商業(yè)銀行合規(guī)管理實用手冊

1、商業(yè)銀行合規(guī)管理實用手冊(附光盤)商業(yè)銀行合規(guī)管理實用手冊 序言 市場經(jīng)濟就是法治經(jīng)濟。金融市場在市場經(jīng)濟體系中占有極其重要的基礎地位，而銀行業(yè)在金融市場中又具有舉足輕重的地位，因此如何運用法律手段在銀行業(yè)領域實施有效監(jiān)管、規(guī)范維護行業(yè)秩序和防范化解行業(yè)風險具有格外重要的意義。國內外商業(yè)銀行的發(fā)展實踐證明，將商業(yè)銀行經(jīng)營管理活動納入依法合規(guī)的軌道，既是商業(yè)銀行生存發(fā)展的基本前提，也是商業(yè)銀行穩(wěn)健經(jīng)營的關鍵所在，更是銀行業(yè)市場持續(xù)健康發(fā)展的必然要求。 合規(guī)管理作為一門獨特的銀行風險管理技術，如今已得到全球銀行業(yè)的普遍認同和高度重視。2005年5月，巴塞爾銀行監(jiān)管管理委員會發(fā)布了題為合規(guī)與銀行合規(guī)

2、部門的文件，這既是對于國際領先銀行合規(guī)工作經(jīng)驗的總結，也明確了國際銀行監(jiān)管標準的發(fā)展趨勢。根據(jù)文件規(guī)定，合規(guī)風險是指“銀行由于未能遵循法律法規(guī)、監(jiān)管規(guī)定、自律性組織準則以及適用于銀行自身業(yè)務活動的行為準則，而可能遭受法律制裁、監(jiān)管處罰、重大財務損失和聲譽損失的風險?！庇纱丝梢姡弦?guī)管理實質上就是銀行管理自身合規(guī)風險的職能，這在國際上已被公認為銀行的安身立命之本。 反觀國內，近年來銀行業(yè)頻頻發(fā)生的大案要案恰恰說明“合規(guī)文化”在我國銀行業(yè)的缺失，“合規(guī)文化”的經(jīng)營理念還遠遠沒有浸潤到銀行的日常管理機制中。在此背景之下，中國銀行業(yè)監(jiān)督管理委員會根據(jù)合規(guī)與銀行合規(guī)部門，結合中國銀行業(yè)監(jiān)管實踐，于200

3、6年10月制定了商業(yè)銀行合規(guī)風險管理指引，正式將商業(yè)銀行合規(guī)管理工作納入監(jiān)管范圍，因此正確認識合規(guī)管理的重要意義顯得正當其時。首先，合規(guī)管理是應對全面監(jiān)管要求的重要保證。隨著國內全方位和多層次的監(jiān)管格局的形成，監(jiān)管當局逐漸借鑒國際上銀行監(jiān)管的先進理念和最佳做法，銀行業(yè)的監(jiān)管環(huán)境日益嚴格、監(jiān)管要求日益復雜，商業(yè)銀行內部必須建立起有效的合規(guī)管理體系來識別評估和防范化解各類合規(guī)風險。其次，合規(guī)管理是銀行全面風險管理體系的重要組成部分。全面風險管理是對銀行業(yè)務管理中存在的各類風險實施系統(tǒng)管理，而合規(guī)風險則是各類風險中的核心風險，尤其是形成操作風險的直接誘因，因此強化合規(guī)風險管理是實現(xiàn)全面風險管理的重要

4、基礎。最后，合規(guī)管理是實現(xiàn)銀行自身健康發(fā)展的內在需求。有種錯誤的觀點認為合規(guī)管理是一種成本負擔，甚至視合規(guī)是業(yè)務發(fā)展的掣肘。我們必須樹立“合規(guī)創(chuàng)造價值”的理念，因為健全有效的合規(guī)管理可以提升銀行的商業(yè)信譽和社會形象，提高銀行的競爭能力和業(yè)務效益；相反，嚴重的合規(guī)缺陷會使銀行付出慘重的違規(guī)成本，甚至危及銀行的生存，近幾年國內外銀行業(yè)在這方面的反面教訓比比皆是。 國際先進銀行合規(guī)管理的通行做法就是由合規(guī)管理部門從法律法規(guī)和監(jiān)管規(guī)定中識別和評估合規(guī)風險，將這些合規(guī)風險及時準確地分解和提示給相關職能部門，敦促這些部門采取有效措施將合規(guī)要求有機融入銀行內部的規(guī)章制度和控制體系，最終確保銀行在所有經(jīng)營管理

