1、商業銀行合規管理實用手冊(附光盤)商業銀行合規管理實用手冊 序言 市場經濟就是法治經濟。金融市場在市場經濟體系中占有極其重要的基礎地位，而銀行業在金融市場中又具有舉足輕重的地位，因此如何運用法律手段在銀行業領域實施有效監管、規范維護行業秩序和防范化解行業風險具有格外重要的意義。國內外商業銀行的發展實踐證明，將商業銀行經營管理活動納入依法合規的軌道，既是商業銀行生存發展的基本前提，也是商業銀行穩健經營的關鍵所在，更是銀行業市場持續健康發展的必然要求。 合規管理作為一門獨特的銀行風險管理技術，如今已得到全球銀行業的普遍認同和高度重視。2005年5月，巴塞爾銀行監管管理委員會發布了題為合規與銀行合規

2、部門的文件，這既是對于國際領先銀行合規工作經驗的總結，也明確了國際銀行監管標準的發展趨勢。根據文件規定，合規風險是指“銀行由于未能遵循法律法規、監管規定、自律性組織準則以及適用于銀行自身業務活動的行為準則，而可能遭受法律制裁、監管處罰、重大財務損失和聲譽損失的風險。”由此可見，合規管理實質上就是銀行管理自身合規風險的職能，這在國際上已被公認為銀行的安身立命之本。 反觀國內，近年來銀行業頻頻發生的大案要案恰恰說明“合規文化”在我國銀行業的缺失，“合規文化”的經營理念還遠遠沒有浸潤到銀行的日常管理機制中。在此背景之下，中國銀行業監督管理委員會根據合規與銀行合規部門，結合中國銀行業監管實踐，于200

3、6年10月制定了商業銀行合規風險管理指引，正式將商業銀行合規管理工作納入監管范圍，因此正確認識合規管理的重要意義顯得正當其時。首先，合規管理是應對全面監管要求的重要保證。隨著國內全方位和多層次的監管格局的形成，監管當局逐漸借鑒國際上銀行監管的先進理念和最佳做法，銀行業的監管環境日益嚴格、監管要求日益復雜，商業銀行內部必須建立起有效的合規管理體系來識別評估和防范化解各類合規風險。其次，合規管理是銀行全面風險管理體系的重要組成部分。全面風險管理是對銀行業務管理中存在的各類風險實施系統管理，而合規風險則是各類風險中的核心風險，尤其是形成操作風險的直接誘因，因此強化合規風險管理是實現全面風險管理的重要

4、基礎。最后，合規管理是實現銀行自身健康發展的內在需求。有種錯誤的觀點認為合規管理是一種成本負擔，甚至視合規是業務發展的掣肘。我們必須樹立“合規創造價值”的理念，因為健全有效的合規管理可以提升銀行的商業信譽和社會形象，提高銀行的競爭能力和業務效益；相反，嚴重的合規缺陷會使銀行付出慘重的違規成本，甚至危及銀行的生存，近幾年國內外銀行業在這方面的反面教訓比比皆是。 國際先進銀行合規管理的通行做法就是由合規管理部門從法律法規和監管規定中識別和評估合規風險，將這些合規風險及時準確地分解和提示給相關職能部門，敦促這些部門采取有效措施將合規要求有機融入銀行內部的規章制度和控制體系，最終確保銀行在所有經營管理

5、行為中防范和化解合規風險，較為領先的銀行已經著手開發合規風險管理電子系統。因此，對銀行必須遵循的法律規定作系統地歸納梳理可以說是開展合規管理的基礎建設工作之一。正是基于這一認識，交通銀行法律合規部編寫了這本商業銀行合規管理實用手冊，較為全面地收錄了我國商業銀行所需遵循的法律規定。 根據商業銀行經營管理所涉及的法律關系劃分，適用于商業銀行的法律規定基本可以分為兩類，一是銀行和客戶之間的橫向民商事關系，這類關系主要由民商事法律規定調整；二是銀行和監管者之間的縱向行政關系，這類關系主要由行政法律規定調整。而商業銀行合規管理所要關注的法律規定主要就是由第二類規定構成，這也就是本書所要收錄的內容。由于納

