Guidelines on Internal Control of Commercial Banks

来自法贝百科
跳转至: 导航搜索

【英文名称】Guidelines on Internal Control of Commercial Banks

【中文名称】商业银行内部控制指引

【发布部门】中国银行业监督管理委员会

【发文字号】银监发〔2014〕40号

【发布日期】2014.09.12

【实施日期】2014.09.12

【效力级别】部门规章

【法律时效】现行有效


Notice on Issuing the Guidelines on Internal Control of Commercial Banks
中国银监会关于印发商业银行内部控制指引的通知
(Yin Jian Fa [2014] No. 40)

CBRC local offices, policy banks, state-owned commercial banks, joint-stock commercial banks, banking asset management companies, postal saving bank, rural cooperative financial institutions at provincial level, and trust companies, finance companies of corporate groups and financial leasing companies under CBRC’s supervision,

各银监局,各政策性银行、国有商业银行、股份制商业银行、金融资产管理公司,邮储银行,各省级农村信用联社,银监会直接监管的信托公司、企业集团财务公司、金融租赁公司:

We hereby issue the revised Guidelines on Internal Control of Commercial Banks which shall be earnestly implemented.

现将修订后的《商业银行内部控制指引》印发给你们,请遵照执行。

        2014年9月12日

        12 September, 2014


Guidelines on Internal Control of Commercial Banks 中英双语版
商业银行内部控制指引

Chapter 1 General Provisions

Article 1 To facilitate the establishment of commercial banks and improvement of internal control, effectively guard against risks and ensure the stable and sound operation of the banking sector, the Guidelines are formulated in accordance with Law of the People's Republic of China on Regulation of and Supervision over the Banking Industry, Law of the People’s Republic of China on Commercial Banks and other laws and regulations.

第一条 为促进商业银行建立和健全内部控制,有效防范风险,保障银行体系安全稳健运行,依据《中华人民共和国银行业监督管理法》、《中华人民共和国商业银行法》等法律法规,制定本指引。

Article 2 Commercial banks established according to laws within the territories of the People’s Republic of China shall be subject to the Guidelines.

第二条 中华人民共和国境内依法设立的商业银行适用本指引。

Article 3 Internal control refers to dynamic processes and mechanisms designed to achieve objectives through formulation and implementation of systematic rules, processes and methods. The said processes and mechanisms involve the board of directors, board of supervisors, senior management and staff at all levels.

第三条 内部控制是商业银行董事会、监事会、高级管理层和全体员工参与的,通过制定和实施系统化的制度、流程和方法,实现控制目标的动态过程和机制。

Article 4 Objectives of internal control of commercial banks:

a. to ensure the implementation of relevant laws and regulations;

b. to ensure the achievement of the development strategies and business goals of commercial banks;

c. to ensure the effectiveness of risk management of commercial banks; and

d. to ensure the authenticity, accuracy, integrity and timeliness of business records, accounting records, financial records and other management information of commercial banks.

第四条 商业银行内部控制的目标:

(一)保证国家有关法律法规及规章的贯彻执行。

(二)保证商业银行发展战略和经营目标的实现。

(三)保证商业银行风险管理的有效性。

(四)保证商业银行业务记录、会计信息、财务信息和其他管理信息的真实、准确、完整和及时。

Article 5 Basic principles of internal control of commercial banks:

a. Full coverage. Internal control should cover the whole process of decision-making, execution and supervision, all business processes and management, and all divisions and staff;

b. Check and balance. Internal control of commercial banks should form a check and balance mechanism between the governance structure, organization and distribution of power and duty, business process;

c. Prudential operation. The philosophy of risk-based prudential operation should be adhered to and internal control should be prioritized in setting up institutions or expanding business;

d. Compatibility. Internal control of commercial banks should be compatible with their management models, scale of business, complexity of products and risk status and adjustments should be made in light of changed circumstances in a timely manner

第五条 商业银行内部控制应当遵循以下基本原则:

(一)全覆盖原则。商业银行内部控制应当贯穿决策、执行和监督全过程,覆盖各项业务流程和管理活动,覆盖所有的部门、岗位和人员。

(二)制衡性原则。商业银行内部控制应当在治理结构、机构设置及权责分配、业务流程等方面形成相互制约、相互监督的机制。

(三)审慎性原则。商业银行内部控制应当坚持风险为本、审慎经营的理念,设立机构或开办业务均应坚持内控优先。

(四)相匹配原则。商业银行内部控制应当与管理模式、业务规模、产品复杂程度、风险状况等相适应,并根据情况变化及时进行调整。

Article 6 Commercial banks should establish and optimize their internal control system, specify responsibilities, improve mechanisms and measures, and make continuing efforts to evaluate and oversee internal control.

