In China we say “顾客就是上帝” (gù kè jiù shì shàng dì) or “the customer is the god”. Now the financial industry authorities want to remind firms that the customer is always right and should be protected accordingly.
Establishment of a full consumer protection regulatory regime will require banking and insurance institutions to invest greater effort in provision of financial products/services in a compliant manner. The relevant businesses will need to plan ahead to cope with the upgraded regulatory requirements.
Proposed rules for consumer rights protection in financial services and insurance
Our industry contacts have revealed that the China Banking and Insurance Regulatory Commission (CBIRC) recently circulated for industry feedback a consultation on new “Measures on Consumer Rights Protection for Banking and Insurance Institutions” among selected institutions .
Compared to the “Implementing Measures on Financial Consumer Protection” circulated by the People’s Bank of China (PBOC) in late 2020 - which only regulate PBOC-governed business lines (such as credit, payments, RMB/foreign exchange etc.) of banks and payment institutions - the new draft rules aim to catch all services offered by banking and insurance institutions. That said, the new measures do share some similarities with the PBOC measures, possibly to promote uniform governance across the finance industry.
The draft rules set out detailed do’s and don’ts for banking and insurance institutions offering financial products and services to individual customers. It is also applicable to insurance companies targeting corporate customers and other regulated entities operating the same businesses as banking and insurance firms.
Here are some of the highlights:
1. Keeping an eye on third-party partners
In response to recent cases of consumer rights being infringed due to financial institutions loosing control of their third-party business partners, the draft rules require banking and insurance institutions to: properly manage engagement and ongoing supervision of cooperating entities; disclose participation of third-parties to customers; and regulate these entities’ access to consumer information. (See more discussion on consumer information protection in paragraph 4 below).
2. Reasonable and transparent charging of service fees
The draft rules also require banking and insurance institutions to collect service fees in a transparent, fair and reasonable manner. Specifically:
- To amend standard service terms, charge fees for new items or raise fees through specific arrangements or endorsements, firms must seek consumer’s consent and enter into a written agreement. We understand this requirement to document client’s consent on specific arrangements seeks to prevent institutions from raising fees or otherwise inserting unfair clauses arbitrarily and to avoid future disputes.
- The fee charged for a financial product or service cannot be higher than two times the interest rate of the product or service.
3. Red lines for specific services and activities
The draft rules set some operative thresholds and red lines on specific services and activities, including:
- Asset management: for services that do not involve customised products, the investment made by a single investor cannot exceed 10% of the “total size” of the product. However, further clarifications will likely be needed on how to calculate this 10% limit. Also, the draft rules prohibit banking and insurance institutions from providing products which may result in unlimited losses. We understand this restriction seeks to prevent a re-occurrence of the Bank of China “crude oil product” event of 2020.
- Insurance: red lines are drawn for underwriting activities. For example:
- Starting to review the underwriting terms or re-reviewing the underwriting terms under stricter standards after occurrence of the insured event
- Sailing to ask for proper disclosure of the insured at the beginning, and then rejecting the claim or reducing the claimable amount for lack of disclosure.
- Robo-marketing: banking and insurance institutions must avoid unauthorised or unreasonably frequent robo-marketing. This is in line with PRC regulators increasing concern on the use of automated decision-making in the digital economy.
- Debt collection: outsourcing of debt collection for debts overdue for less than 30 days is prohibited and firms are required to keep full records of the debt collecting process.
4. Enhanced protection of consumer information
The entire chapter 6 of the draft rules is dedicated to the protection of consumers’ information:
- Things worth repeating: the data processing principles of "lawful, legitimate and minimum necessary", notice and consent requirements and the proper use of standard terms are reiterated. Common issues like proper management of information systems and staff have also been addressed to better protect consumers’ personal information.
- Scrutiny of your partners: financial institutions must pay more attention to consumer information protection when cooperating with external parties. There are specific technical requirements like dedicated channels for data transfer, physical isolation of IT equipment, data encryption, access controls, system monitoring and security alerts. Management of banking and insurance institutions must direct procurement, tech and InfoSec teams to attend to this.
- Supervise cooperating platforms: specifically banking and insurance institutions must pay more attention to their cooperation with internet platforms. With the digitalisation of financial institutions, leaks of consumers’ financial information is becoming increasingly severe. Institutions must supervise their partner platforms and make sure they do not share consumer information with others or conduct targeted marketing without customers’ authorisation.
5. Presumption of guilt
If the consumer and the banking or insurance institution disagree on whether the firm was at fault for losses incurred by the consumer, the firm will have to pay compensation unless it can prove its compliance. This should compel banking and insurance institutions to improve marketing and sales activities and keep full records of marketing and sales procedures.
6. Internal governance and regulatory supervision
Promotion of the wider consumer protection governance regime is also a focus. Specifically the draft rules require that consumer protection work must account for at least 5% of the internal comprehensive performance appraisal system of banking and insurance institutions.
Major consumer rights infringements must be reported to CBIRC within 3 business days. They also set a penalty capped at RMB 30k for violation of them, but – make no mistake – much higher penalties are in place under higher-level legislation referred to in the Draft Rules.
What’s next?
On 16 July, CBIRC also released the “Measures on Regulatory Evaluation of Consumer Rights Protection by Banking and Insurance Institutions”, which lay out a framework in line with their name. CBIRC is also formulating new rules on consumer suitability management for banking and insurance institutions. We will be monitoring developments in the consumer protection space for the finance and insurance sectors and will keep you updated.