China’s Increased Regulations for Online Payment Platforms

China’s premier has emphasized the need for innovation…and called for cutting red tape. But with these new rules, instead of lowering the barriers to innovation, they’ve raised them.

-Yu Fenghui, Chinese financial-news commentator [1]

* * * * *


On December 28, 2015, the People’s Bank of China (“Bank of China”) finally issued its rules regarding online payments in China.[2] Previously, in July 2015, China released its draft publications of these Administrative Measures (“Measures”).[3] This drew in great public debate as industry players criticized them for being the “harshest rules in history,” specifically targeting third-party payment industries and non-bank payment organizations.[4] So what did China finally decide to do?


China’s New Rules for Online Payment Businesses

Since the introduction of Alibaba’s Alipay, China’s third-party non-banking payment transactions grew rapidly. In 2015, these transactions totaled to about 32.97 trillion yuan.[5] Due to these increasing payment platforms, there has been a string of fraud and identity theft cases in China. The new Measures will provide better protection for clients’ personal information and adopt more effective risk control systems.[6] Additionally, it restricts the storage of clients’ sensitive information such as: tracking information, chip information of clients’ bankcards, and verification codes or passwords.[7]

Some important implementations to note include:

  • Minimal storage of client information on third-party non-banking payment platforms;
  • Strict ‘Know Your Customer’ checks to support anti-money laundering and counter-terrorism efforts; and
  • Transaction limits on payment platforms when providing ecommerce transaction services.[8]

Minimal Storage of Client Information

First, third-party non-banking payment platforms are required to “collect, use, store, and transfer clients’ information only to the minimum extent necessary.”[9] These platforms must notify clients of its purpose and scope of use of their information.[10] Additionally, the platforms are restricted from “releasing clients’ information to other institutions or individuals, unless otherwise required by laws and regulations, or unless the provision of each item was confirmed and authorized by the clients.”[11]

Second, third-party non-banking platforms are required to sign agreements with merchants regulating misuse of customer information. The agreements prohibit merchants from storing sensitive information of their clients and require adopting supervisory measures, such as periodic checks and technical monitoring.[12] If merchants violate these agreements, platforms are required to: “promptly suspend or terminate [its] provision of online payment services for these merchants, adopt effective measures to delete the sensitive information[,] and prevent disclosure of it.”[13] Platforms may also be liable for losses and liabilities caused by the disclosure of clients’ information.

Lastly, third-party non-payment platforms are required to “maintain online payment business processing systems that are safe and comply with normative specifications.”[14] This includes having backup systems within the territory of China. If platforms are conducting domestic transactions, platforms are required to complete the transactions using their domestic business processing systems.[15] Additionally, platforms are required to complete the financial settlement within the territory of China for these domestic transactions.[16]

"Know Your Customer" Principles

Third-party non-banking payment platforms are encouraged to follow the “Know Your Customer” principles and provide sufficient verification on customer identity.[17] When opening customer accounts, platforms must either: (1) verify the customer in-person with an ID check or (2) have the customer pass external database checks using government, commercial bank, or other legal and secure commercial databases.[18]

A “Consumer Account” used only for ecommerce transactions would require either an in-person check or 3 separate external database checks.[19] A “General Account‘’ used for a variety of transactions such as ecommerce or investments would require either an in-person check or 5 separate external database checks.[20]

Transaction Limits on Payment Platforms

For “Consumer Accounts”, the maximum annual aggregate transaction volume is RMB 100,000.[21] For “General Accounts”, the maximum annual aggregate transaction volume allowed is RMB 200,000.[22] Again, it is important to remember that these limits only apply to transactions directly using third-party non-banking payment platforms.[23] Customers can continue using online transactions beyond the limits by directly using their bank accounts that requires the bank’s web portal and authorization process.



The winners after the implementation of these new Measures will definitely be the banks. The losers may be the third-party non-banking payment platforms, as they have to incur higher costs due to increase in ID checks and compliance efforts. Customers may also be adversely impacted because platforms may decide to pass on these increased costs to them. Customers are also essentially forced to only use their banking web portals due to transaction limits imposed on third-party non-banking platforms.

[1] Gillian Wong, China Proposes to Keep Online Payments in Check, The Wall Street Journal (Aug. 3, 2015),
[2] China Central Bank Details Rules on Online Payment,, (Mar. 16, 2016),
[3] China: Draft Rules for Online Payments Explained, Spencer Li, (Mar. 16, 2016),
[4] Id.
[5] Supra, note 2.
[6] China Enacts Administrative Measures for Online Payment Businesses, Hunton & Williams, (Mar. 16, 2016),
[7] Id.
[8] Id.
[9] Id.
[10] Id.
[11] Id.
[12] Id.
[13] Id.
[14] Id.
[15] Id.
[16] Id.
[17] Supra, note 3.
[18] Regulations Galore Part I: Online Payments in China, Spencer Li, (Mar. 16, 2016), http://www.
[19] Id.
[20] Id.
[21] Id.
[22] Id.
[23] Id.