6、入收錄范圍的是廣義的法律，在效力層次和制定部門各有不同，此外這些法律涉及的監管領域、業務種類以及發布時間等方面也各有不同，因此無論按照以上任意一種標準編排，都難免顧此失彼、以偏概全，影響查找適用的效率。有鑒于此，我們根據自身工作實踐，以系統劃分、方便查找為原則，確定了本書的體例編排結構：第一層次，以效力層次和監管板塊作為編排標準，即以狹義的法律（由全國人大及其常委會制定）和行業自律準則分別立章，同時將監管板塊作為行政法規、行政規章以及規范性文件的劃分標準，分列市場準入監管、公司治理監管、風險內控監管、業務運營監管、外匯業務監管、外資銀行監管以及監管查處與法律救濟七章。第二層次，以調整對象和業務

7、種類作為編排標準，除了法律和行業自律準則兩章，其他篇章內部均根據調整對象和業務種類作進一步劃分，尤其是業務運營監管和外匯業務監管的劃分層級較為細致，對于部分涉及多個業務種類的法律規定，我們將其納入關聯度最為密切的業務種類。第三層次，以發布時間和內容體系作為編排標準，法律和行業自律準則兩章按照發布時間排序，其他篇章除了發布時間，還按照內容體系分為兩個部分：一是內容體系較為健全的章節式法律規定，對于某個調整對象有著較為全面系統地規定，效力層次一般表現為行政法規和行政規章；二是針對某個具體問題所作的臨時通知或者補充通知，一般表現為規范性文件。這種編排既有助于統攬法律規定的歷史沿革，也有利于把握法律規

8、定的基本全貌和歷次更新。當然，本書在收錄內容全面性和體例編排合理性上并非盡善盡美，對于存在的不足之處，希望廣大讀者不吝指正，以使我們不斷完善本書。同時，基于合規管理動態性的工作理念，我們將會根據銀行法律規定的變化及時更新本書。 編者 2007年9月 complianceandthecompliancefunctioninbanks complianceandthecompliance functioninbanks april2005 baselcommitteeonbankingsupervision tableofcontents introduction responsibilities

9、oftheboardofdirectorsforcompliance principle1 responsibilitiesofseniormanagementforcompliance principle2 principle3 principle4 compliancefunctionprinciples principle5:independence status headofcompliance conflictsofinterest accesstoinformationandpersonnel principle6:resources principle7:compliancefu

10、nctionresponsibilities advice guidanceandeducation identification,measurementandassessmentofcompliancerisk monitoring,testingandreporting statutoryresponsibilitiesandliaison complianceprogramme principle8:relationshipwithinternalaudit othermatters principle9:crossborderissues principle10:outsourcing

11、 introduction 1.aspartofitsongoingeffortstoaddressbanksupervisoryissuesandenhancesoundpracticesinbankingorganisations,thebaselcommitteeonbankingsupervision(thecommittee)isissuingthishighlevelpaperoncomplianceriskandthecompliancefunctioninbanks.bankingsupervisorsmustbesatisfiedthateffectivecompliance

12、policiesandproceduresarefollowedandthatmanagementtakesappropriatecorrectiveactionwhencompliancefailuresareidentified. 2.compliancestartsatthetop.itwillbemosteffectiveinacorporateculturethatemphasisesstandardsofhonestyandintegrityandinwhichtheboardofdirectorsandseniormanagementleadbyexample.itconcern

13、severyonewithinthebankandshouldbeviewedasanintegralpartofthebanksbusinessactivities.abankshouldholditselftohighstandardswhencarryingonbusiness,andatalltimesstrivetoobservethespiritaswellastheletterofthelaw.failuretoconsidertheimpactofitsactionsonitsshareholders,customers,employeesandthemarketsmayres

14、ultinsignificantadversepublicityandreputationaldamage,evenifnolawhasbeenbroken. 3.theexpression“compliancerisk”isdefinedinthispaperastheriskoflegalorregulatorysanctions,materialfinancialloss,orlosstoreputationabankmaysufferasaresultofitsfailuretocomplywithlaws,regulations,rules,relatedselfregulatory

