好文档 - 专业文书写作范文服务资料分享网站

商业银行信息科技风险管理指引英文版

天下 分享 时间: 加入收藏 我要投稿 点赞

Guidelines on the Risk Management of

Commercial Banks’ Information Technology

Chapter I General Provisions

Article 1. Pursuant to the Law of the People’s Republic

of China on Banking Regulation and Supervision, the Law of the People's Republic of China on Commercial Banks, the Regulations of the People’s Republic of China on Administration of Foreign-funded Banks, and other applicable laws and regulations, the Guidelines on the Risk Management of Commercial Banks’ Information Technology (hereinafter referred to as the Guidelines) is formulated. Article 2.

The Guidelines apply to all the commercial

banks legally incorporated within the territory of the People’s Republic of China.

The Guidelines may apply to other banking institutions including policy banks, rural cooperative banks, urban credit cooperatives, rural credit cooperatives, village banks, loan companies, financial asset management companies, trust and investment companies, finance firms, financial leasing companies, automobile financial companies and money brokers. Article 3.

The term “information technology” stated in

the Guidelines shall refer to the system built with computer,

communication and software technologies, and employed by commercial banks to handle business transactions, operation management, and internal communication, collaborative work and controls. The term also include IT governance, IT organization structure and IT policies and procedures. Article 4.

The risk of information technology refers to

the operational risk, legal risk and reputation risk that are caused by natural factor, human factor, technological loopholes or management deficiencies when using information technology. Article 5.

The objective of information system risk

management is to establish an effective mechanism that can identify, measure, monitor, and control the risks of commercial banks’ information system, ensure data integrity, availability, confidentiality and consistency, provide the relevant early warning, and thereby enable commercial banks’ business innovations, uplift their capability in utilizing information technology, improve their core competitiveness and capacity for sustainable development.

Chapter II

IT governance

Article 6. The legal representative of commercial bank

should be responsible to ensure compliance of this guideline.

Article 7. The board of directors of commercial banks

should have the following responsibilities with respect to the management of information systems: (1)

Implementing and complying with the national laws,

regulations and technical standards pertaining to the management of information systems, as well as the regulatory requirements set by the China Banking Regulatory Commission (hereinafter referred to as the “CBRC”); (2)

Periodically reviewing the alignment of IT strategy with

the overall business strategies and significant policies of the bank, assessing the overall effectiveness and efficiency of the IT organization. (3)

Approving IT risk management strategies and policies,

understanding the major IT risks involved, setting acceptable levels for these risks, and ensuring the implementation of the measures necessary to identify, measure, monitor and control these risks. (4)

Setting high ethical and integrity standards, and

establishing a culture within the bank that emphasizes and demonstrates to all levels of personnel the importance of IT risk management. (5)

Establishing an IT steering committee which consists of

representatives from senior management, the IT organization, and major business units, to oversee these responsibilities and report the effectiveness of strategic IT planning, the IT budget and actual expenditure, and the overall IT performance to the board of directors and senior management periodically. (6)

Establishing

IT

governance

structure,

proper

segregation of duty, clear role and responsibility, maintaining check and balances and clear reporting relationship. Strengthening IT professional staff by developing incentive program. (7)

Ensuring that there is an effective internal audit of the

IT risk management carried out by operationally independent, well-trained and qualified staff. The internal audit report should be submitted directly to the IT audit committee; (8)

Submitting an annual report to the CBRC and its local

offices on information system risk management that has been reviewed and approved by the board of directors ; (9)

Ensuring the appropriating funding necessary for IT risk

management works;

(10) Ensuring that all employees of the bank fully understand and adhere to the IT risk management policies and procedures approved by the board of directors and the senior management,

and are provided with pertinent training.

(11) Ensuring customer information, financial information, product information and core banking system of the legal entity are held independently within the territory, and complying with the regulatory on-site examination requirements of CBRC and guarding against cross-border risk.

(12) Reporting in a timely manner to the CBRC and its local offices any serious incident of information systems or unexpected event, and quickly respond to it in accordance with the contingency plan;

(13) Cooperating with the CBRC and its local offices in the supervisory inspection of the risk management of information systems, and ensure that supervisory opinions are followed up; and

(14) Performing other related IT risk management tasks. Article 8.

The head of the IT organization, commonly known

as the Chief Information Officer (CIO) should report directly to the president. Roles and responsibilities of the CIO should include the following: (1)

Playing a direct role in key decisions for the business

development involving the use of IT in the bank; (2)

The CIO should ensure that information systems meet the

商业银行信息科技风险管理指引英文版

GuidelinesontheRiskManagementofCommercialBanks’InformationTechnologyChapterIGeneralProvisionsArticle1.PursuanttotheLawofthePeople’sRepublicof
推荐度:
点击下载文档文档为doc格式
6t8p35rfnc5s23r4b01m9s4tl8lgrm00e5m
领取福利

微信扫码领取福利

微信扫码分享