The Measures for the Supervision and Administration of Financial Infrastructures, adopted at the ninth executive meeting of the People’s Bank of China on May 23, 2025 and countersigned by the China Securities Regulatory Commission, is hereby issued and will come into force on October 1, 2025.
Pan Gongsheng, Governor of the People’s Bank of China
Wu Qing, Chairman of the China Securities Regulatory Commission
July 25, 2025
Measures for the Supervision and Administration of Financial Infrastructures
Chapter I General Provisions
Article 1 This Measures is formulated in accordance with laws and administrative regulations including the Law of the People’s Republic of China on the People’s Bank of China, the Securities Law of the People’s Republic of China, the Futures and Derivatives Law of the People’s Republic of China, the Company Law of the People’s Republic of China, the Cybersecurity Law of the People’s Republic of China, the Data Security Law of the People’s Republic of China, the Personal Information Protection Law of the People’s Republic of China, the Regulations on the Administration of Futures Trading, the Regulations on the Administration of Credit Reporting Industry, and the Regulations on the Security Protection of Critical Information Infrastructure, for the purposes of strengthening the coordinated supervision and development planning of financial infrastructures and ensuring the safe and efficient functioning of the financial system.
Article 2 This Measures shall apply to the building, operation, maintenance, and supervision of financial infrastructures established with the approval of the State Council or financial infrastructure regulatory authorities. Where there are other provisions in laws, administrative regulations, or in rules issued by the State Council or the financial infrastructure regulatory authorities, such provisions shall prevail.
Article 3 In this Measures, “financial infrastructures” refer to financial asset registration and depository systems, clearing and settlement systems (including central counterparties that provide centralized clearing services), trading facilities, trade repositories, important payment systems, and fundamental credit reporting systems.
In this Measures, “financial infrastructure regulatory authorities” refer to the People’s Bank of China (“PBOC”) and the China Securities Regulatory Commission (“CSRC”).
Article 4 The Xi Jinping Thought on Socialism with Chinese Characteristics for a New Era shall be taken as guideline, and the centralized and unified leadership of the CPC Central Committee over financial programs shall be upheld. Financial infrastructure operators shall establish Party organizations in accordance with the Party Constitution and regulations, strengthen Party building, and ensure that the Party’s lines, principles, and policies as well as the country’s major tratigic plans are implemented in their operations.
In this Measures, “financial infrastructure operators” refers to any business corporation or incorporated public institution that is approved to build, operate, or maintain financial infrastructures in accordance with laws, administrative regulations, decisions of the State Council, and this Measures.
Article 5 Financial infrastructure regulatory authorities shall enhance planning and guidance, promote the orderly interconnection among financial infrastructures in accordance with the unified arrangements for building a modern infrastructure system. With priority given to security and efficiency, they shall continuously optimize the planning for financial infrastructures, strengthen their integrity, and improve the development of their governance system. These efforts shall ensure that financial infrastructure operators comply with overarching plans, prioritize public interest, and further improve their governance, operational efficiency and service quality. Excessive profit-seeking and risk-taking shall be prevented, while both market services and regulatory support shall be balanced.. In line with the requirements for building a unified national market, financial infrastructure regulatory authorities shall approve new financial infrastructures in a prudent manner, and shall ensure China has absolute control over financial infrastructures that affect national financial security or have significant externalities.
Article 6 A financial infrastructure shall be supervised, and the accountability for its actions shall be borne, by the regulatory authority that approved it. The approval and supervision of financial infrastructures shall be in line with national strategies and plans, the needs of national economic and social development, and the safeguarding of China’s financial security.
Article 7 The building, operation, maintenance, and supervision of financial infrastructures shall be based on China’s realities and aligned with such international standards as the Principles for Financial Market Infrastructures(PFMI).
Chapter II Establishment
Article 8 The establishment of financial infrastructures within the territory of the People’s Republic of China is governed by the Law on the People’s Bank of China, the Securities Law, the Futures and Derivatives Law, the Regulations on Administration of Futures Trading, the Credit Reporting Regulations, and other relevant laws and administrative regulations as well as rules of the State Council, and shall be consistent with the negative list for market access.