5、行為中防范和化解合規(guī)風險，較為領先的銀行已經(jīng)著手開發(fā)合規(guī)風險管理電子系統(tǒng)。因此，對銀行必須遵循的法律規(guī)定作系統(tǒng)地歸納梳理可以說是開展合規(guī)管理的基礎建設工作之一。正是基于這一認識，交通銀行法律合規(guī)部編寫了這本商業(yè)銀行合規(guī)管理實用手冊，較為全面地收錄了我國商業(yè)銀行所需遵循的法律規(guī)定。 根據(jù)商業(yè)銀行經(jīng)營管理所涉及的法律關系劃分，適用于商業(yè)銀行的法律規(guī)定基本可以分為兩類，一是銀行和客戶之間的橫向民商事關系，這類關系主要由民商事法律規(guī)定調整；二是銀行和監(jiān)管者之間的縱向行政關系，這類關系主要由行政法律規(guī)定調整。而商業(yè)銀行合規(guī)管理所要關注的法律規(guī)定主要就是由第二類規(guī)定構成，這也就是本書所要收錄的內容。由于納

6、入收錄范圍的是廣義的法律，在效力層次和制定部門各有不同，此外這些法律涉及的監(jiān)管領域、業(yè)務種類以及發(fā)布時間等方面也各有不同，因此無論按照以上任意一種標準編排，都難免顧此失彼、以偏概全，影響查找適用的效率。有鑒于此，我們根據(jù)自身工作實踐，以系統(tǒng)劃分、方便查找為原則，確定了本書的體例編排結構：第一層次，以效力層次和監(jiān)管板塊作為編排標準，即以狹義的法律（由全國人大及其常委會制定）和行業(yè)自律準則分別立章，同時將監(jiān)管板塊作為行政法規(guī)、行政規(guī)章以及規(guī)范性文件的劃分標準，分列市場準入監(jiān)管、公司治理監(jiān)管、風險內控監(jiān)管、業(yè)務運營監(jiān)管、外匯業(yè)務監(jiān)管、外資銀行監(jiān)管以及監(jiān)管查處與法律救濟七章。第二層次，以調整對象和業(yè)務

7、種類作為編排標準，除了法律和行業(yè)自律準則兩章，其他篇章內部均根據(jù)調整對象和業(yè)務種類作進一步劃分，尤其是業(yè)務運營監(jiān)管和外匯業(yè)務監(jiān)管的劃分層級較為細致，對于部分涉及多個業(yè)務種類的法律規(guī)定，我們將其納入關聯(lián)度最為密切的業(yè)務種類。第三層次，以發(fā)布時間和內容體系作為編排標準，法律和行業(yè)自律準則兩章按照發(fā)布時間排序，其他篇章除了發(fā)布時間，還按照內容體系分為兩個部分：一是內容體系較為健全的章節(jié)式法律規(guī)定，對于某個調整對象有著較為全面系統(tǒng)地規(guī)定，效力層次一般表現(xiàn)為行政法規(guī)和行政規(guī)章；二是針對某個具體問題所作的臨時通知或者補充通知，一般表現(xiàn)為規(guī)范性文件。這種編排既有助于統(tǒng)攬法律規(guī)定的歷史沿革，也有利于把握法律規(guī)

8、定的基本全貌和歷次更新。當然，本書在收錄內容全面性和體例編排合理性上并非盡善盡美，對于存在的不足之處，希望廣大讀者不吝指正，以使我們不斷完善本書。同時，基于合規(guī)管理動態(tài)性的工作理念，我們將會根據(jù)銀行法律規(guī)定的變化及時更新本書。 編者 2007年9月 complianceandthecompliancefunctioninbanks complianceandthecompliance functioninbanks april2005 baselcommitteeonbankingsupervision tableofcontents introduction responsibilities

9、oftheboardofdirectorsforcompliance principle1 responsibilitiesofseniormanagementforcompliance principle2 principle3 principle4 compliancefunctionprinciples principle5:independence status headofcompliance conflictsofinterest accesstoinformationandpersonnel principle6:resources principle7:compliancefu

10、nctionresponsibilities advice guidanceandeducation identification,measurementandassessmentofcompliancerisk monitoring,testingandreporting statutoryresponsibilitiesandliaison complianceprogramme principle8:relationshipwithinternalaudit othermatters principle9:crossborderissues principle10:outsourcing

11、 introduction 1.aspartofitsongoingeffortstoaddressbanksupervisoryissuesandenhancesoundpracticesinbankingorganisations,thebaselcommitteeonbankingsupervision(thecommittee)isissuingthishighlevelpaperoncomplianceriskandthecompliancefunctioninbanks.bankingsupervisorsmustbesatisfiedthateffectivecompliance

