To Provide A Strong System Guarantee for Compliance Management

- An interview With Li Xiwen, General Manager of CCB Compliance Department

 

Q: CCB recently issued the Compliance Policy and the Compliance Management Rules. Could you please give us some background information? 

Li: At present, CCB is a public company ranking among top 10 banks in the world in terms of capitalization. To improve the image of CCB and realize our strategic goal of becoming a first-class global commercial bank, we need to not only maintain and increase our capitalization, but also do well in corporate governance structure, customer service, risk management and internal control so as to narrow down our gap with leading commercial banks and fulfill the regulatory requirements both at home and abroad. Formulating the Compliance Policy and the Compliance Management Rules is one practical step toward that goal. Our headquarters established the Compliance Department last June, being the first among four major commercial banks of China. This year the headquarters issued the Compliance Policy and the Compliance Management Rules, a pioneering move in system innovation among China’s 4 major commercial banks. The Basel Committee on Banking Supervision pointed out in its guiding document, Compliance and Internal Compliance Departments of Banks, that it is the responsibility of the senior management to develop a written compliance policy. The leaders of China Banking Regulatory Commission (CBRC) also indicated on many occasions that it is the responsibility of the Board of Directors and the senior management to draft and revise the compliance policy and supervise, reward and punish compliance or non-compliance behaviors. Based upon above considerations and requirements, our headquarters organized the drafting of the Compliance Policy and the Compliance Management Rules starting from last August and issued on April and May 2006 respectively following the examination and approval of the general meeting of the Board of Directors and the Governor’s Office. These two documents, as our guiding documents, not only filled in the blank of our framework system, but also lead the way to strengthen compliance management of the entire bank and foster a compliance culture across the bank. The compliance work now has rules to follow.

 

Q: What are main contents of the Compliance Policy and the Compliance Management Rules? Why do you formulate the Compliance Management Rules since you have already issued the Compliance Policy? What are the major differences between the two documents?

Li: The Compliance Policy is a guiding and master document of CCB that reflects our compliance thinking and helps us to foster a compliance culture and fulfill our compliance goals. The principles and requirements guiding the compliance work are clearly defined in this document. There are 16 parts about the document: purposes and basis of formulating this document, compliance thinking, definition of compliance risk, compliance duties, compliance accountability, independence of compliance department, compliance resources, reporting route of compliance work, relationship between compliance department and business department, relationship between compliance department and risk management department, relationship between compliance department and internal audit department, relationship between compliance department and legal and supervisory department, contacts of compliance department with external supervisory department, compliance culture, supplementary rules, etc. To sum up, the Compliance Policy has the following 8 features: macro direction of guiding, clear definition of compliance duties, strict compliance accountability, independence of compliance, execution of compliance resources, clear reporting route, well-coordinated synergies between departments, and innovative compliance culture.

The Compliance Management Rules is formulated on the basis of the Compliance Policy. The Policy talks more about principles and is unlikely to specify implementation and operation details. Therefore, we need a support document to turn our policy intention into execution. The Compliance Management Rules is such a document. For instance, the Rules not only identifies the reporting route, means and processing principles at the headquarters level, but also defines the reporting route of level A branches to the headquarters. It requires the Level A branches to report their compliance work to the Headquarters once a year. The content, submission time, and down management of the reports are also specified. 

Q: It is known that the Basel Committee on Banking Supervision and leading international banks all mentioned in their compliance documents and during the implementation of these documents that Compliance should start from the senior management. What about CCB?

Li: CCB has explicitly stated in the second part (compliance thinking) of our Compliance Policy that the Board of Directors advocates a code of conduct based upon integrity and righteousness across the entire bank and a vision of offering the best services for our customers, maximizing values for our shareholders, creating the best opportunities for our employees, and becoming a first-class international bank. Our goal is to increase the compliance awareness of our employees, develop a compliance culture with sustained competitiveness and our own features, form a concept that compliance is everyone’s duty and compliance creates values, and provide an effective guarantee for business operation and profit growth of our bank. It is explicitly stated in Article 4 of the Compliance Management Rules that the senior management of the headquarters is in charge of the compliance management of the entire bank and shall accept the supervision and guidance of the Board of Directors, the Board of Supervisors, external audit and supervisory agencies. It is stated in Article 21 of the Compliance Management Rules that major administrative officers or authorized officers of the branches shall be held accountable for the compliance work. The president of level A branches (or leaders in charge) shall report to the Governor of the headquarters (leader in charge) directly. The above two articles shows that the senior management should not only launch but also implement the compliance work. CCB is a leader in this area in China. The Board of Directors and the Board of Supervisors also developed management, assessment and accountability rules governing the senior management.

Q: How are compliance duties defined in the Compliance Policy?