The CSRC is responsible for approving newly established financial infrastructures involving securities, futures, and related activities. The PBOC is responsible for approving newly established payment systems, fundamental credit reporting systems, and financial infrastructures for the interbank market. Other newly established financial infrastructures is subject to the approval of the PBOC in conjunction with other relevant authorities. Financial infrastructures may be approved by the CSRC or PBOC only after obtaining the consent of the State Council if they have or may have a material impact on the financial system or if such State Council authorization is deemed necessary by the relevant authorities. Any establishment involving foreign investment that affects or may affect the national security of China shall undergo security review in accordance with the law.
No organization or individual may unlawfully establish or operate a financial infrastructure, unlawfully provide, either directly or indirectly financial infrastructure-related services, or unlawfully use designations related to financial infrastructure service such as “exchange,” “trading center,” “registration,” “clearing,” “settlement,” “payment,” “custody,” “depository,” or “trade reporting” or any similar names.
Article 9 A financial infrastructure operator shall meet the following requirements:
(1) Have a legal entity duly established within the territory of the People’s Republic of China;
(2) Possess a clear and transparent organizational structure and governance framework and not contravene the national interest or the public interest of the People’s Republic of China;
(3) Possess a registered capital and paid-in capital meeting the relevant requirements;
(4) Have in place the necessary business premises as well as secure, compliant systems and facilities that support its business operations;
(5) Have in place the risk management protocols, internal controls, operational rules, and other institutional arrangements that are commensurate with the proposed business activities;
(6) The proposed directors (or governors), supervisors, and officers meet the qualification requirements specified in this Measures; and
(7) The shareholders and de facto controllers shall possess the necessary operational experience, have sound credit and integrity records, have no record of intentional or grossly negligent criminal offenses, and have no record of major violations or regulatory penalties within the last three years.
The foregoing requirements shall, in principle, apply similarly to financial infrastructures operated by incorporated public institutions.
Article 10 Each of the directors (or governors), supervisors, and officers of a financial infrastructure operator shall hold a bachelor’s degree or higher; have sound credit and integrity records; be familiar with the laws, regulations, and international supervisory standards relevant to the financial infrastructures of his industry; possess at least five years of work experience in the relevant financial industry and the management skills required for her or his position; and have no record of a major violation within the last five years. Where the financial infrastructure operator is organized as a corporation, its directors, supervisors, and senior managers shall also comply with the provisions of Article 178 of the Company Law of the People’s Republic of China.
Article 11 A financial infrastructure operator shall obtain approval from the financial infrastructure regulatory authority of the corresponding assigned responsibilities (“competent financial infrastructure regulatory authority”) in the event of:
(1) a change in its name or the name of the financial infrastructure it operates;
(2) a change in its registered capital;
(3) a change in its domicile or business premises;
(4) an adjustment of its scope of business or that of the financial infrastructure it operates;
(5) a change in any of its actual controllers, beneficial owners, or major shareholders that holds five percent or more of its total capital or shares;
(6) a change of its legal representative, chairman of the board of directors (or chairman of the board of governors), or general manager;
(7) an amendment to its corporate articles of association; or
(8) establishment of system connectivity between the financial infrastructure it operates and a Mainland or overseas financial infrastructure, or the entering of a significant business collaboration with another Mainland or overseas financial infrastructure operator.
Article 12 Financial infrastructure regulatory authorities will publish the list of financial infrastructures and their operators as provided by law.
Chapter III Operational Requirements
Article 13 A financial infrastructure operator shall establish a clear, transparent governance structure and an effective accountability mechanism, and shall publish information about them in a timely manner.
