## I. INTRODUCTION Under the age of digital economy, the most precious property is "data", which is called the "new oil" 1. On $9^{\text{th}}$ April 2020, Chinese state council issued the policy Opinions of Building a More Complete Market-Oriented Allocation System and Mechanism for Factors, which firstly indicated that, except for land, labor, capital, technology factors, "data" has become $5^{\text{th}}$ major factor of production. This policy emphasized the status and importance of data in China and stimulated the potential development of data market. Data also plays a significant role in financial market. Many countries and areas such as United Kingdom (UK), United States (US), Australia, Hongkong, Singapore and European Union (UK) have taken measures to encourage Fintech companies to take advantage of data to innovate financial products. They develop the "open banking" model to authorize customers with data portability right to give Fintech companies access to their financial data for obtaining better financial services and products. Open banking can bring many benefits such as stimulating Fintech industry, strengthening competition in financial market, providing customers with better products etc. However, open banking may bring some risks, which require government legal regulation. Different countries and areas implement distinct supervision and regulation model. EU and UK applied the perspective regulation model which forces banks to share data through legislations, but US takes the voluntary model which authorizes enterprises to decide how to share data and relevant standards of data sharing. Hong Kong and Singapore take the active guidance regulatory model where government only sets standards without forcing banks to share data. Open banking also developed quickly in China, however, legal framework of open banking is not mature, which might be a barrier to future open banking development. In comparison with open banking regulation model in other jurisdictions, currently China should adopt the "active guidance" model for open banking development before establishing a mature legal system. This article will introduce the background of open banking, and the current open banking practice and legal basis in China. Also, benefits and flaws of open banking would be discussed. Then, through analyzing open banking regulation in other jurisdictions, this article would suggest that active guidance model should be applied in China and give specific advice of establishing Chinese open banking regulation structure under this the active guidance model. ## II. BACKGROUND It is necessary to understand the definition and characteristics of open banking before exploring the proper regulation model in China. Also, it is supposed to consider the differences in culture, economic and financial development from other regions regarding open banking. Therefore, it is reasonable to consider the current open banking practice and relevant rules and policies in China. ### a) Definition of Open Banking There is no uniform definition of "open banking" all over the world. EU legislation defines "open banking" as a term which broadly describes a financial system in which personal financial data can be shared with multiple companies at the direction of consumers. $^{3}$ Advisory Committee describes open banking as[^4] "a system that allows consumers to securely and efficiently transfer their financial data between financial institutions and accredited third-party service providers in order to access services that can help them improve their financial outcomes. $^{4}$ The Basel Committee on Banking Supervision describes as[^10] "the sharing and leveraging of customer-permissioned data by banks with third party developers and firms to build applications and services, including for example those that provide real-time payments, greater financial transparency options for account holders, marketing and cross-selling opportunities[^5]". $^{5}$ From the technical perspective, open banking can be described as a system where banks adopt open application programming interfaces ("APIs") that allow consumers to share their financial information with third-party providers ("TPPs") by allowing their software to communicate with each other. $^{6}$ Although there is no standard of defining open banking, analyzing from the above definitions, it is reasonable to claim that there are three parties in open banking relationship including the bank, consumer and third-party provider. Open banking governance mainly refers to financial data regulation over banks and third-party providers, and financial data governance is a dynamic process with its core components interact as different regulatory forces interact.[7] ### b) Open banking characteristics Open banking focuses on serving consumers, with API or SDK technology as the core technology and financial ecology as the main form. According to the definition of open banking, there are three main characteristics of open banking including data portability, customer autonomy and recipient accountability. ## i. Data portability The International Standards Organization (ISO) defines data portability as the "ability to easily transfer data from one system to another without being required to re-enter data." Based on these definitions, consumers are able to share their relevant bank data with TPPs under open banking, which is consistent with "data portability". Data portability in open banking is supported by interoperable standardized data technology, primarily APIs. ## ii. Customer autonomy Consumer autonomy is the ability to reflect on what one has good reasons to do in the marketplace, and to act accordingly, which is a foundational principle of liberal democracy whereby marketers are granted license to influence consumers, provided they respect their autonomy.[^12] Open banking authorizes consumers to control the sharing of their banking data, and it is supported by the legal rights of customers to share their data through open banking.[^13] ## iii. Recipient accountability Open banking makes the recipients (TPPs) of shared customer banking data accountable to customers. Therefore, Fintech companies which receive banking data should be responsible for protecting these data from leaking or stealing etc., and regulation over TPPs are very important. Generally, these three characters of open banking both reflect the goals of improving competition, encouraging innovation, and enhancing consumer protection.[^15] ### c) Practice and policies of open banking in China Open banking has been developed quickly in China since 2018, however, there is no mature legal system to supervise open banking. Before exploring proper supervision model, it is necessary to find the current open banking practice in China. Although there is not a uniform law governing open banking in China, there are some other relevant rules and policies regarding open banking, which must be considered by Chinese regulators. ## i. Open banking practice in China Open banking is a starting point for the digital transformation of China's banking industry, and an important direction to promote the development of China's digital economy and financial technology. According to the 2019 Open Banking Development Research Report issued by the Internet Finance Association of China, a survey of 51 commercial banks of various types found that $65\%$ of commercial banks have established open banking platforms. China's first open bank was established in 2018. In 2018, SPD Bank launched the API BANK in the industry, which is driven by API architecture to enrich financial scenarios and integrate into the business ecosystem. Later, other domestic commercial banks began to explore such models. By the end of 2019, about $65\%$ of China's commercial banks had participated in open banking. Different from other open banking practice in other jurisdictions, the development of China's open banking is initiated by major banks, and the formulation of relevant legal systems and governance frameworks for open banking is still in progress.[^16] The implementation of China's commercial bank open banking is mainly through the establishment of open platforms, but not all banks disclosed their open platforms. Most open platforms of commercial banks are only used and maintained internally and would only be disclosed when it is necessary to connect them with partners. In principle, when banks establish their own open platforms, they have the "passive ability" to acquire customers, that is, users can apply by themselves through documents and service instructions on open platforms and obtain corresponding services by themselves.[^17] The following Table 1 shows the open banking practice among several commercial banks in China. Table 1 <table><tr><td colspan="2">Open Banking Practice in China: Several Commercial Banks</td></tr><tr><td>Industrial and Commercial Bank of China(ICBC)</td><td>Building an Open Smart Banking Ecosystem Since 2018, ICBC has launched the ECOS construction project of smart banking, taking "openness" as the core feature of smart banking. It reshapes the new open business architecture, implements the open transformation of IT architecture, creates a series of cross-border cooperation platforms, which supports and promotes the construction of digital, intelligent and open financial services, and builds an open "smart banking ecosystem".</td></tr><tr><td>Bank of China(BOC)</td><td>Bank of China proposed the concept of open platform as early as 2012, and officially released the BOC Open Platform in 2013, opening more than 1,600 interfaces, involving transnational finance, collection and payment, mobile payment, as well as map services, network inquiry, exchange rate quotation and other services.</td></tr><tr><td>China Everbright Bank</td><td>On the one hand, China Everbright Bank actively integrates financial products and services into the production scenarios of cooperative companies. On the other hand, China Everbright Bank would build the mobile banking app into an open mobile financial ecosystem, making mobile banking a hub for extensive connection with external partner companies and Internet users, and a platform for customers operation.