Administrative Measure on Online Payment Services Provided by Non-Bank Payment Institutions

Promulgation Authorities: People’s Bank of China

Release Date: 2015-12-28

Source: https://www.gov.cn/gongbao/content/2016/content_5061699.htm

Original Title: 非银行支付机构网络支付业务管理办法

Administrative Measure on Online Payment Services Provided by Non-Bank Payment Institutions

Chapter 1 General Principles

Article 1 In order to regulate the online payment services provided by non-bank payment institutions (hereinafter referred to as “payment institutions”), prevent the payment risks, and protect the legitimate rights and interests of involved parties, these Measures are formulated according to the Law of the People’s Republic of China on People’s Bank of China and the Administrative Measure on Payment Services Provided by Non-Financial Payment Institutions (issued via Decree of the People’s Bank of China [2010] No.2).

Article 2 These Measures apply to the payment institutions engaging in online payment services.“Payment institutions” mentioned in these Measures refers to non-bank institutions which have lawfully obtained the Licence for Payment Business, and are approved to provide online payment services, such as internet payment, mobile phone payments, landline payment and digital TV payment.

“Online payment services” mentioned in these Measures refers to the activities of the payment institutions to transfer monetary capital for the payers and payees, where the payers’ electronic devices do not interact with the payees’ specific designated devices, after the payees or payers rely on Public Network Information System to give remote payment instructions through electronic equipment such as computers and mobile terminals.

“Payees’ specific designated devices” mentioned in these Measures refers to the electronic equipment specially used for receiving payment in transactions, which interact with the business systems of the payment institutions in the process of transactions, and participate in the generation, transmission and processing of the payment instructions.

Article 3 The payment institutions shall abide by the purposes of “mainly serving the e-commerce development” and “providing small-sum, fast, and convenient micro-payment services to the community”, open payment accounts for customers, and provide online payment services to customers, based on the bank accounts of the customers or according to the provisions of these Measures.“Payment accounts” mentioned in these Measures refers to the electronic bookkeeping opened for the customers by payment institutions who have obtained the Business Licence for Network Payment based on the customers’ genuine willingness, which are used for recording the balance of prepaid transactional funds, by virtue of which the customers initiate payment instructions, and which reflect the breakdown information of transactions.

It is forbidden to overdraft, lend, rent or sell the payment accounts, or use the payment accounts to engage in illegal activities or assist others in illegal activities.

Article 4 Relevant regulatory requirements on bank card businesses as well as the industry standards for bank cards shall be observed should payment institutions provide online payment services based on bank cards.Relevant provisions set forth in the Administrative Measures on Bank Card Acquiring Business (issued via Announcement of the People’s Bank of China [2013] No.9) apply to the development and management of authorised merchants, as well as business and risk management of the payment institutions.

Relevant provisions of the People’s Bank of China and the State Administration of Foreign Exchange apply to the payment institutions’ online payment services which involve cross-border RMB settlement and foreign exchange payment.

The payment institutions shall lawfully protect the parties’ legitimate rights and interests, comply with relevant provisions on anti-money laundering and anti-terrorist financing, and fulfil the obligations of anti-money laundering and anti-terrorist financing.

Article 5 The payment institutions shall accept the classification and evaluation in accordance with relevant regulations of the People’s Bank of China, and carry out the appropriate regulatory measures of classification.

Chapter 2 Customer Management

Article 6 The payment institutions shall follow the principle of “knowing your customers”, and establish a sound customer identification mechanism. The payment institutions which open payment accounts for their customers shall manage their customers based on a real-name system, register and take effective measures to verify the basic information of the customers’ identity, check valid ID according to the requirements and keep a copy or photocopy of such ID, establish unique identification codes for customers, and adopt continuous identification measures during the existence of business relationship with the customers, in order to ensure both effective verification of customers’ identity and their genuine willingness; it is forbidden to open anonymous payment accounts or payment accounts under fake names.