第六条 商业银行应当建立健全内部控制体系,明确内部控制职责,完善内部控制措施,强化内部控制保障,持续开展内部控制评价和监督。

Chapter 2 Responsibilities of Internal Control

Article 7 Commercial banks should put in place operational and organizational structures of internal control with reasonable and clear assignment of responsibility and reporting relationship between board of directors, board of supervisors, senior management, internal control, internal auditing and operational departments.

第七条 商业银行应当建立由董事会、监事会、高级管理层、内控管理职能部门、内部审计部门、业务部门组成的分工合理、职责明确、报告关系清晰的内部控制治理和组织架构。

Article 8 The board of directors of a commercial bank is responsible for ensuring the establishment and implementation of an effective internal control system and prudential operation within the framework of laws and policies. The board of directors is responsible for defining the acceptable level of risks, ensuring that necessary measures are taken by senior management and so as to monitor and assess the adequacy and effectiveness of the internal control system.

第八条 董事会负责保证商业银行建立并实施充分有效的内部控制体系,保证商业银行在法律和政策框架内审慎经营;负责明确设定可接受的风险水平,保证高级管理层采取必要的风险控制措施;负责监督高级管理层对内部控制体系的充分性与有效性进行监测和评估。

Article 9 The board of supervisors is responsible for supervising the work of the board of directors and senior management in improving the internal control system and supervising the board of directors and senior management and its members in implementing internal control.

第九条 监事会负责监督董事会、高级管理层完善内部控制体系;负责监督董事会、高级管理层及其成员履行内部控制职责。

Article 10 Senior management is responsible for executing decisions made by board of directors, formulating systematic regulations, processes and methods based on an acceptable risk level defined by board of director and adopting relevant risk control measures. Senior management is also responsible for establishing and improving internal organizations to ensure effective internal control. Senior management is also responsible for monitoring and evaluating the effectiveness and adequateness of internal control system.

第十条 高级管理层负责执行董事会决策;负责根据董事会确定的可接受的风险水平,制定系统化的制度、流程和方法,采取相应的风险控制措施;负责建立和完善内部组织机构,保证内部控制的各项职责得到有效履行;负责组织对内部控制体系的充分性与有效性进行监测和评估。

Article 11 Commercial banks should designate specialized department as function department of internal control management, take a leading role in coordinating and organizing internal control systems and in evaluating the systems.

第十一条 商业银行应当指定专门部门作为内控管理职能部门,牵头内部控制体系的统筹规划、组织落实和检查评估。

Article 12 Internal auditing departments of Commercial banks supervise internal control, audit adequateness and effectiveness of internal control, report problems in a timely manner and supervise rectification and improvement.

第十二条 商业银行内部审计部门履行内部控制的监督职能,负责对商业银行内部控制的充分性和有效性进行审计,及时报告审计发现的问题,并监督整改。

Article 13 Operational departments of commercial banks are responsible for formulating operating systems and processes related to their own responsibility, strictly implementing relevant systems and rules, organizing supervision and inspection, reporting existent flaws in internal control within designated time frame and procedures, and for implementing rectification and improvement.

第十三条 商业银行的业务部门负责参与制定与自身职责相关的业务制度和操作流程;负责严格执行相关制度规定;负责组织开展监督检查;负责按照规定时限和路径报告内部控制存在的缺陷,并组织落实整改。

The operational departments of commercial banks in the Guidelines refer to other departments except internal auditing department and functional departments of internal control.

本指引所称商业银行业务部门是指除内部审计部门和内控管理职能部门外的其他部门。

Chapter 3 Measures of Internal Control

Article 14 Commercial banks should establish and improve institutional frameworks of internal control, formulate a comprehensive, systematic and standardized operation and management system for businesses and management activities, and conduct regular evaluations.

第十四条 商业银行应当建立健全内部控制制度体系,对各项业务活动和管理活动制定全面、系统、规范的业务制度和管理制度,并定期进行评估。

Article 15 Commercial banks should define critical areas of risks in all operation and management activities, adopt proper measures, and implement unified processes of operation and management.

第十五条 商业银行应当合理确定各项业务活动和管理活动的风险控制点,采取适当的控制措施,执行标准统一的业务流程和管理流程,确保规范运作。

Commercial banks should adopt appropriate technologies and methods to manage risks, identify and evaluate operational risks and constantly monitor major risks.

商业银行应当采用科学的风险管理技术和方法,充分识别和评估经营中面临的风险,对各类主要风险进行持续监控。

Article 16 Commercial banks should establish and improve information control systems, and through effective combination of internal control process, operation system and information control system strengthen an automatic control system of operation and management activities.