</td></tr><tr><td>Shanghai Pudong Development Bank (SPD Bank)</td><td>API Bank of SPD is an organic unity of business and technology, openness and ecology, capabilities and scenarios, focusing on providing basic financial products and services such as accounts, payment and settlement, and product sales, supplemented by value-added financial products such as orders management and equity exchange. After SPD Bank API Bank was put into operation, the number of application scenarios and docking partners increased steadily. In the first half of 2019, there were 304 API open interfaces, with a daily transaction volume of about 200,000-300,000 transactions and a peak transaction volume of about 1 million. It also connects with 124 partners such as China UnionPay and JD Digital. SPD Bank API Bank open functions involve account management, loan financing, payment and settlement, investment and wealth management, equity activities, information inquiry, foreign exchange business, innovative services, and other services in 9 major sectors and 246 APIs.</td></tr><tr><td>China CITIC Bank</td><td>China CITIC Bank has been committed to the deep integration of financial technology and application scenarios. In September 2019, China CITIC Bank launched three major retail banking open products based on the application ideas of "open, boundless and warm", "Payroll Easy", "Credit Vision" and "Cardless", which is consistent with open banking concept. Through cooperation with leading enterprises in various industries, it integrates financial technology and banking, solves specific problems in actual scenarios, that innovates and extends new scenarios of banking services.</td></tr><tr><td>China Minsheng Bank</td><td>Minsheng Bank mainly builds open banking through direct banking, applies "ABC" technology (AI, Big Data, Cloud Computing) to helps the bank to find business entry points.</td></tr><tr><td>Bank of Jiangsu</td><td>Bank of Jiangsu adopts the product responsibility system for business management, and the opening of products and services is the responsibility of its competent department, including the work from determining cooperation standards, partner expansion to business connecting online. The open banking project team of Bank of Jiangsu is responsible for specific technical docking. In 2019, there are more than 40 open cooperation contents of open banking.</td></tr><tr><td>Shenzhen Qianhai WeBank</td><td>Shenzhen Qianhai Weizhong Bank developed an open banking model in loan business, mobile payment business, interbank technology business, and financial technology business.</td></tr><tr><td>Sichuan Xinwang Bank</td><td>Sichuan Xinwang Bank was officially opened on December 28, 2016, and is the first private bank in Sichuan and the first Internet bank in the central and western regions. Since its inception, Xinwang Bank has integrated the concept of openness into its business model, risk management, and daily operations. Compared with traditional banks, Xinwang Bank has created a flat organizational structure that adapts to open banking, which reduces the intermediate level of approval, enables rapid trial and error iteration updates, and flexibly adjusts operations and business models according to market conditions.</td></tr><tr><td>Chongqing Fumin Bank</td><td>Chongqing Fumin Bank is the first private bank in the central and western regions. Under the background of digitalization as the core strategy, Chongqing Fumin Bank strengthens its open banking capabilities through self-empowerment, and realizes business openness through cooperation and sound financial environment.</td></tr><tr><td>AI Bank</td><td>AI Bank, a member of the Open Banking Eco-Accelerator, is the first independent legal person and direct sales bank in China, and officially opened on November 18, 2017. AI Bank has established the "Smart Inside" platform as a unified entrance for Shengfang Bank, widely connecting scenarios, fintech companies and financial institutions. At present, more than 350 API interfaces have been opened, achieving minute-level access, docking with more than 80 platforms such as Baidu, Xiaomi, and iQiyi, and exporting open banking capabilities such as credit, wealth management, bank accounts, and intelligent risk control, realizing the integration and symbiosis of financial services and scenarios.</td></tr></table> In April 2021, China Ping An Bank and Boston Consulting Group jointly released the "China Open Banking White Paper 2021" (The White Paper), which points out that open banking has large-scale commercial value. The White Paper indicates that open banking is the only way for the digital transformation of Chinese commercial banks, and it represents a platform-based business model. From 2015 to 2020, marked by the emergence of standardized interface, China's open banking entered the "Open API" era. Although standard APIs, SDKs, mini programs, and H5 bazaars have appeared in the market, however, in many cases, specially designed development is still required. The White Paper also points out that at present, commercial banks in China still face many challenges when carrying out open banking. Firstly, the implementation effect of open banking is not good since there is no detailed and executable strategies or sufficient resource guarantee. Secondly, banks are still in the early stage of exploring the open banking model and therefore their business model is not mature. Building an open banking platform is a huge project, which requires a huge amount of capital, time and manpower. Thirdly, in China, commercial banks still lack experience and ability to deal with new fraud risks and security risks, without enough ability to effectively use scenario-specific non-financial data to create scenario-specific risk control models. Also, small and medium-sized banks are facing difficulties, lacking competitive power in open banking. Furthermore, there exists a conflict between the commercial banks and Internet enterprises. For instance, commercial banks tend to focus on risk prevention and compliance, but Internet enterprises tend to pay more attention to customer experience and business growth, which causes the obstacles to cooperation between commercial banks and their partners. $^{18}$ It is necessary to create a better legal environment for commercial banks to participate open banking in China. ## ii. Policies regarding open banking in China a. Policy of interface security technical specifications - In February 2020, the People's Bank of China (PBOC) issued the Code for Security Management of Application Programming Interfaces of Commercial Banks, detailing security technologies and security requirements such as the types and security levels of APIs of commercial banks, security design, security deployment, security integration, security O&M, service termination and system offline, and security management. This is China's first specification on APIs, and then open banking has official clear technical standards in China. b. Macro policies of promoting open banking construction In August 2019, the PBOC issued the Financial Technology (FinTech) Development Plan (2019-2021), which stated that "cross-border cooperation should be deepened with the help of APIs, software development kits (SDKs) and other means, and new business paradigms should be created with the help of high-quality channel resources in various industries, so as to maximize the use of resources and build an open, cooperative and win-win financial service ecosystem".[^20] This marks that China has begun to attach importance to open banking and vigorously promote data sharing and cooperation. Under this policy, commercial banks with certain fintech capabilities have begun to build their own open platforms to achieve the goals of cost saving, unifying interface standards, serving more scenarios, and integrating more scenarios.[^21] In January 2022, the PBOC issued the Fintech Development Plan (2022-2025), proposing to rationally use fintech to enrich the level of the financial market, optimize the supply of financial products, continuously expand the reach radius and radiation scope of financial services, bridge the digital divide between regions, groups and institutions, and make the development achievements of fintech more extensive, deeper and fairer to benefit the broad masses of the people and help achieve common prosperity.[^22] In January 2022, the China Banking and Insurance Regulatory Commission issued the Guiding Opinions on the Digital Transformation of the Banking and Insurance Industry, emphasizing the need to actively develop industrial digital finance, build a digital financial service platform, promote the construction of open banking, and strengthen scenario aggregation and ecological docking.[^23] In January 2022, the China State Council issued the Fourteenth Five-Year Plan for the Development of the Digital Economy, which put forward the priority actions of "digital inclusive financial services" and clarified the key directions for comprehensively promoting the construction and development of digital inclusive financial services in the context of promoting common prosperity.[^24] c. Policies of strengthening the protection of data and personal information In February 2020, the PBOC issued the Technical Specifications for the Protection of Personal Financial Information, which clarifies the security protection requirements for the collection, transmission, storage, use, deletion and destruction of personal financial information from two aspects: security technology and security management. Regulatory authorities further strengthen the protection of open banking user information, establish and improve security assessment and technical security index systems, and improve information release and open service risk compensation mechanisms.