Measures for the Compliance Management of Financial Institutions

Measures for the Compliance Management of Financial Institutions

(Issued by Order No. 7 [2024] of the National Financial Regulatory Administration on December 25, 2024 and coming into force on March 1, 2025)

Chapter I General Provisions
Article 1 These Measures are developed in accordance with the Banking Supervision Law of the People's Republic of China, the Law of the People's Republic of China on Commercial Banks, the Insurance Law of the People's Republic of China, the Trust Law of the People's Republic of China, and other applicable laws and regulations for the purposes of improving the capabilities of financial institutions in conducting operations in compliance with laws and regulations.
Article 2 These Measures shall apply to policy banks, commercial banks, financial asset management companies, finance companies of enterprise groups, financial leasing companies, auto finance companies, consumer finance companies, currency brokerage companies, trust companies, wealth management companies, financial asset investment companies, insurance companies (including reinsurance companies), insurance asset management companies, insurance group (holding) companies, mutual insurance organizations, and other institutions subject to regulation by the National Financial Regulatory Administration (NFRA) and its local offices in accordance with the law (collectively “financial institutions”).
Article 3 For the purposes of these Measures, “compliance” means that a financial institution's operation management and its employees' performance of duties shall comply with laws, administrative regulations, departmental rules, and regulatory documents, as well as internal rules developed by the financial institution for the purpose of implementing regulatory requirements (collectively “compliance rules”).
For the purposes of these Measures, “compliance management” means the management activities conducted by a financial institution, including but not limited to developing compliance rules, improving an operation mechanism, cultivating a compliance culture, and strengthening supervision and accountability, for the purpose of ensuring the compliance with compliance rules, effectively preventing and controlling compliance risks, which are oriented to improving the management of operations in compliance with laws and regulations and target at the institution's operation management and employees' performance of duties.
For the purposes of these Measures, “compliance risk” means the possibility that a financial institution or any of its employees may assume criminal, administrative, or civil legal liability, or suffer property loss, reputation damage, or other adverse effects due to any violation of compliance rules committed in the operation management of the financial institution or its employees' performance of duties.
For the purposes of these Measures, “compliance management department” means an internal department established by a financial institution to take the lead in undertaking compliance management duties. If a financial institution sets up multiple departments with non-conflicting duties to jointly assume compliance management duties, it shall specify the department that takes the lead in undertaking compliance management duties.
Article 4 Party organizations of state-owned financial institutions shall maximize their leadership role, organically combine Party leadership with corporate governance, and support financial institutions in performing their functions and powers in accordance with the law. Party organizations of non-public financial institutions shall guide and supervise financial institutions in carrying out the Party's guidelines and policies, complying with the laws and regulations of the state, safeguarding the lawful rights and interests of all parties, and promoting the sound development of the financial institution.
Article 5 A financial institution shall observe the following principles in its compliance management:
(1) Compliance with laws and regulations. A financial institution shall strictly implement laws and regulations and various regulatory provisions, and take operations in accordance with laws and regulations as the bottom line and red line that the financial institution must adhere to in all its activities.
(2) Comprehensive coverage. Compliance requirements shall be carried out by all departments, bodies, and posts, and all employees in all fields and links throughout the whole process of decision-making, implementation, supervision, and feedback, among others.
(3) Clearly defined powers and responsibilities. A financial institution shall specify a compliance management framework, under which its business and functional departments assume the primary responsibility, its compliance management department assumes the management responsibility, and its internal audit department assumes the supervision responsibility, so as to ensure organic coordination and effective connection.
(4) Being pragmatic and efficient. A financial institution shall continuously improve the compliance management system commensurate with its financial business and staff size, strengthen the management of key fields, key personnel, and important businesses, and make full use of digital, intelligent, and other means to constantly enhance the efficiency of compliance management.
Article 6 The NFRA and its local offices shall conduct the supervision and administration of compliance management conducted by financial institutions in accordance with the law.
Self-regulatory organizations of banking and insurance sectors shall, in accordance with these Measures, develop detailed implementing rules, and conduct self-regulation for the compliance management of their member entities.
Chapter II Compliance Management Framework and Duties
Article 7 A financial institution shall develop compliance management rules and shall, in accordance with the requirements of “hierarchical management and level-by-level responsibility,” improve the organizational structure for compliance management, specify compliance management responsibilities, further the development of a compliance culture, and establish and improve the compliance management system.
