What Is a Compliance Program?

Bank compliance management refers to an independent mechanism that is responsible for identifying, assessing, providing consulting, monitoring, and reporting on banks' compliance risks. Compliance risks include the risk of sanctions, financial or reputational damage due to failure to comply with relevant laws, regulations, codes of conduct, and good standards of practice (collectively, "laws, standards and standards").

Bank compliance management

Bank compliance management is an independent mechanism that is responsible for identifying, evaluating, providing consulting, monitoring and reporting
Bank compliance management is an independent mechanism that is responsible for identifying, evaluating, providing consulting, monitoring and reporting
Bank compliance management shall follow the scientific management principles of independence, systematicness, full participation, mandatory, clear management status and responsibilities.
The principle of independence means
It is the natural mission of every business organization to control risks, reduce costs, and maximize profits to the greatest extent possible. It is also the common goal of corporate governance, internal control, risk management, and bank compliance management.
Many big banks in the world are

Chapter 1 Bank Compliance Management

Article 1 In order to strengthen the compliance risk management of commercial banks and maintain the safe and stable operation of commercial banks, these guidelines have been formulated in accordance with the Law of the People's Republic of China on Banking Supervision and Management and the Law of the People's Republic of China on Commercial Banks.
Article 2 These Guidelines apply to Chinese-funded commercial banks, wholly foreign-owned banks, Chinese-foreign joint venture banks and foreign bank branches established within the territory of the People's Republic of China.
Policy banks, financial asset management companies, urban credit cooperatives, rural credit cooperatives, trust and investment companies, enterprise group finance companies, financial leasing companies, auto finance companies, money brokerage companies, postal savings institutions, and economic management agencies established in the People's Republic of China Other financial institutions approved by the CBRC shall follow these guidelines for implementation.
Article 3 The laws, rules and standards referred to in these Guidelines refer to laws, administrative regulations, departmental rules and other normative documents, business rules, industry codes, codes of conduct, and professional ethics applicable to banking business activities .
The term "compliance" in this guideline refers to aligning the business activities of commercial banks with laws, rules and standards.
The compliance risk referred to in these Guidelines refers to the risk that a commercial bank may be subject to legal sanctions, regulatory penalties, major financial losses and reputational losses due to failure to comply with laws, rules and standards.
The compliance management department referred to in this guideline refers to the department, team or position established within a commercial bank and responsible for compliance management functions.
Article 4 Compliance management is a core risk management activity of commercial banks. Commercial banks should comprehensively consider the correlation between compliance risk and credit risk, market risk, operational risk and other risks to ensure the consistency of various risk management policies and procedures.
Article 5 The goal of compliance risk management for commercial banks is to establish and improve a compliance risk management framework, to effectively identify and manage compliance risks, promote the construction of a comprehensive risk management system, and ensure compliance with laws and regulations.
Article 6 Commercial banks shall strengthen the construction of compliance culture and integrate the construction of compliance culture into the entire process of corporate culture construction.
Compliance is a joint responsibility of all employees of a commercial bank and should start from the senior level of the commercial bank.
The board of directors and senior management shall determine the tone of compliance, establish compliance concepts such as active compliance and value creation by all employees, promote integrity and integrity in professional conduct and values throughout the bank, and improve the compliance awareness of all employees. Promote effective interaction between commercial banks' own compliance and external supervision.
Article 7 The CBRC shall supervise the compliance risk management of commercial banks in accordance with law, and check and evaluate the effectiveness of compliance risk management of commercial banks.

