Authors: TieCheng YANG丨Yin GE丨Ting ZHENG丨Virginia QIAO丨Avery HUANG
On 11 November 2022, the China Banking and Insurance Regulatory Commission ("CBIRC") issued for public consultation a draft revision to the PRC Banking Supervision Law (the "Consultation Draft").
The current PRC Banking Supervision Law was first promulgated in February 2004 and was amended once in 2006 (the "Current Law"). As a specialized banking supervision and regulatory law, the Current Law promotes the steady operation of banking industry, rectifies disorder in banking market and mitigates banking risks. In recent years, with continuous opening up and innovation, the assets in the banking industry have continued to grow and the degree of financial marketization is increasing. However, some provisions in the Current Law have not kept pace and gaps exist in certain significant areas, which may not meet the needs of regulatory practice. In this regard, an overhaul of the Current Law appears necessary at the current stage.
New requirements/major changes of the Consultation Draft on top of the existing laws and regulations
CBIRC has released a table which compares the differences between the Current Law and the Consultation Draft. It is worth noting that since the promulgation of the Current Law, CBIRC has formally issued a series of regulations in areas of regulatory supervision, banking personnel management, corporate governance, equity management, etc. Some of the revisions proposed to the Current Law found in the Consultation Draft are not new, but rather reiterate and summarize at the legislative level these regulations, which have already been implemented in practice.
In order to facilitate readers' understanding on the key implications of the Consultation Draft for the banking industry and personnel, we have conducted an overall gap analysis against the existing banking regulations. In the following sections, we will highlight and comment on the new requirements/major changes in the Consultation Draft on the basis of the existing regulatory framework.
Part I: incremental requirements/notable changes regarding banking personnel management
The Consultation Draft proposes to raise the cost of law violations and to comprehensively supplement new regulatory provisions and penalties for directors, supervisors, senior management personnel and other persons who perform important duties. Notable changes mainly include the following.
1. Supplementing duties for supervisors and other persons who perform important duties, generally aligned with those of directors and senior management personnel:
A. adding qualification pre-approval requirements for the above personnel (Art. 25 of the Consultation Draft);
B. adding information disclosure requirements for the above personnel changes (Art. 56 of the Consultation Draft);
C. adding compulsory measures for the above personnel when a bank violates prudential operation rules (Art. 57 of the Consultation Draft); and
D. regulatory measures taken against the above personnel when a bank is under takeover, reorganization, and shut-down, or other major risks arise. (Art. 70 of the Consultation Draft).
2. Intensifying the dual-penalty system for banks and their personnel (Arts. 77, 80 and 81 of the Consultation Draft)
On top of the existing laws and regulations, the Consultation Draft has increased monetary penalties for most of violations. In addition to the existing high-level personnel penalty rules, the Consultation Draft also explicitly sets out the following scenarios for triggering these dual-penalties:
A. conducting material equity investments or other material business activities without prerequisite approval (Arts. 77 and 81 of the Consultation Draft);
B. performance of duties by the relevant personnel without qualification approval (Arts. 77 and 81 of the Consultation Draft);
C. serious violation of prudential supervision rules which results in a criminal case, significant risks or serious damage to the legitimate rights and interests of depositors and other customers (Art. 81 of the Consultation Draft);
D. refusing or obstructing off-site supervision or on-site inspection (Art. 81 of the Consultation Draft);
E. providing false statements, reports or other documents, materials or data overseas (Art. 81 of the Consultation Draft); and
F. illegal provision of documents, materials or data overseas (Art. 81 of the Consultation Draft).
Part II: Incremental requirements for the supervision of major shareholders and actual controllers
The Consultation Draft proposes to strengthen supervision of major shareholders and actual controllers and to establish a whole-process supervision system, which ranges from pre-establishment approval and ongoing supervision to post-event punishment.
1. Analysis of major shareholders
A. Pre-establishment approval and ongoing supervision
For the supervision of major shareholders, the requirements for pre-establishment and ongoing supervision are, to a large extent, taken from legal and regulatory provisions such as the PRC Commercial Banking Law, the Interim Measures for the Administration of Equity of Commercial Banks, and the Measures for the Supervision of the Conduct of Major Shareholders of Banking and Insurance Institutions (for Trial Implementation).
