Administrative Regulations on the Credit Reporting Industry
2018-03-09 1350
Administrative Regulations on the Credit Reporting Industry
Order of the State Council No. 631
January 21, 2013
The Administrative Regulations on the Credit Reporting Industry, which were adopted at the 228th executive meeting of the State Council on December 26, 2012, are hereby promulgated and shall take effect as of March 15, 2013.
Premier: Wen Jiabao
Administrative Regulations on the Credit Reporting Industry
Chapter I General Provisions
Article 1 These Regulations are enacted for the purpose of standardizing credit reporting activities, safeguarding the legitimate rights and interests of the parties concerned, guiding and advancing the healthy development of the credit reporting industry and promoting the development of the social credit system of China.
Article 2 These Regulations apply to credit reporting business and relevant activities within the territory of China.
In these Regulations, the term "credit reporting business" refers to activities in which credit information on enterprises, public undertaking institutions and other entities (hereafter collectively referred to as "enterprises") as well as credit information on individuals are collected, sorted, stored, processed and provided to users.
The collection, sorting, storage, processing and supply of information by state-sponsored basic financial credit information database are subject to provisions under Chapter V of these Regulations.
Where for the purpose of performing their duties, state organs, or entities which are authorized by laws and regulations and have functions of public administration, collect, sort out, store, process and release information on enterprises and individuals in accordance with laws, administrative regulations and relevant provisions of the State Council, these Regulations shall not apply.
Article 3 Individuals and entities engaged in credit reporting and relevant activities shall comply with applicable laws and regulations and the principles of good faith and honesty, and may not compromise any state secret or infringe on trade secrets or personal privacy.
Article 4 The People's Bank of China (hereafter, "credit reporting industry supervisory and regulatory department of the State Council") and local resident offices thereof supervise and regulate the credit reporting industry in accordance with law.
Local people's governments above the county level and relevant departments of the State Council promote the development of social credit system within their respective jurisdictions or the industries they regulate, cultivate a credit reporting market and advance the development of the credit reporting industry.
Chapter II Credit Reporting Entities
Article 5 In these Regulations, the term "credit reporting entities" refers to entities that are legally established and primarily engaged in credit reporting business.
Article 6 A credit reporting entity that engages in individual credit reporting business shall comply with the conditions under Company Law of the People's Republic of China for the establishment of a company as well as the following conditions and shall be subject to approval by the credit reporting industry supervisory and regulatory department of the State Council:
1. its major shareholder(s) have a sound reputation and are free of any of record of major violation or offense;
2. its registered capital is not less than RMB50 million;
3. it has the facilities, equipments, rules and measures necessary for ensuring information security, which conform to provisions of the credit reporting industry supervisory and regulatory department of the State Council;
4. its proposed directors, supervisors and senior managers shall meet the qualification conditions under Article 8 of these Regulations; and
5. other prudential conditions as provided by the credit reporting industry supervisory and regulatory department of the State Council.
Article 7 An applicant for establishing a credit reporting entity shall submit to the credit reporting industry supervisory and regulatory department of the State Council a written application and certification proving that it meets the conditions under Article 6 of these Regulations.
The credit reporting industry supervisory and regulatory department of the State Council shall review the application materials in accordance with law and issue a decision on whether to approve the application within 60 days after the acceptance thereof. Where the credit reporting industry supervisory and regulatory department of the State Council decides to approve the application, it shall issue the applicant with an individual credit reporting business license; where the credit reporting industry supervisory and regulatory department of the State Council decides not to approve the application, it shall provide the applicant with a written account of the reasons for such disapproval.
A credit reporting entity providing individual credit reporting business whose establishment is approved shall register itself with the competent company registration authority on the strength of its personal credit reporting business license.
In the absence of approval by the credit reporting industry supervisory and regulatory department of the State Council, no entity or individual may engage in individual credit reporting business.
