20th February 2024
providing security for third parties legal risks

With regulation beefing up investor protection and expanding the disclosure requirements for listed companies, what review responsibilities do financial institutions bear as creditors of companies providing security for third parties? Li Xinyang, general manager, and Ye Qing, senior legal manager of the Legal Compliance and Supervision Departments at Dajia Asset Management, explore how to control the legal risks

The China Securities Regulatory Commission (CSRC) recently announced that for the 603 cases it handled in 2022, there was an increase of 203 information disclosure violation cases, while another 64 were fund misappropriation and unlawful provision of security cases. Unlawful information disclosures and unlawful provision of security cases still accounted for a large proportion, seriously affecting the development of the securities market.

A series of regulatory measures on the provision of security by listed companies has been issued across the industry, and judicial practice has also shifted towards placing greater emphasis on protecting the interests of listed companies and their small and medium retail investors, elevating the importance of the verification of publicly available information by financial institutions to a greater height.

This article sifts through the latest regulatory provisions on, and certain judicial cases involving, the disclosure by listed companies of security provided to third parties, analyses the legal risks and offers practical control measures to financial institutions, which are often the creditors in these provisions of security.


Ye Qing

On 5 October 2020, the State Council issued the Opinions on Further Improving the Quality of Listed Companies, proposing to “stringently deal with the issues of fund misappropriation and illegal provision of security … [and] determine in accordance with laws and regulations that listed companies do not bear security liability under illegal security contracts”. The opinions state that such entities as the CSRC, the Supreme People’s Court (SPC) and provincial-level people’s governments are responsible for implementation.

The unlawful provision of security by listed companies had become an issue urgently requiring resolution by judicial adjudication as the “last line of defence”.

On 28 January 2022, the CSRC together with the Ministry of Public Security, the State-Owned Assets Supervision and Administration Commission of the State Council, and the China Banking and Insurance Regulatory Commission issued the Regulatory Guidelines for Listed Companies, No. 8: Regulatory Requirements for the Fund Transactions of, and the Security Provided for Third Parties by, Listed Companies.

These guidelines, together with the latest Stock Listing Rules and Self-Regulation Guidelines of the Beijing, Shanghai and Shenzhen stock exchanges, strengthen the disclosure by listed companies of security provided for third parties. More specifically, they include the following directives.

Making the requirements for the disclosure by listed companies of security provided for third parties more detailed.

Li Xinyang

Where a listed company submits the annual limit on the security to be provided for its subsidiaries to its shareholders’ general meeting for consideration and centralised approval and authorisation, regulations set out further requirements in respect of continuous disclosure when security liability has actually arisen or revision of the limit occurs, including disclosure of the basic particulars of the specific security, the balance of the security and other key information.

Continuous disclosure has resolved the issue of the difficulty creditors face in comprehensively securing information on the actual security liability that a listed company and its majority-owned subsidiaries are required to bear, but they remain unable to determine whether a certain item of security remains within the total security limit.

Expressly specifying the requirements for the disclosure by the majority-owned subsidiaries of a listed company of security provided for third parties.

Pursuant to article 9 of the Interpretations on the Application of the Security System in the Civil Code, there are three types of entities that are required to announce and disclose security provided for third parties: listed companies; majority-owned subsidiaries disclosed by a listed company; and companies with stock traded on other national securities exchanges approved by the State Council.

The scope of majority-owned subsidiaries is not limited solely to first-tier subsidiaries, but also includes second and third-tier subsidiaries, the specific scope of which can be determined by consulting the documents publicly disclosed by a listed company, such as its annual reports.

Companies with stock traded on the Beijing Stock Exchange or National Equities Exchange and Quotations are also required to disclose information on the provision of security for third parties in accordance with the rules of the corresponding trading venue.

The expansion of the scope of disclosure at the judicial level is an active response to concealed acts of providing security in a listed company’s system, which can only be genuinely scrutinised by the public if “a light is shone thereon”.

Emphasising financial institutions’ responsibility for prudential verification.

The above-mentioned No. 8 guidelines emphasise that financial institutions in the banking industry have a responsibility to prudently verify the performance of listed companies of their obligation to disclose information on security provided for third parties. Similarly, article 9 of the above-mentioned interpretations specifies that, on the basis of requiring creditors to review security announcements, “where a counterparty concludes a security contract with a listed company without basing the same on information on items of security publicly disclosed by the listed company and adopted by the board of directors or shareholders’ general meeting in the form of a resolution, and the listed company asserts that the security contract has not become effective as for it, and that it does not bear security liability or is not liable for damages, the People’s Court shall uphold such assertion”.

The objective of the regulator is to compel public companies to trade compliantly, promote the enhancement of the quality of listed companies, and ultimately spur the creation of a good, law-abiding and compliant securities market order.

Although the No. 8 guidelines specifically mention banking financial institutions, non-banking financial institutions such as insurance asset management companies and securities companies must also attach significant importance to reviewing the resolutions and security announcements of listed companies in order to avoid their status as “bona fide counterparties” being questioned.


Theoretically, the new trends at the regulatory and judicial level described above can effectively resolve the current concerns regarding the acts of provision by listed companies of security for third parties.

However, at the present stage, listed companies generally adopt the method of annual anticipated security for the provision of security for their subsidiaries, but a common issue encountered in practice is whether a financial institution can rely on a listed company’s annual anticipated security announcement to recognise that it has fully performed its information disclosure, and co-operate with it with regard to the provision of security.

It is the opinion of the authors that financial institutions still need to look at the specific security disclosures before they can rely on the validity of such security, and the reasons for this are set out below.

Necessity of becoming a bona fide counterparty.