15、organisationstandards,andcodesofconductapplicabletoitsbankingactivities(together,“compliancelaws,rulesandstandards”). 4.compliancelaws,rulesandstandardsgenerallycovermatterssuchasobservingproperstandardsofmarketconduct,managingconflictsofinterest,treatingcustomersfairly,andensuringthesuitabilityofcu

16、stomeradvice.theytypicallyincludespecificareassuchasthepreventionofmoneylaunderingandterroristfinancing,andmayextendtotaxlawsthatarerelevanttothestructuringofbankingproductsorcustomeradvice.abankthatknowinglyparticipatesintransactionsintendedtobeusedbycustomerstoavoidregulatoryorfinancialreportingre

17、quirements,evadetaxliabilitiesorfacilitateillegalconductwillbeexposingitselftosignificantcompliancerisk. 5.compliancelaws,rulesandstandardshavevarioussources,includingprimarylegislation,rulesandstandardsissuedbylegislatorsandsupervisors,marketconventions,codesofpracticepromotedbyindustryassociations

18、,andinternalcodesofconductapplicabletothestaffmembersofthebank.forthereasonsmentionedabove,thesearelikelytogobeyondwhatislegallybindingandembracebroaderstandardsofintegrityandethicalconduct. 6.complianceshouldbepartofthecultureoftheorganisation;itisnotjustthe responsibilityofspecialistcompliancestaf

19、f.nevertheless,abankwillbeabletomanageitscomplianceriskmoreeffectivelyifithasacompliancefunctioninplacethatisconsistentwiththe“compliancefunctionprinciples”discussedbelow.theexpression“compliancefunction”isusedinthispapertodescribestaffcarryingoutcomplianceresponsibilities;itisnotintendedtoprescribe

20、aparticularorganisationalstructure. 7.therearesignificantdifferencesbetweenbanksregardingtheorganisationofthecompliancefunction.inlargerbanks,compliancestaffmaybelocatedwithinoperatingbusinesslines,andinternationallyactivebanksmayalsohavegroupandlocalcomplianceofficers.insmallerbanks,compliancefunct

21、ionstaffmaybelocatedinoneunit.separateunitshavebeenestablishedinsomebanksforspecialistareassuchasdataprotectionandthepreventionofmoneylaunderingandterroristfinancing. 8.abankshouldorganiseitscompliancefunctionandsetprioritiesforthemanagementofitscomplianceriskinawaythatisconsistentwithitsownriskmana

22、gementstrategyandstructures.forinstance,somebanksmaywishtoorganisetheircompliancefunctionwithintheiroperationalriskfunction,asthereisacloserelationshipbetweencomplianceriskandcertainaspectsofoperationalrisk.othersmayprefertohaveseparatecomplianceandoperationalriskfunctions,butestablishmechanismsrequ

23、iringclosecooperationbetweenthetwofunctionsoncompliancematters. 9.regardlessofhowthecompliancefunctionisorganisedwithinabank,itshouldbeindependentandsufficientlyresourced,itsresponsibilitiesshouldbeclearlyspecified,anditsactivitiesshouldbesubjecttoperiodicandindependentreviewbytheinternalauditfuncti

24、on.principles5to8belowdescribethesehighlevelprinciplesinmoredetail,andthesupportingguidancesetsoutsoundpracticesrelatedtotheprinciples.theprinciplesshouldbeapplicabletoallbanks,althoughitisforindividualbankstodeterminehowbesttheyshouldbeimplemented.abankmaybeabletofollowpracticesotherthanthosesetout

25、inthispaperwhicharealsosoundandwhich,takentogether,demonstratethatitscompliancefunctioniseffective.thewayinwhichtheprinciplesareimplementedwilldependonfactorssuchasthebankssize,thenature,complexityandgeographicalextentofitsbusiness,andthelegalandregulatoryframeworkwithinwhichitoperates.insmallerbank

26、s,forexample,itmaynotbepracticabletoimplementinfullsomeofthespecificmeasuresrecommendedinthispaper,yetthebankmaybeabletotakeothermeasuresthatachievethesameresult. 10.theprinciplesinthispaperassumeagovernancestructurecomposedofaboardofdirectorsandseniormanagement.thelegislativeandregulatoryframeworks