[^25] In February 2021, the PBOC issued the Guidelines for Data Capacity Building in the Financial Industry, which points out the direction and basis for financial institutions to carry out data work, guides financial institutions to strengthen data strategic planning, focus on data governance, strengthen data security protection, promote data fusion applications, fully release the value of data, consolidate the data foundation for open banking to accelerate digital transformation and development, and build core financial competitiveness that adapts to the development of the digital economy era.[^26] In April 2021, the PBOC issued the Financial Data Security Data Life Cycle Security Specification, which puts forward standards for promoting the implementation of data security management and data security protection in the financial industry. It is aimed to provide scientific basis and guidance for the financial industry to formulate preventive measures and respond to security incidents, and provide a strong guarantee for the application and flow of open banking data.[^27] ## III. BENEFITS AND FLAWS OF OPEN BANKING Open banking can bring many benefits for the society. Open banking can stimulate competitions in financial industry, providing customers with better financial products and services. Also, open banking can reduce the data risks brought by the traditional "screen scrapping" measure taken by Fintech companies before. Nevertheless, open banking also causes some concerns among the public, such as the risks of data security, invasion of privacy and the data abuse. Furthermore, open banking may challenge the current regulatory system. ### a) Benefits Data is the "new oil" in the financial world $^{28}$, through making usage of data, open banking can bring benefits to the Fintech companies, customers, banks and the whole society. ## i. Stimulate competition Open banking was legally established in the UK in 2017[^29] and in Australia in 2019. $^{30}$ In both jurisdictions, the primary objectives for doing so were similar: improve competition, to encourage innovation, and to enhance consumer protection. $^{31}$ Policymakers from different regions share a common goal of increasing competition in attempting to promote open banking. Open banking is aimed to strengthen competition in the financial sector by allowing a huge number of Fintech companies to access personal financial data. $^{32}$ In the past, there existed the problem of lack competition and innovation in the financial industry. While small banks struggle to find resources to innovate, large banks have limited incentives to do so due to their oligopoly rents and government guarantees as systemically important financial institutions. This caused the competition-resistant financial market. Open banking creates a great opportunity for Fintech companies since small banks lack the ability to innovate, and large banks lack the incentives to do so, but Fintech companies have both.[^33] In recent years, many Fintech companies have sprung up to attempt to disrupt the financial sector through using new technologies and tapping into new markets. These companies have tended to focus on addressing two of the most severe financial frictions: asymmetric information and switching costs. Data portability in open banking can ameliorate these two issues since customers can transfer their banking data to TPPs as they like more conveniently. By using technology to automate and improve decision-making, it is possible to promise to lower frictions in the financial sector and bring more competition into the financial market.[^34] ## ii. Better financial products for customers As open banking strengthens competition in the financial market, more Fintech companies and other TPPs would have easier access to financial industry. This in turn allows consumers to have more opportunities to enjoy financial services and products from a wider variety of Fintech companies and other financial services providers, which help consumers better control their financial lives.[^35] For example, consumers are allowed to aggregate their income, bill payment, and spending data to better understand whether they can afford a new home or a major purchase. Open banking can also help consumers obtain better rates through sharing their complete financial and non-financial data with lenders. By this way, consumers can provide a more holistic picture of their financial situation and potentially obtain more favorable terms.[^36] Also, it is possible for consumers with adverse credit histories to qualify for more loans, as lenders could review payroll data.[^37] Except for this, open banking can stimulate inclusive finance development in China since it can help small and medium-sized enterprises to obtain short-term loans and financing by giving lending institutions a better understanding of their cash flows.[^38] This is a win-win measure. Lenders can judge the bad debt risk through analyzing the financial information of small and medium-sized enterprises. On the other hand, with the help of a wider range of financial data, these enterprises with sound cash flows data can obtain better loan rates, while reducing the loss risk of lenders Simultaneously. ## iii. From "screen scrapping" to APIs in open banking Open banking can encourage Fintech companies and other financial service providers from "screen-scrapping" to APIs. Traditionally, many financial service institutions utilize screen-scraping to collect information which is the process of scanning a website and extracting data, to access consumer information. For example, when Fintech companies cannot access customer data directly, they utilize screen-scraping to manually collect banking data using the online banking login credentials of their consumers. While screen-scraping allows for these companies to quickly gather information, it poses risks. Screenshot scraping has significant flaws as a method of data collection. Initially, by collecting the login credentials of consumers, screen-scraping increases the fraud and identity theft risks faced by users. Secondly, screenshoting may prevent banks from knowing when third parties access their customers' data, which reduces the effectiveness of their anti-fraud and cybersecurity systems. Thirdly, when consumers authorize Fintech companies to access their data through screenshoting, they do not always understand that they are revealing their login credentials to the Fintech. Screen-scrapping risks could be alleviated by APIs in open banking, improving the safety, scope of access, and consent of the consumer.[41] Regarding risks posed by screen-scraping, the U.S. Treasury has recommended consumer data changes that "would effectively move firms away from screen-scraping to more secure and efficient methods of data access." Therefore, it is significant to develop open banking to provide Fintech companies and other financial service providers with direct access to the data.[42] ### b) Risks Even open banking can bring many social and economic benefits, it still causes wide concern regarding data security and customer privacy protection, abuse of data risks as well as suspicion to the validity of financial supervision. It is necessary to find relevant risks for designing a proper regulatory model for China. ## i. Data security and customer privacy Open banking triggers the privacy protection problem. Financial privacy laws of many countries predate the emergence of the Fintech sector and offer consumers relatively limited control over how companies use their financial data.[^43] There are concerns over data security and customer privacy regarding their financial lives since personal information is being transferred to third parties.[^44] ## ii. Abuse of data Open banking would increase both the number of entities that collect personal financial data and the amount of information that private companies know about individuals' financial lives. As industry experts observe, with the development of open banking, the risk monetizing or misusing consumers' data is likely to increase as a wider range of companies obtain access to it.[^45] These companies might abuse consumers' personal data by using the data beyond the purpose and scope authorized by consumers, and it is hard for consumers to know of it.[^46] Even if consumers found that their data was abused or leaked illegally, it is hard for them to be compensated from this since there might be several companies or institutions have access to their data, it is hard for consumers to prove exactly which party abused or leak their data. ## iii. Regulatory challenges Open banking is very different from traditional banking business, and the existing regulatory system of commercial banks is based on current financial practices, and the digitalization of traditional financial products and businesses would bring great difficulties to legal regulation. When dealing with the risk of data sharing in open banking, it might be difficult for the existing legal regulatory system to monitor financial risks effectively.