Order No. 4 [2021] of the People’s Bank of China

The Measuresfor the Administration of Credit Reporting Services, adopted on September 17, 2021 at the ninth executive meeting of the People’s Bank of China in 2021, is hereby issued   and shall come into force as of January 1, 2022.

Yi Gang, Governor of the People’s Bank of China

September 27, 2021

Measures for the Administration of Credit Reporting Services

Chapter I  General Provisions

Article 1 This Measures is formulated in accordance with the Law of the People Republic of China on the People Bank of China, the Personal Information Protection Law of the People Republic of China, the Regulation on the Administration of Credit Reporting Industry, and other applicable laws and regulations to regulate credit reporting services and  related activities, protect the legitimate rights and interests of information subjects, promote the healthy development of the credit reporting industry, and strengthen the social credit system.

Article 2 This Measures applies to the credit reporting services and related activities conducted within the mainland of the People’s Republic of China in relation to corporations and unincorporated organizations (hereinafter referred to as “enterprises”) and individuals.

Article 3 For the purpose of this Measures, credit reporting services refer to the collection, organization, preservation, and processing of the credit information of enterprises and individuals and the provision of such credit information to information users.

For the purpose of this Measures, credit information refers to the basic information, lending information, and other relevant information lawfully collected to identify and assess the credit status of enterprises and individuals to facilitate financial and other activities, as well as the analyses and evaluations made based on the forgoing information.

Article 4 Businesses that engage in credit reporting services for individuals shall lawfully obtain the consumer credit reporting agency license from the People’s Bank of China (“PBC”); businesses that engage in credit reporting services for enterprises shall lawfully complete the filing process for commercial credit reporting agencies; businesses that engage in credit rating services shall lawfully complete the filing process for credit rating agencies.

Article 5 Financial institutions shall not enter a business relationship with any market entity for its credit services if the market entity is not legally qualified to provide credit reporting services.

For the purpose of this Measures, financial institution refers to any institution that engages in financial business under the regulation and supervision of the financial regulatory authority under the State Council.

Local financial organizations regulated and supervised by local financial regulatory authorities are subject to the provisions of this Measures on financial institutions.

Article 6 Any businesses that engage in credit reporting services and related activities  shall protect the lawful rights and interests of the information subjects, ensure the safety and security of information, and prevent the leakage, loss, destruction, or misuse of credit information, and shall not undermine state secrets, invade personal privacy, or commit breach of confidential business information.

Credit reporting services and related activities shall be conducted on an independent, objective, and impartial basis and shall not violate relevant laws and regulations or offend public order or good morals.

Chapter II  Collection of Credit Information

Article 7 Consumer credit information shall be collected in a lawful and proper manner, in accordance with the principles of data minimization, and strictly on an “as needed” basis.

Article 8 A credit reporting agency shall not collect credit information:

(1) through deception, coercion, or inducement;

(2) by charging a fee from the information subjects;

(3) through illegitimate channels; or

(4) through any other method that harms the legitimate rights and interests of the information subjects.

Article 9 Where a credit reporting agency obtains credit information from an information provider, the credit reporting agency shall establish relevant rules to conduct the necessary checks on such matters as the source, quality, and safety and security of such information and the authorization from the information subjects.

Article 10 Credit reporting agencies and information providers, in conducting business and collaborations, shall comply with laws and regulations including the Personal Information Protection Law of the People Republic of China and specify, through an agreement or other means, the principles governing information collection and their respective rights, obligations, and responsibilities in relation to such matters as the obtainment of customer consent; the collection, processing, and correction of information; dispute resolution; and information safety and security.

Article 11 Any credit reporting agency that engages in consumer credit reporting services shall develop an information collection plan and report to the PBC such matters as the data items to be collected, source of information, methods of collection, and rules governing the protection of information subjects as well as any changes to the foregoing.

Article 12 Any credit reporting agency that collects consumer credit information shall obtain consent from the information subjects and expressly inform them of the purpose of collection, except for information that is made publicly available according to laws and  regulations.

Article 13 Where a credit reporting agency obtains personal consent through an information provider, the information provider shall fulfil the informing obligation to relevant information subjects.

Article 14 Each consumer credit reporting agency shall report to the PBC its partnering information providers that collect, organize, process, and analyze consumer credit information.

A consumer credit reporting agency shall standardize its collaboration agreements with information providers. An information provider shall accept the risk assessments conducted by consumer credit reporting agencies and the fact checks by the PBC with respect to its handling of consumer credit information.

Article 15 Enterprise credit information shall be collected for lawful purposes and not in a manner that constitutes a breach of confidential business information.

Chapter III Organization, Preservation, and Processing of Credit Information

Article 16 A credit reporting agency shall observe the principles of objectivity in    organizing, preserving, and processing credit information and shall not tamper with the original information.

Article 17 A credit reporting agency shall take Measures to improve the accuracy of information in its credit reporting system and ensure the quality of information.

Article 18 Where a credit reporting agency identifies any error in credit information during information organization, preservation, or processing, it shall promptly notify the relevant information provider to make corrections if the error is transmitted from the information provider, or promptly correct the error and optimize its internal processing procedures for credit information if the error originates from its internal processing.

Article 19 A credit reporting agency shall cross-check the information obtained from  different information providers and verify and resolve inconsistencies in a timely manner.

