Regulatory authorities, policy banks, large banks, joint-stock banks, foreign banks, direct banks, financial asset management companies, financial asset investment companies, wealth management companies, insurance group (holding) companies, insurance companies, insurance asset management companies, pension management companies, insurance professional intermediaries, banking associations, insurance associations, trust associations, finance company associations, insurance asset management associations:
We are now issuing the 'Risk Prevention and Control Management Measures for Criminal Cases Involving Banks and Insurance Institutions' to you for your compliance and implementation.
State Administration of Financial Supervision and Administration
November 2, 2023
(This document is sent to the regulatory bureau and local legal person banks and insurance institutions)
Management Measures for Risk Prevention and Control of Criminal Cases Involving Banks and Insurance Institutions
CHAPTER I GENERAL PROVISIONS
Article 1: In order to improve the risk prevention and control level of criminal cases involving banking and insurance institutions (hereinafter referred to as cases), promote the safe and stable operation of the banking and insurance industry, and in accordance with laws and regulations such as the Banking Supervision and Administration Law of the People's Republic of China, the Commercial Bank Law of the People's Republic of China, the Insurance Law of the People's Republic of China, and other relevant provisions, these Measures are formulated.
Article 2: The term 'banking and insurance institutions' referred to in these Measures includes both banking institutions and insurance institutions.
Banking institutions refer to financial institutions and policy banks established within the territory of the People's Republic of China in accordance with the law, such as commercial banks, rural cooperative banks, rural credit cooperatives, village banks, etc., that accept public deposits.
Insurance institutions refer to insurance companies legally established within the territory of the People's Republic of China.
The goal of case risk prevention and control in banking and insurance institutions is to improve the organizational structure of case risk prevention and control, perfect institutional mechanisms, comprehensively strengthen internal controls and employee behavior management, continuously improve the level of case risk prevention and control, and resolutely and effectively prevent illegal and criminal activities.
Article 4 Banks and insurance institutions shall adhere to the centralized and unified leadership of the Party over financial work, resolutely implement the decisions and deployments of the Party Central Committee on financial work, fully play the leading role of Party building, continuously strengthen risk internal control construction, and improve long-term mechanisms for case risk prevention and control.
Article 5: The risk prevention and control of cases shall follow the following principles: prevention first, moving the checkpoint forward, comprehensive coverage, highlighting key points, legal person main responsibility, graded responsibility, joint prevention and control, each performing their own duties, local supervision, and integration into daily life.
Article 6 Banks and insurance institutions shall bear the main responsibility for risk prevention and control of their own cases.
Article 7 The State Administration for Financial Supervision and Administration (hereinafter referred to as the State Administration for Financial Regulation) and its dispatched agencies shall supervise and manage the risk prevention and control of bank and insurance institution cases in accordance with the law.
Article 8: Industry self regulatory organizations such as the China Banking Association and the China Insurance Industry Association shall coordinate and guide member units to improve their level of case risk prevention and control through strengthening communication, publicity and education.
Chapter 2 Division of Responsibilities
Article 9 Banks and insurance institutions shall establish a case risk prevention and control organizational system that is suitable for their business scope, scale, risk situation, and management level, and clarify the division of responsibilities of the board of directors, supervisory board, senior management, etc. in case risk prevention and control.
Article 10: The board of directors (managers) of banking and insurance institutions shall bear the ultimate responsibility for risk prevention and control of cases. The main responsibilities of the board of directors include:
(1) Promote the improvement of the organizational structure and institutional mechanisms for case risk prevention and control within our institution;
(2) Urge senior management to carry out case risk prevention and control work;
(3) Deliberate the annual case risk prevention and control assessment and other related reports of our institution;
(4) Other responsibilities related to case risk prevention and control.
If a special committee is established under the board of directors, it may be authorized to be specifically responsible for the prevention and control of case risks. For banking and insurance institutions that have not established a board of directors, the executive board of directors shall be responsible for the specific risk prevention and control work related to the board of directors' cases.
Article 11: Banking and insurance institutions that establish a supervisory board shall assume the responsibility of supervising case risk prevention and control, and be responsible for supervising the performance of the board of directors and senior management in case risk prevention and control.
Banking and insurance institutions that have not established a supervisory board shall be supervised by supervisors or organizations responsible for supervision to ensure that relevant entities fulfill their duties and responsibilities.
