China’s top market regulator, the State Administration of Market Regulation (SAMR) has released an important new document on the social credit system, including applications of technology and a plan for innovation and development over the next three years.
The document concerns ‘credit risk classification’ which involves attaching a letter grade, A through D, to every business in China. Unlike the health code grades that many jurisdictions require restaurants to post in their windows, these grades don’t only reflect compliance with laws in a specific area, like food safety and sanitation, but reflect broader compliance with laws and contractual obligations.
Necessary Background and Vocabulary:
Social Credit: Social credit is generally defined as a measure of an organization’s or individual’s compliance with laws and legal obligations. (for example, see the ”Shanghai Social Credit Regulations”
There is not an all-encompassing citizen ranking system in China. Social credit is generally aimed at businesses, and while a few areas have created point systems to reward individual ‘trustworthiness’, the central government has made clear that these must never be the basis for any punishments, and that all governmental punishments must be based solely on laws and regulations. The information that is included in social credit, is similarly limited to items that reflect legal compliance, such as administrative punishments, permits, and court judgments— most ‘personal’ information is essentially off-limits.
Credit Regulation (Credit Regulation ),: The most important aspect of social credit is credit regulation, which implements the idea of “hierarchical and categorical management” (分级分类管理), meaning that the degree of regulatory scrutiny that a business is subjected to is dependent on the field in which it operates (the category) and also based on their past compliance with laws and regulations (a graded hierarchy). The idea is that regulatory subjects should receive differentiated treatment, with those who have a long history of compliance being subject to less intensive regulation.
The Reform of “Streamlining administration and improving services” (放管服): Credit-regulation is actually part of this larger reform project, mentioned throughout the new SAMR document. In the past, China’s regulatory system has required intensive inspections and permitting before new businesses can begin operations, often requiring redundant approvals from multiple regulatory agencies. The reform seeks to minimize these barriers to innovation and entrepreneurship by reducing these start-up burdens, and shifting the focus to more integrated, ongoing regulation of business operations. Risk classification is a key part of determining how government regulatory resources should be allocated.
“2 randoms, 1 disclosure”: This refers to an operational policy for market regulatory inspections. The “two randoms” means that the targets for inspections and the inspectors are randomly selected. The “one disclosure” is the public disclosure or inspection results. One of the key goals of this randomization is ensuring that inspections are carried out fairly, and avoiding corruption by the inspectors. While the individual targets are selected randomly, credit-regulation operates to shift the likelihood of being selected and how often a certain business can be selected.
The new SAMR document is primarily aimed at further standardizing credit-regulation by creating more unified measures of ‘credit risk’- the risk that businesses will violate laws and regulations. This involves creating a 4 group rating system that increases in risk from A to D, which will primarily impact the frequency and number of inspections that a business is subjected to.
SAMR itself is to create a general-use weighted index system for risk classification that can be used throughout the nation, and within this framework, individual provinces and industry sectors may also develop their own system of indexes. As with much of social regulation, the scope of information considered in this index at first seems impossibly expansive and complex, but is ultimately revealed to be pretty mundane. SAMR’s indexes are intended to broadly include information on businesses’ basic character, ‘dynamic information’, regulatory information, association and relationship information, and societal assessment information. In practical terms this seems to primarily include what is known as ‘public credit information’ – administrative regulatory and enforcement information created or obtained by government agencies in the performance of their normal duties such as on administrative registration, licensing, penalties, permits, inspection results, and court judgments. The index system also includes industry discipline information from professional associations or chambers of commerce, complaints and reports from the public, and reviews and ratings from major platform businesses.
A business’s risk grade is to impact its selection for inspections. For those with a history of compliance in the low-risk “A” group, inspections may be reduced. The normal risk “B” group is to be left unadjusted in the random selection for inspections, and the higher risk “C” group is to be at increased likelihood and frequency. The high-risk D category is to be subject to a drastic increase in inspections, with site inspections encouraged. Just as the risk classifications inform inspection work, Inspection results are also to be fed back as a data point for the classification system for dynamic adjustment.
The general-use risk classification system does not supplant all sector-specific classification, as the ‘category’ of business is intended to be considered along with such grading hierarchies. Sectors that directly impact public safety or carry a higher risk to society, such as food and drug regulation, are required to have internal classification systems used alongside the general-use system, and others may do so. In emerging fields, or for new business models, an observation period may be implemented, relaxing regulation for low and normal risk businesses to foster innovation and development, and also to give regulators an opportunity to understand the unique risks involved
Incorporation of Technology
The new authority describes risk classification as ‘automated’, suggesting that the index system can be boiled down to a machine-processed formula to grade businesses. There is even a call for using “big data, machine learning, AI, and other modern technologies” in the analysis of business conduct and in mining for information. This sort of technology name-dropping with few specifics is increasingly common in recent Chinese legal documents, and it is sometimes difficult to separate aspiration from concrete applications. Interestingly, an earlier social credit document that paved the way for this one, contained a similar list, but invoked different technologies such as “cloud computing”, “internet of things”, and “blockchain”.
It’s safe to say that the role of these technologies is likely to continue to grow in business regulation as it does in all other areas. It is important to keep an eye on how their use impacts the outcomes of regulation and to insist on transparency and accountability in all automated decision-making so as to be on guard against accidental or intentional biases. In terms of application in credit-risk classification, however, there is much more specificity here on how indexes are to be developed, what information is to be considered, and what the consequences of classification entail, such that the mention of specific technologies beyond ‘automated’ grading feels more extraneous. While existing law in other areas is more clear about the use of specific technologies in the government collection of information on businesses and individuals, the uses here are unclear and should be watched carefully.
Monitoring and Early Detection
Outside of impacting inspections, risk classification is to include a ‘risk monitoring and early warning’ module. This component is to focus on specific events or factors that are highly correlated to increased risk of violations, such as having irregularities or unusual modifications in registration materials or an abnormal increase in the number of complaints and reports on a business. When these factors are present and indicate an increased risk, regulators may give alerts or warnings, call parties in to speak with them, or conduct inspections. In addition to early detection of risk at individual businesses, regulators are instructed to look at the larger picture to observe trends in a certain region or industry.
A loose schedule is provided for rolling out the credit risk classification systems. By the end of this year, provinces should have operational classification systems and classify businesses in their jurisdictions. By the end of 2023, these classifications should be functionally connected with the regulatory systems for specific industries. A flexible deadline for full implementation of the system, including monitoring and early warning modules, is set at three years from now.