State Council to formulate the CII security protection regulations

On July 8, 2020, the General Office of the State Council issued the 2020 Legislative Plan, including several laws in the cyber security sector, such as the Regulations on Network Protection of Minors and the Regulations on the Security Protection of Critical Information Infrastructure.

http://www.gov.cn/zhengce/content/2020-07/08/content_5525117.htm

 

Supreme People’s Court and the National Development and Reform Commission: To strengthen the protection of data rights and personal information security.

On July 20, 2020, the Supreme People’s Court and the National Development and Reform Commission issued the Opinions on Providing Judicial Services and Supports to Accelerate Improvement of the Socialist Market Economy System in the New Era (“Opinions”).

The Opinions emphasize that the state should strengthen the protection of data rights and personal information security. The state should also respect the law of the socialist market economy and the development practice of data-related industries, protect data collection, use, trading and the intellectual achievements according to the law, improve the legal system for data protection, properly handle various data-related dispute cases, promote the deep integration of big data and other new technologies, new fields, and new business forms, and serve the innovative development of the data element market. The state should also implement the provisions of the Personality Rights Part of the Civil Code on the protection of personality interests, improve the judicial protection mechanism for personal information rights and interests such as biological and social data of natural persons, grasp the boundary between the development of information technology and personal information protection and balance the relationship between personal information and public interests.

http://www.court.gov.cn/fabu-xiangqing-242911.html

 

Shenzhen proposes local data protection regulations to protect “Data Right”

On July 15, 2020, the Justice Bureau of Shenzhen Municipality issued the Data Regulations of Shenzhen Special Economic Zone (“Draft Regulations”) to solicit public opinions by August 14, 2020.

The Draft Regulations propose the concept of “data right” for the first time, defining it as “data is the description and induction of objects (such as facts, events, things, processes, or thoughts), and is the material that can be processed or reinterpreted through automation and other means. Natural persons, legal persons, and unincorporated organizations enjoy data right in accordance with laws, regulations and these Regulations and no organization or individual may infringe upon such right. Data right is the right of the right holder to make independent decisions, control, process, gain, and claim compensation for specific data in accordance with the law.”

The Draft Regulations stipulate the ownership of personal data and public data. According to the Draft Regulations, natural persons have, and no organization or individual may infringe upon data rights to their personal data in accordance with the law. Public data is a new type of state-owned assets, and its data rights belong to the state. The Shenzhen Municipal Government shall exercise the data rights of public data on behalf of the state and authorize the municipal data coordination department to formulate public data asset management measures and organize their implementation.

The Draft Regulations provide that personal data includes personal information data and private data. Personal information data refers to data recorded through automation and other means that can identify the personal identity of a natural person alone or in combination with other data; private data refers to data and its derived data that are closely related to the private life of a natural person and the private space, private activities, and private information that are unwilling to be known to others.

http://sf.sz.gov.cn/xxgk/xxgkml/gsgg/content/post_7892072.html

 

MIIT to crack down unlawful behaviors in information and communications industry as exposed in the “3·15” program by CCTV

On July 16, 2020, CCTV’s 3.15 program exposed the chaos of third-party SDK plug-ins of mobile phone in collecting and using users’ personal information. It was reported that, technicians have found that the SDK plug-ins from two companies, i.e. Credit X and Zhaocai Dog, embedded in more than 50 Apps collect user’s information without prior notice to the user.

In response to the unlawful collection and use of personal information made by the SDK plug-ins, the Ministry of Industry and Information Technology (“MIIT”) immediately organized relevant entities to conduct thorough inspections, and strictly investigated and dealt with the enterprises involved in accordance with laws and regulations. The MIIT requires,

1. the Beijing Communications Bureau and Shanghai Communications Bureau to inspect the two companies involved;

2. third-party testing institutions to conduct technical testing on 50+ Apps that use the above SDKs;

3. major domestic application stores such as Alibaba, Tencent, Baidu, Huawei, Xiaomi, OPPO, vivo, 360, etc., to conduct thorough investigations on similar problems as soon as possible; Apps found of problems should be removed as soon as possible; application stores are also required to promptly notify the App operation developer to conduct self-examination and self-correction to promptly discover and process the SDK that unlawfully collects and uses user’s personal information.

In the next step, the MIIT will adopt normalized regulatory measures to strengthen the comprehensive management of Apps. MIIT is about to increase the handling and exposure of various unlawful activities, such as collection and use of user’s personal information without consent, to effectively protect the legitimate rights and interests of users.

http://www.miit.gov.cn/n1146290/n1146402/c8016746/content.html

 

MIIT exposes the second and third batches of Apps infringing upon user’s rights and interests

Recently, the Ministry of Industry and Information Technology (“MIIT”) organized third-party testing agencies to conduct inspection on mobile applications (“Apps”) and issued the Second and Third Batches of Apps that Infringe Upon User’s Rights and Interests, requiring operators of these Apps to make rectification. As of now a number of Apps still have not completed rectification and the MIIT requires them to complete rectification before designated timelines, failing which the MIIT may impose punishment on these Apps.

The above Apps are found of the following problems:

· asking for permission frequently or excessively;

· rejecting providing services if no permission is given;

· collecting personal information without consent or beyond the agreed scope;

· sharing personal information with third parties without consent;

· forcing users to use target pushing functions; and

· difficult to de-register the account.

http://www.miit.gov.cn/n1146290/n1146402/n1146440/c7993756/content.html

http://www.miit.gov.cn/n1146290/n1146402/n1146440/c8026316/content.html

 

2020 Governance Work campaign on illegal collection and use of personal information by Apps officially launched

On July 22, 2020, the Central Cyberspace Administration, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration for Market Regulation held a meeting in Beijing and started the 2020 governance work on illegal collection and use of personal information by Apps in 2020.

The governance work in 2020 will continue to focus on the following aspects:

(1) Formulate and release the key points of personal information security assessment for SDKs and mobile phone operating systems, and conduct in-depth assessments of Apps, SDKs, and mini programs that have a large scale of users and attract large volume of complaints;

(2) In response to the typical problems reflected by the public, such as illegal collection and use of biometric information (e.g. facial features), self-activation, associated activation of Apps, upload of personal information without asking for user’s permission by Apps, and the abuse of sensitive permissions such as recording and photographing, special research and in-depth inspections are to be carried out;

(3) Intensify the detection, exposure, and punishment of illegal collection and use of personal information. According to the severity of the circumstances and the consequences, punishments such as interviews, warnings, removals, and fines will be imposed in accordance with laws and regulations;

(4) Formulate and release guidelines for App stores to review and manage the collection and use of personal information by Apps, and guide and urge App stores to carry out security reviews properly before Apps go online;

(5) Release free technical tools to guide small and medium-sized enterprises to conduct self-assessment on collection and use of personal information to improve the legal compliance of personal information collection and use activities by small and medium-sized enterprises;

(6) Promote security certification for the protection of personal information by Apps; and

(7) Strengthen personal information security assessment trainings and promote the standardization of personal information security assessment.

http://www.cac.gov.cn/2020-07/25/c_1597240741055830.htm

 

MIIT launches a special campaign to promote governance on Apps that infringe upon user’s rights and interests.

In order to effectively strengthen the protection of users’ personal information, the Ministry of Industry and Information Technology (“MIIT”) issued the Notice on Carrying out the Special Campaign to Promote Governance on Apps that Infringe upon User’s Rights and Interests (“Notice”) on July 24, 2020, requiring that a national App technology testing platform management system should be launched before the end of August 2020, which is expected to complete testing for 400,000 mainstream Apps before December 10, 2020.

This campaign focuses on the following illegal behaviors by service providers of Apps and SDK, as well as application distribution platforms:

1. illegal behaviors of Apps and SDKs, including illegal collection of personal information, collection of personal information beyond the scope, illegal use of personal information and forcing users to use target pushing functions;

2. setting up barriers and frequently harassing users, such as forcing users to give permission, frequently asking for permission or excessively asking for permission made by Apps, and frequent self-activation and associated activation of Apps;

3. deceiving and misleading users, including deceiving or misleading users to download Apps or providing personal information; and

4. failure to perform obligations by application distribution platforms, including not clearly stating the information about Apps distributed by them, and not implementing the management responsibility.

According to the Notice, MIIT will organize third-party testing agencies to conduct technical testing of Apps and SDKs and supervise and inspect the implementation of the main responsibilities of the application distribution platform. For companies that are found to have problems during the first inspection, they will be ordered to complete rectification within 5 working days. If there are still problems after rectification, they may face punishments including public exposure, removals, administrative penalties and listing as bad business operations or untrustworthy telecommunications businesses. Companies that have repeated problems in different versions of the Apps will be exposed to the public, and face follow-up disposal measures.

http://www.miit.gov.cn/n1146290/n1146402/n1146440/c8027864/content.html

 

NISSIT seeks public opinions on Security Requirements for Supply Chain of Information Technology Products

On July 27, 2020, the National Information Security Standardization Technical Committee (“NISSIT”) released the Information Security Technology — Security Requirements for Supply Chain of Information Technology Products (Draft for Comment) (“Draft Requirements”) to seek public opinions by September 26, 2020.

The Draft Requirements, as a recommended national standard, will apply to the security management activities of the information technology product supply chain of government information systems and critical information infrastructure and can also provide a reference for the supply chain security management activities of other information systems.

According to the Draft Requirements, the supplier of information technology products should meet the following requirements:

· carrying out supply chain security risk assessment;

· developing the traceability strategy of purchased information technology products and components, recording and retaining information such as the origin and original supplier of information technology products and components;

· establishing and implementing the safety development process of information technology products, clarifying development management requirements, safety control measures and personnel codes of conduct, etc.

The customer of information technology products should meet the requirements such as:

· establishing and maintaining a catalog of qualified suppliers;

· regularly assessing the risks of interruption of information technology product supply, suspension of authorization, refusal to provide product upgrades or technical support services;

https://www.tc260.org.cn/front/postDetail.html?id=20200722172943

 

NISSIT issues Self-Assessment Guidelines for Apps to Collect and Use Personal Information

On July 25, 2020, the Secretariat of National Information Security Standardization Technical Committee (“NISSIT”) released the Practical Guide to Cyber Security Standards – Self-Assessment Guidelines for Apps to Collect and Use Personal Information (“Guidelines”) to guide App operators to carry out self-assessment.

The Guidelines provide 28 self-assessment items in total, covering the following six aspects:

1. whether the rules on collection and use of personal information are made public;

2. whether the purpose, method and scope of collection and use of personal information are clearly stated;

3. whether the collection and use of personal information is subject to the user’s consent;

4. whether the principle of necessity is complied with, under which only personal information in relation to the services being provided is collected;

5. whether the provision of personal information to others is subject to the user’s consent; and

6. whether functions of deleting or correcting personal information are provided, or methods for complaint are made public.

The Guidelines are formed on the basis of the Method for Identifying the Illegal Collection and Use of Personal Information by Apps jointly issued by the Cyberspace Administration of China, Ministry of Industry and Information Technology, Ministry of Public Security and State Administration for Market Regulation and the Guide to the Self-Assessment of Illegal Collection and Use of Personal Information by Apps issued by the App Governance Panel.

https://www.tc260.org.cn/front/paview/20200722134829.html

NISSIT issues the draft Guidelines for Application and Use of System Permissions by Apps

On July 29, 2020, the Secretariat of National Information Security Standardization Technical Committee (“NISSIT”) released the Practical Guide to Cyber Security Standards— Guidelines for Application and Use of System Permissions by Mobile Internet Applications (App) (Draft for Comment) (“draft Guidelines”) to seek public opinions by August 12, 2020.

The Guidelines provide the basic principles and general requirements for Apps to apply for and use system permissions, as well as the application and use requirements for ten types of Android system permissions including such as call log, SMS, location.

The Guidelines also list the common sensitive system permissions, typical issues in applying for and using system permissions, and the system permissions that are not recommended to apply for by common business functions.

https://www.tc260.org.cn/front/postDetail.html?id=20200729195232

 

Tianjin: personal privacy data cannot be traded

On July 30, 2020, Tianjin Cyberspace Administration released the Interim Measures for Data Transaction Management in Tianjin (Draft for Comment) (“Draft Measures”).

The draft Measures classify data into tradable data and data that are prohibited to be traded. Tradable data refers to all kinds of data obtained according to law, which cannot identify specific data providers and cannot be recovered.