Article 20 Each credit reporting agency shall retain an individual’s negative entry for five years from the day when the negative behavior or event ceases to exist. 

Upon the expiration of this retention period, the negative entry shall be removed by the credit reporting agency from its external services and applications, or, if it is to be used as sample data, be anonymized.

Chapter IV Provision and Use of Credit Information

Article 21 In providing credit reporting products and services to external parties, a credit reporting agency shall observe the principle of fairness by not establishing any unreasonable commercial terms and conditions that restrict the use of information by different information users or by taking advantage of its position to provide discriminatory or exclusive products and services.

Article 22 Credit reporting agencies shall take appropriate Measures to check the identity, business qualifications, purpose of use of information, and other pertinent aspects of information users.

Credit reporting agencies shall assess the security and compliance management Measures of the networks and systems used by information users to access the credit reporting system, and shall monitor their queries. A credit reporting agency shall promptly verify any security risk or abnormal behavior and, upon discovering any illegal activity or misconduct, terminate its service.

Article 23 Each information user shall take the necessary Measures to ensure that it has obtained the consent of the relevant information subjects when querying consumer credit information and that it is using such information for the purposes agreed upon.

Article 24 An information user shall use the credit information provided by a credit reporting agency for lawful and legitimate purposes and shall not misuse it.

Article 25 Each individual information subject is entitled to his own credit report twice a year without charge. Credit reporting agencies may provide such credit report services over the internet, at places of business, or by other means.

Article 26 An information subject believing that there is any error or omission in its credit information may file a dispute with the relevant credit reporting agency or information provider. An information subject believing that its legitimate rights and interests are violated may file a complaint with the relevant branch of the PBC. Such disputes and complaints shall be handled in accordance the Regulation on the Administration of Credit Investigation Industry and other relevant provisions.

Article 27 No credit reporting agency may charge information subjects a fee for removing or not collecting negative entries.

Article 28 A credit reporting agency that provides credit reports and other credit information products and services shall present the requested credit information in an objective manner and provide explanations on the contents and specialized terms therein.

An information subject has the right to require a credit reporting agency to include a note of dispute or a consumer statement in its credit report.

Article 29 Any credit reporting agency that provides credit assessment products and services, such as credit profiling, scoring, or rating, shall establish the assessment criteria, which may not contain any element that is irrelevant to the credit status of the information subjects.

Before officially providing credit assessment products or services to external parties, a credit reporting agency shall perform the necessary internal tests and assessment and verification procedures to ensure its evaluation rules can be explained and the information is traceable.

Credit reporting agencies that provide credit rating products and services for economic entities or debt financing instruments shall conduct such businesses in accordance with the Interim Measures for the Administration of Credit Rating Industry (Order No. 5 [2019] of the People’s Bank of China, the National Development and Reform Commission, the Ministry of Finance, and the China Securities Regulatory Commission) and other relevant provisions.

Article 30 A credit reporting agency that offers anti-credit fraud products and services shall establish the criteria for determining fraudulent credit information.

Article 31 A credit reporting agency that offers credit information query, credit evaluation, and anti-credit fraud products and services shall submit the following to the PBC or one of its branches at or above the level of central sub-branch of the capital city of a province or autonomous region:

(1) the template and contents of its credit report;

(2) the assessment methodology, models, and major analytical dimensions and elements of its credit assessment  products and services; and

(3) for anti-fraud products and services, the sources of data and determination criteria for fraudulent credit information.

Article 32 No credit reporting agency may:

(1) make promises on the results of credit assessment;

(2) advertise products and services using implicit languages in regard to the credit assessment results;

(3) market its products or services in the name of government agencies or trade associations without their consent;

(4) provide credit reporting products or services to information subjects or information users through coercion, deception, or inducement;

(5) engage in false advertising for its credit reporting products or services; or

(6) offer any other credit reporting products or services that would undermine the objectivity and impartiality of credit reporting services.

Chapter V Safety and Security of Credit Information

Article 33 Credit reporting agencies shall implement the cybersecurity multi-level protection scheme; establish security protocols for relevant business activities, equipment, and facilities; and take effective safeguards to ensure the safety and security of the credit reporting system.

Article 34 Each consumer credit reporting company and each commercial credit reporting company that preserves or processes the credit information of 1,000,000 or more enterprises shall meet the following requirements:

(1) the core business information system has attained Level 3 in the cybersecurity multi-level protection scheme or above;

(2) the positions of head of information security and head of personal information protection have been established and are assumed by the officers designated in the corporate articles of association; and

(3) a specialized department is set up which is responsible for information security and protection of personal information and for periodically reviewing the enforcement of rules and regulations on credit reporting services, system safety and security, and protection of personal information.

Article 35 A credit reporting agency shall ensure the safety and security of the operational facilities and equipment, security control facilities and equipment, and internet application programs of its credit reporting system; properly manage the system’s day-to-day operation and maintenance; and ensure the safety and security of the physical system, communication networks, zone boundaries, computing environment, and administration center, to protect the credit reporting system from unauthorized access and sabotage.

Article 36 A credit reporting agency shall properly manage the personnel-related safety and security issues in relation to recruitment, termination, evaluation, safety and security education, training, and visitor management.

Article 37 A credit reporting agency shall strictly limit the authority and scope of its staff members who can query and access credit information through internal systems.

