PRIMER: China’s social credit system

Author: Karry Lai | Published: 14 Nov 2019
Email a friend

Please enter a maximum of 5 recipients. Use ; to separate more than one email address.

China’s corporate social credit system (SCS) is expected to be fully implemented by the end of 2019. It is a comprehensive system that represents a fundamental rethink of how compliance will be governed.

IFLR's latest primer looks at the system, the potential problems it faces and complications with implementation.

What is the social credit system and what does it do?

Under the system, the behaviour of companies and individuals will be monitored. A system of rewards and punishments is used to incentivise positive behaviour in areas ranging from product quality and tax to respect for intellectual property (IP) and compliance with laws. Those with low ratings could be blacklisted and sanctioned, making it more difficult for them to access loans and expand their markets.

According to Vivian Wu, counsel at FenXun Partners, since 2014, 30 pilot projects have been rolled out to establish credit information sharing platforms and to test awards and sanctions mechanisms. "There remain complexity and challenges in information sharing among different Chinese regulators, defining and unifying the scope, criteria and procedures of the blacklists and red lists, as well as uneven enforcement by different regulators in different localities," said Wu.

Blacklists will outline non-compliant firms while red lists will feature firms that are compliant.

PRIMER: China’s national standards for personal data protection

What are the areas that businesses are finding most confusing?

There are two main issues that are creating uncertainty and confusion for businesses: unclear implementation timelines and ambiguous definitions of key concepts that could impact ratings.

Concerns over unclear implementation timelines mainly relate to the implementation of the meta-database which will bring all of the different sectoral ratings, including customs, tax and emissions, into a single, unified system.

"The implications of such a database drives uncertainty for companies that worry about the potential massive change in the way they manage compliance," said a spokesperson at the European Union Chamber of Commerce in China (EUCCC). "Additionally, there is uncertainty related to the sanctions mechanism in cases of non-compliance, specifically how non-compliance in one field could lead to sanctions in other unrelated operations."

Even though many stipulations of the social credit systems are explicit and clearly stated, the need for clarification of details and definitions remain. According to a source at one European company, two examples are the exact definition of "responsible personnel" which refers to the linkage between individual and corporate ratings, and the scope of "business partners" which refers to the responsibility of monitoring the behaviour of business partners. Both individual and business partner ratings are expected to impact the rating of a business, however it is still unclear what exactly is meant by these concepts and to what extent they will impact ratings.

What will be the implementation challenges?

While idealistic in principle, the implementation of the social credit system is what worries businesses. "The transparency of the system will be a key factor to look at," said William Genovese, co-chair, China Greater Bay committee at Fintech Association of Hong Kong and vice president, corporate strategy research and planning for banking, financial markets and IT services at Huawei Technologies. "There is a perception in the West that information can be misused in China against multinational companies for sabotage or other nefarious reasons." However, he sees the system as a positive development in principle.

The system aims to set a standard at a global level for overall improvement in a variety of areas. "But it needs to fit in to the framework of global standards," said Genovese.

What can be expected for the social credit system is the need for constant refining. "I think China will go about it cautiously, a bit of two steps forward and one step back," said Genovese. He said that for it to be successful, the social credit system needs to have more focus on the carrots, not just the sticks. Examples of rewards could include funding and tax breaks for businesses.

What do businesses need to do to prepare?

The system of regulatory ratings requires the collection of massive amounts of company data, mostly through mandatory data transfers to government authorities. Businesses will need to consider how best to organise existing data in the event they are asked for it by government authorities. Some may have to start collecting new types of data. Information could range from emissions to taxes.

"In recent years, the quantity, depth and quality of data required by government agencies has increased significantly," said the EUCCC spokesperson. "Most of the transferred data points are neither sensitive nor problematic in isolation. In combination, however, they create an increasingly complete disclosure of a company’s profile."

Considering the government’s improving ability to consolidate data streams, companies will need to decide at which point the disclosure of business operations becomes an issue.

What are the data concerns businesses have for the social credit system?

There are concerns that the scope of required data might include critical IP, which then raises concerns about data security and the potential for leaked IP. "Additionally, data regarding "responsible personnel" will potentially require companies to consider monitoring the individual behaviour of employees outside of work," said the EUCCC spokesperson. "This is seen as a taboo by many European companies."

Wu added that in addition, many businesses are concerned that if the blacklist data, including non-compliance records and credit rating, is inaccurate or the relevant conclusion is drawn without going through due process, it is unclear what resorts the companies would have to take to escalate and rectify the issue.  

Head-to-head: Should Asia adopt a GDPR-style data privacy law?