Article 7 The payment institutions shall enter into service agreements with customers to agree on the responsibilities, rights and obligations of both sides,  specify at least the service processes and rules such as the business rules (including but not limited to business functions and processes, identification and transaction verification , and methods for settlement), charging items and standards, queries, disputes on errors, and complaints; the business risks, and the prevention against illegal activities and disposal measures; and sharing of liability for customers’ loss, and compensation rules.The payment institutions that open payment accounts for customers shall also bring the following content in an obvious manner within the service agreements to the attention of the customers, and take effective measures to confirm that the customers are fully aware of and clearly understand such content: “The balance recorded under the payment accounts is different from the bank deposit of the customer itself, and is not protected by the Regulations on Deposit Insurance, the nature of which is a pre-paid value that the payment institutions are commissioned to take custody of on behalf of the customers, and the ownership of which belongs to the customers, although the monetary capital of such pre-paid value is deposited with the bank not in the name of the customer itself but in the name of the payment institutions, and it is the payment institutions who initiate fund transfer instructions to banks.”

The payment institutions shall ensure that the agreements are clear and understandable, and shall use an obvious method to remind the customers to pay attention to matters that they have major interests in.

Article 8 The payment institutions who have obtained the Business Licence for Network Payment may open payment accounts for customers upon their voluntary application. The payment institutions who have only obtained the business licences for mobile phone payment, landline payment or digital TV payment shall not open payment accounts for their customers.The payment institutions shall not open payment accounts for financial institutions, or other institutions that engage in financial services such as credit loan, financing, wealth management, guarantee, trust, and currency exchange.

Chapter 3 Business Management

Article 9 The payment institutions shall not provide services in securities, insurance, credit loan, financing, wealth management, guarantee, trust, currency exchange, and cash deposit and withdrawal, or provide such services in disguise.

Article 10 The payment institutions which send payment instructions to the customers’ account opening banks and deduct funds from customers’ bank accounts shall implement the following requirements with the banks:

(1) The payment institutions shall initiate to verify customers’ identity in advance or at the time of the first transaction, and obtain authority by agreement respectively from the customers and from the banks, to agree that such payment institutions initiate payment instructions to the customers’ bank accounts in order to deduct funds therefrom;

(2) The banks shall initiate to verify customers’ identity in advance or at the time of the first transaction, obtain authority by agreement from the customers to clearly agree the scope of deduction and the way to verify transactions, establish limits for single transaction as well as for single-day total transactions which match customers’ risk tolerance, and undertake to assume duties of unconditional full compensation for risk losses of such type of transactions; and

(3) Except for small-sum payment in which single transaction is not more than 200 yuan, payment for public utilities, tax payment, credit card repayment and other payments where payees pay fixed and regular amount, and the situations that are in compliance with the provisions of Article 37, payment institutions shall not conduct transaction verification on behalf of banks.

Article 11 A payment institution shall conduct associated management on all payment accounts opened by the same customer in the institution based on the customer’ identity, and shall follow the requirements below to conduct classified management on individual payment accounts:

(1) The payment institution can open a Class I payment account for an individual customer who opens the first payment account in the institution, which conducts basic verification of identity information by non-face-to-face way and through at least one legitimate and safe external channel; the balance of such account is only available for consumption and transfers, and payments by balance do not exceed 1,000 yuan cumulatively since the opening of such accounts(including transfers from the payment account to the bank account under the same name of the customer itself);

(2) The payment institution can open a Class II payment account for an individual customer whose identity is verified by the payment institution either independently or by commissioning cooperative organisations by face-to-face ways, or an individual customer whose basic identity information is conducted multiple cross-verification by non-face-to-face ways and through at least 3 legitimate and safe external channels; the balance of such account may be used only for consumption and transfers, and all payments by balance in the payment account do not exceed 100,000 yuan in total per year (excluding transfers from the payment account to the bank account under the same name of the customer itself); and

(3) The payment institution can open a Class III payment account for an individual customer whose identity is verified by the payment institution either independently or by commissioning cooperative organisations by face-to-face ways, or an individual customer whose basic identity information is conducted multiple cross-verification by non-face-to-face ways and through at least 5 legitimate and safe external channels; the balance of such account may be used for consumption, transfers, and purchase of financial products for investment and wealth management; all payments by balance in the payment account do not exceed 200,000 yuan in total per year (excluding transfers from the payment account to the bank account under the same name of the customer itself).The external channels to verify the basic information of customers’ identities include but are not limited to government departments’ databases, commercial banks’ information systems, and commercialised databases. Amongst these, the accounts for which the basic information of customers’ identities is verified through commercial banks shall be Class I bank accounts or credit cards.

