Financial technology regulation in China is most clearly understood from regulation trends of its financial institutions, where two questions arise: Who should technology serve; and how can it achieve that goal?
The integration of technology and finance in China, and the transformative power of technology in finance, cannot be discussed without mentioning Ant Financial, an entity derived from Alipay.
Ant Financial’s initial funding round occurred in 2014. This was at a time when global investor interest in fintech was booming, and LendingClub’s IPO in December 2014 marked a peak. There was significant private equity investment and IPO activity centred on “internet finance”.
Looking back now, it is evident that many entities leveraged the term “internet finance” to engage in financial services requiring approvals or licences. China’s tolerance for financial innovation at that time was remarkable.
Turning point
Partner
JunHe
Beijing
Tel: +86 10 8553 7929
Email: sunxj@junhe.com
But the latter half of 2017 marked a turning point. The Fifth National Financial Work Conference (14-15 July, 2017) emphasised “strengthening financial regulation to prevent systemic financial risks, and intensifying internet finance regulation”.
Following this, a series of regulations strengthened financial oversight. For example, on 1 December 2017, the Notice on Regulating and Rectifying ‘Cash Loan’ Businesses was issued, effectively ending five years of rapid “internet finance” growth. The Fifth National Financial Work Conference also proposed establishing the Financial Stability and Development Committee under the State Council to co-ordinate financial regulation. This updated and enhanced the previous inter-agency meeting system, promoting co-ordination in a segmented regulatory environment.
In 2018, the State Council merged the China Banking Regulatory Commission and the China Insurance Regulatory Commission to form the China Banking and Insurance Regulatory Commission, retaining the China Securities Regulatory Commission and optimising the roles of the different regulatory bodies.
Enhanced regulation and antitrust investigations of large internet finance companies have since become routine. In March 2023, the Plan for Institutional Reform of the Party and State launched a new round of financial regulatory system reforms, resulting in a framework known as “one committee, one bank, one bureau, and one commission”.
The Financial Stability and Development Committee under the State Council is China’s highest-level financial regulatory authority, responsible for co-ordinating and deciding on major issues related to financial stability and development. The People’s Bank of China, as the central bank, formulates and implements monetary policy and maintains financial system stability. The National Financial Regulatory Administration is China’s macro-prudential regulatory body, tasked with overseeing and managing financial markets and protecting investors. The China Securities Regulatory Commission supervises and regulates the securities market.
Stringent trend
From 2017 to 2024, a progressively stringent trend in financial regulation can be noted. Worth exploring further is the relationship between internet technology giants and financial services.
As mentioned, the emergence and development of Alipay and Ant Financial in 2014 highlighted the significant impact of internet technology giants on the vested interests of traditional financial institutions.
As people increasingly rely on digital and online channels, digital profiling and big data have enabled financial services to reach previously underserved clients, helping address the issue of information asymmetry in financial services
Additionally, as internet traffic becomes a highly valuable and expansive resource, the combination of internet technology giants and financial services will undoubtedly disrupt traditional financial ecosystems, relocating resources and interests.
On 11 December 2020, the Central Political Bureau first proposed “strengthening antitrust and preventing unrestrained capital expansion”. This encouraged platform companies to be innovative and enhance international competitiveness, while supporting both public and private economic development under the regulatory guidelines.
On 10 December 2021, the Central Economic Work Conference introduced a new principle: “Capitalise on the positive role of capital as a production factor while effectively controlling its negative impact. Establish a ‘traffic light’ for capital, legally strengthening effective oversight to prevent unrestrained capital growth.”
On 21 October 2020, the China Securities Regulatory Commission approved Ant Group’s IPO registration on the Star Market, with plans to list on 5 November 2020. However, on 3 November, the Shanghai Stock Exchange announced that “due to non-compliance with relevant regulations, Ant Group’s listing is temporarily suspended”.