A credit reporting agency shall retain the activity log of its staff members ’ query and access of credit information, which should clearly record the time, method, contents, and purpose of such queries and access.

Article 38 A credit reporting agency shall have in place an emergency response framework such that, at the occurrence or likely occurrence of a leak of credit information or a similar event, it can take immediate and necessary actions to mitigate the damage and promptly report the situation to the PBC and one of its branches at or above the level of central sub-branch of the capital city of a province or autonomous region.

Article 39 With respect to the credit reporting services and related activities provided or conducted within the mainland of the People’s Republic of China by a credit reporting agency, the enterprise and consumer credit information so collected shall be stored within the mainland of the People’s Republic of China.

Article 40 A credit reporting agency shall comply with applicable laws and regulations when providing consumer credit information to overseas parties.

Any credit reporting agency that offers enterprise-credit-information query products and services to overseas information users shall conduct the necessary checks on the identity of  the information users and their purposes of use, so as to ensure that such information is used for cross-border trades, investment and financing, or other reasonable purposes and will not harm national security.

Article 41 Any credit reporting agency that collaborates with an overseas credit reporting agency shall file the collaboration agreement with the PBC after executing it and before commencing the collaboration program.

Chapter VI Supervision

Article 42 A credit reporting agency shall disclose the following information to the public and accept public supervision:

(1) the types of credit information collected;

(2) the basic format and contents of the credit report;

(3) the dispute handling process; and

(4) other items whose disclosure is deemed necessary by the PBC.

Article 43 A consumer credit reporting company shall conduct annual audits of the compliance of its consumer credit reporting services with the Personal Information Protection Law of the People Republic of China and the Regulation on the Administration of Credit Investigation Industry, and submit the compliance audit reports to the PBC in a timely manner.

Article 44 The PBC and its branches at or above the level of central sub-branch of the capital city of a province or autonomous region shall supervise and inspect the following   aspects of a credit reporting agency:

(1) its internal controls for credit reporting services, including the completeness, compliance, and viability of various rules and procedures;

(2) the state of compliance of its credit reporting services, covering the compliance of its collection of credit information, provision and use of credit information, handling of disputes and complaints, user management, and other relevant matters;

(3) the safety and security of its credit reporting system, covering IT rules, security management, and system development; and

(4) other aspects related to its credit reporting activities.

Article 45 The PBC and its branches at or above the level of central sub-branch of the capital city of a province or autonomous region shall inspect and penalize any information provider or information user that violates the provisions of the Regulation on the Administration of Credit Investigation Industry by harming the legitimate rights and interests of information subjects.

Chapter VII  Legal Liabilities

Article 46 Any businesses that violate Article 4 of this Measures by engaging in consumer credit reporting services without approval will be penalized by the PBC in accordance with Article 36 of the Regulation on the Administration of Credit Investigation Industry. Any businesses that engage in enterprise credit reporting services without approval will be penalized by the relevant PBC branches at or above the level of central sub-branch of the capital city of a province or autonomous region in accordance with Article 37 of the Regulation on the Administration of Credit Investigation Industry.

Where a financial institution violates Article 5 of this Measures by entering a business relationship with a market entity for credit reporting services even though the market entity is not legally qualified to provide such services, the PBC shall order the financial institution to make corrections and impose a fine of not more than RMB30,000 on the financial institution  and a fine of not more than RMB1,000 on the person-in-charge with direct responsibilities.

Article 47 A credit reporting agency that violates Article 8, Article 16, Article 20, Article 27, or Article 32 of this Measures will be penalized by the PBC or the relevant branches at or above the level of central sub-branch of the capital city of a province or autonomous region in accordance with Article 38 of the Regulation on the Administration of Credit Investigation Industry.

Article 48 A credit reporting agency that violates Article 14, Article 21, Article 31, Article 34, Article 39, or Article 42 of this Measures will be ordered to make corrections by the PBC or the relevant PBC branches at or above the level of central sub-branch of the capital city of a province or autonomous region, have its illegal gains confiscated, and be imposed a fine of not more than RMB30,000 on the credit reporting agency itself and a fine of not more than RMB1,000 on the person-in-charge with direct responsibilities. Where laws and administrative regulations provide otherwise, those provisions shall prevail.

Chapter VIII Ancillary Provisions

Article 49 This Measures applies mutatis mutandis to the submission and query of credit information at the Financial Credit Information Basic Database by institutions connected to the database and engaged in credit reporting services or lending activities.

Article 50 This Measures applies to institutions that substantively provide credit reporting services to external parties in the name of “credit information service,” “credit service,” “credit scoring,” “credit rating,” or “credit repair.”

Article 51 Institutions that substantively engage in credit reporting services but have not obtained license for consumer credit reporting services or completed filing for commercial credit reporting companies before the effectiveness of this Measures, shall achieve compliance within 18 months from the effectiveness of this Measures.

Article 52 The PBC reserves the right to interpret this Measures.

Article 53 This Measures takes effect on January 1, 2022.

(Order of the State Council of the People’s Republic of China No. 631)

The Regulation on the Administration of Credit Investigation Industry, as adopted at the 228th executive meeting of the State Council on December 26, 2012, is hereby issued, and shall come into force on March 15, 2013.

