网上银行业务管理暂行办法

中国人民银行令[2001]第6号
(Promulgated by the People's Bank of China on, and effective as of, 29 June 2001.)
颁布日期：20010629 　实施日期：20010629 　颁布单位：中国人民银行

PART ONE　GENERAL PROVISIONS

Article 1　These Tentative Procedures have been formulated pursuant to the PRC, People's Bank of China Law and the PRC, Commercial Banking Law, in order to regulate and guide the healthy development of Online Banking Services in China, effectively mitigate the risks associated with the operation of banking services and protect the lawful rights and interests of bank clients.

Article 2　These Procedures shall apply to all types of banking institutions whose establishment in the People's Republic of China was approved by the People's Bank of China, including policy banks and wholly Chinese-owned commercial banks as well as equity joint venture banks, wholly foreign-owned banks and branches of foreign banks established pursuant to the PRC, Administration of Foreign-funded Financial Institutions Regulations.

Article 3　For the purposes of these Procedures, the term "Online Banking Services" means financial services provided by banks through the internet.

Article 4　Banking institutions wishing to offer Online Banking Services in the People's Republic of China shall submit an application to the People's Bank of China before commencing such services and may only commence the same after examination and approval by the People's Bank of China.

All institutions registered outside the People's Republic of China and institutions registered in the Hong Kong, Macao and Taiwan regions that wish to provide Online Banking Services to residents of mainland China through the internet, as well as institutions in the People's Republic of China, other than in the Hong Kong, Macao and Taiwan regions, that wish to provide Online Banking Services to residents abroad through the internet, must apply to the People's Bank of China before doing so.

Article 5　The People's Bank of China is responsible for the routine supervision, onsite inspection and offsite oversight of Online Banking Services offered by banks.

PART TWO　APPROVAL TO ENTER THE MARKET FOR ONLINE BANKING SERVICES

Article 6　A bank wishing to offer Online Banking Services shall satisfy the following conditions:

(1) it has sound internal control mechanisms and effective management systems for identifying, monitoring, assessing and controlling the risks associated with traditional banking services and Online Banking Services;

(2) it has an internal computer system with uniform standards, a computer network that is running smoothly and a good electronic infrastructure;

(3) its existing business activities are running smoothly and its main asset-liability indicators such as asset quality, liquidity, etc. are maintained within reasonable bounds;

(4) it has qualified management and technical personnel, and its senior management personnel have the necessary knowledge to manage Online Banking Services and the ability to effectively manage and control the risks associated with Online Banking Services;

(5) in the case of a branch of a foreign bank applying to offer Online Banking Services, the regulatory authorities of the home country (region) of its head office has in place the legal framework and possesses the regulatory capabilities to regulate Online Banking Services; and

(6) other conditions required by the People's Bank of China.

Article 7　Where policy banks, wholly Chinese-owned commercial banks (excluding municipal commercial banks), equity joint venture banks, wholly foreign-owned banks or branches of foreign banks wish to offer Online Banking Services, the applications therefor shall be centrally submitted by their head offices to the head office of the People's Bank of China.

Where municipal commercial banks wish to offer Online Banking Services, the applications therefor shall be centrally submitted by their head offices to the local branch or business management department of the People's Bank of China.

Article 8　Banks applying to offer Online Banking Services shall submit the following documents and information (in triplicate) to the People's Bank of China:

(1) an application to offer Online Banking Services;

(2) a feasibility study concerning the offering of Online Banking Services, which shall at least contain the following particulars:

1) the types of Online Banking Services to be offered;

2) the status of the construction of the bank's electronic infrastructure;

3) details on the presence of Online Banking Service management and technical personnel;

4) measures for management of the risks associated with Online Banking Services;

5) a description of the support system and key technology associated with the operation of the Online Banking Services and the measures for ensuring the security of the system; and

6) a forecast of the losses and earnings from the Online Banking Services, etc.;

(3) a security evaluation report on the bank's system used to operate its Online Banking Services issued by an authoritative evaluation institution recognized by the People's Bank of China;

(4) an Online Banking Services development plan;

(5) a contingency plan and service continuity plan associated with the operation of the Online Banking Services;

(6) the rules, regulations and operational procedures for the Online Banking Services for which application has been made;

(7) the applicant's contact person, contact telephone, facsimile number and e-mail address; and

(8) other documents and information that the People's Bank of China requires to be submitted.