B. Post-event punishment
On top of the existing shareholder management rules and requirements, the Consultation Draft proposes important changes to the penalties on major shareholders:
revising the penalty provisions for major shareholders, adding punishable circumstances and increasing the amount of monetary penalties (Arts. 79, 82 and 83 of the Consultation Draft);
expanding the scope of shareholders to be ordered to transfer equity and be subject to rights restrictions, and specifying that there is a time limit for transfer of equity (as a preparation for compulsory enforcement of equity transfer) (Art. 57 of the Consultation Draft);
detailing regulatory enforcement actions for violations by major shareholders (Art. 58 of the Consultation Draft);
specifying that CBIRC may apply for compulsory enforcement in court where the relevant shareholder is ordered to transfer equity and the equity transfer is not completed within the time limit (Art. 59 of the Consultation Draft); and
specifying the restrictions on shareholders and shareholders’ meetings during takeovers (Arts. 62 and 64 of the Consultation Draft).
2. Analysis of actual controllers
Under current law, the regulatory requirements for actual controllers are less robust compared with the requirements on shareholders. The Consultation Draft makes significant improvements and enhancements in this regard.
A. Pre-establishment approval and on-going supervision
providing CBIRC authority to review actual controllers (during pre-establishment approval and when any actual controller changes) (Arts. 19 and 20 of the Consultation Draft);
supplementing CBIRC's review authority for the actual controller's source of funds, financial status, capital replenishment capacity, equity structure and creditworthiness (during pre-establishment approval and when any actual controller changes) (Art. 22 of the Consultation Draft); and
specifying the actual controller's reporting duties and compliance obligations with laws and regulations on related-party transactions and information disclosure. Actual controllers may not abuse their position to harm the legitimate rights and interests of financial institutions and depositors and other customers (Arts. 29 and 48 of the Consultation Draft).
B. Post-event punishment
specifying penalties for actual controllers who breach their reporting obligations (Art. 79 of the Consultation Draft);
specifying CBIRC's regulatory and compulsory measures for actual controllers, those who fail to make corrections within the time limit or whose breaches are particularly serious may be prohibited from investing in banking financial institutions (Art. 58 of the Consultation Draft);
specifying that CBIRC may apply for compulsory enforcement in court where the actual controller is ordered to transfer equity controlled by it and the equity transfer is not completed within the time limit (Art. 59 of the Consultation Draft);
specifying CBIRC's power to stop issuing loans and other credit funds provided by the financial institution to its actual controller during a takeover (Art. 64 of the Consultation Draft); and
proposing incremental penalties for actual controllers, among others, penalties for the actual controller who have obtained administrative approvals by improper means (Arts. 82 and 83 of the Consultation Draft).
Part III: New requirements for bank risk resolution matters
Viewed from the current regulatory regime, the provisions for bank risk disposal and market exit are relatively general and principled, with outstanding issues such as an imperfect early intervention mechanism and lack of effective disposal solutions.
The Consultation Draft aims to improve the risk disposal mechanism and further refine mechanisms in terms of daily supervision, early intervention, takeover, bankruptcy and liquidation. Notable changes in the Consultation Draft against the existing regulatory framework for resolving bank risk include:
1. specifying CBIRC's discretionary power to require a banking financial institution to formulate and implement recovery and disposal plans (Art. 41 of the Consultation Draft);
2. specifying daily supervision from CBIRC, such as regulatory dialogue, risk warning, and proposing regulatory opinions (Art. 55 of the Consultation Draft);
3. supplementing and detailing specific content of regulatory compulsory measures, including, among others, limiting the scale of risk assets and adjusting the requirements for regulatory indicators (Art. 57 of the Consultation Draft);
4. establishing an early intervention mechanism and proposing early intervention measures (Art. 60 of the Consultation Draft);
5. detailing takeover and market-exit mechanisms:
A. specifying legal status of the takeover team, refining of its statutory duties and specific takeover measures (Arts. 61-64 of the Consultation Draft);
B. supplementing the administrative restructuring mechanism (Art. 66 of the Consultation Draft);
C. supplementing industry protection fund management institutions to participate in risk disposal procedures (Art. 67 of the Consultation Draft); and
D. specifying two ways a bank may enter bankruptcy (Art. 68 of the Consultation Draft).
Other notable highlights of the Consultation Draft
I. Understanding "other persons who perform important duties"
"Other persons who perform important duties" is a new concept in the Consultation Draft. Its meaning and scope is worth analyzing.
