下载文档原格式
《商业银行外包风险管理指引》(征求意见稿)第一章总则第一条为了防范商业银行外包风险,保障商业银行业务持续经营,依据《中华人民共和国银行业监督管理法》、《中华人民共和国商业银行法》等有关法律法规,制定本指引。
第二条本指引适用于中华人民共和国境内设立的政策性银行、商业银行、外国银行分行等机构。
第三条本指引中的外包是指商业银行将原本应由自身负责处理的某些事务或某些业务活动委托给服务提供商进行处理的经营行为。
服务提供商包括独立第三方,商业银行或其所属集团设立在中国境内或者境外的子公司、关联公司或附属机构。
第四条商业银行的董事会和高级管理层应承担外包活动的最终责任。
第五条商业银行开展外包活动应制定外包的风险管理框架以及相关制度,并将其纳入全面风险管理体系。
第二章外包范围第六条商业银行应根据审慎经营原则制定其外包战略发展规划,确定与其风险管理水平相适宜的外包活动范围,尤其是重要业务的外包活动范围。
第七条商业银行在确定某项外包业务是否为重要业务时,应评估以下因素:(一)是否涵盖到商业银行大部分的信息技术、财务会计、信贷处理及客户信息等业务事项;(二)业务一旦中断是否对商业银行的业务经营、声誉或利润等产生重大影响。
在无法确定某项即将被外包的业务是否为重要业务时,可向所在地监管机构进行咨询。
第八条重要业务可参考但不限于下述业务事项:(一)业务操作环节:贸易融资及结算有关的单据处理和系统操作等服务;授信业务的贷前调查和贷后催收;信用卡营销与催收;电子银行客户服务等;(二)数据处理:联行对帐;会计业务的影像处理及数据录入;客户数据录入及维护;数据查询等;(三)信息技术:业务操作系统软件的开发和维护、网络安全设计建设、网络银行应用系统设计开发和 IT 重要基础设备服务等;第九条商业银行涉及到战略管理和风险管理职能的业务不宜外包。
商业银行涉及到内部审计职能的业务不宜外包给独立第三方。
第三章组织架构第十条商业银行外包管理的组织架构应包括董事会、高级管理层及外包管理团队。
我国商业银行合规风险管理研究摘要:商业银行合规风险管理是近年来为中国银行业监督管理委员会于2006年颁布生效的《商业银行合规风险管理指引》(以下简称《指引》),所谓“合规”是指,使商业银行的经营活动与法律、规则和准则相一致。
同时,银监会在《指引》第三条将“法律、规则和准则”界定为“适用于银行业经营活动的法律、行政法规、部门规章及其他规范性文件、经营规则、自律性组织的行业准则、行为守则和职业操守”。
1.2 合规风险《指引》所称的合规风险,是指商业银行因没有遵循法律、规则和准则可能遭受法律制裁、监管处罚、重大财务损失和声誉损失的风险。
巴塞尔银行监管委员会在其《银行内部合规部门》咨询文件中认为,银行的合规风险是指因违反法律或监管要求而受到制裁、遭受金融损失以及因未能遵守所有适用法律、法规、行为准则或相关标准而给银行信誉带来的损失。
2 我国商业银行合规风险管理现状尽管我国商业银行合规风险管理起步较晚,但随着银行业对外开放力度不断加大,国内银行特别是国有银行股改上市取得初步成功并逐渐与国际接轨,加强合规风险管理成为国内银行的自主要求,加之监管部门高度重视合规风险管理,下发了《商业银行合规风险管理指引》,为合规管理工作提供了指导。
近几年,我国银行业合规风险管理取得了比较大的进展,中国银行总行于2002年将其原来的法律事务部更名为“法律与合规部”,并增加了合规职能,并设立了首席合规官;中国建设银行于2003年在其法律事务部增设了合规处,专门负责反洗钱和内部规章制度的合法合规性审查等。
LoCAlHOSt2005年8月又新设立了独立的合规部,2008年建设银行又将法律事务部和合规部合并,组建法律与合规部,各省分行也相应的成立了法律合规部;工商银行于2004年财务重组之前设立了“内控合规部”,负责内部控制、常规审计及合规管理职能;2004年12月,交通银行为推动全行法律事务工作进一步并展,建立健全合规管理体系,法律事务部更名为法律合规部,并增设合规管理处;而光大银行、上海浦东发展银行、招商银行、民生银行、中信银行、兴业银行等股份制银行也先后成立了合规部门,开始履行全行的合规管理职能。
单选题1。
关于合规的说法,正确的是()√A合规是指商业银行的经营活动与法律、规则和准则相一致B只要能为银行带来利益,可以不与法律、规则和准则相一致C其他银行已经做过的就是合规的D创新业务可以不与法律、规则和准则相一致正确答案: A2。
以下关于合规主体的说法,正确的是()√A合规的主体是商业银行所有员工B合规的主体是商业银行高管层C合规的主体是总行合规部门D合规的主体是事业部合规人员正确答案: A3。
关于合规主动性说法,正确的是()√A主动合规B被动合规C师傅说合规就是合规D不违规就是合规正确答案: A4。
()应对本条线和本机构经营活动的合规性负首要责任。
×A商业银行合规管理人员B商业银行各业务条线和分支机构的负责人C商业银行高管人员D商业银行事业部风险官正确答案: B5. 以下关于合规管理职责体系说法错误的是()×A商业银行各业务条线和各分支机构负责主动识别和管理本条线、本机构合规风险B商业银行各业务条线和分支机构负责人对本条线和本机构经营活动的合规性负首要责任C商业银行合规部门负责人对商业银行经营活动的合规性负最终责任D商业银行董事会对商业银行经营活动的合规性负最终责任正确答案: C多选题6. 以下关于合规管理的说法,正确的是()√A合规管理是银行一项核心的风险管理活动B合规要从高层做起C合规风险管理关注的重点是过程,而不仅仅是结果D各业务条线和分支机构合应主动识别和管理本条线、本机构合规风险正确答案: A B C D7。
关于合规管理职责体系说法正确的是()×A董事会合规管理职责——应对商业银行经营活动的合规性负最终责任B监事会合规管理职责——应监督董事会和高级管理层合规管理职责的履行情况C各业务条线和分支机构负责人职责—-应对本条线和本机构经营活动的合规性负首要责任D合规负责人合规管理职责——应全面协调商业银行合规风险的识别和管理正确答案: A B C D8。
以下说法正确的是()√A合规是银行所有员工的共同责任B信贷人员应对本岗位信贷业务的合规性负责C柜面人员应对本岗位柜面业务的合规性负责D理财经理应对本岗位理财业务的合规性负责正确答案: A B C D9. 关于合规风险的说法,正确的是()×A合规风险是指商业银行因没有遵循法律规则和准则可能遭受法律制裁、监管处罚、重大财务损失和声誉损失的风险B合规风险是银行做了不该做的事而招致的风险或损失C合规风险管理的目标是通过建立健全合规风险管理框架,实现对合规风险的有效识别和管理D操作风险可以导致合规风险的发生正确答案: A B C D10。
可编辑修改精选全文完整版基层商业银行合规风险管理现状、问题及改进对策一、基层商业银行合规风险管理现状2019 年10 月,中国银监会发布《商业银行合规风险管理指引》,明确了我国商业银行合规风险管理的目标,督促银行业加强合规文化建设和合规风险管理。
从我国基层商业银行执行情况看,各银行机构均能按照监管部门及上级行的要求,从加强合规宣传、开展员工教育培训、完善合规组织架构入手,采取诸多措施推进合规建设,取得初步成效。
(一)合规部门设置及人员配备情况目前,我国基层商业银行包括政策性银行、各国有商业银行、各股份制商业银行、邮政储蓄银行分支机构等非法人银行机构以及城市商业银行、农村商业银行、农村合作银行(信用联社)等法人银行机构。
从基层商业银行合规部门设置情况看,主要有二种模式:一是设立单独的合规部门,主要是一些已经改制后的地方法人银行机构,如农村商业银行、农村合作银行以及城市商业银行、少数国有商业银行分支机构;二是与相关部门合署办公,一般与法律、内控或监察等部门合署办公,也有少数将合规职能放在办公室,这些模式多见于国有商业银行分支机构、邮政储蓄银行分支机构以及股份制银行分支机构。
从人员配备情况看,设立独立的合规部门的机构均配备了专职合规人员,一般在3-5 名左右;而未设立合规部门的机构,有的配备了1-2 名专职合规人员以及少数兼职人员,也有个别机构均为兼职合规人员;从绝大多数银行看,合规人员数量一般占全行总人数的比重在1%- 2%,最高的达到5%左右,合规人员配备行际间差异明显。
从合规人员组成情况看,大部分从事合规管理的人员是从其他部门抽调过来,合规风险管理专业知识普遍缺乏。
(二)几种典型的组织架构及流程非法人银行机构。
大部分非法人银行机构(国有商业银行分支机构)主要采用了集中化的组织结构和矩阵式的报告路线:在分行设立正式的合规部门,合规职能与法律、监察事务或风险管理职能等合一,形成法律与合规部或风险与合规部等,在各业务条线上延伸配备兼职的合规人员;在上述组织架构中,分行合规部门或人员除直接向银行高级管理层(分行行长、支行行长)报告外,同时向上级行合规部门报告。