Data prohibited to be traded include:

· data related to national security, public security and personal privacy;

· data involving trade secrets without authorization and consent of the legal obligee;

· data involving personal information without the explicit consent of the subject of personal information; data involving personal information of minors above the age of 14 without express consent of the minors or their guardians; data involving personal information of minors under the age of 14 without express consent of guardians;

· data obtained by means of fraud, deception and misleading, or from illegal and undue channels;

· data that is clearly prohibited by other laws and regulations or legal agreements.

The Measures require that data providers should conduct security risk assessment on the data to be traded and issue security risk assessment reports. The data trading service agency shall review the security risk assessment report to ensure that the data to be traded do not contain data prohibited to be traded.

https://mp.weixin.qq.com/s/8Scofen1MTmmcBJd3IKubQ

 

Anhui Province proposes regulations to boost development and application of big data 

On July 6, 2020, the Government of Anhui Province issued the Regulations on the Development and Application of Big Data in Anhui Province (“Draft Regulations”) to seek public opinions.

The Draft Regulations encourage enterprises, universities, scientific research institutions and other organizations and individuals to engage in research and development of big data technology and develop software and hardware products; to use big data to develop new industries, new formats and new models, develop online economy, and give full play to the economic value and social benefits of data resources.

The Draft Regulations further encourage and guide data trading parties to conduct data transactions in big data trading service institutions established according to law. It also clarifies that data resource transaction shall follow the principles of voluntariness, fairness, honesty and credibility, that data resource transaction shall abide by laws and regulations, and respect social morality; and that data resource transaction shall not disclose, sell or illegally provide personal information, privacy and business secrets to others, and shall not damage the interests of the state, the public and the legitimate rights and interests of others.

http://sft.ah.gov.cn/zhzx/tzgg/53877731.html

 

MoT solicits opinions on Guidelines for Constructing National Connected Car Industry Standard System (Intelligent Transport Related) 

The Ministry of Transport (“MoT”) released the Guidelines for Constructing National Connected Car Industry Standard System (Intelligent Transport Related) (“Draft Guidelines”) on July 31, 2020 to seek opinions from relevant competent authorities and associations by August 14, 2020.

The Draft Guidelines set out the key fields where standards should be developed:

· standards of basic generality, including the terms and descriptions, classification codes and symbols, and data management;

· road facilities, including general requirements, traffic perception, traffic control and guidance, intelligent roadside, roadside communication, and map and positioning;

· vehicle-road interaction, including information interaction, vehicle and portable terminal, and vehicle assistance and safe driving;

· management and service, including travel service, transportation organization, and management platform; and

· information security, including certificate keys, and network security protection.

According to the Draft Guidelines, a standard system supporting the application and industrial development of connected car should be initially established by the end of 2022, when more than 20 standards related to intelligent transport in areas such as intelligent transport infrastructure and assisted driving will have been developed and revised. By 2025 it is expected more than 40 standards will have been developed and revised.

http://xxgk.mot.gov.cn/2020/jigou/kjs/202007/t20200731_3443771.html

 

If you would like to receive our legal update via email, please contact jianghongyu@anjielaw.com.

 

 

 

For more information, please contact: 

Samuel Yang | Partner

AnJie Law Firm

P: +86 10 8567 2968

M: +86 1391 0677 369
E: yanghongquan@anjielaw.com

 

 

Author: Samuel Yang, Nicholas Blackmore

China’s legislature, the National People’s Congress, recently enacted a Civil Code which will come into force on 1 January 2021. The Civil Code is a major landmark in Chinese legal history – it is the first comprehensive codification of the civil laws of the People’s Republic of China, which has been a goal of Chinese governments since the Qing Dynasty.

The Civil Code covers the full scope of Chinese civil law, including property rights, contracts, tort and family law – and also includes sections on privacy and the protection of personal information. Samuel Yang (Partner from Anjie Law Firm) and Nicholas Blackmore (Special Counsel from Kennedys) outline the impact of the new Civil Code on Chinese data privacy law.

Most of the provisions of the Civil Code regarding privacy and personal information are not new. Much of the Civil Code is a restatement and consolidation of the existing privacy laws contained in the Decision of the Standing Committee of the National People’s Congress on Strengthening the Network Information Protection, the Cybersecurity Law, and the Law on the Protection of Consumer Rights and Interests. However, the Civil Code does extend these laws in some respects, most significantly in providing a clearer basis for individuals to take legal action in relation to breaches of their privacy rights.

Like existing PRC privacy laws, the provisions of the Civil Code regarding privacy and personal information are not as detailed or prescriptive as Hong Kong’s Personal Data (Privacy) Ordinance or Europe’s General Data Protection Regulation. Rather, they are a set of general principles which leave considerable room for interpretation. However, the National People’s Congress have flagged the introduction of a personal information protection law and a data security law as the next step in the development of Chinese data privacy law, and it is likely that these laws will be more prescriptive.

The provisions of Part IV of the Civil Code dealing with privacy and personal information are in several sections:

  • articles 990 to 1000 contains general provisions regarding “personality rights”, which include an individual’s right to privacy;
  • articles 1032 and 1033 more specifically prohibit activities which infringe on an individual’s right to privacy, such as spying, eavesdropping, photographing or filming private body parts or spaces, or sending uninvited messages; and
  • articles 1034 to 1039 deal specifically with the processing of personal information.

The legislators have apparently noted the overlap between “privacy” and “personal information”, which is an academic and practical question debated by legal professionals for a long time. The Civil Code provides a principle to deal with such overlap by providing that those provisions on privacy (articles 1032 and 1033) shall apply to the “private information” in personal information; in the absence of such provisions, the provisions on the protection of personal information (articles 1032 and 1033) shall apply.

Individuals may take legal action to prevent or obtain compensation for an infringement of their personality rights. While the Civil Code does not expressly state when personality rights will be infringed, the structure of Part IV strongly suggests that this will include the activities prohibited under articles 1032 and 1033 and the processing of personal information in breach of articles 1034 to 1039. There is an exception for the conduct of news reporting carried out in the public interest, but only to the extent that the use of the individual’s name and other personal information is reasonable.

“Personal information” is defined as information recorded electronically or otherwise that is capable of identifying a specific natural person, alone or in combination with other information, including the person’s name, date of birth, ID number, biometric information, address, phone number, email address, health information, and location information. The key provisions concerning the processing of personal information include:

  • processing of personal information must be lawful, justified, necessary and not excessive;
  • processing of personal information is only permitted with the express consent of the individual or as required by law – although article 1036 states that reasonable processing of personal information is also permitted if: (a) the individual voluntarily disclosed their personal information and did not explicitly refuse to allow processing; or (b) the processing is carried out to protect the public interest or the individual’s legitimate rights or interests;
  • individuals have the right to obtain access to personal information a processor holds about them and to correct that information if it is inaccurate;
  • individuals have the right to require a processor to delete their information if the processing is in breach of the law or an agreement between the parties;
  • processors should take technical and other necessary measures to ensure the security of the personal information they hold; and
  • in the event of a data breach, the processor should take remedial measures in a timely manner and notify the breach to the affected individuals and the relevant competent authority.

Most of these provisions will be familiar to global businesses who already comply with the General Data Protection Regulation or other privacy laws. In some respects, however, they are more strict. In particular, it appears that there is less scope under the Civil Code than under many other privacy laws for personal information to be processed without the consent of the individual.

Most of the above provisions strongly resemble those already in the Decision on Strengthening the Network Information Protection, the Cybersecurity Law and the Law on the Protection of Consumer Rights and Interests. However, being in the Civil Code, they will apply more broadly. For example:

  • the Decision on Strengthening the Network Information Protection is limited to the protection of personal information in electronic form, whereas the Civil Code applies to all forms of personal information;
  • the Cybersecurity Law applies only to network operators, whereas the Civil Code applies to all businesses handling personal information, regardless of whether they also operate a computer network; and
  • the Law on the Protection of Consumer Rights and Interests only protects the rights of consumers of goods and services, whereas the Civil Code applies to all natural persons.

Most importantly, the Civil Code will make it easier for individuals to take civil action in relation to privacy breaches. The existing laws do not expressly provide any right for individuals to take such action; they only provide for the authorities to impose administrative fines and penalties. Consequently, it has been difficult for individuals to obtain compensation for breaches. In one widely- reported case, 42 individuals unsuccessfully sought to sue Amazon in relation to an incident in which their personal information was obtained by scammers.

The Civil Code makes clear that an individual will have the right to seek a court order to prevent a breach of their privacy rights which is continuing or is about to occur, and compensation for damage (including emotional damage) which is caused by a breach of their privacy rights. The court may also order that an apology or other public announcement be published. If the individual is deceased, their family may take such legal action in their place.

The official Chinese text of the Civil Code is available here; no English translation is available at this time.

Conclusion
While the new Civil Code largely restates the existing Chinese laws on privacy and personal information protection, it does apply these laws more broadly and make it easier for individuals to take civil action in relation to breaches. As such, we are likely to see privacy and personal information protection laws enforced more often and more broadly in China from next year onwards. Companies who process personal information in China should double-check that their existing privacy practices comply with the new Civil Code from 1 January 2021.

Author:

Hannibal El-Mohtar

 

(Photo attribution: Karolina Grabowska)

 

Despite the tortuous path ahead for the US 2020 election campaigns, and the trials and tribulations of this year, the US-China Phase 1 Trade Deal (the “P1 Deal) remains in place.[1]

Although commitments under the P1 Deal are only between China and the US, international trade law limits the extent to which benefits under such agreements can be strictly bilateral.

In particular, Most Favoured Nation (“MFN”) requires World Trade Organization (“WTO”) members (like China and the USA) to give all WTO members the same benefits they give to a preferential trading partner.

This might leave some non-US entities with business in China wondering: is the P1 Deal beneficial only for US entities, or do other foreign entities also benefit?

Foreign Insurance Institutions (“FIIs”) especially may wonder: as China begins to further open its financial market, do non-US FIIs have any chance of benefitting from China’s treatment of US insurers, specifically under the insurance heading of the P1 Deal’s financial services chapter (Article 4.6)? If only US insurers benefit, would that be a Global Agreement on Trade in Services (“GATS”) violation, or would it be GATS compliant?

These are thorny legal questions, and answering them begins with a look at China’s commitments under GATS, the P1 Deal’s Article 4.6 insurance heading, and MFN under GATS.

As we will see, China has already voluntarily passed GATS compliant legislation extending one bilateral commitment in Article 4.6 to all foreign investors. It is certainly possible that China will follow a similar course of action with its other bilateral insurance commitments to the US. However, as is often the case with international trade law, whether it decides to do so will depend on both legal and diplomatic concerns rather than solely on legal considerations.

 

I. China’s P1 Deal Insurance Commitments Fall in Line with Prior Plans

 

(Attribution: Adrianna Calvo)

Modernizing and improving China’s insurance sector has been a strategic state goal since as early as 2014, with the passing of the Several Opinions of the State Council on Accelerating the Development of the Modern Insurance Service Industry (2014, the “Opinions”). Among the goals contained within the Opinions is that by 2020, insurance will become an essential means of risk and financial management for government, enterprises, and residents, with specific targets for greater insurance penetration (5%) and density (RMB 3,500 Yuan per person). [2]

In line with these objectives, at the start of the 2020 two sessions (两会, the “2020 Lianghui”) Premier Li Keqiang announced “higher government subsidies for basic medical insurance for rural and non-working urban residents” (third session of the 13th National People’s Congress). After the end of the 2020 Lianghui, the State Council also encouraged insurers to increase coverage for Chinese exporters and small to medium enterprises impacted by COVID-19 in its Guidelines about Further Strengthening Financial Services for SMEs and Micro Enterprises (Yin Fa 2020 No.120).

Like these more recent measures, many Chinese commitments to US insurers in the P1 Deal also dovetail with earlier Chinese reform plans. The text of Article 4.6 reads as follows:

Article 4.6: Insurance Services

  1. No later than April 1, 2020, China shall remove the foreign equity cap in the life, pension, and health insurance sectors and allow wholly U.S.-owned insurance companies to participate in these sectors. China affirms that there are no restrictions on the ability of U.S.-owned insurance companies established in China to wholly own insurance asset management companies in China. 
  1. No later than April 1, 2020, China shall remove any business scope limitations, discriminatory regulatory processes and requirements, and overly burdensome licensing and operating requirements for all insurance sectors (including insurance intermediation), and shall thereafter review and approve expeditiously any application by U.S. financial services suppliers for licenses to supply insurance services. In accordance with this commitment, China affirms that it has eliminated the requirement of thirty-years of insurance business operations for establishment of new foreign insurance companies. 
  1. The United States acknowledges current pending requests by Chinese institutions, including by China Reinsurance Group, and affirms that such requests will be considered expeditiously.

