What Is Compliance Risk Management?
Compliance Risk. According to the "Compliance and Internal Compliance Department" issued by the Basel Committee on Banking Supervision, "compliance risk" refers to: a bank's failure to comply with laws and regulations, regulatory requirements, rules, self-regulation The relevant standards formulated by sexual organizations and the code of conduct applicable to the bank's own business activities may be subject to the risk of legal sanctions or regulatory penalties, major financial losses or reputational losses. From the perspective of connotation, compliance risk is mainly to emphasize the economic or reputational losses suffered by banks due to their own dominant violations of laws, regulations and regulatory rules. The nature of this risk is more serious and the losses are greater.
Compliance risk
- Compliance Risk. According to the "Compliance and Internal Compliance Department" issued by the Basel Committee on Banking Supervision, "compliance risk" refers to: a bank's failure to comply with laws and regulations, regulatory requirements, rules, self-regulation The relevant standards formulated by sexual organizations and the code of conduct applicable to the bank's own business activities may be subject to the risk of legal sanctions or regulatory penalties, major financial losses or reputational losses. From the perspective of connotation, compliance risk is mainly to emphasize the economic or reputational losses suffered by banks due to their own dominant violations of laws, regulations and regulatory rules. The nature of this risk is more serious and the losses are greater.
- Compliance risks originally came from the financial industry and were mainly targeted at banking institutions. But since 2002,
- Development History
- The Treadway Committee in 1992
Compliance risk identification
- Extensive and continuous collection of compliance risk information, necessary screening, comparison, classification, combination, etc., to effectively identify compliance risks. Compliance risk information should be dynamically managed.
Compliance risk risk relationship
- Traditional bank risks include credit risk, market risk, and operational risk. The compliance risk is a more basic risk based on the three major risks. Compliance risk is closely related to the three major risks of banks. The difference is that compliance risk is simply a risk or loss caused by a bank doing something it should not do (illegal, illegal, illegal, etc.), and the bank's own behavior is more dominant. The three major risks are mainly the risks or losses based on internal and external environments such as customer credit, market changes, and employee operations. The external environmental factors are more contingent and irritating. The connection is that compliance risk is an important inducement for the existence and performance of the other three major risks, especially operational risks, and the existence of the three major risks makes compliance risks more complex and difficult to prohibit, and their results are basically The same, it will bring economic or reputational losses to the bank. In the past, commercial banks usually regarded compliance risks as operational risks, and more focused on setting up checkpoints in business operations and operators. The results did not work. Operational risks still existed in the bank's internal staff and were constantly changing methods. This shows that simply understanding that compliance risk is equivalent to operational risk is incomplete and inaccurate. Although a large number of operational risks are mainly manifested in the operation links and operators, there are often hidden behind the operation links are unreasonable and the operators lack a sense of compliance and law. Bank compliance risks, in most cases, originate at the level of the bank's system decision-making and managers at all levels, often with system defects and upper-level color. Therefore, as far as the actual situation is concerned, even if the bank prevents the operation risk of the staff at the grassroots level, it may not be able to prevent the occurrence of institutional or management compliance risks. Therefore, special attention must be paid to compliance risks, because sometimes the harms and losses caused are much greater than the general operational risks.
Establishment of compliance risk mechanism
- Compliance risk management refers to banks actively avoiding violations and proactively discovering and taking appropriate measures to correct the violations that have occurred. The post manual is also a cyclical process in which relevant systems and corresponding practices are continuously revised. This process of compliance risk management is the foundation and core of building an effective internal control mechanism for banks.
- Basel Banking Supervision Committee
- Wang Huaqing, director of the Shanghai Regulatory Bureau of the China Banking Regulatory Commission, emphasized that the core of the current construction of the "compliance culture" of commercial banks is the construction of compliance mechanisms and the establishment of relatively independent compliance departments. It is necessary to change the long-term extensive management routine, build a thorough compliance culture as soon as possible, and insist on judging and making decisions based on compliance in every detail and link of operation management, and then gradually form a brand-new "Compliance Cultural Tradition".
