China Upgrades Regulation of Payment Institutions

Introduction

On December 17, 2023, the People’s Bank of China (the “PBOC”) formally released the Regulations on the Supervision and Administration of Non-Bank Payment Institutions (非银行支付机构监督管理条例) (the “Regulations”)[1]. As the first administrative regulation in the field of non-bank payment business in China, the Regulations are set to take effect on May 1, 2024[2], signifying the formal advancement of regulatory governance within China’s non-bank payment sector.

According to data from the PBOC, as of December 26, 2023, there are a total of 186 non-bank payment institutions ( the “payment institutions”) operating in China[3]. These payment institutions collectively process more than 1 trillion transactions annually, amounting to nearly 400 trillion yuan. This accounts for approximately 80% of the total transaction volume and 10% of the total payment amount nationwide. In addition, these payment institutions maintain a daily average reserve balance exceeding 2 trillion yuan and serve over 1 billion individuals and millions of merchants[4].

The release of the Regulations, after nearly three years of revision and refinement, has garnered widespread attention from industry insiders in the same way that the initial publication of the Regulations on Non-Bank Payment Institutions (Draft for Public Comments) (非银行支付机构条例（征求意见稿）, the “ Draft”) on January 20, 2021 did. In the forthcoming discussion, we will provide a concise analysis of the key regulatory points of the Regulations, focusing on the innovations and upgrades, as well as the core changes compared with the Draft for reference.

I. Upgrade of Level of Regulation: From Departmental Rules to Administrative Regulations

Administrative Measures on Payment Services Provided by Non-financial Institutions (非金融机构支付服务管理办法) (Order of the People’s Bank of China (2010) No. 2,“Order No. 2”) was formulated by the PBOC in June 2010 and took effect on September 1, 2010. This departmental regulation established the foundational framework for supervising payment institutions in China and broadly categorized non-bank payment business into three subcategories for supervision: online payment, prepaid card issuance and acceptance, and bank card acquiring. The subsequent regulatory framework for payment institutions in China centered around the Order No. 2. In addition to releasing the Implementation Rules for the Administrative Measures on Payment Services Provided by Non-financial Institutions (非金融机构支付服务管理办法实施细则) on December 1, 2010, the PBOC also issued additional regulatory measures, including the Administrative Measures for Prepaid Cards Business of Payment Institutions (支付机构预付卡业务管理办法, September 2012), Administrative Measures on Bank Card Acquiring Business (银行卡收单业务管理办法, July 2013), and Administrative Measure on Online Payment Services Provided by Non-Bank Payment Institutions (非银行支付机构网络支付业务管理办法, December 2015), among other regulatory measures, in relation to the three aforementioned subcategories.

In addition to the above, the current effective regulatory system for payment institutions also includes specialized regulations such as Administrative Measures for Anti-money Laundering and Counter-terrorism Financing of Payment Institutions (支付机构反洗钱和反恐怖融资管理办法, March 2012), Rules on the Barcode Payment Business (for Trial Implementation) (条码支付业务规范（试行）, December 2017), People’s Bank of China Announcement [2018] No. 7 — Announcement on Matters Relating to Foreign-invested Payment Institutions (中国人民银行公告〔2018〕第7号—关于外商投资支付机构有关事宜公告, March 2018), Depository Measures for Clients’ Provisions of Non-bank Payment Institutions (非银行支付机构客户备付金存管办法, January 2021) and Administrative Measures for the Reporting of Major Events by Non-bank Payment Institutions (非银行支付机构重大事项报告管理办法, July 2021), all issued by the PBOC in relation to payment institutions and addressing areas such as anti-money laundering, anti-terrorism financing, barcode payments, foreign-invested payment institutions, clients’ provisions depository, and reporting of major events. Further, there are other departmental regulations and normative documents, such as the Administrative Measures for the Foreign Exchange Services of Payment Institutions (支付机构外汇业务管理办法) which has been formulated by the State Administration of Foreign Exchange.