[^47] ## IV. WHAT LEGAL REGULATORY MODEL SHOULD BE APPLIED FOR OPEN BANKING IN CHINA Although open banking has developed sharply in China since 2018, there is still no uniform legal regulation system. Legislation and regulation are always lagging in the era of digital finance and Chinese government intends to apply "wait-to-see" policy to find a proper regulatory model for open banking. As many other countries and regions have established legal regulatory model for open banking, it is reasonable to explore their regulatory systems, from which Chinese government can learn how to design its own open banking regulatory model based on China's culture, financial and economic development situations. ### a) Regulatory models of open banking in other jurisdictions European Unions, UK, US, Australia, Singapore, Hong Kong and India have established their open banking regulation system, and Brazil $^{48}$, Mexico $^{49}$, and Japan $^{50}$ have all recently taken steps to introduce open banking frameworks. However, these regions adopted different regulation models of open banking due to the difference in their culture, economy, financial markets, etc. Generally, there are three types of regulation models as follows. ## i. EU and UK: Compelling Model EU and UK adopted the statutory model for open banking development, which forces banks to authorize consumers with data portability and access to data. EU extensively highlighted the importance of data portability and data transfer issue. Cecilio Madero Villarego, senior competition official in the EU, said in late 2019: "Among other things, we will continue to make sure that digital incumbents don't make it too difficult for consumers to switch to competitors or use them in parallel."51 E.U. Council passed the Revised Directive on Payment Services (PSD2) in 2015, which aimed to go further than the initial Payment Services Directive in opening up banks to data sharing arrangements and competition from fintech firms.52 PSD2 forces banks and other payment providers to grant access to consumer accounts to third-party providers for account information aggregation services. Also, it requires payment providers to ensure that any time consumers access their account or initiate transactions, payment processors confirm that they consented to the transaction.[^53]Additionally, Article 20 of the EU General Data Protection Regulation ("GDPR") mandates that individuals have a right to data portability.[^54]This reserves the term "portability" to a required transfer when one person wishes to transfer the data. These legislations establish the legal foundation of open banking development. The application of the legal obligation to share data under UK open banking is complicated, including PSD2 and GDPR, and compliance is required by Account Servicing Payment Service Providers.[^55] However, not all commercial banks are required to share data and comply with specific UK data sharing standard. The UK established open banking to address a competition problem in the retail banking market, identified by the UK Competition and Markets Authority ("CMA"). Open banking in UK also allowed the EU to implement its PSD2. The CMA Order established an Open Banking Implementation Entity ("OBIE") to create UK data standards for data sharing. The UK Standards were required to cover not only APIs, data formats, and security, but also governance arrangements and customer redress mechanisms. Further, these standards were mandated to have the features necessary for banks to comply with the open banking requirements of PSD2.[^56] However, only the nine banks and building societies specified under the CMA Order, known as the "CMA9," are required to comply with the data sharing obligations.[^57] ## ii. US: Voluntary Model US adopted the voluntary and market-driven model for open banking regulation, which allows the market rather than the government officials to mainly regulate open banking development. Instead of adopting a mandatory open banking regime, the U.S. Treasury has recommended that regulators should remove legal and regulatory uncertainties which inhibit financial data sharing between banks and Fintech companies. This is based on the belief that U.S. market would be best served by a solution developed by the private sector.[^58] Although section 1033 of the Dodd-Frank Act requires providers of financial products and services to make available to a consumer, upon request, any information in their possession or control "relating to any transaction, series of transactions, or to the account including costs, charges and usage data."[^59] However, it only creates an express data access right in favor of customers themselves, but it says absolutely nothing about whether financial institutions must also share this data with third parties.[^60] In US, there is not a well-developed legal framework for open banking, and the burden of developing common data sharing standards has largely fallen to the financial services industry itself.[61] US adopted this model due to the characteristic of its financial market: fragmentation. The United States is home to the world's largest, most fragmented, and most diverse financial services industry.[62] The fragmentation makes it very hard to rapidly respond to new market developments, and therefore it is reasonable to sustain coordination between regulators and industry. This can explain why the US has taken what has been described as a "market-driven" approach to open finance.[63] ## iv. Singapore and Hong Kong: Active Guidance Model Different from EU/UK and US, the strategies in Singapore and Hong Kong are both characterized by "active guidance" model. Under the "active guidance" model, regulators only set standards for banks and other payment providers, but without issuing legislative mandates. The central banks in Hong Kong and Singapore have developed open APIs designed to foster collaboration between incumbent banks, fintech disruptors, and data aggregators.[64] Singapore has been very active in building infrastructure and implementing regulatory guidance - 58 Steven T. Mnuchin & Craig S. Phillips. A FINANCIAL SYSTEM THAT CREATES ECONOMIC OPPORTUNITIES: NONBANK FINANCIALS, FINTECH, AND INNOVATION. Report to President Donald J. Trump. 2018. https://home.treasury.gov/sites/default/files/2018-07/A-FinancialSystem-that-Creats-Economic-Opportunities---Nonbank - Finanzi...pdf?mod=articleline (Access on 10 May 2023). - 59 Article 1033(a)-(b) of Dodd-Frank Act. - $^{60}$ Dan Awrey & Joshua Macey. The Promise & Perils of Open Finance. 2023\.Yale J. on Reg. 40. P19. - $^{61}$ Dan Awrey & Joshua Macey. The Promise & Perils of Open Finance. 2023\.Yale J. on Reg. 40. P21. - $^{62}$ Dan Awrey & Joshua Macey. The Promise & Perils of Open Finance. 2023\.Yale J. on Reg. 40. P18. - $^{63}$ Basel Committee on Banking Supervision. Report on Open Banking and Application Programming Interfaces. 2019\.P8-9.Report on open banking and application programming interfaces (APIs) (bis.org) (Access on 11 May 2023). - $^{64}$ H.K. MONETARY AUTH. OPEN API FRAMEWORK FOR THE HONG KONG BANKING SECTOR. 2018\.https://www.hkma.gov.hk/media/ eng/doc/key-information/press-release/2018/20180718e5a2.pdf (Access on 8 May 2023). through guidelines and nonbinding documents. This guidance serves as the basis of its open finance strategy, which suggests that the regulator-led approach is another possible data governance style.[65] Hong Kong has begun regulating open banking since 2018.[66] Hong Kong's regulations do not require banks to share account and transaction data. The regulations issued by Hong Kong Monetary Authority require the largest banks to develop open APIs, but they permit banks to choose which TPPs can access customer data.[67] Different from other jurisdictions, Hong Kong requires banks to conduct ongoing supervision and due diligence of the TPPs they partner with and establish contractual terms that mitigate the risk that customer data will be misused.[68] The HKMA believes that this model would strike a balance between innovation and consumer protection since it requires banks to play a custodian-like role with respect to customer data.[69] # b) "Active Guidance" Regulatory Model Should be Applied in China Through analyzing the open banking regulation models from other regions, there are three main regulation forms including compelling model in EU and UK, voluntary and market-driven model in US and active guidance model in Singapore and Hong Kong. There is not "correct" regulatory model for open banking since each model has its own advantages and disadvantages. Also, governments from different countries have distinct incentives to develop open banking, therefore, it is reasonable to choose regulatory regimes in consideration of their special national conditions. Referring to current legal basis, culture, and financial market development in China, it is more reasonable to adopt the "active guidance" model for regulating China's open banking. ## i. Compelling Model is not Proper for China The compelling model of open banking is not suitable for China due to the immature legal framework and the special financial environment in China. The "regulation-driven" compelling model can promote implementation of open banking relatively quickly - 65 Financial Data Governance, 74 Hastings L.J. 235, P258. - 66 H.K. MONETARY AUTH. OPEN API FRAMEWORK FOR THE HONG KONG BANKING SECTOR. 2018. https://www.hkma.gov.hk/media/ eng/doc/key-information/press-release/2018/20180718e5a2.pdf (Access on 8 May 2023). - 67 Gilbert + Tobin, Open Banking Regimes Across the Globe 2018, https://www.gtlaw.com.au/knowledge/open-banking-regimes-across-globe (Access on 8 May 2023). - 68 H.K. MONETARY AUTH. OPEN API FRAMEWORK FOR THE HONG KONG BANKING SECTOR. 2018. https://www.hkma.gov.hk/media/ eng/doc/key-information/press-release/2018/20180718e5a2.pdf (Access on 8 May 2023). - 69 Charles Marshall Wilson. DATA SHARING IS CARING CONSUMER PRIVACY AND INTERNATIONAL APPROACHES TO OPEN BANKING. 2022. Geo. Wash. Int'l L. Rev. 53. P620. because of the policies ensuring its implementation efficiency. However, it fails to take into account the size and strength of banks and tends to pursue "absolute fairness" and therefore leading to unfair opening consequences, accelerating the loss of competitiveness of small and medium-sized banks. Also, administrative orders may stifle commercial and technological creativity.[70] More importantly, the "regulation-driven" model requires a complete and mature legal regulation system. The compelling model derived from EU and UK, which was adopted by Australia, Brazil, Mexico and other countries.[^71] Compelling regulatory model forces banks and other payment provider institutions provide data to Fintech companies or other TPPs following the instructions of consumers. This model is effective in promoting open banking since some banks would be reluctant to share consumers' data to other companies to protect competitive advantages. Actually, there is a tension between data sharing and the economic interests of many banks that collect personal financial data. These banks may depend on collecting large amounts of personal financial data to maintain a competitive edge and therefore those economic interests can disincentivize banks from giving consumers control of their data.