第十六条 商业银行应当建立健全信息系统控制,通过内部控制流程与业务操作系统和管理信息系统的有效结合,加强对业务和管理活动的系统自动控制。

Article 17 Commercial banks should define responsibility and power of departments and posts according to operational and managerial requirements, form standardized illustration for responsibility of departments and posts, define corresponding reporting processes.

第十七条 商业银行应当根据经营管理需要,合理确定部门、岗位的职责及权限,形成规范的部门、岗位职责说明,明确相应的报告路线。

Article 18 Commercial banks should identify and analyze posts of conflicting responsibilities/interests in operation and management process in a comprehensive manner, and adopt segregation measures to exercise checks and balances.

第十八条 商业银行应当全面系统地分析、梳理业务流程和管理活动中所涉及的不相容岗位,实施相应的分离措施,形成相互制约的岗位安排。

Article 19 Commercial banks should define important posts and formulate internal control requirements for important posts, implement job rotation and compulsory leave systems for employees in important posts.

第十九条 商业银行应当明确重要岗位,并制定重要岗位的内部控制要求,对重要岗位人员实行轮岗或强制休假制度,原则上不相容岗位人员之间不得轮岗。

Article 20 Commercial banks should formulate codes of conduct, define prohibitive rules, strengthen supervision and screening of employee behavior and establish a reporting and investigation system for unusual behavior.

第二十条 商业银行应当制定规范员工行为的相关制度,明确对员工的禁止性规定,加强对员工行为的监督和排查,建立员工异常行为举报、查处机制。

Article 21 In light of operation capacity, level of management, risk status and development strategy of branches and departments, commercial banks should clearly define the scope of authority and competence of different branches, departments, posts and personnel, and make necessary adjustments.

第二十一条 商业银行应当根据各分支机构和各部门的经营能力、管理水平、风险状况和业务发展需要,建立相应的授权体系,明确各级机构、部门、岗位、人员办理业务和事项的权限,并实施动态调整。

Article 22 Commercial banks should strictly comply with accounting standards and principles and present transactions in each business in a timely and accurate manner to ensure the authenticity, reliability and integrity of accounting records.

第二十二条 商业银行应当严格执行会计准则与制度,及时准确地反映各项业务交易,确保财务会计信息真实、可靠、完整。

Article 23 Commercial banks should establish an effective verifying and monitoring system to verify receipts, invoices and financial statements on a regular basis and take stock of cash, marketable securities and other tangible assets and instruments in a timely manner.

第二十三条 商业银行应当建立有效的核对、监控制度,对各种账证、报表定期进行核对,对现金、有价证券等有形资产和重要凭证及时进行盘点。

Article 24 Commercial banks should assess potential risks and put in place necessary management systems and operation process when they establish new branches, open new businesses or offer new products and services.

第二十四条 商业银行设立新机构、开办新业务、提供新产品和服务,应当对潜在的风险进行评估,并制定相应的管理制度和业务流程。

Article 25 Commercial banks should establish and improve an outsourcing management system with defined organizational framework and responsibility and conduct a full risk assessment on outsourcing business at least once a year. Functions that involve development strategy, risk management, internal auditing and other core competence shall not to be outsourced.

第二十五条 商业银行应当建立健全外包管理制度,明确外包管理组织架构和管理职责,并至少每年开展一次全面的外包业务风险评估。涉及战略管理、风险管理、内部审计及其他有关核心竞争力的职能不得外包。

Article 26 commercial banks should establish and improve a complaint management system with clear handling process and analyze customer complaints on a regular basis to spot problems and improve service and management.

第二十六条 商业银行应当建立健全客户投诉处理机制,制定投诉处理工作流程,定期汇总分析投诉反映事项,查找问题,有效改进服务和管理。

Chapter 4 Internal control guarantee

Article 27 Commercial banks should establish a management information system and a business operation system that cover all levels of management, all businesses and processes so as to record operation and management information in a timely manner and ensure the integrity, continuity, accuracy and traceability of the information.

第二十七条 商业银行应当建立贯穿各级机构、覆盖所有业务和全部流程的管理信息系统和业务操作系统,及时、准确记录经营管理信息,确保信息的完整、连续、准确和可追溯。

Article 28 Commercial banks should strengthen management of information security. Commercial banks should put in place a class-based information management system and closely guard access to the information system to guarantee information security.