Article 12 When the payment institutions provide transfer services between bank accounts and payment accounts, the relevant banks accounts and payment accounts shall belong to the same customer.The payment institutions shall timely complete the transfer from payment accounts to the bank accounts of a customer itself according to the agreement with the customer, and the transfer from Class II or Class III payment accounts to the bank accounts of the customer itself shall not be capped.

Article 13 A payment institution which provides transfer services to customers from prepaid cards issued by the payment institution to payment accounts shall follow relevant provisions of the Administrative Measures on Prepaid Card Business of Payment Institutions (Announcement of the People’s Bank of China [2012] No.12) to conduct separate management on the balance of payment accounts, which may be only used for consumption but not for cashing or disguised cashing by way of transfer or purchase of financial products for investment and wealth management.

Article 14 The payment institutions shall ensure transaction information’s authenticity, completeness, traceability and consistency in the whole process of payment, and shall not alter or conceal transaction information. The transaction information includes but is not limited to the following:

(1) Transaction channels, transaction terminal or interface type, transaction type, transaction amount, transaction time, as well as the name and code of authorised merchants who provide goods or services directly to customers, and the merchant category code set in accordance with national standards and standards of the financial industry;

(2) The names of paying and receiving customers, paying and receiving payment account numbers, or names and account numbers of the account opening banks of banks accounts;

(3) The identity verification and transaction authorisation information of paying customers;

(4) Marks for valid tracking of transaction; and

(5) The payment purpose and cause of the transfers by organisational customers, the single transaction of which exceeds 50,000 yuan.

Article 15 Where refund is needed because of cancellation (revocation) of transactions, return of goods, unsuccessful transaction, or redemption of financial products such as investment and wealth management products, the corresponding amount shall be transferred back to the original account from which the deduction has been made.

Article 16 For customers’ operations using online payment services, payment institutions shall timely deal with such operations after verifying the customers’ identity and genuine willingness, and shall keep true and complete records of the operation for 5 years from the date such operations enter into force.Customers’ operations include but are not limited to logging in, logging out, identification and transaction verification, changing identity and contact information, adjusting business functions, adjusting the transaction limit, change of receiving and paying methods, and changing or reporting the loss of passwords, digital certificates, or electronic signatures.

Chapter 4 Risk Management and Protection of Customers’ Rights and Interests

Article 17 The payment institutions shall integrate factors such as customer types, identity verification modes, transaction behavioural characteristics, and credit conditions, establish systems and mechanisms for customer risk rating management, and dynamically adjust customer risk ratings and associated risk control measures.The payment institutions shall, on the basis of customer risk rating, transaction verification methods, transaction channels, transaction terminals or interface types, transaction type, transaction amount, transaction time, business category and other factors, establish transaction risk management systems and transaction monitoring systems, and timely take measures such as investigation and verification, delayed settlement, and termination of services for suspected fraud, cashing, money laundering, illegal financing, terrorist financing and other transactions.

Article 18 The payment institutions shall fully disclose the potential risks of online payment services, timely reveal the new models of criminals’ practices, provide necessary safety education to the customers, and give risk warnings for high-risk businesses before and during the operation.The payment institutions which provide online payment services to customers purchasing financial products from cooperative institutions shall ensure that the cooperative institutions have obtained relevant qualifications and carry out business lawfully, reveal the information of such cooperative institutions and the product information at the first time of purchase, fully alert the customers of related responsibilities, rights, obligations and potential risks, and help customers to enter into agreement with cooperative institutions.

Article 19 The payment institutions shall establish a sound system of risk reserves and transaction compensation system, timely make full-amount advance compensation for loss of fund which cannot be proved to be caused by customers, and protect customers’ legitimate rights and interests.The payment institutions shall disclose on their websites to the public the information regarding the risk events, customer risk losses and compensation in the previous calendar year before the 31st of January each year.