Li: In the Compliance Policy, CCB defines compliance duties in tiers. The duties of the Board of Directors, the senior management, and the Board of Supervisors are stated as follows: the Board of Directors, the senior management, and the Board of Supervisors are advocators, formulators and supervisors of compliance policies and they shall lead the entire bank to the realization of our strategic vision, development plans and annual plans by advocating the concept of integrity and righteousness and compliance behaviors. They should listen to the reports of the compliance department on the implementation of compliance policies on a regular basis. The duty statement is a supplement to the definition that “compliance should start from the senior management.” Moreover, the Compliance Policy has identified the duties of our department, which are specified in 13 items. For instance, the Compliance Department shall accept the assignment of the senior management, take the lead in organizing the management of associated transactions, and support the work of the associated transactions control committee of the Board. The Compliance Department shall participate in the study on the improvement of our internal organizational structure and business processes, ensure rational and effective coherence of internal regulations with external rules and offer advice or recommendations on the possible outcomes. The Compliance Department shall participate in the system management of new products development and offer system support concerning the compliance of new products development. In addition to the rules on the duties of the Compliance Department, the Compliance Policy also identifies the compliance duties of other business departments, of level A branches and of their inferior departments. These rules indicate that compliance is everyone’s duty and business departments, branches and other operating units are lines of defense or thresholds against risks.

Q: What are specific requirements of the compliance accountability? How to implement the compliance accountability in the compliance management?

Li: There are rules governing the establishment of the compliance accountability system in the Compliance Policy and the Compliance Management Rules. Actually, the accountability system includes 3 aspects: first, to protect, praise or reward outstanding executors of the compliance work and those reporting or resisting the incompliance practices; second, to exempt those whose minor or incidental errors haven’t led to kickbacks or impose lesser punishment on them; third, to impose punishment on those who violate the compliance rules or conceal their incompliant actions, or hold them accountable for their actions in compliance with applicable rules of CCB or the requirements of regulators. Firstly, the establishment of the accountability system reflects the position and guiding direction of the Board of Directors and the senior management. CCB encourages the employees to proactively report the situation that might lead to or have led to the compliance risks and protects them against any bad consequences. Here, please pay attention to the words “encourage and protect”. There are also rules providing that the compliance department is liable for keeping reporting departments or individuals confidential and is prohibited from sending the reporting documents to the reported persons. This is a new starting pointing for us to foster the compliance culture. Secondly, this also an indication that CCB has a strong intension to strengthen the transparency of management. “The compliance issues discovered must be tackled timely.” “CCB shall punish those who conceal their incompliant actions or hold them accountable for their incompliant actions pursuant to applicable rules of CCB or the requirements of regulators.” To facilitate the operation, the Compliance Management Rules defines that the headquarters shall, pursuant to the applicable rules of CCB or national regulations, hold Level A branches accountable for their actions according to their nature and impacts, such as failure to report their compliance work to the headquarters as required, failure to report major or emergent compliance incidents, delay the reports, making false and deceptive reports, making omissions in reports, breach of duties, misconduct, and other incompliant behaviors. Actually, this is to require all the employees not to conceal any discovered problems or make false reports. Therefore, the Compliance Policy especially points out that CCB shall exempt or impose lesser punishment on those who actively report their incompliant behaviors to reduce the hidden risks. We have exemption, reward, and punishment rules in our accountability system, which will play an incentive and restrictive role in encouraging the due diligence of all officers and employees and their compliant operation.

Q: How to ensure that the compliance department and their staffs independently perform their duties?

Li: To ensure that the compliance department and their staffs independently perform their duties is one of the guiding principles advocated by the Basel Committee on Banking Supervision. To this end, Article VII of the Compliance Policy especially lists out 5 provisions on the independence of the compliance department: first, to ensure that the compliance department and their staffs independently perform their duties within the approved scope of responsibility; second, the compliance department may obtain necessary information for related departments (branches) to perform their duties and the related departments (branches) should cooperate with the compliance department; third, the compliance department may independently carry out investigations over possible incompliance matters; fourth, the compliance department may directly report the senior management or the specialized committee of the Board of Directors over abnormal situations or possible incompliant behaviors discovered through investigations by following applicable procedures and when necessary, report directly to the Board of Directors. The rules governing the reporting route clearly identifies that the Compliance Department should report major incompliance risk matters to the Board of Directors, the senior management, and the Board of Supervisors for the first instance. Under an emergent situation, the Compliance Department may report directly to the chairman of the Board of Directors, the governor, and the Chairman of the Board of Supervisors; fifth, CCB requires all departments (branches) to provide necessary cooperation and support to the staffs of the compliance department for their independent and due diligence investigation, examination and supervision and give them fair and objective comments upon their due diligence behaviors. CCB forbids any retaliation against the compliance staffs. CCB should praise and reward those who make outstanding contributions to the compliance work. Only in this way, can a robust compliance culture turn out to be common practice.

Q: What are specific requirements of CCB on the implementation of the Compliance Policy and the Compliance Management Rules?

Li: The Compliance Policy and the Compliance Management Rules have been officially issued. The headquarters requires the officers at all levels and all the employees to study these documents seriously and implement them in an all-round manner. We will utilize various forms of awareness promotion and training activities to let everyone have a good understanding and knowledge of the essence and focus of these two documents. We will strive to encourage the departments and employees to earnestly execute these two documents and make compliance be universally recognized by the management and the employees as one of the core risk management activities so that everyone can be an active member in the compliance work.