On the Importance of Bank Risk Supervision

Banking is the leading industry in China. The main business of the bank has realized informatization, and the banking business and service are almost inseparable from informatization. The scope of bank informatization is very extensive, which is manifested in all aspects of banking enterprises, banking fields and banking supervision authorities. Banking enterprises, including product services, resource management, core business management, risk management, customer management, financial management, electronic banking (bank e-commerce), public services, office business, risk management, emergency management, etc. Information technology has been basically realized, and a large information system of computer and communication system has been established.

However, there are still many problems that must be paid attention to in China's bank informatization, some of which are quite urgent and need to be solved urgently. For example, the operation, management and service mode of bank informatization needs further reform: the overall framework of bank informatization is still not perfect and quite messy, the interconnection and interoperability of information systems between banking enterprises and fields are still outstanding, the phenomenon of information islands is serious, and the comprehensive benefits and high-end application level of bank informatization are low; The research of bank informatization architecture is very weak, so it is necessary to strengthen the top-level research of informatization overall and architecture; The backup system of bank information system is poor, the system reliability service guarantee is insufficient, the business continuity and emergency measures are insufficient, and the disaster resistance ability needs to be strengthened; The informatization of financial risk supervision is blank, the supervision mode and method are backward and the supervision efficiency is low. In the era of "photoelectric speed" in dealing with affairs, banks are informatization and networking, and they should "supervise outside the network" instead of "serving inside the network". The huge speed mismatch between these two modes has caused the falsehood of supervision. The security construction of bank information system is facing a serious threat, mainly in terms of structure and loopholes, which often leads to information security accidents. China's banking industry is actively learning from the classic experience of foreign risk assessment, evaluation and standardization. At the same time, like banks in developed countries, it is also facing the risk supervision problem in the online world, but the problem in China is more prominent. China's banking risk supervision institutions are absent, and banking enterprises, banking fields and banking supervision authorities mainly rely on their information centers for risk supervision. The main function of information centers is the construction, application, management and maintenance of internal informationization. For the implementation of risk supervision in the whole field, there is basically no motivation to implement it, whether it is the planning and management of risk supervision or the monitoring of operation. Because risk supervision is an operation management system, it is necessary to monitor the information risk in the whole field in real time. In this sense, the absence of supervision in China's financial sector reflects the lack of correct understanding of the role of financial informatization and risk supervision in China's financial sector.

Two. General requirements of bank risk supervision

Bank risk supervision includes three aspects: bank enterprises, fields and supervision departments.

The requirements of bank enterprise risk supervision are: avoiding, dissolving and reducing risks, and maximizing enterprise value. On the basis of earnestly implementing the scientific method of bank supervision informatization, ensuring the authenticity of bottom-up supervision information and the credibility and effectiveness of supervision behavior in risk supervision, and the smooth transmission of top-down banking business and risk supervision policies, according to risk supervision standards such as Basel Capital Accord, bank risk supervision should meet the requirements of comprehensive management of credit risk, market risk, operational risk, business risk and enterprise risk.

There are many different requirements and characteristics between risk supervision in banking field and risk supervision in banking enterprises. In addition to paying attention to the interoperability between information systems of bank enterprises, there are a large number of information systems among bank enterprises, so it is necessary to extend bank risk supervision to the whole field. The relevance and cross-border characteristics of banking enterprises and international information systems make the task of risk supervision very arduous. Risk supervision in the banking sector is not only a micro-level supervision, but also a macro-level comprehensive supervision. Fundamentally speaking, financial risk supervision should ultimately be implemented in the management of capital flow and the control of the smooth transmission of financial policies.

The construction of supervision information system of banking supervision authorities is a comprehensive risk supervision information system based on the risk supervision information systems of all banks and banking fields in China, which generally includes the following contents: risk supervision, security guarantee, technical supervision and safety emergency of information business of banking supervision authorities.

Third, establish a long-term mechanism for risk supervision.

1, the content of the long-term mechanism of bank risk supervision

(1) Establish a regulatory organization system and clarify the responsibilities and rights of risk supervision.

(2) Clarify the objectives of risk supervision.

(3) Clarify the tasks and work scope of risk supervision. Including the establishment and operation of bank risk supervision and operation management system; Establish and operate a banking and risk assessment system; Establish a risk supervision standard system; Establish a risk supervision system.

(4) Establish a supervision system that integrates the real world and the online world. It is necessary to implement the basic requirements of "service in the network" and "supervision in the network" and realize law enforcement, management, supervision and control in the network. Establish a service technology system of agency law enforcement, agency management, agency service and agency supervision.

2. Establish a standardized banking risk supervision system.

(1) Bank and risk assessment standard system. The informatization of banking business and management, and the informatization of bank risk supervision, not only need to establish some management systems, but also need a relatively substantial standard system of bank risk supervision and evaluation. It is fundamental for banks to establish a risk assessment standard system to do a good job in risk supervision. To establish a standard system of risk assessment, we should consider the following directions: (1) classification of risk handling attitude; Risk supervision rating standard system; Bank and risk pricing standard system: risk supervision and evaluation system; Risk supervisor rating (performance appraisal) evaluation system; Risk supervision maturity evaluation system.