Premier Wen Jiabao

January 21, 2013

Chapter I General Provisions

Article 1 This Regulation is made to regulate credit investigation activities, protect the legal rights and interests of the parties concerned, guide and promote the healthy development of credit investigation industry and enhance the building of the social credit system.

Article 2 This Regulation applies to credit investigation and the relevant activities carried out inside China. For the purpose of this Regulation, the term“credit investigation” refers to activities of collecting, arranging, saving and processing the credit information of enterprises, public institutions and other organizations (hereinafter referred to as “enterprises”) as well as individuals, and providing it to information users. The collection, arrangement, saving, processing and provision of information by the Basic Financial Credit Information Database formed by the state shall be governed by Chapter V of this Regulation. This Regulation is not applicable when state organs, or organizations authorized bylaws or regulations with the function of administering public affairs, collect, arrange, save, process and publish information of enterprises and individuals for the purpose of performing duties under laws, administrative regulations and the State Council provisions.

Article 3 Those engaged in credit investigation and the relevant activities shall abide bylaws and regulations and keep good faith, and may not endanger state secrets or infringe upon trade secrets or personal privacy.

Article 4 The People’s Bank of China (hereinafter referred to as “the supervisory and administrative department of credit investigation under the State Council”) and its local offices shall supervise and administer credit investigation industry by law. The local people’s governments at or above the county level and the relevant departments under the State Council shall enhance the building of social credit systems in the local regions and the relevant industries, develop the credit investigation market and promote the development of credit investigation industry.

Chapter II Credit Investigation Institutions

Article 5 For the purpose of this Regulation, the term “credit investigation institution” refers to legally formed institutions mainly engaged in credit investigation.

Article 6 To form a credit investigation institution engaged in individual credit investigation, it is required to satisfy the following conditions in addition to those set forth by the Company Law of the People’s Republic of China for the formation of companies, and obtain the approval of the supervisory and administrative department of credit investigation under the State Council:

1. Its principal shareholders have a good credit standing and have no record of gross violations of laws or regulations in the last three years;

2. Its registered capital is not less than 50 million yuan;

3. It is equipped with facilities, devices, systems and measures which satisfy the requirements of the supervisory and administrative department of credit investigation under the State Council to ensure information security;

4. Persons to be its directors, supervisors and senior managers satisfy the eligibility requirements as set forth by Article 8 of this Regulation; and

5. Other prudential conditions as set forth by the supervisory and administrative department of credit investigation under the State Council.

Article 7 To apply for forming a credit investigation institution engaged in individual credit investigation, the applicant shall submit an application form and materials proving its satisfaction of conditions specified in Article 6 of this Regulation to the supervisory and administrative department of credit investigation under the State Council. The supervisory and administrative department of credit investigation under the State Council shall examine the application by law, and make a decision of approval or disapproval within 60 days after accepting the application. In the case of approval, it shall issue an individual credit investigation   business operation permit; in the case of disapproval, it shall give reasons in writing. A credit investigation institution formed to operate individual credit investigation business upon approval shall handle registration formalities at the company registration organ on the basis of the individual credit investigation business operation permit. No entity or individual may engage in individual credit investigation without the approval of the supervisory and administrative department of credit investigation under the State Council.

Article 8 The directors, supervisors and senior managers of a credit investigation institution engaged in individual credit investigation shall be familiar with laws and regulations governing credit investigation, have experience and management ability required for performing duties in credit investigation industry, have no record of gross violations of laws or regulations in the last three years, and have the qualification ratified by the supervisory and administrative department of credit investigation under the State Council.

Article 9 For the formation of branch offices, merger or split, change of registered capital, or change of shareholders whose investment accounts for 5% or more of the total capital or shareholders holding shares accounting for 5% or more of the total shares, a credit investigation institution engaged in individual credit investigation shall obtain the approval of the supervisory and administrative department of credit investigation under the State Council. For the change of name, a credit investigation institution engaged in individual credit investigation shall file it with the supervisory and administrative department of credit investigation under the State Council.

Article 10 To form a credit investigation institution engaged in enterprise credit investigation, it is required to satisfy conditions set forth by the Company Law of the People’s Republic of China, and, on the basis of the following materials, handle filing formalities at the local office of the supervisory and administrative department of credit investigation under the State Council within 30 days after its registration is approved by the company registration organ:

1. its business license;

2. an explanation on its equity structure or organizational setup;

3. basic information about its scope of business, business rules and business systems; and

4. information security and risk prevention measures. For any change in matters to be filed, it is required to handle modification formalities at the original filing organ within 30 days as of the day of change.

Article 11 Credit investigation institutions shall report their credit investigation business operations of the last year according to the requirements of the supervisory and administrative department of credit investigation under the State Council. The supervisory and administrative department of credit investigation under the State Council shall announce the lists of credit investigation institutions engaged in individual credit investigation and those engaged in enterprise credit investigation to the general public, and update such lists betimes.

