A Panoramic View of China's Payment Regulation: Compliance Boundaries and Business Opportunities

Author: Zhang Feng

As a core component of modern financial infrastructure, the payment system is not only the lifeblood and link of economic transactions, but also directly related to financial stability, social order, and people's well-being. China's payment regulatory system adheres to the core concept of "giving equal importance to development and regulation," and has gradually established a comprehensive, multi-layered, and multi-dimensional regulatory framework led by the People's Bank of China (hereinafter referred to as "PBOC"), with multi-departmental collaboration, covering five major areas: comprehensive supervision, account management, non-cash payment instruments, payment systems, and payment institutions.

I. Comprehensive Regulation: Top-Level Design Leads the Standardized Development of the Payment Industry

(II) Full-Process Business Licensing Management: Strictly Controlling Market Entry Points

A strict business licensing system is the core means of comprehensive supervision. For non-bank payment institutions, establishment must be approved by the People's Bank of China, obtaining a "Payment Business License," and meeting prudent conditions such as registered capital of not less than RMB 100 million (and paid-in monetary capital), and major shareholders and actual controllers possessing good credit and financial strength. Commercial banks engaging in payment business must comply with the business scope stipulated in the "Commercial Bank Law," and if special businesses such as cross-border payments are involved, they also need to obtain special licenses from departments such as the State Administration of Foreign Exchange. Furthermore, significant changes to payment institutions, such as additions or reductions in business types, changes in major shareholders, and cross-provincial operations, must be reported and approved in advance to ensure the continuity, transparency, and effectiveness of supervision. Through full-process control over entry, changes, and exit, regulatory authorities can dynamically optimize the market structure and prevent "problematic entry" and the spread of risks. (III) Diversified Business Models and Systemic Risk Prevention and Control Currently, my country's payment market has formed a pattern of diversified business models, including traditional bank payments, online payments by non-bank payment institutions, mobile payments, and cross-border payments. The regulatory focus has shifted accordingly from institutional supervision to functional and behavioral supervision, placing greater emphasis on preventing systemic and industry-wide risks. The People's Bank of China (PBOC) has established a risk monitoring and early warning system for the payment market and has continuously carried out special governance actions. For example, in response to illegal and criminal activities such as telecommunications and online fraud, regulators, in collaboration with public security departments, have conducted in-depth governance of the "money chain." Data shows that in 2023, the PBOC assisted public security organs in urgently intercepting as much as 328.8 billion yuan in fraudulent funds, building an integrated anti-fraud defense line of "early warning, interception, tracing, and crackdown." Meanwhile, by facilitating the smooth exit of 71 payment institutions that violated regulations or were poorly managed, the industry ecosystem was effectively purified, preventing localized risks from evolving into systemic risks. II. Account Management and Supervision: Building the First Line of Defense for Fund Security Accounts are the starting point and destination of fund transfers, and account management is the cornerstone of payment security. my country's account supervision closely revolves around the lifeline of "real-name registration," implementing full lifecycle management of account opening, use, modification, and cancellation, striving to curb the use of accounts for money laundering, fraud, illegal fundraising, and other illegal and criminal activities. (I) Legal Framework: Establishing Rigid Constraints for Account Management The "Administrative Measures for RMB Bank Settlement Accounts," the "Regulations on Real-Name System for Personal Deposit Accounts," and the "Regulations on Supervision and Management of Non-Bank Payment Institutions" constitute the core legal framework for account management. These regulations clearly require banks and payment institutions to fulfill their customer due diligence (KYC) obligations to ensure that the real-name system for accounts is effectively implemented. For example, enterprises are generally only allowed to open one basic deposit account, curbing the phenomenon of multiple and unauthorized account openings from the source; personal payment accounts are classified and managed according to the strength of identity verification (Class I, II, and III accounts), and corresponding balance payment limits are set to balance convenience and security. (II) Business Process: Strengthening Review and Supervision at Each Stage During the account opening process, institutions must use online verification systems and other means to verify the identity of individuals. For corporate clients, they must review documents such as business licenses. For any abnormal situations, enhanced measures such as face-to-face verification and on-site investigations will be implemented. In the usage phase, regulators require stricter review of large-amount transfers between public and private entities (such as single transfers exceeding 50,000 yuan from an organization to an individual); payment institutions must use secure authentication tools and are strictly prohibited from illegally storing sensitive user information. In the account closure phase, institutions are required to promptly close accounts after confirming there are no outstanding transactions and to implement restrictive measures on long-term inactive