Penalty! Beijing Rural Commercial Bank fined 1 million, dual penalties to reinforce job responsibilities

On February 28, the Beijing Branch of the People’s Bank of China announced administrative penalty information. Beijing Rural Commercial Bank was fined 1 million yuan for violating data security management regulations. Additionally, Li Mouqing from the Retail Financial Department and Wang Mouzhi from the Operations and Maintenance Center were each fined 140,000 yuan for direct responsibility, marking the implementation of the “dual penalty system” for supervision.

This penalty directly targets the core aspects of financial data security. Banks hold vast amounts of customer information, transaction data, and business ledgers, making data security directly related to customer privacy and financial stability. In recent years, regulatory authorities have continuously strengthened management throughout the entire data lifecycle, requiring institutions to improve systems, reinforce technology, and clarify responsibilities. The violations by Beijing Rural Commercial Bank reveal ongoing shortcomings in internal management and execution.

It is noteworthy that this is not the first time the bank has been penalized for data and network security issues.

In September 2025, Beijing Rural Commercial Bank was fined 1.85 million yuan for system security management violations and non-compliance with data security controls. Han Jiyang received a warning and a fine of 50,000 yuan; Wu Ling received a warning.

In January 2025, due to inaccurate statistical data and violations in account management, the bank’s Beijing Branch was fined and confiscated a total of 9.0227 million yuan.

Ma Moulin (then Deputy General Manager of the Bank Card Department of Beijing Rural Commercial Bank), according to the penalty decision [2025] No. 2, was directly responsible for violations of credit information collection, provision, inquiry, and related management regulations. Fined 185,000 yuan. The decision was made by the Beijing Branch of the People’s Bank of China on January 8, 2025.

Dong Mouxia (then Deputy General Manager of the Bank Card Department), according to penalty decision [2025] No. 3, was directly responsible for violations of credit information collection, provision, inquiry, and related management regulations. Fined 75,000 yuan. The decision was made by the Beijing Branch of the People’s Bank of China on January 8, 2025.

Ye Mosheng (then General Manager of the Bank Card Department), according to penalty decision [2025] No. 4, was directly responsible for violations of clearing management regulations. A warning was issued, and a fine of 50,000 yuan was imposed. The decision was made by the Beijing Branch of the People’s Bank of China on January 8, 2025.

Xu Moukun (then Deputy General Manager of the Bank Card Department), according to penalty decision [2025] No. 5, was directly responsible for violations of outsourcing management regulations for acquiring business. A warning was issued, and a fine of 50,000 yuan was imposed. The decision was made by the Beijing Branch of the People’s Bank of China on January 8, 2025.

Liu Mouna (then Deputy General Manager of the Personal Finance Department), according to penalty decision [2025] No. 6, was directly responsible for violations of account management regulations. A warning was issued, and a fine of 100,000 yuan was imposed. The decision was made by the Beijing Branch of the People’s Bank of China on January 8, 2025.

Wu Momin (then Deputy General Manager of the Personal Credit Management Department), according to penalty decision [2025] No. 7, was directly responsible for violations of credit information collection, provision, inquiry, and related management regulations. Fined 77,000 yuan. The decision was made by the Beijing Branch of the People’s Bank of China on January 8, 2025.

Li Mouxu (then Vice President of Beijing Rural Commercial Bank), according to penalty decision [2025] No. 8, was directly responsible for the following violations: failure to perform customer identity verification as required; conducting transactions with unidentified customers or opening anonymous or pseudonymous accounts for customers. Fined 49,300 yuan. The decision was made by the Beijing Branch of the People’s Bank of China on January 8, 2025.

Receiving multiple fines in a short period reflects that some small and medium-sized banks, during their digital transformation, prioritize business expansion over compliance and risk control, leading to gaps in data security governance.

Currently, the People’s Bank of China’s supervision of financial data security shows three main trends:

1. Normalization of penalties: Data security has become a focus during on-site inspections, with violations being penalized immediately and without leniency.

2. Precise accountability: Responsibility extends from institutions to individuals, with accountability assigned to departments, positions, and specific personnel.

3. Stricter standards: From system construction and technical safeguards to process management and emergency response, higher requirements are being imposed across the entire chain.

For banks, data is a core asset and a red line for compliance. Institutions should take this as a warning, thoroughly identify data security risks, improve authorization management, encryption storage, access controls, and strengthen staff training and assessments. Employees must also tighten their compliance awareness, abandon the mindset that “small matters are unimportant,” and safeguard every link in data security.

The crackdown by regulators aims for long-term effectiveness. As the legal framework for data security continues to improve, banks can only achieve steady and sustainable development by embedding compliance into every aspect of their operations.