 

Observers will note that prior to the conclusion of the P1 Deal, the concession outlined in 4.6.1. was already scheduled to be passed. To this end, on December 06, the China Banking and Insurance Regulatory Commission had issued both the Detailed Rules for Implementing the Regulations Administering Foreign-Invested Insurance Companies in the PRC together with the Notice Clarifying the Timeline to Cancel Foreign Equity Ratio Restrictions in Joint Venture Life Insurance Companies. Most importantly, the concession in 4.6.1 was granted not solely to US enterprises (which would be a GATS violation, as we will discuss below), but rather to all foreign investors in China.

The US acknowledging “pending requests by Chinese institutions” in 4.6.3. relates to applications from Citic Group, China Re, and China International Capital Corp (CICC) for licensing in the US.

The only possible friction between China’s insurance sector P1 Deal and GATS commitments would be 4.6.2., where China singles out US firms for what appears to be preferential treatment: “review and approve expeditiously any application by US financial services suppliers for licenses to supply insurance services.”

 

II. The Road to Accession: China Included Insurance in its GATS Schedules of Commitments in 1994 and 2002

 

(Attribution: Manual Joseph)

Would this friction result in a possible GATS violation? Let us first examine China’s GATS commitments. For brevity, the particulars of these commitments are not listed in this article.

China’s first GATS commitments were published in 1994, prior to its accession to the World Trade Organization (“WTO”). A fundamental concept in understanding GATS commitments is the difference between “positive” and “negative” lists. WTO Members use a “positive” list to indicate their specific commitments to provide market access and national treatment in a schedule of commitments (“SOC”). On the other hand, a blanket MFN commitment applies to all areas of GATS, unless there is a “negative” reservation in the form of an exemption (discussed later, together with other exceptions). Whether or not a positive commitment is listed in the SOC, a WTO Member must not discriminate among its trading partners in terms of market access or national treatment.

At the time China made this SOC, foreign insurers had a minimal presence in China. The only FII in China in 1994 was AIA (a subsidiary of AIG), which had established a branch in Shanghai in 1992 (becoming the first foreign-invested insurance entity in the PRC). Later, in 1996, Manulife (a Canadian insurer) set up the PRC’s first life insurance joint venture with Sinochem.

Later, in 2001 China acceded to the WTO and a year later in 2002, China issued another SOC under GATS, leading to further liberalization. The ensuing relaxation of market entry rules ushered in a series of new insurance players in the PRC market. To better understand what this liberalization entailed, by way of overview, we can look at China’s commitments for its four “modes of supply” that took place. These “modes” refer to the four means for supplying services listed in GATS (see GATS I:2). Mode [2] (consumption abroad) became open for all but brokerages (meaning that China still reserves the right to restrict consumption of insurance services from brokerages based abroad). Most significantly, [3] dealing with commercial presence, was opened (but still subject to a number of restrictions). Modes of supply [4] (presence of natural persons) and [1] (cross-border trade) remained “unbounded” (meaning China had made no commitment to liberalize them), but with some exceptions for mode [1].

 

III. GATS MFN Applies to the P1 Deal, and no Exemptions or Exceptions Apply

Under GATS, there are two general, unconditional (with certain exceptions) obligations. The first is MFN, the second is the obligation of transparency. Only the first, MFN, is relevant to this analysis. The operative MFN provision for GATS is:

GATS Article II.1 (Most Favoured Nation)

With respect to any measure covered by this Agreement, each Member shall accord immediately and unconditionally to services and service suppliers of any other Member treatment no less favourable than that it accords to like services and service suppliers of any other country.

The effect of MFN is to forbid discrimination among a Member’s trading partners. For example, if China gives special market access to a US bank, it cannot deny that same access to a Canadian bank (except with some exceptions, discussed below).

Under GATS Article II, the test to determine whether a measure violates China’s MFN obligations is to ask whether it modifies “the conditions of competition to the detriment of like services or service suppliers of any other Member” (Appellate Body Report, Argentina – Financial Services, paras. 6.114-6.115.). Such an analysis must begin “with careful scrutiny of the measure, including consideration of the design, structure, and expected operation of the measure at issue” (Appellate Body Report, Argentina – Financial Services, para. 6.127).

As a result, any favourable treatment afforded solely to the US under the P1 Deal is discriminatory and must also extend to other foreign investors under MFN. For any measure covered by the GATS (in other words falling under the definitions in GATS Article I), a WTO member cannot give favourable treatment to services and service suppliers of any country without immediately and unconditionally giving no less favourable treatment to all WTO members (GATS Article II). This applies irrespective of whether that measure is the subject of a specific commitment in the SOC.

 

IV. Depending on How They Are Implemented, China’s Commitments to the US May Engage GATS and Extend to Other WTO Members

 


(Attribution: Mihai Vlasceanu)

China has already voluntarily extended many of its P1 Deal concessions to all foreigners. Recall that China already granted the concessions in Article 4.6.1 to all foreign insurers, making it GATS-compliant. As of January 1, 2020, all foreign insurers (and not just US insurers) are allowed full ownership of Chinese life insurance companies. Beginning April 1, 2020, this commitment also extends to the pension and health insurance markets. As mentioned in another article, under China’s new Foreign Investment Law, all FIIs will also now be governed by the Company Law of the People’s Republic of China rather than ad-hoc foreign investment laws.

However it remains to be seen whether China’s above commitments under Article 4.6.2 of the P1 Deal will violate GATS. Article 4.6.2, which can be split into two parts, appears to signal an intent to give US firms special treatment. The first part commits China to remove “any business scope limitations, discriminatory regulatory processes and requirements, and overly burdensome licensing and operating requirements for all insurance sectors (including insurance intermediation).” This part complies with GATS. The second, however, requires China to “thereafter review and approve expeditiously any application by U.S. financial services suppliers for licenses to supply insurance services.” This second part strongly indicates an intent to grant preferential, discriminatory treatment for the benefit of US firms.

The question is, will China:

  • Extend 4.6.2. commitments to all FIIs willingly, as it did with 4.6.1. commitments
  • Overtly discriminate in favour of US insurers (“De Jure Discrimination”) or
  • Covertly discriminate in favour of US insurers (“De Facto Discrimination”)?

In the case of [1], there is no MFN violation. This may happen and it is entirely possible for China to formulate regulations in its implementing measures which meet this P1 Deal term while affording equal treatment to other WTO Members.

In the case of [2], De Jure Discrimination, the MFN violation is straightforward and other WTO Members may initiate dispute settlement proceedings under the auspices of the Dispute Resolution Body (“DSB”), and most likely obtain a favorable decision. Chinese authorities are well aware of this and as a result [2] is unlikely.

In the case of [3], De Facto Discrimination, the issue becomes much more complicated and guiding WTO caselaw becomes necessary. In EC — Bananas III, the European Communities argued that MFN under GATS does not extend to De Jure discrimination, only De Facto discrimination. This was rejected (Appellate Body Report, EC – Bananas III, paras. 231-234). Applying the above analysis from Argentina Financial Services, any treatment which modifies the “conditions of competition” against one Member in favour of another falls afoul of MFN. In the Appellate Body (the “AB”)’s reasons in EC — Bananas for ruling against the EC, the AB expressly applied this standard to De Facto licensing discrimination: “various aspects of the EC licensing procedures at issue created less favourable conditions of competition for service suppliers of the complainants’” (Appellate Body Report, EC – Bananas III, see paras. 240-248).

The standard for breaching MFN in this context is low, and there is no separate enquiry into the regulatory objective or concerns behind a measure’s impact on the conditions of competition (Appellate Body Report, Argentina – Financial Services, paras. 6.105-6.106):

This legal standard does not contemplate a separate and additional inquiry into the regulatory objective of, or the regulatory concerns underlying, the contested measure. Indeed, in prior disputes, the fact that a measure modified the conditions of competition to the detriment of services or service suppliers of any other Member was, in itself, sufficient for a finding of less favourable treatment under Articles II:1 and XVII of the GATS.

As a result, if China visibly moves the needle in favour of licensing US insurers, it breaches GATS, but if it does so inconspicuously, it would be insufficient to mount a GATS challenge. If China wishes to grant favourable licensing terms US insurers in a way that does not lead to losing a GATS challenge, it must do so in a manner that is almost imperceptible and at the least, non-provable. For example, any kind of quid pro quo that leads to a US firm being licensed in China shortly after the US licenses a Chinese firm (like China Re, Citic Group, or CICC) would appear transactional, arouse suspicion, and could be challenged as a MFN violation. In challenging any discriminatory treatment, the fact that in the text of the P1 Deal, China’s 4.6.2 commitment (to approve US insurers) immediately precedes the US’ 4.6.3 commitment (to acknowledge the “pending requests” of Chinese insurers) may be used as a smoking gun to show discriminatory intent.

 

Conclusion

Legally under GATS, Chinese concessions to the US must be legislated in ways that do not discriminate between WTO Members. If these concessions instead extend only to the US, or if it is discovered that a government measure in fact discriminates against other WTO Members, then those Members may initiate consultations. Failing consultations, those Members may pursue dispute settlement under the auspices of the DSB.

So far all of China’s measures implementing the Phase 1 Deal appear to have been GATS compliant and have not led to a challenge from another Member.

However, what might possibly occur, and raise questions about compliance with GATS, is a quid pro quo between the Chinese and US administrations. For example, licensing a US insurer in exchange for the US licensing a Chinese insurer. This would be a MFN violation. However, as a form of De Jure Discrimination, such violations are notoriously difficult to prove.

This means that, from an evidentiary standpoint, there is room — however narrow — for China to license US insurers on a preferential basis without demonstrably affecting the conditions of competition in the Chinese insurance market. Nevertheless WTO precedent on the matter is clear and if such De Jure Discrimination were to be proven, it would not be difficult to show that such treatment adversely affects the conditions of competition in violation of MFN. [4]

Although preferential licensing of US insurers is an option available to China, diplomatic considerations will be taken into account on whether or not to pursue it. China voluntarily extended the commitment in Article 4.6.1 to all FIIs, and has been carefully planning this phase in its insurance reform since before the release of the 2014 Policy. It may find that the economic benefits of greater competition and variety in the PRC insurance market are more valuable to its long-term reform plans than the diplomatic points it would gain through a licensing quid pro quo with the current US administration. If that is the case, it would be logical to then also voluntarily extend the commitment in Article 4.6.2 to all FIIs.

 

[1]In fact, damaging floods and spiking corn prices have pushed Chinese importers to buy record volumes of U.S. corn, which could help the government fulfil a pledge under the P1 Deal. See Hallie Gu, Dominique Patton, “Exclusive: China plans wheat, rice sales to tame surging corn prices – sources”, Reuters, July 21, 2020, online: <https://in.reuters.com/article/china-grains-stockpiles-exclusive/exclusive-china-plans-wheat-rice-sales-to-tame-surging-corn-prices-sources-idINKCN24M15C>

[2]Zhen Jing, Chinese Insurance Contracts: Law and Practice, (Abingdon, Routledge 2017) at 23.

[3]There are a few exceptions to the MFN requirement in Article II, none of which apply to the P1 Deal. For one, if the P1 Deal were an Economic Integration Agreement (“EIA”), China could give the US preferential access under GATS Article V. However, in order for an agreement to qualify as an EIA it must, among other requirements, have “substantial sector coverage” under services, GATS Article V. The P1 Deal cannot be characterized as having “substantial sector coverage”, because among other reasons, the P1 Deal does not liberalize all four GATS modes of supply (a key requirement for substantial sector coverage). It also cannot be characterized as a regional trade agreement, which like an EIA could spare China from Article II MFN commitments, because the US and China do not share a border (Article II.3). If either were the case, China could have claimed the right to liberalize its market solely for the benefit of US insurers under the P1 Deal, and not extend that same treatment to all other WTO Members.