商业银行信息科技风险管理指引第一章总则第一条为加强商业银行信息科技风险管理,根据《中华人民共和国银行业监督管理法》、《中华人民共和国商业银行法》、《中华人民共和国外资银行管理条例》,以及国家信息安全相关要求和有关法律法规,制定本指引。
第二条本指引适用于在中华人民共和国境内依法设立的法人商业银行、政策性银行、农村合作银行、城市信用社、农村信用社、村镇银行、贷款公司、金融资产管理公司、信托公司、财务公司、金融租赁公司、汽车金融公司、货币经纪公司等其他银行业金融机构参照执行。
第三条本指引所称信息科技是指计算机、通信、微电子和软件工程等现代信息技术,在商业银行业务交易处理、经营管理和内部控制等方面的使用,并包括进行信息科技治理,建立完整的管理组织架构,制订完善的管理制度和流程。
第四条本指引所称信息科技风险,是指信息科技在商业银行运用过程中,由于自然因素、人为因素、技术漏洞和管理缺陷产生的操作、法律和声誉等风险。
第五条信息科技风险管理的目标是通过建立有效的机制,实现对商业银行信息科技风险的识别、计量、监测和控制,促进商业银行安全、持续、稳健运行,推动业务创新,提高信息技术使用水平,增强核心竞争力和可持续发展能力。
第二章信息科技治理第六条商业银行法定代表人是本机构信息科技风险管理的第一责任人,负责组织本指引贯彻落实。
第七条商业银行的董事会应履行以下信息科技管理职责:(一)遵守并贯彻执行国家有关信息科技管理的法律、法规和技术标准,落实中国银行业监督管理委员会(以下简称银监会)相关监管要求。
(二)审查批准信息科技战略,确保其和银行的总体业务战略和重大策略相一致。
评估信息科技及其风险管理工作的总体效果和效率。
(三)掌握主要的信息科技风险,确定可接受的风险级别,确保相关风险能够被识别、计量、监测和控制。
(四)规范职业道德行为和廉洁标准,增强内部文化建设,提高全体人员对信息科技风险管理重要性的认识。
(五)设立一个由来自高级管理层、信息科技部门和主要业务部门的代表组成的专门信息科技管理委员会,负责监督各项职责的落实,定期向董事会和高级管理层汇报信息科技战略规划的执行、信息科技预算和实际支出、信息科技的整体状况。
商业银行信息科技风险管理指引第一章总则第一条为加强商业银行信息科技风险管理,根据《中华人民共和国银行业监督管理法》、《中华人民共和国商业银行法》、《中华人民共和国外资银行管理条例》,以及国家信息安全相关要求和有关法律法规,制定本指引。
第二条本指引适用于在中华人民共和国境内依法设立的法人商业银行。
政策性银行、农村合作银行、城市信用社、农村信用社、村镇银行、贷款公司、金融资产管理公司、信托公司、财务公司、金融租赁公司、汽车金融公司、货币经纪公司等其他银行业金融机构参照执行。
第三条本指引所称信息科技是指计算机、通信、微电子和软件工程等现代信息技术,在商业银行业务交易处理、经营管理和内部控制等方面的应用,并包括进行信息科技治理,建立完整的管理组织架构,制订完善的管理制度和流程。
第四条本指引所称信息科技风险,是指信息科技在商业银行运用过程中,由于自然因素、人为因素、技术漏洞和管理缺陷产生的操作、法律和声誉等风险。
第五条信息科技风险管理的目标是通过建立有效的机制,实现对商业银行信息科技风险的识别、计量、监测和控制,促进商业银行安全、持续、稳健运行,推动业务创新,提高信息技术使用水平,增强核心竞争力和可持续发展能力。
第二章信息科技治理第六条商业银行法定代表人是本机构信息科技风险管理的第一责任人,负责组织本指引的贯彻落实。
第七条商业银行的董事会应履行以下信息科技管理职责:(一)遵守并贯彻执行国家有关信息科技管理的法律、法规和技术标准,落实中国银行业监督管理委员会(以下简称银监会)相关监管要求。
(二) 审查批准信息科技战略,确保其与银行的总体业务战略和重大策略相一致。
评估信息科技及其风险管理工作的总体效果和效率。
(三)掌握主要的信息科技风险,确定可接受的风险级别,确保相关风险能够被识别、计量、监测和控制.(四) 规范职业道德行为和廉洁标准,增强内部文化建设,提高全体人员对信息科技风险管理重要性的认识。
(五)设立一个由来自高级管理层、信息科技部门和主要业务部门的代表组成的专门信息科技管理委员会,负责监督各项职责的落实,定期向董事会和高级管理层汇报信息科技战略规划的执行、信息科技预算和实际支出、信息科技的整体状况。
商业银行并购贷款风险管理指引第一章总则第一条为规范商业银行并购贷款经营行为,提高商业银行并购贷款风险管理能力,加强商业银行对经济结构调整和资源优化配置的支持力度,促进银行业公平竞争,维护银行业合法稳健运行,根据《中华人民共和国银行业监督管理法》、《中华人民共和国商业银行法》等法律法规,制定本指引。
第二条本指引所称商业银行是指依照《中华人民共和国商业银行法》设立的商业银行法人机构。
第三条本指引所称并购,是指境内并购方企业通过受让现有股权、认购新增股权,或收购资产、承接债务等方式以实现合并或实际控制已设立并持续经营的目标企业或资产的交易行为。
并购可由并购方通过其专门设立的无其他业务经营活动的全资或控股子公司(以下称子公司)进行。
第四条本指引所称并购贷款,是指商业银行向并购方或其子公司发放的,用于支付并购交易价款和费用的贷款。
第五条开办并购贷款业务的商业银行法人机构应当符合以下条件:(一)有健全的风险管理和有效的内控机制;(二)资本充足率不低于10%;(三)其他各项监管指标符合监管要求;(四)有并购贷款尽职调查和风险评估的专业团队。
商业银行开办并购贷款业务前,应当制定并购贷款业务流程和内控制度,并向监管机构报告。
商业银行开办并购贷款业务后,如发生不能持续满足上述条件之一的情况,应当停止办理新的并购贷款业务。
第六条商业银行开办并购贷款业务应当遵循依法合规、审慎经营、风险可控、商业可持续的原则。
第七条商业银行应制定并购贷款业务发展策略,充分考虑国家产业、土地、环保等相关政策,明确发展并购贷款业务的目标、客户范围、风险承受限额及其主要风险特征,合理满足企业兼并重组融资需求。
第八条商业银行应按照管理强度高于其他贷款种类的原则建立相应的并购贷款管理制度和管理信息系统,确保业务流程、内控制度以及管理信息系统能够有效地识别、计量、监测和控制并购贷款的风险。
商业银行应按照监管要求建立并购贷款统计制度,做好并购贷款的统计、汇总、分析等工作。
商业银行内部控制指引商业银行内部控制指引一、引言商业银行作为金融市场中重要的组成部分,承担着资金媒介、融资、支付结算等重要职能,必须建立健全的内部控制体系来确保资金安全、风险管理以及合规性。
本指引旨在为商业银行制定和实施内部控制提供指导,确保其整体运营的安全性、完整性和可靠性。
二、总体目标及原则商业银行内部控制的总体目标是确保资产安全、业务风险的控制和风险准备金的合理设定,同时保障其合规运营。
具体原则如下:1. 风险识别与管理:识别和评估业务活动中的各类风险,并制定相应的风险管理措施;2. 决策与授权:建立合理的决策与授权机制,确保权责明确、层级分明;3. 业务流程与内部控制:建立适当的业务流程和相应的内部控制程序,确保业务活动的规范执行和风险的有效控制;4. 信息与通信:加强信息的收集、分析和传递,确保内外部信息的畅通和及时反馈;5. 监督与改进:建立有效的监督和改进机制,及时发现和纠正内部控制中存在的问题,并进行持续改进。
三、内部控制的要素商业银行的内部控制主要包括控制环境、风险评估、控制活动、信息与通信以及监督与改进。
1. 控制环境:建立合理的控制环境是内部控制的基础,包括领导层的行为和风险管理的重视程度。
a. 高层管理人员应树立风险意识,形成良好的内控文化;b. 确保组织架构和人员配备合理,明确责任和权限。
2. 风险评估:风险评估有助于明确风险的类型和程度,并为采取相应的控制措施提供基础。
a. 定期进行全面的风险评估,包括信用风险、市场风险、操作风险等;b. 根据评估结果,制定具体的风险控制策略和措施。
3. 控制活动:控制活动是商业银行内部控制的核心,包括制定和执行适当的控制措施,确保业务活动的合规性和风险控制。
a. 确定合适的业务流程,包括授权、审核、记录、报告等环节;b. 建立有效的控制措施,包括内部审计、业务审查、风险报告等。
4. 信息与通信:信息的收集、分析和传递是内部控制的重要环节,保障内外部信息的畅通和及时反馈。
商业银行信息科技风险管理指引第一章总则第一条为加强商业银行信息科技风险管理,根据《中华人民共和国银行业监督管理法》、《中华人民共和国商业银行法》、《中华人民共和国外资银行管理条例》,以及国家信息安全相关要求和有关法律法规,制定本指引。
第二条本指引适用于在中华人民共和国境内依法设立的法人商业银行。