[72] Therefore, under compelling model, banks must authorize customers with data access which can effectively stimulate open banking development. However, in compelling model, regulators play a significant leading role in data sharing and open banking development and therefore it is required to provide regulators with a clear legal implementation framework. This legal framework must contain unambiguous legislations regarding data rights and data sharing obligations, the clear allocation and cooperation of regulatory powers, regulatory-led third-party access certification and unified technical standards.[73] However, unlike EU or UK, there is no clear and feasible legal framework in China supporting regulators to compel banks to share data. Although article 45 of the Chinese Personal Information Protection Act regulates that if individuals request the transfer of personal information to their designated personal information processor, satisfying the requirements provided by the state internet information department, the personal information processor shall provide a channel for the transfer,[^74] which seems provided the legal basis for data portability, there are no other rules or legislations supporting the implementation of data portability. And there are no other relevant legislations or rules regarding open banking in China. Therefore, due to the absence of feasible and mature legal framework, it is not reasonable for Chinese government adopt the compelling model. In addition, the compelling model is not proper due to the special financial market and regulation environment in China. The data opening of large commercial banks that occupy a dominant position in data can further expand their business, obtain cooperation opportunities, and win the dividends brought by data sharing, while small financial institutions with scarce customer information and poor data information face the dilemma of losing business resources and further expanding competitive disadvantages. If adopting the compelling regulation-driven model and forcing data sharing among all banks, it will strengthen the data integration of monopoly financial institutions and aggravate the centralization of financial data.[^75] Also, e-commerce platforms and third-party payment businesses are well-developed in China. Internet financial enterprises optimizes financial business and provides financial services, which has gradually occupied more and more shares in the Chinese financial field, and even be able to compete with certain banks. According to the business model of open banking, one-way data openness is tantamount to creating an unequal competition where e-commerce platforms can rely on the richer data resources of financial institutions to develop more quickly, while traditional financial institutions such as banks are very easy to lose the advantages of basic data. Accordingly, the mandatory "regulatory-driven" model may affect the financial stability and exacerbate unfair competition in the financial market of China.[^76] ## ii. Voluntary Model is not Appropriate for China Voluntary model is adopted by US which neither does not require regulators to force banks to share data, nor issue specific technical or data sharing standards. It is driven by the market where institutions make agreements about data sharing and relevant security, APIs standards. The voluntary "market-driven" model can achieve a balance of interests of all parties in the market. However, under this model, there is no effective financial data sharing standard and the enthusiasm of banks to carry out financial data sharing is not high since there is no government promotion, which is difficult to make breakthroughs.[^77] US government intends to allow private enterprises to develop open banking rather than limiting their innovation ability by regulatory uncertainties, so it adopts this model.[^78] However, due to the different cultures and financial market development, it is not proper for China to adopt the US model. Firstly, without regulation, public confidence in open banking might be impaired and this voluntary model may cause disorder in China's financial market due to the lack of uniform standards of data sharing. Secondly, without proper regulatory limitations, there might a risk of monopoly since large banks are free to make agreements regarding data sharing and impose barriers preventing Fintech companies from entering into the financial market, which might impair competition in the financial sector. Also, the absence of uniform standards would decrease the interoperability of open banking system, which may cause high negotiation fee due to the financial fragmentation in the market.[^79] Furthermore, as discussed before, US adopted the market-driven model since US financial market is too fragmented and it is hard for regulators to design and respond quickly.[^80] However, unlike US, Chinese financial market is not so fragmented and the Chinese PBOC has already issued several policies clarifying the data sharing standard. Therefore, the US market-driven model is not suitable for China due to difference in financial markets of two countries. ## iii. "Active Guidance" Regulatory Model is More Suitable for China In general, active guidance regulatory model should be applied in China, which not only can increase interoperability and reduce transaction costs, but also stimulate better development of open banking. As discussed before, under active guidance regulatory model, government regulators only issue relevant standards for open banking such as data sharing, instead of utilizing statutory legal authority to force banks to share data. On the one hand, issuing uniform standards under active guidance model can increase interoperability and reduce negotiation fees of banks and Fintech companies. As mentioned above, Chinese PBOC has issued several policies clarifying technical specifications and standards regarding data sharing and APIs of open banking including Code for Security Management of Application Programming Interfaces (APIs) of Commercial Banks(2020), Technical Specifications for the Protection of Personal Financial Information(2020), Guidelines for Data Capacity Building in the Financial Industry (2021) and Financial Data Security Data Life Cycle Security Specification (2021). These policies have set standards of open banking including data sharing and APIs, etc., which can increase interoperability. The Creating of a uniform interface or software standard could simultaneously reduce transaction costs and provide financial institutions with greater certainty about the liability risks and contract terms of data sharing.[^81] On the other hand, issuing guidance can facilitate open banking development from a long-term perspective. It might take long time for China to construct a mature legal framework for open banking development, before that, it is reasonable for Chinese regulators to give guidance for monitoring open banking, providing technical standards and constructing infrastructure of open banking, which can reduce public confusion and increase confidence of consumers in open banking and therefore encouraging more parties to participate in this area. Therefore, during the transition period, it is better for China to adopt active guidance model to help the public accept open banking. After then, legislators can issue a better and more socially acceptable legal framework to statutorily force data sharing in open banking. ## V. HOW TO ESTABLISH THE LEGAL ### REGULATION STRUCTURE OF OPEN #### BANKING IN CHINA UNDER THE "ACTIVE #### GUIDANCE"MODEL Generally, under the active guidance model, Fintech companies should reform data and technologies in order to have the ability to connect with traditional financial institutions. For large commercial banks, they should change attitude and accept open banking mode, while for small and medium banks, due to the lack of sufficient technique powers, they should cooperate to construct their open banking platform. For better coordination between these parties in open banking practice, regulators should give the development direction and issue instructive rules, encouraging cooperation between banks and Fintechs while protecting privacy and data security of customers.[^82] It is required to issue some government instruction in standards setting and provide a feasible legal framework giving instructions to banks and TPPs, however, banks should not be forced to share data through legislation now. Currently, there is not a feasible legal framework for open banking regulation in China. For regulating and stimulating development of open banking and reducing social risks, it is necessary to improve current legal system to establish a feasible framework to facilitate data portability implementation and construct a multi-level regulatory system of open banking. Also, traditional regulatory method for privacy protection is insufficient in open banking, it is necessary to transfer to "data autonomy" approach for protecting privacy. ### a) Issue Feasible Rules for Data Portability Implementation Article 45 of Chinese Personal Information Protection Act (valid from November 2021) sets the basis of data sharing for consumers, which indicates that where individuals request access to or copy their personal information, the personal information handlers shall promptly provide it. If individuals request the transfer of personal information to their designated personal information processor, satisfying the requirements provided by the state internet information department, the personal information processor shall provide a channel for the transfer.