Deep Dive: Taking A Closer Look At The Chinese Regulatory Space

Chinese banking and business practices’ potential impacts are favored topics for bankers and merchants: Changes in this market often have ripple effects on global finances. The country’s recent cybersecurity and Open Banking developments have thus been the subjects of extensive scrutiny among its own regulators, as well as among cyber and financial experts around the world.

China is looking to keep up with consumers, financial institutions (FIs) and merchants that send funds and information through online channels, and several of the country’s related regulations resemble those from regions where such transactions are now commonplace. For example, parts of its Multi-Level Protection Scheme (MLPS) 2.0 are similar to Europe’s GDPR, and the country’s efforts to foster Open Banking follow identical actions in Europe, Singapore and even the U.S.

However, some aspects of China’s cybersecurity approach are unique, including the role its government takes in enforcing the laws, and determining the businesses and online transactions to which they apply. These differences will become critical as the finance world grows smaller, thanks to online and Open Banking.

Chinese regulators are also working on regulations to shore up application programming interface (API) innovations and platform banking. These offerings will need to connect to what those other countries’ banks have developed, and that Open Banking connectivity means regulatory shifts no longer affect only siloed, carefully guarded markets. Any banking or cyber requirement changes now have global implications. Merchants both in and outside China need to understand how the country’s cybersecurity and financial rules could affect their businesses and the future of Open Banking.

Looking Beyond The China Hype 

FIs looking to educate their affected business partners must first distinguish between Chinese regulatory myth and reality. Local company and regulator movements often provoke immediate responses from their counterparts in other markets, but these shifts are often born out of the perception that China has lax data privacy policies.

The reality is that the nation approaches cybersecurity and Open Banking from another angle. Its government is responsible for safeguarding online data, whereas the EU, the U.K. and the U.S. task independent entities with protecting private information. Assumptions of looser rules are not only untrue, but harmful, camouflaging what China’s regulations target, and how harshly.

Chinese regulators require companies to share and protect data to remain compliant with their cybersecurity rules. Corporations must share their data with the government, but strict rules govern how they may send private citizens’ details to each other. These are blanket requirements for any company operating in China, meaning foreign firms are also expected to share internal data with the government.

This further complicates the complex market for entities wishing to enter the country, especially as FIs are already under greater scrutiny. Those seeking footholds in China must be aware of this before they enter: Failing to follow these strict requirements could cost them both precious funds and time as they build out compliant infrastructure and products.

Confronting Chinese Compliance  

China has never been an easy market to enter, and FIs seeking to do so face both traditional and modern pressures as the rules of engagement evolve. The country’s regulators are finalizing requirements for online-only banks or FinTech firms, also affecting legacy FIs that support digital platforms, meaning there will be further shifts as the country upgrades its cybersecurity and online data policies.

Staying abreast of these compliance changes will be a challenge for FIs entering China, and the government’s involvement means noncompliance may have some unique consequences, such as government intervention on top of fines. The regulatory shifts also affect domestic firms looking to establish themselves outside of China, as they must comply with in-country rules while staying in other regulators’ good graces.

Balancing domestic and foreign compliance is not a new challenge, but Open Banking has made it more complicated for entities of all sizes across various industries. Companies must contend with data and financial rules that are not yet set in stone, which makes compliance even more difficult. In addition, all markets have unanswered questions regarding which rules apply to foreign firms, or how they may change. Thus, it is vital that banking and security companies keep a careful watch on this market as it continues to shift.



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.