Fines for data security violations for one of China's Big Four lenders, Agricultural Bank of China by the Banking and Insurance Regulatory Commission is a wakeup call on all lenders, big and small, to fix lax online procedures, according to reports.
Agricultural Bank was fined up to 4.2 million yuan ($650,660) for data security violations, according to a statement by the banking commission, and followed fines of 1.3 million yuan December at four of the lender's Qingdao branches for embezzling loan funds and inadequate review of annexation loans.
There was "inadequate protection of its network and wireless internet at branches," said the banking commission in the statement. Agricultural Bank said it would make a "systematic rectification," institute "fundamental governance" within its system and "consolidate internet securities" to provide safer financial services.
The fine at the start of this year however is seen as a precursor to more aggressive regulator action on security and data breaches for banks as well as non-bank lenders in the fin-tech sector, with the central bank also squarely on board.
"Any personal credit reporting businesses conducted by big data companies without legal licenses from the People's Bank of China will be punished and be under oversight," said a People's Bank of China representative in a Beijing news conference last month.
The latest step by the banking commission comes as 3,178 Chinese banking and insurance institutions were slapped with violations by the top regulators last year, with total fines and confiscations amounting to 2.28 billion yuan, according to data released by the banking commission.
China also blocked an initial piblic offering by Alibaba Group unit Ant Financial last year because of concerns of non-bank lenders operating a data-rich service outside of traditional banking regulatory channels.
Among China's medium- and small-sized banks, 92.5% of these institutions claim to have conducted data security governance processes, but no domestic bank has implemented a comprehensive data security governance framework to prioritize business risks, according to a report released by Gooann Research Institute and data security analysis platform Aqniu.com.
With personal and company information on digital devices being collected, stored and sold, the country's market in the credit reporting business has been booming. China at present operates the largest credit-reporting database in the world but also has seen data abuse from unfettered expansion of Big Data.
The proposed "Measures for the Management of the Credit Reporting Business" is reportedly collecting public feedback via the Ministry of Justice and central bank websites.
One of the highlights new data regulation is to clarify the definition of credit reporting information. By increasing the transparency within credit reporting business operations, it can prevent personal data from being irresponsibly collected, manufactured, or illegally deployed, said analysts.
The move is also seen as another backlash from Beijing to tighten regulations on fin-tech companies that collect and use personal data in financial services.