[^83] This clause seems to regulate the foundation of data portability, however, there are no other rules or legislations clarifying specific details and procedures for the implementation of data portability. Also, there are no regulations indicating the definition of data portability. These would be barriers to open banking development in China. A data-oriented financial regulatory system needs focus on creating interoperable standards for data sharing. Not only is it important to create clear ownership rights over data, and clear access rights, but also it is necessary to ensure that this data is stored and managed in standardized ways. Interoperability is integral to the proper functioning of a market in data, and without it, transaction costs and market leverage may threaten to impede competition within the sector.[^84] Therefore, it is necessary to improve legislations to increase the feasibility of data portability and interoperability of open banking systems. As discussed before, Chinese PBOC has issued a series of policies clarifying the standards which increase interoperability from the perspective of technology. It is not difficult to technically promote data sharing, but it is more difficult to achieve comprehensive protection of data from a legal point of view. It is necessary to combine the powers of technology and legislation. Not only should we bring technology into the orbit of the rule of law and constrain its risks, but also utilize more technical methods to improve the protection level of data sharing security. $^{85}$ Currently, it is crucial to increase interoperability from legislative perspective to clarify the definition and condition of portability, the scope of shard information and accountability in open banking. ## i. Implementation details of data portability Article 45 of the Chinese Personal Information Protection Act is only a principal provision without sufficient operability. Chinese government and relevant institutions should issue detailed implementation rules as soon as possible, including the conditions, types, methods, costs, and risk prevention of data portability. Also, it is necessary to clarify the definition of data portability. Since open banking and data portability were introduced from UK and EU, it is reasonable to apply the definition of data portability in GDPR which indicates that "the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided".[^86] ## ii. Scope of shared information Also, it is required to clarify the scope of shared information. The shared information scope is distinct between different countries. In UK, it is required to provide information regarding the following accounts: transaction information for personal current account products, including personal current accounts; basic bank accounts, packaged accounts, reward accounts, student or graduate accounts, and youth accounts; and business current account products, including business current accounts. Under UK open banking, the CMA Order requires that the Read/Write Data Standard provides access to transaction information for covered accounts and initiates payments on behalf of customers on those accounts. The detail of the data to be shared, including the data fields for each of the accounts, is provided by the UK Standards.[^87] However, the shared information in Australia is much broader. Australia's open banking rules apply to a wide array of consumer data, including product data, customer data, account data, and transaction data.[^88] Australia intends to govern the sharing of data goes beyond the financial industry. The Australian Consumer Data Right Bill specified that the financial industry would be the first industry to be regulated, but that other industries would also come under its rules.[^89] For China, currently, it is better to limit the shared information in financial industry due to the limitation of technologies and legal basis. Also, it is necessary to divide information according to its sensitivity and significance and gradually expand the scope of shared data based on the sensitivity level. According to Chinese national standard "Information Security Technology Personal Information Security Specification," "personal sensitive information" refers to "personal information that may endanger personal and property safety once leaked, illegally provided, or abused, and can easily lead to damage to personal reputation, physical and mental health, or discriminatory treatment."[^90] It is necessary to limit the sharing scope of sensitive information and require desensitization treatment under some circumstances to protect privacy of consumers. ## iii. Accountability Accountability regarding open banking should be clarified, which can encourage institutions pay more attention to data protection and increase public confidence in open banking market. In Hong Kong, banks should burden to duty to conduct ongoing monitoring and due diligence of the TPPs they partner with and establish contractual terms that mitigate the risk that customer data will be misused.[^91] Hong Kong believes that this approach will "strike a balance between innovation and consumer protection" because it requires banks to play a custodian-like role with respect to customer data.[^92] China can also adopt this approach and impose responsibilities on banks to monitor Fintech and TPPs. However, the banks should not be the only accountable party, TPPs should also have the duty to protect consumers' data. Banks and their partners TPPs be jointly liable for data abuse, leakage or loss. Furthermore, regulators should issue a more unambiguous and detailed standard for data security protection and impose sanctions on data theft, leakage, abuse as well as the illegal usage of data without customers' consent.[^93] ### b) Construct a multi-level regulatory system for data sharing ## i. Current Legislation and Rules Regarding Data Sharing in China The main goal of China's implementation of open banking is promoting the digital transformation of financial institutions and fully tapping the value of data. Currently Chinese legislations and rules regarding data protection and data dealing. Firstly, Article 42 of the Chinese Cybersecurity Law expresses that network operators must not disclose, tamper with, or destroy the personal information they collect; and personal information shall not be provided to others without the consent of the person being collected. However, this is not the case where the specific individual cannot be identified after processing and cannot be restored. Network operators shall employ technical measures and other necessary measures to ensure the security of the personal information they collect and prevent information leakage, damage, or loss. When leakage, damage, or loss of personal information occurs or may occur, remedial measures shall be immediately employed, and users shall be promptly informed and reported to the relevant competent departments in accordance with provisions.[^94] Secondly, Article 1038 of the Chinese Civil Code indicates that information processors must not disclose or tamper with the personal information they collect or store; without the consent of individuals, their personal information shall not be illegally provided to others, except where the specific individual cannot be identified after processing and cannot be restored. Information processors shall employ technical measures and other necessary measures to ensure the security of the personal information they collect and store, and prevent information leakage, alteration, and loss. When leakage, alteration, or loss of personal information occurs or might occur, remedial measures shall be promptly employed, and individuals shall be notified in accordance with provisions and reported to the relevant competent departments.[^95] Thirdly, Article 23 of the Chinese Personal Information Protection Law more specifically regulates the data dealing and transferring issue. It indicates that where personal information processors provide information to other personal information operators, they shall inform the individuals of the name or surname and contact information of the recipients, purpose and methods of processing and types of personal information. Also, it is required to obtain the separate consent from them. The recipient shall process personal information within the scope of purposes, following processing methods and types of personal information. Where the receiving party changes the original purpose or method of processing, it shall re-obtain the individual's consent in accordance with the provisions of this Law.[^96] Furthermore, Article 29 of the Implementing Measures for the Protection of the Rights and Interests of People's Bank of China Financial Consumers shows that banks and payment institutions handling consumer financial information shall follow the principles of legality, propriety, and necessity, and obtain the express consent of financial consumers or their guardians, except as otherwise provided by laws and administrative regulations. Banks and payment institutions must not collect consumer financial information unrelated to business, must not use improper methods to collect consumer financial information, and must not covertly force the collection of consumer financial information. Banks and payment institutions shall not refuse to provide financial products or services on the grounds that financial consumers do not consent to the processing of their financial information, except where the processing of their financial information is necessary for the provision of financial products or services. Where financial consumers are unable or refuse to provide necessary information, making it impossible for banks or payment institutions to perform their anti-money laundering obligations, banks and payment institutions may take restrictive measures against their financial activities in accordance with the relevant provisions of the Anti-Money Laundering Law of the People's Republic of China. When it is truly necessary, banks and payment institutions may refuse to provide financial products or services in accordance with law.