A couple of other exceptions are worth reviewing briefly, but they do not apply either. The first is exemptions. A WTO Member may enter reservations to its MFN obligations through MFN “exemptions” in its Annex to the GATS. However, China’s insurance commitments were not exempted in its annex. The only exempted industries are those relating to transportation (maritime, international, and freight and passengers). In other words, under GATS, the Chinese insurance sector (including life, pension, and health insurance) is not exempt from MFN treatment. Second is government procurement: direct purchases of insurance services by the Chinese government are not subject to MFN. It is unclear, however, whether or not MFN would apply to purchases by state owned enterprises (“SOEs”).

 

[4]In 2020, should China continue to go through the motions of showing GATS compliance, though? The WTO does not have any teeth, and cannot enforce any of its decisions. The WTO’s dispute resolution platform also continues to face a crisis due to the US blocking the appointment of AB panelists.

The answer is most likely yes. Unfavourable rulings do carry consequences. They sometimes lead to countermeasures from trading partners and continue to carry weight in international diplomacy. Members prefer to avoid unnecessary pressure from other Members, and it is unlikely China will overtly ignore GATS rules.

 

Have questions about accessing China’s insurance market? Anjie is a Chambers ranked, Band 1 law firm for PRC Insurance law, and has the largest insurance practice in mainland China

Feel free to send consultation requests to An Na (anna@anjielaw.com) or An Chencheng (anchencheng@anjielaw.com).

Authors: Wan Jia, Liu Sichen

I. The Background Information of the Raised Question

The rapid spread of the COVID-19 pandemic has left a huge impact on business operations worldwide. For many companies, a business interruption (“BI”) that could result from this impact is a hazard which features among their greatest operational risks this year.

Although many companies are insured against BI, their coverage under their insurance policies may not extend as far as they believe. In legal practice, the question of whether BI caused by the infectious diseases is covered by a BI insurance policy provided has given rise to great controversy.

The mainstream view holds that BI insurance is generally an additional insurance to “all risk” or other types of property insurance, therefore only those losses consequent on property damage are covered by BI. However, if there are BI extension clauses such as the infectious disease clause expanding the scope of the covered losses, the BI losses caused by the infectious disease can be compensated based on the relevant applicable extension clause, even if the insured has not suffered from property damage.

Why is compensation under a BI policy be on the condition that “damage to property” has occurred? There are a number of historical and contextual factors behind this rule, and this article sheds some light on them.

II. The reason why the insurer’s BI loss must result directly from “damage to property”

BI in China is considered to be a foreign transplanted product. Most of the mainstream insurance companies in China adopt the terms similar to those in the insurance markets of the UK or the USA.

Taking the BI clause of a large property insurance company in China on record with China Banking Insurance Regulatory Commission for example, article 3 of the clause states that,

“[D]uring the insurance period, where the insured suffered losses on the property used for its business operations due to the risks covered by the main property loss insurance clause (hereinafter referred to as the “property insurance loss”), resulting in the interference or interruption of the insured’s business operations, the loss of gross profit thereof occurring during such indemnity period shall be compensated by the insurer in accordance with this insurance policy. The indemnity period mentioned in this insurance contract refers to the period from the date of the occurrence of the insured property loss, to the insured’s business continuously affected by the insured property loss, but the maximum period shall not exceed the maximum indemnity period agreed in this insurance contract [emphasis added].”

For its part, the London Business Interruption Association (“LBIA”) issued a BI guide which indicates that BI insurance compensates for the indirect losses resulting from direct property damage. In summarizing business interruption insurance liability practice in the UK, the LBIA guide provides that, “the insurer will pay the amount of the Consequential Loss resulting from interruption of or interference with the Business carried on by the insured at the Premises consequence upon DAMAGE to Property used by the Insured at the Premises in accordance with the undernoted definition.”  [1]

  1. BI is Established to Cover the Indirect Losses Caused by the Property Losses Which Would Not Be Covered by the Traditional Property Insurance

Traditional property insurance only compensates for the direct property losses of the insured subject matter against the risks within the scope of insurance liability, and the insurer is not responsible for indirect property losses of the insured arising from suspension of production, reduction of production, or business interruption, etc.

At the end of the 18th century and the beginning of the 19th century, after experiencing a significant increase in productivity owing to the Industrial Revolution, business risks increased. Traditional property insurance like all risks insurance, could not cover the indirect losses of profits due to the accidents. The time had come for a compensation policy based on recovery of daily losses. This became the prototype for modern BI insurance.[2]

Another earlier name for BI, Use and Occupancy Insurance, can better reflect its direct relationship with property losses. [3] Under this type of policy, the insurance company shall pay, according to the calculation method agreed in the insurance clauses, for the losses resulted from interruption of the insured’s normal use and occupancy of the insured property because of the insured property risk. Different disputes might arise in different cases because of the specific wording of the insurance clauses, but the general principle is that BI covers losses consequent upon damage to the insured property.

  1. The Losses Covered by BI Need to Be Calculated Based on the State of the Insured’s Damaged Property

As discussed, the idea behind BI insurance is to cover the indirect profit losses that result when an insured peril arises. The period of business interruption is the period required to repair or replace the damaged property, namely from the time when the insured must interrupt their business due to the occurrence of the insured accident to the time when the insured resumes business. BI will thereby ensure that the insured can still operate with the same business revenue it would have generated had the accident not occurred. That is, however, the limit of what BI insures: not a penny less, not a penny more. Therefore, the insurable interest of BI is the business profits brought by the insured property.

The above mentioned LBIA BI Guide summarizes the two mainstream calculation standards for UK BI losses as Gross Profit Basis (“GPB”) and Gross Revenue Basis (“GRB”). GBP calculates the losses by including the reduction of turnover and the increase in maintenance costs, and the latter, GRB, calculates the losses by referring to the amount which shall fall short of the Standard Gross Revenue. [4]

In China, the domestic underwriters will generally calculate the insured business interruption losses by referring to the losses during the indemnity period in terms of gross profit. The calculation involves three aspects: the loss of gross profit due to a decrease in operating income, the loss of gross profit due to an increase in operating expenses, and the saved costs because of the insured accident. The sum of the first two minus the amount from the third equals, generally, the gross profit losses that need to be indemnified.

  1. Even If there are BI Extension Clauses, the Establishment of Insurance Liability is Still Premised on the Incurred Risk of Losses of Damage to Property

The above calculation of BI losses is based on the premise that the insured property suffered from damage, and that damage led to BI losses. Based on different needs of the insureds from different industries, BI policies often have their respective BI extension clauses to extend the concepts such as the Insureds, Business types, Business Premise, etc., thus covering some circumstances intended to cover by the parties.

Common extensions of BI include Communicable or Infectious Diseases, Denial of Access, and Civil Authority Orders, among others. However, even if the extension clauses are applied to expand the scope of insurable losses, the premise for the establishment of BI liability of the insurer is still that it incurred insured risk of damage to the insured property.

It needs to be added that, in China, most BI insurance clauses provided by domestic insurance companies are as additional insurance  thus making the limit of the indemnity foreseeable. However, BI does not by itself need to be a form of additional insurance by considering its original purpose. If the underwriting risk and the scope of property can be clearly defined in the BI policy, there is no major threshold for the insured to apply for a separate and independent BI policy.

In practice, disputes arising out of BI will also concern the subsequent identification of insured risks, whether BI extension clauses including infectious diseases clause have been triggered, whether the claimed losses are caused by the damage to property, and the specific losses calculation method, etc. However, the premise that needs to be clarified is that BI does not cover all losses due to business interruption, but those losses caused by business interruption due to the losses arising out of the damage to insured property. Otherwise, all unforeseen circumstances that may affect the business of the company will be the cause of possible claims, deviating from the spirit of BI and its coverage of insurance liability.

 

[1]See Guide to business interruption insurance and claims, p5 http://london-bia.org/lectures/LBIABIManual.pdf#:~:text=LBIA%20guide%20to%20business%20interruption%20insurance%20and%20claims,Insured%20DAMAGE%207%20Indemnity%20period%207%20Turnover%208

[2] Tao Cunwen, Geng Yuting, “Overseas Business Interruption Insurance System and Its Enlightenment”, published in Insurance Research, No. 4 of 2008.

[3]Pamela Levin & Thomas H. Nienow, Business Interruption Coverage – Demystifying the Causation Analysis, 24 Brief 30 (1994).

[4]See supra 1, page 13, “Standard Gross RevenueThe Gross Revenue during that period in the twelve months immediately before the date of the occurrence of the incident which corresponds with the Maximum Indemnity Period”

China issues draft Data Security Law to solicit public opinions

中国公布《数据安全法》草案

 

Recently, the National People’s Congress released the Data Security Law of the People’s Republic of China (Draft) for public opinions (“Draft”).

Highlights of the draft include:

In order to establish data security system, the State implements:

· data classification and grading protection system: The Draft provides that data should be protected by different levels and categories based the importance of data in economic and social development, and the degree of damage to national security, public interest, or the legitimate rights and interests of citizens and organizations once it has been tampered with, destroyed, leaked, or illegally acquired or illegally used. Relevant departments should formulate catalogues of important data to protect the data.

· export control of data: The State exercises export control over data pertaining to controlled items related to fulfilling international obligations and maintaining national security.

· retaliatory restriction: Where any country or region takes discriminatory prohibitions, restrictions or other similar measures against China in terms of investment and trade related to data and technologies related to data development and utilization, etc., China may take corresponding measures against the country or region according to the actual situation.

In carrying out data related activities, relevant entities should perform the following obligations to protect data security:

· Establish and improve data protection systems: Data activities should be carried out in accordance with the provisions of laws, administrative regulations and mandatory requirements of national standards, to establish and complete data security management systems in all stages, organize data security education and training, and take corresponding technical measures and other necessary measures to ensure data security.

· Carry out security assessments of important data: Processors of important data should conduct regular risk assessments of their data activities in accordance with regulations and submit risk assessment reports to the relevant competent authorities.

· Implement restrictions on cross-border judicial assistance: If overseas law enforcement agencies require access to data stored in China, relevant organizations and individuals shall report to the relevant competent authority and provide it only after obtaining approval.

The Draft also exerts extraterritorial effect on the data processing activities. According to the Draft, organizations and individuals outside China who carry out data activities that damage the national security, public interests or the legitimate rights and interests of citizens and organizations of China shall be investigated for legal responsibility according to law.

For more information, please refer to http://www.npc.gov.cn/npc/c30834/202006/97f149839ff04c428224f6344ead7e38.shtml

 

MIIT urges tighter management over call centers
工信部要求加强呼叫中心业务管理

 

The Ministry of Industry and Information Technology (“MIIT“) has recently distributed the Circular on Tightening Call Center Business Management (“Circular“) on June 8, 2020.

The Circular touches upon six aspects, namely stepping up entry management, tightening management of codes and numbers, ramping up access management, beefing up management of business behaviors, miscellaneous, and work requirements.

The Circular calls on enterprises running call centers to improve their own internal management and control mechanism and use technical means to strictly control outbound calls, prohibits them from making or facilitating crank calls, requires them to safekeep at least 30 days phone call records and other information, bans them from leasing out or reselling, without approval, voice trunk lines and other telecommunications resources and from illegally altering or concealing the telecommunications access numbers, and urges them to ensure safety of clients’ personal information.

The Circular clarifies that those who only provide call center systems and seat rental services also belong to operating call center business, and requires relevant operators to verify the legitimacy of user voice trunk and numbers and prevent harassment of calls. The Circular also clarifies that the types of self-use, manpower outsourcing, and technical services do not belong to the business of operating call centers.

After the issuance of the Circular, the enterprise shall carry out a self-examination. Relevant departments will also carry out inspections on operations of the call center business.

For more information, please refer to http://www.miit.gov.cn/n1146290/n1146402/c7979549/content.html

 

MIIT to carry out the 2020 Network and Data Security Management in Telecommunications and Internet Industry

工信部部署推进2020年电信和互联网行业网络数据安全管理工作

 

Recently, the Ministry of Industry and Information Technology (“MIIT”) issued the Notice on Doing a Good Job of Network Data Security Management in the Telecommunications and Internet Industry in 2020 (“Notice”). The Main content of the Notice includes:

· Deepening special governance of network and data security in the industry;

· conducting in-depth evaluation of network and data security compliance;

· Speeding up the construction of network and data security system standards; and

· Improving technology guarantee capabilities of network and data security.

For more information, please refer to http://www.miit.gov.cn/n1146285/n1146352/n3054355/n3057724/n3057728/c7981569/content.html

 

Guidelines on Financial Data Security Classification to be released

金融数据安全分级指南即将出台 

 

It was reported that the China Financial Standardization Technical Committee recently issued a notice that the Financial Data Security – Guidelines on Financial Data Security Classification (“Guidelines”) have been submitted for formal approval.