1. The expression has not yet appeared in other regulations, and the Consultation Draft does not provide a clear definition or scope.
2. In the Consultation Draft, where there are provisions applicable to directors, supervisors, senior management personnel, "other persons who perform important duties" have been identically applied to, such as provisions on qualifications management, disclosure of changes in personnel, penalties for performing duties without approval, regulatory compulsory measures, restrictive measures on personnel under significant risks, personnel penalties, etc.
3."Other persons who perform important duties" is NOT equivalent to "any other persons who have decision-making rights in business management or play a significant role in risk control".
The concept of "any other persons who have decision-making right in business management or play a significant role in risk control" has been mentioned in administrative licensing rules for foreign-funded and Chinese-funded banks.
Foreign-funded Banks: Art. 134 of the Measures for Implementation of Administrative Licensing Items for Foreign-funded Banks defines other personnel of foreign banks as "any other persons who have decision-making rights in business management or play a significant role in risk control".
Chinese-funded Banks: Pursuant to Art. 78(4) of the Measures for Implementation of Administrative Licensing Items for Chinese-funded Commercial Banks, "those who hold none of the afore-mentioned positions, but who actually perform the duties of directors or senior executives as listed in the preceding three paragraphs, or those in the management of the head office or branch who have the decision-making power or an important influence in the operation management or risk control of such institution shall be granted with the qualification for holding positions". The rule requires that personnel who actually perform the duties of directors or senior management should also be equally subject to a qualification review.
Then here is the question - is "other persons who perform important duties" the same as "any other persons who have decision-making right in business management or play a significant role in risk control"? Our view is that the above terms cover different personnel.
Art. 3 of the Measures for the Administration of Qualifications of Directors and Senior Management of Banking Financial Institutions stipulates that senior management refers to all types of personnel in the management of the headquarters and branches of a financial institution who have decision-making power or significant influence on the operation and management and risk control of the institution. Therefore, "any other persons who have decision-making rights in business management or play a significant role in risk control" is covered under senior management personnel. However, in the Consultation Draft, "other persons who perform important duties" are independent from and parallel with directors, supervisors and senior management personnel. The purpose of introducing "other persons who perform important duties" is to cover persons other than directors, supervisors and senior management personnel.
4. By reference to other CBIRC-issued personnel management rules, the Guiding Opinions of the China Banking and Insurance Regulatory Commission on the Challenge System for Employees of Banking and Insurance Institutions in Duty Performance refers to the concept of "key personnel and important posts". Items (4) and (9) generally define "key personnel and important posts" as "the management members at all levels and persons-in-charge of internal departments who have important influences in terms of business operation, internal control management and risk prevention and employees at key business posts".
These guiding opinions apply to the specific context of the challenge system for employees to perform their duties. It may differ from the context of overall bank supervision and management in the Consultation Draft. It remains uncertain whether CBIRC will make direct reference to "key personnel and important posts" when defining the term "other persons who perform important duties".
5. Our understanding: The scope of "other persons who perform important duties" in the Consultation Draft may include:
personnel who do not formally hold the positions of directors, supervisors or senior management personnel, but who actually perform the duties (e.g., acting roles); and
meanwhile, for prudential purposes and for the legislative intent of enhancing personnel supervision, it remains possible that CBIRC makes reference to "key personnel and important posts" when defining "other persons who perform important duties".
Given that the Consultation Draft retains a certain degree of flexibility, it still requires further attention and prudent observation.
