber Security Law and Data Protection

China has been strengthening regulation over cyber security and data protection in the past few years, with particular attention paid to the financial sectors.

In June 2017, the PRC Cyber Security Law (《中华人民共和国网络安全法》, the “CSL”) came into effect.  Under the CSL, a critical information infrastructure operator (关键信息基础设施的运营者, “CIIO”) is subject to stringent obligations, such as setting up and deploying specialised security management departments and security management responsible persons.  Critical information infrastructure (“CII”) is defined under Article 31 of the CSL as information infrastructure in important industries/sectors, including, among others, the financial industry, which, if damaged, disrupted or impacted by a data breach, may materially impact national interest or public interest.

In particular, the CSL imposes stringent requirements on the collection and use of personal information by network operators.  When collecting and using personal information, network operators must comply with the principles of legality, justification and necessity, disclose rules for such collection and use, clearly indicate the purposes, methods and scope of information collection and use, and obtain the consent of those from whom the information is collected.  Network operators are further subject to specific obligations; for example:

  • they shall not collect personal information that is not related to the services they provide;
  • they shall not collect or use personal information in violation of applicable laws and regulations and the agreed methods;
  • they shall neither disclose, falsify, or damage collected personal information, nor disclose personal information to third parties without the consent of the person from whom the information is collected, unless after processing the information the specific person cannot be identified and the information cannot be recovered; and
  • they shall take technical and other necessary measures to ensure the security of personal information and prevent leakage, damage or loss of such information; and that in the event that personal information has been or may be leaked, damaged or lost, remedial actions shall be taken immediately.

With respect to financial institutions specifically, on February 13, 2020, the PBOC released the Personal Financial Information Protection Technical Specification (《个人金融信息保护技术规范》, the “PBOC PFI Specification”, JR/T 0171—2020), which sets out detailed technical requirements on protection of personal financial information by financial industry institutions (金融业机构) through the process of providing financial products and services within the PRC.  Financial industry institutions under the PBOC PFI Specification include, apart from licensed financial institutions, relevant institutions that are involved in processing personal financial information.  Notably, the PBOC PFI Specification was drafted by relevant departments under the PBOC and also market participants such as Zhejiang Ant Small and Mirco Financial Services Group Co., Ltd., (浙江蚂蚁小微金融服务集团股份有限公司), which was the name of Ant Group before it was changed in July 2020 to Ant Group Co., Ltd. (蚂蚁科技集团股份有限公司).

6. RegTech

Compared with FinTech, the term regulatory technology (“RegTech”) has not been as commonly used in PRC laws and regulations, but it is also hotly discussed among financial regulators and market participants.  As these two terms are often misunderstood and confused with each other, understanding RegTech also helps to obtain a full picture of FinTech regulation.

1          Definition of RegTech

A universally accepted definition of RegTech does not appear to be available.  In certain offshore jurisdictions, RegTech is considered a subdivision of FinTech and refers to the use of technologies by financial institutions to more efficiently comply with regulatory compliance requirements,8 such as regulatory reporting tools and technologies that facilitate reporting to regulators.  Under the PRC context, such term appears to also refer to using technology by regulators to enhance regulatory efficiency.

For example, in August 2018, the CSRC officially issued the Overall Development Plan for Regulatory Technology of the CSRC (《中国证监会监管科技总体建设方案》, the “CSRC RegTech Plan”).9  The CSRC RegTech Plan sets out three steps of RegTech work to be carried out:

  • Step 1: purchase or develop efficient software and hardware or facilities to satisfy the basic administrative and specific IT needs of CSRC departments and agencies;
  • Step 2: improve the functions of the central supervision information platform, realise online full-flow functioning of cross-department supervision, and thus lay the basis for Step 3; and
  • Step 3: establish an efficient big data supervision platform, conduct real-time and historical analysis investigations by making use of digital alerting, statistical analysis and data mining, realise supervision and monitoring over overall market circumstances, and timely discover illegal activities, such as inside trading and market manipulation.