According to the draft version of the Guidelines, the influence (such as the possible damage, loss and potential risk) caused by the damages on the data’s security (i.e. confidentiality, integrity and availability) is a critical criterion to determine the security level of the data. The main factors to be considered are:

· Object that may be influenced, including national security, public rights and interests, personal privacy and enterprise’s legitimate rights and interests; and

· Possible degree of influence, including very serious, serious, medium and light.

Taking into the two factors above above, the Guidelines classify the security level of financial data from the highest level, level 5, to the lowest level, level 1. The level 4 data corresponds to the C3 information of personal financial information; the level 3 data to C2 information and level 2 data to C1 information.

In February 2020, the People’s Bank of China released the Personal Financial Information Protection Technical Specification, which classifies the personal financial information into C3, C2 and C1 based on the sensitivity of the data.

For more information, please refer to https://mp.weixin.qq.com/s/lkOlhz1OsS2zlzph6BVwzw

 

MOT: Transport-related scientific data should be shared with the society conditionally
交通部:交通运输科学数据应有条件地向社会开放

 

Recently, the Ministry of Transportation (“MOT”) released the Measures for the Management of Transport-Related Scientific Data (Draft for Comment) (“Draft Measures”) for public consultation.

The Draft Measures provide that the transport-related scientific data (“Scientific Data”) should be open to the society and relevant departments on the principle of opening as the norm and not being the exception. The relevant departments will formulate an open catalog of the Scientific Data, to classify Scientific Data into three categories, i.e. unconditional sharing, conditional sharing and not sharing, and to clarify the confidentiality level and confidentiality period, open conditions, open objects and audit procedures, etc. of Scientific Data.

The Draft Measures further clarify the attribution of intellectual property rights of Scientific Data. The Measures stipulate that users of Scientific Data should abide by the relevant provisions on intellectual property rights, and indicate the Scientific Data used and referenced in the publication of papers, patent applications, and monograph publications. Providers of Scientific Data have the right to preferential use of data. If others apply for the use of data, the scientific data center in the industry may provide it to the applicant subject to the written consent of the Scientific Data provider.

The Measures also stipulate the principle of paying for using Scientific Data. For the use of Scientific Data for business activities, the parties should sign a paid service contract, clarifying the rights and obligations between them.

For more information, please refer to http://xxgk.mot.gov.cn/jigou/kjs/202006/t20200623_3398111.html

 

Zhejiang Province: Public data should be shared with the society conditionally. 

浙江:公共数据将有条件地向社会开放 

Zhejiang provincial government released the Interim Measures of Zhejiang Province for Public Data Opening and Security Management (“Measures”) on June 4, 2020.

The Measures define the “public data” as various types of data resources obtained by administrative agencies at all levels and public institutions with public management and service functions (hereinafter collectively referred to as “public management and service agencies”) in the course of performing their duties according to law. Relevant departments in Zhejiang province will compile open catalog and supplementary catalog for public data in the province. According to the degree of risk of data opening, public data is divided into three categories: unconditional opening, restricted opening, and prohibited opening.

For restricted opening public data, the open subject shall not set discriminatory conditions and shall disclose to the society a list of the restricted public data that has been obtained. Citizens, legal persons and other organizations may propose to the open subject the service requirements for access to restricted open data.

Citizens, legal persons and other organizations may also raise the demand for data open services outside the open catalogue of the public data. Public management and service agencies should conduct assessments and reviews in accordance with the provisions of these Measures and inform the demanders of the relevant processing results.

For more information, please refer to http://www.zj.gov.cn/art/2020/6/17/art_1229017137_557682.html

 

Shanghai Communications Administration to carry out the 2020 Shanghai Network Security Inspection in Telecommunications and Internet Industry
上海市通信管理局开展2020年上海市电信和互联网行业网络安全检查工作

 

On June 22, 2020, Shanghai Communications Administration released the Notice on Carrying out the Network Security Inspection of the Telecommunications and Internet Industry in 2020 (“Notice”). according to the Notice, key entities to be inspected are basic telecommunications companies, value-added telecommunications companies, industrial Internet platform companies, operators of critical information infrastructure, operators of mobile Internet App, etc.in Shanghai. The inspection will focus on:

· implementation of the grading and recording, compliance evaluation and security risk assessment by communication network entities;

· check and identification of critical information infrastructure in the industry;

· security protection of industrial Internet platforms and network connected industrial control equipment;

· data security and personal information protection. Emphasis will be put on the inspection of unlawful collection and use of personal information by Apps;

· network security management and technical protection; and

· increased awareness of network security among industry practitioners.

The Notice requires enterprises should complete the self-inspection before July 31, 2020 and Shanghai Communications Administration will conduct random inspection before August 31, 2020.

For more information, please refer to

https://baijiahao.baidu.com/s?id=1670813388845807406&wfr=spider&for=pc

 

If you would like to receive our legal update via email, please contact jianghongyu@anjielaw.com.

 

 

For more information, please contact:

Samuel Yang | Partner

AnJie Law Firm

P: +86 10 8567 2968

M: +86 1391 0677 369
E: yanghongquan@anjielaw.com

 

Authors: Song Ying,  Yang Yuhui, Hannibal El-Mohtar

(Attribution: George Becker)

Antitrust law is growing in importance in China. Penalties from Chinese antitrust cases continue to grow, and Chinese regulators are known for taking swift action against conduct they believe is anticompetitive. In February 2015, Qualcomm paid almost $1 billion US to end an investigation by Chinese antitrust authorities, and this spring Chinese authorities imposed maximum fines  (10% of a firm’s annual turnover) against three suppliers of pharmaceutical ingredients for unfair pricing (Shandong Kanghui Medicine, Weifang Puyunhui Pharmaceutical, and Weifang Taiyangshen Pharmaceutical).

Alongside increasing administrative action, Chinese firms increasingly bring private antitrust actions against rival companies, particularly in the technology sphere. Often, these suits will be accompanied by an administrative complaint that could lead to an investigation and sanctions. In order to better understand the antitrust risks facing foreign enterprises in China, this legal brief clarifies China’s hybrid antitrust system.

In China, Plaintiffs can enforce the Anti-Monopoly Law themselves through private antitrust actions

China’s anti-monopoly and antitrust regime is a hybrid system that includes public enforcement alongside private rights of action. Public enforcement refers to the administrative anti-monopoly investigation and law enforcement activities carried out by authorized enforcement agencies. Private rights of action mean rights held by private entities or natural persons impacted by anti-competitive conduct to enforce the Anti-Monopoly Law (the “AML”) through a civil court proceeding.

The basis of civil anti-monopoly litigation in China is Article 50 of the AML. This provision stipulates, “[t]he business operators that carry out the monopolistic conducts and cause damages to others shall bear the civil liability according to the law.” For its part, the basis for antitrust investigation is Article 38 of the AML. This provision stipulates, “[t]he Anti-monopoly Law Enforcement Agency shall investigate any suspicious monopolistic conducts according to law. Any entities or individuals may tip off any suspicious monopolistic conduct to the Anti-monopoly Law Enforcement Agency. The Antimonopoly Law Enforcement Agency shall keep the informer confidential.”

To file a civil lawsuit against an undertaking which engages in monopolistic behavior in accordance with Article 50 of China’s AML, an individual or a company must first prove that they meet the necessary requirements under Article 119 of the Civil Procedure Law (CPL). These requirements are as follows:

  • The plaintiff is a citizen, legal person or other organization that has a direct interest in the case,
  • There is a definite defendant,
  • There are concrete claims and factual reasons, and
  • Claim(s) within the accepted scope of civil actions by the people’s court and within the jurisdiction of the people’s court.

However, in China the plaintiff need not always suffer a direct loss. Although in practice that is most often the case, according to Article 1 of Provisions of the Supreme People’s Court on Several Issues concerning the Application of Law in the Trial of Civil Dispute Cases Arising from Monopolistic Conduct, any natural person, legal person or other entity can have standing to bring an antitrust claim as long as it suffers losses. Specifically, they may bring such a claim based on disputes over contractual terms, articles of association, and terms of other agreements which might fall afoul of the AML.

An increasingly common source of claims flowing from direct losses are consumer complaints. While the AML mainly aims at safeguarding consumers’ interests, protecting fair market competition and public interests, in practice, it was uncommon in the past for consumers to bring an antitrust lawsuit. Reasons may have included the high cost of litigation, imbalanced positions in legal proceedings, low rewards, and that there are no “class actions” in China like there are in the US and other jurisdictions. Accordingly, the plaintiff is often a competitor or a firm that is upstream or downstream relative to the defendant. However, consumer antitrust actions are increasingly common in China, and may continue to rise in importance relative to commercial antitrust suits.

Of note, the AML may have extraterritorial application. There is reason to believe that private actions can be brought against firms for their conduct outside China, as long as this conduct has anti-competitive effects within China’s market. In Hytera v. Motorola System, Hytera filed a lawsuit against Motorola Systems in the Shenzhen Intermediate People’s Court on March 25, 2019, for abusing its dominant market position with respect to one of its Standard Essential Patents (“SEP”).  It sought a court order against the defendant to immediately stop abusing its dominant market position and filed a claim for damages totaling 70 million yuan.  Even though the anticompetitive conduct happened outside China, the case was accepted after the plaintiff showed prima facie evidence proving anti-competitive influence in China’s market. This suggests that the AML has extraterritorial application.

Plaintiffs Often Strategically Launch Parallel Administrative and Private Actions in China

(Attribution: Syed Hasan)

In China, administrative enforcement by an antitrust enforcement agency is not a precondition for initiating a private anti-monopoly claim. Article 2 of the Provisions of the Supreme People’s Court on Several Issues concerning the Application of Law in the Trial of Civil Dispute Cases Arising from Monopolistic Conduct provides that, “[n]o matter whether the plaintiff brings a civil suit directly to the court, or brings a civil suit to the court after the anti-monopoly law enforcement agency’s effective decision that the action constitutes a monopoly act, if other requisite requirements for acceptance stipulated by law have been fulfilled, the court shall accept the case.”

At this juncture, it is noteworthy to highlight a distinction between private and public actions in China. With regard to civil litigation, according to the Civil Procedure Law and other relevant laws of China, as long as the plaintiff meets the conditions for initiating a claim, the court is required to file a case. However, the State Administration for Market Regulation (“SAMR”) is not obliged to start an investigation after receiving tip-off materials from a natural person or private entity and retains full discretion on whether or not to initiate an action.

However, in practice complaining to the antitrust authority and lodging a civil antitrust claim in parallel has become a “strategy” that plaintiffs increasingly use in China. The plaintiff may bring a civil action before a court and also report the suspected antitrust violation to SAMR. This can lead to multiple, simultaneous proceedings involving the same or related facts. In the case of Huawei v. InterDigital Technology Corporation (“IDC”), Huawei sued IDC for abusing its dominant position in March 2013 before the Intermediate People’s Court of Shenzhen and obtained a favourable judgment. IDC appealed. The judgement from the High People’s Court of Guangdong was entered in October 2013. Meanwhile, in June 2013, the National Development and Reform Commission (“NDRC”, which prior to SAMR’s formation in 2018 had antitrust authority) launched an antitrust investigation against IDC. This case was suspended and ultimately terminated after IDC made commitments that NDRC accepted.

At law, courts do have discretion to stay a private antitrust claim pending resolution of an administrative action, but in practice it is rare. Based on our experience with parallel private antitrust suits and administrative antitrust investigations, courts do not avail themselves of this discretion to stay the hearing.

In considering such parallel antitrust proceedings, it is also unclear whether China’s civil law judges approach evidence collection differently than common law judges. As regards the evidence, parties to the action are entitled to apply to the court to collect relevant evidence from the parallel administrative investigation. Chinese courts do have discretion to use their inquisitorial powers (China’s civil law judges have greater fact-finding powers than common law judges) to request such evidence from antitrust authorities of their own initiative. However, whether and to what extent they elect to use this discretion in practice is still unclear.

(Attribution: Sk)

Conclusion

This year marks the 12th year of the implementation of the AML, and the newly drafted AML (Draft for public comment) was published in January 2020. In both public enforcement and private actions since the AML’s passing, caselaw has developed considerably, alongside greater institutional experience. However, there are still some issues, in particular coordination between administrative and judicial proceedings, which need to be solved through legislation or judicial practice. Especially considering the unavailability of class actions in China, it is hoped that coordination and unity between administrative law enforcement and civil judicial practice can help both play a greater guiding role in the antitrust compliance of operators and the protection of market competition.