Article 8 Directors, supervisors and senior managers of a credit reporting entity engaged in individual credit reporting business shall be familiar with laws and administrative regulations relating to credit reporting business, have the working experiences and management competence necessary for performing their duties, free of any record of major violations or offenses in the latest three years and have obtained the qualification verified and approved by the credit reporting industry supervisory and regulatory department of the State Council.
Article 9 A credit reporting entity shall obtain the prior approval of the credit reporting industry supervisory and regulatory department of the State Council for its establishment of any branch office, merger or division, change of its registered capital or change in shareholder(s) holding over 5% of its stock capital or over 5% of the company's shares.
Where the credit reporting entity changes its name, it shall file such change to the credit reporting industry supervisory and regulatory department of the State Council for the record.
Article 10 The establishment of a credit reporting entity engaged in enterprise credit reporting business shall meet the establishment conditions under the Company Law of the People's Republic of China and shall, within 30 days after it is duly registered with the competent company registration authority, file a report on its registration to the local resident office of the credit reporting industry supervisory and regulatory department of the State Council on the strength of the following:
1. its Business License
2. an account of its equity structure and organizational institution;
3. basic information on the scope, rules and systems of its business; and
4. its information security and risk prevention and control measures.
Where there is any change in any of the items filed to the credit reporting industry supervisory and regulatory department of the State Council for record, it shall, within 30 days after the occurrence of such change, undergo the corresponding alteration procedure with the competent local resident office of the credit reporting industry supervisory and regulatory department of the State Council in connection with such change.
Article 11 A credit reporting entity shall, in accordance with relevant provisions of the credit reporting industry supervisory and regulatory department of the State Council, submit a report on its credit reporting business in the previous year.
The credit reporting industry supervisory and regulatory department of the State Council shall release to the public a list of the names of credit reporting entities engaged in individual credit reporting business and those engaged in enterprise credit reporting business and shall timely update such list.
Article 12 Where a credit reporting entity is dissolved or is declared as bankrupt in accordance with law, a report thereon shall be sent to the credit reporting industry supervisory and regulatory department of the State Council and the information databases of the credit reporting entity shall be handled according to the applicable one of the following methods:
1. to be transferred to any other credit reporting entity or credit reporting entities subject to the agreement with such credit reporting entity or credit reporting entities and subject to approval by the credit reporting industry supervisory and regulatory department of the State Council;
2. to be transferred to the credit reporting entity designated by the credit reporting industry supervisory and regulatory department of the State Council where the above transfer is not applicable; or
3. to be destroyed under the supervision of the credit reporting industry supervisory and regulatory department of the State Council where neither of the above two ways of transfer is not applicable.
Where a credit reporting entity engaged in individual credit reporting business is dissolved or is declared as bankrupt in accordance with law, it shall not only comply with the above provisions, but also shall release a public announcement on the media designated by the credit reporting industry supervisory and regulatory department of the State Council and surrender its individual credit reporting business license to the credit reporting industry supervisory and regulatory department of the State Council for cancellation.
Chapter III Credit Reporting Business Rules
Article 13 The collection of information of an individual shall be subject to the consent of the individual and without such consent, no information may be collected on the individual, with the exception of, however, information that is required to be disclosed in accordance with any applicable law or administrative regulation.
Information on directors, supervisors and senior managers of enterprises relating to their performance of duties is not categorized as personal information.
Article 14 Credit reporting entities are forbidden from collecting information on the religious belief, gene, fingerprints, blood type, diseases and medical history of individuals and other personal information that credit reporting entities are forbidden from collecting.
No credit reporting entity may collect information on the income, savings, negotiable securities, commercial insurance and real estate of individuals as well as information on the amount of tax paid by individuals, with the exception, however, of where the credit reporting entity has expressly informed individuals of the possible adverse consequences of their provision of such information and obtained the written consent of the individuals on the collection of such information.
Article 15 Where an information provider provides a credit reporting entity with any adverse information on any individual, such information provider shall notify the individual in advance, with the exception of, however, information that is required to be disclosed in accordance with any applicable law or administrative regulation.
