China: API Bank有关金融数据合规问题解析

Last Updated: 1 April 2019
Article by Xiang DAI
Most Read Contributor in China, March 2019

近年来,在互联网金融飞速发展的大背景下,商业银行扭转发展理念,依托金融科技不断释放创新的原动力,变革金融服务模式,通过开放银行借船出海、换道超车。目前,建设银行、浦发银行、招商银行、兴业银行、平安银行等纷纷通过API/SDK推出开放银行平台,开放银行已如火如荼开展。2018年更被业内称为"APIBank开放银行元年"。在金融领域,APIBank开放银行作为商业银行全新的业务模式,目前国内尚缺乏相关规定的指引。系统的金融监管也处于空白状态。但APIBank开放银行的各类法律合规风险却始终存在,不容忽视。这就需要我们不断去探索,以期能采取有效措施来减少APIBank开放银行中的法律合规风险。本篇文章是我们推出的APIBank开放银行法律合规系列问题专题讨论之一,后续还会就APIBank相关的其他法律合规问题推出专题讨论文章。

一、APIBank与银行业金融数据

API指Application Programing Interface,计算机术语称之为"应用程序编程接口"。API这个词汇对于金融行业来说或许陌生,但对于互联网从业者来说却极为熟悉。近年来,以腾讯、阿里巴巴、京东、苏宁等为代表的互联网巨头纷纷开放API接口,和广大的第三方产品、服务对接赋能,在快速拓展自己业务的同时也为用户创造了更多维的价值。

API Bank在金融业内被译作"无界开放银行",是以API架构驱动的全新银行业务和服务模式,即以开放、共享、高效、直达的API开放平台为承载媒介,将多种能力输出,嵌入到各个合作伙伴的平台和业务流程中,实现以客户为中心、场景为切入,进行产品和服务快速创新,形成跨界金融服务,无界延伸银行服务触点,无限创新服务和产品。这象征着银行将无处不在,无时无刻为客户提供优质便捷的金融服务。开放API接口的核心和基本要求是数据的共享,API Bank开放银行意味着银行金融数据与第三方合作平台的交互共享。由于金融数据的高敏感性和高安全性要求,尤其涉及个人金融信息的高保密要求,再加上银行业本身的重度监管属性。金融数据交互共享的合规性显得尤为重要。本文从API Bank开放银行金融数据合规角度出发,尝试提出一些理解和建议,供大家参考。

图表1开放银行图示

二、关于金融数据划分和金融数据脱敏

(一)金融数据划分

纵观各国APIBank监管规则,金融数据划分是各国监管部门首先倡导的合规方向。以推行开放银行监管较早的英国为例,英国财政部牵头成立的开放银行工作组("the Open Banking Working Group",OBWG)于2016年3月对外发布《开放银行标准框架》("The Open Banking Standard"),其中将金融数据划分为五类,分别为开放数据、客户交易数据、客户参考数据、聚合数据、商业敏感数据,并对其内容做了界定。 1

金融数据划分作为API Bank开放银行的第一步,将为后续的开放权限划分和金融数据差异化安全管控打下基础。商业银行的金融数据种类繁多,不仅包含着个人的身份、财产、信用、交易等个人金融信息,往往还涉及金融业重要数据、商业机密数据等重要内容。通过金融数据划分,一来银行可以根据自身金融数据保护能力选择暂不开放或者分步骤开放有关敏感金融数据,涉个人金融信息需进行脱敏处理或确保第三方合作平台保密不泄露;二来对不同级别的金融数据可以采用不同级别的安全管控措施,如敏感程度较高的金融信息可以仅开放读取权限,而一般级别的金融信息可同时开放读取和写入权限。

除英国外,后续加入开放银行监管的新加坡、澳大利亚、我国香港地区等地的金融监管部门也参照了此种模式,推动银行业进行金融数据划分。

(二)金融数据脱敏

数据脱敏(Data Masking),又称数据混淆、数据漂白、数据去隐私化。是数据保护方式的一种,在一个不可逆转的过程中,敏感数据的真实值被转换成虚构的、但看起来逼真的值,原始值被永久改变且无法恢复。

图表2数据脱敏示例

中国人民银行关于印发《中国金融业信息技术"十三五"发展规划》 2的通知中以及《银监会信息科技风险现场检查指南》 3均表示银行应实施数据脱敏、变形以维护数据安全。数据脱敏技术是目前监管所提倡的一种数据保护方式。

银行在API Bank开放数据过程中应当结合数据划分,将敏感程度较高的金融数据进行脱敏处理。

三、关于金融数据共享

金融数据共享是API Bank开放银行的核心和基本要求。但是,保密义务又是银行业的一项古老的传统和基本要求,各个国家不管是金融法律法规还是监管机构均要求银行对客户的身份资料、账户信息和交易信息等承担保密义务,不得对外提供或者允许他人查询。金融数据共享就意味着被共享主体也知晓个人金融信息,被共享主体泄密也就意味着银行泄密。所以,被共享方也需要承担跟银行一样的保密义务。但是,API Bank开放银行合作平台分属各行各业,鱼目混杂,多数往往不是像金融机构这样的重度监管行业,个人信息保护意识淡薄。所以,银行选择诚信、合法合规经营、有金融数据保护能力的共享方就显的尤为重要。另外,银行还有可能因为使用了第三方合作平台非法获取的金融数据而被"传染"。

数据共享违规大致有如下几种情形:未经用户同意共享数据、第三方合作平台共享非法获取的数据、第三方合作平台滥用他方共享的数据、第三方合作平台非法泄露数据等。近年,互联网行业已经发生了多起由于数据共享引发的恶性事件,给当事方造成极其负面的影响。

