Although fintech and insurtech are not terminologies recognized by the Chinese government or used in published laws and regulations, according to the Guidelines on the Promotion of the Healthy Development of Internet Finance (FinTech Guidelines) issued on 18 July 2015, which is considered to be the first comprehensive regulation concerning regulation of fintech in China, the division of responsibilities between financial regulators is as follows:

• People's Bank of China is responsible for the regulation and supervision of internet payment services.
• China Securities Regulatory Commission is responsible for the regulation and supervision of (i) internet lending services and (ii) internet trust and internet consumer finance.
• China Securities Regulatory Commission is responsible for the regulation and supervision of (i) equity crowdfunding activities and (ii) internet fund sales.
• China Insurance Regulatory Commission is responsible for the regulation and supervision of internet insurance services.

In July 2017, the Financial Stability and Development Commission was established to be the central regulator to coordinate with these financial regulations in respect of the regulation of financial sectors.

In addition to these financial regulators, the Ministry of Industry and Information Technology (MIIT) is responsible for the regulation and supervision of telecommunications-related businesses involved in the provision of fintech/insurtech, the Cybersecurity Administration of
China (CAC) is responsible for the regulation of cybersecurity compliance in the provision of fintech/insurtech and the CAC, together with the Ministry of Public Security (PSB), will regulate compliance with the handling of personal information in the provision of fintech/insurtech.

The following types of activities are currently regulated under the Fintech Guidelines:

• internet payment
• internet lending
• equity crowdfunding
• internet fund sales
• internet insurance
• internet trust and internet
• consumer finance

In addition, Chinese regulators have been actively clamping down on illegal fundraising through P2P lending and equity crowdfunding.

While there has been strong government and regulatory support for fintech/insurtech, Chinese regulators have become more and more cautious about the potential risks posed by these businesses and may impose stricter and broader regulation on various fintech/insurtech
businesses.

The significance of fintech/insurtech has been recognized and endorsed by the Chinese government. For example, the Fintech Guidelines provided strong policy direction for supporting and promoting the development and growth of fintech in China. Specifically, the Fintech Guidelines set out the following goals of the Chinese government:

• promoting innovation of fintech platforms, products and services
• encouraging cooperation between financial institutions and internet companies
• improving access to capital for fintech firms through the promotion of venture capital, SME finance and public listings
• streamlining administrative approvals for fintech firms
• providing tax benefits for fintech/insurtech start-ups and fintech innovations
• encouraging the development of credit information infrastructure and supporting service systems for fintech/insurtech

However, with more and more reported cases of fraudulent or problematic P2P lending platforms in 2015, it has been reported that Chinese regulators are in the process of drafting new rules to tighten up the control over certain fintech/insurtech businesses such as internet lending, internet payment and internet insurance businesses. Many companies conducting internet lending, internet payment or internet insurance businesses have been closed down or had their operating licenses revoked since 2015.

Depending on the specific activities involved, the following licensing and/or regulatory requirements may be triggered for:

• conducting an Internet banking business – a financial license is required
• conducting Internet payment services – a payment business license is required
• Internet lending business: (i) Internet small-amount lending business is subject to the requirements of provincial-level finance office; (ii) for P2P online lending, the P2P online lending platform is required to serve as intermediary only and must choose a qualified banking financial institution as the capital depository institution for both the lenders and the borrowers.
• conducting equity crowdfunding business, registration and membership with the Securities Association of China is required
• conducting Internet fund sales, a publicly raised fund sales payment and settlement institution license is required.
• conducting Internet insurance sales, an insurance license is required. However, for insurance sales through third-party platform, no license (other than the relevant telecommunication license or recordal) is required for the third-party platform.
• conducting Internet trust business or Internet consumer finance, a financial license is required

In addition, the relevant telecommunication license or recordal is also required for operating the online platform for providing the relevant fintech/insurtech.

Provision of telematics services is regulated in China. Specifically, location-based information services are subject to licensing and regulatory requirements for the providing Internet mapping services and value-added telecommunications services in China.

Use of biometrics data is not specifically regulated under Chinese law.

No. 