[^97] ## ii. Establish a Multi-level Regulatory System of Data Sharing Although Chinese Cybersecurity Law, Chinese Civil Code, Chinese Personal Information Protection Law and the Implementing Measures for the Protection of the Rights and Interests of People's Bank of China Financial Consumers establish relevant legal basis for personal information sharing, but the above legal provisions obviously only focus on the protection of personal information rather than sharing information, and there lacks the encouragement and mandatory provisions for data sharing.[^98] Therefore, there is no mature legal regime for data sharing in China. Except for government regulatory system, making use of the market and social power is also important. It is necessary to establish a multi-level regulatory system for data sharing which should contains supervising parties such as banks, TPPs, customers, social associations and judges. Firstly, as discussed above, banks and TPPs should be jointly liable for data protection. Learning from the active guidance regulation model in Hong Kong, banks are supposed to supervise the data application actions of their TPPs, which can keep the balance between innovation and financial security. Secondly, Fintech companies and TTPs which receive the data should be mainly responsible for data protection. Therefore, it is necessary to require these companies to design internal supervision systems in their companies to prevent data loss or leakage. Thirdly, Chinese government should build a special compliant system for customers for dealing with matters relevant to data sharing issues in open banking. Social supervision from customers can play a crucial role in data sharing since customers are the party whose interests would be seriously impaired by data abuse. Therefore, it is necessary to authorize customers with compliant rights, which can also educate customers on the significance and value of data. Also, an open banking association should be established to deal with data sharing matter. As discussed before, open banking brings many challenges to the traditional regulatory system due to the information asymmetry and technical issues.[^99] Therefore, it is necessary to organize the open banking association composed of technical and financial experts, which can better supervise data sharing matters and provide more information to government officials. The cooperation between associations and government regulators is significant for sound development of open banking. Finally, judicial aid is also necessary which is the last resort for customers. Currently, there is no specific Statutory Financial Interpretation regarding open banking judicial practice. However, data sharing matter is relevant to privacy and personal information protection and therefore, judges can refer to the rules, Statutory Financial Interpretation and legislation relevant to personal data and privacy in Chinese Personal Information Protection Act, Chinese Civil Code and other relevant legislations. In general, it is reasonable to establish a multi-level regulatory system including different monitoring bodies for data sharing in open banking. ### c) Data Privacy Protection: From "Notice-Consent" to "Data Autonomy" Traditionally, financial privacy laws in many countries follow a "notice and consent" model, which requires enterprises to notify consumers of their data collection practices and give consumers the option to opt-in or out. However, the "Notice-Consent" approach has significant structural flaws that limit its efficacy.[^100] Notice and consent laws place an unmanageable burden on consumers by requiring them to read lengthy and often opaquely-written privacy policies, which consumers do not have time to read and often struggle to understand.[^101] Moreover, even if consumers had the time to read all of the privacy policies that they are presented with in a given day, they are often unable to assess the risks of sharing their data.[^102] Better protecting customer privacy in digital economy era requires us to replace the traditional "data privacy" with a more comprehensive concept "data autonomy." Data autonomy grants customers a set of rights over their data that wrests control over data back from the large financial institutions that, until now, have maintained a vice grip over it. It can satisfy the data protection requirement and secure information be accessible and shareable, which is more consistent with open banking development trajectory. While data autonomy requires important changes in legal rights and responsibilities, it is better matched with "open banking" rules.[^103] Authorizing customers with greater control of data sharing could potentially mitigate the traditional privacy protection problems brought by "notice-consent" regulation method.[^104] If consumers can affirmatively decide and continuously control which company can have access and use their financial data, they will have a greater ability to preserve their personal expectations of financial privacy when they share their data with a third party.[^105] However, there are still certain risks of "data autonomy".[^106] Firstly, similar to traditional "notice-consent" regime, consumers are generally unable to independently manage their data privacy due to the lack of time and knowledge to understand what most companies do with their data. Secondly, as more companies access personal financial data, consumers will find it increasingly difficult to keep track of how their data are used or who has access to it, this might increase the privacy risk and it is hard for customers to find accountable parties. $^{107}$ Thirdly, there is tension between consumer privacy and the economic interests of banks and certain companies that collect personal financial data to maintain a competitive edge. $^{108}$ Those economic interests can disincentivize these enterprises from giving consumers meaningful control of their data. $^{109}$ Under "active guidance" model without compelling data sharing, it might be difficult for banks to support the "data autonomy" approach. Therefore, it is important for legislators and policy makers to strike a balance in this regard. Although the desires of consumers should dictate how their data are used, companies should not be foreclosed from reasonably using data to improve their own services or from fulfilling regulatory compliance obligations. China can learn from UK for balancing the interests between the bank and customer. UK Although U.K. regulations allow consumers to choose how their data are used, they do not prevent Fintech companies from providing innovative services. Rather, they require TPPs to explain their services clearly and allow consumers to select their desires. The third parties are only authorized to use and share personal data which is necessary to provide the requested services or for other reasonable purposes.[^110] Generally, U.K. rules play a role in offsetting the tension between banks and customers by allowing consumers to affirmatively choose and continuously control which parties access their data, through centralized licensed platforms.[^111] Learning from UK, Chinese regulations should limit the scope of data usage and balance the data application between banks and TPPs. Also, it is necessary to establish centralized platforms and require platforms to obtain licenses before helping customers share data, which can help regulators pre-cautiously reduce data abuse risk and provide timely remedies for data abuse. ## VI. CONCLUSION Open banking has been developed rapidly in China, although Chinese government issues many policies regarding open banking, there is not a clear legal regulatory framework. Although open banking benefits Chinese economy development, it also brings some risks at the same time. Therefore, it is urgent to establish an effective regulatory system in China. Through learning from regulation forms in other jurisdiction, "active guidance" regulatory model should be more appropriate. Currently, without sufficient legal basis, it is reasonable to adopt the "active guidance" regulatory model, which can reduce the risk of disorder in the financial market and decrease negotiation costs among banks and TPPs. Therefore, the "active guidance" model can help open banking improve during the transition period. Under this model, current Chinese regulatory and legal regime needs to be improved as well. It is suggested to issue more feasible rules for data portability implementation, establish a multi-level regulatory system for data sharing including different supervision parties, as well as transfer the data privacy protection regime from traditional "Notice-Consent" to "Data Autonomy" model. [^12]: $^{12}$ Thomas Anker. Autonomy and Marketing: History, Present and Future. 2022. https://www.jmmnews.com/autonomy-and-marketing/#: ~:text=Broadly%2C%20consumer%20autonomy%20is%20the%20ability%20to%20reflect,consumers%2C%20provided%20they%20respect %20their%20autonomy%20%28Anker%2C%202020%29. (Access on 9 May 2023). _(p.2)_ [^13]: $^{13}$ Scott Farrell. Designing Data Rights for Canadian Open Banking Lessons from Banking Law in Australia and the United Kingdom. 2022. Sask. L. Rev.85. P170. _(p.2)_ [^15]: Scott Farrell. Designing Data Rights for Canadian Open Banking Lessons from Banking Law in Australia and the United Kingdom. 2022. Sask. L. Rev.85. P172. _(p.2)_ [^16]: Internet Finance Association of China. Open Banking Development Research Report. Preface part. 2019. _(p.3)_ [^17]: Yealink Bank. Analysis of the latest development status and trend of open banking in 2021. http://www.openbanks.com.cn/openbanks ARTICLE/100046.html (Access on 9 May 2023). _(p.3)_ [^20]: People's Bank of China. Financial Technology Development Plan (2019-2021). 2019. _(p.5)_ [^21]: Yealink Bank. Analysis of the latest development status and trend of open banking in 2021. _(p.5)_ [^22]: People's Bank of China, Financial Technology Development Plan (2022-2025). 2022. _(p.5)_ [^23]: China Banking and Insurance Regulatory Commission. Guiding Opinions on the Digital Transformation of the Banking and Insurance Industry. 