On 26 December 2020, the People’s Bank of China, China Banking and Insurance Regulatory Commission, China Securities Regulatory Commission and State Administration of Foreign Exchange jointly interviewed Ant Group, signalling that financial services led by internet platforms would now be subject to regulatory supervision. After nearly four years, ongoing regulatory adjustments and dialogue continue.
Since 2021, China’s regulations have intensified in areas such as cybersecurity, data security and personal information protection, particularly concerning cross-border data transfers.
In summary, current financial technology innovations are reverting to being led primarily by traditional, licensed and mostly state or locally owned financial institutions. This is key to understanding and predicting China’s fintech regulation.
Crypto crackdown
Another key point is the regulation of cryptocurrency. In December 2013, five ministries, including the People’s Bank of China, issued the Notice on Preventing Bitcoin Risks, clarifying that Bitcoin lacks the attributes of legal currency, and financial institutions and payment agencies must not conduct Bitcoin-related business.
The notice clarified Bitcoin’s nature, stating it was not issued by a monetary authority and lacks attributes such as legal tender status and coercion, meaning it is not a real currency. Instead, it is a specific virtual commodity without the same legal status as currency and cannot circulate as money.
However, as an internet-based commodity transaction, individuals are free to participate at their own risk.
In September 2017, seven ministries, including the People’s Bank of China, jointly issued the Announcement on Preventing Risks of Token Issuance Financing, comprehensively banning virtual currency trading activity including Bitcoin, and shutting down domestic Bitcoin trading platforms.
Agencies including the People’s Bank of China, the Cyberspace Administration of China and Supreme People’s Court issued notices to prevent and address the risks associated with virtual currency trading speculation. Foreign virtual currency exchanges providing services to domestic residents via the internet are also considered illegal financial activities.
Domestic personnel affiliated with foreign virtual currency exchanges – or those who knowingly, or who should know, they are engaging in virtual currency-related business but still provide services such as marketing, payment settlement and technical support – will be held legally accountable.
Backing blockchain
Despite the stringent control over private cryptocurrencies, the government does support blockchain technology as a way to improve efficiency, and is actively working toward issuing a central bank digital currency. On 18 October 2024, the People’s Bank of China announced the winners of their “2023 Financial Technology Development Award” recognising many distributed and blockchain technology applications. In December 2016, the State Council’s 13th Five-Year Plan for National Informatisation included blockchain as an emerging technology, marking the beginning of government-led blockchain development initiatives. In May 2018, at the Academician Conference of the Chinese Academy of Sciences and the Chinese Academy of Engineering, President Xi Jinping stated that blockchain technology was advancing rapidly, signalling a new stage in blockchain development.
Various local governments have actively promoted blockchain applications and industry development. According to incomplete statistics, nine provinces and cities issued policies to support blockchain industry development in 2017.
Since 2018, more than 30 provincial and municipal governments have issued more than 40 policy measures to support blockchain applications and drive local blockchain industry growth. This strong support from the central government and local authorities has created a favourable policy environment for blockchain development.
Key takeaways
In the evolving landscape of financial technology, China’s regulatory approach illustrates the delicate balance between fostering innovation and maintaining control over emerging financial risks.
As the nation progresses towards a model where traditional, licensed financial institutions take the lead, the focus remains on creating a secure, stable and transparent financial ecosystem. This is expected to pave the way for sustainable growth and enhance global competitiveness.
China’s fintech future will likely continue to prioritise areas such as multimodal data processing, intelligent applications, and cloud native solutions. The regulatory emphasis on security, privacy and the controlled use of disruptive technologies like AI and blockchain reflects a commitment to a resilient financial sector.
By championing innovation within a robust regulatory framework, China aims to ensure that technological advancement serves the public interest, aligning with national economic goals while adapting to global financial trends.
JUNHE
20/F, China Resources Building
8 Jianguomenbei Avenue
Beijing 100005, P.R. China
Tel: +86 10 8519 1300
Email: junhebj@junhe.com
www.junhe.com
India safeguarding borrower data in digital lending
Indian consumers have realised the potential of digital lending for enhancing purchasing power in the past decade. While digital lending is a stimulant fostering retail growth for Indian traders, regulation was ultimately deemed necessary to preserve the stability of the financial ecosystem and protect borrowers’ interests.