However, the current legal hierarchy of existing regulations in the field of non-bank payment in China is relatively low. This may lead to challenges in creating a high-pressure environment for effective deterrence, insufficient punitive measures and challenges in cross-sectoral regulatory coordination. The promulgation of the Regulations has elevated China’s supervision of payment institutions to the level of administrative regulations, undoubtedly holding great significance in establishing the authority of the industry's supervision and enhancing regulatory effectiveness.

II. Embrace Functional Supervision and Formally Reshape the Classification Standards of Business Formats

The proposal of the “storage account operation” and “payment transaction processing” binary classification concept can be described as a major highlight of the Draft at that time, and has also received support from a large number of payment institutions. The promulgation of the Regulations confirms the binary classification concept proposed in the Draft and formally reshapes the business format classification standards of payment institutions in China. This also means that the three-tier regulatory model that has been implemented for more than a decade is about to exit the historical stage.

Under the previous three-tier regulatory model, payment activities are divided into online payment, prepaid card issuance and acceptance, and bank card acquiring. The basis of this classification is mainly from the perspective of payment methods and media. Confined to the external forms, it is difficult to adapt to the ever-changing technological developments. In practice, new emerging methods such as barcode payments and facial recognition payments quickly emerged. Therefore, dividing from the perspective of means and media is also difficult to exhaust, and it is easy to leave regulatory gaps and arbitrage space. The Draft proposed the binary classification based on the essence of the business, from the dimensions of fund and information. The “storage account operation” requires the opening of a payment account or the provision of prepaid value and has the characteristics of a depository institution, which may involve liquidity and credit risk, etc., whereas “payment transaction processing” does not have the aforementioned features.

Compared with the Draft, the Regulations have more accurately grasped the essence of payment operations. In Article 2, it defines payment operations as “the transfer of monetary funds according to electronic payment instructions submitted by payees or payers (hereinafter collectively referred to as ‘Users’)”. It is not difficult to see that the two main elements of this definition are, “electronic payment instructions” and “monetary fund transfers”. The Regulations have removed the definitions of the two sub-businesses “storage account operation” and “payment transaction processing” from the draft and instead stipulate that their specific classification methods and supervisory management principles will be formulated by the PBOC. This approach is in line with the high-level legislation positioning of the “Regulations” and also authorizes the business sector regulator to formulate more scientific detailed regulations. Representative of the PBOC also stated in response to questions from reporters that the PBOC will study and formulate detailed rules in the near future, ensure the smooth transition to the new regulatory approach. However, we understand that the definitions in the Draft[5] are expected to become an important basis for the formulation of detailed rules in the next step.

III. Implement “Permit First, Registration Later” Management, and Adhere to Licensed Operations

Under the current payment regulatory framework, payment institutions are required to first obtain a Business License(营业执照) from the Administration for Market Regulation (the “AMR Registration”) before applying for a Payment Business License (支付业务许可证, the “Payment Permit”), which is known as, “Registration First, Permit Later” approach. This is also an important element of China’s recent business system reform, aimed at lowering market entry barriers and stimulating the vitality of market participants. However, in the payment business field, which inherently requires strong regulation, this model is not suitable. Therefore, the Draft attempted to introduce the “Permit First, Registration Later” management model and established the “preparation” and “operation” phases. According to the provisions of the Draft, applicants need to go through the following approval steps one by one: “Application for preparatory phase” → “Approval of preparatory phase” → “Completion of preparatory phase” → “Application for operational phase” → “Approval for operation and receipt of a Payment Permit” → “Application for AMR Registration and receipt of a Business License”, in order to establish and operate a payment institution. The Regulations have removed the provisions regarding preparation and directly stipulated that payment institutions need to first apply for a Payment Permit, and then complete the AMR Registration procedure to obtain a Business License. This approval model focuses on access management, emphasizes “licensed operation”, and to a certain extent, also simplifies the establishment process for payment institutions.