政策性银行、农村合作银行、城市信用社、农村信用社、村镇银行、贷款公司、金融资产管理公司、信托公司、财务公司、金融租赁公司、汽车金融公司、货币经纪公司等其他银行业金融机构参照执行。
第三条本指引所称信息科技是指计算机、通信、微电子和软件工程等现代信息技术,在商业银行业务交易处理、经营管理和内部控制等方面的应用,并包括进行信息科技治理,建立完整的管理组织架构,制订完善的管理制度和流程。
第四条本指引所称信息科技风险,是指信息科技在商业银行运用过程中,由于自然因素、人为因素、技术漏洞和管理缺陷产生的操作、法律和声誉等风险。
第五条信息科技风险管理的目标是通过建立有效的机制,实现对商业银行信息科技风险的识别、计量、监测和控制,促进商业银行安全、持续、稳健运行,推动业务创新,提高信息技术使用水平,增强核心竞争力和可持续发展能力。
第二章信息科技治理第六条商业银行法定代表人是本机构信息科技风险管理的第一责任人,负责组织本指引的贯彻落实。
第七条商业银行的董事会应履行以下信息科技管理职责:(一)遵守并贯彻执行国家有关信息科技管理的法律、法规和技术标准,落实中国银行业监督管理委员会(以下简称银监会)相关监管要求。
(二)审查批准信息科技战略,确保其与银行的总体业务战略和重大策略相一致。
评论此篇文章 (0)其它评论发起话题 (0)相关资讯财讯社区(0)评估信息科技及其风险管理工作的总体效果和效率。
(三)掌握主要的信息科技风险,确定可接受的风险级别,确保相关风险能够被识别、计量、监测和控制。
(四)规范职业道德行为和廉洁标准,增强内部文化建设,提高全体人员对信息科技风险管理重要性的认识。
商业银行合规风险管理的目标是什么商业银行合规风险管理的目标是通过建立健全合规风险管理框架,实现对合规风险的有效识别和管理,促进全面风险管理体系建设,确保依法合规经营。
商业银行合规风险管理指引:第一条为加强商业银行合规风险管理,维护商业银行安全稳健运行,根据《中华人民共和国银行业监督管理法》和《中华人民共和国商业银行法》,制定本指引。
第二条在中华人民共和国境内设立的中资商业银行、外资独资银行、中外合资银行和外国银行分行适用本指引。
在中华人民共和国境内设立的政策性银行、金融资产管理公司、城市信用合作社、农村信用合作社、信托投资公司、企业集团财务公司、金融租赁公司、汽车金融公司、货币经纪公司、邮政储蓄机构以及经银监会批准设立的其他金融机构参照本指引执行。
第三条本指引所称法律、规则和准则,是指适用于银行业经营活动的法律、行政法规、部门规章及其他规范性文件、经营规则、自律性组织的行业准则、行为守则和职业操守。
本指引所称合规,是指使商业银行的经营活动与法律、规则和准则相一致。
本指引所称合规风险,是指商业银行因没有遵循法律、规则和准则可能遭受法律制裁、监管处罚、重大财务损失和声誉损失的风险。
本指引所称合规管理部门,是指商业银行内部设立的专门负责合规管理职能的部门、团队或岗位。
第四条合规管理是商业银行一项核心的风险管理活动。
商业银行应综合考虑合规风险与信用风险、市场风险、操作风险和其他风险的关联性,确保各项风险管理政策和程序的一致性。
第五条商业银行合规风险管理的目标是通过建立健全合规风险管理框架,实现对合规风险的有效识别和管理,促进全面风险管理体系建设,确保依法合规经营。
第六条商业银行应加强合规文化建设,并将合规文化建设融入企业文化建设全过程。
合规是商业银行所有员工的共同责任,并应从商业银行高层做起。
董事会和高级管理层应确定合规的基调,确立全员主动合规、合规创造价值等合规理念,在全行推行诚信与正直的职业操守和价值观念,提高全体员工的合规意识,促进商业银行自身合规与外部监管的有效互动。
Guidelines for the Compliance Risk Management ofCommercial BanksOctober 25, 2006Chapter I General ProvisionsArticle 1For the purpose of strengthening the compliance risk management of commercial banks and maintaining commercial banks operating safely and stably, these Guidelines are instituted in accordance with the Measures of the People's Republic of China on the Supervision and Administration of the Banking Sector and the Law of the People's Republic of China on Commercial Banks.Article 2A Chinese-funded commercial bank, foreign sole-capital bank, joint venture bank or branch of a foreign bank established within the territory of the People's Republic of China shall be governed by these Guidelines.A policy bank, financial asset management company, urban credit cooperative, rural credit cooperative, trust investment company, enterprise group financial company, financial lease company, automobile financial company, currency brokerage company, postal savings institution or any other financial institution established within the territory of the People's Republic of China and approved by the China Banking Regulatory Commission shall be governed by these Guidelines.Article 3The term "laws, rules and standards" as mentioned in these Guidelines refers to the laws, administrative regulations, departmental rules as well as other regulatory documents, business rules and industrial standards of self-disciplinary organizations, behavioral code and occupation ethnics.The term "compliance" as mentioned in these Guidelines refers to the consistence between the business operations of commercial banks and the related laws, rules and standards.The term "compliance risks" as mentioned in these Guidelines refers to the risks of a commercial bank suffering from legal sanction, supervision punishment, great financial losses or reputation losses when it violates any law, rule or standard.The term "compliance management department" as mentioned in these Guidelines refers to any department, team or position that especially established within a commercial bank to take charge of compliance management.Article 4Compliance management is a core risk management of commercial banks. A commercial