II. Requirements for personnel departure
Art. 70 of the Consultation Draft on restrictions on the departure of personnel has been modified and improved.
"During the period of assumption of control, reorganization, shut down for liquidation or the event of significant risk, the following measures may be adopted against the directly liable directors, supervisors, senior management personnel, other persons who perform important duties and other directly liable personnel upon the approval of the person-in-charge of the banking regulatory authority of the State Council:
(1) if the departure of the directly liable directors, supervisors, senior management personnel, other persons to perform important duties and other directly liable personnel from China will cause major losses to State interests, the decision to prevent their departure would be made and the immigration authorities shall be notified to implement; and
(2) apply to the judicial authorities to prohibit their transfer or assignment of property or attachment of other rights to their property."
Compared with the existing regulatory provisions, the Consultation Draft proposes the following three major changes:
1. Supplementing applicable scenarios: upon the occurrence of "significant risk"
The Consultation Draft does not specify the definition or scope of "significant risk". We understand that major risk events or crises in the areas of liquidity risk, credit risk, market risk, operational risk, etc. encountered by commercial banks during business management would be included and may trigger restrictions on the departure of personnel.
2. Supplementing in-scope personnel: Supervisors and "other persons who perform important duties"
In terms of in-scope personnel, the Consultation Draft unifies the new management requirements for supervisors, reflecting the practical need to establish an improved professional banking supervision system in China. In addition, the scope of "other persons who perform important duties" has been analyzed in above sections of this newsletter.
3. Further clarifying procedures
In terms of the procedure for placing restrictions on the departure of personnel, the Consultation Draft clarifies the power of the CBIRC to "decide" to restrict personnel departures, but the draft provisions appear to propose no substantive practical changes. The above revision only clarifies the process that CBIRC will (1) decide to restrict personnel departures; and (2) notify the immigration authorities to implement it. This change in statement is consistent with the provision of the PRC Exit and Entry Administration Law.
III. Extraterritorial application
Art. 47 of the Consultation Draft provides for extraterritorial application of the law:
"Where the banking financial activities outside the territory of the People's Republic China have endangered the sovereignty, security and development interests of the People's Republic of China, disrupted the market order within the territory and damaged the legitimate rights and interests of investors within the territory, such activities shall be investigated for legal responsibility in accordance with the laws."
The provision has sparked widespread concern within the banking industry. It is worth noting that the Consultation Draft is not the first try to apply extraterritorial jurisdiction provisions among multiple laws and regulations governing the financial sector—relevant provisions have already been introduced in the securities and futures industries.
1. Current regulations and consultation drafts in other financial industries
Extraterritorial jurisdiction provisions were added to the PRC Securities Law in 2019.
"Where the issuance and transaction of securities outside the territory of the People's Republic China have disrupted the market order within the territory of the People's Republic of China and damaged the legitimate rights and interests of investors within the territory, such activities shall be handled and investigated for legal responsibility in accordance with the relevant provisions of this Law."
The extraterritorial jurisdiction provisions in the PRC Futures and Derivatives Law in 2022:
"Where the transaction and other related activities of futures and derivatives outside the territory of the People's Republic of China have disrupted the market order within the territory of the People's Republic of China and damaged the legitimate rights and interests of investors within the territory, such activities shall be handled and investigated for legal responsibility in accordance with the relevant provisions of this Law."
In addition, the PRC Commercial Banking Law of the People's Republic of China (Draft Revision) issued in 2020, also explores extraterritorial application.
"Where the commercial banking services to individuals or institutions within the territory of the People's Republic of China provided by institutions outside the territory have damaged the legitimate rights and interests of individuals or institutions within the territory, such activities shall be handled in accordance with the relevant provisions of this Law."
The above provisions show a certain degree of similarity, but the extraterritorial jurisdiction provision of the Consultation Draft further expands the scope of application.
2. Understanding the scope of the extraterritorial jurisdiction provision in the Consultation Draft
Based on the Consultation Draft, all such activities outside mainland China may be subject to Chinese law, so long as they have an impact within the territory that endangers state security, disrupts the market and damages the legitimate rights and interests of investors. Such general and broad extraterritorial jurisdiction provision is more inclusive and flexible. It can also give regulators greater discretion to respond to various situations that may occur in practice.