IV. Equity Management Focuses on Major Shareholders and Actual Controllers, Penetrating Regulation Throughout the Entire Lifecycle

In the Draft, definitions and eligibility conditions for non-major shareholders and major shareholders were provided respectively, while the Regulations have significantly simplified this, focusing on the eligibility requirements of major shareholders and actual controllers, changes of which require approval from the PBOC. The Regulations do not specify what constitutes a major shareholder or whether non-major shareholders still need to meet certain eligibility requirements. We understand that this may be clarified in further supporting implementation rules.

An interesting detail is that under the original Draft, Article 11(1) stated that “major shareholders and controlling shareholders should be limited liability companies or companies limited by shares with sound governance structure, clear equity and organizational framework, and transparent shareholder and ultimate beneficiary structure”. In context, it can be seem that although the Draft permitted natural persons to act as the actual controllers of payment institutions, it required the direct shareholders to be limited liability companies or companies limited by shares. This has been revised in the Regulations, where Article 7(2) states that “major shareholders and actual controllers should have sound financial status and integrity records, with no major violations of laws and regulations in the past three years. If the major shareholders and actual controllers are corporate entities, their equity structure should be clear and transparent, with no ownership disputes”. It appears that the Regulations may allow natural persons to serve as direct shareholders of payment institutions.

Regarding registered capital and capital contribution, the Regulations basically continue the requirements outlined in the Draft, with a minimum registered capital of RMB 100 million, which should be paid-up in cash. Shareholders are required to contribute with their own funds, and controlling shareholders and actual controllers are not allowed to evade regulations through specific-purpose vehicles or entrusting others to hold shares.

Regarding the “one participation and one control” requirement, the essence of the Draft is largely retained, but there are some relaxations in the details. Specifically, the same direct shareholder (who can be a natural person in the Regulations, while the Draft required a legal person) is not allowed to hold 10% or more of the shares or voting rights in two or more payment institutions of “the same business type”. Similarly, the same actual controller may not control two or more payment institutions of “the same business type”, “except as otherwise provided by the State”. The terms “the same type of business” and “otherwise provided by the State” are additions in the Regulations, providing more flexibility.

Furthermore, the Regulations no longer include the three-year lock-up requirement for controlling shareholders and actual controllers, as was outlined in the Draft. Whether this will be stipulated in related supporting documents remains to be observed.

The Regulations cover the entire life cycle of the supervision of payment institutions, including establishment, change, and termination. This is specifically reflected, but not limited to, the following: the registered capital, major shareholders, actual controllers, directors, supervisors and senior managers of payment institutions should meet the requisite qualifications throughout the lifecycle; failure to engage in payment business for more than two consecutive years without justifiable reasons may result in the Payment Permit being revoked; significant changes during the operations (such as the name, registered capital, business scope or geographical coverage, major shareholders, actual controllers, directors, supervisors and senior managers, relocation across provinces, mergers or spin-offs) require approval from the PBOC. For those intending to terminate payment services, they must apply to the PBOC for the cancellation of the Payment Permit before proceeding with any changes to the AMR Registration. Licensed payment institutions should include the term “payment” in their names and should remove such term once the Payment Permit is revoked, and so on.

V. Precisely Implement Business Supervision

In the chapter “Payment Business Rules”, the Regulations first categorize the business into two types, storage account operation and payment transaction processing, based on whether it can accept prepaid funds from payees. It explicitly states that “single-purpose prepaid card business” does not fall within the scope of “payment business” as defined in the Regulations. Compared to the provisions in the Draft, this exclusion is more clearly defined. The latter only excludes businesses related to prepaid value issued by legal entities for internal use.