bank shall take overall consideration of the relevance between compliance risks and credit risks, market risks, operation risks and other risks so as to ensure the consistence between all the policies and formalities for risk management.Article 5The objective of compliance risk management of a commercial bank is to establish and improve a framework of compliance risk management so as to realize the effective recognition and management of compliance risks, promote the establishment of an overall system of risk management and ensure an operation based on compliance of laws and regulations.Article 6A commercial bank shall enhance the establishment of compliance culture and incorporate the establishment of compliance culture into the whole process of establishing its enterprise culture.The compliance is the joint responsibility of all staff members of a commercial bank and its senior management shall take a lead in the execution thereof.The board of directors and senior management of a commercial bank shall determine the keynote of compliance, set up such compliance philosophies as voluntary compliance by all its staff members and value creation subject to compliance, promote the occupational ethnics and value concept of being creditworthy and upright within the bank, elevate the compliance consciousness of all its staff members and promote an effective interaction between self-compliance of the commercial bank and external supervision.Article 7China Banking Regulatory Commission shall implement supervision over the compliance risk management of commercial banks, examine and evaluate the effectiveness of compliance risk management of commercial banks.Chapter II Compliance Management Functions and Duties of theBoard of Directors,Board of Supervisors and Senior ManagementArticle 8A commercial bank shall establish a system of compliance management in line with its business scope, organizational structure and business scale thereof.The following basic elements shall be included in the compliance management system:(1)Compliance policies;(2)Organizational structure and resources of the compliance management department;(3)Plans of compliance risk management;(4)Recognition of and management formalities for compliance risks; and(5)Training and education system of compliance.Article 9The compliance policies of a commercial bank shall specify the basic principles that all its staff members and operational lines shall comply with and the significant formalities for recognizing and managing compliance risks as well as stipulate the related matters in respect of the functions of compliance management, which shall at least include:(1)Functions and duties of the compliance management department;(2)Power limit of the compliance management department, including the right to communicate with any bank staff member and obtain any record or archival file as required in its duty performance;(3)Functions and duties of compliance management of related persons-in-charge;(4)All the measures that guarantee the independency of the persons-in-charge of compliance as well as the compliance management department, including a guaranty that there is no interest conflict between the functions and duties of compliance management of the persons-in-charge and related persons that engage in the compliance management and the other functions and duties thereof;(5)The coordination relationship between the compliance management department and the risk management department, the internal auditing department as well as other departments; and(6)The establishing of principles of the compliance management departments for the business lines as well as the branches and sub-branches.Article 10The