Article 12: The senior management of banking and insurance institutions shall bear the responsibility for implementing case risk prevention and control measures. The main responsibilities of senior management include:
(1) Establish a case risk prevention and control organizational structure that is suitable for the institution, clarify the division of responsibilities among the leading department, internal departments, and branch offices in case risk prevention and control;
(2) Deliberate and approve the relevant systems for risk prevention and control of cases in this institution, and supervise and inspect the implementation;
(3) Promote the implementation of various regulatory requirements for case risk prevention and control;
(4) Coordinate the investigation and disposal of case risks, as well as the management of employee behavior;
(5) Establish an accountability mechanism to ensure the implementation of case risk prevention and control responsibilities;
(6) Dynamically comprehensively grasp the risk prevention and control situation of our institution's cases, timely summarize and evaluate the effectiveness of our institution's case risk prevention and control in the previous year, propose key tasks for this year's case risk prevention and control, and report to the board of directors or a special committee of the board of directors;
(7) Other responsibilities related to case risk prevention and control.
Banks and insurance institutions shall designate a senior management personnel to assist the president (general manager, director, president, etc.) in the prevention and control of case risks.
Article 13: Banking and insurance institutions shall clarify the leading department for case risk prevention and control, and have it fulfill the following main responsibilities:
(1) Formulate or organize the formulation of case risk investigation and disposal, employee behavior management, and other case risk prevention and control systems, and promote their implementation;
(2) Guide and supervise internal departments and branch offices to fulfill their responsibilities for case risk prevention and control;
(3) Supervise the rectification and accountability of risk prevention and control related issues in case supervision;
(4) Coordinate and promote the informatization construction of case risk prevention and control;
(5) Analyze and assess the risk prevention and control situation of our institution's cases, organize the formulation and promotion of annual case risk prevention and control key tasks;
(6) Organize the assessment of case risk prevention and control, and report to senior management;
(7) Guide and organize training and education on case risk prevention and control;
(8) Other responsibilities related to leading and managing case risk prevention and control.
Article 14: The internal departments and branches of banking and insurance institutions shall bear direct responsibility for the risk prevention and control of cases within their scope of duties, and shall perform the following main responsibilities:
(1) Carry out risk investigation and disposal of cases in this line and institution;
(2) Carry out behavior management for employees in this line and institution;
(3) Carry out rectification work related to risk prevention and control of cases in this line and institution;
(4) Strengthen the informationization construction of case risk prevention and control within the scope of responsibilities of this line and institution;
(5) Carry out training and education on case risk prevention and control for this line and institution;
(6) Cooperate with the leading department for case risk prevention and control to carry out relevant work.
Article 15: The internal audit department of banking and insurance institutions shall include case risk prevention and control work in the scope of audit, clarify audit content, reporting paths, and other matters, timely report problems found during audit, propose improvement suggestions, and supervise problem rectification and accountability.
Article 16: The leading department for case risk prevention and control at the headquarters of banking and insurance institutions shall be equipped with dedicated personnel for case risk prevention and control that are suitable for the business scale, management level, and case risk situation of the institution.
Branch offices shall establish case risk prevention and control positions and designate personnel responsible for case risk prevention and control work.
Banks and insurance institutions should strengthen the construction of professional talent teams, regularly carry out systematic training and education on case risk prevention and control, and improve the professional quality and performance ability of relevant personnel.
Chapter 3 Task Requirements
Article 17 Banks and insurance institutions shall establish and improve case risk prevention and control mechanisms, build a full chain prevention and control system covering case risk investigation and disposal, employee behavior management, leadership supervision, internal supervision and inspection, accountability, problem rectification, report handling, assessment and reward, training and education, and other links. Forward looking analysis of the key areas of risk prevention and control in our institution's cases, targeted improvement of key measures for case risk prevention and control, continuous increase in information technology construction, and timely implementation of case risk prevention and control assessments.
Article 18 Banks and insurance institutions shall establish a system for risk investigation and disposal of cases, determine the scope, content, frequency, and other matters of risk investigation, and establish and improve a normalized risk investigation and disposal mechanism for key links such as customer access, job access, business processing, and decision-making approval.
Banks and insurance institutions should promptly and properly handle the problems, hidden dangers, and suspicious clues discovered during the risk investigation of the case.
If suspected illegal or criminal activities are discovered, banking and insurance institutions shall promptly transfer them to competent departments such as public security organs for handling, and actively cooperate in investigating the facts of illegal or criminal activities.
Article 19 Banks and insurance institutions shall establish a system for managing the behavior of their employees, improve their professional ethics and behavioral norms, and strengthen the monitoring and investigation of abnormal behavior in accordance with laws and regulations.
