Guide on Compliance Risk Management for Commercial Banks (17/04/2007)
1. How is a compliance risk management system set up?
Commercial banks must set up the compliance risk management system corresponding to their operational scope, organizational structure, and business scale, and must put in place three basic systems - namely a compliance performance assessment system, a compliance accountability system, and a good faith reporting system.
2. What is the role of the board directors?
The Guidance contains provisions on the management duties of the board of directors, board of supervisors, and senior management of commercial banks. These provisions require that the board of directors be responsible for the examination and approval of compliance policies and the compliance risk management report, for assessing performance of the compliance risk management policies. The board of directors must also appoint the risk management committee, the internal audit committee, and a specially established compliance management committee, which should supervise
compliance risk management on a day-to-day basis.
3. What is the role of the board of supervisors?
The board of supervisors is responsible for supervising the performance of the compliance management duties by the board of directors and senior management. Senior management is deemed to be responsible for stipulating and implementing the compliance policies, appointing the person in charge of compliance, identifying the compliance management departments and their organizational structure, identifying the major compliance risks that commercial banks encounter, examining and approving the compliance risk management plans, submitting the compliance risk management report on an annual basis, and reporting any material non-compliance events to the board of directors or the committees established thereunder, or to the board of supervisors in a timely manner.
4. What else does the guidance refer to?
The Guidance provides that the compliance management department must, under the direction of the person in charge of compliance, assist senior management effectively by identifying and managing the compliance risks faced by a commercial bank. According to the Guidance, the basic duties of the compliance management department include: (i) providing information on compliance to senior management, (ii) forming and carrying out the compliance management policies, (iii) ensuring compliance with the policies, procedures, and the operation manual, (iv) giving training on compliance to employees, (v) identifying and evaluating the compliance risks arising from the development of new products and new businesses as well as expansion of new business models, (vi) monitoring and testing the compliance risk systems, and (vii) maintaining a close working relationship with the regulatory authorities.