Have questions about complying with China’s antitrust laws? AnJie is a leading Chambers ranked firm with a leading PRC Antitrust practice. AnJie’s practice features one of the largest and most experienced antitrust teams in mainland China.

Feel free to send consultation requests to An Na (anna@anjielaw.com) or An Chencheng (anchencheng@anjielaw.com).

Authors : Wan Jia, Hannibal El-Mohtar

I. Is China’s insurance market worth investing in?

It is no secret that China’s insurance industry presents good upside growth opportunities. According to the 2018 Report on Global Insurance and Market Research released by Allianz Group, “Nearly 80% of the total 60 Billion Euros increase in global premiums came from China, and China witnessed a continuously strong growth momentum in life insurance, replacing Japan and becoming the biggest life insurance market in Asia.”

That many foreign insurers are bullish on China is also nothing new. Last month, the CFO of Manulife Financial Corp said the company would be “very happy” to increase its 51% stake in the Manulife-Sinochem Life Insurance Company Ltd., their joint venture with Sinochem Finance Co. Ltd. As far back as 2018, Sun Life Chief Executive Dean Connor expressed openness to increasing their 25% stake in their Sunlife Everbright Life Insurance joint venture to 51%.

II. What are the new rules on foreign investment for insurance companies in China?

What has attracted the growing interest of foreign insurers are the regulatory changes permitting greater market access for foreign investors.

As of January 1, 2020, foreign investors are allowed full ownership of Chinese life insurance companies. Additionally, in the China-US Phase One Trade Deal (the “P1 Deal”), China also agreed to remove the foreign equity caps for pension health insurance. China also committed to remove all discriminatory regulatory requirements and processes, and expeditiously review and approve license applications from foreign investor.

That’s not to say there’s no uncertainty. In the first four months of 2018, premium income at China’s Life Insurers tumbled by 13.6 per cent year on year for the first four months of 2018, after the industry regulator (China Banking and Insurance Regulatory Commission, “CBIRC”) cracked down on issuing short-term policies it blamed for causing financial instability.

III. What are the growth prospects for Insurtech in China?

“Insurtech” refers to technology used to disrupt or innovate within the insurance sector. One prominent form of Insurtech is Usage Based Insurance (UBI), which relies on algorithms to analyze the insured’s data, together with external information, to generate a bespoke risk score. One UBI example, known as “pay-as-you-drive” insurance, collects mileage information through telematics (including the car’s “black box”) and relays the insured’s driving behaviour to the insurer in real-time.

China is one of the fastest growing Insurtech leaders in the world. Thanks to heavy investment from Alibaba, Tencent, and Baidu, the sector now features an e-commerce ecosystem that is 50 times larger than that of the United States. For those who can capitalize on the growth of the Chinese insurance market, the potential for returns are vast.

This is particularly so for insurers who can move into the e-insurance space. Chinese consumers are leapfrogging traditional written insurance policies and going straight to digital policies, many of them hyper-targeted micro-policies supported by big data gathered from e-commerce giants like Tmall.

For instance, one company, ZhongAn launched four years ago as the first China online-only insurer. It provides a micro-premium model through Wechat, a Chinese social messaging platform similar to Facebook Messenger. It has since sold 6 billion policies to nearly 500 million people, and in Q1 of this year it reported net profits of CNY327m ($46m) for the first three months of this year, outperforming the insurance industry at an increase of 15.6% over the corresponding period last year. Yet, it still only has 1 percent of the market. ZhongAn recently launched a joint venture in Hong Kong and received its online insurance license in May.

Combining the huge consumer base with the heavy investment in e-commence sector, there is imaginable space for Insurtech in China’s future.
IV. Do I need an ICP license to gain access China’s Insurtech market?

A commercial Internet content Provider license (an “ICP”) allows a company to sell to Chinese consumers through a web domain and house the server within China. It is issued by the Chinese Ministry of Industry and Information Technology (the “MIIT”). An ICP a) ensures compliance with Chinese laws internet laws (i.e., gives the investor peace of mind that the site won’t be blocked) and b) allows for faster online service for visitors. Another ICP variant, the Bei’an (filing), also allows foreigners to create a Chinese website, but the Bei’an website may only be used for promotional purposes and does not support online transactions.

As of 2015, foreigners are legally allowed to apply for and hold ICPs through Wholly Foreign Owned Enterprises (WFOEs). See Notice of the Ministry of Industry and Information Technology on Removing the Restrictions on Foreign Equity Ratios in Online Data Processing and Transaction Processing Business (Operating E-commerce) [2015], This means that the Variable Interest Entity (VIE), an oft-used but more complex investment for the Chinese tech industry, is not necessary to obtain an ICP and enter the Chinese Insurtech market.

However, is an ICP truly necessary? Defying the internet laws in China can result in your website being blocked, permanently, among other serious risks to be avoided.

That said, an ICP isn’t strictly necessary to sell insurance products in China. If a foreign insurer wishes to sell insurance products through an existing ecosystem like Wechat, as ZhongAn does, then they may be able to rely on Wechat’s ICP. To do so, they would need to first obtain a WFOE, obtain an insurance permit from CBIRC, and then obtain approval to sell online insurance products from the Insurance Association of China (the “IAC”). Once this permitting process is complete, the foreign insurer can use a commercial Wechat account (“Gongzhonghao” 公众号), or another ecosystem with an ICP, as a platform to legitimately sell localized insurance products.

However, if a foreign insurer wishes to rely on their own platform, then an ICP will be necessary. Selling insurance policies through a mobile application, or processing transactions locally through a website, will both require an ICP.

V. What other key considerations are there for participating in China’s Insurtech market?

Big data is essential to any insurer’s Insurtech strategy, and in the China market that means collecting and storing personal information about Chinese citizens. This engages a bevy of compliance obligations for foreign and domestic insurers alike.

China’s data privacy laws initially followed the US’ more lax approach to privacy protection, but more recently have changed to more closely mirror Europe’s more stringent GDPR rules, and now include strict provisions on privacy, security, and data localization. Under Article 37 of China’s Cybersecurity Law (2017, the “CSL”, English text), Chinese citizens’ personal data, together with critical business data collected during operations in China, must be stored within mainland China, and companies must undergo a security assessment before exporting such data across the border. Also since 2017, rules for the protection of personal data, and responsibility for data protection, are now included within the Chinese Civil Code (Article 111).

There are severe penalties for failure to comply with the CSL. Public security organizations ( police) may levy fines of up to RMB1,000,000 Yuan when service providers infringe on users’ personal data in violation of CSL Articles 22 (malware and remedial measures), or 41–43 (data consent, notice on use and purpose of collection, mandatory breach notifications, and the user’s right to delete or amend personal data on request). Violating CSL Article 27 by “engaging in activities harming cybersecurity” or aiding and abetting the commission thereof results in an equally serious fine. For comparison, the GDPR imposes fines as high as 4 percent of a company’s turnover from the previous year. Personal data privacy and security are increasingly prominent features of digital data compliance regulations around the world, and as we can see, China is no exception.

Recently, additional rules were introduced under the CSL. As of June 1, new rules came into effect (in accordance with the CSL together with the PRC’s National Security Law) in the form of the 2020 Measures on Cybersecurity Review (the “Measures”). Under the Measures, companies buying networking products and services that could affect national security, Critical Information Infrastructure (“CII”) operators, must undergo cybersecurity evaluations for vulnerabilities.

It is unclear which kinds of companies will be designated as CII operators, but companies in the financial and insurance sectors will in all likelihood be affected (and may have their procurements monitored directly by the People’s Bank of China). This is because according to Article 20 of the Measures, products and services that can be reviewed include a wide range of equipment and programs that are essential to providing Insurtech services :
• core network equipment (核心网络设备),
• high-performance computers and servers (高性能计算机和服务器),
• mass storage equipment (大容量存储设备),
• large scale databases and applications (大型数据库和应用软件),
• network security equipment (网络安全设备),
• cloud computing services (云计算服务), and
• other network products that may have an impact on CII (以及其他对关键信息基础设施安全有重要影响的网络产品和服务).

The Cyber Security Office, located within the National Internet Information Office, is to review cybersecurity filings and may review and set other standards and regulations in accordance with the law. Of concern to foreign Insurtech investors, one factor it is allowed to consider in reviewing filings is the “risk of supply disruption due to political, diplomatic, and trade factors” (the Measures, para 9(3)).

Moreover, additional rules are already scheduled for implementation. On October 1, 2020, the Information Security Technology – Personal Information Security Specification (GB/T 35273-2020) (the “PI Specification”) comes into effect and replaces the November 2017 version (GB/T 35273-2017). Under the PI Specification, the definition of “Personal Sensitive Information (“PSI”) is expanded to include information created by the Personal Information Controller (“PI Controller” which is the organization that decides the purpose and ways to process Personal Information, “PI”) which, if leaked or mismanaged, may harm the security, personal reputation, or health of the PI subject (3.2). The definition of “Consent” is narrowed to require clear authorization expressed through an affirmative act, unless implied consent is given (3.6). Importantly for Insurtech investors, User Profiling (“UP”) may not result in discrimination based on ethnicity, race, religion, disability, or disease. PI Controllers also must ensure that their UP does not endanger “national security, honor or interests, incite subversion of state power, instigate secessionist activities, or disseminate terrorism, radicalism, ethnic hatred, violence or obscenity” (7.4). When providing their business functions, PI Controllers must also give users the ability to control the degree and extent of “Personalized Display”: the display of information and search results for products or services based on the individual’s PI, such as their internet browsing history (3.16). PI Controllers with more than 200 employees or the PI of more than 1 million individuals must nominate PI Protection Personnel (PPP) and establish a PI Protection Department (11.1). These rules are not exhaustive, and there are other regulations on PI processing, collecting and storing personal biometric information, third-party connection management, and bundled consent for multiple business functions.

Conclusion

China’s Insurtech market continues to grow at breakneck speed. Foreign insurers are currently underrepresented in this market, even as former market barriers to entry continue to fall. This market presents great potential for foreign insurers, and Western insurers in particular have centuries of experience to share with their Chinese counterparts.
While investing in China is never simple for foreign companies, in light of the 2020 foreign investment reforms it is now without a doubt more practical than ever. A WFOE, the requisite insurance permits, and a Gongzhonghao are now enough for a foreign insurer to get started in China’s Insurtech market. No ICP is necessary; neither is a complex VIE investment vehicle headquartered in the Cayman Islands.

However, in leveraging big data to support their Insurtech operations, foreign investors must take great care to adhere to China’s CSL. Data localization, security review requirements, and increased protections for Chinese citizens’ personal and data privacy together present compliance challenges more commonly seen in Europe with the GDPR. These rules, especially the new rules coming into force on October 1, 2020, may disproportionately affect Insurtech and other investors that rely the most on big data.

Still, sustainable growth, social benefits, and increased competitiveness lie ahead for those willing to seize the opportunities presented by China’s Insurtech market. Organizations that are slow to embrace these new opportunities may later find it harder to enter the Chinese market due to increased competition. As home grown Chinese Insurtech companies expand abroad, established insurers who overlook the Chinese market may also find it harder to compete and retain their existing prominence in the global market.

China’s Luckin Coffee (Luckin), seen as Starbucks’ main contender in the country, has seemingly run short on luck.

On May 12, the coffee chain fired its chief executive Jenny Zhiya Qian and chief operating officer Jian Liu. And on May 19, New York’s Nasdaq requested the company to delist from the exchange.

These are only the latest events in the company’s massive accounting scandal. The saga began in April, when it became known that Luckin fabricated US$310 million in its 2019 sales. Its stock subsequently plummeted by around 80%.

D&O has been lukewarm in the Chinese market since its first appearance around two decades ago.” Hao Zhan, Anjie Law Firm

In May 2019, Luckin Coffee completed its Nasdaq IPO. But before its listing, the company purchased a US$25 million directors’ and officers’ liability insurance (D&O) underwritten by several insurers – including majors Ping An, China Pacific Insurance Company (CPIC), Allianz and Zurich.

As of May, it is understood that Ping An has already received and is processing a D&O claim from Luckin. The Shenzhen-based insurer has not yet responded to a request for comment.