accounts. (III) Risk Prevention and Control: Focusing on Key Areas and Abnormal Behaviors Account Supervision Coverage Three main categories: corporate bank accounts, personal bank accounts, and payment accounts. The focus of prevention and control differs for each: corporate accounts emphasize preventing fraudulent account openings and misappropriation of funds; personal accounts are subject to strict crackdowns on renting, lending, selling, and impersonating others to open accounts; payment accounts strengthen the management of customer reserve funds, ensuring funds are safely deposited in designated accounts and are not misappropriated. In practice, regulatory authorities establish account risk monitoring models to intelligently identify and issue warnings for abnormal patterns such as "one person, multiple accounts," "rapid in-and-out" accounts, and frequent nighttime transactions. The 24-hour arrival and reversible system for personal ATM transfers also provides the public with a valuable "cooling-off period" and remedial window to prevent telecom fraud. III. Regulation of Non-Cash Payment Tools: Upholding Security Amidst Innovation The widespread use of non-cash payment tools such as bank cards, QR codes, and mobile payment applications has greatly improved transaction efficiency and user experience. The goal of regulation is to guide tool innovation along a compliant, secure, and people-benefiting path, balancing innovative vitality with risk control. (I) Dual-Wheel Drive of Laws and Standards The "Administrative Measures for Bank Card Business," the "Guidelines for Electronic Payment," and the "Regulations on the Supervision and Management of Non-Bank Payment Institutions," among others, regulate business operations from the perspective of rules. Simultaneously, supporting technical standards, such as the "Security Specifications for QR Code Payment," financial IC card standards, and barcode payment interoperability solutions, provide technical benchmarks for the security and interoperability of payment tools. For example, regulations explicitly require that electronic payment instructions must be verifiable and tamper-proof, and transaction records must be retained for at least five years; payment institutions providing services to domestic users must complete related transaction processing and data storage within China to ensure data sovereignty and security. (II) Inclusive and Prudent Regulation of Innovation and Development For emerging tools such as QR code payments and facial recognition payments, the regulatory approach is "inclusive and prudent": on the one hand, it sets bottom lines, such as requiring the use of security authentication technologies that comply with national cryptographic standards; on the other hand, it encourages exploration and innovation within a compliant framework. The use of cross-border payment instruments strictly adheres to foreign exchange management regulations to prevent the illegal cross-border flow of funds. The application of regulatory technology (RegTech) is also becoming increasingly sophisticated, enabling more accurate identification of risky behaviors such as fraud and cash-out schemes through real-time monitoring of transaction data. (III) Addressing New Risks and Challenges The main risks of non-cash payments are concentrated in technical security, information leakage, and transaction fraud. Regulatory responses include: mandating payment institutions to upgrade their system protection levels and conduct regular penetration and stress tests; strictly enforcing personal information protection requirements and clarifying the minimum necessary principles for information collection and use; establishing and improving a suspicious transaction monitoring and reporting system, and forming a joint force with public security and judicial departments to combat illegal activities. In recent years, regulatory crackdowns on new money laundering channels such as "money laundering platforms" and "virtual currency transactions" have also been continuously intensified. IV. Payment System Supervision: Ensuring the Efficient and Smooth Flow of the National Funds Clearing Artery The payment system is the central hub for funds clearing and settlement, including the Large Value Payment System (HVPS), Small Value Batch Payment System (BEPS), and Interbank Online Payment System (IBPS) operated by the People's Bank of China. The core objective of regulation is to ensure the stable, secure, fair, and efficient operation of these systems, including the payment and clearing organization systems such as UnionPay, NetsUnion, and City Bank Clearing. (I) A Clear Regulatory Framework and Responsibilities The "Law of the People's Bank of China" empowers the People's Bank of China with the supervisory and management responsibilities for the construction and operation of payment systems. The "Administrative Measures for Payment and Clearing Organizations" and the "Regulations on the Supervision and Management of Non-Bank Payment Institutions" further refine the management requirements for system entry, operation, and exit. The regulators emphasized that the system must comply with national cybersecurity standards, critical infrastructure should be located within the country, and business continuity requirements must be met. (II) A Milestone in "Disconnecting Direct Connections" and Centralized Custody The "disconnecting direct connections" reform implemented in 2018 was a crucial battle in the regulation of the payment system. The People's Bank of China required all non-bank payment institutions to process their online payment transactions through the NetsUnion or UnionPay platforms, severing the direct connection between payment institutions and banks. This move achieved two major goals: first, it enabled the centralized and unified flow of transaction information, eliminating information "black boxes" and regulatory vacuums; second, it promoted the centralized deposit of 100% of customer reserve funds with the People's Bank of China, fundamentally