第二十八条 商业银行应当加强对信息的安全控制和保密管理,对各类信息实施分等级安全管理,对信息系统访问实施权限管理,确保信息安全。

Article 29 Commercial banks should establish an effective mechanism of communication to keep the board of directors, board of supervisors and senior management are informed of operation and risk status and keep departments and personnel informed of rules and information relevant to their responsibilities.

第二十九条 商业银行应当建立有效的信息沟通机制,确保董事会、监事会、高级管理层及时了解本行的经营和风险状况,确保相关部门和员工及时了解与其职责相关的制度和信息。

Article 30 Commercial banks should establish a business continuity management system in line with their strategic goals. Commercial banks should define organizational structure and managerial functions, formulate a business continuity plan and organize testings on the plan and regular assessments of business continuity to ensure effective response to business-disrupting events.

第三十条 商业银行应当建立与其战略目标相一致的业务连续性管理体系,明确组织结构和管理职能,制定业务连续性计划,组织开展演练和定期的业务连续性管理评估,有效应对运营中断事件,保证业务持续运营。

Article 31 Commercial banks should adopt a sustainable human resource policy and set professional ethics and capabilities as important selection and recruitment criteria to ensure the qualifications and experience requirements are met. Commercial banks should also step up staff training.

第三十一条 商业银行应当制定有利于可持续发展的人力资源政策,将职业道德修养和专业胜任能力作为选拔和聘用员工的重要标准,保证从业人员具备必要的专业资格和从业经验,加强员工培训。

Article 32 Commercial banks should develop an effective performance appraisal system and set reasonable measurements of performance for internal control department. Commercial banks should conduct evaluation of internal control management in a specific time period and improve management according to the results of evaluation.

第三十二条 商业银行应当建立科学的绩效考评体系、合理设定内部控制考评标准,对考评对象在特定期间的内部控制管理活动进行评价,并根据考评结果改进内部控制管理。

Commercial banks should put in place a performance appraisal system dedicated to internal control and internal auditing departments to facilitate fulfillment of their internal control and supervision responsibilities.

商业银行应当对内控管理职能部门和内部审计部门建立区别于业务部门的绩效考评方式,以利于其有效履行内部控制管理和监督职能。

Article 33 Commercial banks should foster a culture of internal control, enhance the staff’s compliance and risk awareness, improve their professional ethics and regulate their behavior.

第三十三条 商业银行应当培育良好的企业内控文化,引导员工树立合规意识、风险意识,提高员工的职业道德水准,规范员工行为。

Chapter 5 Evaluation of internal control

Article 34 Evaluation of internal control refers to the research, testing, analysis, evaluation and other structured activities related to the establishment, implementation and operation of the internal control system.

第三十四条 商业银行内部控制评价是对商业银行内部控制体系建设、实施和运行结果开展的调查、测试、分析和评估等系统性活动。

Article 35 Commercial banks should establish an internal control evaluation system that specifies the evaluator, frequency, content, procedure, method and criteria to ensure that internal control evaluation is carried out in accordance with relevant rules.

第三十五条 商业银行应当建立内部控制评价制度,规定内部控制评价的实施主体、频率、内容、程序、方法和标准等,确保内部控制评价工作规范进行。

Article 36 Internal control evaluation in commercial banks should be carried out by departments designated by the board of directors.

第三十六条 商业银行内部控制评价应当由董事会指定的部门组织实施。

Article 37 Commercial banks should conduct evaluation of internal control in organizations under consolidated supervision, including commercial banks and their subsidiaries and affiliates.

第三十七条 商业银行应当对纳入并表管理的机构进行内部控制评价,包括商业银行及其附属机构。

Article 38 Commercial banks should determine the frequency of internal control evaluation in light of operation and risk status, and evaluation should be conducted at least once a year. Commercial banks should conduct evaluation in case of major acquisition or resolution matters, major shifts of operational mode and changes in external business environment and other events of substantial influence.

第三十八条 商业银行应当根据业务经营情况和风险状况确定内部控制评价的频率,至少每年开展一次。当商业银行发生重大的并购或处置事项、营运模式发生重大改变、外部经营环境发生重大变化,或其他有重大实质影响的事项发生时,应当及时组织开展内部控制评价。

Article 39 Commercial banks should formulate criteria for identification of internal control weaknesses which grade control weaknesses based on implication and probability of occurrence, and specify corresponding remedial measures and plans.

第三十九条 商业银行应当制定内部控制缺陷认定标准,根据内部控制缺陷的影响程度和发生的可能性划分内部控制缺陷等级,并明确相应的纠正措施和方案。

Article 40 Commercial banks should put in place a quality control system for internal control evaluation to monitor the whole process of evaluation and thus ensure objectivity of the evaluation.