board of directors shall undertake final responsibilities of compliance in the business operation of a commercial bank and perform the following functions and duties of compliance management:(1)Examining and approving of the compliance policies of the commercial bank and supervising its implementation of the compliance policies;(2)Examining and approving the reports on compliance risk management submitted by the senior management of the commercial bank and appraising the effectiveness of compliance risk management of itscommercial bank so as to timely and effectively resolve the compliance defects;(3)Authorizing the risk management commission, auditing commission or specially established compliance management commission under the board of directors to conduct daily supervision over the compliance risk management of commercial bank thereof; and(4)Supervising any other functions and duties of compliance management as stipulated in the constitution of its commercial bank.Article 11The commission under the board of directors of a commercial bank which is responsible for the daily supervision of compliance risk management shall, by means of holding individual talks with the related persons-in-charge of compliance or by any other effective means, know about the implementation of the compliance policies and existing problems, timely put forward corresponding opinions and suggestions to the board of directors or the senior management , supervise and guarantee to implement the compliance policies effectively.Article 12The board of supervisors shall supervise the performance of functions and duties of compliance management by the board of directors and senior management.Article 13The senior management shall manage the compliance risks of its commercial bank effectively and perform the functions and duties of compliance management as follows:(1)Instituting the compliance policies in written form and revising the compliance policies in accordance with the status of compliance risk management as well as the related laws, rules and standards at an appropriate time, reporting them to the board of directors for deliberation and then distributing them to all its staff members after having been approved;(2)Carrying out the compliance policies, guaranteeing that proper measures for correction be timely adopted when any rule-breaking event occurs and investigating the corresponding responsibilities of violators;(3)Designating the persons-in-charge of compliance and guaranteeing their independency;(4)Specifying the compliance management department and their organizational structure, arranging enough and proper personnel of compliance management for its performance of functions and duties, and ensuring the independency of the compliance management department;(5)Recognizing the significant compliance risks that the commercial bank is faced with, examining and approving the plans of compliance risk management and ensuring the work coordination between the compliance management department and the risk management department, the internal auditing department and other relevant departments;(6)Submitting to the board of directors a report of compliance risk management on an annual basis, which shall present sufficient proof and assist the members of the board of directors to judge the effectiveness of compliance risk management by senior managers;(7)Reporting to the board of directors or the commissions thereunder and the board of supervisors any significant rule-breaking event timely; and(8)Performing any other functions and duties as prescribed by the compliance policies.Article 14A person-in-charge of compliance shall coordinate the recognition and management of compliance risks