With a view to addressing concerns pertaining to unbridled engagement of third parties, mis-selling, breach of data privacy, unfair business conduct, charging of exorbitant interest rates and unethical recovery practices, the Reserve Bank of India (RBI) constituted a Working Group on digital lending in January 2021, reviewing the framework for lending through online platforms and apps.
Senior Partner
AZB & Partners
Noida
Tel: +91 120 417 9999
Email: rohan.bagai@azbpartners.com
The Working Group adopted the approach of striking a balance between boosting innovation in financial services and ensuring orderly development of the growing market.
The recommendations on regulation of the digital lending ecosystem were proposed by the Working Group in November 2021. Following extensive consultations with industry stakeholders, the RBI laid out its implementation plan and strategy in August 2022. The RBI subsequently issued the framework to regulate digital lending in India in the form of the Guidelines on Digital Lending in September 2022.
The RBI’s objective behind regulation of the space was the need to mitigate concerns associated with unregulated digital lending identified by the Working Group, and to prevent the erosion of public confidence within the digital lending ecosystem.
What is digital lending?
Digital lending, as the name suggests, is a remote and automated lending process, which is undertaken largely by the use of seamless digital technologies for customer acquisition, credit assessment, loan approval, disbursement, recovery and associated customer service.
In the ecosystem, loans and digital lending services are facilitated through mobile and web-based applications that provide the user interface, which are referred to as “digital lending apps or platforms” (lending apps).
In this context, the RBI clarified that if some physical interface with customers exists for the lending activity, it should not impact the characterisation, and would continue to be construed as digital lending.
Ecosystem participants
Partner
AZB & Partners
Noida
Tel: +91 120 417 9999
Email: arjun.uppal@azbpartners.com
Through the above-mentioned guidelines, the RBI regulates activities of commercial banks and non-banking financial companies (NBFCs) – both of which are regulated by the RBI (regulated entities) – as well as unregulated fintech entities that engage with regulated entities.
• Regulated entities offer loans and credit facilities to borrowers.
• Unregulated fintech entities recognised as lending service providers (LSPs) participate in the ecosystem as agents of lenders and undertake one or more of the lender’s functions, which may include customer acquisition, underwriting support, pricing support, servicing, monitoring and recovery. As LSPs are considered outsourced service providers for regulated entities, their engagement by regulated entities is subject to compliance with the applicable outsourcing guidelines of the RBI.
• The borrowers avail loans or credit that is offered by regulated entities through digital means on the lending apps.
• Through the guidelines, the RBI intends to safeguard the interests of borrowers in respect of loans offered by regulated entities through the lending apps.
In the digital lending ecosystem, the lending apps can be operated by regulated entities or LSPs.
While the guidelines prescribe conditions for regulated entities and LSPs, the regulatory mandate is on regulated entities to ensure that LSPs comply with the guidelines. Typically, such compliance is ensured through contractual arrangements where suitable obligations are imposed by regulated entities.
Guideline themes
The guidelines protect borrowers through a host of requirements on regulated entities such as due diligence and supervision of LSPs, transparency in fees, and disclosures required to be made in respect of the credit facility. Further, the guidelines are centred on data security and safeguard borrower data and information.
Focus on borrower data
Senior Associate
AZB & Partners
Noida
Tel: + 91 120 417 9999
Email: shubham.parkhi@azbpartners.com
The guidelines accord a high level of protection to the data of borrowers. Regulated entities and LSPs need to ensure this data is handled in accordance with the borrower’s instructions within the parameters of the digital lending framework.