第四十条 商业银行应当建立内部控制评价质量控制机制,对评价工作实施全流程质量控制,确保内部控制评价客观公正。

Article 41 Commercial banks should make full use of the outcomes of internal control assessment. Commercial banks may tie the outcomes of assessment to performance evaluation. 第四十一条 商业银行应当强化内部控制评价结果运用,可将评价结果与被评价机构的绩效考评和授权等挂钩,并作为被评价机构领导班子考评的重要依据。

Article 42 Commercial banks should submit their annual internal control evaluation, approved by the board of directors, to the CBRC or CBRC local offices before April 30th. Branches of commercial banks should submit their internal control evaluation CBRC local offices before April 30th.

第四十二条 商业银行年度内部控制评价报告经董事会审议批准后,于每年4月30日前报送银监会或对其履行法人监管职责的属地银行业监督管理机构。商业银行分支机构应将其内部控制评价情况,按上述时限要求,报送属地银行业监督管理机构。

Chapter 6 Monitoring on internal control

Article 43 Auditing, internal control and operating departments should share the responsibility of supervising internal control management and establish a supervisory system that covers all departments, products and operational processes.

第四十三条 商业银行内部审计部门、内控管理职能部门和业务部门均承担内部控制监督检查的职责,应根据分工协调配合,构建覆盖各级机构、各个产品、各个业务流程的监督检查体系。

Article 44 Commercial banks should establish a reporting and feedback system for supervision of inter control. Internal auditing, internal control and operating departments should report internal control weaknesses to the board of directors, board of supervisors, senior management and other competent authorities according to specific procedures in a time manner.

第四十四条 商业银行应当建立内部控制监督的报告和信息反馈制度,内部审计部门、内控管理职能部门、业务部门人员应将发现的内部控制缺陷,按照规定报告路线及时报告董事会、监事会、高级管理层或相关部门。

Article 45 Commercial banks should put in place a remedial mechanism for internal control weaknesses to define responsibilities, standardize procedures and processes and ultimately ensure implementation of remedial measures.

第四十五条 商业银行应当建立内部控制问题整改机制,明确整改责任部门,规范整改工作流程,确保整改措施落实到位。

Article 46 Commercial banks should establish an accountability system in which:

a. board of directors and senior management should be responsible for classification of effectiveness of internal control and be held accountable for major loss due to ineffective internal control;

b. internal auditing and internal control should be directly responsible for ineffective supervision and evaluation of internal control;

c. operating department should be directly responsible for unimplemented rules and processes, ineffective supervision and overdue remedial measures.

第四十六条 商业银行应当建立内部控制管理责任制,强化责任追究。

(一)董事会、高级管理层应当对内部控制的有效性分级负责,并对内部控制失效造成的重大损失承担管理责任。

(二)内部审计部门、内控管理职能部门应当对未适当履行监督检查和内部控制评价职责承担直接责任。

(三)业务部门应当对未执行相关制度、流程,未适当履行检查职责,未及时落实整改承担直接责任。

Article 47 Supervisory department of commercial banks should keep continuous supervision on internal control through off-site supervision and on-site inspection, and put forward supervisory advice according to the Guidelines, relevant laws and regulations and internal control evaluation.

第四十七条 银行业监督管理机构通过非现场监管和现场检查等方式实施对商业银行内部控制的持续监管,并根据本指引及其他相关法律法规,按年度组织对商业银行内部控制进行评估,提出监管意见,督促商业银行持续加以完善。

Article 48 The CBRC and its local offices should instruct commercial banks with internal control weaknesses to take remedial measures within a time limit. If remedial measures are not taken within the time limit, supervisory measure should be taken in accordance with article 37 of Law of the People's Republic of China on Regulation of and Supervision over the Banking Industry.

第四十八条 银监会及其派出机构对内部控制存在缺陷的商业银行,应当责成其限期整改;逾期未整改的,可以根据《中华人民共和国银行业监督管理法》第三十七条有关规定采取监管措施。

Article 49 If commercial banks violate provisions in the Guidelines, CBRC and its local offices can take supervisory measures in accordance with relevant provisions in Law of the People's Republic of China on Regulation of and Supervision over the Banking Industry.

第四十九条 商业银行违反本指引有关规定的,银监会及其派出机构可以根据《中华人民共和国银行业监督管理法》有关规定采取监管措施。

Chapter 7 Appendix

Article 50 Other financial institutions regulated by the CBRC should refer to the Guidelines.

第五十一条 本指引自印发之日起施行。

Article 51 The Guidelines shall be effective since the date of issuance.

第五十条 银监会负责监管的其他金融机构参照本指引执行。