Article 12 When a credit investigation institution is dissolved or lawfully declared bankrupt, it is required to report to the supervisory and administrative department of credit investigation under the State Council, and dispose of its information database in the following way:

1. transferring the database to another credit investigation institution if it has reached an agreement thereon with the said credit investigation institution and obtained the approval of the supervisory and administrative department of credit investigation under the State Council;

2. transferring the database to a credit investigation institution designated by the supervisory and administrative department of credit investigation under the State Council when it fails to transfer the database in the way described in the preceding paragraph; or

3. destroying the database under the supervision of the supervisory and administrative department of credit investigation under the State Council when it fails to  transfer the database in the way described in either of the preceding paragraphs. When a credit investigation institution engaged in individual credit investigation is dissolved or lawfully declared bankrupt, it shall make an announcement at a medium designated by the supervisory and administrative department of credit investigation under the State Council, and surrender its individual credit investigation business operation permit to the supervisory and administrative department of credit investigation under the State Council for cancellation.

Chapter III Credit Investigation Rules

Article 13 To collect personal information, it is required to obtain the consent of the subject of the information. Otherwise, it may not be collected, unless for information which should be disclosed under laws or administrative regulations. Information about the performance of duties by directors, supervisors or senior managers of enterprises is not categorized as individual information.

Article 14 Credit investigation institutions are prohibited to collect information about the religious belief, gene, fingerprints, bloodtype, disease or medical history of individuals, as well as other individual information the collection of which is prohibited bylaws or administrative regulations. Credit investigation institutions may not collect information about the income, deposit, negotiable securities, commercial insurance, real property or taxes of individuals, unless they have expressly informed the individuals concerned of the possible adverse consequences that may be brought along with the provision of such information and have obtained their written consent.

Article 15 Before providing bad information about an individual to a credit investigation institution, the provider shall inform the said individual, unless for bad information that should be disclosed under laws or administrative regulations.

Article 16 Credit investigation institutions shall keep the bad information of individuals for five years from the daywhen the bad behavior or event stops. Upon   the expiration of five years, such information shall be deleted. During the period of retention of bad information, the subject of the bad information may make an explanation on the bad information, and the credit investigation institutionshall put it on record.

Article 17 Information subjects may inquire of credit investigation institutions about their information. Individual subjects have the right to have access to their own credit reports twice every year without paying fees.

Article 18 To inquire of credit investigation institutions about personal information, it is required to obtain the written consent of the information subject and reach an agreement with the subject on the use of such information, except for information which can be inquired about without consent as prescribed bylaws. Credit   investigation institutions may not provide personal information in violation of the preceding paragraph.

Article 19 A credit investigation institution, information provider or information user shall, when using a format contract to obtain the consent of the individual information subject, give prompts conspicuous enough to catch the attention of the individual and make explicit explanations as required by the individual.

Article 20 Information users shall use the personal information according to the stipulations in the agreement with the individual information subjects, and may not use it for other purposes or provide it to third parties without the consent of individual information subjects.

Article 21 Credit investigation institutions may collect enterprise information from sources such as information provided by information subjects, counterparties of enterprises and industry associations, information lawfully disclosed by the relevant governmental departments and judgments or decisions announced by people’s courts. Credit investigation institutions may not collect enterprise information the collection of which is prohibited bylaws or administrative regulations.

Article 22 Credit investigation institutions shall, according to the provisions of the supervisory and administrative department of credit investigation under the State Council, establish, improve and strictly implement information security rules, and take effective technical measures to guarantee information security. Credit investigation institutions engaged in individual credit investigation shall explicitly specify their staff members’ privileges and procedures to inquire about personal information, and register the inquiries made by their staff members about personal information by truthfully recording the name of staff members making inquiries, the time of inquiry, and the content and use of information. Staff members may not inquire about information in violation of the prescribed privileges or procedures or divulge information which they have access to in work.

Article 23 Credit investigation institutions shall take reasonable measures to ensure the accuracy of information provided by them. Information provided by credit investigation institutions may be used by information users as reference.

Article 24 For information collected inside China, credit investigation institutions shall arrange, save and process it inside China. To provide information to overseas organizations or individuals, credit investigation institutions shall abide bylaws, administrative regulations and the relevant provisions of the supervisory and administrative department of credit investigation under the State Council.

Chapter IV Demurs and Complaints

Article 25 An information subject holding that there is any error or omission in the information collected, saved or provided by a credit investigation institution has the right to raise a demur to the credit investigation institution or information provider, requesting for a correction. After receiving such a demur, the credit  investigation institution or information provider shall label the information concerned as demurred at according to the provisions of the supervisory and administrative department of credit investigation under the State Council, check and handle it within 20 days as of the day when the demur is received, and give a written reply to the demurrer. If it is found out upon check that there is an error or omission, the information provider or credit investigation institution shall correct it; if it has been confirmed that there is no error or omission, the label shall be removed; if it is unable to decide whether there is an error or omission upon check, the checking process and the demur shall be put on record.

Article 26 Information subjects holding that any credit investigation institutions, information providers or information users have infringed upon their legal rights    and interests may lodge complaints to the local offices of the supervisory and administrative department of credit investigation under the State Council. The local offices of the supervisory and administrative department of credit investigation under the State Council shall check and handle in a timely manner, and give written replies to complainants within 30 days as of the date of acceptance. Information subjects holding that any credit investigation institutions, information providers or information users have infringed upon their legal rights and interests may directly bring charges to people’s courts.

Chapter V Basic Financial Credit Information Database

Article 27 The state shall establish a Basic Financial Credit Information Database to provide information services for preventing financial risks and enhancing the development of the financial sector. The Basic Financial Credit Information Database shall be built, run and maintained by a specialized non-for-profit institution subject to the supervision and administration of the supervisory and administrative department of credit investigation under the State Council.