Article 16 A credit reporting entity may store adverse information of an individual for a maximum of five years, which shall be calculated as of the date when the misconduct or adverse event corresponding to such adverse information ends; such adverse information shall be deleted upon the expiration of the five-year period.
During the said storage term of adverse information, the individual may provide explanations on such adverse information. The credit reporting entity shall record such explanations.
Article 17 An individual or entity concerned may apply to a credit reporting entity to access information on himself, herself or itself, as the case may be. An individual is entitled to obtaining gratuitously his or her credit report twice each year.
Article 18 An application to a credit reporting entity for access to information on an individual shall be subject to the written consent of the individual and agreement between the applicant and individual specifying the purposes for which such information may be used, with the exception, however, of information which may be accessed without the consent of the individual in accordance with law.
No credit reporting entity may violate the provision under the preceding paragraph when it provides information on any individual.
Article 19 Where a credit reporting entity, information provider or information user obtains the consent of an individual to use information on such individual through terms and conditions under a standard form contract, they shall include in the contract a reminder sufficient to attract the attention of the individual and provide clear specification according to the requirements of the individual.
Article 20 An information user shall use the information on another individual for the purpose(s) that they agree on and may not use such information for any purpose other than the purposes they agree on or provide such information to any third party without the consent of such individual.
Article 21 A credit reporting entity may collect information on enterprises from such sources as such the enterprises themselves, trading partners of such enterprises, industry associations, information disclosed by competent governmental agencies in accordance with law, judgments and rulings of people's courts, etc.
No credit reporting entity may collect enterprise information that it is prohibited from collecting by any applicable law or administrative regulation.
Article 22 Credit reporting entities shall, in accordance with provisions of the credit reporting industry supervisory and regulatory department of the State Council, set up, improve and strictly enforce their rules and regulations on information security and adopt effective technical measures to ensure information security.
Credit reporting entities engaged in individual credit reporting business shall make clear provisions concerning their employees' authorization and procedure to access individual credit information, keep records on their employees' access to such individual credit information, including the name of employees who have accessed such information, the time when they access such information, the information they access, and the purposes for which they access such information. Employees of credit reporting entities may not exceed their authorization or deviate from the statutory procedure when they access such individual credit information, and may not divulge the information that they may come into in their work.
Article 23 Credit reporting entities shall adopt reasonable measures to ensure the accuracy of the information they provide.
The information provided by credit reporting entities to information users is for reference purposes.
Article 24 The sorting out, storage and processing of information collected by a credit reporting entity from within the territory of China shall also be carried out within the territory of China.
Credit reporting entities shall comply with applicable laws, administrative regulations and relevant provisions of the credit reporting industry supervisory and regulatory department of the State Council when they provide information to overseas organizations or individuals.
Chapter IV Objections and Complaints
Article 25 Where an individual or entity deems that there is any error or omission in the information on such individual or entity that a credit reporting entity collects, stores and provides, the individual or entity has the right to raise an objection to the credit reporting entity or information provider and require necessary corrections.
After receiving such an objection, the credit reporting entity or information provider concerned shall, in accordance with relevant provisions of the credit reporting industry supervisory and regulatory department of the State Council, mark such information as disputed, and within 20 days after the receipt of such objection, review and process the disputed information and notify the individual or entity making such an objection of the review results in writing.
Where the existence of the alleged error or omission is confirmed after proper review, the credit reporting entity and information provider shall make proper correction; where the existence of the alleged error or omission is ruled out, the indication of the information as "under dispute" shall be removed; where the existence of such alleged error or omission cannot be confirmed or ruled out after the review, records shall be kept on the review result and objection.
Article 26 Where an individual or entity believes that any credit reporting entity, information provider or information user infringes on any of his, her or its legitimate rights in connection with information on such individual or entity, the individual or entity may submit a complaint to the local resident office of the credit reporting industry supervisory and regulatory department of the State Council.
The competent resident office of the credit reporting industry supervisory and regulatory department of the State Council that accepts such a complaint shall timely review and process the complaint and issue a written reply to the complainant within 30 days after the acceptance of such complaint.
