Regulatory Roundup Part III: Draft Regulations for Online Payments
At the end of July, China’s central bank issued a set of draft regulations on online payments for public opinion, which recently concluded at the end of August. The draft rules were hailed by industry players and media as the “harshest rules in history” targeting the third-party payment industry, or non-bank organizations conducting payment-related operations. The central bank purports that the broader context or purpose of these draft rules is to improve consumer protection and reduce payment-related risks such as fraud. However, the industry views these rules as a protectionist move by the central bank that benefits banks in an attempt to stifle growing usage of online transaction services offered by third-party payment platforms (including mobile payments).
I have summarized the key points of the regulations below, outlining the issues and potential consequences from the implementation of these rules:
General – The draft rules only apply to non-bank organizations that have a third-party payment license issued by the central bank. The rules govern online payments, which is defined as the transfer of funds conducted via the internet through either desktop or mobile applications. As reflected in this draft, the opinion of the central bank is that the role of third-party payment platforms is primarily to provide payment processing services for ecommerce transactions, which should be conducted following these regulations and the rules set by the customer’s bank.
Operating Restrictions – Licensed third-party payment platforms should only provide payment processing services and are forbidden from providing other financial services such as taking deposits, providing loans and other forms of financing, wealth management, and currency exchange. Payment platforms are also forbidden from opening payment accounts for financial institutions that offer the aforementioned services.
Most third-party payment platforms will be in compliance with this rule as the payment business tends to be the core focus of their operations. However, many also began offering investment products in the form of money market funds following Ant Financial’s Yuebao launch last year. According to these draft rules, payment platforms will no longer be permitted to continue offering these investment products unless they restructure the service to be offered under a separate legal entity. A more stringent interpretation of the rules may imply that payment platforms cannot even display or advertise such investment products on their websites.
ID Checks – Platforms are encouraged to follow “Know Your Customer” principles and conduct sufficient diligence on customers to verify identity. When opening accounts for customers, platforms must either perform an in-person ID check or pass multiple ID checks on the customer using external sources such as government databases, commercial bank databases, or other legal and secure commercial databases to verify a customer’s identity. If the account is a “Consumer Account” solely used for ecommerce transactions, then either an in-person check or 3 separate external database checks is required. If the account is a “General Account‘’ that can be used for a variety of transactions including ecommerce or investments, then either an in-person check or 5 separate external database checks is required.
There are three main issues with these ID requirements:
1. The requirements greatly impedes user experience since customers now have to either show up in person to some location to verify identity and open an account (much like a bank) or provide multiple IDs online to fulfill the verification requirements.
2. Aside from government-issued personal ID and bank account information, the Chinese market currently does not have robust commercial databases to provide other forms of ID verification. It may be nearly impossible for someone to pass 5 different ID checks to open a General Account as there simply isn’t enough data out there.
3. The multiple ID checks significantly increases costs for platforms as they will need to purchase the ID verification services from external data providers, costs that will likely be passed on to consumers in the form of increased account or transaction fees.
Bank Authorization – When conducting customer-authorized transactions that involve the payment platform deducting funds from the customer’s bank, the following authorizations are required:
1. For transactions under RMB 200, payments for public service bills such as utilities, tax payments, and other payments occurring on a fixed schedule (ambiguous in meaning), the payment platform may verify the customer’s identity and authorize the payment on behalf of the customer’s bank.
2. For all other such transactions, the bank must conduct the verification and authorization process, and cannot assign this responsibility to the payment platform.
Typically when transferring funds into a third-party payment account from a bank account, the user would be guided to the bank’s web portal to direct the transfer into the payment account. In this case, since the transfer is conducted through the bank’s system, the bank is effectively providing the authorization. Thus these account transfer actions are currently in compliance with the rules. After the payment account has been infused with funds, the user can then conduct transactions using the account balance.