Article 28 The Basic Financial Credit Information Database receives credit information provided by institutions engaged in credit business according to the relevant provisions. The Basic Financial Credit Information Database provides inquiry services for information subjects and information users that have obtained the written consents of information subjects. State organs may inquire about information at the Basic Financial Credit Information Database by law.

Article 29 Institutions engaged in credit business shall provide credit information to the Basic Financial Credit Information Database according to the relevant provisions. Before providing credit information to the Basic Financial Credit Information Database or other subjects, institutions engaged in credit business shall obtain the written consent of information subjects and be governed by this Regulation as information providers.

Article 30 The specific measures for financial institutions not engaged in credit business to provide credit information to or inquire about credit information from the Basic Financial Credit Information Database and for the database to accept credit information provided by such financial institutions shall be made by the     supervisory and administrative department of credit investigation under the State Council together with the relevant financial supervisory and administrative department under the State Council.

Article 31 The institution operating the Basic Financial Credit Information Database may collect inquiry service charges on the cost compensation principle. The charging rates shall be determined by the price administrative department under the State Council.

Article 32 Articles 14, 16, 17, 18, 22, 23, 24, 25 and 26 of this Regulation apply to the institution operating the Basic Financial Credit Information Database.

Chapter VI Supervision and Administration

Article 33 The supervisory and administrative department of credit investigation under the State Council and the local offices thereof shall, according to laws,    administrative regulations and the State Council provisions, perform supervisory and administrative duties on the credit investigation industry and the institution operating the Basic Financial Credit Information Database, and may take the following supervision and inspection measures:

1. entering credit investigation institutions and the institution operating the Basic Financial Credit Information Database to make on-site inspections, and checking whether institutions providing information to or acquiring information from the Basic Financial Credit Information Database have observed this Regulation;

2. interviewing the parties concerned or entities and individuals relating to the event under investigation and asking them to make explanations on matters relating to the event under investigation;

3. consulting and copying documents or materials relating to the event under investigation, and sealing up materials likely to be transferred, destroyed, concealed or altered; and

4. checking the relevant information systems. The number of on-site inspectors or investigators shall not be less than two, and they shall produce their lawful credentials and the inspection or investigation notice. Entities and individuals under inspection or investigation shall be cooperative and truthfully provide the  relevant documents or materials, and may not withhold information or refuse or obstruct the inspection or investigation.

Article 34 Where a major information divulgence occurs to a credit investigation institution engaged in individual credit investigation, the Basic Financial Credit     Information Database or an institution providing information to or acquiring information from the Basic Financial Credit Information Database, the supervisory and administrative department of credit investigation under the State Council may temporarily take over the relevant information system or take other necessary measures to prevent the increase of damage.

Article 35 The staff members of the supervisory and administrative department of credit investigation under the State Council and the local offices thereof shall keep confidential state secrets and information subjects’information which they have access to in the course of performing duties.

Chapter VII Legal Liability

Article 36 Where any entity or individual forms a credit investigation institution engaged in individual credit investigation or engages in individual credit investigation without the approval of the supervisory and administrative department of credit investigation under the State Council, the supervisory and administrative department of credit investigation under the State Council shall close it down and impose a fine of not more than 500,000 yuan but not less than 50,000 yuan. If any crime is constituted, the liable party shall assume criminal liability.

Article 37 Where any credit investigation institution engaged in individual credit investigation violates Article 9 of this Regulation, the supervisory and administrative department of credit investigation under the State Council shall order it to correct within a certain time limit, impose a fine of not more than 200,000 yuan but not less than 20,000 yuan upon the institution and, for the directly responsible person in charge and other directly liable persons, give a warning and impose a fine of not more than 10,000 yuan. Where any credit investigation institution engaged in enterprise credit investigation fails to handle filing formalities under Article 10 of this Regulation, the local office of the supervisory and administrative department of credit investigation under the State Council shall order it to correct within a certain time limit and, if it fails to correct within the prescribed time, punish it according to the preceding paragraph.

Article 38 Where any credit investigation institution or the institution operating the Basic Financial Credit Information Database, in violation of this Regulation, has any of the following conduct, the supervisory and administrative department of credit investigation under the State Council or the local office thereof shall order it to correct within a certain time limit, impose a fine of not more than 500,000 yuan but not less than 50,000 yuan upon the institution and a fine of not more than 100,000 yuan but not less than 10,000 yuan upon the directly responsible person in charge and other directly liable persons, and confiscate the illegal gains if any. If any losses are caused to information subjects, the liable party shall assume civil liability; if any crime is constituted, the liable party shall assume criminal liability:

1. stealing information or otherwise illegally acquiring information;

2. collecting individual information whose collection is prohibited or without the consent of information subjects;

3. illegally providing or selling information;

4. divulging information due to negligence;

5. failing to delete bad information of individuals upon the expiration of the prescribed retention period;

6. failing to check and handle information at which demurs have been raised as required;

7. refusing or impeding the inspection or investigation activities of the supervisory and administrative department of credit investigation under the State Council or the local office thereof, or failing to truthfully provide the relevant documents or materials; or

8. any other conduct that violates the credit investigation rules or infringes upon the legal rights and interests of information subjects. Where any credit investigation institution engaged in individual credit investigation has any of the above-mentioned conduct, and if the circumstances or consequences are serious, the supervisory and administrative department of credit investigation under the State Council shall revoke its individual credit investigation business operation permit.