Where an individual or entity believes that any credit reporting entity, information provider or information user infringes on any of his, her or its legitimate rights in connection with information on such individual or entity, the individual or entity may appeal to a competent people's court.
Chapter V Basic Financial Credit Information Database
Article 27 The state maintains a basic financial credit information database to provide relevant information services necessary for preventing financial risks and promoting the development of the financial industry.
The basic financial credit information database shall be created, operated and maintained by a professional operation institution. The operation institution is a strictly not-for-profit body and is subject to supervision and regulation by the credit reporting industry supervisory and regulatory department of the State Council.
Article 28 The basic financial credit information database receives credit information supplied by credit institutions in accordance with law.
Information access service is provided through the basic financial credit information database to individuals and entities whose credit information is stored in such basic database as well as information users who have obtained the written consent of individuals or entities whose credit information they want to access. State organs may access information stored in the basic financial credit information database in accordance with law.
Article 29 Credit institutions shall provide credit information to the basic financial credit information database in accordance with law.
A credit institution's supply of credit information on any individual or entity to the basic financial credit information database or any other individual or entity shall be subject to prior written consent of the individual or entity and shall be subject to provisions under these Regulations concerning information providers.
Article 30 As to the supply of and access to credit information by financial institutions not engaged in credit business to the basic financial credit information database, and the receipt by the basic financial credit information database of such information, the credit reporting industry supervisory and regulatory department of the State Council shall formulate specific regulatory measures in conjunction with relevant financial regulatory bodies under the State Council.
Article 31 The operation institution of the basic financial credit information database may, according to the principle of cost compensation, charge an appropriate fee on the information access service it provides according to the rate set by the price regulatory authority under the State Council.
Article 32 Articles 14, 16, 17, 18, 22, 23, 24, 25 and 26 of these Regulations apply to the operation institution of the basic financial credit information database.
Chapter VI Supervision and Regulation
Article 33 The credit reporting industry supervisory and regulatory department of the State Council and the local resident offices thereof shall, in accordance with relevant provisions under the applicable laws, administrative regulations and provisions of the State Council, perform their supervisory and regulatory duties in connection with the credit reporting industry and the basic financial credit information database, and may adopt one or more of the following supervisory and inspection measures:
1. entering the premises of credit reporting entities and the operation institution of the basic financial credit information database to carry out on-site inspections, and verify whether entities supplying information to the basic financial credit information database or entities accessing information through the database comply with relevant provisions under these Regulations;
2. interviewing parties concerned and entities and individuals involved in the event under investigation and requiring such parties, entities and individuals to provide information on matters concerning the event under investigation;
3. accessing and duplicating documents and materials relating to the event under investigation and sealing up documents and materials that may possibly be transferred, destroyed, concealed or altered; and
4. examining relevant information systems.
An on-site inspection or investigation shall be carried out by at least two persons, who shall present valid legal documents and inspection or investigation notice.
The entities and individuals under inspection or investigation shall cooperate with the inspectors or investigators, provide the required documents and materials and may not conceal or refuse to provide such documents or materials or hinder the inspectors or investigators from obtaining such documents or materials.
Article 34 Where a credit reporting entity engaged in individual credit reporting business, the basic financial credit information database or any entity supplying information to the basic financial credit information database or any entity accessing information through the basic financial credit information database causes any significant information leakage, the credit reporting industry supervisory and regulatory department of the State Council may adopt necessary measures, including temporary takeover of the affected information system, to prevent damages caused by such leakage from worsening.
Article 35 The employees of the credit reporting industry supervisory and regulatory department of the State Council and the local resident offices thereof shall, in accordance with law, keep strictly confidential all state secrets and information on individuals and entities that they may come into in their work.