The RBI expressly states that regulated entities are responsible for data privacy and security of the customer’s personal information. Key conditions of the guidelines dealing with handling borrower data are:
• Consent. The guidelines clarify that lending apps are mandated to collect borrower data on a need only basis, based on prior explicit consent of the concerned borrower. The borrowers must have the option to give or deny consent for the use of specific data, as well as the right to restrict disclosure to third parties, decide the period of retention of data, revoke consent, or direct the deletion of the data. The purpose of obtaining consent needs to be disclosed by the lending app at each stage of interface. To demonstrate compliance, an audit trail is required to be maintained for verifying consent.
Broadly speaking, these requirements are consistent with the consent-based regime for processing of personal data envisaged under the data protection laws applicable to India, including the recently promulgated Digital Personal Data Protection Act, 2023.
• Data minimisation. LSPs and lending apps are allowed to store only basic minimal data such as name, address and contact details that may be required to carry out operations. They cannot store borrowers’ personal information.
• Data sharing. In cases where third parties collect personal data of borrowers through the lending apps, the details of such third parties must be disclosed to borrowers. Such sharing of personal data with any third party must be based on the prior explicit consent of the borrower.
• Access to mobile phone features. The guidelines also impose certain restrictions on lending apps accessing mobile phone resources like file and media, contact list, call logs and telephony functions. The lending apps will need to be configured in a manner where facilities like camera, microphone and location are only accessed once for on-boarding and KYC requirements, which is undertaken based on a borrower’s explicit consent.
• Data-related policies. Regulated entities are required to put in place policies that govern the usage, storage and destruction of data, and the handling of security breaches. These policies need to be disclosed on the lending apps.
The data related conditions flowing from the guidelines are likely to be a contentious point in contractual arrangements between regulated entities and LSPs.
It is a common industry practice in India for fintech businesses to engage with regulated entities to facilitate the opening of credit channels for their existing customers. Commercially, the arrangement involves a referral of customers by the fintech, an LSP, to the regulated entity, resulting in an individual customer of the fintech becoming a customer of the regulated entity.
In such scenarios, the restrictions on holding and storing the data of customers by the fintech – which will be construed as an LSP – could become a huge blocker that necessitates the fintech to look for innovative solutions.
There may be scenarios where the fintech houses both LSP business for credit offerings as well as payments business (for instance, payment aggregator or issuer of prepaid payment instruments).
Such a fintech would store and have access to lending as well as payments data. If customers were to make a request for deletion of data based on rights recognised under the guidelines, it may leave the fintech entity in a dilemma, when data of the individual is stored in a common data repository.
To address such situations, it may be critical for such fintech businesses to ensure that lending data is segregated from and not co-mingled with payments data, despite a regulatory mandate of this nature.
In light of this, it seems clear that regulated entities and LSPs may not be able to claim rights over their use of borrower data. The borrower has the autonomy to determine the manner in which regulated entities and LSPs can use their data, through their consent, with LSPs subject to further regulatory restrictions.
Future outlook
India has seen significant growth in digital lending in the past few years. It is projected that loans originated through digital lending will account for 5% of all retail loans by 2028.
With the guidelines, the RBI lays down the framework to bring financial stability and ensure that borrower interests are safeguarded, in furtherance of the mandate to operate India’s credit system to its advantage.
Regulated entities are facing actions for non-adherence with the regulatory guidelines applicable to credit and lending. Considering the peculiar nature of some of the conditionalities, the digital lending space will be interesting to watch as the RBI aggressively intensifies scrutiny of structures and arrangements to monitor compliance.
AZB & PARTNERS
Plot No A-7 and A-8,
Sector 4, Noida 201 301,
National Capital Region, India
Tel: +91 120 417 9900
Email: delhi@azbpartners.com
www.azbpartners.com
Fintech laws: Recent developments in Taiwan
Fintech has been a prominent issue in Taiwan for some time, with recent discussions increasingly focusing on the payment sector and virtual assets.
