What principles does compliance risk management follow?

(1) The meaning of compliance risk management

Compliance risk management means that banks take the initiative to avoid the occurrence of violations, find and take appropriate measures to correct the violations that have occurred, and its post manual is also a cyclical process of continuous revision of relevant systems and corresponding practices. This compliance risk management process is the basis and core of building an effective internal control mechanism of banks. ?

Compliance risk management itself cannot directly increase profits for banks. For "compliance creates value", it can be defined as: through compliance management, banks can enhance their sustainable competitiveness in the financial market, increase profit space and opportunities, avoid restrictions on business activities, and create value for enterprises. ?

The task of compliance risk management is to find and stop risks and their damage in time. The responsibilities of the Compliance Department include formulating compliance policies, identifying compliance risks, monitoring and evaluating, sorting out and integrating various bank rules and regulations, compliance training, participating in bank organizational structure and business process reengineering, and providing compliance support for new products. ?

(II) Principles to be followed in compliance risk management

Compliance risk management is a kind of risk management, so it should follow the basic framework of risk management. Generally speaking, risk management has three lines of defense. All departments are the first line of defense. Risk management is the second line of defense. The third line of defense is auditing. The so-called secondary risk means not doing specific things and only taking risks. Compliance risk is to manage compliance risk, and other risk departments manage other risks. It is not directly engaged in specific business management activities, so the key is to find the breakthrough point of risk management. When we conduct compliance risk management now, everyone has different methods. Some are the first line of defense, establishing rules for the process, establishing mechanisms, and establishing mechanisms for each line of defense. For the president, the last line of defense is compliance or risk management, not audit, which has nothing to do with the president. Audit is the fourth line of defense besides the president, and supervision is the fifth line of defense. Generally speaking, everyone is the first line of defense to do process regulations, and the second line of defense to do risk management procedures, and these two things are related to risk compliance.

1. Establish active compliance awareness and overcome passive compliance psychology?

1. Establish the concept that compliance is everyone's responsibility, active compliance awareness and compliance creates value among bank employees, so that employees will think of the necessity of conducting compliance risk review when they come into contact with every business, and advocate actively discovering and exposing hidden dangers or problems of compliance risks so as to make timely rectification. ?

2. Compliance culture is supported by a set of systems, methods and tools, which requires banks to strengthen the post-evaluation of rules and regulations. In view of the problems found, make appropriate improvements in business policies, behavior manuals, operating procedures, etc., avoid any similar violations, correct the violations that have occurred, and give necessary disciplinary actions to the relevant responsible persons. If the compliance risk is found but not reported, once it is verified by the internal audit department or external regulatory agency, the concealer will be punished more severely; Those who take the initiative to report problems or hidden dangers can be given a lighter punishment or even exempted or even rewarded according to the situation. ?

3. The performance appraisal mechanism should be regarded as an important part of cultivating compliance culture, which fully embodies the values of commercial banks in advocating compliance management and punishing violations. ?

Second, formulate compliance policies and set up compliance departments?

Compliance Department is an independent functional department that supports and assists the senior management of banks to do a good job in compliance risk management. Front-line business departments are directly responsible for compliance, and senior management is the ultimate responsible person for compliance operation of the whole bank. To build a compliance risk management mechanism of commercial banks, it is necessary to set up a full-time compliance department, and ensure that the compliance department can find and investigate problems without interference, so that compliance personnel can participate in the process of bank organizational structure and business process reengineering in time, so that the principle of compliance according to law can be truly implemented in every link of business process and even every employee. At the same time, it is necessary to formulate and approve effective compliance policies that meet the characteristics of commercial banks, which is a programmatic document for bank compliance risk management; Accumulate experience through practice, explore the effective operation mechanism of managing compliance risk and the radical solution of managing operational risk. However, it must be made clear that the Compliance Department cannot be an excuse for all business departments and senior management of banks to shirk their responsibilities, and the Compliance Department cannot be a "scapegoat" for the accountability of senior management and other departments. ?

Third, establish a reporting supervision mechanism?

In order to cultivate employees' awareness of operating and controlling compliance risks according to law, it is necessary to establish a reporting supervision mechanism, provide necessary channels and ways for employees to report violations and illegal acts, and establish an effective reporting protection and incentive mechanism. ?

Fourth, establish a risk assessment mechanism?

It is necessary to establish and improve the risk identification and evaluation system as soon as possible, earnestly learn from international advanced experience, actively use modern scientific and technological means, establish and improve the monitoring, evaluation and early warning system covering all business risks, attach importance to early warning, and conscientiously implement the major breach registration and risk early warning system. ?

Verb (abbreviation of verb) establishes a compliance risk management mechanism based on "process bank"?

It is necessary to completely break the "departmental bank" system that has been followed for many years in a stable and closed market environment and planned economy period, break the departmental risk management model of compartmentalization and fragmentation, effectively avoid the phenomenon of compartmentalization and mutual wrangling, establish a unified closed process centered on customer needs, and optimize and streamline business processes on the principle of serving customers well and controlling various risks including compliance risks. ?

(3) Conclusion

The construction of compliance mechanism is a long-term systematic project, which requires the strong leadership of the bank's senior management, the strong cooperation of all departments and the active participation of all employees in order to comprehensively and effectively promote compliance construction. We should learn advanced experience from practice, actively explore ways and means to strengthen the construction of compliance risk management mechanism, and constantly improve the compliance management level of China banks.