Chapter VII Legal Liabilities
Article 36 Where a credit reporting entity engaged in individual credit reporting business is established without the authorization of the credit reporting industry supervisory and regulatory department of the State Council, or a credit reporting entity engages in individual credit reporting business without the authorization of the credit reporting industry supervisory and regulatory department of the State Council, such credit reporting entity or individual credit reporting business shall be closed or cancelled by the credit reporting industry supervisory and regulatory department of the State Council, any and all illegal revenue, if any, of such credit reporting entity shall be confiscated, and the credit reporting entity shall be subject to a fine of between RMB50,000 and RMB500,000. Where such violation constitutes a criminal offense, the offender shall be prosecuted from criminal liabilities in accordance with law.
Article 37 Where a credit reporting entity engaged in individual credit reporting business violates Article 9 of these Regulations, the credit reporting industry supervisory and regulatory department of the State Council shall order it to correct such violation prior to a specified time limit, and impose a fine of between RMB20,000 and RMB200,000 on the credit reporting entity and issue a written warning against the directors directly responsible for such violation and other persons directly responsible and impose thereon a fine of less than RMB10,000.
Where a credit reporting entity engaged in enterprise credit reporting business fails to file the record in accordance with Article 10 of these Regulations, the competent local resident office of the credit reporting industry supervisory and regulatory department of the State Council shall order the credit reporting entity to correct within a specified time limit; where the credit reporting entity fails to correct within the said time limit, it shall be punished in accordance with the preceding paragraph.
Article 38 Where a credit reporting entity or the operation institution of the basic financial credit information database violates these Regulations and commits any of the following irregularities, it shall be ordered by the credit reporting industry supervisory and regulatory department of the State Council or the competent local resident office thereof to correct within a time limit and subject to a fine of between RMB50,000 and RMB500,000, and its directors directly responsible for such violation and other employees thereof directly responsible for such violation shall be subject to a fine of between RMB10,000 and RMB100,000, and illegal income, if any, from such violation shall be confiscated. Where such violation causes any damages to any individual or entity information on whom is abused as in the following irregularities, the credit reporting entity or the operation institution shall assume the corresponding civil liabilities in accordance with law; where such violation constitutes a criminal offense, the credit reporting entity or the operation institution shall be prosecuted for criminal liabilities in accordance with law:
1. stealing or otherwise illegally obtaining information;
2. collecting individual information that it is prohibited from collecting or collecting information on any individual without the consent of such individual;
3. illegally providing or selling any information;
4. divulging any information due to negligence;
5. failing to delete adverse information on any individual after the expiration of the storage term of such information;
6. failing to review or process in accordance with law any information to which an objection is made;
7. rejecting or hindering the inspection or investigation carried out by the credit reporting industry supervisory and regulatory department of the State Council or the competent local resident office thereof, or failing to provide true documents or materials; or
8. other conducts violating business rules on credit reporting and infringing on the legitimate rights and interests of individuals and entities.
Where a credit reporting entity engaged in individual credit reporting business commits any of the irregularities under the previous paragraph, and the circumstance or consequence of such irregularity is serious, its business license for individual credit reporting shall be revoked by the credit reporting industry supervisory and regulatory department of the State Council.
Article 39 Where a credit reporting entity engaged in individual credit reporting business fails to submit a report on its credit reporting business in the previous year in accordance with relevant provisions, the credit reporting industry supervisory and regulatory department of the State Council shall order it to correct such violation prior to a specified time limit, and impose a fine of between RMB20,000 and RMB100,000 on the credit reporting entity and issue a written warning against the directors directly responsible for such violation and other persons directly responsible and impose thereon a fine of less than RMB10,000.
Article 40 Where an entity supplying information to or accessing information through the basic financial credit information database violates these Regulations and commits any of the following irregularities, it shall be ordered by the credit reporting industry supervisory and regulatory department of the State Council or the competent local resident office thereof to correct within a time limit and subject to a fine of between RMB50,000 and RMB500,000, and its directors directly responsible for such violation and other employees thereof directly responsible for such violation shall be subject to a fine of between RMB10,000 and RMB100,000, and illegal income, if any, from such violation shall be confiscated. Where such violation causes any damages to any individual or entity information on whom is abused as in the following irregularities, the entity shall assume the corresponding civil liabilities in accordance with law; where such violation constitutes a criminal offense, the entity shall be prosecuted for criminal liabilities in accordance with law:
1. illegally providing or selling any information;
2. divulging any information due to negligence;
3. accessing information on any individual or credit information of any enterprise without the consent of such individual or enterprise;
4. failing to process objections in accordance with relevant provisions or failing to correct information involving any confirmed error or omission; or
5. rejecting or hindering the inspection or investigation carried out by the credit reporting industry supervisory and regulatory department of the State Council or the competent local resident office thereof, or failing to provide true documents or materials.