Payment sector
In Taiwan, traditional remittances and credit card payments typically go through banks. The Electronic Payment Institutions Act (E-payment Act) began regulating online payment activities in 2015. Updated in 2021, it allows e-payment institutions to operate in three main areas: (1) collecting and making payments for real transactions as an agent; (2) accepting deposits of funds as stored value funds; and (3) small amount domestic and cross-border remittance services.
The act also permits e-payment institutions to provide foreign exchange services related to these activities. Additionally, under specific conditions, non-e-payment institutions may apply to offer cross-border remittance services exclusively for foreign workers in Taiwan.
Partner
Lee and Li
Taipei
Tel: +886 2 2763 8000 ext. 2162
Email: eddiehsiung@leeandli.com
It is important to note for the abovementioned “(1) collecting and making payments for real transactions as an agent”, if the “total balance of funds collected and made by the institution as an agent under its custody” remains under a specific threshold – currently TWD2 billion (USD61.6 million), as set by the Financial Supervisory Commission (FSC) – no FSC licensing is required.
Such operators are called “third-party payment service providers”. According to Taiwan’s amended anti-money laundering (AML) law, these providers must complete Anti-Money Laundering Registration and Service Capability Registration with the Ministry of Digital Affairs before they can offer services.
In addition, the AML law provides that offshore third-party providers are required to establish a local company or branch under the Company Act and complete registration before operating in Taiwan. Non-compliance with these regulations may result in criminal liabilities.
Virtual assets/cryptocurrency
Under Taiwanese law, cryptocurrencies are generally classified into two categories: (1) cryptocurrencies that possess characteristics of securities, known as “security tokens”; and (2) cryptocurrencies that do not exhibit these characteristics, referred to as “non-security tokens”.
Security tokens. According to the FSC, these are defined as tokens that use cryptography, distributed ledger technology or similar mechanisms to store, transfer or exchange value digitally. These tokens must be transferable and meet all of the following investment criteria: (a) involve funds provided by investors; (b) fund a common enterprise or project; (c) create an expectation of profit for investors; and (d) rely primarily on the efforts of the issuer or third parties to generate profits.
The issuance of such tokens is known as a security token offering (STO). In 2020, with FSC authorisation, the Taipei Exchange introduced a set of rules for STOs. Accordingly, STOs can be conducted under their framework for offerings of TWD30 million or less. Key provisions include: (a) the issuer must be a Taiwan-incorporated company limited by shares and cannot be a company listed on the Taiwan Stock Exchange, Taipei Exchange or Emerging Stock Market of the Taipei Exchange; (b) only profit-sharing or debt tokens may be issued; and (c) participation is restricted to “professional investors”, with a cap of TWD300,000 per STO for individual professional investors.
The STO rules also require STO platform operators to obtain a securities dealer licence.
Non-security tokens. Taiwan’s AML framework now includes regulations for virtual asset service providers (VASPs). Such VASPs cover these businesses/services: (a) exchange between virtual currency and fiat currencies; (b) exchange between virtual currencies; (c) transfer of virtual currencies; (d) custody and/or administration of virtual currency or providing relevant instruments for administrating virtual currencies; and (e) participation in and provision of financial services related to the issuance or sale of virtual currencies.
In 2021, the FSC introduced the Regulations Governing Anti-Money Laundering and Countering the Financing of Terrorism for Enterprises of Crypto-asset Platforms and Trading Business (Crypto AML Regulations).
These regulations require operators to implement key measures such as internal control systems, procedures for reporting suspicious transactions, and know-your-customer (KYC) protocols.
Additionally, operators must file a compliance declaration with the FSC, confirming their adherence to AML laws and Crypto AML Regulations. Under the revised AML law, VASPs must complete Anti-Money Laundering Registration with the FSC before offering services.
Offshore VASPs are also required to establish a company or branch in Taiwan, following the Company Act, and complete the same registration process. Failure to comply with these registration requirements may be subject to criminal liabilities.
In response to FTX insolvency and fraud concerns, the FSC issued guidelines for VASPs under the AML law in September 2023.