According to the Guidelines for the Administration over the Informatization of Insurance Companies (for Trial Implementation) issued by CIRC, effective 1 January 2010, insurance companies established and licensed within China are required to comply with the following obligations with respect to technology risk management:

• establish data center and disaster recovery center within the territory of China
• establish and implement detailed internal rules and systems concerning IT and network security management
• appoint a chief information officer or a person who is mainly responsible for the IT-related work
• conduct security assessment before implementation of new information systems and/or technologies
• establish monitoring and reporting system for IT security
• conduct risk assessment and audit of IT system

There is no comprehensive personal data protection law in China, but the concept exists under various laws and regulations such as the Tort Liability Law, the Criminal Law, the NPC Decision on Strengthening the Protection of Network Information and the Consumer Protection Law.

In the context of collecting and processing electronic personal data, the relevant Chinese laws and regulations require that organizations must expressly inform the data subjects the purposes, scope and manner of data collection and use and obtain their consent to the
same. Furthermore, organizations have an obligation to (i) keep the personal data of data subjects confidential, and must not disclose (unless with the data subject's consent), sell or unlawfully provide the same to a third party, and (ii) adopt technical and other necessary
measures to ensure that the data is secure, and must take remedial steps immediately where data disclosure, damage or loss occurs or may occur.

Chinese central government has shown increased interest in the use of big data by issuing several notices and circulars with framework policies and rules dealing with storage and use of big data by government agencies. Detailed enabling rules or specific regulations to govern the use of big data is yet to be promulgated.

No. 

Yes. Most notably, the following laws contain provisions concerning cybersecurity:

• The National Security Law, which provides the state's focus on safeguarding the security of cyberspace.
• The 9th Amendment to the Criminal Law, which provides that network service providers will be subject to criminal liabilities, if they:  (i) fail to comply with network security management obligations, causing large-scale dissemination of illegal information or other
  serious results; or (ii) knowingly provide technical support (such as Internet access, server hosting, network storage or communications transmission) to aid crimes committed through information networks.
• The Anti-terrorism Law imposes obligations on telecom business operators and Internet service providers to (i) provide technical support to authorities in connection with investigations for terrorism, (ii) adopt security measures, monitor terrorist content and
  cooperate with investigations, and (iii) verify customer identity.
• The Draft Cybersecurity Law, which has yet to take effect, will be the first Chinese law that focuses exclusively on cybersecurity and addresses various aspects of cybersecurity in China.

Fintech/insurtech innovations in China are still a relatively recent phenomenon. As a result, there are no specific insurtech innovations that we are aware of in the insurance sector. As mentioned, the insurance regulator has recently expressed its concern over the lack of
regulation and risk control of online insurance businesses conducted by unlicensed online platforms. Accordingly, the insurance regulator has announced that it will clamp down on unlicensed internet insurance businesses as one of its major tasks for 2016.

There have been quite a number of cases where the operation of P2P lending platforms has been characterized as criminal offenses involving illegal fundraising or unlicensed deposit taking, and the persons found to be responsible for these platforms have been subject to criminal sanction.

• Lack of centrally coordinated regulator for fintech/insurtech business – While there are various regulators overseeing specific financial service sectors, they have not put in place a coordinated scheme to address their overlapping jurisdiction, which often results in a lack of specific guidance and supervision of fintech/insurtech innovation.
• Difficulty in securing licenses – Due to the lack of specific rules and regulations, it has been difficult to obtain the appropriate licenses required for conducting fintech activities, which constantly result in the legality of the relevant fintech business being questioned or
  challenged.
• Cybersecurity issues

Fintech/insurtech will likely continue to play an important role in the financial services industry in China given the policy objective of the Chinese government to promote fintech/insurtech as well as the increasing use of digital devices by Chinese consumers. 

The Chinese government is considering setting up a centralized financial and monetary regulator that may have comprehensive power to regulate most (if not all) fintech/insurtech activities. This has been considered one of the most significant impacts of fintech/insurtech innovation on the regulation of the financial services industry in China.

It remains to be seen if internet insurance will continue to grow in China in the future, given the previous regulatory action taken by the Chinese insurance regulator.