However, most third-party platforms offer a “Quick Pay” functionality where customers can transfer funds or transact directly with their bank cards without being redirected to the bank’s web portal. Under Quick Pay, users can link a debit card to the third-party payment account and can transfer funds within a certain limit (typically not exceeding RMB 50,000) as negotiated between bank and platform. To provide this service, the platform enters into contract with a bank whereby the verification and authorization of payments is conducted by the platform, which is limited by the draft rules. This user-friendly feature may be limited to amounts below RMB 200 if the rules now require banks to verify and authorize transactions exceeding this amount. Again, this rule would degrade user experience, causing greater inconvenience to consumers.
Annual Limits – For transactions conducted using an account balance from General Accounts, the maximum annual aggregate transaction volume allowed is RMB 200,000. For Consumer Accounts, the maximum annual aggregate transaction volume is only RMB 100,000. Note that this rule only applies to transactions conducted directly using a payment account’s balance and not to those conducted using the balance from a bank and then processed by the payment platform.
The annual limits should be sufficient for the majority of consumers in China since only those with very high income levels would spend beyond RMB 100,000 in a year on ecommerce purchases. However, for consumers investing in wealth management products online, there’s a preference for flexible investment products where they can invest and withdraw at will, such as money market fund products offered by Ant Financial’s Yuebao and Tencent’s Licaitong. Even if these consumers do not invest a large amount in these funds, making constant transactions in and out of the fund may quickly add up and exceed the RMB 200,000 limit. Because these limits only apply to transactions using a payment account’s balance, consumers can continue to conduct online transactions beyond the limits by directly using their bank account balance, which would require using the bank’s web portal and authorization process. Herein lies yet another rule that is partial to the banks at the consumer’s expense.
Daily Limits – Payment platforms can choose from 3 options to conduct transaction verification: user-set password, unique digital identification such as a one-time password or a digital certificate or electronic signature in the form of a browser plugin, or a biometric ID such as a finger print. If the platform verifies the customer transaction using a browser plugin and an additional verification listed above, then the daily transaction limit can be an amount agreed upon between the platform and customer. If the platform uses a two-step verification that does not include a browser plugin, then the daily transactions for the payment account cannot exceed RMB 5,000 in aggregate. If the platform only uses a single verification method, then the daily transactions for the payment account cannot exceed RMB 1,000 in aggregate.
These daily limits pose another inconvenience to consumers using payments accounts to conduct online transactions that forces them to use bank portals for transactions if they exceed the daily limits. Although the daily limits may be increased if the consumer uses an electronic signature or digital certificate in the form of a browser plugin, installing these plugins can still be a nuisance. The majority of users in China may not be technologically savvy enough to install and update the plugins as these plugins often have compatibility issues with different browsers. And of course, platforms must develop or purchase these plugins from third parties, which adds to the cost that may be passed on to consumers.
It is important to note that all of the aforementioned rules are specific to personal accounts opened by individuals and do not apply to company or business accounts. There is only rule in the draft regulation pertaining to company accounts, and that is for transactions over RMB 50,000, a payment memo or documents demonstrating the purpose and reason for the transaction is required to be kept on record by the platform. This rule is most likely to prevent tax evasion or money laundering by organizations using online payments.
The draft rules for the online payments industry made some serious shockwaves when it was first announced. For an industry that was largely unregulated for over 10 years until 2010, these draft rules were a giant leap forward toward strict control of the payment industry. In speaking to the third-party payment partners that provide the payment-processing service for Fincera’s CeraVest platform, I found that they were mostly concerned with the excessive ID checks required to open accounts and have submitted their opinions to the central bank. Although our payment partners felt the limit on transaction volume would also degrade user experience, they think it is unlikely the central bank will move on those points when issuing the final rules.
It is abundantly clear that banks would benefit most from the current draft rules and that third-party payment providers will likely face additional costs and be required to make some adjustments to continue operating their businesses. Consumers may also feel the impact of these rules if platforms decides to pass on the increased costs from ID checks and safety features. Once the rules are implemented, consumers will be forced to use bank web portals to conduct transactions exceeding the limits set by the rules. These web portals tend to be less user-friendly and most do not provide support or good user experiences for mobile interfaces. However, I expect this may improve over time as banks increase investments in the development of their online services and applications.