(2) Standard system of bank and risk pricing. Evaluating the value and risk of banks is an important part of a long-term mechanism. Bank risk assessment should mainly consider the following aspects: bank business risk assessment, bank business risk supervision assessment, bank technical risk assessment, bank technical risk supervision assessment, bank technical risk safety assessment, bank business continuity and safety emergency assessment and bank supervision service assessment. The overall evaluation of bank risk is actually the evaluation of scoring and pricing all risk issues according to the Basel Capital Accord. Therefore, it is necessary to give all the risk scoring and pricing standard systems, and realize this scoring and pricing index system in all aspects of bank supervision, and give the measurement method of behavior characteristics supervision. For example, taking credit evaluation and pricing as an example, credit refers to statistical characteristics such as default probability and error probability. The historical record of the subject's behavior reflects whether the subject's behavior has violated the contract, violated the rules, violated the law, exceeded the authority, exceeded the scope, and undermined the integrity and confidentiality of data and information. The credibility of behavior can be divided into levels. According to the credibility of behavior, behavior tree can be divided into two parts: expected behavior and unexpected behavior. In the part of expected behavior, it is divided into business behavior and office behavior, both of which are extra points. The algorithm of bonus points is to express the relative value of bonus points according to the relative proportion of business behavior and office behavior time to the total office time. Deduction points for accidental behavior. Accidents are divided into general accidents, harmful accidents and highly harmful accidents. Of course, the deduction value of different levels of unexpected behavior is different, not only deduction, but also warning or punishment.

The index system of bank management pricing is to formulate coordinated work pricing within the whole bank according to various business positions and roles of banks. Formulating the average pricing system of bank management is the basic index system to realize bank management accounting and performance evaluation, and it is also one of the foothold of bank behavior supervision. At least the corresponding pricing system should be established in the following aspects: average time pricing of terminal operators, average time pricing of network operators, average percentage of effective working hours, risk pricing and loss pricing. It should be noted that the above pricing systems are role-oriented. This kind of scoring and pricing can be completely realized in the computer and network system, that is, in the network world with risk scoring and pricing. The value of bank information assets has a great influence in all kinds of events in which the bank information system interrupts its business.

(3) User standard system of bank supervision informatization. User standards are a series of technical standards formulated by industry users to realize informatization. It mainly includes information architecture standards, interoperability standards, network service standards, security standards, supervision standards, evaluation standards and so on. These standards are not the product and technical standards of enterprises. Among them, the architecture standard is the most important, and the standards of operation architecture, system architecture and technical architecture are established.

User standard is a standard system that requires enterprises to implement long-term mature development, participate in competition, improve service quality, reduce service cost and realize comprehensive functional benefits of information products with the cooperation of standardization professional institutions and the participation of industry products, systems and service providers. Information technology standards The standards that users care about are actually the "solution" standards of users. Although China has done some work on the construction of technical standard system for information users in various fields of information application, the demand for information construction is still very preliminary.

Modern user standardization is also a network service system. In order to check or evaluate the implementation of standards, it is necessary to establish evaluation and certification institutions for these standards or guidelines, and implement them through certification management and control of product quality standards. Informatization evaluation needs to enter the network, and the real evaluation work is carried out in the network by evaluating the network service of the business.

3. Establish a banking risk supervision system.

The banking industry still attaches great importance to the formulation of policies and regulations, market rules and business rules for risk supervision. The state usually promulgates various laws for financial institutions and enterprises such as the central bank, banking supervision authorities, insurance companies and financial leasing companies to engage in financial market activities. These laws and regulations have played an important role in realizing the smooth or barrier-free transmission of national policies and regulations and strengthening macro-control.

However, the banking industry in China has not paid enough attention to the technical regulations of informatization. Technical regulations are related to the implementation of technical standards. For example, in the informatization construction of banks, operational safety standards and norms must be implemented. Without interoperability, it is impossible to realize the' systematic operation' of the whole bank information system, the comprehensive management of banking enterprises and the information management in the banking field. After realizing the interconnection, interoperability and interoperability of bank informatization, the security of information system has become a very important issue. The implementation and enforcement of technical standards is achieved through evaluation and certification, not through issuing standardized documents, but through enforcement. Therefore, it is necessary to formulate corresponding technical regulations to ensure the implementation of bank technical standards. Some technical regulations are formulated nationwide, such as: regulations on risk supervision institutions, information security law, regulations on certification and accreditation of information products, government regulations on information security, and electronic signature law. Some technical regulations are formulated within a certain industry or a certain field, and some technical regulations are even formulated by themselves within the scope of enterprises. For example, the implementation regulations of bank informatization norms and standards. For another example, the electronic tag method just studied abroad is very important for the security of network communication. The banking industry is actively formulating the electronic bill law. At the same time, we also foresee that in the near future, there will inevitably be laws and regulations on the implementation of agency services in the network, laws and regulations on the supervision of bank network behavior, and laws and regulations on certification. By monitoring the behavior of employees in the information system, the implementation and enforcement of technical regulations can be completely managed and controlled.

4. Banking risk supervision organization

The scientific development of bank informatization requires the establishment of risk supervision institutions, mainly in order to establish supervision professional teams under the condition of informatization. Without such a team, it is difficult to put forward the scientific development strategy of informatization of banking enterprises, fields and supervision departments, to realize the comprehensive method of banking risk supervision, to operate and maintain the supervision system integrating human and network, and to study the risk value system, risk supervision standard system and risk supervision laws and regulations system. Without a special regulatory agency, it is impossible to plan, manage and monitor the risk supervision, and it is impossible to control the operation of the bank information system and various risks in real time.