of the commercial bank, supervise the compliance management department to perform its functions and duties in accordance with the related plans of compliance risk management and submit to the senior management an appraisal report about compliance risks periodically. A person-in-charge of compliance must not take charge of the management of any business lines.An appraisal report on compliance risks shall include but be not limited to the following contents: any changeof compliance risk within the reporting period, the recognition of any rule-breaking event or compliance defect and the measures for correction that have been adopted or are advised to be adopted.Article 15A commercial bank shall set up an examination system of compliance performance of managers. The performance examination of a commercial bank shall embody the value concept of promoting compliance and punishing any rule-breaking behavior.Article 16A commercial bank shall establish an effective compliance accountability system, strictly carry out the confirmation and investigation of responsibilities incurred from any rule-breaking behavior, adopt effective measures for correction, improve the formalities for management in time, revise the related policies, formalities and operational guidelines at a proper time.Article 17A commercial bank shall establish a credit accusation system, encourage its staff members to tip off the illegal acts, the act in violation of professional integrity or the suspicious acts, and fully protect any tip-off reporter.Chapter III Functions and Duties of the Compliance ManagementDepartmentArticle 18The compliance management department shall, under the guidance of its person-in-charge, assist the senior management to effectively recognize and manage the compliance risks, if its commercial bank is faced with, and perform the following fundamental functions and duties:(1)Paying continuous attention to the latest development of the related laws, rules and standards, correctly understanding the provisions and spirit of the related laws, rules and standards, accurately understanding the impact of the related laws, rules and standards on the business operation of the commercial bank, and putting forward corresponding suggestions on compliance to its senior management;(2)Instituting and carrying out the plans of compliance management which focus on risks, including the implementation and appraisal of special policies and formalities, appraisal on compliance risks, compliance testing, compliance training and education, etc..(3)Examining and appraising the compliance of all policies, formalities and operational guidelines of the commercial bank, organizing, coordinating and supervising and urging all business lines and the internal control department to sort of and revise the related policies, formalities and operational guidelines, and guaranteeing that all policies, formalities and operational guidelines comply with the requirements of the related laws, rules and standards;(4)Helping the related training and education departments to implement compliance trainings, including the compliance trainings of new staff members as well as the periodic compliance trainings of all its staff members, and functioning as the internal communication department for staff members to consult the related matters of compliance;(5)Organizing the institution of the formalities for compliance management as well as such compliance guidelines as compliance booklets and behavioral code of its staff members, appraising the formalities for compliance management and the appropriateness of compliance guidelines, offering guidance to its staff members on proper implementation of related laws, rules and standards;(6)Recognizing and appraising the compliance risks in relation to the business operation of the commercial bank actively, including conducting the necessary examination and testing for the development of new products and services, recognizing and appraising any compliance risk arising from the development of any new business mode, establishment of new customers' networks or change of nature of the bank's relationshipwith its customers.