Article 9　If a policy bank, wholly Chinese-owned commercial bank (excluding municipal commercial banks), equity joint venture bank or wholly foreign-owned bank wishes to increase the types of Online Banking Services it offers after having obtained approval to offer Online Banking Services, its head office shall centrally report the services to be added to the head office of the People's Bank of China for its examination. If a branch of a foreign bank wishes to increase the types of Online Banking Services it offers after having obtained approval to offer Online Banking Services, its chief reporting bank in the People's Republic of China shall centrally report the services to be added to the head office of the People's Bank of China for its examination.

If a municipal commercial bank wishes to increase the types of Online Banking Services it offers, its head office shall centrally report the services to be added to the local branch or business management department of the People's Bank of China for its examination.

Article 10　The People's Bank of China subjects applications by banks to offer new types of Online Banking Services to two separate systems, viz. an examination and approval system and a record filing system.

The examination and approval system shall apply to banks' applications for the addition of the following services:

(1) any new Online Banking Service that a bank develops using the internet, that differs from traditional types of banking services and that constitutes on-balance sheet assets or liabilities;

(2) payment and settlement services other than credit payments that a bank effects through the internet;

(3) on-balance sheet asset type traditional banking services for which a bank has not obtained the approval of the People's Bank of China and which it offers through the internet; and

(4) new services directly related to the securities or insurance business that a bank offers through the internet.

The record filing system shall apply to other added services that banks offer through the internet.

Article 11　When a bank applies to add a new Online Banking Service pursuant to Article 10 hereof, it shall submit the following documents and information (in triplicate) to the People's Bank of China:

(1) an application for adding the service;

(2) a feasibility study on the service to be added, which shall at least include:

1) the definition of the service to be added;

2) the risk factors of the service to be added and the measures for the mitigation thereof; and

3) a forecast of the losses and earnings from the offering of the service;

(3) the rules, regulations and operational procedures for the additional service for which application is made;

(4) the applicant's contact person, contact telephone, facsimile number and e-mail address; and

(5) other documents and information that the People's Bank of China requires be submitted.

Article 12　The People's Bank of China shall issue a formal official reply document, within 30 working days after acceptance of the application, to a bank that, pursuant to Article 7 or 10 hereof, has applied to it to offer Online Banking Services or to add a new service that is subject to the examination and approval system.

The regulatory department of the People's Bank of China shall reply by way of a record filing notice, within 15 working days after acceptance of the application, to a bank that, pursuant to Article 10 hereof, has applied to add a new service subject to the record filing system.

Article 13　Before a (sub-)branch of a bank offers Online Banking Services, it shall report the type and nature of the services it is to offer to the competent local branch of the People's Bank of China.

PART THREE　MANAGEMENT OF RISKS ASSOCIATED WITH ONLINE BANKING SERVICES

Article 14　Banks that offer Online Banking Services shall comply with State laws, rules and regulations governing the security of computer information systems, management of commercial encryption, protection of consumer rights and interests, etc.

Article 15　The board of directors and the senior management of a bank that is to offer Online Banking Services shall determine an Online Banking Services development strategy and operational security strategy, formulate and implement comprehensive, integrated and systematic business management rules pursuant to relevant laws and regulations, and effectively manage the operation of the Online Banking Services and the risks associated therewith.

Article 16　Banks shall formulate and implement comprehensive physical security measures that can effectively guard against unlawful access to key equipment by unauthorized persons from outside and inside the banks.