2022. _(p.5)_ [^24]: China State Council. The Fourteenth Five-Year Plan for the Development of the Digital Economy. 2022. _(p.5)_ [^25]: People's Bank of China. Technical Specifications for the Protection of Personal Financial Information. 2020. _(p.5)_ [^26]: People's Bank of China. Guidelines for Data Capacity Building in the Financial Industry. 2021. _(p.5)_ [^27]: People's Bank of China. Financial Data Security Data Life Cycle Security Specification. 2021. _(p.6)_ [^29]: $^{29}$ Competition and Markets Authority. Update on Open Banking. 2021. https://www.gov.uk/government/news/news-on-open-banking (Access on 9 May 2023). _(p.6)_ [^33]: Cesare Fracassi & William Magnuson. Data Autonomy. 2021. Vand. L. Rev. _(p.6)_ [^34]: Cesare Fracassi & William Magnuson. Data Autonomy. 2021. Vand. L. Rev. 74.P338. _(p.6)_ [^35]: Charles Marshall Wilson. DATA SHARING IS CARING CONSUMER PRIVACY AND INTERNATIONAL APPROACHES TO OPEN BANKING. 2022. Geo. Wash. Int'l L. Rev. _(p.6)_ [^36]: Charles Marshall Wilson. DATA SHARING IS CARING CONSUMER PRIVACY AND INTERNATIONAL APPROACHES TO OPEN BANKING. 2022. Geo. Wash. Int'l L. Rev. _(p.6)_ [^37]: Cesare Fracassi & William Magnuson. Data Autonomy. 2021. Vand. L. Rev. _(p.6)_ [^38]: Charles Marshall Wilson. DATA SHARING IS CARING CONSUMER PRIVACY AND INTERNATIONAL APPROACHES TO OPEN BANKING. 2022. Geo. Wash. Int'l L. Rev. _(p.6)_ [^43]: THE AUSTRALIAN GOVERNMENT THE TREASURY. REVIEW INTO OPEN BANKING: GIVING CUSTOMERS CHOICE, CONVENIENCE AND CONFIDENCE. 2017. https://nla.gov.au/nla obj-2817047138/view (Access on 10 May 2023). _(p.7)_ [^44]: Cesare Fracassi & William Magnuson. Data Autonomy. 2021. Vand. L. Rev. _(p.7)_ [^45]: THE AUSTRALIAN GOVERNMENT THE TREASURY. REVIEW INTO OPEN BANKING: GIVING CUSTOMERS CHOICE, CONVENIENCE AND CONFIDENCE. 2017. https://nla.gov.au/nla obj-2817047138/view (Access on 10 May 2023). _(p.7)_ [^46]: (2). DOI:10.13451/J.cnki.shanxi.univ(phil.soc.). _(p.14)_ [^47]: Xuan Di & Fang Yan. Risk Challenges and Legal Regulations of China's Open Banking Data Sharing. Credit Reference. 2022.7 (282). 282, P42. _(p.7)_ [^53]: P630. _(p.15)_ [^54]: Article 20 of General Data Protection Regulation. EU. _(p.8)_ [^55]: Scott Farrell. Designing Data Rights for Canadian Open Banking Lessons from Banking Law in Australia and the United Kingdom. 2022. Sask. L. Rev.85. P189. _(p.8)_ [^56]: Scott Farrell. Designing Data Rights for Canadian Open Banking Lessons from Banking Law in Australia and the United Kingdom. 2022. Sask. L. Rev.85. P177. _(p.8)_ [^57]: Scott Farrell. Designing Data Rights for Canadian Open Banking Lessons from Banking Law in Australia and the United Kingdom. 2022. Sask. L. Rev.85. P189. _(p.8)_ [^58]: $^{70}$ Yang Dong & Cheng Xiangwen. Research on the data sharing mechanism of consumer-centered open banking. Financial Regulation Research. 2019.10. P104. _(p.10)_ [^59]: $^{73}$ Zhang Jian. Selection of Supervision Model for Open Banking Data Sharing in China. Zheng Fa Lun Cong. 2023.1. P69. _(p.10)_ [^60]: $^{74}$ Article 45 of the Chinese Personal Information Protection Act. _(p.10)_ [^71]: Zhang Jian. Selection of Supervision Model for Open Banking Data Sharing in China. Zheng Fa Lun Cong. 2023.1. P69. _(p.10)_ [^74]: P332-333. _(p.15)_ [^75]: Yang Dong & Cheng Xiangwen. Research on the data sharing mechanism of consumer-centered open banking. Financial Regulation Research. 2019.10. P105. _(p.10)_ [^76]: $^{76}$ Yang Dong & Cheng Xiangwen. Research on the data sharing mechanism of consumer-centered open banking. Financial Regulation Research. 2019.10. P105. _(p.10)_ [^77]: $^{77}$ Yang Dong & Cheng Xiangwen. Research on the data sharing mechanism of consumer-centered open banking. Financial Regulation Research. 2019.10.P104. _(p.10)_ [^78]: Steven T. Mnuchin & Craig S. Phillips. A FINANCIAL SYSTEM THAT CREATES ECONOMIC OPPORTUNITIES: NONBANK FINANCIALS, FINTECH, AND INNOVATION. Report to President Donald J. Trump. 2018. https://home.treasury.gov/sites/default/files/2018-07/A-FinancialSystem-that-Creats-Economic-Opportunities---Nonbank-Financi.... pdf?mod=article_inline (Access on 10 May 2023). _(p.11)_ [^79]: Cesare Fracassi & William Magnuson. Data Autonomy. 2021. Vand. L. Rev. _(p.11)_ [^80]: Basel Committee on Banking Supervision. Report on Open Banking and Application Programming Interfaces. 2019. P8 _(p.11)_ [^81]: Cesare Fracassi & William Magnuson. Data Autonomy. 2021. Vand. L. Rev. _(p.11)_ [^82]: $^{82}$ China Ping An Bank and Boston Consulting Group. China Open Banking White Paper. 2021.P41-42. _(p.11)_ [^83]: $^{83}$ Article 45 of Chinese Personal Information Protection Act. _(p.12)_ [^84]: Cesare Fracassi & William Magnuson. Data Autonomy. 2021. Vand. L. Rev. _(p.12)_ [^86]: Article 20 of General Data Protection Regulation. EU. _(p.12)_ [^87]: Scott Farrell. Designing Data Rights for Canadian Open Banking Lessons from Banking Law in Australia and the United Kingdom. 2022. Sask. L. Rev.85. P182-183. _(p.12)_ [^88]: Robyn Chatwood & Ben Allen. Australian Government Passes Consumer Data Right Legislation. 2019. _(p.12)_ [^89]: Treasury Laws Amendment (Consumer Data Right) Bill 2019 (Cth). https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills Search Results/Result?bld=r6281 (Access on 9 May 2023). _(p.13)_ [^90]: China National Information Security Standardization Technical Committee. Information Security Technology - Personal Information Security Specification (GB/T 35273-2020). _(p.13)_ [^91]: H.K. MONETARY AUTH. OPEN API FRAMEWORK FOR THE HONG KONG BANKING SECTOR. 2018. https://www.hkma.gov.hk/media/ eng/doc/key-information/press-release/2018/20180718e5a2.pdf (Access on 8 May 2023). _(p.13)_ [^92]: Charles Marshall Wilson. DATA SHARING IS CARING CONSUMER PRIVACY AND INTERNATIONAL APPROACHES TO OPEN BANKING. 2022. Geo. Wash. Int'l L. Rev. _(p.13)_ [^93]: China Ping An Bank and Boston Consulting Group. China Open Banking White Paper. 2021. P44. _(p.13)_ [^94]: Article 42 of the Chinese Cybersecurity Law. _(p.13)_ [^95]: Article 1038 of the Chinese Civil Code. _(p.13)_ [^96]: $^{96}$ Article 23 of the Chinese Personal Information Protection Law. _(p.14)_ [^97]: Article 29 of Implementing Measures for the Protection of the Rights and Interests of People's Bank of China Financial Consumers. _(p.14)_ [^98]: Wen Shuying. Open Banking Regulation in UK and the Lessons from Its Experience. Journal of Shanxi University (Philosophy & Social Science). 2023. _(p.14)_ [^99]: Xuan Di & Fang Yan. Risk Challenges and Legal Regulations of China's Open Banking Data Sharing. Credit Reference. 2022.7 (282). P42. _(p.14)_ [^100]: Daniel J. Solove. Privacy Self-Management and the Consent Dilemma. 2013. HARV. L. REV. _(p.14)_ [^101]: Privacy Rights and Data Collection in a Digital Economy. 2019, hearing | Hearings | United States Committee on Banking, Housing, and Urban Affairs (senate.gov) (Access on 11 May 2023). _(p.15)_ [^102]: Charles Marshall Wilson. DATA SHARING IS CARING CONSUMER PRIVACY AND INTERNATIONAL APPROACHES TO OPEN BANKING. 2022. Geo. Wash. Int'l L. Rev. 53, P613. _(p.15)_ [^103]: Cesare Fracassi & William Magnuson. Data Autonomy. 2021. Vand. L. Rev. _(p.15)_ [^104]: Charles Marshall Wilson. DATA SHARING IS CARING CONSUMER PRIVACY AND INTERNATIONAL APPROACHES TO OPEN BANKING. 2022. Geo. Wash. Int'l L. Rev. _(p.15)_ [^105]: Charles Marshall Wilson. DATA SHARING IS CARING CONSUMER PRIVACY AND INTERNATIONAL APPROACHES TO OPEN BANKING. 2022. Geo. Wash. Int'l L. Rev. _(p.15)_ [^106]: Charles Marshall Wilson. DATA SHARING IS CARING CONSUMER PRIVACY AND INTERNATIONAL APPROACHES TO OPEN BANKING. 2022. Geo. Wash. Int'l L. Rev. _(p.15)_ [^110]: Charles Marshall Wilson. DATA SHARING IS CARING CONSUMER PRIVACY AND INTERNATIONAL APPROACHES TO OPEN BANKING. 2022. Geo. Wash. Int'l L. Rev. _(p.15)_ [^111]: Charles Marshall Wilson. DATA SHARING IS CARING CONSUMER PRIVACY AND INTERNATIONAL APPROACHES TO OPEN BANKING. 2022. Geo. Wash. Int'l L. Rev. _(p.15)_ [^5]: Basel Committee on Banking Supervision. Report on Open Banking and Application Programming Interfaces. 2019. P4. Report on open banking and application programming interfaces (APIs) (bis.org) (Access on 11 May 2023). _(p.2)_ [^9]: Report on open banking and application programming interfaces (APIs) (bis.org) (Access on 11 May 2023). _(p.11)_ [^14]: $^{14}$ Scott Farrell. Designing Data Rights for Canadian Open Banking Lessons from Banking Law in Australia and the United Kingdom. 2022. Sask. L. Rev.85. P172. _(p.2)_ [^18]: China Ping An Bank and Boston Consulting Group. China Open Banking White Paper. 2021. _(p.5)_ [^19]: People's Bank of China. Code for Security Management of Application Programming Interfaces of Commercial Banks. 2020. _(p.5)_ [^30]: The Australian Government the Treasury. Inquiry into Future Directions for the Consumer Data Right. 2020. _(p.6)_ [^31]: Scott Farrell. Designing Data Rights for Canadian Open Banking Lessons from Banking Law in Australia and the United Kingdom. 2022. Sask. L. Rev.85. P176. _(p.6)_ [^32]: Charles Marshall Wilson. DATA SHARING IS CARING CONSUMER PRIVACY AND INTERNATIONAL APPROACHES TO OPEN BANKING. 2022. Geo. Wash. Int'l L. Rev. _(p.6)_ [^48]: Banco Central Do Brasil. Open Finance. _(p.8)_ [^49]: New Open Banking Regulation in Mexico. _(p.8)_ [^52]: Cesare Fracassi & William Magnuson. Data Autonomy. 2021. Vand. L. Rev. 74.P364. _(p.8)_ [^85]: Zhang Jian. Selection of Supervision Model for Open Banking Data Sharing in China. Zheng Fa Lun Cong. 2023.1. P71. _(p.12)_ [^107]: Charles Marshall Wilson. DATA SHARING IS CARING CONSUMER PRIVACY AND INTERNATIONAL APPROACHES TO OPEN BANKING. 2022. Geo. Wash. Int'l L. Rev. _(p.15)_ [^108]: Charles Marshall Wilson. DATA SHARING IS CARING CONSUMER PRIVACY AND INTERNATIONAL APPROACHES TO OPEN BANKING. 2022. Geo. Wash. Int'l L. Rev. _(p.15)_ [^109]: Charles Marshall Wilson. DATA SHARING IS CARING CONSUMER PRIVACY AND INTERNATIONAL APPROACHES TO OPEN BANKING. 2022. Geo. Wash. Int'l L. Rev. _(p.15)_ [^126]: P1886-1888. _(p.14)_

Generating HTML Viewer...