12、policiesandproceduresarefollowedandthatmanagementtakesappropriatecorrectiveactionwhencompliancefailuresareidentified. 2.compliancestartsatthetop.itwillbemosteffectiveinacorporateculturethatemphasisesstandardsofhonestyandintegrityandinwhichtheboardofdirectorsandseniormanagementleadbyexample.itconcern

13、severyonewithinthebankandshouldbeviewedasanintegralpartofthebanksbusinessactivities.abankshouldholditselftohighstandardswhencarryingonbusiness,andatalltimesstrivetoobservethespiritaswellastheletterofthelaw.failuretoconsidertheimpactofitsactionsonitsshareholders,customers,employeesandthemarketsmayres

14、ultinsignificantadversepublicityandreputationaldamage,evenifnolawhasbeenbroken. 3.theexpression“compliancerisk”isdefinedinthispaperastheriskoflegalorregulatorysanctions,materialfinancialloss,orlosstoreputationabankmaysufferasaresultofitsfailuretocomplywithlaws,regulations,rules,relatedselfregulatory

15、organisationstandards,andcodesofconductapplicabletoitsbankingactivities(together,“compliancelaws,rulesandstandards”). 4.compliancelaws,rulesandstandardsgenerallycovermatterssuchasobservingproperstandardsofmarketconduct,managingconflictsofinterest,treatingcustomersfairly,andensuringthesuitabilityofcu

16、stomeradvice.theytypicallyincludespecificareassuchasthepreventionofmoneylaunderingandterroristfinancing,andmayextendtotaxlawsthatarerelevanttothestructuringofbankingproductsorcustomeradvice.abankthatknowinglyparticipatesintransactionsintendedtobeusedbycustomerstoavoidregulatoryorfinancialreportingre

17、quirements,evadetaxliabilitiesorfacilitateillegalconductwillbeexposingitselftosignificantcompliancerisk. 5.compliancelaws,rulesandstandardshavevarioussources,includingprimarylegislation,rulesandstandardsissuedbylegislatorsandsupervisors,marketconventions,codesofpracticepromotedbyindustryassociations

18、,andinternalcodesofconductapplicabletothestaffmembersofthebank.forthereasonsmentionedabove,thesearelikelytogobeyondwhatislegallybindingandembracebroaderstandardsofintegrityandethicalconduct. 6.complianceshouldbepartofthecultureoftheorganisation;itisnotjustthe responsibilityofspecialistcompliancestaf

19、f.nevertheless,abankwillbeabletomanageitscomplianceriskmoreeffectivelyifithasacompliancefunctioninplacethatisconsistentwiththe“compliancefunctionprinciples”discussedbelow.theexpression“compliancefunction”isusedinthispapertodescribestaffcarryingoutcomplianceresponsibilities;itisnotintendedtoprescribe

20、aparticularorganisationalstructure. 7.therearesignificantdifferencesbetweenbanksregardingtheorganisationofthecompliancefunction.inlargerbanks,compliancestaffmaybelocatedwithinoperatingbusinesslines,andinternationallyactivebanksmayalsohavegroupandlocalcomplianceofficers.insmallerbanks,compliancefunct

21、ionstaffmaybelocatedinoneunit.separateunitshavebeenestablishedinsomebanksforspecialistareassuchasdataprotectionandthepreventionofmoneylaunderingandterroristfinancing. 8.abankshouldorganiseitscompliancefunctionandsetprioritiesforthemanagementofitscomplianceriskinawaythatisconsistentwithitsownriskmana

22、gementstrategyandstructures.forinstance,somebanksmaywishtoorganisetheircompliancefunctionwithintheiroperationalriskfunction,asthereisacloserelationshipbetweencomplianceriskandcertainaspectsofoperationalrisk.othersmayprefertohaveseparatecomplianceandoperationalriskfunctions,butestablishmechanismsrequ

23、iringclosecooperationbetweenthetwofunctionsoncompliancematters. 9.regardlessofhowthecompliancefunctionisorganisedwithinabank,itshouldbeindependentandsufficientlyresourced,itsresponsibilitiesshouldbeclearlyspecified,anditsactivitiesshouldbesubjecttoperiodicandindependentreviewbytheinternalauditfuncti