Corporate governance in China has undergone greater regulatory scrutiny in the last decade. Alongside regulatory developments, this latest episode involving coffee and falsified books, means that D&O insurance may stand to make gains in-country.

Limited uptake
D&O cover protects a company’s senior leadership and any potential legal claims against them, however, D&O has had a poor uptake in China.

Hao Zhan, managing partner at Beijing-headquartered Anjie Law Firm, told InsuranceAsia News (IAN): “D&O has been lukewarm in the Chinese market since its first appearance around two decades ago.”

Zhan added that interest has been limited to Chinese companies listed in overseas securities markets, or financial institutions under strict scrutiny from the Chinese regulator.

The D&O purchase rate among listed companies in China has been around 2% since 2002. In the US, the uptake is around 90%, and around 80% in the EU, Canada and even Singapore.

There has been low traction for this type of coverage as a result of PRC legislation loopholes regarding corporate directors’ and officers’ liability, notes Zhan. General provisions exist in PRC Company Law to address D&O liability he says, but the lack of concrete guidelines and detailed penalties mean that in reality, claims have rarely been filed.

Zhan added: “The power of the majority shareholder to manipulate a company’s governance structure also hinders [parties] from claiming damages.”

Global markets are pinning their hopes that China’s financial institutions are maturing and corporate governance evolving.

AIG pronounced in 2017: “D&O is still in its relative infancy throughout Asia, but this is likely to change — especially in China. Risks and liabilities that didn’t exist in past years loom large for growing Chinese businesses… that require complex corporate governance standards.”

Regulatory developments
Many attribute the focus on corporate governance to the new securities law that Beijing passed in March.

“[It] punishes companies’ securities violations by including provisions that put in greater investigation efforts for fraudulent offering, information disclosure which violates the provisions, failure by intermediaries to carry out due diligence, as well as market manipulation, insider trading, making use of unpublished information to carry out securities trading, and other acts which seriously disrupt market order,” noted Zhan.

The state’s public records show that 23 companies in 2019 purchased D&O. In 2020, 72 companies in Shanghai and Shenzhen alone have announced plans to buy D&O coverage.

Inquiries and purchases have been on the rise — as more questions are being asked about relevant D&O litigation due to the pandemic outbreak.

Looking at April, right after the Luckin scandal broke and the new regulations were passed, there were 30 listed companies who issued D&O plans — more than twice the amount than in the previous quarter.

And prior to 2020, the state was already paying greater attention to corporate governance. 2018 saw the PRC Company Law revised in corporate governance-related issues — such as the effectiveness of corporate resolutions, the shareholders’ representative litigation, remedy measures of minority shareholders and more, says Zhan.

That year, the China Securities Regulatory Commission also issued guidelines on governance of listed companies, moving to market-oriented and law-based reform.

Rule changes in Hong Kong have previously seen an uptake in policy purchases.

A case study, AIG saw a 47% increase from 2012 to 2016 — in the latter year, the firm paid out US$13.6 million in claims from its Asia Pacific D&O policies. The leap in uptake came after the Hong Kong Stock Exchange revised its rules to a “comply and explain regime . . . compelling virtually all publicly-listed companies to take up a D&O policy,” according to Jason Kelly, AIG’s head of international financial lines.

Regulatory enforcement action was the main driver of growth — with the insurer estimating regulatory investigations accounting for up to 90% of claims cost in Hong Kong.

More change ahead
Companies who purchase D&O can allow for their execs  to make decisions without the threat of personal liability and thus inspire creative company decisions – something that will be beneficial to a weaker economy.

Zhan explains: “D&O… complies with the trend of protecting the rights and interests of investors. Although there exists the [notion] that D&O insurance [may] encourage bad behaviour – with the developing pace of the securities and insurance markets, D&O can give great imagination to Chinese underwriters.”

And just like most things in recent months, D&O has also been impacted by Covid-19. Inquiries and purchases have been on the rise — as more questions are being asked about relevant D&O litigation due to the pandemic outbreak.

As China’s regulations and enforcement become more geared towards similar goals, the development of D&O is one to watch closely.

Authors: Zhan Hao、Wan Jia

 

In the beginning of 2020, Luckin Coffee event brought the attention from the insurance, legal and security industries to the directors and officers liability insurance policy (“D&O”) in China. In this event, Luckin Coffee, which is listed in the US and called Chinese Starbucks, found trapped in the security fraud scandal, and some class actions have been filed in the US against Luckin Coffee and its officers.

When Chinese society found D&O insurance coverage behind those American litigations, Luckin Coffee event inspired curiosity towards to D&O insurance, and insurance sector quickly remembers this transplanted product.

 

The uneven road for D&O insurance in China

During the previous years, D&O insurance actually has been lukewarm in China market after its first appearance around two decades ago, and the patronage to this transplanted insurance product has been limited to Chinese companies listed in the overseas security market or some financial institutions under the stringent scrutiny from China regulator.

The reason for such embarrassing performance is obvious, which is relevant to the loophole in PRC legislature about the liability of corporate directors and officers.

First, even though some simple and general provisions exist in PRC Company Law to address the loyalty and diligence responsibility for directors and officers, but the lack of the concrete guidelines and detailed penalty usually results in the fact that rare claims have been filed towards directors or officers in reality. The derivative action has been injected into the docket of Chinese tribunal for quite some years, but the practicality of action is so premature that potential plaintiffs are hesitant to file a real action against those directors and officers.

Second, the governance structure of some companies is abused by the majority shareholder or actual controller, who would ignore the interest of minority shareholders or beneficiaries, and let alone the creditor’s right. When the majority shareholder or actual controller pull strings behind corporate mask, directors or officers are manipulated, and this multifaceted tragedy stop victims from claiming damages for directors or officers.

Third and last, the precondition for the security fraud litigation, which requests the regulatory penalty be imposed to swindler before the civil actions, has hider Chinese security investors from filing litigation during the past years.

To perfect the directors and officers liability, improve the corporate governance structure and address the protection towards investors, the hail for claim to directors and officers is loud, but the business volume for D&O underwriter has been miserable.

Coincidentally, in 2020 China D&O insurance market comes across two events, the revision of Chinese Security Law and Luckin Coffee event, which are beneficial for the take-off of D&O insurance.

The newly revised Chinese Security Law strengthens the liability for directors and officers, and this revision possibly leads to the increase of claims under D&O insurance, or at least in theory.

Luckin Coffee event dominated the headline of Chinese media for almost two weeks after it announced that its COO committed fraud, and the news ranges from the fraudulent details, China security authority denouncement and D&O insurance coverage. Even under the background of corona viruse, Luckin Coffee stimulates the fierce discussion among the insurance, legal and security circles in China.

Factually, D&O insurance goes to the spotlight this time, but there are not many people know that D&O coverage has been litigated quite some times in Chinese courts, while most of litigations did not go into public due to settlement. The disputed issues about those D&O insurance cases are comprehensive and of interest worth being noted.

 

The scope of insureds

One of the disputed points is about the scope of the insureds. In some countries outside China, there are three D&O models, called side A, side B and side C.

Side-A provides coverage to individual directors and officers when their losses are not indemnified by the company as a result of law prohibition or financial incapability of the company. However, exclusions may apply if a company simply refuses to pay the legal costs of a director or officer. Side-B provides coverage for the company (organizations) when it indemnifies the directors and officers (corporate reimbursement). Side-C provides coverage to the company (organizations) itself for security-related claims brought against it.

In China market, all those three coverages could be found. With respect to Side-B policy, the insureds are the companies rather than individuals. The occurrences regarding D&O often are about the scandals of China-domiciled corporations, which have been listed in American stock market, but were involved in security fraud, and aroused class actions in the US. For most cases, the final controller for such listed corporations are Chinese citizens or residents, but some CEO, CFO and COO are not Chinese citizens or residents. Thus when facing investigation or class action, the final controller sometimes chose to ignore the claims or investigations simply since the controller has no intention to sustain the corporation, but those directors and officers could not afford such ignorance. After paying for legal costs in the action against directors or officers on their own, directors or officers could not find or force corporation to reimburse themselves. When they approach Chinese insurers for insurance compensation, it is not a surprise to expect the refusal because those individuals are not insureds under Side-B policy.

 

The disclosure duty of applicant

In accordance to Article 16 of PRC Insurance Law, the insurance applicant shall fully disclose the risks relevant to the contemplated policy. Different from the other jurisdictions, PRC law only requests applicant to answer the specific inquiries from insurer. Without inquiry, even if applicant might know the potential exposure to risk, it is not obligatory for applicant to disclose such information. With respect to the D&O insurance sold in China market, the majority of applicants bought policy through brokers, and actually brokers handled the inquiry procedure and collected the disclosed information. Since China law does not allow the general inquiry from insurer, how to construct the valid and specific inquiries would be challenging to insurers and its agents.

The rhetoric issue always trigger dispute about the contents of disclosure, and it finally touches the utmost good faith doctrine in PRC Insurance Law. Among the often-asked questions by insurers, how to interpret the previous circumstances before the policy inception, how to define the information known or should have been known by applicants, and how to verdict the violation of Sarbanes-Oxley Act are focuses for the confrontation between insured and insurer. Since those D&O insurance policies are governed by PRC law, but their wording is full of jargons extracted from American law in the meantime, naturally the interpretation of policy also becomes hot debate in court trial.

For the information already known or should have been known by insurer, applicant is not obligatory to disclose such information to insurer. Some interesting episodes were about US investigation, which was denied to be known by applicant during the process of insurance application, but in fact the investigation information had been public in the website of SEC or other sources before policy inception. Should those imputed information be deemed as being known by insurer already, or would tribunal could impose a duty of due care to Chinese insurers to scrutinize the foreign authority websites in English?

 

The conflict and connection for the different layers coverag

In China market, some D&O policies are in the form of excess insurance, in which the primary insurer is first responsible for defending and indemnifying the insured in the event of a covered or potentially covered occurrence or claim. An excess policy provides specific coverage above an underlying limit of primary insurance. The dilemma for such multiple layers insurance is the primary insurer is foreign one, but the second or above insurers are Chinese ones. The second or above layers insurers shall follow the indemnification decision from the underlying layer insurer, or they could make decision at their own discretion?

Things would be more complicated if the different layers policies use laws from different jurisdictions as governing laws.

During the previous cases, tribunal preferred to take approach in which upheld the different layer insurers to have independent decisions to handle the claim unless otherwise stipulated in the policy.

 

The separation of liabilities

If one specific officer fails in his/her disclosure obligation or triggers the exclusion clause such as intentional act, could it excuse insurer from liability to other insureds? In most D&O policies, there are clauses to separate the insurance liability among the insured directors or officers, but those standard clauses encounter lots of challenges in trail. It is hard to believe that a CEO’s fraudulent behavior could be segregated from other subordinate officers, or a CFO could make fraudulent financial statements without approval or knowledge from the directors or CEO.

In those scenarios, how to allocate the burden of proof between insured and insurer would be of essence for trial result. It is obviously unfair to impose a higher standard of burden of proof to insurer, who is an outsider to a corporation. In the meantime, the absence of discovery procedure in China litigation disables insurer with practical means to discern the real picture of fraud, to clearly figure out the collusion of directors and officers.

Some desperate insurers want to depend on the police to dig out the fraud details, but Chinese police seldom investigates the suspected crime because the suspected crime happens outside of China, and victims usually are not Chinese citizens.

Today, accompanied by the security law amendments and some fraud occurrences, D&O insurance stumbles to spotlight again after a long period of silence in China. With the developing pace of security market and insurance market, the refreshed D&O insurance gives imagination to Chinese underwriters.

Authors: Michael Gu / Sihui Sun / Grace Wu [1]

 

Introduction

The year 2019 marked the 11th anniversary of the implementation of the Anti-monopoly Law and was also the first full calendar year since the State Administration for Market Regulation (SAMR) took over the role as China’s single centralised antitrust enforcement agency.

The SAMR maintained a consistently rigorous and prudent attitude towards merger control review in 2019. The overall case handling efficiency has been improved in view of the fact that the total number of cases concluded increased while the average time for case reviews was reduced. The SAMR concluded 465 cases in 2019. Among them, the SAMR unconditionally approved 460 cases and conditionally approved five cases. As to the cases that were conditionally approved, the SAMR imposed various tailored conditions. There was no prohibited merger case in 2019. In addition, the SAMR investigated more non-filing cases and imposed more penalties on non-filers compared with 2018. In particular, a total of 16 penalty decisions against non-filers of merger cases were published throughout 2019, which was the highest annual figure over the past decade.

