Home / Publications / JunHe Legal Updates / details of junhe law review

A Brief Commentary on the Draft Compliance Management Measures for Financial Institutions

2024.09.03 GUO, Xin、WANG, HaoDong

On August 16, 2024, the National Financial Regulatory Administration (NFRA) issued a consultation draft of the Compliance Management Measures for Financial Institutions (Draft for Comments) (“Measures”). The public comment period is open until September 17, 2024.


Compliance management for financial institutions has been developed over the years with different rules and regulations by various authorities. The former China Banking Regulatory Commission (CBRC) and the former China Insurance Regulatory Commission (CIRC) formulated the Guidelines on Compliance Risk Management in Commercial Banking in 2006 and the Guidelines on Compliance Management of Insurance Companies in 2008 respectively. In 2021, the former China Banking and Insurance Regulatory Commission (CBIRC) launched the “Year of Internal Control and Compliance Management” campaign, with the aim of enhancing compliance management for the banking and insurance industries. As for the securities industry, the China Securities Regulatory Commission (CSRC) promulgated the Administrative Measures on the Compliance of Securities Companies and Securities Investment Fund Management Companies in 2017 and amended it in 2020, many provisions of which are absorbed by the Measures. In 2022, the State-owned Assets Supervision and Administration Commission of the State Council (SASAC) released and implemented the Measures for Compliance Management of Centrally Administered Enterprises. Besides, the compliance management of financial institutions in China is also influenced by international standards. For example, the basic principles established by the Basel Committee on banking supervision have become the basis of compliance management for the banking industry in China.


The Measures consist of 65 articles in five sections and propose a series of changes, for example: (i) they attach importance to the definition of concepts such as "compliance", "compliance management", "compliance norms" and "compliance management departments"; (ii) they acknowledge that risks can only be managed but not eliminated, and emphasize compliance management procedures and systems, rather than pursuing outcomes; (iii) alongside the mandatory requirements, they extensively outline compliance management principles, the cultivation of a compliance culture and compliance education.


This briefing outlines the key points and highlights of the Measures.


I. Scope of Application


The Measures apply to financial institutions that are under the supervision of the NFRA, i.e., banking and insurance institutions and financial holding companies, and exclude financial institutions under the supervision of the CSRC, local financial organizations and quasi-financial enterprises.


II. Implementation and Transition Period


The Measures are still soliciting public comments until September 17, 2024. Since the Measures have been included in the NFRA’s legislation work plan for 2024, it is expected they will be officially promulgated this year.


According to Article 62, it is expected that the Measures will come into force on March 1, 2025. Article 63 of the Measures further stipulates a transition period of one year from the date of implementation, meaning that financial institutions would need to meet the requirements of the Measures and complete any rectification by March 1, 2026.


III. Amendments Required for AOA or Other Corporate Governance Rules


The Measures do not impose mandatory requirements for financial institutions to amend their Articles of Association (AOA) or other corporate governance rules, nor do they require the inclusion of essential clauses to their AOA. However, financial institutions may still need to amend and modify their AOA or corporate governance policies in order to implement the Measures with respect to the following areas:


Duties of the board of directors.  Financial institutions shall review the duties of the board of directors as stipulated in their AOA, and board meeting procedures in light of the requirements set out in Article 8 of the Measures. It is recommended to explicitly stipulate that “the board of directors shall bear ultimate responsibility for the effectiveness of compliance management”, and as necessary, supplement the specific duties of the board of directors in terms of compliance management.


Special committee setup.  Pursuant to Article 8 of the Measures, if a financial institution establishes a new compliance committee or if other special committees of the board of directors assume compliance management duties, and the scope of their duties needs to be adjusted, the corporate governance policies, (such as the AOA), the rules for the procedures of the board of directors, and the rules for the work of the special committees of the board of directors, shall be amended accordingly.


The scope and duties of senior management. Although the position of Chief Compliance Officer (CCO) is stipulated separately under the Measures, a CCO is explicitly defined as a senior management officer of a financial institution and therefore shall be subject to the post qualification management. To ensure a CCO is recognized as a senior management officer under PRC Company Law, it is necessary to identify the CCO as a senior management officer in the AOA. In addition, Article 9 of the Measures specifies the compliance management responsibilities of senior management personnel (as a whole), and it is recommended that financial institutions review and supplement their relevant duties in the AOA as needed.


IV. Personnel Eligible to Concurrently Serve as CCO.


After the promulgation and prior to the implementation of the Measures, the chief compliance officer, compliance director, compliance head or general counsel already serving as a senior management officer of a financial institution shall be entitled to perform the duties of a CCO. Before the above personnel are reassigned, they are no longer subject to the post qualification management set forth in the Measures, nor are they required to obtain approval again by the NFRA or its local offices. It is important to note that if a general counsel was not previously recognized as a senior management officer of the financial institution, he/she cannot perform the duties of the CCO.