24、on.principles5to8belowdescribethesehighlevelprinciplesinmoredetail,andthesupportingguidancesetsoutsoundpracticesrelatedtotheprinciples.theprinciplesshouldbeapplicabletoallbanks,althoughitisforindividualbankstodeterminehowbesttheyshouldbeimplemented.abankmaybeabletofollowpracticesotherthanthosesetout

25、inthispaperwhicharealsosoundandwhich,takentogether,demonstratethatitscompliancefunctioniseffective.thewayinwhichtheprinciplesareimplementedwilldependonfactorssuchasthebankssize,thenature,complexityandgeographicalextentofitsbusiness,andthelegalandregulatoryframeworkwithinwhichitoperates.insmallerbank

26、s,forexample,itmaynotbepracticabletoimplementinfullsomeofthespecificmeasuresrecommendedinthispaper,yetthebankmaybeabletotakeothermeasuresthatachievethesameresult. 10.theprinciplesinthispaperassumeagovernancestructurecomposedofaboardofdirectorsandseniormanagement.thelegislativeandregulatoryframeworks

27、differacrosscountriesandtypesofentitiesasregardsthefunctionsoftheboardofdirectorsandseniormanagement.therefore,theprinciplessetoutinthispapershouldbeappliedinaccordancewiththecorporategovernancestructureofeachcountryandtypeofentity.thecommitteeisawarethattherearesignificantdifferencesinlegislativean

28、dregulatoryframeworksacrosscountriesasregardsthefunctionsoftheboardofdirectorsandseniormanagement.insomecountries,theboardhasthemain,ifnotexclusive,functionofsupervisingtheexecutivebody(seniormanagement,generalmanagement)soastoensurethatthelatterfulfilsitstasks.forthisreason,insomecases,itisknownasa

29、supervisoryboard.thismeansthattheboardhasnoexecutivefunctions.inothercountries,bycontrast,the boardhasabroadercompetenceinthatitlaysdownthegeneralframeworkforthemanagementofthebank.owingtothesedifferences,thenotionsoftheboardofdirectorsandseniormanagementareusedinthis papernottoidentifylegalconstruc

30、tsbutrathertolabeltwodecisionmakingfunctionswithinabank. 11.theexpression“bank”isusedinthispapertorefergenerallytobanks,bankinggroups,andtoholdingcompanieswhosesubsidiariesarepredominantlybanks. 12.thispapershouldbereadinconjunctionwithanumberofrelatedcommitteepapers,includingthefollowing: framework

31、forinternalcontrolsystemsinbankingorganisations(september1998); enhancingcorporategovernanceforbankingorganisations(september1999); internalauditinbanksandthesupervisorsrelationshipwithauditors(august2001); customerduediligenceforbanks(october2001); soundpracticesforthemanagementandsupervisionofoper

32、ationalrisk(february2003); internationalconvergenceofcapitalmeasurementandcapitalstandardsarevisedframeworkjune2004;and consolidatedkycriskmanagement(october2004). 13thispaperconsidersthespecificresponsibilitiesofthebanksboardofdirectorsand seniormanagementforcompliance,beforedescribingtheprinciples

33、thatshouldunderpinthebankscompliancefunction. responsibilitiesoftheboardofdirectorsforcompliance principle1 thebanksboardofdirectorsisresponsibleforoverseeingthemanagementofthebankscompliancerisk.theboardshouldapprovethebankscompliancepolicy,includingaformaldocumentestablishingapermanentandeffective

34、compliancefunction.atleastonceayear,theboardoracommitteeoftheboardshouldassesstheextenttowhichthebankismanagingitscomplianceriskeffectively. 14.asnotedintheintroduction,abankscompliancepolicywillnotbeeffectiveunlesstheboardofdirectorspromotesthevaluesofhonestyandintegritythroughouttheorganisation.co

35、mpliancewithapplicablelaws,rulesandstandardsshouldbeviewedasanessentialmeanstothisend.asisthecasewithothercategoriesofrisk,theboardisresponsibleforensuringthatanappropriatepolicyisinplacetomanagethebankscompliancerisk.theboardshouldoverseetheimplementationofthepolicy,includingensuringthatcompliancei

36、ssuesareresolvedeffectivelyandexpeditiouslybyseniormanagementwiththeassistanceofthecompliancefunction.theboardmay,ofcourse,delegatethesetaskstoanappropriateboardlevelcommittee(e.g.itsauditcommittee). responsibilitiesofseniormanagementforcompliance principle2 thebanksseniormanagementisresponsiblefort

37、heeffectivemanagementofthebankscompliancerisk. 15.thefollowingtwoprinciplesarticulatethemostimportantelementsofthisgeneralprinciple. principle3 thebanksseniormanagementisresponsibleforestablishingandcommunicatingacompliancepolicy,forensuringthatitisobserved,andforreportingtotheboardofdirectorsonthem

