Laws of the People's Republic of China

Guidelines for the Compliance Risk Management of Commercial Banks

October 25, 2006 Chapter I General Provisions

Article 1

For the purpose of strengthening the compliance risk management of commercial banks and maintaining commercial banks operating safely and stably, these Guidelines are instituted in accordance with the Measures of the People's Republic of China on the Supervision and Administration of the Banking Sector and the Law of the People's Republic of China on Commercial Banks.

Article 2

A Chinese-funded commercial bank, foreign sole-capital bank, joint venture bank or branch of a foreign bank established within the territory of the People's Republic of China shall be governed by these Guidelines.

A policy bank, financial asset management company, urban credit cooperative, rural credit cooperative, trust investment company, enterprise group financial company, financial lease company, automobile financial company, currency brokerage company, postal savings institution or any other financial institution established within the territory of the People's Republic of China and approved by the China Banking Regulatory Commission shall be governed by these Guidelines.

Article 3

The term "laws, rules and standards" as mentioned in these Guidelines refers to the laws, administrative regulations, departmental rules as well as other regulatory documents, business rules and industrial standards of self-disciplinary organizations, behavioral code and occupation ethnics.

The term "compliance" as mentioned in these Guidelines refers to the consistence between the business operations of commercial banks and the related laws, rules and standards.

The term "compliance risks" as mentioned in these Guidelines refers to the risks of a commercial bank suffering from legal sanction, supervision punishment, great financial losses or reputation losses when it violates any law, rule or standard.

The term "compliance management department" as mentioned in these Guidelines refers to any department, team or position that especially established within a commercial bank to take charge of compliance management.

Article 4

Compliance management is a core risk management of commercial banks. A commercial bank shall take overall consideration of the relevance between compliance risks and credit risks, market risks, operation risks and other risks so as to ensure the consistence between all the policies and formalities for risk management.

Article 5

The objective of compliance risk management of a commercial bank is to establish and improve a framework of compliance risk management so as to realize the effective recognition and management of compliance risks, promote the establishment of an overall system of risk management and ensure an operation based on compliance of laws and regulations.

Article 6

A commercial bank shall enhance the establishment of compliance culture and incorporate the establishment of compliance culture into the whole process of establishing its enterprise culture.

The compliance is the joint responsibility of all staff members of a commercial bank and its senior management shall take a lead in the execution thereof.

The board of directors and senior management of a commercial bank shall determine the keynote of compliance, set up such compliance philosophies as voluntary compliance by all its staff members and value creation subject to compliance, promote the occupational ethnics and value concept of being creditworthy and upright within the bank, elevate the compliance consciousness of all its staff members and promote an effective interaction between self-compliance of the commercial bank and external supervision.

Article 7

China Banking Regulatory Commission shall implement supervision over the compliance risk management of commercial banks, examine and evaluate the effectiveness of compliance risk management of commercial banks.

Chapter II Compliance Management Functions and Duties of the Board of Directors,

Board of Supervisors and Senior Management

Article 8

A commercial bank shall establish a system of compliance management in line with its business scope, organizational structure and business scale thereof.

The following basic elements shall be included in the compliance management system:

(1)

Compliance policies;

(2)

Organizational structure and resources of the compliance management department;

(3)

Plans of compliance risk management;

(4)

Recognition of and management formalities for compliance risks; and

(5)

Training and education system of compliance.

Article 9

The compliance policies of a commercial bank shall specify the basic principles that all its staff members and operational lines shall comply with and the significant formalities for recognizing and managing compliance risks as well as stipulate the related matters in respect of the functions of compliance management, which shall at least include:

(1)

Functions and duties of the compliance management department;

(2)

Power limit of the compliance management department, including the right to communicate with any bank staff member and obtain any record or archival file as required in its duty performance;

(3)

Functions and duties of compliance management of related persons-in-charge;

(4)

All the measures that guarantee the independency of the persons-in-charge of compliance as well as the compliance management department, including a guaranty that there is no interest conflict between the functions and duties of compliance management of the persons-in-charge and related persons that engage in the compliance management and the other functions and duties thereof;

(5)

The coordination relationship between the compliance management department and the risk management department, the internal auditing department as well as other departments; and

(6)

The establishing of principles of the compliance management departments for the business lines as well as the branches and sub-branches.

Article 10

The board of directors shall undertake final responsibilities of compliance in the business operation of a commercial bank and perform the following functions and duties of compliance management:

(1)

Examining and approving of the compliance policies of the commercial bank and supervising its implementation of the compliance policies;

(2)

Examining and approving the reports on compliance risk management submitted by the senior management of the commercial bank and appraising the effectiveness of compliance risk management of its commercial bank so as to timely and effectively resolve the compliance defects;

(3)

Authorizing the risk management commission, auditing commission or specially established compliance management commission under the board of directors to conduct daily supervision over the compliance risk management of commercial bank thereof; and

(4)

Supervising any other functions and duties of compliance management as stipulated in the constitution of its commercial bank.