eliminating the risk of misappropriation of reserve funds and ensuring the safety of user funds. (III) Comprehensive Operation and Risk Emergency Response System The main risks faced by the payment system include technical failures, operational errors, and liquidity risks. Regulators require operating institutions to establish highly available disaster recovery systems and conduct regular emergency drills and stress tests. Simultaneously, by setting clearing margins and establishing liquidity mutual assistance mechanisms, they prevent chain risks caused by insufficient funds among participants. The People's Bank of China, as the "payer of last resort," provides liquidity support in extreme circumstances to maintain the stability of the entire system. V. Supervision of Payment Institutions: Covering the Entire Lifecycle of Market Entities Payment institutions mainly include banking financial institutions engaged in payment business and non-bank payment institutions. Among them, the numerous and innovative non-bank payment institutions are the focus of supervision. The regulator is committed to building a full lifecycle management system covering "entry-continued operation-market exit", guiding institutions to return to the core of payment and focus on micro, small and medium-sized enterprises and convenient services. (I) An Increasingly Comprehensive Regulatory Rule Base for Institutions Guided by the "Regulations on the Supervision and Management of Non-bank Payment Institutions", and supplemented by the "Measures for the Custody of Customer Reserve Funds" and the "Measures for the Management of Anti-Money Laundering and Counter-Terrorist Financing of Payment Institutions", a comprehensive regulation of non-bank payment institutions has been formed, covering capital, corporate governance, business compliance, user rights protection, and anti-money laundering obligations. The regulation of bank payment business is subject to both special regulations for the payment field and traditional banking regulatory laws such as the Commercial Bank Law. (II) Strengthening Ongoing Operation and Conduct Supervision Licensed institutions must operate within the business type and geographical scope specified in their licenses, and the transfer or leasing of licenses is strictly prohibited. Regulation emphasizes "Know Your Customer" (KYC) and "Know Your Business" (KYB), requiring institutions to establish internal control mechanisms commensurate with their risk profile. In recent years, regulatory enforcement has significantly increased, maintaining a high-pressure deterrent against "second-tier clearing" (unlicensed operation of payment business), providing channels for illegal transactions, and illegally collecting user data, resulting in a significant increase in the frequency and amount of penalties. (III) Promoting the Industry's Return to its Core Business and Ecosystem Optimization Regulatory policies clearly guide payment institutions to focus on their core businesses and reduce their reliance on non-payment services such as interest income. Through measures such as classification rating and differentiated supervision, high-quality institutions are encouraged to innovate and develop, while problematic institutions are forced to rectify or exit the market. Industry self-regulatory organizations such as the China Payment and Clearing Association also play an important role in regulating market order, formulating industry standards, and mediating disputes. After years of governance, the concentration of the payment market has become more reasonable, and the industry has shifted from high-speed expansion to high-quality development. VI. Summary and Outlook: Towards a New Era of Smarter and More Open Payment Regulation After years of development, China's payment regulation has formed a comprehensive, multi-dimensional framework encompassing five key aspects: integrated planning, account-based approach, standardized tools, robust systems, and compliant institutions. Supported by strong laws and regulations and increasingly advanced regulatory technology, my country's payment industry has achieved a virtuous cycle of scale growth, controllable risks, and active innovation, with its payment services ranking among the world's most inclusive and secure. Looking ahead, the deepening of the digital economy, the iteration of fintech, and the internationalization of the RMB will all bring new challenges to payment regulation: The continuous evolution of laws and regulations. The need for forward-looking research and the formulation of regulatory rules for emerging fields such as central bank digital currency (DC/EP), cross-border payments, open banking, and embedded finance to fill regulatory gaps. The deep empowerment of regulatory technology. Utilizing technologies such as big data, artificial intelligence, and blockchain, a real-time, accurate, and intelligent risk monitoring and early warning network can be built to achieve a shift from "post-event investigation" to "pre-event prevention and in-event control." Strengthening international regulatory collaboration is crucial. With the increasing number of Chinese payment companies "going global" and foreign payment institutions "coming in," it is necessary to actively participate in the formulation of international payment regulatory rules, deepen cross-border regulatory cooperation, and jointly address global risks. A dynamic balance between development and regulation is essential. While always adhering to the bottom line of preventing systemic risks, China will, under controllable conditions, leave sufficient room for trial and error for payment innovations that truly benefit the real economy and improve people's lives. In short, China's payment regulatory system will maintain strategic focus, continuously innovate, and strive to create a safer, more efficient, fairer, and more open payment ecosystem, contributing solid payment power to building a new development pattern and promoting high-quality economic development.