Banks and insurance institutions should strengthen the management of labor dispatch personnel and insurance sales personnel, and urge cooperative institutions to strengthen the management of third-party service personnel.
Article 20 State owned and state-controlled banks and insurance institutions shall strengthen supervision over the "top leaders" and leadership teams, strictly implement regulations on the selection and appointment of leading cadres, reporting of personal matters, avoidance of duties, going abroad for personal reasons, employment behavior of leading cadres' family members, economic responsibility auditing, delayed payment of performance-based compensation, and recovery and deduction.
Other banking and insurance institutions may strengthen supervision over directors, supervisors, and senior management personnel in accordance with the provisions of the preceding paragraph.
The job interviews and work reports of management personnel at all levels of banking and insurance institutions should include content on case risk prevention and control. Special interviews should be promptly conducted with department heads and lower level institution heads who have weak risk prevention and control measures for cases.
Article 21 Banks and insurance institutions shall establish and improve relevant mechanisms for supervising and inspecting case risk prevention and control in their internal supervision and inspection system, organize and carry out internal supervision and inspection of case risk prevention and control in relevant lines and institutions at all levels, and focus on increasing the supervision and inspection of grassroots branches, key positions, vulnerable areas of cases, and weak links.
Article 22 Banks and insurance institutions shall improve their internal accountability mechanisms, adhere to due diligence exemption and accountability for dereliction of duty, and seriously carry out responsibility determination and hold relevant institutions and individuals accountable for violations, dereliction of duty, and misconduct such as incomplete or inadequate implementation of case risk prevention and control systems, failure or improper disposal of case risks, management negligence, and ineffective internal controls.
Article 23: Banks and insurance institutions shall implement rectification and tracking management for case risk prevention and control issues discovered during internal and external audits, internal and external supervision and inspections, and strictly prevent similar problems from occurring.
Banks and insurance institutions should promptly and systematically sort out the defects and loopholes in their rules, regulations, operational procedures, and information systems exposed in their own cases, and organize the implementation of rectification measures.
Article 24 Banks and insurance institutions shall establish and improve the mechanism for discovering and investigating case risk clues in the reporting and handling system, effectively identify illegal and irregular matters reflected in reports, and take timely measures to deal with and resolve case risks and hidden dangers.
Article 25 Banks and insurance institutions shall regard case risk prevention and control as an important part of performance evaluation, pay attention to process evaluation, and encourage institutions at all levels to actively investigate, expose, and proactively prevent and control case risks. Reward institutions and individuals who have achieved outstanding results in risk prevention and control, effectively intercepted cases, and actively resisted or reported illegal and irregular behaviors.
Article 26 Banks and insurance institutions shall comprehensively strengthen business training on case risk prevention and control. Relevant job training, skill assessment, etc. should include content on case risk prevention and control.
Banks and insurance institutions should regularly organize and carry out case warning education activities. By using cases as evidence, learning from cases, and promoting governance through cases, we aim to enhance the risk prevention and control awareness and compliance management consciousness of practitioners, and actively create a good atmosphere of clean and honest financial culture.
Banks and insurance institutions should make criminal cases that occur within their own institutions a key focus of business training and warning education.
Article 27 Banks and insurance institutions shall fully identify the manifestations of risk points in key areas of cases based on their operational characteristics, including but not limited to credit business, innovative business, asset disposal business, credit card business, guarantee business, interbank business, asset management business, counter business, capital market business, bond market business, network and information security, security and protection, insurance development, insurance claims and other fields.
Article 28 Banks and insurance institutions shall continuously improve the effectiveness of internal controls, continuously improve key measures for case risk prevention and control, ensure overall controllability of case risks, including but not limited to shareholder equity and related party transaction management, hierarchical authorization system and authority management, important position rotation and mandatory leave management, account reconciliation and abnormal transaction account management, important seal and voucher management, etc.
Article 29 Banks and insurance institutions shall increase their efforts in information technology construction for case risk prevention and control, promote the continuous optimization of business processes in their internal departments and branches, strengthen the application of information technologies such as big data analysis and artificial intelligence, enhance the systematic control of key business processes and internal control measures, and continuously improve their ability to proactively prevent, identify, monitor, and dispose of case risks.
