Circular of the China Banking Regulatory Commission on the Issuance of the Guidelines for Operational Risk Management of Commercial Banks

Circular of the China Banking Regulatory Commission on the Issuance of the Guidelines for the Operational Risk Management of Commercial Banks

Yin Jian Fa [2007] No.42

May 14, 2007

To all China Banking Regulatory Commission ("CBRC") local bureaus, policy banks, state-owned commercial banks, corporate commercial banks and postal saving banks.

To strengthen the operational risk management practices of commercial banks, encourage commercial banks to continuously improve their corporate governance practices, and improve their ability to manage risk, the CBRC has confirmed its Guidelines on the Operational Risk Management of Commercial Banks, which are hereby published and issued to you. Please put these guidelines into execution accordingly.

All CBRC local bureaus should forward this Circular to the main branches of all city commercial banks, rural commercial banks, rural cooperative banks, rural credit cooperatives, city credit cooperatives, wholly-owned foreign-invested banks, joint venture banks and foreign banks.

Attached: Guidelines for the Operational Risk Management of Commercial Banks

Chapter I General Provisions

Article 1 These Guidelines are enacted in accordance with the Banking Regulation and Supervision Law of the People's Republic of China, the Law of the People's Republic of China on Commercial Banks and other relevant laws and regulations for the purpose strengthening the operational risk management of commercial banks

Article 2 These Guidelines shall apply to Chinese commercial banks, wholly-owned foreign-invested banks and joint venture banks that are established within the territory of the People's Republic of China.

Article 3 For the purpose of these Measures, "operational risk" means any risk caused by any imperfection or defect in internal procedures, staff or information technology systems or by external events. This definition includes legal risk, but excludes strategic risk and reputational risk.

Article 4 The CBRC shall supervise, examine and evaluate the effectiveness of the operational risk management practices of commercial banks in accordance with the law.

Chapter II Operational Risk Management

Article 5 In accordance with the requirements of these Guidelines, a commercial bank shall establish an operational risk management system that is suitable for the nature, size and degree of complexity of its business in order to recognize, evaluate, supervise and control operational risk. Operational risk management systems are not required to be uniform, but shall include at least the following principal elements:
1. supervision and management by the board of directors;
2. senior management responsibilities;
3. appropriate organizational structure;
4. operational risk management policies, methods and procedures; and
5. policies on operational risk reserve accrual.

Article 6 The board of directors of a commercial bank shall regard operational risk as one of the major risks any commercial bank faces, and shall bear ultimate responsibility for the effectiveness of the supervision and control of operational risk management.
Its major responsibilities include:
1. establishing the general policies and strategies for operational risk management that match the strategic goals of the bank and are applicable to the bank as a whole;
2. by examining and approving senior management's responsibilities, powers and reporting structures insofar as they are relevant to operational risk, ensuring the effectiveness of the operational risk management decision-making system of the bank as a whole and controlling operational risks to which the bank is exposed in its daily business within an acceptable level;
3. periodically auditing operational risk reports submitted by senior management and fully comprehending the general situation of the operational risk management of the bank as a whole, the effectiveness of the solutions to significant operational risk events and the effectiveness of the evaluation of daily operational risk management;
4. ensuring that senior management has adopted the necessary measures to recognize, evaluate, supervise, and control operational risk;
5. ensuring that the bank's operational risk management system is effectively supervised and examined by internal auditors; and
6. establishing an appropriate incentive scheme and effectively promoting the implementation of an operational risk management system within the bank.

Article 7 The senior management of a commercial bank is responsible for executing operational risk management strategies, general policies and systems approved by the bank's board of directors. The major responsibilities of senior management include:
1.
　　......