- Most foreign commercial banks have a compliance department. Their responsibilities include identifying, monitoring, assessing and reporting on compliance risks, timely detecting and stopping the occurrence of risks and the damage caused by them; sorting out and integrating the various rules and regulations and compliance training of banks Participate in the bank's organizational structure and business process reengineering, and provide compliance support for new products. For most domestic commercial banks, building a compliance risk management mechanism has a long way to go. The most obvious problem is that there is no separate compliance department, or its functions are shared by the audit department, legal affairs department or supervision department, and the specific functional positioning is limited to routine inspections conducted in accordance with the requirements of the regulatory authority. There is no necessary preparation for the compliance system. Therefore, it is imperative for commercial banks to cultivate a "compliance culture" and establish a compliance risk management mechanism.
Compliance Risk Construction Approach
- On April 29, 2005, the International Basel Committee on Banking Supervision issued a high-level document entitled Compliance and Internal Banking Compliance Department, which proposed 10 guiding principles for bank compliance management and compliance department construction. It can be said that this is for the Compliance management in the international banking industry sets a standard.
- Compliance is a core risk management activity of the banking industry. A sound and effective compliance risk management mechanism is the basis for implementing risk-based supervision. Commercial banks can build compliance risk management mechanisms from the following five aspects.
- Compliance Risk Management
- 1. Establish active compliance awareness and overcome passive compliance psychology. Compliance is a fundamental inherent requirement for the sound operation of the banking industry and an important part of the banking culture.
- 1. Establish the concept of compliance among all bank employees, active awareness of compliance, and value creation through compliance. When employees are exposed to every business, they must consider the review of compliance risks and advocate for active discovery. And expose compliance risks or issues for timely rectification.
- 2. Compliance culture is supported by a set of systems, methods and tools, which requires banks to strengthen post-evaluation of rules and regulations. According to the problems found, appropriate improvements shall be made in business policies, behavior manuals and operating procedures to avoid the occurrence of any similar violations and to correct the violations that have occurred, and to provide the necessary punishment to the responsible persons. If a compliance risk is discovered and concealed, once it is verified by the internal audit department or external supervisors, the concealed non-reporter must be punished more severely; for those who actively report problems or hidden dangers, they can be mitigated as appropriate, Even exemptions and even rewards.
- 3. Make the performance appraisal mechanism an important part of cultivating a compliance culture to fully reflect the values of commercial banks advocating compliance operations and punishing violations.
- 2. Formulate compliance policies and set up compliance departments. The compliance department is an independent functional department that supports and assists senior management of the bank to do compliance risk management. The front-line business department has direct responsibility for compliance, and senior management has ultimate responsibility for the compliance operation of the bank. The establishment of a compliance risk management mechanism for commercial banks requires the establishment of a full-time compliance department, and the need to ensure that the compliance department discovers and investigates problems without interference, and allows compliance personnel to participate in the reorganization process of the bank's organizational structure and business processes in a timely manner. Make the principle of operating according to laws and regulations truly implemented in every step of the business process and even every employee. At the same time, it is necessary to formulate and approve an effective compliance policy that is in line with the characteristics of commercial banks. It is a programmatic document for compliance risk management of banks; through practice and accumulated experience, explore an operating mechanism and governance to effectively manage compliance risks. Fundamental solutions to operational risk. But it must be clear that the work of the compliance department should not be used as an excuse to shirk the responsibility of various business departments and senior management of the bank, and the compliance department must not be a "scapegoat" for accountability of senior management and other departments.
- 3. Establish a reporting and supervision mechanism. To raise awareness among employees about operating in compliance with laws and controlling compliance risks, it is necessary to establish a reporting and supervision mechanism, provide necessary channels and channels for employees to report violations and illegal acts, and establish an effective reporting protection and incentive mechanism.
- 4. Establish a risk assessment mechanism. It is necessary to establish and improve the risk identification and assessment system as soon as possible, to learn from advanced international experience, to actively use modern scientific and technological means, to establish and improve a monitoring, evaluation and early warning system covering all business risks, to attach importance to early warning, and to seriously implement the registration and risk of major breaches Prompt system.
- V. Establish compliance risk management mechanism on the basis of "process bank". It is necessary to completely break the sectoral bank system that has been passed down for many years in a stable and closed market environment and in the period of a single planned economy of financial products. To avoid fragmentation and mutual peeling, establish a unified closed process centered on customer needs, and optimize and streamline business processes based on the principle of serving customers well and controlling various risks, including compliance risks.