The payment institutions shall genuinely reflect the above content, as well as the accrual, usage and balances of risk reserves in their annual supervision and management reports.

Article 20 The payment institutions shall, according to the relevant provisions on customer information protection of the People’s Bank of China, prepare effective measures on the protection of customer information and risk control mechanisms, in order to perform the duties of customer information protection.Payment institutions shall not keep the track information or chip information of customers’ bank cards, the verification codes, the passwords and other sensitive information, and in principle shall not keep the expiry date for the banks cards.

If payment institutions indeed need to store the expiry date of a customer’s bank card out of special business needs, authorisation from the customer and the account opening bank shall be sought, and the expiry date shall be stored in the encrypted form.

The payment institutions shall collect, use, store and transmit customer information under the principle of “the minimum”, and shall inform the customers of the purpose and scope of using customer-related information. The payment institutions shall not provide customer information to other institutions or individuals, unless laws and regulations otherwise provide, or the customer itself has confirmed and made authorisations item by item.

Article 21 The payment institutions shall forbid by agreement the authorised merchants from storing track information or chip information of customers’ bank cards, verification code, expiry date, passwords and other sensitive information, and shall take regular inspection, monitoring and other necessary technical surveillance measures.If authorised merchants keep the above sensitive information in violation of the agreement, the payment institutions shall immediately pause or terminate the provision of online payment services for them, adopt effective measures to delete such sensitive information, prevent the disclosure of information, and lawfully undertake the compensation and liability because of the leaks of related information.

Article 22 The payment institutions may select and combine the following 3 types of elements to verify customers’ payment by balance through payment accounts:

(1) Elements that only the customer itself knows, for example static passwords;

(2) Unique elements that only the customer itself holds, which are not duplicable or cannot be repeatedly used, for example digital certificate, which has passed security certification, electronic signature, and one-time passwords generated and transmitted through secure channels; and

(3) The physiological characteristic elements of the customer itself, such as fingerprints.The payment institutions shall ensure that the adopted elements are mutually independent, and that damage or leak of part of the elements does not lead to damage or leak of other elements.

Article 23 Where the payment institutions use digital certificates or electronic signature as the verification elements, the digital certificates and the generation progress of the electronic signatures shall comply with the relevant provisions of the Electronic Signature Law of the People’s Republic of China and Good Practice on Financial Electronic Certification (JR/T0118-2015), to ensure the uniqueness and integrity of the digital certificates and the non-repudiation of the transactions.If the payment institutions use one-time password as the verification elements, they shall effectively prevent the risk generated when the acquiring terminal of the one-time password and the terminal initiating payment instructions are the same physical device, and shall strictly limit the validity of the one-time password within the shortest necessary period.

If payment institutions use physiological characteristics of the customer itself as verification elements, they shall meet the national and financial industry standards as well as related information safety regulatory requirements, and prevent illegal storage, copy or reproduction.

Article 24 The payment institutions shall, base on the security level of transaction verification methods, manage the customers’ limit of paying by the balance from payment accounts under the following requirements:

(1) If payment institutions use two or more types of valid elements including digital certificates or electronic signatures, the cumulative limit for a single day shall be independently agreed between the payment institutions and the customers;

(2) If payment institutions use two or more types of valid elements except digital certificates or electronic signatures, the cumulative sum of a single day from all payment accounts of a single customer shall not exceed 5,000 yuan (excluding transfers from payment accounts to bank accounts under the same name of the customer itself); and

(3) If payment institutions use fewer than two types of valid elements to verify transactions, the cumulative sum of a single day from all payment accounts of a single customer shall not exceed 1,000 yuan (excluding transfers from payment accounts to bank accounts under the same name of the customer itself), and payment institutions shall undertake to unconditionally bear compensation duties for risk losses for such type of transactions.

Article 25 The related system facilities and technologies for the online payment services of the payment institutions shall continue to be in line with national, financial industry standards and related information safety management requirements. In case of failure to comply with the relevant standards and requirements, or related national, financial industry standards have not been formulated yet, the payment institutions shall bear unconditional advance compensation duties for the full direct risk losses of the customers.

