Financial Credit – European Chinese Law Research Hub

A new paper by Robin Hui Huang and Christine Menglu Wang

Shoppers in Shenzhen ^{Photo by Chris via Flickr}

A regulatory crackdown on China’s Big Tech in the past years has drawn attention to a blossoming business model: Micro loans extended on a massive scale through collaborations between banks and fintech firms such as Alibaba’s Ant Financial. The application of information technology has disrupted the traditional way of providing financial services and products in recent years. In China, a pioneer in developing new models for credit business based on fintech-bank partnerships, two main forms evolved, namely the model of loan facilitation and the model of co-lending (see figures below). The model of loan facilitation refers to the practices of fintech firms providing financial institutions with technical support and credit-related services. Under the model of co-lending, apart from the provision of ancillary services, fintech firms also contribute some funds to extend loans together with their partner financial institutions. This paper observes the FinVolution Group and Ant Group as examples to illustrate the two business models of FinTech-bank partnership.

By establishing business partnerships, fintech firms can leverage massive customer data and innovative platform technology to provide important assistance for financial institutions at some key junctures of the credit extension process, thus improving access to finance for more customers. The collaboration with fintech firms enables financial institutions to concentrate on their core business by outsourcing certain work and serve their customers with greater efficiency. Fintech firms can take advantage of the funds, expertise and resources of financial institutions to engage in credit-related business without applying for a separate license. The partnership with financial institutions can bring reputational benefits for fintech firms and strengthen their brand image in the credit market.

While fintech-bank partnerships may bring many benefits to China’s credit business, they also pose serious risks and problems. Firstly, the collaboration with fintech firms increases the operational complexity of financial institutions. Due to regulatory arbitrage, fintech firms are not subject to strict financial regulations. A challenge for financial institutions lies in dealing with outsourcing risks arising from misconduct of their partner fintech firms. Secondly, the exclusive control of data and technology on the part of fintech firms is likely to reinforce their monopolistic practices, thus leading to a vendor lock-in problem for their partner financial institutions and customers. Thirdly, as fintech-bank partnerships involve the processing and sharing of vast amounts of customer information, concerns regarding data security and privacy issues grow. Further, algorithms and other data-processing technologies are applied to conduct creditworthiness assessments of customers. Fintech firms risk extending loans to customers based on credit assessments that are inaccurate due to the input of biased data and a defective design of assessment technologies. Last but not the least, the risks that financial institutions face when outsourcing data security services and assessment are even greater due to the fact that a small number of fintech firms dominate the provision of such services. The operational failure of or cybersecurity incidents at dominant fintech firms can easily give rise to financial contagion and systemic events in the market.

In response, China’s government has endeavoured to address the above problems by strengthening laws in related areas, such as anti-monopoly law, data protection law and financial law. Specifically, antitrust regulators have issued guidelines for the platform economy to prevent monopolistic practices and safeguard customer interests. China has further consolidated its regulatory regime for data security and privacy protection to tighten oversight of fintech firms’ business. The formulation of industry standards for algorithmic applications has also improved compliance with requirements for financial innovations. These regulatory responses have both strengths and weaknesses. This paper focuses on the particular issue of regulatory arbitrage arising from outsourcing activities.

Our study suggests that in case of the co-lending business model, there is a regulatory loophole that allows some fintech firms to circumvent licensing requirements and carry out credit business in an indirect way. The loophole may be closed by clarifying that relevant requirements apply equally to indirect participation in co-lending business. In the loan facilitation model, under the current framework, fintech firms do not need to hold a credit business license but can rather ride along on the license of their partnering financial institutions. This gives rise to challenges since reliance is unduly placed on financial institutions who have to oversee their partnering fintech firms and are ultimately responsible for the performance of outsourced services.

Drawing upon the experiences of overseas jurisdictions, including the US, the UK, the Netherlands, Luxembourg and Switzerland, this paper argues that China can adopt a staged and differentiated approach to regulate fintech-bank partnership. The UK initiated the regulatory sandbox regime in November 2015, which allows fintech firms to develop and test innovative products and services in a controlled environment. It sets out plans for implementing the regulatory sandbox, including the entry and exit criteria, a tailored authorization process for different firms and appropriate safeguards for customers. A similar model, adjusted to local circumstances, would be suitable in China. As fintech firms need time and resources to meet relevant sandbox requirements, China may also create a special test environment for start-ups by introducing an umbrella regime. It allows fintech firms to conduct innovative business under the shelter of an umbrella entity. The sandbox umbrella, as a regulated entity, will provide ample experimental space and ensure better customer protection, because fintech firms can use its license for trial services and products under the actual circumstances.

After fintech firms complete the sandbox process and proceed to operation, the key issue becomes the continuous supervision of their partnership with financial institutions. Switzerland has introduced a new fintech license with relaxed requirements to promote innovation. The licensing process depends on the quality of each application and the complexity of the fintech business. Based on that model, China is advised to implement a sophisticated licensing regime to set out differentiated rules for fintech firms according to the nature and types of services they engage in. In this regard, more categories of special licenses can be created as ‘limited licenses’ as distinct from the traditional ‘full licenses’ to address the problem of regulatory arbitrage. Further, it is worth experimenting with a mentorship scheme, under which the monitoring responsibility of financial institutions is limited to compliance violations of their partnering fintech firm and emphasis is placed on helping start-ups.