Article 30 Banks and insurance institutions shall establish and improve a risk prevention and control assessment mechanism for cases, and timely, comprehensively, and accurately evaluate the effectiveness of risk prevention and control in accordance with the requirements of these Measures and the actual situation of the institution. The evaluation items include but are not limited to the following:
(1) Organizational structure for case risk prevention and control;
(2) Construction and implementation of institutional mechanisms;
(3) Assessment of key areas of case risk;
(4) Implementation status of key prevention and control measures for case risks;
(5) Case risk investigation and disposal situation;
(6) Management of employee behavior;
(7) Risk exposure and accountability situation of the case;
(8) The internal departments, branches, or business areas involved in cases that occurred within the year have taken corrective measures and achieved results in improving systems, processes, and optimizing systems;
(9) The implementation of rectification measures for the problems identified in the previous year's evaluation, the main issues and improvement measures for risk prevention and control in this year's cases.
Banks and insurance institutions shall report the risk prevention and control assessment of cases to the State Administration for Financial Regulation or its dispatched agencies in accordance with their corresponding regulatory authorities before March 31 each year.
Chapter 4 Supervision and Management
Article 31: The State Administration for Financial Regulation and its dispatched agencies shall regard risk prevention and control of banking and insurance institution cases as an important part of daily supervision, and strengthen supervision and management of case risk prevention and control through off-site supervision, on-site inspections, and other methods.
Article 32: The case management departments of the State Administration for Financial Regulation and its dispatched institutions shall bear the responsibility of centralized management and coordinated promotion.
The institutional regulatory departments, functional regulatory departments, and dispatched agencies at all levels of the State Administration of Financial Regulation are responsible for the daily supervision of risk prevention and control of bank and insurance institution cases.
Article 33: The State Administration for Financial Regulation and its dispatched agencies shall implement off-site supervision of risk prevention and control of bank and insurance institution cases through risk warnings, special communication, regulatory talks, and other methods, and take the risk prevention and control situation of cases as an important consideration factor in regulatory rating.
The State Administration for Financial Regulation and its dispatched agencies shall timely assess and track the trend of changes in case risks of banking and insurance institutions, and implement key supervision on institutions with higher case risks.
Article 34: The State Administration for Financial Regulation and its dispatched agencies shall, based on the non site supervision situation of banking and insurance institutions, timely carry out risk investigation or on-site inspection for banking and insurance institutions with weak risk prevention and control and prominent risks.
Article 35: If the State Administration for Financial Regulation and its dispatched agencies discover problems in risk prevention and control of cases involving banking and insurance institutions, they shall take the following regulatory measures according to specific circumstances in accordance with the law:
(1) Order rectification within a specified time limit and report on the implementation of rectification within the prescribed time limit;
(2) Include in the annual regulatory notification and propose special work requirements;
(3) Conduct regulatory interviews with the heads of legal entities or branch offices;
(4) Order institutions to carry out internal accountability;
(5) Notify relevant units or departments;
(6) Dynamically adjust regulatory ratings;
(7) Timely conduct regulatory evaluations;
(8) Other regulatory measures.
Article 36 Banks and insurance institutions shall carry out case risk prevention and control work in accordance with these Measures. Those who violate the provisions of these Measures and cause adverse consequences shall be subject to administrative penalties by the State Administration for Financial Regulation and its dispatched agencies in accordance with the Banking Supervision and Administration Law of the People's Republic of China, the Commercial Bank Law of the People's Republic of China, the Insurance Law of the People's Republic of China and other relevant laws and regulations.
Chapter 5 Supplementary Provisions
Article 37: Regarding the definition of cases, the "Notice of the China Banking and Insurance Regulatory Commission on Issuing the Management Measures for Criminal Cases Involving Banking and Insurance Institutions (Trial)" (CBIRC [2020] No. 20) shall apply.
Article 38: Trust companies, financial asset management companies, enterprise group finance companies, financial leasing companies, automobile finance companies, currency brokerage companies, consumer finance companies, insurance group (holding) companies, reinsurance companies, insurance professional intermediaries, insurance asset management companies, foreign and Hong Kong, Macao, and Taiwan bank insurance institutions, as well as other financial institutions approved by the State Administration of Financial Supervision within the territory of the People's Republic of China, shall be governed by these Measures.
Article 39: These Measures shall be interpreted by the State Administration for Financial Regulation. The dispatched agencies of the State Administration of Financial Regulation may formulate implementation rules in accordance with these Measures and report them to the case management department of the State Administration of Financial Regulation for filing.
Article 40: These Measures shall come into effect on January 1, 2024. If there is any inconsistency between the previous regulations and this method, this method shall prevail. The Notice of the General Office of the China Banking Regulatory Commission on Issuing the Measures for Case Prevention of Banking and Financial Institutions (CBRC Office [2013] No. 257) is hereby abolished.
WeChat official account
WeCom