Article 39 Where any credit investigation institution, in violation of this Regulation, fails to report its credit investigation business operations of the last year as required, the supervisory and administrative department of credit investigation under the State Council or the local office thereof shall order it to correct within a certain time limit; if the institution fails to correct within the prescribed time, it shall impose a fine of not more than 100,000 yuan but not less than 20,000 yuan upon the institution and, for the directly responsible person in charge and other directly liable persons, give a warning and impose a fine of not more than 10,000 yuan.

Article 40 Where any institution providing information to or acquiring information from the Basic Financial Credit Information Database, in violation of this Regulation, has any of the following conduct, the supervisory and administrative department of credit investigation under the State Council or the local office thereof shall order it to correct within a certain time limit, impose a fine of not more than 500,000 yuan but not less than 50,000 yuan upon the institution and a fine of not more than 100,000 yuan but not less than 10,000 yuan upon the directly responsible person in charge and other directly liable persons, and confiscate the illegal gains if any. If any losses are caused to information subjects, the liable party shall assume civil liability; if any crime is constituted, the liable party shall  assume criminal liability:

1. illegally providing or selling information;

2. divulging information due to negligence;

3. inquiring about personal information or the credit information of enterprises without consent;

4. failing to handle demurs as required or correct information with errors or omissions; or

5. refusing or impeding the inspection or investigation activities of the supervisory and administrative department of credit investigation under the State Council or the local office thereof, or failing to truthfully provide the relevant documents or materials;

Article 41 Where any information provider, in violation of this Regulation, provides any credit investigation institution or the Basic Financial Credit Information Database with any individual’s bad information which is not information that should be disclosed according to law without notifying the individual beforehand, and if the circumstances or consequences are serious, the supervisory and administrative department of credit investigation under the State Council or the local office thereof shall impose a fine of not more than 200,000 yuan but not less than 20,000 yuan if the provider is an entity or a fine of not more than 50,000 yuan but not less than 10,000 yuan if the provider is an individual.

Article 42 Where any information user, in violation of this Regulation, uses personal information for purposes not agreed upon with the information subject or provides individual information to any third party without the consent of the information subject, and if the circumstances or consequences are serious, the supervisory and administrative department of credit investigation under the State Council or the local office thereof shall impose a fine of not more than 200,000 yuan but not less than 20,000 yuan if the user is an entity or a fine of not more than 50,000 yuan but not less than 10,000 yuan if the user is an individual; and confiscate the illegal gains if any. If any losses are caused to information subjects, the user shall assume civil liability; if any crime is constituted, the user shall assume criminal liability.

Article 43 Where any staff member of the supervisory and administrative department of credit investigation under the State Council or its local offices abuses powers, neglects duties, engages in malpractice for personal gains, fails to perform supervisory and administrative duties, or divulges state secrets or information of information subjects, sanctions shall be imposed by law. If any losses are caused to information subjects, he/she shall assume civil liability; if any crime is constituted, he/she shall assume criminal liability.

Chapter VIII Supplementary Provisions

Article 44 The meaning of terms mentioned in this Regulation is as follows:

1. Information providers refer to entities and individuals providing information to credit investigation institutions and entities providing information to the Basic Financial Credit Information Database.

2. Information users refer to entities and individuals acquiring information from credit investigation institutions and the Basic Financial Credit Information Database.

3. Bad information refers to information which exerts adverse impact on the credit standing of information subjects, such as: information about information subjects’failure to perform contracts in loaning, credit purchasing, guarantee, lease, insurance and credit card use activities; information about administrative punishments on information subjects; information about the judgments or rulings of people’s courts deciding that information subjects shall perform obligations or be subject to enforcement measures; and other bad information as specified by the supervisory and administrative department of credit investigation under the State Council.

Article 45 The conditions for the formation of foreign-funded credit investigation institutions shall be made by the supervisory and administrative department of credit investigation under the State Council together with other relevant departments under the State Council, and be subject to the approval of the State Council. Overseas credit investigation institutions shall obtain the approval of the supervisory and administrative department of credit investigation under the State Council before engaging in credit investigation inside China.

Article 46 Institutions which have already been engaged in individual credit investigation before the implementation of this Regulation shall apply for individual credit investigation business operation permits according to this Regulation within six months as of the date of implementation of this Regulation. Institutions which have already been engaged in enterprise credit investigation before the implementation of this Regulation shall handle filing formalities according to this Regulation within three months as of the date of implementation of this Regulation.

Article 47 This Regulation shall come into force on March 15, 2013.

Xinhai Liu; Ruowen Xu

Abstract：

At the beginning of 2015, Sesame score was born out of the finance department of the Alibaba Group, now named Ant Finance. Sesame score was introduced to Chinese consumers as the first public credit score in China and was soon brought into widespread use. Sesame score examines consumers’ creditworthiness based on one’s personal characteristics, credit history, contract performance, and social network and behavioural preferences, by incorporating proprietary big data that goes beyond mere financial aspects.

During recent years, the construction of a social credit score in China has caught the attention of the media across the globe. However, it is rather confusing to distinguish between the three main types of consumer scores: Sesame score, Social credit score, and FICO-like credit score. In this paper, we will explore the differences between these three types of consumer scores.