Article 17　Banks shall use appropriate encryption technology and measures in order to verify the identities and authorizations of users of Online Banking Services, ensure the confidentiality and authenticity of transmitted online transaction data, and ensure the integrity of information transmitted and the irrefutability of transactions effected over the networks.

Article 18　Banks shall implement effective measures to prevent infection of their Online Banking Services transaction system by computer viruses.

Article 19　Banks shall formulate necessary system operation benchmarks and regularly or irregularly test the operational status of their network systems and business operating systems, in order to discover hidden defects in, and hacker attacks on, the system in a timely manner.

Article 20　Banks shall incorporate their Online Banking Services operating systems into their contingency plans and service continuity plans.

Article 21　Banks shall explain and disclose to their clients the transaction rules for each of their Online Banking Services in an appropriate manner and explain to clients the transaction risks involved in a particular Online Banking Service and their rights and obligations in specific transactions when clients apply for such service.

Article 22　When a bank engages in Online Banking Services, it shall allocate dedicated Online Banking Service auditing capacity in order to conduct regular audits of its Online Banking Services.

Article 23　Banks shall, in a timely manner, provide training to their working personnel and upgrade their system security technology and equipment in accordance with the growth requirements of their banking services.

Article 24　Banks shall establish a system for reporting major Online Banking Service operational matters and in a timely manner report to the regulatory authority such important matters as major security leaks, hacker attacks, changes in internet address, etc. that occur in the course of operating their Online Banking Services.

Article 25　Banks that offer Online Banking Services shall permit evaluations of the security of their business operating systems by authoritative evaluation institutions recognized by the People's Bank of China.

PART FOUR　LEGAL LIABILITY

Article 26　If the People's Bank of China discovers any of the circumstances set forth below while supervising or inspecting the Online Banking Services of a bank, it will handle the matter in accordance with the Penalties for Illegal Financial Acts Procedures, the Administration of the Qualifications for Office of the Senior Management Personnel of Financial Institutions Procedures and related laws and regulations; in particularly serious cases, the People's Bank of China will enforce a halt in the provision of some or all Online Banking Services, as follows:

(1) the bank offers Online Banking Services without the approval of, or record filing by, the People's Bank of China;

(2) while offering such services, the bank violates State laws or regulations, or prejudices the interests of the State or the public;

(3) while offering Online Banking Services, the bank avoids supervision and inspection by the People's Bank of China, resulting in unfair competition;

(4) the bank lacks qualified management personnel and working personnel, its business management is in disarray and it lacks the resources to control the risks associated with its services, resulting in a major capital loss;

(5) the bank's measures for ensuring system security are inadequate, resulting in major security leaks and prejudicing the interests of clients and the security of the bank's organization;

(6) a major matter arises and the bank fails to report the same to the People's Bank of China in a timely manner; or

(7) another circumstance that the People's Bank of China considers requires handling.

Article 27　If in the course of operating its services a bank commits a violation of laws or regulations other than the violations specified in Article 26 hereof or violates another provision hereof, the People's Bank of China will handle the matter in accordance with the relevant laws, rules and regulations.

PART FIVE　SUPPLEMENTARY PROVISIONS

Article 28　A bank may not discontinue, without the consent of the People's Bank of China, a liability-type Online Banking Service the offering of which was examined and approved by the People's Bank of China.

Article 29　The People's Bank of China will separately formulate procedures for the administration of applications by domestic banks to establish legal person institutions that specialize in the offering of Online Banking Services and applications by foreign institutions to establish legal person institutions or branches in China that specialize in the offering of Online Banking Services.

Article 30　Reference may be made to these Procedures for the approval of market access for, and the administration of, financial services provided through other public information networks or private networks by banking institutions governed by these Procedures, unless otherwise provided in laws, rules or regulations, in which event such other provisions shall apply.

Article 31　The People's Bank of China is in charge of the interpretation of these Procedures.

Article 32　These Procedures shall be implemented as of the date of promulgation.