(7)Collecting and choosing the data that may indicate potential compliance problems, such as increasing index of customers' complaints and abnormal transactions etc., establishing a supervisory index of compliance risks, and determining the preferential sequence of compliance risks to be considered in accordance with the possibility and impact of compliance risk occurrence measured by the risk matrix;(8)Carrying out enough and representative appraisal and testing of compliance risks, including testing through on-the-spot examination on the compliance of all policies and formalities, inquiring the existing defects in the policies and formalities, and making corresponding investigation. The result of a compliance testing shall be reported in accordance with the formalities for internal risk management of commercial banks through the reporting line of compliance risks so as to ensure that all policies and formalities comply with the requirements of related laws, rules and standards; and(9)Keeping daily contact with its supervisory organ, and tracing and appraising the implementation of supervisory opinions and supervisory requirements.Article 19A commercial bank shall allocate the resources for effectively performing the compliance management for its compliance management department. A person who engages in compliance management shall have the qualification, experience, expertise and individual quality corresponding to his/her functions and duties.A commercial bank shall offer systematic and professional technical trainings to its personnel who engage in compliance management, especially technical trainings in such aspects as correct master the latest development of the related laws, rules and standards as well as their impacts on the business operation of the commercial bank.Article 20The persons-in-charge of all business lines or branches or sub-branches of a commercial bank shall take primary responsibility for the business operation of their lines or departments.A commercial bank shall, in accordance with the business scope of its lines of business and the branches and sub-branches as well as the operational scale, set up the corresponding compliance management departments. The compliance management departments of all business lines and the branches and sub-branches of a commercial bank shall, in accordance with the formalities for compliance management, actively recognize and manage the compliance risks and report the related information in time through the reporting lines in accordance with the reporting requirements of compliance risks.Article 21A commercial bank shall establish a coordination mechanism between the compliance management department and the risk management department in respect of compliance management.Article 22A commercial bank shall separate the functions and duties of compliance management from the function of internal auditing, and the performance of compliance management shall be subject to independent appraisal by the internal auditing department periodically.The internal auditing department shall be responsible for the auditing on compliance among all business operations of the commercial bank. An internal auditing plan shall include an auditing appraisal on the appropriateness and