Article 14 A financial infrastructure operator shall establish a risk management committee in line with the Principles for Financial Market Infrastructures (PFMI) and other relevant requirements, and a robust risk management framework that can definitively identify, measure, monitor, and manage the risks associated with its businesses, including without limitation:
(1) The effective measurement, monitoring, and management of credit risk from participants and from payment, clearing, and settlement processes, and the management of its own credit risk exposures through collaterals with high credit ratings and low liquidity and market risks;
(2) The effective measurement, monitoring, and management of liquidity risk. A financial infrastructure operator shall maintain sufficient liquidity resources including, but not limited to, cash, deposits, and lines of credit from commercial banks;
(3) The effective measurement, monitoring, and management of the overall market operational risk;
(4) Maintenance of high-quality liquid assets covering no less than six months of the current operating expenses to absorb potential operational losses and ensure business continuity. The scope of high-quality liquid assets will be separately established by the relevant authorities;
(5) Placement of proprietary assets and participant assets intended to cover six months of operational needs under the custody of financial institutions or specialized institutions recognized by the financial infrastructure regulatory authorities; and
(6) Periodic monitoring and assessment of the risks potentially posed by participants, their clients, and other organizations to the financial infrastructure.
Article 15 A financial infrastructure operator shall establish sound IT systems and management practices, encompassing:
(1) Compliance with the requisite technical specifications, communication protocols, and standards;
(2) Emergency responses to system failures and disaster recovery arrangements, supported by robust data protection and backup measures. The disaster recovery center shall be located in the Mainland;
(3) Effective cybersecurity management systems. Systemically important financial infrastructures shall additionally comply with the requirements of laws and administrative regulations on the security protection of critical information infrastructures; and
(4) Comprehensive data storage management practices. Personal information and critical data collected or generated from Mainland operations shall be stored within the Mainland. If outbound transmission is absolutely required for business purposes, such transmission shall comply with applicable regulations of China.
Article 16 A financial infrastructure operator shall establish sound internal control systems and take effective measures to prevent conflicts of interest between itself and participants of the financial infrastructure as well as between different participants.
Article 17 A financial infrastructure operator shall properly retain the original documentations and critical data related to its financial infrastructure services, as well as material information concerning internal management and business operations. The retention period shall not be shorter than 20 years, unless otherwise provided by laws or administrative regulations.
Article 18 A financial infrastructure operator shall strengthen, and assume primary responsibility for, data security, and shall establish sound and effective internal management systems and accountability guidelines for data security to protect the business data and related materials of participants and other data created during the provision of services. A financial infrastructure operator shall ensure the data will not be damaged, destroyed, stolen, or used illegally, and shall not infringe upon personal information rights and interests. Where laws, administrative regulations, or the relevant financial infrastructure regulatory authority provide specific rules concerning data processing, those rules shall prevail.
A financial infrastructure operator shall facilitate participants’ timely access to the data and materials relevant to them.
A financial infrastructure operator shall establish comprehensive mechanisms for handling error-related disputes and customer complaints, and resolve such matters in a prompt and appropriate manner, to protect customers’ legitimate rights and interests.
Article 19 Any financial infrastructure operator that outsources relevant services shall explicitly acknowledge that such outsourcing does not transfer its liability to other parties or alter the legal relationship between it and the participants of the financial infrastructure, and such outsourcing shall not hinder financial infrastructure regulatory authorities’ supervisory functions.
Article 20 A financial infrastructure operator shall assume the primary responsibility for participants management and duly take actions to strengthen the oversight and management of participants. A financial infrastructure operator shall enter into agreements or conventions with participants, set out service rules, or take other means to specify its and participants’ rights, obligations, and responsibilities.
Article 21 Where financial infrastructures engage in business collaboration through system interconnection, their operators shall take such means as entering into agreements or conventions to specify their respective rights, obligations, and responsibilities and ensure clarity on their legal relationship, and shall effectively identify and manage the relevant risks, including but not limited to:
(1) Accurately identifying the qualifications of the interconnected financial infrastructure operator and ensure it has a sound corporate governance structure;
(2) Effectively managing the operational, credit, liquidity, technical, legal, and other relevant risks, including establishing effective risk identification and isolation mechanisms to prevent risk contagion to or from the interconnected financial infrastructure.
Article 22 A financial infrastructure operator shall develop comprehensive contingency plans covering major epidemics, natural disasters, abnormal market fluctuations, external shocks, cybersecurity incidents, data security incidents, and other extreme scenarios that may affect its business continuity and soundness, as well as the proposed emergency response measures for each. A financial infrastructure operator shall also effectively coordinate with the contingency plans of other interconnected financial infrastructures to help maintain a safe and stable financial market.
