Article 18 The compliance management department shall, under the management of the person in charge of compliance, assist the senior management to effectively identify and manage the compliance risks faced by commercial banks, and perform the following basic duties:
(1) Pay close attention to the latest trends of laws, rules and standards, correctly understand the provisions and spirit of laws, rules and standards, accurately grasp the impact of laws, rules and standards on the operation of commercial banks, and provide compliance advice to senior management in a timely manner.
(2) Formulating and implementing a risk-based compliance management plan, including the implementation and evaluation of specific policies and procedures, compliance risk assessment, compliance testing, compliance training and education, etc. ;
(3) Check and evaluate the compliance of policies, procedures and operational guidelines of commercial banks, organize, coordinate and urge all lines and internal control departments to sort out and revise policies, procedures and operational guidelines, and ensure that policies, procedures and operational guidelines meet the requirements of laws, regulations and guidelines.
(4) Assist relevant training and education departments to conduct compliance training for employees, including compliance training for new employees and regular compliance training for all employees, and become the internal liaison department for employees to consult compliance issues;
(5) Organizing the formulation of compliance management procedures, compliance manuals, employee codes of conduct and other compliance guidelines, evaluating the appropriateness of compliance management procedures and compliance guidelines, and providing guidance for employees to correctly implement laws, regulations and standards;
(6) Proactively identifying and evaluating compliance risks related to business activities of commercial banks, including providing necessary compliance audits and tests for developing new products and businesses, and identifying and evaluating compliance risks arising from expanding new business methods, establishing new customer relationships and major changes in the nature of customer relationships.
(7) Collecting and screening data that may prompt potential compliance problems, such as increased consumer complaints and abnormal transactions, establishing compliance risk monitoring indicators, measuring the possibility and impact of compliance risks according to the risk matrix, and determining the priority of compliance risks;
(eight) the implementation of adequate and representative compliance risk assessment and testing, including on-site audit to test the compliance of various policies and procedures, ask about the defects of policies and procedures, and conduct corresponding investigations. Compliance test results should be reported through compliance risk reporting in accordance with the internal risk management procedures of commercial banks to ensure that all policies and procedures meet the requirements of laws, rules and standards;
(9) Maintain daily working contact with regulatory agencies, and track and evaluate the implementation of regulatory opinions and regulatory requirements.
Article 19 Commercial banks should equip compliance management departments with resources to effectively perform compliance management functions. Compliance management personnel should have the qualifications, experience, professional skills and personal qualities that match their responsibilities.
Commercial banks should regularly provide systematic professional skills training for compliance managers, especially in correctly grasping the latest development of laws, rules and standards and their impact on the operation of commercial banks.
Article 20 The persons in charge of each line and branch of a commercial bank shall bear the main responsibility for the compliance of this line and their own business activities.
Commercial banks should set up corresponding compliance management departments according to the business lines, business scope and business scale of their branches.
The compliance management departments of all branches and branches shall actively identify and manage compliance risks according to the compliance management process, and report them in a timely manner according to the reporting route and requirements of compliance risks.
Article 21 A commercial bank shall establish a cooperation mechanism between the compliance management department and the risk management department in compliance management.
Article 22 The compliance management function of a commercial bank should be separated from the internal audit function, and the performance of the compliance management function should be independently evaluated by the internal audit department on a regular basis.
The internal audit department is responsible for the compliance audit of various business activities of commercial banks. The internal audit plan shall include the audit evaluation of the appropriateness and effectiveness of compliance management functions, and the risk assessment method of internal audit shall include the assessment of compliance risks.
Commercial banks should clarify the responsibilities of compliance management departments and internal audit departments in compliance risk assessment and compliance testing. The internal audit department shall inform the compliance supervisor of the compliance audit results at any time.
Article 23 A commercial bank shall specify the ways, contents, formats and frequencies of compliance risk reports.
Article 24 Overseas branches or subsidiaries of commercial banks should strengthen their compliance management functions, and the organizational structure of compliance management functions should meet local laws and regulatory requirements.
Article 25 The board of directors and senior management are responsible for the outsourcing of laws, rules and standards by the compliance management department.
A commercial bank shall ensure that the outsourcing arrangement of the compliance management department is properly supervised by the person in charge of compliance and does not hinder the effective supervision of the CBRC.