Article 8 The board of directors of a financial institution (including directors exercising the functions and powers of the board of directors, here and below) shall be responsible for determining compliance management objectives and shall assume the ultimate responsibility for the effectiveness of compliance management. The senior executive of a financial institution shall be responsible for implementing compliance management objectives and shall assume the leadership responsibility for business compliance in the field where he or she serves as the primary leader or deputy leader.
Article 9 The principal person in charge of a department of a financial institution and the principal person in charge of a branch or financial subsidiary at any level that is subject to consolidated management (collectively “subordinate bodies”) shall be responsible for implementing the compliance management objectives of the department or institution or branch and shall assume the primary responsibility for the compliance management of the department or institution or branch.
Article 10 A financial institution shall further the development of a compliance culture, establish such concepts as compliance starting from the top, voluntary compliance by all employees, and value creation through compliance, create a compliance culture where all staff members do not dare to, are unable to, and are unwilling to violate rules, and promote effective interaction between the financial institution's internal compliance and external regulation.
Article 11 The board of directors of a financial institution shall perform the following compliance management duties:
(1) Deliberating and approving the basic rules for compliance management.
(2) Deciding on the setup of the compliance management department.
(3) Deciding on the appointment and dismissal of the chief compliance officer and establishing a mechanism for direct communication with the chief compliance officer.
(4) Deciding on the dismissal of any senior executive who assumes the primary or leadership responsibility for the occurrence of any material violation of law or regulation or major compliance risk.
(5) Assessing the effectiveness of compliance management and the level of development of the compliance culture and urging the resolution of major issues in compliance management and compliance culture development.
(6) Performing other compliance management duties.
The board of directors may set up a compliance committee or assign another specialized committee under it to perform the duties related to compliance management.
Article 12 The senior executive of a financial institution shall perform the following compliance management duties:
(1) Implementing the requirements for the setup and functions of the compliance management department, appointing sufficient and appropriate compliance management personnel, and providing them with sufficient human, material, and financial resources, technical support, and guarantees for their performance of duties.
(2) Organizing and promoting the development of compliance management rules, compliance review, compliance self-inspections and checks, compliance risk monitoring and control, compliance incident handling, and other work in the field where he or she serves as the primary leader or deputy leader.
(3) Promptly reporting and rectifying any material violation of law or regulation or major compliance risk found out, and urging accountability.
(4) Performing other compliance management duties.
Article 13 A financial institution shall appoint a chief compliance officer at its headquarters. The chief compliance officer shall be a senior executive, be under the direct leadership of the chairman of the board of directors and the governor (or general manager) of the institution, and be responsible to the board of directors.
A financial institution shall appoint a compliance officer at its provincial-level or first-level branch. The compliance officer shall be a senior executive of the branch and accept the direct leadership of the governor (or general manager) of the institution.
The chief compliance officer or compliance officer of a financial institution shall obtain the office qualification permit required by the NFRA or its local office, except as otherwise provided for in these Measures.
Article 14 A financial institution may, according to its operations, separately appoint a chief compliance officer or compliance officer, or the senior executive of the financial institution or a provincial-level or first-level branch may concurrently serve as the chief compliance officer or compliance officer.
If the governor (or general manager) of a financial institution concurrently serves as the chief compliance officer, or the governor (or general manager) of a provincial-level or first-level branch of a financial institution concurrently serves as the compliance officer, he or she is not subject to the requirements of office qualifications for the chief compliance officer or compliance officer specified in these Measures and is not required to obtain the office qualification permit.
Article 15 The chief compliance officer or compliance officer of a financial institution shall not be responsible for managing the front office business, finance, fund use, internal audit, or any other department of the institution where there may arise any conflict of interest in their compliance management duties, except that the governor (or general manager) of a financial institution concurrently serves as the chief compliance officer, or the governor (or general manager) of a provincial-level or first-level branch concurrently serves as the compliance officer.
Article 16 A chief compliance officer shall, in addition to meeting the basic requirements of the NFRA for the office qualifications for senior executives of the corresponding institution, also:
(1) have a bachelor's degree or above;
(2) have eight or more years of financial work experience and three or more years of legal compliance work experience, have eight or more years of legal compliance work experience and three or more years of financial work experience, or have eight or more years of financial work experience and have obtained a legal professional qualification certificate; and
(3) meet other conditions prescribed by the NFRA.
Article 17 A compliance officer shall, in addition to meeting the basic conditions of the NFRA on the office qualifications for senior executives of the corresponding institution, also:
(1) have a bachelor's degree or above;
(2) have six or more years of financial work experience and three or more years of legal compliance work experience, have six or more years of legal compl......