27、differacrosscountriesandtypesofentitiesasregardsthefunctionsoftheboardofdirectorsandseniormanagement.therefore,theprinciplessetoutinthispapershouldbeappliedinaccordancewiththecorporategovernancestructureofeachcountryandtypeofentity.thecommitteeisawarethattherearesignificantdifferencesinlegislativean

28、dregulatoryframeworksacrosscountriesasregardsthefunctionsoftheboardofdirectorsandseniormanagement.insomecountries,theboardhasthemain,ifnotexclusive,functionofsupervisingtheexecutivebody(seniormanagement,generalmanagement)soastoensurethatthelatterfulfilsitstasks.forthisreason,insomecases,itisknownasa

29、supervisoryboard.thismeansthattheboardhasnoexecutivefunctions.inothercountries,bycontrast,the boardhasabroadercompetenceinthatitlaysdownthegeneralframeworkforthemanagementofthebank.owingtothesedifferences,thenotionsoftheboardofdirectorsandseniormanagementareusedinthis papernottoidentifylegalconstruc

30、tsbutrathertolabeltwodecisionmakingfunctionswithinabank. 11.theexpression“bank”isusedinthispapertorefergenerallytobanks,bankinggroups,andtoholdingcompanieswhosesubsidiariesarepredominantlybanks. 12.thispapershouldbereadinconjunctionwithanumberofrelatedcommitteepapers,includingthefollowing: framework

31、forinternalcontrolsystemsinbankingorganisations(september1998); enhancingcorporategovernanceforbankingorganisations(september1999); internalauditinbanksandthesupervisorsrelationshipwithauditors(august2001); customerduediligenceforbanks(october2001); soundpracticesforthemanagementandsupervisionofoper

32、ationalrisk(february2003); internationalconvergenceofcapitalmeasurementandcapitalstandardsarevisedframeworkjune2004;and consolidatedkycriskmanagement(october2004). 13thispaperconsidersthespecificresponsibilitiesofthebanksboardofdirectorsand seniormanagementforcompliance,beforedescribingtheprinciples

33、thatshouldunderpinthebankscompliancefunction. responsibilitiesoftheboardofdirectorsforcompliance principle1 thebanksboardofdirectorsisresponsibleforoverseeingthemanagementofthebankscompliancerisk.theboardshouldapprovethebankscompliancepolicy,includingaformaldocumentestablishingapermanentandeffective

34、compliancefunction.atleastonceayear,theboardoracommitteeoftheboardshouldassesstheextenttowhichthebankismanagingitscomplianceriskeffectively. 14.asnotedintheintroduction,abankscompliancepolicywillnotbeeffectiveunlesstheboardofdirectorspromotesthevaluesofhonestyandintegritythroughouttheorganisation.co

35、mpliancewithapplicablelaws,rulesandstandardsshouldbeviewedasanessentialmeanstothisend.asisthecasewithothercategoriesofrisk,theboardisresponsibleforensuringthatanappropriatepolicyisinplacetomanagethebankscompliancerisk.theboardshouldoverseetheimplementationofthepolicy,includingensuringthatcompliancei

36、ssuesareresolvedeffectivelyandexpeditiouslybyseniormanagementwiththeassistanceofthecompliancefunction.theboardmay,ofcourse,delegatethesetaskstoanappropriateboardlevelcommittee(e.g.itsauditcommittee). responsibilitiesofseniormanagementforcompliance principle2 thebanksseniormanagementisresponsiblefort

37、heeffectivemanagementofthebankscompliancerisk. 15.thefollowingtwoprinciplesarticulatethemostimportantelementsofthisgeneralprinciple. principle3 thebanksseniormanagementisresponsibleforestablishingandcommunicatingacompliancepolicy,forensuringthatitisobserved,andforreportingtotheboardofdirectorsonthem

38、anagementofthebankscompliancerisk. 16.thebanksseniormanagementisresponsibleforestablishingawrittencompliancepolicythatcontainsthebasicprinciplestobefollowedbymanagementandstaff,andexplainsthemainprocessesbywhichcompliancerisksaretobeidentifiedandmanagedthroughalllevelsoftheorganisation.clarityandtra