2          Regulatory developments

Compared with reports on FinTech regulation, public information on RegTech developments is not as transparent and detailed.  Relevant media reports suggest that RegTech has been developing robustly and involves two major types of entities:

  • Regulatory authorities: for example, in June 2020, the CSRC officially announced the establishment of its Science and Technology Supervision Bureau (科技监管局)10 on its website (whilst there are reports that such bureau has been already established at an earlier time).  The functions of the Science and Technology Supervision Bureau include, among others, research and implementation of both FinTech and RegTech.11
  • RegTech service providers: according to media reports, there are three types of RegTech service providers: (1) large internet/FinTech companies, such as Alibaba and Tencent; (2) traditional FinTech companies, which have expanded their business to RegTech, such as Hundsun; and (3) specialised RegTech developers.

Enhanced RegTech enables regulators to strengthen regulation over financial institutions and FinTech companies, and promotes the healthy development of FinTech.  For example, under the Measures for the Supervision and Administration of the Anti-money Laundering Work and the Work of Combating the Financing of Terrorism of Financial Institutions (《金融机构反洗钱和反恐怖融资监督管理办法》) issued by the PBOC in April 2021, the PBOC expanded the applicable scope of AML and CFT obligations to entities such as internet micro lending companies and consumption finance companies.  Other examples include the CBIRC’s regulation on IT outsourcing risks of banking and insurance institutions,12 and the CSRC’s regulation on IT management of securities and fund institutions.13

7. Endnotes

  1. See (Hyperlink) .
  2. See Page 1, Regulating Fintech for Sustainable Development in the People’s Republic of China (Zhong Xu and Ruihui Xu, Asian Development Bank Institute Working Paper).
  3. For example, in January 2016, the P2P lending platform Ezubao was reported to be in fact a Ponzi scheme and illegally raised over RMB5.8 billion from more than 900,000 investors.
  4. See (Hyperlink) .
  5. See, e.g., The Ant Group (Part 4): FinTech Or Bank?  Why It Matters (November 27, 2020, Forbes), available at (Hyperlink) .
  6. See (Hyperlink) and (Hyperlink) .
  7. See Page 7, FinTech and market structure in financial services: Market developments and potential financial stability implications (FSB, 14 February 2019), according to which “single platforms in China integrate online shopping, mobile phone wallet capability, and activities including money transfer”, whilst in other jurisdictions “the mobile payments market is more disaggregated”.
  8. See Definition and Functions of RegTech (《监管科技概念及作用》) (DU Ning, SHEN Xiaoyan, WANG Yihe, China Finance, Volume 16, 2017), which argues that the Financial Conduct Authority (“FCA”) and Institute of International Finance have defined RegTech as making use of technologies by financial institutions to handle regulatory compliance requirements (“2016年,英国金融行为监管局 (FCA)将监管科技定义为金融科技的子集,即帮助金融机构更有效、更高效地满足金融监管合规要求的信息技术。2015年,国际金融协会(IIF)将监管科技定义为:金融机构面对成本急剧上升的困境,提出旨在解决监管合规挑战的技术解决方案”), available at (Hyperlink) .
  9. See also discussions on RegTech on the official website of the FCA at (Hyperlink) .
  10. See the report on the CSRC website at (Hyperlink) .
  11. (Hyperlink) .
  12. See the introduction to and the complete functions of the Science and Technology Supervision Bureau on the CSRC website at (Hyperlink) .
  13. The CBIRC issued the Regulatory Measures for Information Technology Outsourcing Risks of Banking and Insurance Institutions (《银行保险机构信息科技外包风险监管办法》) in December 2021.
  14. The CSRC issued the Administrative Measures for Information Technology of Securities and Fund Business Institutions (《证券基金经营机构信息技术管理办法》) in December 2018.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s