Bank Compliance Management Chapter 2

Compliance management responsibilities of the board of directors, the board of supervisors and senior management
Article 8 A commercial bank shall establish a compliance risk management system that is compatible with its business scope, organizational structure and business scale.
The compliance risk management system should include the following basic elements:
(1) Compliance policy; (2) Organizational structure and resources of the compliance management department; (3) Compliance risk management plan; (4) Compliance risk identification and management process; (5) Compliance training and education system.
Article 9 The compliance policy of a commercial bank shall clarify the basic principles that all employees and business lines need to abide by, as well as the main procedures for identifying and managing compliance risks, and make provisions on matters related to compliance management functions, including at least :
(1) the functions and responsibilities of the compliance management department;
(2) the authority of the compliance management department, including the right to communicate with any employee of the bank and obtain any records or archival materials required to perform their duties, etc .; (3) the compliance management duties of the person in charge of compliance;
(4) Various measures to ensure the independence of the compliance officer and the compliance management department, including ensuring that there is no conflict of interest between the compliance management duties of the compliance officer and the compliance manager and any other duties assumed by them;
(5) The cooperative relationship between the compliance management department, the risk management department, the internal audit department and other departments;
(6) Principles for establishing business lines and branch compliance management departments.
Article 10 The board of directors shall be ultimately responsible for the compliance of commercial banks' operating activities and shall perform the following compliance management duties:
(1) review and approve the compliance policies of commercial banks, and supervise the implementation of compliance policies;
(2) to review and approve the compliance risk management report submitted by senior management, and evaluate the effectiveness of commercial banks in managing compliance risks, so that compliance deficiencies can be resolved in a timely and effective manner;
(3) authorizing the risk management committee, audit committee or specially established compliance management committee under the board of directors to carry out daily supervision of the compliance risk management of commercial banks;
(4) Other compliance management duties stipulated in the articles of association of commercial banks.
Article 11 The board of directors responsible for daily supervision of compliance risk management of commercial banks shall, through individual interviews with compliance officers and other effective channels, understand the implementation of compliance policies and existing problems, and promptly report to the board of directors or senior management The management team shall put forward corresponding opinions and suggestions to supervise the effective implementation of compliance policies.
Article 12 The Supervisory Board shall supervise the performance of compliance management duties of the board of directors and senior management.
Article 13 Senior management shall effectively manage the compliance risks of commercial banks and perform the following compliance management duties:
(1) Formulate a written compliance policy, and amend the compliance policy in a timely manner in accordance with the status of compliance risk management and changes in laws, rules and standards, and report it to all employees after review and approval by the board of directors;
(2) Implementing compliance policies, ensuring that appropriate corrective measures are taken in a timely manner when violations are discovered, and that those responsible for violations are held accountable for the corresponding responsibilities;
(3) appointing the compliance officer and ensuring the independence of the compliance officer;
(4) clarify the compliance management department and its organizational structure, assign sufficient and appropriate compliance management personnel to perform its duties, and ensure the independence of the compliance management department; (5) identify the major compliance risks facing commercial banks , Review and approve the compliance risk management plan, and ensure the coordination of work between the compliance management department and the risk management department, the internal audit department and other relevant departments;
(6) Submitting a compliance risk management report to the board of directors each year. The report should provide sufficient basis and help board members to judge the effectiveness of senior management in managing compliance risks;
(7) timely report any major violations to the board of directors or its committees and board of supervisors;
(8) Other duties stipulated in the compliance policy.
Article 14 The person in charge of compliance shall comprehensively coordinate the identification and management of compliance risks of commercial banks, supervise the compliance management department to perform its duties in accordance with the compliance risk management plan, and submit compliance risk assessment reports to senior management on a regular basis. The compliance officer does not control the business line.
The compliance risk assessment report includes but is not limited to the following: changes in compliance risk conditions during the reporting period, identified violations and compliance deficiencies, and corrective actions taken or recommended.
Article 15 A commercial bank shall establish an evaluation system for the compliance performance of management personnel. The performance evaluation of commercial banks should reflect the values of advocating compliance and punishing violations.
Article 16 A commercial bank shall establish an effective compliance accountability system, strictly determine and investigate accountability for violations, and take effective corrective measures to improve business management processes in a timely manner and revise relevant policies, procedures and operating guidelines in a timely manner.
Article 17 Commercial banks shall establish an honest reporting system, encourage employees to report violations of the law, professional ethics, or suspicious behavior, and fully protect reporters.