Article 26 The payment institutions shall own safe and standard processing system and backup system within China for online payment services, develop emergency plans for accidents, and ensure system security and business continuity.The payment institutions providing services for domestic transactions shall complete the transactions through domestic business processing systems, and shall complete fund settlement within China.

Article 27 The payment institutions shall take effective measures, ensure that before carrying out the payment instructions, customers may confirm transaction information such as name of paying and receiving customer, account number and transaction amount, and timely notify customers of the results after the completion of the payment instructions.If payment instructions cannot be normally processed because of transaction timeout, no response or a system failure, the payment institutions shall timely notify the customers thereof; if customers have caused that the payment instructions are not exercised, not properly implemented, or delayed, the payment institutions shall take the initiative to inform the customers to make changes or assist customers to take remedial measures.

Article 28 The payment institutions shall provide transaction information queries for at least the previous year to customers free of charge through channels such as websites of legal and independent domain and unified service telephone numbers, establish sound an error dispute and complaint handling system, and be equipped with professional departments and personnel to handle transaction errors and customer complaints in a factual, accurate and timely manner. The payment institutions shall inform the customers of the correct way to obtain related services and guide customers to effectively identify the authenticity of the service channels.The payment institutions shall make announcement on their websites before the 31st January of each year of the situations such as the number and types of customers’ complaints, proportion of the processed complaints, and the complaint handling speed, etc.

Article 29 The payment institutions shall fully respect customers’ right to choose, shall not force customers to use their own payment services, and shall not impede customers from using others’ payment services.The payment institutions shall be fair in showing all types of receiving and paying methods that the customer can choose from, shall not induce or force customers to open payment accounts, or carry out receiving and paying activities through payment accounts, and shall not attach unreasonable conditions.

Article 30 Where it is necessary for the payment institutions to suspend online payment services because of system upgrades or debugging, announcement shall be made at least five business days in advance.If change terms of agreement, increase service fees or add new fees, announcement shall be given for 30 consecutive days at service channels such as their websites in a conspicuous manner before implementation, and the payment institutions shall make sure that customers are aware of and accept the complete and detailed content of the proposed adjustment, before the customers carry out related business for the first time.

Chapter 5 Supervision and Management

Article 31 Where a payment institution provides innovative products or services of online payment, ceases to provide products or services, or carries out online payment services in China in cooperation with a foreign institution, a report shall be made to the local branch of People’s Bank of China where the legal person of the payment institution is located at least 30 days in advance.If serious risk event happens to a payment institution, a timely report shall be made to the local branch of People’s Bank of China where the legal person of the payment institution is located; the report shall also be made to the public security organs if suspected offences are found.

Article 32 The People’s Bank of China may, in light of the factors such as business qualifications of the payment institutions, and risk management & control, particularly the customer reserves management, establish a classified regulation index system for the payment institutions, set up a continuous classification and evaluation mechanism, and implement dynamic classification management for the payment institutions. Specific measures shall be made by the People’s Bank of China separately.

Article 33 A payment institution which is classified as Class A and whose real name proportion of Class II and Class III payment accounts payment accounts exceeds 95% may adopt other customer identity verification methods which can effectively implement the real-name system requirements, which shall be implemented after being assessed by the local branch of People’s Bank of China where the legal person of the payment institution is located, and being filed with the People’s Bank of China.

Article 34 A payment institution which is classified as Class A and whose real name proportion of Class II and Class III payment accounts payment accounts exceeds 95% may, by reference to organisational customers, manage individual customers(hereinafter referred to as “individual sellers”) who engage in e-commerce activities and do not meet the conditions to register with the business administration authorities, and whom relevant laws and regulations permit not to so register, but must establish an effective mechanism for continuous monitoring of e-commerce activities and dynamic management on individual sellers, and shall file with the local branch of People’s Bank of China where the legal person of the payment institution is located.The individual sellers managed by the payment institutions by reference to organisational customers shall at least meet the following conditions:

(1) Related e-commerce trading platform has reviewed and registered the real identity information thereof in accordance with relevant laws and regulations, signed registration agreement therewith, established registration files and made regular verification and updates, and issued certificates to prove the authenticity and legitimacy of personal identification information which is uploaded to the e-commerce business homepage at an prominent location in activities;

(2) The payment institutions have completed the identity verification according to the standards for opening Class III individual payment accounts;

(3) Having been carrying out consecutive e-commerce activities for 6 months, during which the cumulative business revenue collected through payment accounts exceeds 200,000 yuan.