 

Legislation

On 7 January 2020 the SAMR released a draft of the Interim Provisions for Merger Control Review (the Interim Provisions) for public comment[2]. The Interim Provisions incorporate all major regulations for merger control review into one consistent and easy-to-follow comprehensive regulation, although no substantial new changes have been proposed thereunder. The final version of the Interim Provisions is expected to be adopted in mid-2020.

On 2 January 2020 the SAMR released a revised draft of the Anti-monopoly Law for public comment (the Revised Draft)[3]. Although the Revised Draft follows the current Anti-monopoly Law’s basic framework, it significantly enhances the legal liability of Anti-monopoly Law violators. For example, in accordance with Article 55 of the Revised Draft, the proposed penalty will be up to 10% of the non-filer’s annual sales in previous year instead of the maximum amount of fine Rmb500,000 under the current Anti-monopoly Law, which is clearly insufficient for deterring non-filers. It also clarifies practical issues such as ‘controlling rights’ for merger filing purposes. At present, there is no clear timetable for the finalisation of the Revised Draft or the promulgation of the new Anti-monopoly Law.

 

Unconditionally cleared cases

The SAMR unconditionally approved 460 cases in 2019 – slightly higher than the previous year (444 cases). As regards simple cases, 341 were concluded in 2019 (73.3% of all cases). The proportion of simple cases decreased compared with 2018 (81.53% of all cases). On average, simple cases took 15 days to be concluded, which was a slight reduction from the 16-day conclusion rate in 2018. Almost all simple cases were cleared within 30 days of formal acceptance by the SAMR. This demonstrates that simple case procedure plays an active role in enhancing the efficiency of concentration filing, particularly in the sense of reducing reviewing time.

However, in practice, strict rules concerning the material and data required by the SAMR still apply. In particular, during the pre-review stage (ie, before official case acceptance), notified parties must often submit detailed materials. Therefore, this requirement may also extend the wait time before case filing.

The Revised Draft introduces a ‘stop-clock’ clause that specifies the following conditions to discontinue the timelines for merger review:

  • on application or consent by the notifying parties;
  • supplementary submissions of documents and materials at the request of the authority; or
  • remedy discussions with the authority.

This proposed ‘stop-clock’ clause would tackle the problem that in its absence, the notifying parties can only withdraw and refile the case when the statutory review period is running out.

 

Conditionally cleared cases

In 2019 the SAMR conditionally approved five cases, a relatively stable number compared with 2018 (four cases). Figure 1 (below) illustrates the number of cases conditionally cleared between 2009 and 2019.

Figure 1

In 2019 four conditionally cleared cases were approved with behavioural conditions and the remaining one was approved with both structural and behavioural conditions. All of the five conditionally approved cases in 2019 were withdrawn and resubmitted before the expiry of the first statutory merger review period (ie, 180 days). This shows that the SAMR is becoming more prudent in reviewing mega mergers which may raise competition concerns. Withdrawal of the filing also provides notifying parties with certain flexibility and more time to communicate with the SAMR. From the first submission of filing materials to a case being conditionally concluded, the review process for the above five cases lasted a minimum of 263 days[4] and a maximum of 562 days[5]. 

 

Novelis’ acquisition of Aleris

On 12 December 2019 the SAMR conditionally approved Novelis’s acquisition of Aleris[6]. Novelis is a leading producer of aluminium rolled products and the world’s largest recycler of aluminium. Aleris is a global leader in manufacturing and sales of aluminium rolled products.

In this case, the parties overlapped in two markets – namely, the interior aluminium autobody sheets market and the exterior aluminium autobody sheets market. Since the relevant product markets’ competition structure in China was different from that in other jurisdictions, and the main foreign-invested operators all have local production in China, the relevant geographic market was defined as China.

Novelis was the largest player in the abovementioned markets and Aleris ranked third in both markets. After transaction, the market share of Novelis and Aleris would reach 70% to 75% in the interior aluminium autobody sheets market and 75% to 80% in the exterior aluminium autobody sheets market. Further, the level of market concentration would be highly increased. After transaction, there would be only four main competitors in the interior aluminium autobody sheets market and two main competitors remaining in the exterior aluminium autobody sheets market. Apart from that, the SAMR also assessed factors such as:

  • the elimination of Aleris’s competition restraints on Novelis;
  • the incentive of the merged entity to eliminate or restrict competition after the transaction;
  • the entry barriers to the relevant markets; and
  • the recognition of downstream customers.

The SAMR approved the proposed concentration with both structural and behavioural conditions. Given that the relevant products that Aleris sold in China were mainly exported from Europe, Aleris was required to divest its entire business relating to interior and exterior aluminium autobody sheets in the European Economic Area. Further, the merged entity was prohibited from supplying cold-rolled sheet to its business partners in order to maintain market competition.

In addition, the proposed acquisition was initially filed for a review under the simplified procedure, and the SAMR accepted the case on 30 September 2018. Due to an objection raised by a third party during the public consultation period, the SAMR found that the proposed acquisition did not meet the standards for the simplified procedure and thus revoked the acceptance of the case and asked the notifying party to re-file it under the regular procedure. The notifying party resubmitted the case under regular procedure on 1 November 2018 and it was formally accepted on 13 December 2018. This back and forth shows that the notifying party should choose the most appropriate procedure to file in order to avoid waste of time. The merger control review could be delayed for months if the SAMR revokes the case acceptance when the notified concentration does not meet the standards for the simplified procedure.

 

Cargotec’s acquisition of TTS Group

On 5 July 2019 the SAMR conditionally approved Cargotec’s acquisition of TTS Group[7]. The acquirer of the transaction was MacGregor Group, a subsidiary of Cargotec. The MacGregor Group is principally engaged in the sale and service of products in the marine transportation cargo handling sector. The TTS Group is mainly engaged in the sale and service of hatch covers, ro-ro equipment for commercial vessels, ship cranes and winches. The transaction was filed on 15 June 2018, following which the parties were required to provide supplemental material. The SAMR formally accepted the case on 26 July 2018 and decided to conduct further review on 22 August 2018. Before the expiry of the review period, the parties withdrew the filing on 11 January 2019. The SAMR accepted the refiling on 14 January 2019 and the review process was prolonged until 9 July 2019.

In this case, the parties had overlaps in several markets, including hatch covers, ro-ro equipment for commercial vessels, ship cranes, winches and related after-sale services. The SAMR conditionally approved the proposed acquisition with behavioural remedies, including:

  • ensuring the independence of relevant businesses;
  • maintaining respective competition;
  • not raising the prices of related products in the Chinese market; and
  • not refusing or restricting supplies of the products to Chinese customers.

In addition, the SAMR adopted the ‘firewall guidance handbook and training’ remedy proposed by the filing parties. The parties committed to create an internal firewall between their respective employees, separate their competition-sensitive information and workplaces, issue a detailed firewall guidance handbook and conduct training. Setting up an internal firewall and the application of related remedies will improve the efficiency and feasibility of the implementation as well as the supervision of the behavioural remedies. Although these types of measure have been adopted in previous behavioural remedy cases, the Cargotec case provides guidance on the practical aspects of implementing them.

The above mentioned measures on the firewall management were proposed again in a subsequent case in 2019 – namely, II-VI’s acquisition of Finisar[8]. In this case, the SAMR imposed the behaviour conditions on the parties of setting up a firewall and supplying the product in accordance with fair, reasonable and non-discriminatory (FRAND) principles. Particularly, the SAMR put forward the requirement of ‘firewall guidance handbook and training’ on the implementation of behavioural remedies.

In the five cases that were conditionally approved in 2019, most of the conditions attached were only behavioural remedies. In contrast to structural remedies, behavioural remedies have a high degree of flexibility, which can avoid excessive intervention of the antitrust agencies in concentration. However, it also requires more regulatory supervision post merger. Compared with EU and US antitrust enforcement agencies’ preference for structural remedies, the Chinese antitrust enforcement agency seems more comfortable imposing behavioural conditions to address competition concerns.

 

Penalties on non-filers

In recent years, the antitrust authorities have never relaxed their supervision of non-filing cases. By the end of 2019, the SAMR had released 46 non-filing cases and imposed total fines of Rmb16.1 million on 68 undertakings. In 2019, the SAMR significantly strengthened its supervision of and penalties on non-filing parties. Sixteen cases were published and 21 undertakings were punished with a total fine of Rmb6.25 million. The largest fine issued was Rmb400,000, while the smallest was Rmb200,000. The SAMR initiates investigations on non-filing cases by means of self-observation, third-party reporting and voluntary reporting by notifiable parties.

Notably, the SAMR has been going after non-filers even where their failure of notification occurred many years ago. Each of Pierburg and Xingfu Motorcycle was fined Rmb350,000 for their failure to notify a proposed joint venture before its establishment[9], while the joint venture was established in 2013. This case shows that the SAMR shows no mercy for non-filers that failed to fulfil their notification obligations a long time ago.

The SAMR also investigated several non-filing cases involving minority equity investments in 2019. For instance, MBK Partners, LP (MBK) was fined Rmb350,000 for its failure to notify its acquisition of a 23.53% stake in Shanghai Siyanli Industrial Co Ltd. Further, Dejin Enterprise was fined Rmb300,000 for its failure to notify its acquisition of a 29.99% stake in Huitong Energy. Whether an acquisition of relatively small equity (eg, less than 30% equity) constitutes a change of control must be determined on a case-by-case basis. According to Article 23 of the Revised Draft, ‘control’ refers to an undertaking’s rights or actual status to, directly or indirectly, individually or jointly, exert or potentially exert a decisive influence on another undertaking’s production and operation activities or other major decisions. Given the remarkable increase of non-filing fines and the robust enforcement towards non-filings in recent years, undertakings should consider whether there is a change of control in each transaction.

At present, the maximum amount of fines imposed on non-filers is Rmb500,000, which is clearly insufficient to deter non-filers. In accordance with Article 55 of the Revised Draft[10], the proposed penalty will be up to 10% of the non-filer’s annual sales in previous year. This adjustment will greatly increase the deterrence of illegal acts in relation to the violation of merger filing regulations if the proposed change is adopted in future.

 

Comment

The SAMR has become more stringent and detail oriented with respect to its analysis of relevant markets and the competition impact of mergers. It is expected that the SAMR’s merger control enforcement will maintain its professionalism and stability in 2020.

Further, the large number of non-filing cases and the increased fines indicate that the SAMR is gradually strengthening its enforcement crackdown on non-filers. Moreover, the proposed revision of the Anti-monopoly Law is expected to increase the size of penalties for non-filers. Enterprises should acknowledge the thresholds and criteria of merger filing in order to fulfil their obligations to avoid penalties and any adverse consequences of closing a transaction.

 

[1]Michael Gu is a founding partner of AnJie Law Firm based in Beijing. Michael specializes in competition law and M&A. Michael can be reached by email: michaelgu@anjielaw.com, or telephone at (86 10) 8567 5959. Sihui Sun and Grace Wu are associates of AnJie Law Firm.

[2]The original Chinese version is available at the SAMR’s website: www.samr.gov.cn/fldj/tzgg/zqyj/202001/ t20200107_310322.html.

[3]The original Chinese version is available at the SAMR’s website: www.samr.gov.cn/hd/zjdc/202001/ t20200102_310120.html.

[4] II-VI’s acquisition of Finisar case, the announcement is available at the SAMR’s website: www.samr.gov.cn/ fldj/tzgg/ftjpz/201909/t20190920_306948.html.

[5] JV between DSM and Zhejiang Garden Biochemical case, the announcement is available at the SAMR’s website: http://gkml.samr.gov.cn/nsjg/fldj/201910/t20191018_307458.html.

[6] The announcement is available at the SAMR’s website: http://www.samr.gov.cn/fldj/tzgg/ftjpz/201912/t20191220_309365.html

[7]The announcement is available at the SAMR’s website: http://www.samr.gov.cn/fldj/tzgg/ftjpz/201907/t20190712_303428.html

[8]The announcement is available at the SAMR’s website: www.samr.gov.cn/fldj/tzgg/ftjpz/201909/ t20190920_306948.html.

[9] The original Chinese penalty decision is available at the SAMR’s website: www.samr.gov.cn/fldj/tzgg/ xzcf/201911/t20191114_308483.html.

[10]The original Chinese version is available at the SAMR’s website: www.samr.gov.cn/hd/zjdc/202001/ t20200102_310120.html.