Article 11

The commission under the board of directors of a commercial bank which is responsible for the daily supervision of compliance risk management shall, by means of holding individual talks with the related persons-in-charge of compliance or by any other effective means, know about the implementation of the compliance policies and existing problems, timely put forward corresponding opinions and suggestions to the board of directors or the senior management , supervise and guarantee to implement the compliance policies effectively.

Article 12

The board of supervisors shall supervise the performance of functions and duties of compliance management by the board of directors and senior management.

Article 13

The senior management shall manage the compliance risks of its commercial bank effectively and perform the functions and duties of compliance management as follows:

(1)

Instituting the compliance policies in written form and revising the compliance policies in accordance with the status of compliance risk management as well as the related laws, rules and standards at an appropriate time, reporting them to the board of directors for deliberation and then distributing them to all its staff members after having been approved;

(2)

Carrying out the compliance policies, guaranteeing that proper measures for correction be timely adopted when any rule-breaking event occurs and investigating the corresponding responsibilities of violators;

(3)

Designating the persons-in-charge of compliance and guaranteeing their independency;

(4)

Specifying the compliance management department and their organizational structure, arranging enough and proper personnel of compliance management for its performance of functions and duties, and ensuring the independency of the compliance management department;

(5)

Recognizing the significant compliance risks that the commercial bank is faced with, examining and approving the plans of compliance risk management and ensuring the work coordination between the compliance management department and the risk management department, the internal auditing department and other relevant departments;

(6)

Submitting to the board of directors a report of compliance risk management on an annual basis, which shall present sufficient proof and assist the members of the board of directors to judge the effectiveness of compliance risk management by senior managers;

(7)

Reporting to the board of directors or the commissions thereunder and the board of supervisors any significant rule-breaking event timely; and

(8)

Performing any other functions and duties as prescribed by the compliance policies.

Article 14

A person-in-charge of compliance shall coordinate the recognition and management of compliance risks of the commercial bank, supervise the compliance management department to perform its functions and duties in accordance with the related plans of compliance risk management and submit to the senior management an appraisal report about compliance risks periodically. A person-in-charge of compliance must not take charge of the management of any business lines.

An appraisal report on compliance risks shall include but be not limited to the following contents: any change of compliance risk within the reporting period, the recognition of any rule-breaking event or compliance defect and the measures for correction that have been adopted or are advised to be adopted.

Article 15

A commercial bank shall set up an examination system of compliance performance of managers. The performance examination of a commercial bank shall embody the value concept of promoting compliance and punishing any rule-breaking behavior.

Article 16

A commercial bank shall establish an effective compliance accountability system, strictly carry out the confirmation and investigation of responsibilities incurred from any rule-breaking behavior, adopt effective measures for correction, improve the formalities for management in time, revise the related policies, formalities and operational guidelines at a proper time.

Article 17

A commercial bank shall establish a credit accusation system, encourage its staff members to tip off the illegal acts, the act in violation of professional integrity or the suspicious acts, and fully protect any tip-off reporter.

Chapter III Functions and Duties of the Compliance Management Department

Article 18

The compliance management department shall, under the guidance of its person-in-charge, assist the senior management to effectively recognize and manage the compliance risks, if its commercial bank is faced with, and perform the following fundamental functions and duties:

(1)

Paying continuous attention to the latest development of the related laws, rules and standards, correctly understanding the provisions and spirit of the related laws, rules and standards, accurately understanding the impact of the related laws, rules and standards on the business operation of the commercial bank, and putting forward corresponding suggestions on compliance to its senior management;

(2)

Instituting and carrying out the plans of compliance management which focus on risks, including the implementation and appraisal of special policies and formalities, appraisal on compliance risks, compliance testing, compliance training and education, etc..

(3)

Examining and appraising the compliance of all policies, formalities and operational guidelines of the commercial bank, organizing, coordinating and supervising and urging all business lines and the internal control department to sort of and revise the related policies, formalities and operational guidelines, and guaranteeing that all policies, formalities and operational guidelines comply with the requirements of the related laws, rules and standards;

(4)

Helping the related training and education departments to implement compliance trainings, including the compliance trainings of new staff members as well as the periodic compliance trainings of all its staff members, and functioning as the internal communication department for staff members to consult the related matters of compliance;

(5)

Organizing the institution of the formalities for compliance management as well as such compliance guidelines as compliance booklets and behavioral code of its staff members, appraising the formalities for compliance management and the appropriateness of compliance guidelines, offering guidance to its staff members on proper implementation of related laws, rules and standards;

(6)

Recognizing and appraising the compliance risks in relation to the business operation of the commercial bank actively, including conducting the necessary examination and testing for the development of new products and services, recognizing and appraising any compliance risk arising from the development of any new business mode, establishment of new customers' networks or change of nature of the bank's relationship with its customers.