Article 35 When a payment institution, which is classified as Class A and whose real name proportion of Class II and Class III payment accounts payment accounts exceeds 95%, makes transfers prescribed in Clause 1, Article 12, the related bank accounts and the payment accounts are allowed not to belong to the same customer. The payment institution shall send during the transaction the accurate and complete transaction information to banks, such as transaction channels, transaction terminals or interface types, transaction types, business name, business code, merchant category code, and the paying and receiving customers’ names and account numbers.

Article 36 A payment institution, which is classified as Class A and whose real name proportion of Class II and Class III payment accounts payment accounts exceeds 95%, may increase the cumulative limits of payment by balance for a single day for Class II and Class III payment accounts meeting real-name system management requirements up to twice of that as provided in Article 24.A payment institution, which is classified as Class B and whose real name proportion of Class II and Class III payment accounts payment accounts exceeds 90%, may increase the cumulative limits of payment by balance for a single day for Class II and Class III payment accounts meeting real-name system management requirements, up to 1.5 times of that as provided in Article 24.

Article 37 When conducting related business according to Article 10, a payment institution which is classified as Class A may, based on business needs, independently agree on circumstances with the banks where the payment institution conduct the transaction verification on behalf thereof, but during the transaction the payment institution shall completely and accurately send to banks the transaction information such as transaction channels, transaction terminals or interface types, transaction types, business name, business code, merchant category code, and the paying and receiving customers’ names and account numbers; banks shall verify the security of the verification means or channels of the payment institution, and their management duties towards the safety of customers’ fund are not transferred because the payment institution conducts the verification on behalf thereof.

Article 38 For a payment institution which is classified as Class “C” or below and whose real name proportion of payment accounts is relatively low, and which has major impact on retail payment system or public confidence in non-cash payments, the People’s Bank of China and its branches may moderately raise the requirements of disclosure of related information based on the provision of Article 19 and Article 28, and shall strengthen off-site supervision and on-site inspection.

Article 39 The People’s Bank of China and its branches shall, by comparing the appropriate conditions of the above classification management measures, dynamically determine the applicable regulatory requirements for the payment institutions and shall conduct continuous monitoring. If the classified assessment results and the real-name proportion of the payment institutions do not meet the appropriate conditions of the above classification management measures, relevant provisions of Article 10, Article 11, Article 12 and Article 24 shall be strictly observed.The People’s Bank of China and its branches may adjust the relevant management measures of online payment services of the payment institutions such as the scope, pattern, function, limits and business innovation, according to social and economic development as well as the classification management needs of the payment institutions,.

Article 40 The payment institutions shall join Payment and Clearing Association of China, and accept the management by the industry self-discipline organisation.Payment and Clearing Association of China shall develop industry self-discipline specifications for online payment services according to these Measures, build self- discipline review mechanism, and file the same with the People’s Bank of China before implementation. Self-discipline specifications shall include the templates of agreements signed between the payment institutions and the customers to clarify matters the agreement shall and shall not carry, including the specific content and standard format for the information disclosed by the payment institutions.

Payment and Clearing Association of China shall establish a credit commitment system to require the payment institutions to make commitments in standard format to carry out online payment services according to law and in line with regulations, protect the information security and financial security of customers, maintain the legitimate rights and interests of customers, and voluntarily accept the restraint and punishment in case of violation.