After the implementation of the Measures, particularly after the expiration of the transition period, as per Article 12 of the Measures, we believe that a financial institution shall either set up a separate CCO position or have the president (general manager) of the financial institution concurrently hold the position of CCO. However, other senior management personnel, including the general counsel, shall not serve as CCO at the same time.


Arguably, having the president (general manager) of a financial institution concurrently serve as the CCO may give rise to a conflict in the governance roles. The CCO is expected to focus on the role of counterbalancing and supervising business operations. Therefore, the CCO has “privileges” such as veto rights and personal reporting rights, as well as measures to guarantee the performance of their duties such as protection against unjustified dismissal, independent performance evaluations and salary guarantees. As a typical representative of business operations, if a president (general manager), merges his/her role with that of a CCO, it may cause the checks and balances and supervisory power of the CCO to become a mere formality, and the measures for the performance of duties for the CCO may be abused. It is our observation that the drafter of the Measures may have already noted the potential conflict and therefore explicitly encourages financial institutions to set up separate posts for a CCO and a compliance officer in the Measures. 


V. Privileges and Measures that Guarantee a CCO’ s Performance of Duties


One of the highlights of the Measures is that they grant privileges and measures that guarantee a CCO’s performance of duties to ensure their performance capability and independence.


The Measures grant the CCO certain privileges and rights that are generally not attainable by other senior management personnel, such as:

  • Dual Reporting Lines.  The CCO is under the direct leadership of both the chairman of the board of directors and the president (general manager). He/she is accountable to and can directly communicate with the board of directors.

  • Elevated Review Rights When Compliance Opinions Are Not Adopted.  The CCO has the right (and obligation) to review the financial institution’s development strategies, key internal regulations, new products, business plans and major decision-making matters for compliance. In the event that the opinions of the CCO are not adopted, the relevant matter shall be submitted to the board of directors for final decisions and reported to the regulatory authorities.

  • Right to Report to the Regulatory Authority.  If the CCO discovers that the financial institution has significantly violated laws and regulations or there is any significant compliance risk that should be reported to the financial regulatory authority, but the financial institution fails to do so, the CCO shall, in his/her own name, directly report such matters to the financial regulatory authority.

  • The Measures set forth the scope and criteria for “the significant violation of laws and regulations or any significant potential compliance risk”, providing clear standards in the fulfillment of the aforesaid duties.

  • The One-vote Veto Power in Compliance Assessment - if the CCO discovers that a department or subsidiary of the financial institution has concealed or failed to report a serious violation of laws and regulations or any other major compliance risk, the CCO shall, in the internal compliance assessment, exercise their one-vote veto over the responsible department and person, denying their awards or commendations, and urge to take internal accountability measures in a timely manner.


The Measures have granted CCOs ways to guarantee the performance of their duties, including but not limited to:

  • The Right to Propose Dissenting Opinions.

  • Emphasizing the Independent Performance of a CCO’s Duties without Undue External Interference.  Neither financial institutions nor their shareholders, directors, senior management personnel, departments or subsidiaries may interfere with, restrict or obstruct a CCO’s lawful and compliant performance of their duties.

  • Independent Investigation Right.  That includes the right to make inquiries and collect evidence from the relevant departments or subsidiaries, require them to make explanations, and obtain information from intermediaries such as external audit and legal service agencies.

  • The Right to Recommend Accountability.  That include proposing handling and accountability measures for parties involved in serious violation of laws and regulations or any major potential compliance risks, such as salary deductions, position adjustments or demotions and urge the rectification of the acts.

  • No Dismissal without Justifiable Cause.  “Justifiable cause” shall be limited to cases where the CCO personally applies for it, financial regulatory authorities order for the person to be replaced, the person is unable to perform their duties or fails to diligently fulfill their duties, and there is evidence to prove this.

  • Guaranteed Remuneration.  As the CCO is deemed competent in the role, the annual remuneration thereof shall, in principle, not be lower than the average level for senior management personnel under the same conditions (i.e., with the same rank and the same assessment results).

  • Assessment Mechanism That Takes Potential Conflict of Interest Prevention into Consideration.  Review and assessment of compliance team must be done in a way that may not be detrimental to the independence of compliance, for example, review and assessment by senior management personnel that are not in charge of compliance management department or by other departments, or review and assessment based on the business performance of business departments, must be avoided. Compliance work that requires joint efforts of multiple departments cannot be assessed solely for the compliance management department either.

  • Due Diligence Exemption.  A CCO who has fulfilled their duties in accordance with the Measures shall be exempted from any liabilities for the illegal and non-compliant activities of the financial institution.


VI. Compliance Management Department Setup


A financial institution may establish a separate compliance management department or set up multiple departments with non-conflicting duties to jointly undertake compliance management duties. However, it is required to clearly specify the leading department responsible for compliance management.