Chapter IV Supervision and Administration
Article 23 A financial infrastructure operator shall promptly make filings with the competent financial infrastructure regulatory authority in accordance with the divisional responsibilities if:
(1) it develops and executes a recovery plan; or
(2) it changes any of its directors (or governors), supervisors, or officers.
Article 24 A financial infrastructure operator shall submit periodic reports to the competent financial infrastructure regulatory authority regarding such matters as its operations, financial infrastructure business activities, and business compliance.
A financial infrastructure operator shall promptly submit a report to the relevant financial infrastructure regulatory authority if any of the following significant events concerning itself or the financial infrastructure it operates occurs:
(1) Incidents such as system failures, manual operational errors, or data breaches, or disruption of its core business operations, which has resulted in material impacts, due to other circumstances such as natural disasters;
(2) Any litigation or arbitration that has a material impact on its normal course of business, or any major contingent liabilities or losses; or
(3) Any launch, major modification, or decommissioning of critical operation systems.
Article 25 Overseas financial infrastructures that provide cross-border supply services to Mainland residents or organizations and their operators shall comply with the relevant requirements of this Measures, have been offering financial infrastructure services for three years or longer, are subject to comparable and comprehensive supervision and regulation by the government agencies of their resident countries or regions, and have no record of major risk incidents, material violations, or sanctions from a competent regulatory authority for a serious offence. “Cross-border supply services” refer to financial infrastructure services provided by an overseas financial infrastructure to Mainland residents or organizations.
With respect to any overseas financial infrastructure that provides cross-border supply services to Mainland residents or organizations, the relevant regulatory authorities of the country or region where the overseas financial infrastructure is located shall have entered into a memorandum of understanding with the relevant financial infrastructure regulatory authority, unless otherwise provided by Chinese laws or regulations.
Pursuant to the principles of regulatory reciprocity, any overseas financial infrastructure that provides cross-border supply services to Mainland residents or organizations and its operator shall submit periodic reports to the relevant financial infrastructure regulatory authority regarding the following matters:
(1) State of compliance of its overseas operations;
(2) Regulatory approvals, exemptions, licenses, or permits obtained overseas;
(3) Self-assessment reports against the Principles for Financial Market Infrastructures (if applicable).
Financial infrastructure regulatory authorities may, based on regulatory reciprocity, exempt certain overseas financial infrastructures that provide cross-border supply services and their operators from the above reporting requirements or impose the necessary reciprocal, restrictive measures.
Article 26 A financial infrastructure operator shall, in accordance with the requirements of the relevant financial infrastructure regulatory authorities, submit data to the national basic financial database for the compilation of comprehensive financial industry statistics. The national basic financial database shall further institutionalize information sharing as required by applicable rules.
Article 27 A financial infrastructure operator shall, before the end of April each year, report its financial data of the preceding year to the relevant financial infrastructure regulatory authority.
Article 28 The PBOC shall conduct reviews on payment systems, fundamental credit reporting systems, and financial infrastructures for the interbank market and the relevant operators in accordance with laws and administrative regulations. The CSRC shall conduct reviews on the financial infrastructures involved in securities, futures, and related activities and their operators in accordance with laws and administrative regulations.
Article 29 A financial infrastructure operator and its staff shall cooperate with reviews and evaluations, promptly provide the relevant documents and materials, ensure the authenticity, accuracy, and completeness of such materials, and shall not refuse or obstruct the process or withhold information.
Article 30 A financial infrastructure operator shall develop and regularly update recovery plans for risk incidents.
The financial infrastructure regulatory authorities, as the lead agencies for resolving financial infrastructure-related risks, shall, in accordance with their assigned responsibilities, implement resolution measures for financial infrastructures who are unlikely to ensure the continuity of critical business operations upon the failure of their recovery plans.
A financial infrastructure and its operator shall exit the market in accordance with the law if they can no longer continue their operations or are presenting serious harm to the orderliness of the financial market or the public interest.
Article 31 A financial infrastructure that, upon review, meets some or all of the following criteria shall be classified as a systemically important financial infrastructure. The competent financial infrastructure regulatory authority shall issue the findings of the review process and supervise the financial infrastructure in accordance with their assigned responsibilities.