39、nsparencymaybepromotedbymakingadistinctionbetweengeneralstandardsforallstaffmembersandrulesthatonlyapplytospecificgroupsofstaff. 17.thedutyofseniormanagementtoensurethatthecompliancepolicyisobservedentailsresponsibilityforensuringthatappropriateremedialordisciplinaryactionistakenifbreachesareidentif

40、ied. 18.seniormanagementshould,withtheassistanceofthecompliancefunction: atleastonceayear,identifyandassessthemaincomplianceriskissuesfacingthebankandtheplanstomanagethem.suchplansshouldaddressanyshortfalls(policy,procedures,implementationorexecution)relatedtohoweffectivelyexistingcomplianceriskshav

41、ebeenmanaged,aswellastheneedforanyadditionalpoliciesorprocedurestodealwithnewcompliancerisksidentifiedasaresultoftheannualcomplianceriskassessment;seeparagraph41below. atleastonceayear,reporttotheboardofdirectorsoracommitteeoftheboardonthebanksmanagementofitscompliancerisk,insuchamannerastoassistboa

42、rdmemberstomakeaninformedjudgmentonwhetherthebankismanagingitscomplianceriskeffectively;and reportpromptlytotheboardofdirectorsoracommitteeoftheboardonanymaterialcompliancefailures(e.g.failuresthatmayattractasignificantriskoflegalorregulatorysanctions,materialfinancialloss,orlosstoreputation). princ

43、iple4 thebanksseniormanagementisresponsibleforestablishingapermanentandeffectivecompliancefunctionwithinthebankaspartofthebankscompliancepolicy. 19.seniormanagementshouldtakethenecessarymeasurestoensurethatthebankcanrelyonapermanentandeffectivecompliancefunctionthatisconsistentwiththefollowingprinci

44、ples. compliancefunctionprinciples principle5:independence thebankscompliancefunctionshouldbeindependent. 20.theconceptofindependenceinvolvesfourrelatedelements,eachofwhichisconsideredinmoredetailbelow.first,thecompliancefunctionshouldhaveaformalstatuswithinthebank.second,thereshouldbeagroupcomplian

45、ceofficerorheadofcompliancewithoverallresponsibilityforcoordinatingthemanagementofthebankscompliancerisk.third,compliancefunctionstaff,andinparticular,theheadofcompliance,shouldnotbeplacedinapositionwherethereisapossibleconflictofinterestbetweentheircomplianceresponsibilitiesandanyotherresponsibilit

46、iestheymayhave.fourth,compliancefunctionstaffshouldhaveaccesstotheinformationandpersonnelnecessarytocarryouttheir responsibilities. 21.theconceptofindependencedoesnotmeanthatthecompliancefunctioncannotworkcloselywithmanagementandstaffinthevariousbusinessunits.indeed,acooperativeworkingrelationshipbe

47、tweencompliancefunctionandbusinessunitsshouldhelptoidentifyandmanagecompliancerisksatanearlystage.rather,thevariouselementsdescribedbelowshouldbeviewedassafeguardstohelpensuretheeffectivenessofthecompliancefunction,notwithstandingthecloseworkingrelationshipbetweenthecompliancefunctionandthebusinessu

48、nits.thewayinwhichthesafeguardsareimplementedwilldependtosome extentonthespecificresponsibilitiesofindividualcompliancefunctionstaff. status 22.thecompliancefunctionshouldhaveaformalstatuswithinthebanktogiveittheappropriatestanding,authorityandindependence.thismaybesetoutinthebankscompliancepolicyor

49、inanyotherformaldocument.thedocumentshouldbecommunicatedtoallstaffthroughoutthebank. 23.thefollowingissueswithrespecttothecompliancefunctionshouldbeaddressedinthedocument: itsroleandresponsibilities; measurestoensureitsindependence; itsrelationshipwithotherriskmanagementfunctionswithinthebankandwiththeinternalauditfunction; incaseswherecomplianceresponsibilitiesarecarriedoutbystaffindifferentdepartments,howtheseresponsibilitiesaretobeallocatedamongthedepartments; i