effectiveness of the functions and duties of compliance management. An appraisal on compliance risks shall be included in the measures for risk appraisal in the internal auditing.A commercial bank shall specify the functions and duties of compliance risk appraisal and compliance testing between the compliance management department and the internal auditing department. The internal auditing department shall notify the result of compliance auditing to the related persons-in-charge of compliance. Article 23A commercial bank shall specify its reporting lines of compliance risks as well as the elements,format and frequency of a report on compliance risks.Article 24The overseas branches or sub-branches or affiliated institutions of a commercial bank shall strengthen the functions of compliance management. The organizational structure of the compliance management functions shall accord with the local laws and requirements of supervision.Article 25The board of directors and senior management of a commercial bank shall guarantee that the outsourcing of the work of the compliance management department shall comply with local laws, rules and standards.A commercial bank shall guarantee that any outsourcing work of the compliance management department be under a proper supervision of its person-in-charge of compliance and will not hamper an effective supervision by China Banking Regulatory Commission.Chapter IV Supervision over Compliance RisksArticle 26A commercial bank shall report its internal regulations such as compliance policies, formalities for compliance management as well as compliance guidelines to China Banking Regulatory Commission for archival filing.A commercial bank shall timely report its plans of compliance risk management and appraisal reports on compliance risks to China Banking Regulatory Commission.Where a commercial bank finds any significant rule-breaking event, it shall report it to China Banking Regulatory Commission in accordance with the reporting system of significant events.Article 27Where a commercial bank designates a person-in-charge of compliance, it shall report it to China Banking Regulatory Commission in accordance with the related provisions. Where any person-in-charge of compliance of a commercial bank leaves his/her post, the bank shall report related information such as leaving reasons for resignation to China Banking Regulatory Commission within 10 workdays after leaving the post. Article 28China Banking Regulatory Commission shall conduct appraisal on the effectiveness of compliance risk management of commercial banks periodically and the appraisal reports shall be regarded as an important basis for classified supervision.Article 29China Banking Regulatory Commission shall, in accordance with the compliance records of commercial banks and the appraisal reports on compliance risk management, determine the frequency, scope and depth of on-the-spot compliance risk examination, and the contents shall be examined mainly include:(1)The appropriateness and effectiveness of the compliance risk management system of a commercial bank;(2)The functions of the board of directors and senior management of a commercial bank in the compliance risk management;(3)The appropriateness and effectiveness of the performance examination system, the accountability system and the credit accusation system of a commercial bank; and(4)The appropriateness and effectiveness of the functions of compliance management of a commercial bank.Chapter V Supplementary ProvisionsArticle 30The power to interpret these Guidelines shall remain with China Regulatory Banking Commission. Article 31These Guidelines shall enter into force as of the day of promulgation.。