Article 41 Where an information provider, in violation of these Regulations, provides any credit reporting entity or the basic financial credit information database with adverse information on any individual that is not legally disclosed and without giving prior notice to such individual, and the circumstance or consequence of such violation is serious, the credit reporting industry supervisory and regulatory department of the State Council or the competent local resident office thereof shall impose a fine of between RMB20,000 and RMB200,000 on the credit reporting entity or the database, and impose a fine of between RMB10,000 and RMB50,000 on the persons responsible for such violation.
Article 42 Where an information user, in violation of these Regulations, uses information on an individual for any purpose other than those that the information user and the individual agree on, or provides such information to any third party without the consent of the individual, and the circumstance or consequence of such violation is serious, the credit reporting industry supervisory and regulatory department of the State Council or the competent local resident office thereof shall impose on the information user a fine of between RMB20,000 and RMB200,000 if the information user is an entity, or impose a fine of between RMB10,000 and RMB50,000 on the information user if it is an individual; any revenue from such violation shall be confiscated. Where such violation causes any damages to the individual, the information user shall assume the corresponding civil liabilities in accordance with law; where such violation constitutes a criminal offense, the information user shall be prosecuted for criminal liabilities in accordance with law.
Article 43 Where any employee of the credit reporting industry supervisory and regulatory department of the State Council or any local resident office thereof abuses his or her power, commits dereliction of duty, practices favoritism, fails to perform his or her supervisory or regulatory duties in accordance with law, divulges any state secret or information on any individual or entity, such employee shall be punished in accordance with law. Where such violation or offense causes any damages to any individual or entity, the employee shall assume the corresponding civil liabilities in accordance with law; where such violation constitutes a criminal offense, the employee shall be prosecuted for criminal liabilities in accordance with law.
Chapter VIII Supplementary Provisions
Article 44 For the purpose of these Regulations, the terms below shall be defined as follows:
1. information providers refer to entities and individuals that provide information to credit reporting entities and entities providing information to the basic financial credit information database;
2. information users refer to entities and individuals that obtain information from credit reporting entities and the basic financial credit information database;
2. adverse information on an individual or entity refers to the following information that has a negative impact on the credit status of the individual or entity: information concerning the failure of the individual or entity to perform his, her or its contractual obligations in such activities as borrowing, purchase on credit, guarantees, leasing, insurance and using credit cards, information on administrative punishments against the individual or entity; information on judgments and rulings of people's courts requiring the individual or entity to perform his, her or its obligations and information on enforcement, and other adverse information specified by the credit reporting industry supervisory and regulatory department of the State Council.
Article 45 The establishment conditions for foreign-invested credit reporting entities shall be formulated by the credit reporting industry supervisory and regulatory department of the State Council in conjunction with other departments concerned of the State Council, which shall be submitted to the State Council for examination and approval.
The credit reporting business within the territory of China by overseas credit reporting entities shall be reported to the credit reporting industry supervisory and regulatory department of the State Council for examination and approval.
Article 46 Entities that are already engaged in individual credit reporting business before these Regulations take effect shall apply for the individual credit reporting business license in accordance with relevant provisions under these Regulations within six months after the date when these Regulations take effect.
Entities that are already engaged in enterprise credit reporting business before these Regulations take effect shall file the registration record in accordance with relevant provisions under these Regulations within three months after the date when these Regulations take effect.
Article 47 These Regulations shall take effect as of March 15, 2013.