Three possible scenarios in which the provision could apply include:
A. offshore banks provide regular commercial banking services (such as deposits, loans and settlements) which damages the legitimate rights and interests of the PRC individuals or institutions;
B. offshore banks engage in product management/distribution of banking financial products outside the territory which damages the legitimate rights and interests of PRC investors; and
C. offshore third-party support services (such as information technology) for offshore banking activities damage the legitimate rights and interests of PRC investors.
Compared with extraterritorial jurisdiction provisions of the PRC Securities Law and others, the Consultation Draft adds "having endangered the sovereignty, security and development interests of the People's Republic of China" to reflect the increasing importance of national security in recent years.
3. Other content to observe
Art. 47 of the Consultation Draft is a principled provision, which only proposes a general expression of the provision on extraterritorial jurisdiction. This provision does not set clear criteria for judging the impact in China, nor does it explain the specific legal liability that may be imposed. Further clarification of the provision is expected in the future.
IV. Understanding on "providing data to offshore without authorization"
Cross-border data transfers are also one of the hot issues in the market. Art. 8 of the Consultation Draft stipulates that banks may not provide documents, information or data related to their business activities outside the territory of the People;;s Republic China without authorization, except as otherwise provided by laws, administrative regulations and CBIRC rules. Arts. 78 and 81 would add "providing documents, information and data outside the territory in violation of regulations" as an illegal act of the banks, and the banks would be ordered to make corrections, forfeit their illegal income, and be fined. Banks may be ordered to suspend business for rectification, revoke licenses, or even be held criminally liable in serious cases. The relevant responsible personnel may also be punished.
For the above provisions, we have analyzed the interpretation of Arts. 8, 78 and 81:
Arts. 78 and 81
Scope of data transfer
Art. 8 on cross-border supervisory cooperation limits the scope of data transfers to "in connection with business activities".
We understand that the context of Art. 8 is cross-border supervisory cooperation, which is intended to emphasize that the banks may not provide "business data" outside the territory without authorization in the process of cross-border business supervision.
In contrast to Art. 8, Arts. 78 and 81 do not set the similar limits of "in connection with business activities".
With reference to "violation of regulations", the regulatory intention is that the banks must comply with all relevant laws and regulations on data transfers. The scope of data transfers should be broadly understood, not limited to data "related to business activities" under Art. 8.
Art. 8 is under the context of "cross-border supervisory cooperation". Since the requirements for "not providing documents, information and data related to business activities outside the territory without authorization" is among the following paragraphs under the same article, data receivers naturally refer to foreign judicial and law enforcement authorities.
In addition to providing data to foreign judicial and law enforcement authorities, banks are also required to comply with China's relevant laws and regulations on cross-border data transfers; thus, we should adopt a general understanding towards data receivers, not limited to offshore judicial and law enforcement authorities.
According to the current data compliance requirements, banks should pay specific attention to the following scenarios:
Banks should act in strict accordance with the applicable data transfer rules according to their specific circumstances.
We have presented our preliminary understanding and analysis of the above issues, which remain subject to change during the legislative process, or further written rules or guidance issued by CBIRC in the future. We will also continue to monitor relevant regulatory updates and share our views with readers in a timely manner.
This Legal Commentary has been prepared for clients and professional associates of Han Kun Law Offices. Whilst every effort has been made to ensure accuracy, no responsibility can be accepted for errors and omissions, however caused. The information contained in this publication should not be relied on as legal advice and should not be regarded as a substitute for detailed advice in individual cases.
If you have any questions regarding this publication, please contact:
Tel: +86 10 8516 4286
Tel: +86 21 6080 0966
Tel: +86 21 6080 0203
 Vito Wang (intern) has made contribution to this article.
 The Consultation Draft (in Chinese only) is accessible at: http://www.cbirc.gov.cn/cn/view/pages/ItemDetail.html?docId=1081221&itemId=925&generaltype=0.