In terms of specific business rules, the Regulations have streamlined the logical relationship of the rules based on the Draft, emphasized key points, adjusted the order and level of details, while overall maintaining the regulatory approach proposed in the Draft. The main changes are as follows:

● The Regulations highlighted that payment institutions must comply not only with restrictions on the type of business but also with restrictions of operating areas (Article 16).

● Regarding payment accounts opened by payment institutions engaged in storage account operations, the Regulations surpassed the restriction in the Draft, which only allowed payment institutions to open payment accounts for natural persons and individually-owned businesses. The Regulations permitted payment institutions to provide payment services to corporate users and pointed out that the state encourages non-bank payment institutions to collaborate with commercial banks to provide payment services for corporate users through bank accounts. The Regulations also specified that payment accounts must be opened in the real names of Users (Article 23).

● Explicitly stipulated that business systems and their backups should be located within China (Article 18).

● With respect to information collection, use, processing, and localization, the Regulations drew on the legislative and practical developments in recent years related to personal information protection, data security, and cybersecurity, strengthening the responsibility for safeguarding information and data security. With regard to the preservation of Users’ information and transaction records, the Regulations explicitly stipulated that payment institutions are obligated to cooperate with relevant authorities’ inquiries and requests for freezing and withholding. Furthermore, the Regulations specified requirements for information localization, which apply not only to systems recognized as critical information infrastructures but also to systems that handle personal information reaching the quantity stipulated by the cyberspace administration department (Articles 31-33).

● The Regulations removed the requirement specified in the Draft concerning the filing of institutional system construction and pricing with a branch of the PBOC.

VI. Implications for Foreign-Invested Payment Institutions and Cross-Border Payment Business

In terms of regulating foreign-invested payment institutions, Order No. 2 only sets forth in principle that “the business scope of foreign-invested payment institutions, the eligibility criteria for foreign investors, and the proportion of capital contribution shall be separately stipulated by the PBOC and submitted to the State Council for approval”. In the subsequent years, although foreign investment enterprises such as Shanghai Sodexo Pass Service Co., Ltd. and Aiden Reid (China) Co., Ltd. (now deregistered) obtained the Payment Permits in 2013, their operations were limited to prepaid card issuance and acceptance. These operations were relatively marginal and self-contained, differing significantly from Internet payment systems.

China formally eased entry restrictions for foreign-invested payment institutions on March 21, 2018, when the PBOC issued People’s Bank of China Announcement [2018] No. 7 (中国人民银行公告〔2018〕第7号) , the“Announcement No. 7”). This announcement clarified that foreign-invested and domestically-invested payment institutions must comply with the same regulations (ie., Order No. 2). It also imposed requirements on foreign-invested payment institutions in terms of commercial presence, business systems, and information protection.

Subsequently, in 2019, PayPal acquired a 70% stake in the licensed payment institution Gopay Information Technology Co. Ltd. (“Gopay”, now named “PayPal Payments (Beijing) Co., Ltd.”). In January 2021, it further achieved full ownership, becoming the first wholly foreign-owned payment institution; In March 2023, Airwallex, a global financial services platform, announced that it had completed the acquisition of 100% equity interest in the licensed payment institution Guangzhou Shangwutong Network Technology Co., Ltd[6]. According to its recent publicity, Airwallex is one of the only two foreign-funded companies in China to have obtained a third-party payment (Internet payment) license in China.

Article 2(2) of the Regulations continues the spirit of the Announcement No. 7, stipulating the principles of commercial presence, unified access standards, and regulatory requirements set out therein. It requires that overseas non-bank institutions intending to provide cross-border payment services for domestic Users shall establish a non-bank payment institution within the territory in accordance with the provisions of the Regulations except as otherwise provided by the State.