38、anagementofthebankscompliancerisk. 16.thebanksseniormanagementisresponsibleforestablishingawrittencompliancepolicythatcontainsthebasicprinciplestobefollowedbymanagementandstaff,andexplainsthemainprocessesbywhichcompliancerisksaretobeidentifiedandmanagedthroughalllevelsoftheorganisation.clarityandtra

39、nsparencymaybepromotedbymakingadistinctionbetweengeneralstandardsforallstaffmembersandrulesthatonlyapplytospecificgroupsofstaff. 17.thedutyofseniormanagementtoensurethatthecompliancepolicyisobservedentailsresponsibilityforensuringthatappropriateremedialordisciplinaryactionistakenifbreachesareidentif

40、ied. 18.seniormanagementshould,withtheassistanceofthecompliancefunction: atleastonceayear,identifyandassessthemaincomplianceriskissuesfacingthebankandtheplanstomanagethem.suchplansshouldaddressanyshortfalls(policy,procedures,implementationorexecution)relatedtohoweffectivelyexistingcomplianceriskshav

41、ebeenmanaged,aswellastheneedforanyadditionalpoliciesorprocedurestodealwithnewcompliancerisksidentifiedasaresultoftheannualcomplianceriskassessment;seeparagraph41below. atleastonceayear,reporttotheboardofdirectorsoracommitteeoftheboardonthebanksmanagementofitscompliancerisk,insuchamannerastoassistboa

42、rdmemberstomakeaninformedjudgmentonwhetherthebankismanagingitscomplianceriskeffectively;and reportpromptlytotheboardofdirectorsoracommitteeoftheboardonanymaterialcompliancefailures(e.g.failuresthatmayattractasignificantriskoflegalorregulatorysanctions,materialfinancialloss,orlosstoreputation). princ

43、iple4 thebanksseniormanagementisresponsibleforestablishingapermanentandeffectivecompliancefunctionwithinthebankaspartofthebankscompliancepolicy. 19.seniormanagementshouldtakethenecessarymeasurestoensurethatthebankcanrelyonapermanentandeffectivecompliancefunctionthatisconsistentwiththefollowingprinci

44、ples. compliancefunctionprinciples principle5:independence thebankscompliancefunctionshouldbeindependent. 20.theconceptofindependenceinvolvesfourrelatedelements,eachofwhichisconsideredinmoredetailbelow.first,thecompliancefunctionshouldhaveaformalstatuswithinthebank.second,thereshouldbeagroupcomplian

45、ceofficerorheadofcompliancewithoverallresponsibilityforcoordinatingthemanagementofthebankscompliancerisk.third,compliancefunctionstaff,andinparticular,theheadofcompliance,shouldnotbeplacedinapositionwherethereisapossibleconflictofinterestbetweentheircomplianceresponsibilitiesandanyotherresponsibilit

46、iestheymayhave.fourth,compliancefunctionstaffshouldhaveaccesstotheinformationandpersonnelnecessarytocarryouttheir responsibilities. 21.theconceptofindependencedoesnotmeanthatthecompliancefunctioncannotworkcloselywithmanagementandstaffinthevariousbusinessunits.indeed,acooperativeworkingrelationshipbe

47、tweencompliancefunctionandbusinessunitsshouldhelptoidentifyandmanagecompliancerisksatanearlystage.rather,thevariouselementsdescribedbelowshouldbeviewedassafeguardstohelpensuretheeffectivenessofthecompliancefunction,notwithstandingthecloseworkingrelationshipbetweenthecompliancefunctionandthebusinessu

48、nits.thewayinwhichthesafeguardsareimplementedwilldependtosome extentonthespecificresponsibilitiesofindividualcompliancefunctionstaff. status 22.thecompliancefunctionshouldhaveaformalstatuswithinthebanktogiveittheappropriatestanding,authorityandindependence.thismaybesetoutinthebankscompliancepolicyor

49、inanyotherformaldocument.thedocumentshouldbecommunicatedtoallstaffthroughoutthebank. 23.thefollowingissueswithrespecttothecompliancefunctionshouldbeaddressedinthedocument: itsroleandresponsibilities; measurestoensureitsindependence; itsrelationshipwithotherriskmanagementfunctionswithinthebankandwiththeinternalauditfunction; incaseswherecomplianceresponsibilitiesarecarriedoutbystaffindifferentdepartments,howtheseresponsibilitiesaretobeallocatedamongthedepartments; i