These guidelines address various issues, some of which are not strictly related to anti-money laundering, such as (a) requirements for virtual asset issuers to publish a white paper on their websites, and (b) custody and segregation of assets between VASPs and their customers.
Additionally, in 2023, several local VASPs collaborated to form a working group with the goal of establishing an industry association, or self-regulatory organisation. This association was officially formed in June 2024 and is currently developing its own self-regulatory framework to govern its members.
Peer-to-peer lending
Currently, Taiwan lacks specific laws or regulations for peer-to-peer (P2P) lending. However, the banking industry’s self-regulatory association has introduced Self-Disciplinary Rules of Business Co-operation between Member Banks of the Bankers Association and Peer-to-Peer Lending Operators. These rules define the areas where banks can work with P2P operators, including services such as fund custody, cash flow services, credit assessment and rating, extending facilities to customers (peer-to-bank model), marketing and advertising, and custody of credit-related documents.
Note that the FSC has clarified in press releases that, for the time being, platform operators facilitating peer-to-peer lending are not subject to its regulation. However, in October 2023, the FSC released guidelines for P2P lending platforms. These guidelines prohibit certain regulated activities, such as deposit-taking and issuing securities, and mandate the implementation of risk control measures.
These measures include requiring real-name verification for lenders and borrowers, controlling fund flows, setting criteria for loan application reviews, and establishing loan amount limits, alongside consumer protection provisions.
Digital-only banking & insurance
In 2018, the FSC introduced regulations for the establishment of digital-only banks, which operate without physical branches. Three applications were submitted to the FSC, all of which were approved in 2019, and these banks began operations shortly after.
In December 2021, recognising growing digital transformation in the insurance sector and the need for innovative products, the FSC outlined a policy for the establishment of digital-only insurance companies. It also set specific requirements for such companies. By the 2022 deadline, only two applications were submitted, with neither approved. Reports indicate that the FSC is considering reopening applications for digital-only insurance companies, with plans for an announcement by the end of 2024.
Regulatory sandbox
To encourage the growth of fintech services and companies, Taiwan introduced the FinTech Development and Innovation and Experiment Act (Sandbox Act) in 2018, allowing fintech businesses to pilot their financial technologies within a regulated, controlled environment.
The Sandbox Act requires applicants to secure approval from the FSC before entering the sandbox for testing. During the testing period, certain regulatory obligations, such as FSC licensing, may be eased. On completion of the experiment, the FSC reviews the outcomes, and if the results are promising, it may explore adjusting existing financial laws and regulations that hinder the adoption of innovative financial practices. However, based on the FSC’s evaluation, participants may still need to obtain appropriate licences or approvals to carry out activities tested in the sandbox.
Looking ahead
Cryptocurrencies appear to be gaining momentum and FSC chair Peng Jin-lung has outlined several key policy objectives. Most significantly, the FSC is considering a dedicated cryptocurrency law, with a draft expected by mid-2025. In response to growing demand for virtual asset custody, the FSC also plans to allow financial institutions to handle virtual asset custody services. To explore the potential for tokenising real world assets (RWAs), the FSC has additionally partnered with the Taiwan Depository and Clearing Corporation (TDCC) and several financial institutions to form the RWA Tokenisation Group, which aims to deepen understanding of RWA tokenisation, discuss practical operations, and address relevant policy and regulatory issues.
Recent reports further indicate that the FSC is exploring the possibility of creating a dedicated law for financing companies. Lending activities have historically not been considered licensed financial services, meaning operators do not need an FSC licence. However, the FSC has engaged an external organisation to research this issue. While such proposed regulation may not directly pertain to fintech, its implementation, if enacted, could impact emerging fintech models such as buy-now-pay-later. Industry participants should stay alert to upcoming regulatory developments in Taiwan.
LEE AND LI
LEE AND LI
8/F, No. 555, Sec. 4, Zhongxiao E. Rd
Taipei – 11072, Taiwan
Tel: +886 2 2763 8000
Email: attorneys@leeandli.com
www.leeandli.com/en
