On March 21, 2018, the Chinese central bank and regulator of payment services operators (“PSOs“), the People’s Bank of China (the “PBOC“) circulated PBOC Announcement No.7 of 2018 (the “Announcement“) lifting the de facto but unwritten ban on foreign institutions’ accessing the Chinese online payments and settlement market. The move will allow qualifying foreign institutions to provide electronic payments services in respect of both domestic transactions and cross-border transactions, subject to PSO licensing. However, foreign-invested PSOs will be required to localize their data in China. Cross-border transactions initiated by Chinese citizens will now be regulated and will require a license from PBOC, whilst in the past this was an unregulated area.
Based on PBOC press release, the Announcement aims to achieve unified market entry standards and regulatory requirements for both domestic payment institutions and foreign payment institutions, extending “national treatment” to foreign players.
Foreign payment institutions intending to provide payment services in China will be required to obtain a Payment Service Operator License (“PSO License“) from the PBOC. A foreign payment institution will need to establish a foreign-invested enterprise in China to act as the applicant in order to obtain such PSO License, which requires minimum registered capital of RMB 100 million for a national license or RMB30 million for a provincial license. In addition, applicant foreign payment institutions will be required to demonstrate to the PBOC that they have secure operations meeting requisite standards and a disaster recovery system that can independently process payment transactions. It appears that applications for PSO Licenses can be submitted with effect from the date of the Announcement.
In an echo of the preoccupation of various Chinese regulators with data protection, perhaps best exemplified by the implementation of the PRC Cyber Security Law in June, 2017, the PBOC requires that personal information and financial data generated or collected in China by PSOs must be stored, processed and analysed within China. Where international transfers of such data are necessary in order to process cross-border transactions, the consent of the data subject will be required, and PSOs transferring data offshore will be required to ensure that parties receiving the data keep it confidential. These echo provisions in the daft data review measures (see our client note here) but which proved to be highly controversial and were still not law at time of writing.
In addition to the specific requirements noted above, the operations of foreign-invested PSOs in China will need to meet the same requirements as are currently imposed on domestic capital PSOs, including with respect to corporate governance, operational risk management, safe-keeping of funds and reserve deposits.
The opening of the Chinese payment market has come at a time when domestic champions have already established very strong positions across many sectors of the market (think virtual red packets for example). That said, the lure of a market worth something in the order of RMB 169 trillion in a country where cash payments appear to be losing out to online payments and where it is possible to go for days without spending cash will no doubt be irresistible to many international players; particularly for those with international networks that wish to harness the huge purchasing power of the Chinese middle class both domestically and on trips abroad and which can support a robust cross-border business model.