Bank Compliance Management Chapter III

Article 18 The compliance management department shall assist senior management under the management of the compliance officer to effectively identify and manage compliance risks facing commercial banks and perform the following basic duties:
(1) Continue to pay attention to the latest development of laws, rules and standards, correctly understand the provisions and spirit of laws, rules and standards, accurately grasp the impact of laws, rules and standards on the operation of commercial banks, and provide timely compliance recommendations to senior management ;
(2) Develop and implement a risk-based compliance management plan, including the implementation and evaluation of specific policies and procedures, compliance risk assessment, compliance testing, compliance training and education, etc .;
(3) Review and evaluate the compliance of various policies, procedures and operating guidelines of commercial banks, organize, coordinate and urge all business lines and internal control departments to review and revise various policies, procedures and operating guidelines to ensure that Policies, procedures and operational guidelines comply with the requirements of laws, rules and guidelines;
(4) Assist relevant training and education departments to conduct compliance training for employees, including compliance training for new employees, and regular compliance training for all employees, and become an internal liaison department for employees to consult about compliance issues;
(5) Organize the establishment of compliance management procedures and compliance guidelines such as compliance manuals and employee behavior standards, and evaluate the adequacy of the compliance management procedures and compliance guidelines to provide guidance for employees in the proper implementation of laws, rules and standards;
(6) Proactively identify and evaluate compliance risks related to the business activities of commercial banks, including providing necessary compliance audits and tests for the development of new products and new businesses, identifying and evaluating new business methods, expansion, and new customers Compliance risks arising from the establishment of relationships and major changes in the nature of customer relationships;
(7) Collect and screen data that may indicate potential compliance issues, such as the increase in consumer complaints, abnormal transactions, etc., establish compliance risk monitoring indicators, measure the likelihood and impact of compliance risks according to the risk matrix, and determine compliance Regulatory risk priorities;
(8) Implement adequate and representative compliance risk assessment and testing, including testing compliance of various policies and procedures through on-site audits, inquiring about defects in policies and procedures, and conducting corresponding investigations. The results of compliance testing shall be reported upwards in accordance with the internal risk management procedures of commercial banks through the compliance risk reporting route to ensure that policies and procedures comply with the requirements of laws, rules and standards;
(9) Maintaining daily work liaison with regulatory agencies, tracking and evaluating the implementation of regulatory opinions and regulatory requirements.
Article 19 Commercial banks shall allocate resources for compliance management departments to effectively perform compliance management functions. Compliance managers should have the qualifications, experience, professional skills, and personal qualities that match their duties.
Commercial banks should provide systematic professional skills training for compliance managers on a regular basis, especially in correctly grasping the latest developments in laws, rules and standards and their impact on the operation of commercial banks.
Article 20 The person in charge of each business line and branch of a commercial bank shall be primarily responsible for the compliance of this line and its business activities.
A commercial bank shall establish a corresponding compliance management department according to the business lines and the business scope and business scale of its branches.
Each business line and branch compliance management department shall actively identify and manage compliance risks in accordance with the compliance management procedures, and report in a timely manner in accordance with the reporting route and reporting requirements for compliance risks.
Article 21 A commercial bank shall establish a coordination mechanism between the compliance management department and the risk management department in compliance management.
Article 22 The compliance management function of a commercial bank shall be separated from the internal audit function, and the performance of the compliance management function shall be regularly and independently evaluated by the internal audit department.
The internal audit department shall be responsible for compliance audits of various business activities of commercial banks. The internal audit plan shall include an audit evaluation of the appropriateness and effectiveness of the compliance management function, and the risk assessment method of internal audit shall include an assessment of compliance risks.
Commercial banks should clarify the responsibilities of the compliance management department and internal audit department in compliance risk assessment and compliance testing. The internal audit department shall notify the compliance officer at any time of the results of the compliance audit.
Article 23 A commercial bank shall define the compliance risk reporting route and the elements, format and frequency of the compliance risk report.
Article 24 Overseas branches or affiliates of commercial banks shall strengthen compliance management functions, and the organizational structure of compliance management functions shall comply with local laws and regulatory requirements.
Article 25 The board of directors and senior management shall be responsible for compliance with laws, rules and standards in outsourcing the work of the compliance management department.
A commercial bank shall ensure that any outsourcing arrangement of the work of the compliance management department is properly supervised by the compliance officer and does not hinder the effective supervision of the CBRC.

Bank Compliance Management Chapter IV

Article 26 A commercial bank shall promptly file internal policies such as compliance policies, compliance management procedures, and compliance guidelines with the CBRC for the record. Commercial banks shall submit compliance risk management plans and compliance risk assessment reports to the CBRC in a timely manner.
When a commercial bank discovers a major violation, it shall report it to the CBRC in accordance with the reporting system for major events.
Article 27 When a commercial bank appoints a person in charge of compliance, it shall report to the CBRC in accordance with relevant regulations. A commercial bank shall, within ten working days after the person in charge of compliance has left office, report to the CBRC the reasons for his departure and other relevant information.
Article 28 The CBRC shall periodically evaluate the effectiveness of the compliance risk management of commercial banks, and the evaluation report shall serve as an important basis for classified supervision.
Article 29 The CBRC shall determine the frequency, scope and depth of on-site inspections of compliance risks based on the compliance records and compliance risk management evaluation reports of commercial banks. The main contents of inspections include:
(1) the adequacy and effectiveness of the compliance risk management system for commercial banks;
(2) the role of the board of directors and senior management of commercial banks in compliance risk management;
(3) the adequacy and effectiveness of the performance evaluation system, accountability system and integrity reporting system of commercial banks;
(4) The adequacy and effectiveness of the compliance management function of commercial banks.

Chapter 5 Supplementary Provisions on Bank Compliance Management

Article 30 The interpretation of these guidelines is the responsibility of the CBRC.
Article 31 These Guidelines shall be implemented as of the date of promulgation.

IN OTHER LANGUAGES

Was this article helpful? Thanks for the feedback Thanks for the feedback

How can we help? How can we help?

RELATED ARTICLES