The paper FinTech‑Bank Partnership in China’s Credit Market: Models, Risks and Regulatory Responses was published in European Business Organization Law Review. Robin Hui Huang 黃輝 is Chair Professor at the Faculty of Law, Chinese University of Hong Kong. Prior to joining CUHK, Professor Huang was a tenured staff member in the Faculty of Law at the University of New South Wales, where he now holds a position of Adjunct Professor. He is also Li Ka Shing Visiting Professor in McGill Law School and Honorary Professor at East China University of Political Science and Law. Christine Menglu Wang 汪夢露 is a Post-doctoral Fellow in the Department of Law, the University of Hong Kong.

A new paper by Lu Yu and Björn Ahl

The headquarters of the People’s Bank of China in Beijing, supervising entity of the financial credit information system

How is data protected in the evolving Social Credit System? Both, social credit and Chinese data protection law is diverse and fragmented, making the search for an answer to this question a complicated endeavour. Lu Yu and Björn Ahl dive into one arguably most sophisticated arm of the Social Credit System, that is, the financial credit information system (FCIS) in their new article “China’s evolving data protection law and the financial credit information system: court practice and suggestions for legislative reform” (free draft here).

The FCIS is not only one of the most mature parts of the overall SCS, as it regulates private entity’s data collection, it also features stricter and clearer data protection rules than those Social Credit subsystems that include data collection by state organs. Most importantly, Chinese data protection law requires data subjects’ consent to the collection and further transfer of personal data. The authors have found the consent requirement to be incompatible with the functions and purposes of the FCIS, with data subjects having no real choice, as consent is linked to obtaining the financial service in questions. Hence, future rounds of reform should establish exceptions to the consent requirement.

In their article “China’s evolving data protection law and the financial credit information system: court practice and suggestions for legislative reform” (free draft here) the authors investigate the limits that Chinese data protection law imposes on the FCIS. The FCIS receives both financial credit data from financial institutions and public data from public authorities. Yu and Ahl analyse the legal framework and how data protection rules are applied in court practice, including the preconditions for and levels of protection afforded data subjects’ rights and the legal consequences of any violations of those rights. Although the courts have adopted differing approaches to the interpretation of data protection law, the authors find that they have established consistent practice in protecting data subjects against the transfer of incorrect negative data. Chinese data protection law provides for neither an effective legal basis nor for limits on the collection and transfer of public data by public authorities. The Information Security Technology – Personal Information Security Specification (2020, hereafter: Specification) provides comprehensive protection for the personal data processed by all organisations, including public authorities, but it is only a recommended standard that lacks binding authority. Although the 2012 Regulations on the Administration of the Credit Investigation Industry grant data subjects a number of rights, the courts have difficulties applying the data protection rules in practice. In sum, there is a need in both the private and public sectors for nationally applicable, binding and more sophisticated data protection rules.

→ What is the FCIS? Different public authorities organise and maintain their own credit systems. The FCIS is one system at the national level that is supervised by the People’s Bank of China and functions as a public credit registry. It draws on financial credit data, the discredited judgment debtor list system operated by the SPC, which concerns individuals or entities refusing or failing to comply with an effective court judgement; and the information system operated by the China Securities Regulation Commission in relation to capital market activities. Founded in 2006, the FCIS is a predecessor of the Social Credit System: Pursuant to the Interim Measures for the Administration of the Basic Data of Individual Credit Information, the FCIS collects and stores individual credit data to provide inquiry services to commercial banks and individuals. It further offers information to be used for the formulation of currency policy, financial supervision and other purposes provided for by law. Hence, the purpose of the FCIS is twofold: to inform financial institutions for the purpose of reducing credit risks and to provide information to regulators to support policy making. At the end of 2018, the FCIS held personal data concerning 980 million natural persons.

Progress was recently made with the introduction of personal data protection to the new Civil Code, and a comprehensive data protection law is currently on the legislative agenda. Because the Specification has already established a sound model by providing very detailed data protection rules, the future comprehensive data protection law should address the processing of data by public authorities and further refine the already established data protection principles in the Cybersecurity Law and Specification. Improvements in data protection, in particular the regulation of data sharing between public authorities, could serve to balance social governance and individual rights and contribute to enhancing the legitimacy of the overall SCS.

Lu Yu is a research assistant at the chair of Chinese Legal Culture of Cologne University. She is about to submit her dissertation on European and Chinese data protection law to the Georg-August-Universität Göttingen where she has conducted research since October 2017, after working as a legal counsel with Rödl & Partner in Guangzhou. Reach out to her at yuluna5(at)gmail.com.

Björn Ahl is Professor and Chair of Cologne University’s Chinese Legal Culture. Before joining the University of Cologne in 2012, he was Visiting Professor of Chinese Law, Comparative Public Law and International Law in the China EU School of Law at the Chinese University of Political Science and Law in Beijing. Prior to that he held a position as Assistant Professor of Law in the City University of Hong Kong. He has also worked as Associate Director and Lecturer in the Sino German Institute of Legal Studies of Nanjing University and as a Researcher at the Max Planck Institute of Comparative Public Law and International Law in Heidelberg. Find him on LinkedIn.

European Chinese Law Research Hub

Tag: Financial Credit

Opportunities and Risks of Fintech-Bank Partnerships in China’s Credit Market

A new paper by Robin Hui Huang and Christine Menglu Wang