(7)

Collecting and choosing the data that may indicate potential compliance problems, such as increasing index of customers' complaints and abnormal transactions etc., establishing a supervisory index of compliance risks, and determining the preferential sequence of compliance risks to be considered in accordance with the possibility and impact of compliance risk occurrence measured by the risk matrix;

(8)

Carrying out enough and representative appraisal and testing of compliance risks, including testing through on-the-spot examination on the compliance of all policies and formalities, inquiring the existing defects in the policies and formalities, and making corresponding investigation. The result of a compliance testing shall be reported in accordance with the formalities for internal risk management of commercial banks through the reporting line of compliance risks so as to ensure that all policies and formalities comply with the requirements of related laws, rules and standards; and

(9)

Keeping daily contact with its supervisory organ, and tracing and appraising the implementation of supervisory opinions and supervisory requirements.

Article 19

A commercial bank shall allocate the resources for effectively performing the compliance management for its compliance management department. A person who engages in compliance management shall have the qualification, experience, expertise and individual quality corresponding to his/her functions and duties.

A commercial bank shall offer systematic and professional technical trainings to its personnel who engage in compliance management, especially technical trainings in such aspects as correct master the latest development of the related laws, rules and standards as well as their impacts on the business operation of the commercial bank.

Article 20

The persons-in-charge of all business lines or branches or sub-branches of a commercial bank shall take primary responsibility for the business operation of their lines or departments.

A commercial bank shall, in accordance with the business scope of its lines of business and the branches and sub-branches as well as the operational scale, set up the corresponding compliance management departments.

The compliance management departments of all business lines and the branches and sub-branches of a commercial bank shall, in accordance with the formalities for compliance management, actively recognize and manage the compliance risks and report the related information in time through the reporting lines in accordance with the reporting requirements of compliance risks.

Article 21

A commercial bank shall establish a coordination mechanism between the compliance management department and the risk management department in respect of compliance management.

Article 22

A commercial bank shall separate the functions and duties of compliance management from the function of internal auditing, and the performance of compliance management shall be subject to independent appraisal by the internal auditing department periodically.

The internal auditing department shall be responsible for the auditing on compliance among all business operations of the commercial bank. An internal auditing plan shall include an auditing appraisal on the appropriateness and effectiveness of the functions and duties of compliance management. An appraisal on compliance risks shall be included in the measures for risk appraisal in the internal auditing.

A commercial bank shall specify the functions and duties of compliance risk appraisal and compliance testing between the compliance management department and the internal auditing department. The internal auditing department shall notify the result of compliance auditing to the related persons-in-charge of compliance.

Article 23

A commercial bank shall specify its reporting lines of compliance risks as well as the elements, format and frequency of a report on compliance risks.

Article 24

The overseas branches or sub-branches or affiliated institutions of a commercial bank shall strengthen the functions of compliance management. The organizational structure of the compliance management functions shall accord with the local laws and requirements of supervision.

Article 25

The board of directors and senior management of a commercial bank shall guarantee that the outsourcing of the work of the compliance management department shall comply with local laws, rules and standards.

A commercial bank shall guarantee that any outsourcing work of the compliance management department be under a proper supervision of its person-in-charge of compliance and will not hamper an effective supervision by China Banking Regulatory Commission.

Chapter IV Supervision over Compliance Risks

Article 26

A commercial bank shall report its internal regulations such as compliance policies, formalities for compliance management as well as compliance guidelines to China Banking Regulatory Commission for archival filing.

A commercial bank shall timely report its plans of compliance risk management and appraisal reports on compliance risks to China Banking Regulatory Commission.

Where a commercial bank finds any significant rule-breaking event, it shall report it to China Banking Regulatory Commission in accordance with the reporting system of significant events.

Article 27

Where a commercial bank designates a person-in-charge of compliance, it shall report it to China Banking Regulatory Commission in accordance with the related provisions. Where any person-in-charge of compliance of a commercial bank leaves his/her post, the bank shall report related information such as leaving reasons for resignation to China Banking Regulatory Commission within 10 workdays after leaving the post.

Article 28

China Banking Regulatory Commission shall conduct appraisal on the effectiveness of compliance risk management of commercial banks periodically and the appraisal reports shall be regarded as an important basis for classified supervision.

Article 29

China Banking Regulatory Commission shall, in accordance with the compliance records of commercial banks and the appraisal reports on compliance risk management, determine the frequency, scope and depth of on-the-spot compliance risk examination, and the contents shall be examined mainly include:

(1)

The appropriateness and effectiveness of the compliance risk management system of a commercial bank;

(2)

The functions of the board of directors and senior management of a commercial bank in the compliance risk management;

(3)

The appropriateness and effectiveness of the performance examination system, the accountability system and the credit accusation system of a commercial bank; and

(4)

The appropriateness and effectiveness of the functions of compliance management of a commercial bank.

Chapter V Supplementary Provisions

Article 30

The power to interpret these Guidelines shall remain with China Regulatory Banking Commission.

Article 31

These Guidelines shall enter into force as of the day of promulgation.