Inside China’s Cyber, Financial Regulatory Changes And Challenges

China financial institutions merchants

After four years of evolving Chinese online data and security regulations, foreign merchants doing business in China can find it challenging to stay compliant. In the latest Merchants Guide To Navigating Global Payment Regulations, PYMNTS interviews three experts on Chinese eCommerce, data and finance to examine how the misinterpretation of these regulations can impact global merchants’ expansion ambitions.

China’s 1.3 billion-strong, high-spending consumers and their willingness to adapt to new technologies, trends and products may represent the economy of the future for many banks and businesses, but it is notoriously difficult for firms to enter and compete in this market. Domestic behemoths like Alibaba and Tencent, as well as more traditional Chinese banks dominate the space, making it even more difficult for foreign financial companies to gain footholds.

Financial institutions (FIs) and merchants from other regions have been dipping their toes into the Chinese market, but open banking has compounded the difficulty involved in setting up operations. The country’s government and regulators are keeping pace with those in the European Union and the U.S. as they upgrade their online data and financial rules to support global digital banking innovations.

Banks and merchants may also need to confront outmoded perceptions of Chinese cybersecurity and banking laws and be aware of the government’s role in enforcing such rules. Its policies mandate that corporations share private data with it, for example, meaning Chinese regulatory innovation requires serious consideration from any entities that wish to work there.

Confronting the Chinese Privacy Myth  

PYMNTS recently spoke with three experts on Chinese economy and security changes — William Carter, deputy director and fellow for the technology policy program at the Center for Strategic and International Studies; Martin Chorzempa, research fellow at the Peterson Institute for International Economics; and Julia Voo, research director for China cyber policy at the Harvard Kennedy School’s Belfer Center for Science and International Affairs — to find out what FIs and merchants need to know about the market and which assumptions could lead to trouble.

All three agree that China occupies a unique space in the global economy and that changes to its data and banking policies are just as distinctive. Foreign firms and regulators tend to think of Chinese laws as either too strict, wide-reaching or lax — perceptions that have failed to keep up with local regulations’ developments.

“In China, there is [an] ever-shifting gray line,” Chorzempa said. “You have to make sure that you are on the right side of the line, and it is very easy [for] foreign companies — [especially those] that do not really have connections [that provide insight] into what is actually being debated behind the scenes — to fall on the wrong side of that line.”

Understanding the Chinese privacy landscape and its impact on financial operations is critical for FIs and merchants looking to enter the market for two reasons: They will most likely be unable to do so without this knowledge, and they need to be certain they can share the required information with the Chinese government upon setup.

“China is viewed externally as a country where privacy is not expected and not thought about, but I do not think that accurately reflects how it is viewed within China,” Carter said. “What we have seen over the past few years has been a growing emphasis on data privacy and, particularly, some nod toward user empowerment — and so that has been reflected in some of the privacy regulations that have come out.”

The implications of upgraded privacy and data transparency are even more important when looking at the financial industry.

“The financial sector continues to be one of the most sensitive industries within China, which means it is held to a higher degree of scrutiny,” he continued. “Also, data has been one of the levers by which the Chinese government has continued to try to formalize the financial system within China and put pressure on shadow banking and other nontraditional financial institutions and activity.”

The country takes privacy, particularly financial privacy, seriously, passing its Cyber Security Law in 2016, followed by the Personal Information Security Specifications in 2018 and the MLPS 2.0 in 2019. Foreign and domestic firms alike are still dealing with questions surrounding its cybersecurity laws.

“When China’s cybersecurity law came out in 2016, both domestic and international businesses were very concerned about how their [Chinese] operations would be affected,” Voo said. “Nearly four years later, that hasn’t changed. The law is still ambiguous. It is not really clear what constitutes personal data, what should be localized or what the process is.”

This is similar to privacy and financial innovations in other countries, where regulators are tough on some privacy aspects and more forgiving on others. Chinese consumers may even have more privacy than those in other markets, as they have more protections regarding financial apps and products outside of the typical banking ecosystem, Chorzempa explained. He described how government regulators recently chastised Alibaba for compliance troubles with its credit scoring feature, Sesame Credit.

“In the credit scoring case, at least, something people would probably be surprised about is Chinese people actually have more control over their data than we do [over] data in the U.S.,” he remarked. “I think that is one of the [starker] ways in which the pendulum has shifted … The [Chinese] financial regulators have already really pivoted to focus on data issues.”

Firms also need to be aware of how shifting Chinese policies could cause global impacts on the ways data and money are kept and transferred. Banks are familiar with upgrades to their internal and local compliance standards, but China represents a different kind of challenge.

Chinese regulatory shifts mean world changes  

The country’s changes follow familiar patterns for the banks and merchants racing to comply with similar developments in their home markets. Some aspects of how China treats online data and transactions are similar to rules with which foreign entities already comply.

“The Chinese government has always had pretty extensive and virtually unlimited access to financial data,” Carter said. “Most governments have significantly greater financial data [than] other [industries] just because of anti-money laundering laws, financing [or] tariffs.”

Open banking developments in other nations also follow this tradition, with regulators not letting go of their historic control so much as shifting it to fit the digital world. The major difficulty for FIs and businesses is that some compliance standards are harsher than others, which can lead to security weaknesses.

“There seems to be a global trend of national data regulations reaching overseas, outlining what data can be used, where it is stored [and] how it is used,” Voo said. “This trend will make conducting business internationally much more complicated, particularly where these data regulations overlap.”

China’s laws are very much part of this trend, so it is not that the changes are particularly advanced or unexpected. The country’s sheer economic weight makes the regulations notable, especially since global regulators are still connecting many of their platforms on an unforeseen scale to maintain control. Banks, businesses and FinTechs will need to make sure they fully understand these changes as open banking expands.