Additionally, the Regulations have also provided for principled provisions for cross-border payment business: payment institutions providing payment services for cross-border transactions must comply with relevant regulations on cross-border payment, cross-border RMB business, foreign exchange management, and cross-border data flow (a new addition compared to the Draft). According to public sources, in early 2021, the regulator distributed the draft of the Administrative Measures for the Cross-border Payment Services (跨境支付服务管理办法（征求意见稿）) to certain organizations engaged in cross-border payments, which has not been publicly released. With cross-border payment business now subject to the guiding principles of a higher-level law, we may soon see specific regulations for the cross-border payment sector.

VII. Other Amendments

In addition to the above, there are other significant changes in the Regulations as compared to the Draft.

The Draft previously devoted a lot of space to detailed provisions on measures to bolster anti-monopoly oversight in the payment sector, encompassing, among other things, delineation of the relevant market scope and criteria for ascertaining dominant market position. It stipulated that the PBOC may request the State Council’s anti-monopoly enforcement agency to undertake precautionary measures against payment institutions, examine whether these institutions hold a dominant market position, and propose measures such as halting abusive practices arising from market dominance or divesting non-bank payment institutions based on their payment business types. The abovementioned provisions sparked vigorous market reactions, prompting fervent debates within the industry on whether Alipay and WeChat Pay should be split up due to potential monopolistic practices.

The Regulations have removed these provisions and instead have only provided principled regulations that payment institutions must refrain from engaging in monopolistic or unfair competition behaviors. It also stated that the PBOC should transfer relevant violation clues to the appropriate law enforcement authorities and collaborate with them in the subsequent investigations. This limits the role of the PBOC in the realm of anti-monopoly enforcement and underscores the leading role of the State Council’s anti-monopoly enforcement agency in this field.

Another provision that appeared in the Draft but disappeared from the Regulations pertains to the regulation of the payment protection fund. Article 59 of the Draft mandated that “non-bank payment institutions shall contribute to a payment protection fund designed to mitigate and address the risks associated with non-bank payment institutions. The regulations governing the management of the payment protection fund shall be separately formulated by the PBOC in conjunction with relevant departments”. In fact, prior to the promulgation of the Draft, the PBOC had already issued the draft of the Administrative Measures for the Industry Protection Fund for Non-Bank Payment Institutions (非银行支付机构行业保障基金管理办法（征求意见稿）) in October 2020 and sought public input, but it has yet to be formally enacted. The future trajectory of the payment protection fund is an issue that merits our continued attention.

Conclusion

In summary, the Regulations will upgrade the regulation of China’s non-bank payment industry, further solidifying the legal basis for the standardized and healthy development of China’s payment institutions. It provides principled guidance on multiple supervisory aspects of non-bank payment business, highlighting regulatory focal points and balancing leniency and strictness on the basis of the Draft. Specific requirements and the transitional arrangements for new and old business types are still awaiting further elaboration by the PBOC in the form of relevant supporting documents. We will continue to monitor these developments and share with readers once the relevant supporting documents are promulgated.

向上滑动阅览注释

[1] http://www.pbc.gov.cn/goutongjiaoliu/113456/113469/5171410/index.html

[2] https://www.gov.cn/zhengce/content/202312/content_6920724.htm

[3] http://www.pbc.gov.cn/zhengwugongkai/4081330/4081344/4081407/4081702/4081749/4081783/9398ddc0/index1.html

[4] http://www.pbc.gov.cn/goutongjiaoliu/113456/113469/5171366/index.html

[5] According to Article 2 of the Draft, “storage account operation refers to the transfer of monetary funds through the opening of a payment account or the provision of prepaid value, based on an electronic payment instructions submitted by the payee or payer. Prepaid value issued by a legal entity and used only within that entity is excluded. Payment transaction processing means the act of transferring monetary funds on the basis of electronic payment instructions submitted by the payee or payer without opening a payment account or providing prepaid value.”

[6] https://www.airwallex.com/cn/newsroom/airwallex-completed-acquisition-swt-cn

Author

LAN, Jie

Capital Markets，Mergers & Acquisitions，Banking & Finance，General Corporate Practice