At this juncture, where the self-regulation guidelines of the exchanges expressly require a listed company to disclose its actual bearing of security liability, when a financial institution reviews the internal and external decisions and the disclosure procedures of an investment/financing transaction counterparty for completeness, its review criteria should include the regulatory rules of the relevant field.

In cases such as Zui Gao Fa Min Zhong No. 867 (2019) and Zui Gao Fa Min Zhong No. 4 (2020), it is expressly stated that a professional financial institution is required to be familiar with the provisions of the Company Law and the regulatory code for listed companies on the provision of security for third parties by companies, and if it fails to perform its review obligation, it does not constitute a bona fide counterparty.

The Second Civil Division of the SPC further points out, in the Understanding and Application of the Judicial Interpretations of the Supreme People’s Court on the Security System of the Civil Code, that “a creditor is obliged to familiarise itself with the rules of the exchange and the articles of association of the listed company”. The “good faith” of a financial institution can only be fully ensured when the security provided by a listed company is consistent with its “compliance announcements”.

Necessity of guarding against the provision of security in violation of regulations.

Regardless of whether it is a single announcement or a centralised announcement that is involved, it is necessary, in addition to reviewing whether a decision has been made by an authoritative body, to review whether the content of the resolution is consistent with such core elements of the financing transaction as the creditor, the amount of the security provided, etc.

It is usually impossible for a creditor to confirm the above-mentioned information by relying solely on a listed company’s security limit announcement; rather, it needs to rely on a separate written explanation by the listed company which, in essence, means reviewing the listed company’s “explanation” rather than its “announcement”.

In the event of the occurrence of an extreme event such as the provision of security in excess of the limit or a legal action, the amount within the limit will become an “object of extreme value” and the creditor could face the consequence of the security being invalid.

Only by implementing continuous disclosure by listed companies of their provision of security can a breakthrough on such issues as the provision of security in excess of the limit, and security provided in secret, be achieved.

Necessity of due performance of management duties.

The prerequisite to implementing the “seller performs its duties and buyers bear the risks themselves” risk-bearing principle in the financial market is that the managers of various kinds of asset management products perform their management duties prudently and with due diligence and care, including both comprehensive due diligence on a product, particularly reasonable review of key risk control measures regarding security, and the full disclosure to investors of potential risks.

If a product’s credit enhancement measures fail due to a deficiency in the listed company’s security announcement, it will assuredly give rise to a risk of flawed performance of the “fiduciary duty”.

In cases such as Ji Min Zai No. 184 (2019), the court took the obligations of a financial institution specified in financial regulatory provisions as the basis for determining the liability bearable in law. There is also no dearth, in practice, of cases in which financial institutions have been assessed administrative penalties for failure to act with due diligence and care.

The authors have carried out searches and have yet to find any effective judgments, in disputes arising from a financial institution accepting the security provided for a subsidiary of a listed company solely based on an anticipated security limit announcement, since the issuance of the latest self-regulation guidelines by the exchanges.

However, in regulatory practice, there are instances of listed companies receiving regulatory letters for failing to promptly disclose specific instances of security provided within the disclosed anticipated limit. This is sufficient to show that the requirement of continuous disclosure of a specific item of security is “more than mere words on a piece of paper”.

In cases such as Yue 0103 Min Chu No. 5076 (2020), the financial institution involved in the case comprehensively conducted prudent verification of the security resolution and announcement, providing sufficient adjudication support for the validity of the security contract. There were three key points.

    • The body conducting the internal deliberations on the security to be provided is required to satisfy the requirements of laws, regulations, regulatory provisions and the company’s articles of association. If “security is to be provided to a security recipient with a debt to asset ratio exceeding 70%”, the same must be submitted for consideration at a general meeting of the shareholders of the listed company.
    • The authorisation for review and approval must be clear and explicit. If the board of directors or management is authorised to review and approve a single item of security, the scope of authorisation, the amount and the period of validity must be explicit.
    • Continuous disclosure ensures that a single item of security provided falls within the security limit approved in a resolution. Continuous disclosure can take the form either of announcements on the progress of the security or announcements of board resolutions.


Given that security announcements are the dividing point between “0” and “1” on the validity of security that is provided, and that regulation of the disclosure by listed companies of the security that they provide is now the inescapable trend, the authors recommend that, in addition to anticipated security limit announcements, creditors should also review the continuous disclosure announcements made by guarantors in respect of the items of security provided, so as to avoid the occurrence of disputes to the greatest extent possible.

In addition to ensuring that the security provided for third parties is announced, it is necessary to ensure that the content of such announcements is free from obvious flaws and, in particular, certain matters are subject to approval by means of a resolution of the shareholders’ general meeting:

  1. Security that exceeds the total limit, for example, “any security to be provided after the total amount of security provided for third parties, including that provided for majority-owned subsidiaries, exceeds 50% of the audited net assets for the most recent period”;
  2. Security that exceeds the limit for a single item of security, for example, “a single item of security the amount of which exceeds 10% of the audited net assets for the most recent period”; and
  3. Security to be provided for special entities, for example, “security to be provided for a shareholder, the actual controller or a connected party”.

The evolution of the rules on the disclosure by listed companies of security provided by them highlights the popular nature of the contemporary rule of law in China, and the disclosures by listed companies of information on the security provided by them for third parties are becoming increasingly compliant.

However, the latest security disclosure rules comprise a complex subject involving the measurement of interests, market regulation and financial rule of law. Their implementation involves a process of adjustment and adaptation, and the fact that judicial cases trail behind practice also means that debate over the criteria for the review of security provided by listed companies will continue.

In the face of a complex situation, financial institutions must incisively understand regulatory thinking and keep a close eye on adjudication practice, as it is only in this way that they can break the impasse and find the optimal solution to drive the business forward.