With respect to the relationship with other corporate governance departments, the setup of the compliance management department shall be approved by the board of directors of the financial institution. The senior management personnel are responsible for implementing the setup and functions of the compliance management department, allocating compliance management personnel, and providing support and guarantees for the performance of duties by the compliance management department. The CCO is responsible for supervising the performance of the compliance management department.


The Measures have set high standards for compliance management departments and positions. In principle, an independent compliance management department shall be established at the headquarter of a financial institution, its first-level branches, and all levels of financial subsidiaries within the consolidated management.


In addition to the compliance management department (or the dedicated compliance management positions in cases where the compliance management department is not set up), the Measures also require each department or subsidiary of a financial institution to have its own compliance management personnel. However, the independence requirements for such compliance management personnel are relatively flexible, and they may hold concurrent positions that do not conflict with their compliance management duties.


VII. Circumstances in Which Financial Institutions Shall Report to the Regulatory Authorities.


A financial institution is obliged to report to the regulatory authorities on a regular or ad-hoc basis, which can be categorized into the following types:


(1) Periodic Reporting.  This refers to the Annual Compliance Management Report to be submitted to the financial regulatory authorities by April 30 each year.


(2) Ad-hoc Reporting.  That includes but not limited to,

  • A timely report made to the regulatory authority when a CCO’s compliance review, involving significant matters, has not been adopted.

  • A timely report made to the regulatory authority when a financial institution is involved in any significant violation of laws and regulations or there is any potentially significant compliance risk.


(3) Regulatory Filing.  A financial institution shall formulate detailed internal standards for serious acts in violation of laws and regulations or any major potential compliance risk and file the same with the NFRA or the local office thereof concerned, for recording.


VIII. Requirements for Establishing a Compliance Management System


The compliance management system of a financial institution can be categorized into the following levels:


Level 1: The AOA and other corporate governance rules.

Level 2: The fundamental compliance management rules, which shall be drafted by the compliance management department, and reviewed and approved by the board of directors.

Level 3: The annual compliance management plan and the annual compliance management report, both of which shall be drafted by the compliance management department. The annual compliance management report shall be reviewed and approved by the board of directors. Though the reviewing body of the annual compliance management plan has not yet been specified, we understand that it is appropriate to be reviewed by the board of directors, as the board bears the ultimate responsibility for compliance management.

Level 4: The specific rules for compliance management, which shall be formulated by all the departments and affiliated institutions of the financial institution under the coordination of the compliance management department, and then reviewed and approved pursuant to the financial institution's internal approval hierarchy mechanisms. The Measures require a financial institution to establish specific systems for compliance management, including relevant salary management, performance appraisals, accountability mechanisms, internal reporting and compliance training.


IX. Application to Branches or Subsidiaries and Special Requirements for Overseas Branches or Subsidiaries.


The Measures reflect the comprehensive and thorough management requirements for branches and all levels of financial subsidiaries within the consolidated management scope of a financial institution. The term “subsidiaries” includes all branches and levels of financial subsidiaries that are included in the consolidated management of the financial institution; however, it is worth noting that non-financial subsidiaries affiliated to a financial institution are not subject to the Measures. 


In light of the specialization and challenges of compliance management for overseas financial branches or subsidiaries, the Measures propose the following requirements:


Firstly, overseas financial branches and subsidiaries of a financial institution shall, in accordance with the laws, regulations and regulatory requirements of the host country (region), set up an independent compliance management department or compliance positions that meet the requirements of the duties.


Secondly, overseas financial branches and subsidiaries shall appoint compliance management personnel who are well-versed in the laws, regulations and relevant banking and insurance business practices of the jurisdiction where they are located.


X. Interplay and Connections with Other Laws and Regulations


The Measures will replace the Guidelines on Compliance Risk Management in Commercial Banking (2006), the Measures on Compliance Management of Insurance Companies (2017) and the Notice of the China Insurance Regulatory Commission on Issues Relating to Further Strengthening Administration of Compliance by Insurance Companies (2016).


In addition, the Measures provide a post qualification licensing system for CCOs and compliance officers and specify additional qualification criteria beyond the existing requirements for senior management personnel. The provisions relating to post qualification licensing will continue to apply but will be superseded by the new requirements of the Measures where applicable.

JunHe is the only Chinese law firm to be admitted as a member of Lex Mundi and Multilaw, two international networks of independent law firms. JunHe and selected top law firms in major European and Asian jurisdictions are “best friends.” Through these connections, we provide high quality legal services to clients doing business throughout the world.
As the first carbon neutrality fund sponsored by a law firm in China, the BAF Carbon Neutrality Special Fund was jointly established by JunHe and the Beijing Afforestation Foundation (BAF) to promote carbon neutral initiatives, and encourage social collaboration based on the public fundraising platform to mobilize engagement in public welfare campaigns.