(1) Having a large and widely diverse participant base;
(2) Enjoying a high market share;
(3) Having complex business, significant interconnectedness with financial institutions, or interconnections with other systemically important financial infrastructures;
(4) Providing critical financial market services that are not easily substitutable, and potentially causing material adverse effect on the financial system and the real economy upon the occurrence of a major risk incident or other events that make it unable to continue operations.
Article 32 In addition to remaining subject to the current regulatory regime where regulation is exercised by the relevant financial administrative authority under the State Council, systemically important financial infrastructures and their operators are also subject to macroprudential management by the PBOC. Financial infrastructures that involve securities, futures, and related activities and their operators are regulated by the CSRC in accordance with the law. Payment systems, fundamental credit reporting systems, financial infrastructures for the interbank market and their operators are regulated by the PBOC. Other financial infrastructures and their operators are subject to functional regulation by the PBOC in conjunction with other relevant authorities.
Chapter V Legal Liabilities
Article 33 Upon the occurrence of any of the following circumstances, the financial infrastructure regulatory authorities may order the completion of rectification within a prescribed time limit, and impose penalties on the relevant financial infrastructure operator, the directors (or governors), supervisors, and senior officers with direct responsibility, and other directly responsible individuals in accordance with laws and administrative regulations including the Law on the People’s Bank of China, the Securities Law, the Futures and Derivatives Law, and the Credit Reporting Regulations. Where a suspected offence constitutes a crime, the case shall be referred to judicial authorities for criminal investigation in accordance with the law:
(1) Failing to obtain approval from the financial infrastructure regulatory authorities as required by this Measures;
(2) Failing to complete filing with the financial infrastructure regulatory authorities as required by this Measures;
(3) Failing to submit reports to the financial infrastructure regulatory authorities as required by this Measures;
(4) Violating this Measures by refusing to respond to or obstructing the inquiries, reviews, or investigations of the financial infrastructure regulatory authorities or by failing to provide relevant documents or materials in a truthful manner;
(5) Violating this Measures by appointing any unqualified director (or governor), supervisor, or senior officer;
(6) Unjustifiably restricting or refusing to provide financial infrastructure services to participants, or interrupting or terminating financial infrastructure operations;
(7) Engaging in any other illegal or non-compliant activity that jeopardizes the sound operations of the offender itself or other financial infrastructures or disrupts the financial market; or
(8) Otherwise violating the provisions of this Measures.
Article 34 Any unauthorized operation of a financial infrastructure or substantive engagement in the financial infrastructure business shall be punished by such measures as compulsory shutdown, confiscation of illegal gains, and imposition of fines by competent authorities or people’s governments at or above the county level in accordance with their assigned responsibilities as well as laws and administrative regulations including the Law on the People’s Bank of China, the Securities Law, the Futures and Derivatives Law, and the Credit Reporting Regulations. Where a suspected offence constitutes a crime, the case shall be referred to judicial authorities for criminal investigation in accordance with the law.
Article 35 Where a financial infrastructure operator conducts financial infrastructure business beyond the approved scope, the competent financial infrastructure regulatory authority shall order it to complete rectification within a prescribed time limit, and impose penalties in accordance with laws and administrative regulations including the Law on the People’s Bank of China, the Securities Law, the Futures and Derivatives Law, and the Credit Reporting Regulations. Where a suspected offence constitutes a crime, the case shall be referred to judicial authorities for criminal investigation in accordance with the law.
Article 36 Any organization or individual that damages or endangers a financial infrastructure, thereby affecting its operational safety or stability or that of its operator, shall be punished by the financial infrastructure regulatory authorities in accordance with laws and administrative regulations including the Law on the People’s Bank of China, the Securities Law, the Futures and Derivatives Law, and the Credit Reporting Regulations. Where the offence constitutes a violation of the rules on the administration of public security, the competent authorities shall impose penalties in accordance with the Law of the People’s Republic of China on Penalties for Administration of Public Security. Where the offence is suspected of constituting a crime, the case shall be referred to judicial authorities for criminal investigation in accordance with the law.
Chapter VI Ancillary Provisions
Article 37 This Measures takes effect on October 1, 2025.