Delving into the mechanism of Sesame score, this research will explore in detail how it operates and analyses how it differs from a traditional credit score. In addition, we will investigate the applications and performance of Sesame score, as the score is widely used by digital vendors to provide and tailor daily services to consumers, enabling ‘use first and pay later’ or ‘borrow items without deposit’ features. Sesame score has accelerated the boom of the sharing economy in China.

Moreover, Sesame score has been recognized as a tool for risk controlling i.e. the safeguarding of Internet finance, given that the national credit bureau (Credit Reference Center) is not open to non-regulated Internet finance platforms whose credit applicants usually lack of credit history. Meanwhile, various Internet finance platforms and digital vendors have found Sesame score useful. It is worthwhile to look at how Sesame score meets the Chinese risk appetite and how the market has come to recognize the reliability of such a score. This paper also evaluates Sesame score approach to risk controls.

The wide application of Sesame score in non-loan fields has caused controversy, related to issues of consumer privacy and use in marketing. This year, due to the regulation from the People’s Bank of China, Ant Finance announced that it had stopped its business activities regarding the application of Sesame score in the finance field; now one must ask: what is the next step for Sesame credit score? This paper discusses the future of Sesame score with special consideration being given to the concepts ‘all data is credit data’ and ‘all service is becoming credit service’.

Key words: Sesame score, Credit score, Social credit score, Internet finance

Note: The report was original published in Credit Scoring and Credit Control Conference XVI,2019-08-29, Edinburg,U,K

For the full version of this report, please send the E-mail to public@pccm.org.cn

Xinhai Liu

Abstract

Consumer credit reporting^[1]is an important infrastructure for consumer finance and digital economy. As a product of the market economy, it is self-evident how important the credit reporting system is for the healthy growth of an economy and the stable operation of a financial market.

China’s consumer credit reporting did not start until the beginning of the century which was relatively late. However, as China emerges to be the world’s second largest economy, its domestic consumer finance became increasingly popular, and its credit market expanded. Consequently its consumer credit reporting agencies gradually attracted increasing attention. The central bank’s consumer credit reporting is efficient and highly capable of collecting data, however it mainly focuses on providing basic services. To provide services to the internet finance^[2]sector, private credit reporting agencies, such as the Sesame Credit, ran their own trials to ‘test the water’. Such trials caused a lot of controversy whilst agitating the market. In addition, Baihang Credit, established at the beginning of 2018 by eight private credit reporting agencies as well as The National Internet Finance Association of China (NIFA), under the supervision and guidance of the Chinese central bank, being the People’s Bank of China (PBoC), have received attentions from all circles of society. 

The development of China’s credit reporting is different from that of developed European countries and the US, as in China it grew with the rise of the digital economy, consequently the involvement of many big data companies and internet companies drove the development with data and technology. The development of Chinese consumer credit reporting is also closely associated with the construction of a social credit system with Chinese characteristics. Meanwhile, China’s consumer credit reporting faces challenges, as the regulations on protecting personal information tightens globally, the development of a credit reporting market is influenced. This paper believes that the future development of China’s consumer credit reporting depends on the strength of market forces, after carefully examine the current complex and changing status of the Chinese consumer credit reporting, based on the circumstances.

Key words：Consumer Credit Reporting，Credit Score,  PBoC,  Sesame Credit, Baihang Credit 

Note： The original Chinese report  was  published in China Reform, 2019 (5), pp. 60-66.（http://cnreform.caixin.com/2019-09-10/101460687.html）

For the full report, please send the E-mail to public@pccm.org.cn.

Author Bio：

Dr. Xinhai Liu is the  Deputy Director-General at the Professional Committee of Credit Management (PCCM), China Mergers & Acquisitions Association (CMAA). He is also a part-time researcher at the Center of Finance Intelligence Research, Peking University. 

Dr. Xinhai Liu is heavily involved in the R&D of Fintech, his focus covers policy, industry front and application algorithm. His book Credit Information Service and Big Data was published by the CITIC Press, a renowned publishing house in China. Dr. Liu is currently working on financial network analysis, alternative data based credit scoring, the application of AI and big data in finance. Meanwhile Dr. Liu owns several patents with his team on Fintech and AI.

Dr. Xinhai Liu obtained his PhD from the Katholieke Universiteit Leuven (K.U. Leuven) in 2011. After working in Belgium, Dr. Xinhai Liu worked in the Credit Reference Center at the People’s Bank of China as an associate researcher on credit risk management, where he conducted financial researches. He was a visiting scholar to the London School of Economics and Political Science (LSE).

Dr. Xinhai Liu has published academic papers in the world-level journals such as IEEE TKDE and IEEE PAMI and hosted several national research fundings on finance data analysis. 

---

^[1]The international term for personal credit system is consumer credit system, however in China it is called personal credit system, therefore in the Chinese text personal credit system is used.  

[2]Internet finance is a new type of financial business model with which traditional financial institutions and internet companies conduct financing, payment, investment, and information intermediary services usingthe internet and information & communication technology.The term is quite popular in China in recent years, a typical product is P2P online lending. However, it has been replaced by a new word FinTech. (Xie, P., Zou, C. and Liu, H.(2020) Internet Finance in China: Introduction and Practical Approaches, Routledge)