Chapter 6 Legal Liability

Article 41 The payment institutions providing online payment services which have one of the following circumstances shall be punished by the People’s Bank of China and its branches according to Article 42 of the Administrative Measures on Payment Services Provided by Non-Financial Institutions:

(1) Having not established management systems according to relevant requirements, such as real-name customer management, opening and using payment accounts, handling error disputes and complaints, risk reserves and compensations, and emergency plans;

(2) Having not established risk control mechanisms according to relevant requirements such as customer risk rating management, function and limit management for payment accounts, customer verification management on payment instructions, transactions and information safety management, and transaction monitoring system; having not taken effective risk control measures for payment services according to relevant requirements;

(3) Having not reminded risks and disclosed related information according to relevant requirements; and

(4) Having not fulfilled the duties of reporting according to relevant requirements.

Article 42 The People’s Bank of China and its branches shall punish the payment institutions which engage in online payment services and have one of the following circumstances according to the Article 43 of Administrative Measures on Payment Services Provided by Non-Financial Institutions; if the circumstances are serious, the People’s Bank of China and its branches shall imposed penalties according to Article 46 of Law of the People’s Republic of China on People’s Bank of China:

(1) Non-compliant with relevant requirements of the payment service system facilities of the payment institutions;

(2) Not meeting the national standards, the financial industry standards and related regulatory requirements on information safety; the use of digital certificates or electronic signatures does not meet the Electronic Signature Law of the People’s Republic of China, Good Practice on Financial Electronic Certification or other provisions;

(3) Providing payment services for illegal or falsified transactions, and not taking effective measures when having found customers’ suspected or alleged offence or non-compliance;

(4) Not taking verification measures for customers’ payment instructions according to relevant requirements;

(5) Not reflecting the transaction information for network payment genuinely, completely and accurately; falsifying or concealing the transaction information;

(6) Failing to process customer information according to relevant requirements, or failing to fulfil confidentiality duties on customers’ information, resulting in risks of information leaks or having led to information leaks;

(7) Obstructing the customers from voluntarily selecting suppliers of payment services or methods of receiving and payment;

(8) Openly disclosing fake information; and

(9) Opening payment accounts in violation of relevant requirements, or providing financial services without authorisation.

Article 43 Relevant state laws and regulations shall be followed to punish the payment institutions in violation of anti-money laundering and anti-terrorist financing regulations.

Chapter 7 Supplemental Provisions

Article 44 Relevant terminologies in these Measures have the following meanings:“Organisational customers” refers to the legal persons, other organisations and individually-owned businesses which receive payment services provided by the payment institutions.

“Individual customers” refers to the natural persons who receive payment services provided by the payment institutions.

“Basic identity information of an organisational customer” includes the customer’s name, address, business scope, unified social credit code or organisation code; the licence which can prove that the customer is established by law or can lawfully carry out business and social activities, and the title, number and expiration date of the licence or documents; the name of the legal representative (person in charge) or authorised person, and the type, number and expiry date of his valid ID.

“Basic identity information of an individual customer” includes the customer’s name, nationality, gender, profession, address, way of contact, and the type, number and expiry date of the customer’s valid ID.

“Valid ID for legal persons and other organisational customers” refers to certificates or documents issued by competent governmental organs which can prove the lawful and genuine identity thereof, including but not limited to business license, legal person certificate for institutions, tax registration certificate, and organisation code certificate; the “valid ID for individually owned businesses” includes business license, and the valid identification documents of the business owners or authorised personnel.

“Valid ID for individual customers” includes: “Identity Card” for Chinese citizens who have registered permanent residence in the Household Registry; “Identity Card” or “Household Registry” for those under the age of 16; “Mainland Pass for HK and Macao Citizens” for residents of Hong Kong and Macao Special Administrative Regions; and “Mainland Pass for Taiwan Residents” for residents of the Taiwan Region; “Chinese Passport” for Chinese citizens who have permanent residence of foreign countries; “Passport” or “Foreigners’ Permanent Residence Card” for foreign citizens (relevant provisions for Border Transaction Settlement apply to foreign borderers); and other identification documents provided by the law and administrative regulations.

“The customer itself” refers to the organisation itself for an organisational customer, or the natural person him/herself for an individual customer.

Article 45 The People’s Bank of China is responsible for the interpretation and revision of these Measures.

Article 46 These Measures enter into force on and from 1 July 2016.