Facebook数据泄露事件

图表3 Facebook事件脉络

在本案中,Facebook通过开放API接口进行数据共享,数据经第三方泄露后被用于靶向广告投放甚至影响美国总统大选。虽然Facebook并非直接的侵权人,但因其是数据的来源和共享方,而同样成为相关责任的承担者。这与银行所处的地位相似,在APIBank开放银行中如发生第三方数据泄露或数据滥用,银行会首当其冲,首先面临民事赔偿诉讼和监管处罚。

微博VS脉脉数据泄露事件

图表4微博VS脉脉

在本案中,微博与脉脉达成合作关系,微博通过开放API接口实现了与脉脉数据信息的共享;过程中,脉脉用爬虫非法抓取使用了未经微博用户许可的微博用户个人信息;虽然最终法院判决脉脉侵权并赔偿损失、消除影响。但数据的来源和共享方微博同样会被外界认为因其未尽到数据的保护和注意义务,才最终导致个人信息数据泄露。同样,也给微博带来极其负面的声誉影响。

综上,银行通过API Bank与第三方平台合作,必须全面了解、评估第三方合作平台的过往诚信情况,数据来源情况、数据保存情况、数据使用情况以及数据保护能力等。通过全面的数据合规尽职调查判断开放银行API接口的风险。银行可以先根据金融数据的划分进而确定安全保护等级要求后,再去匹配、评定第三方合作平台的金融数据保护能力。同时还需要视情况通过有关协议安排进一步强化第三方合作平台数据违规的违约责任。

四、关于金融数据出境

因涉及金融主权和金融数据本身的高度安全性要求,各国对金融数据出境均采取审慎的态度。目前,我国银行业金融数据出境受双重监管,一是来自于金融监管部门,二是来自于网信部门。

图表5数据出境

(一)来自金融监管部门的规定

根据我们对有关金融监管法规的解读 4,目前监管部门对金融数据出境持极其审慎的态度。要求金融数据本地化,做到本地存储+处理+分析,且仅在符合"业务必需+客户同意+关联机构+确保保密" 5的前提下,才允许例外出境。由此可见,外资银行将数据中心设在境外、仅仅根据母国和总行监管合规要求跨境报送数据等行为均不符合监管部门的相关规定。这在很大程度上是一国对金融主权的主张,也是对金融数据高度安全性要求的必要控制。而且在目前唯一的例外出境条件中仍然存在模糊的地方,比如何为"业务必需"、"关联机构"具体包括那些?这些模糊的地方仍然需要金融监管部门的进一步明确,但同时也为各金融机构跟监管解释、博弈留下了制度空间。

(二)来自网信部门的规定

随着《中华人民共和国网络安全法》(《网安法》)的出台,网信部门还牵头起草了大量关于数据保护、数据出境的规定 6。网信部门对所有互联网数据实行统一监管,其对数据出境的态度不同于金融监管部门。网信部门原则上允许数据因业务需要在经安全评估后可以出境,而且根据《网安法》的规定持有数据的机构只需要做到本地存储即可,不需要本地处理+分析。


金融监管部门的规定

网信部门的规定

基本思路

原则禁止+例外允许

原则允许+例外禁止

适用范围

个人信息

个人信息+重要数据

本地化要求

本地存储+处理+分析

本地存储

出境要求

目前仅限跨境业务场景:
业务必需+客户同意+关联机构+确保保密

业务需要、安全评估

图表6双重监管差异对比表

通过上述差异对比,两个部门的监管规定存在较大差异,金融监管部门的规定比网信部门的规定更严格。金融行业作为重度监管的特殊行业,考虑到银行业更严格的数据安全和信息保密要求,在数据出境问题上坚持比一般行业更严格的监管制度,有其必要性和合理性。在API Bank开放银行涉及金融数据出境时,应严格执行金融监管部门"本地存储+处理+分析"加"业务必需+客户同意+关联机构+确保保密"的监管要求。

参考文献:

1参见兴业数字金融服务(上海)股份有限公司战略与研究团队,《开放银行系列之概念篇:何为开放银行?》

2参见中国人民银行关于印发《中国金融业信息技术"十三五"发展规划》专栏五第二点"逐步完善敏感信息保护机制,规范互联网环境下使用敏感数据的行为,强化对金融机构向第三方机构提供客户信息的技术监管,加强对内部职工和外部合作单位的管理。"

3参见银监会《信息科技风险现场检查指南》"测试中如需使用生产数据,应对相应数据进行脱敏、变形处理,当使用生产数据测试时是否得到高级管理层的审批并采取相关限制及进行脱敏处理"。

4参见《中国人民银行关于银行业金融机构做好个人金融信息保护工作的通知》第6条;《中国人民银行上海分行关于银行业金融机构做好个人金融信息保护工作有关问题的通知》第4条;《中国人民银行办公厅关于2013年个人金融信息保护专项检查情况的通报》第2条第6款;《中国人民银行金融消费者权益保护实施办法》第33条。

5参见《银行业金融数据出境的监管框架与脉络》,https://mp.weixin.qq.com/s?__biz=MzIxODM0NDU4MQ==&mid=2247485862&idx=1&sn=d4271e1a00195de04b7adfafeef0a4b2&chksm=
97eab44ca09d3d5a43e2ce6b8809e83fcb3695e26ae2f735d1d0421cbf0b132620c2cbfff77b&mpshare=
1&scene=1&srcid=11308mD7XJ1aBS4j3bTnHpXi#rd

6参见国家网信办《个人信息和重要数据出境安全评估办法》(征求意见稿);信安标委《信息安全技术数据出境安全评估指南》(草案)。

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
 
Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Related Topics
 
Related Articles
 
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.

Disclaimer

The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.

General

Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions