商业银行操作风险管理指引-英文

商业银行操作风险管理指引在当今复杂多变的金融世界里，商业银行就像一艘在波涛汹涌大海中航行的巨轮，而操作风险就像是隐藏在暗处的礁石，稍有不慎，就可能让这艘巨轮触礁搁浅。

所以啊，这操作风险管理的指引可太重要啦！我先给您讲讲我一个朋友的亲身经历。

我这朋友在一家商业银行工作，有一次，他们银行新上线了一个业务系统。

本来是想着提高工作效率，方便客户办理业务的。

结果呢，因为在系统上线前，没有对员工进行充分的培训，导致很多员工在操作的时候手忙脚乱，出现了不少错误。

有的把客户的信息录入错了，有的在办理业务的流程上出了岔子。

这可把客户给气坏了，纷纷投诉，银行的声誉也受到了不小的影响。

从那以后，他们银行痛定思痛，开始重视操作风险管理。

那到底啥是商业银行操作风险呢？简单来说，就是由于不完善或有问题的内部程序、员工、信息科技系统以及外部事件所造成损失的风险。

这范围可广了去了，从日常的交易处理失误，到欺诈行为，再到自然灾害等不可抗力因素，都可能引发操作风险。

要想管理好这些风险，首先得有一套完善的内部控制制度。

就好比家里要有规矩一样，银行也得有自己的条条框框。

比如说，明确各个岗位的职责和权限，不能让一个人既当裁判员又当运动员，不然很容易出问题。

还有啊，业务流程得设计得合理清晰，不能模棱两可，让员工都不知道该咋操作。

员工的素质和能力也是关键。

银行得定期给员工进行培训，让他们熟悉最新的业务知识和操作流程。

而且，还得培养他们的风险意识，不能稀里糊涂地干活。

我听说有一家银行，他们经常组织员工进行案例分析，把那些因为操作失误导致损失的案例拿出来，大家一起讨论，吸取教训。

这样一来，员工们对操作风险的认识就深刻多了。

信息科技系统也不能掉链子。

现在银行的业务越来越依赖信息系统了，如果系统不稳定，或者存在漏洞，那可就麻烦大了。

所以银行得投入足够的资源来维护和升级系统，还要做好数据备份和安全防护，防止黑客攻击和数据泄露。

外部事件也得防着点。

比如说，遇到自然灾害了，银行得有应急预案，保证业务能够正常运转。

商业银行操作风险管理指引引言操作风险是商业银行在执行日常业务操作过程中面临的一种风险，包括人为错误、不当操作、系统故障等。

操作风险管理是商业银行的重要职能之一，关乎银行的稳健经营和合规运营。

本指引旨在为商业银行提供操作风险管理的指导原则和方法，帮助银行做好操作风险的防范和应对工作。

第一部分：操作风险管理框架1.1 操作风险定义操作风险是指由于人为错误、不当操作、系统故障或外部事件等因素引起的损失风险。

这些损失可以包括金融损失、声誉损失、法律风险等。

1.2 操作风险管理原则商业银行应根据以下原则进行操作风险管理： - 全面性：操作风险管理应覆盖银行的所有业务和职能。

- 风险识别：识别和评估潜在的操作风险。

- 控制措施：制定和实施适当的风险控制措施。

- 内部控制：建立健全的内部控制体系。

- 应急预案：制定和实施应急预案，以应对突发事件。

- 持续改进：定期评估和改进操作风险管理措施。

1.3 操作风险管理框架商业银行可以采用以下框架进行操作风险管理： 1. 风险识别和评估 2. 风险控制 3. 信息披露和沟通 4. 内部控制体系建设 5. 应急预案制定和实施 6. 监督和评估第二部分：操作风险管理流程2.1 风险识别和评估流程商业银行应该建立一套完整的风险识别和评估流程，包括以下步骤： 1. 风险辨识：通过调研和分析，确定可能存在的操作风险。

2. 风险评估：评估风险的概率和影响程度，确定其优先级。

3. 风险量化：根据风险的概率和影响程度，对风险进行量化评估。

4. 风险分类：将操作风险按照不同的类型进行分类，方便后续的风险控制措施制定。

2.2 风险控制流程风险控制是操作风险管理的核心环节，商业银行应建立有效的风险控制流程，包括以下步骤： 1. 风险防范：通过制定合规政策和流程，以及培训员工，提高操作风险防范意识。

2. 风险监测：建立风险监测机制，及时发现和诊断潜在的操作风险。

3. 风险应对：制定灵活有效的风险应对方案，包括事后控制、损失补救和教训总结。

Guidelines on Operational Risk Management of CommercialBanksChapter I General ProvisionsArticle 1 Pursuant to the Law of the People’s Republic of China on Banking Regulation and Supervision, the Law of the People’s Republic of China on Commercial Banks as well as other applicable laws and regulations, the Guidelines are formulated so as to enhance the operational risk management of commercial banks.Article 2 The Guidelines apply to domestic commercial banks, wholly foreign-funded banks and Chinese-foreign joint venture banks incorporated within the territory of the People’s Republic of China.Article 3 The operational risk in the Guidelines refers to the risk of loss resulting from inadequate or failed internal processes, people and IT system, or from external events. It includes legal risk but excludes strategic and reputational risk.Article 4 The China Banking Regulatory Commission (hereinafter referred to as the “CBRC”) supervises and regulates the operationalrisk management of commercial banks and evaluates the effectiveness thereof under its authority by law.Chapter II Operational Risk ManagementArticle 5 Commercial banks should, in line with the Guidelines, set up an operational risk management system suitable to their own business nature, scale and complexity to effectively identify, assess, monitor and control/mitigate operational risk. This system can be in any form, but should comprise at least the following basic elements:1)oversight and control by the board of directors;2)roles and responsibilities of senior management;3)appropriate organizational structure;4)operational risk management policies, methods, and procedures;and5)requirements on making capital provisions for operational risk.Article 6 The board of directors in a commercial bank should treat operational risk as a major risk and charge the ultimate responsibility for monitoring the effectiveness of operational risk management. The responsibilities of the board shall include:1) developing strategies and general policies for bank-wideoperational risk management that are aligned with the bank’sstrategic goals;2) reviewing and approving the senior management’s functions,authorization and reporting arrangement with regard to operational risk management so as to ensure the effectiveness of the bank’s decision-making system in operational risk management and ensure that the operational risk facing thebank’s operations is controlled within its endurance capacity; 3) reviewing regularly the operational risk reports submitted by thesenior management; fully understanding the bank’s overall operational risk management and the effectiveness of the senior management in handling material operational risk events; and monitoring and evaluating the effectiveness of daily operationalrisk management;4) ensuring that the senior management takes necessary measuresto effectively identify, assess, monitor and control/mitigateoperational risk;5) ensuring that the bank’s operational risk m anagement system iseffectively audited and overseen by internal audit department;and6) having in place an appropriate reward-punishment system so asto effectively promote the development of operational risk management system in the bank as a whole.Article 7 The senior management in a commercial bank isresponsible for implementing the operational risk management strategies, general policies and running the system approved by theboard. It shall:1) be ultimately responsible to the board regarding daily operationalrisk management;2) lay out and regularly review the operational risk managementpolicies, procedures and detailed processes in accordance with the strategies and general policies developed by the board, and oversee the implementation thereof, and submitting to the board reports on overall operational risk management in a regularmanner;3) sufficiently understand the overall situation of the bank’soperational risk management, particularly the events or programswith material operational risk;4) Clearly define each department’s responsibilities in operationalrisk management as well as the reporting line, frequency andcontents; urge each department to really charge its responsibilities in a bid to ensure the sound performance of theoperational risk management system;5) equip operational risk management with appropriate resources,including but not limited to providing necessary funds, setting up necessary positions with eligible staff, offering training courses to operational risk management personnel, delegating authorizaion to the said personnel to fulfill their duties, etc.; and6) make promptly checks and revision on the operational riskmanagement system so as to effectively respond to operational risk events brought about by the changes of internal procedures, products, business activities, IT system, staff, external events orother factors.Article 8 Commercial banks should designate a certain department to be responsible for the construction and implementation of operational risk management system. This department should be independent from others in order to ensure the system’s consistency and effectiveness. Its responsibilities shall mainly include:1) drafting operational risk management policies, procedures andspecific processes and submitting them to the senior management and the board for review and approval;2) assisting other departments to identify, assess, monitor andcontrol/mitigate operational risk;3) working out methods to identify, assess, mitigate (includinginternal controls) and monitor operational risks, formulating bank-wide reporting processes of operational risk and organizingthe implementation thereof;4) putting in place basic criteria for operational risk control over thebank, and guiding and coordinating the operational riskmanagement;5) providing each department with trainings on operational riskmanagement, and helping them improve operational risk management capacity and fulfill their own duties;6) regularly checking and analyzing the practices of operational riskmanagement in business departments and other departments;7) regularly submitting operational risk reports to seniormanagement; and8) ensuring that the operational risk management system andmeasures are observed.Article 9 The relevant departments in a commercial bank should be directly responsible for operational risk management. Majorresponsibilities include:1) appointing designated staff to take charge of operational riskmanagement, including observing operational risk management policies, procedures and specific processes;2) following the assessment methods for operational riskmanagement to identify and assess the operational risks in the departments, and to have in place an effective on-going procedure to monitor, control/mitigate and report operational risks, thenorganize the implementation thereof;3) fully considering the requirements on operational riskmanagement and internal control when making department specific business processes and related business policies, with a view to ensuring operational risk management personnel at alllevels participate in the course of reviewing and approvingimportant procedures, controls and policies, thus making these aligned with the bank’s general policy on operational riskmanagement; and4) monitoring key risk indicators and regularly reporting their owndepartment’s operational risk management situation to thedepartment which takes charge of or take the leading role in operational risk management of the whole bank.Article 10 The legal office, compliance office, IT office, security office, and human resource office in a commercial bank should, besides properly managing their own operational risks, provide relevant resources and assistance within their strength and respective responsibilities to other departments for the purpose of operationalrisk management.Article 11 The internal audit department in a commercial bank does not directly take charge of or participate in other departments’ operational risk management, but it should regularly check and evaluate how well the bank’s operational risk management system operates, supervise the implementation of operational riskmanagement policies, independently evaluate the bank’s newoperational risk management policies, processes and specific procedures, and report to the board of directors the evaluation results of operational risk management system.A commercial bank with high business complexity and large scale is encouraged to entrust intermediary agencies to audit and evaluate its operational risk management system on a regular basis.Article 12 A commercial bank should have in place bank-wide operational risk management policies that are commensurate with its nature, scale, complexity and risk profile. Main contents include:1) definition of operational risk;2) appropriate organizational structure, authorization andresponsibilities with regard to operational risk management;3) procedures to identify, assess, monitor and control/mitigateoperational risks;4) reporting procedures of operational risk, including reportingresponsibilities, path and frequency, and other specificrequirements on other departments; and5) requirements on promptly assessing operational risks associatedwith existing and newly-developed important products, business practices, procedures, IT system, human resource management,external factors and changes thereof.Article 13 A commercial bank should choose appropriate approaches to manage operational risks, which may include: assessment of operational risk and internal control, loss event reporting and data collection, monitoring of key risk indicators, risk assessment regarding new products and business practices, testing and audit of internal control, and operational risk reporting.Article 14 A commercial bank with high business complexity and large scale should adopt more sophisticated risk management methods (e.g. quantitative methods) to assess each department’s operational risk, collect operational risk loss data, and make arrangements according to the characteristics of operational riskassociated with each line of business.Article 15 A commercial bank should develop effective processes to regularly monitor and report operational risk status and material losses. As to risks with increasing loss potential, early-warning system of operational risk should be put in place so as to take timely controls to mitigate risk and reduce the occurrence and severity ofloss events.Article 16 Material operational risk events should be reported to the board, senior management and appropriate management personnel according to the bank’s operational risk management policies.Article 17 A commercial bank should enhance internal control for effective operational risk management. Related internal controlsshould at least include:1) clearly defining the roles and responsibilities of each departmentand making proper separation among relevant functions so as toavoid potential conflicts of interests;2) closely watching how well specified risk limit or authorization isobserved;3) monitoring the records of access to and use of the bank’s assets;4) ensuring the staff are appropriately trained and eligible for theirpositions;5) identifying the business activities or products that do not generatereasonable prospective returns or that contain potential risks;6) regularly reviewing and checking up transactions and accounts;7) putting in place a system for the heads and the staff in keypositions to have job rotation and compulsory leaves and setting up a mechanism of off-job auditing as well;8) working out a code of conduct to regulate on-job and off-jobbehavior particularly for the staff in important positions or atsensitive links;9) establishing an incentive and protection system to encouragestaff to report violations on a real-name basis;10) setting up a dual-appraisal system to investigate and solve bankfraudulent cases as well as make punishments in a timely andproper manner;11) having in place an information disclosure system for the bankcase investigation; and12) e stablishing an incentive-restrictive mechanism with regard to themanagement and control of operational risk at front line.Article 18 A commercial bank should establish and gradually improve the operational risk management information system (MIS) so as to effectively identify, assess, monitor, control and report operational risks. The system should at least record and store the date about operational risk losses and events, support self-assessment on operational risk and control measures, monitor key risk indicators, and provide relevant information contained in operational riskreports.Article 19 To ensure business continuation, a commercial bank should develop a scheme for emergency response that matches their business scale and complexity, make a back-up arrangement for service recovery, and regularly check and test the catastrophe recovery function and business continuation mechanism so as to make sure that these actions can go in operation properly in the event of catastrophe and severe business disruption.Article 20 A commercial bank should develop risk management policies with regard to outsourcing practices in order to make sure that outsourcing is subject to rigorous contracts and service agreements which clearly specify the obligations of involved parties.Article 21 A commercial bank may purchase insurance and enter into contract with a third party, and consider it a way to mitigate operational risk. But they should by no means neglect the importanceof controls.A commercial bank that mitigates operational risks by means ofinsurance should formulate written policies and proceduresaccordingly.Article 22 A commercial bank should make adequate capitalprovisions for the operational risk it undertakes as per the requirements of CBRC on capital adequacy of commercial banks.Chapter III Supervision of Operational RiskArticle 23 Commercial banks should submit to the CBRC their operational risk management policies and processes for filing. They should submit operational risk related reports to the CBRC or its local offices as per regulations. Banks that entrust intermediary agencies to audit their operational risk management system should also submit audit reports to the CBRC or its local offices.Article 24 Commercial banks should promptly report to the CBRC or its local offices about the following material operational risk events ifany:1) banking crimes in which more than RMB300,000 is robbed from acommercial bank or cash truck or stolen from a banking financial institution; bank fraud or other cases involving an amount of morethan RMB10 million;2) events that result in serious damage or loss of the bank’simportant data, books, blank vouchers, or business disruption for over three hours in two or more provinces (autonomous regions/municipalities), or business disruption for over six hours in one province (autonomous region/municipality) and severelyaffect the bank’s normal operations;3) confidential information being stolen, sold, leaked or lost that mayaffect financial stability and lead to economic disorder;4) senior executives severely violating applicable regulations;5) accident or natural catastrophe caused by force majeure, resultingin immediate economic loss of more than RMB10 million;6) other operational risk events that may result in a loss of more than1‰ of the bank’s net capital; and7) other material events as specified by the CBRC.Article 25 The CBRC should regularly check and assess the operational risk management policies, processes and practices of commercial banks. Main items to be checked and assessed include:1) effectiveness of the bank’s operational risk managementprocesses;2) the bank’s approaches to monitor and report operational risks,including key operational risk indicators and operational risk lossdata;3) the bank’s measures to timely and effectively handle operationalrisk events and weak links;4) the bank’s procedures of internal control, reviewing and auditingwithin its operational risk management processes;5) the quality and comprehensiveness of the bank’s catastropherecovery and business continuation plans;6) adequacy level of capital provisions for operational risks; and7) other aspects of operational risk management.Article 26 As to the operational risk management problems discovered by the CBRC during supervision, the commercial bank should submit correction plan and take correction actions within thespecified time limit.When a material operational risk event occurs, if the commercial bank fails to adopt effective correction measures within the specified time limit, the CBRC should take appropriate regulatory actions in line withlaws and regulations.Chapter IV Supplementary ProvisionsArticle 27 This Guidelines may apply to other banking institutions including policy banks, financial asset management companies, urban credit cooperatives, rural credit cooperatives, rural cooperative banks, trust and investment companies, finance firms, financial leasing companies, automobile financial companies, money brokers, and postsavings institutions.Article 28 Banking institutions without the board of directors should have their operating decision-making bodies perform theresponsibilities of the board with regard to operational riskmanagement specified herein.Article 29 Branches set up by foreign banks within the territory of People’s Republic of China should follow the operational risk management policies and processes developed by their head offices, report to the CBRC or its local offices about material operational risk events, and accept the supervision of the CBRC. Where their head offices do not lay out operational risk management policies andprocesses, such branches should comply with the Guidelines.Article 30 Relevant terms mentioned herein are defined in theAppendix.Article 31 The Guidelines shall become effective as of the date ofpromulgation.Appendix: Definitions of Relevant Terms1.Operational risk eventsOperational risk events refer to the operational events resulting from inadequate or failed internal processes, people and IT system, or from external factors, which bring about financial losses or affect the bank’s reputation, clients and staff. Specific events include: internal fraud, external fraud, employment practices and workplace safety, clients, products & business practices, damages to physical assets, business disruption and system failures, execution, delivery & process management (see Annex 7 – Detailed Loss Event Type Classification of The International Convergence of Capital Measurement and Capital Standards: A Revised Framework or the New Basel Capital Accord).2.self-assessment on risk, key risk indicatorsTools used by commercial banks to identify and assess operationalrisks.1) self-assessment on riskSelf-assessment on risk is a tool for operational risk management by commercial banks to identify and assess the control measures and appropriateness and effectiveness thereof with regard to potential operational risk and their own business practices.2) Key Risk IndicatorKey risk indicators refer to the statistical indicators that represent the changes in a certain area of risk and can be monitored on a regular basis. These indicators can be used to monitor various risks and control measures that may result in loss events and to function as early-warning indicators for risk changes (so that senior management can take timely actions accordingly). Examples of specific indicators: loss ratio per RMB100 million asset, number of banking crimes per 10,000 people, ratio of the cases with each involving a cash value of RMB1 million, number of transactions unconfirmed beyond a certaintime limit, percentage of failed transactions, staff turnover, number of client complaints, frequency and severity of errors and omissions, etc.3.Legal RiskLegal risk includes, but is not limited to, the following: 1) the contract signed by a commercial bank violating laws or administrative regulations and therefore being probably cancelled or confirmed invalid according to law; 2) the bank being sued or in arbitration because of its breach of contract, infringement or other reasons and held liable for compensation according to law; 3) the bank’s business practices violating laws or administrative regulations and therefore being held liable administratively or criminally.。

商业银行操作风险管理指引第一章总则第一条为加强商业银行的操作风险管理，根据《中华人民共和国银行业监督管理法》、《中华人民共和国商业银行法》以及其他有关法律法规，制定本指引。

第二条在中华人民共和国境内设立的中资商业银行、外商独资银行和中外合资银行适用本指引。

第三条本指引所称操作风险是指由不完善或有问题的内部程序、员工和信息科技系统，以及外部事件所造成损失的风险。

本定义所指操作风险包括法律风险，但不包括策略风险和声誉风险。

第四条中国银行业监督管理委员会(以下简称银监会)依法对商业银行的操作风险管理实施监督检查，评价商业银行操作风险管理的有效性。

第二章操作风险管理第五条商业银行应当按照本指引要求，建立与本行的业务性质、规模和复杂程度相适应的操作风险管理体系，有效地识别、评估、监测和控制/缓释操作风险。

操作风险管理体系的具体形式不要求统一，但至少应包括以下基本要素：(一)董事会的监督控制；(二)高级管理层的职责；(三)适当的组织架构；(四)操作风险管理政策、方法和程序；(五)计提操作风险所需资本的规定。

第六条商业银行董事会应将操作风险作为商业银行面对的一项主要风险，并承担监控操作风险管理有效性的最终责任。

主要职责包括：(一)制定与本行战略目标相一致且适用于全行的操作风险管理战略和总体政策；(二)通过审批及检查高级管理层有关操作风险的职责、权限及报告制度，确保全行的操作风险管理决策体系的有效性，并尽可能地确保将本行从事的各项业务面临的操作风险控制在可以承受的范围内；(三)定期审阅高级管理层提交的操作风险报告，充分了解本行操作风险管理的总体情况、高级管理层处理重大操作风险事件的有效性以及监控和评价日常操作风险管理的有效性；(四)确保高级管理层采取必要的措施有效地识别、评估、监测和控制/缓释操作风险；(五)确保本行操作风险管理体系接受内审部门的有效审查与监督；(六)制定适当的奖惩制度，在全行范围有效地推动操作风险管理体系地建设。

商业银行风险管理中英文对照外文翻译文献(文档含英文原文和中文翻译)“RISK MANAGEMENT IN COMMERCIAL BANKS”(A CASE STUDY OF PUBLIC AND PRIVATE SECTOR BANKS) - ABSTRACT ONLY1. PREAMBLE:1.1 Risk Management:The future of banking will undoubtedly rest on risk management dynamics. Only those banks that have efficient risk management system will survive in the market in the long run. The effective management of credit risk is a critical component of comprehensive risk management essential for long-term success of a banking institution. Credit risk is the oldest and biggest risk that bank, by virtue of its very nature of business, inherits. This has however, acquired a greater significance in the recent past for various reasons. Foremost among them is the wind of economic liberalization that is blowing across the globe. India is no exception to this swing towards market driven economy. Competition from within and outside the country has intensified. This has resulted in multiplicity of risks both in number and volume resulting in volatile markets. A precursor to successful management of credit risk is a clear understanding about risks involved in lending, quantifications of risks within each item of the portfolio and reaching a conclusion as to the likely composite credit risk profile of a bank.The corner stone of credit risk management is the establishment of a framework that defines corporate priorities, loan approval process, credit risk rating system, risk-adjusted pricing system, loan-review mechanism and comprehensive reporting system.1.2 Significance of the study:The fundamental business of lending has brought trouble to individual banks and entire banking system. It is, therefore, imperative that the banks are adequate systems for credit assessment of individual projects and evaluating risk associated therewith as well as the industry as a whole. Generally, Banks in India evaluate a proposal through the traditional tools of project financing, computing maximum permissible limits, assessing management capabilities and prescribing a ceiling for an industry exposure. As banks move in to a new high powered world of financial operations and trading, with new risks, the need is felt for more sophisticated and versatile instruments for risk assessment, monitoring and controlling risk exposures. It is, therefore, time that banks managements equip themselves fully to grapple with the demands of creating tools and systems capable of assessing, monitoring and controlling risk exposures in a more scientific manner.Credit Risk, that is, default by the borrower to repay lent money, remains the most important risk to manage till date. The predominance of credit risk is even reflected in the composition of economic capital, which banks are required to keep a side for protection against various risks. According to one estimate, Credit Risk takes about 70% and 30%remaining is shared between the other two primary risks, namely Market risk (change in the market price and operational risk i.e., failure of internal controls, etc.). Quality borrowers (Tier-I borrowers) were able to access the capital market directly without going through the debt route. Hence, the credit route is now more open to lesser mortals (Tier-II borrowers).With margin levels going down, banks are unable to absorb the level of loan losses. There has been very little effort to develop a method where risks could be identified and measured. Most of the banks have developed internal rating systems for their borrowers, but there hasbeen very little study to compare such ratings with the final asset classification and also to fine-tune the rating system. Also risks peculiar to each industry are not identified and evaluated openly. Data collection is regular driven. Data on industry-wise, region-wise lending, industry-wise rehabilitated loan, can provide an insight into the future course to be adopted.Better and effective strategic credit risk management process is a better way to Manage portfolio credit risk. The process provides a framework to ensure consistency between strategy and implementation that reduces potential volatility in earnings and maximize shareholders wealth. Beyond and over riding the specifics of risk modeling issues, the challenge is moving towards improved credit risk management lies in addressing banks’readiness and openness to accept change to a more transparent system, to rapidly metamorphosing markets, to more effective and efficient ways of operating and to meet market requirements and increased answerability to stake holders.There is a need for Strategic approach to Credit Risk Management (CRM) in Indian Commercial Banks, particularly in view of;(1) Higher NPAs level in comparison with global benchmark(2) RBI’ s stipulation about dividend distribution by the banks(3) Revised NPAs level and CAR norms(4) New Basel Capital Accord (Basel –II) revolutionAccording to the study conducted by ICRA Limited, the gross NPAs as a proportion of total advances for Indian Banks was 9.40 percent for financial year 2003 and 10.60 percent for financial year 20021. The value of the gross NPAs as ratio for financial year 2003 for the global benchmark banks was as low as 2.26 percent. Net NPAs as a proportion of net advances of Indian banks was 4.33 percent for financial year 2003 and 5.39 percent for financial year 2002. As against this, the value of net NPAs ratio for financial year 2003 for the global benchmark banks was 0.37 percent. Further, it was found that, the total advances of the banking sector to the commercial and agricultural sectors stood at Rs.8,00,000 crore. Of this, Rs.75,000 crore, or 9.40 percent of the total advances is bad and doubtful debt. The size of the NPAs portfolio in the Indian banking industry is close to Rs.1,00,000 crore which is around 6 percent of India’ s GDP2.The RBI has recently announced that the banks should not pay dividends at more than 33.33 percent of their net profit. It has further provided that the banks having NPA levels less than 3 percent and having Capital Adequacy Reserve Ratio (CARR) of more than 11 percent for the last two years will only be eligible to declare dividends without the permission from RBI3. This step is for strengthening the balance sheet of all the banks in the country. The banks should provide sufficient provisions from their profits so as to bring down the net NPAs level to 3 percent of their advances.NPAs are the primary indicators of credit risk. Capital Adequacy Ratio (CAR) is another measure of credit risk. CAR is supposed to act as a buffer against credit loss, which isset at 9 percent under the RBI stipulation4. With a view to moving towards International best practices and to ensure greater transparency, it has been decided to adopt the ’ 90 days’ ‘ over due’ norm for identification of NPAs from the year ending March 31, 2004.The New Basel Capital Accord is scheduled to be implemented by the end of 2006. All the banking supervisors may have to join the Accord. Even the domestic banks in addition to internationally active banks may have to conform to the Accord principles in the coming decades. The RBI as the regulator of the Indian banking industry has shown keen interest in strengthening the system, and the individual banks have responded in good measure in orienting themselves towards global best practices.1.3 Credit Risk Management(CRM) dynamics:The world over, credit risk has proved to be the most critical of all risks faced by a banking institution. A study of bank failures in New England found that, of the 62 banks in existence before 1984, which failed from 1989 to 1992, in 58 cases it was observed that loans and advances were not being repaid in time 5 . This signifies the role of credit risk management and therefore it forms the basis of present research analysis.Researchers and risk management practitioners have constantly tried to improve on current techniques and in recent years, enormous strides have been made in the art and science of credit risk measurement and management6. Much of the progress in this field has resulted form the limitations of traditional approaches to credit risk management and with the current Bank for International Settlement’ (BIS) regulatory model. Even in banks which regularly fine-tune credit policies and streamline credit processes, it is a real challenge for credit risk managers to correctly identify pockets of risk concentration, quantify extent of risk carried, identify opportunities for diversification and balance the risk-return trade-off in their credit portfolio.The two distinct dimensions of credit risk management can readily be identified as preventive measures and curative measures. Preventive measures include risk assessment, risk measurement and risk pricing, early warning system to pick early signals of future defaults and better credit portfolio diversification. The curative measures, on the other hand, aim at minimizing post-sanction loan losses through such steps as securitization, derivative trading, risk sharing, legal enforcement etc. It is widely believed that an ounce of prevention is worth a pound of cure. Therefore, the focus of the study is on preventive measures in tune with the norms prescribed by New Basel Capital Accord.The study also intends to throw some light on the two most significant developments impacting the fundamentals of credit risk management practices of banking industry – New Basel Capital Accord and Risk Based Supervision. Apart from highlighting the salient features of credit risk management prescriptions under New Basel Accord, attempts are made to codify the response of Indian banking professionals to various proposals under the accord. Similarly, RBI proposed Risk Based Supervision (RBS) is examined to capture its direction and implementation problems。

中国银监会关于印发《商业银行操作风险管理指引》的通知文章属性•【制定机关】中国银行业监督管理委员会(已撤销)•【公布日期】2007.05.14•【文号】银监发[2007]42号•【施行日期】2007.05.14•【效力等级】部门规范性文件•【时效性】现行有效•【主题分类】银行业监督管理正文中国银监会关于印发《商业银行操作风险管理指引》的通知（银监发〔2007〕42号）各银监局，各政策性银行、国有商业银行、股份制商业银行，邮政储蓄银行：为加强商业银行的操作风险管理，推动商业银行进一步完善公司治理结构，提升风险管理能力，银监会制定了《商业银行操作风险管理指引》，现印发给你们，请遵照执行。

请各银监局将本通知转发至辖内各城市商业银行、农村商业银行、农村合作银行、农村信用社、城市信用社、外资独资银行、中外合资银行和外国银行分行主报告行。

二○○七年五月十四日商业银行操作风险管理指引第一章总则第一条为加强商业银行的操作风险管理，根据《中华人民共和国银行业监督管理法》、《中华人民共和国商业银行法》以及其他有关法律法规，制定本指引。

第二条在中华人民共和国境内设立的中资商业银行、外商独资银行和中外合资银行适用本指引。

第三条本指引所称操作风险是指由不完善或有问题的内部程序、员工和信息科技系统，以及外部事件所造成损失的风险。

本定义所指操作风险包括法律风险，但不包括策略风险和声誉风险。

第四条中国银行业监督管理委员会（以下简称银监会）依法对商业银行的操作风险管理实施监督检查，评价商业银行操作风险管理的有效性。

第二章操作风险管理第五条商业银行应当按照本指引要求，建立与本行的业务性质、规模和复杂程度相适应的操作风险管理体系，有效地识别、评估、监测和控制/缓释操作风险。

操作风险管理体系的具体形式不要求统一，但至少应包括以下基本要素：（一）董事会的监督控制；（二）高级管理层的职责；（三）适当的组织架构；（四）操作风险管理政策、方法和程序；（五）计提操作风险所需资本的规定。

Guidelines for the Compliance Risk Management ofCommercial BanksOctober 25, 2006Chapter I General ProvisionsArticle 1For the purpose of strengthening the compliance risk management of commercial banks and maintaining commercial banks operating safely and stably, these Guidelines are instituted in accordance with the Measures of the People's Republic of China on the Supervision and Administration of the Banking Sector and the Law of the People's Republic of China on Commercial Banks.Article 2A Chinese-funded commercial bank, foreign sole-capital bank, joint venture bank or branch of a foreign bank established within the territory of the People's Republic of China shall be governed by these Guidelines.A policy bank, financial asset management company, urban credit cooperative, rural credit cooperative, trust investment company, enterprise group financial company, financial lease company, automobile financial company, currency brokerage company, postal savings institution or any other financial institution established within the territory of the People's Republic of China and approved by the China Banking Regulatory Commission shall be governed by these Guidelines.Article 3The term "laws, rules and standards" as mentioned in these Guidelines refers to the laws, administrative regulations, departmental rules as well as other regulatory documents, business rules and industrial standards of self-disciplinary organizations, behavioral code and occupation ethnics.The term "compliance" as mentioned in these Guidelines refers to the consistence between the business operations of commercial banks and the related laws, rules and standards.The term "compliance risks" as mentioned in these Guidelines refers to the risks of a commercial bank suffering from legal sanction, supervision punishment, great financial losses or reputation losses when it violates any law, rule or standard.The term "compliance management department" as mentioned in these Guidelines refers to any department, team or position that especially established within a commercial bank to take charge of compliance management.Article 4Compliance management is a core risk management of commercial banks. A commercial bank shall take overall consideration of the relevance between compliance risks and credit risks, market risks, operation risks and other risks so as to ensure the consistence between all the policies and formalities for risk management.Article 5The objective of compliance risk management of a commercial bank is to establish and improve a framework of compliance risk management so as to realize the effective recognition and management of compliance risks, promote the establishment of an overall system of risk management and ensure an operation based on compliance of laws and regulations.Article 6A commercial bank shall enhance the establishment of compliance culture and incorporate the establishment of compliance culture into the whole process of establishing its enterprise culture.The compliance is the joint responsibility of all staff members of a commercial bank and its senior management shall take a lead in the execution thereof.The board of directors and senior management of a commercial bank shall determine the keynote of compliance, set up such compliance philosophies as voluntary compliance by all its staff members and value creation subject to compliance, promote the occupational ethnics and value concept of being creditworthy and upright within the bank, elevate the compliance consciousness of all its staff members and promote an effective interaction between self-compliance of the commercial bank and external supervision.Article 7China Banking Regulatory Commission shall implement supervision over the compliance risk management of commercial banks, examine and evaluate the effectiveness of compliance risk management of commercial banks.Chapter II Compliance Management Functions and Duties of theBoard of Directors,Board of Supervisors and Senior ManagementArticle 8A commercial bank shall establish a system of compliance management in line with its business scope, organizational structure and business scale thereof.The following basic elements shall be included in the compliance management system:(1)Compliance policies;(2)Organizational structure and resources of the compliance management department;(3)Plans of compliance risk management;(4)Recognition of and management formalities for compliance risks; and(5)Training and education system of compliance.Article 9The compliance policies of a commercial bank shall specify the basic principles that all its staff members and operational lines shall comply with and the significant formalities for recognizing and managing compliance risks as well as stipulate the related matters in respect of the functions of compliance management, which shall at least include:(1)Functions and duties of the compliance management department;(2)Power limit of the compliance management department, including the right to communicate with any bank staff member and obtain any record or archival file as required in its duty performance;(3)Functions and duties of compliance management of related persons-in-charge;(4)All the measures that guarantee the independency of the persons-in-charge of compliance as well as the compliance management department, including a guaranty that there is no interest conflict between the functions and duties of compliance management of the persons-in-charge and related persons that engage in the compliance management and the other functions and duties thereof;(5)The coordination relationship between the compliance management department and the risk management department, the internal auditing department as well as other departments; and(6)The establishing of principles of the compliance management departments for the business lines as well as the branches and sub-branches.Article 10The board of directors shall undertake final responsibilities of compliance in the business operation of a commercial bank and perform the following functions and duties of compliance management:(1)Examining and approving of the compliance policies of the commercial bank and supervising its implementation of the compliance policies;(2)Examining and approving the reports on compliance risk management submitted by the senior management of the commercial bank and appraising the effectiveness of compliance risk management of itscommercial bank so as to timely and effectively resolve the compliance defects;(3)Authorizing the risk management commission, auditing commission or specially established compliance management commission under the board of directors to conduct daily supervision over the compliance risk management of commercial bank thereof; and(4)Supervising any other functions and duties of compliance management as stipulated in the constitution of its commercial bank.Article 11The commission under the board of directors of a commercial bank which is responsible for the daily supervision of compliance risk management shall, by means of holding individual talks with the related persons-in-charge of compliance or by any other effective means, know about the implementation of the compliance policies and existing problems, timely put forward corresponding opinions and suggestions to the board of directors or the senior management , supervise and guarantee to implement the compliance policies effectively.Article 12The board of supervisors shall supervise the performance of functions and duties of compliance management by the board of directors and senior management.Article 13The senior management shall manage the compliance risks of its commercial bank effectively and perform the functions and duties of compliance management as follows:(1)Instituting the compliance policies in written form and revising the compliance policies in accordance with the status of compliance risk management as well as the related laws, rules and standards at an appropriate time, reporting them to the board of directors for deliberation and then distributing them to all its staff members after having been approved;(2)Carrying out the compliance policies, guaranteeing that proper measures for correction be timely adopted when any rule-breaking event occurs and investigating the corresponding responsibilities of violators;(3)Designating the persons-in-charge of compliance and guaranteeing their independency;(4)Specifying the compliance management department and their organizational structure, arranging enough and proper personnel of compliance management for its performance of functions and duties, and ensuring the independency of the compliance management department;(5)Recognizing the significant compliance risks that the commercial bank is faced with, examining and approving the plans of compliance risk management and ensuring the work coordination between the compliance management department and the risk management department, the internal auditing department and other relevant departments;(6)Submitting to the board of directors a report of compliance risk management on an annual basis, which shall present sufficient proof and assist the members of the board of directors to judge the effectiveness of compliance risk management by senior managers;(7)Reporting to the board of directors or the commissions thereunder and the board of supervisors any significant rule-breaking event timely; and(8)Performing any other functions and duties as prescribed by the compliance policies.Article 14A person-in-charge of compliance shall coordinate the recognition and management of compliance risks of the commercial bank, supervise the compliance management department to perform its functions and duties in accordance with the related plans of compliance risk management and submit to the senior management an appraisal report about compliance risks periodically. A person-in-charge of compliance must not take charge of the management of any business lines.An appraisal report on compliance risks shall include but be not limited to the following contents: any changeof compliance risk within the reporting period, the recognition of any rule-breaking event or compliance defect and the measures for correction that have been adopted or are advised to be adopted.Article 15A commercial bank shall set up an examination system of compliance performance of managers. The performance examination of a commercial bank shall embody the value concept of promoting compliance and punishing any rule-breaking behavior.Article 16A commercial bank shall establish an effective compliance accountability system, strictly carry out the confirmation and investigation of responsibilities incurred from any rule-breaking behavior, adopt effective measures for correction, improve the formalities for management in time, revise the related policies, formalities and operational guidelines at a proper time.Article 17A commercial bank shall establish a credit accusation system, encourage its staff members to tip off the illegal acts, the act in violation of professional integrity or the suspicious acts, and fully protect any tip-off reporter.Chapter III Functions and Duties of the Compliance ManagementDepartmentArticle 18The compliance management department shall, under the guidance of its person-in-charge, assist the senior management to effectively recognize and manage the compliance risks, if its commercial bank is faced with, and perform the following fundamental functions and duties:(1)Paying continuous attention to the latest development of the related laws, rules and standards, correctly understanding the provisions and spirit of the related laws, rules and standards, accurately understanding the impact of the related laws, rules and standards on the business operation of the commercial bank, and putting forward corresponding suggestions on compliance to its senior management;(2)Instituting and carrying out the plans of compliance management which focus on risks, including the implementation and appraisal of special policies and formalities, appraisal on compliance risks, compliance testing, compliance training and education, etc..(3)Examining and appraising the compliance of all policies, formalities and operational guidelines of the commercial bank, organizing, coordinating and supervising and urging all business lines and the internal control department to sort of and revise the related policies, formalities and operational guidelines, and guaranteeing that all policies, formalities and operational guidelines comply with the requirements of the related laws, rules and standards;(4)Helping the related training and education departments to implement compliance trainings, including the compliance trainings of new staff members as well as the periodic compliance trainings of all its staff members, and functioning as the internal communication department for staff members to consult the related matters of compliance;(5)Organizing the institution of the formalities for compliance management as well as such compliance guidelines as compliance booklets and behavioral code of its staff members, appraising the formalities for compliance management and the appropriateness of compliance guidelines, offering guidance to its staff members on proper implementation of related laws, rules and standards;(6)Recognizing and appraising the compliance risks in relation to the business operation of the commercial bank actively, including conducting the necessary examination and testing for the development of new products and services, recognizing and appraising any compliance risk arising from the development of any new business mode, establishment of new customers' networks or change of nature of the bank's relationshipwith its customers.(7)Collecting and choosing the data that may indicate potential compliance problems, such as increasing index of customers' complaints and abnormal transactions etc., establishing a supervisory index of compliance risks, and determining the preferential sequence of compliance risks to be considered in accordance with the possibility and impact of compliance risk occurrence measured by the risk matrix;(8)Carrying out enough and representative appraisal and testing of compliance risks, including testing through on-the-spot examination on the compliance of all policies and formalities, inquiring the existing defects in the policies and formalities, and making corresponding investigation. The result of a compliance testing shall be reported in accordance with the formalities for internal risk management of commercial banks through the reporting line of compliance risks so as to ensure that all policies and formalities comply with the requirements of related laws, rules and standards; and(9)Keeping daily contact with its supervisory organ, and tracing and appraising the implementation of supervisory opinions and supervisory requirements.Article 19A commercial bank shall allocate the resources for effectively performing the compliance management for its compliance management department. A person who engages in compliance management shall have the qualification, experience, expertise and individual quality corresponding to his/her functions and duties.A commercial bank shall offer systematic and professional technical trainings to its personnel who engage in compliance management, especially technical trainings in such aspects as correct master the latest development of the related laws, rules and standards as well as their impacts on the business operation of the commercial bank.Article 20The persons-in-charge of all business lines or branches or sub-branches of a commercial bank shall take primary responsibility for the business operation of their lines or departments.A commercial bank shall, in accordance with the business scope of its lines of business and the branches and sub-branches as well as the operational scale, set up the corresponding compliance management departments. The compliance management departments of all business lines and the branches and sub-branches of a commercial bank shall, in accordance with the formalities for compliance management, actively recognize and manage the compliance risks and report the related information in time through the reporting lines in accordance with the reporting requirements of compliance risks.Article 21A commercial bank shall establish a coordination mechanism between the compliance management department and the risk management department in respect of compliance management.Article 22A commercial bank shall separate the functions and duties of compliance management from the function of internal auditing, and the performance of compliance management shall be subject to independent appraisal by the internal auditing department periodically.The internal auditing department shall be responsible for the auditing on compliance among all business operations of the commercial bank. An internal auditing plan shall include an auditing appraisal on the appropriateness and effectiveness of the functions and duties of compliance management. An appraisal on compliance risks shall be included in the measures for risk appraisal in the internal auditing.A commercial bank shall specify the functions and duties of compliance risk appraisal and compliance testing between the compliance management department and the internal auditing department. The internal auditing department shall notify the result of compliance auditing to the related persons-in-charge of compliance. Article 23A commercial bank shall specify its reporting lines of compliance risks as well as the elements,format and frequency of a report on compliance risks.Article 24The overseas branches or sub-branches or affiliated institutions of a commercial bank shall strengthen the functions of compliance management. The organizational structure of the compliance management functions shall accord with the local laws and requirements of supervision.Article 25The board of directors and senior management of a commercial bank shall guarantee that the outsourcing of the work of the compliance management department shall comply with local laws, rules and standards.A commercial bank shall guarantee that any outsourcing work of the compliance management department be under a proper supervision of its person-in-charge of compliance and will not hamper an effective supervision by China Banking Regulatory Commission.Chapter IV Supervision over Compliance RisksArticle 26A commercial bank shall report its internal regulations such as compliance policies, formalities for compliance management as well as compliance guidelines to China Banking Regulatory Commission for archival filing.A commercial bank shall timely report its plans of compliance risk management and appraisal reports on compliance risks to China Banking Regulatory Commission.Where a commercial bank finds any significant rule-breaking event, it shall report it to China Banking Regulatory Commission in accordance with the reporting system of significant events.Article 27Where a commercial bank designates a person-in-charge of compliance, it shall report it to China Banking Regulatory Commission in accordance with the related provisions. Where any person-in-charge of compliance of a commercial bank leaves his/her post, the bank shall report related information such as leaving reasons for resignation to China Banking Regulatory Commission within 10 workdays after leaving the post. Article 28China Banking Regulatory Commission shall conduct appraisal on the effectiveness of compliance risk management of commercial banks periodically and the appraisal reports shall be regarded as an important basis for classified supervision.Article 29China Banking Regulatory Commission shall, in accordance with the compliance records of commercial banks and the appraisal reports on compliance risk management, determine the frequency, scope and depth of on-the-spot compliance risk examination, and the contents shall be examined mainly include:(1)The appropriateness and effectiveness of the compliance risk management system of a commercial bank;(2)The functions of the board of directors and senior management of a commercial bank in the compliance risk management;(3)The appropriateness and effectiveness of the performance examination system, the accountability system and the credit accusation system of a commercial bank; and(4)The appropriateness and effectiveness of the functions of compliance management of a commercial bank.Chapter V Supplementary ProvisionsArticle 30The power to interpret these Guidelines shall remain with China Regulatory Banking Commission. Article 31These Guidelines shall enter into force as of the day of promulgation.。

文献出处：Said R M, The Study of Commercial Banks Operating Risk Control [J]. International Review of Business Research Papers, 2014, 7(2): 157-169.（声明：本译文归百度文库所有，完整译文请到百度文库。

）原文The Study of Commercial Banks Operating Risk ControlAbstractThe production of commercial bank operation risk of bank management can influence the efficiency and profitability, under the impetus of the Basel ii, Banks are looking for a way to control the operation risk. This paper briefly introduces the will maintain a high level of efficiency in the field of production process control method, six sigma, applied to the commercial Banks operational risk control, and this paper expounds the method of use and the use of this method was discussed.Key words: commercial Banks; Operation risk; The six sigma;1 the introductionOperation risk is due to the imperfect internal procedures, staff's mistake, system failure or was caused by external events, it widely exists in every field of bank operation and management, is the foundation of bank business management to face one of the risk. It is a result of the failure of internal control mechanism and the failure of corporate governance mechanism. This situation is not in time to correct will make Banks suffer, produce low efficiency. In June 1999, the Basel committee issued the "new Basel capital accord", first proposed the operating risk should be covered within the regulatory capital, has been clear about the capital requirements for operational risk, the bank of strength are encouraged to create a suitable for their own operational risk measurement. The country's banking industry to operate risk management has become increasingly attention. But in Basel, description of operation risk control and measure is not very desirable, does not provide a sensitive tool foroperational risk identification and risk management.Some literature has indicated from the Angle of process operation risk problem, for example, Leippold et al. (2003) application of risk management of the value chain concept model of operational risk, the value chain is essentially a workflow;Again, for example, Ebn not ther, et al. Think of operation risk management platform "subtle" is based on a well defined process.This paper argues that based on the operational risk management of the process, not only simple and intuitive, the maneuverability is strong.Is the key point to solve the problem, find a suitable way, if you want to organize a large number of personnel that Banks research and development, in time and cost on the cost is quite large, so consider, can borrow a method in the field of production, make appropriate changes for the operation of the commercial bank risk control in public.Because production itself is also a kind of process, will be a kind of increase production profit ability, strict application of statistical tools to solve problem using the method of commercial bank operation risk control is feasible.2 Six sigma related informationThe six sigma MOTOROLA first appeared in the 1980 s. In 1983, the product reliability test engineer Bill Suith, product testing and testing cannot detect all the defects, the production process of the failure rate is much higher than the final product testing report, the best way to solve the defects is to improve the production process, from the source to reduce or eliminate the possibility of defects .So he made six sigma standards: 99.9997% of the nearly perfect, life of the "six sigma" many international well-known enterprise applying six sigma to its production process, and achieved fruitful results, such as: MOTOROLA was the CEO of the cause and influence on the bank's survival and development. Starting from the staff, for them, which factors are key factors affecting the work of defects; Measure key indicators, the indicators must be consistent with the overall strategy of the bank, and the control results correlation is high. Measurement is to determine the purpose of the defect, improve operational risk control work needed.3 use sigma measure of control of the actual operation process and standard processUsing six sigma, looking for is a control process, the process of input variables all fall within the limits prescribed, even if in the process of the control index of average deviation, slightly less than 6 sigma, as long as the control result will not change. That is to say, when operating the specific business of commercial Banks, not the whole process does not allow staff error, and there is no blemish, as long as a side effect of the result of the Banks want to eventually in the range of acceptable, can say its in a more accurate control process.4 accurate measurement, planning control projectIn the process of the business operations of commercial Banks, there are a large number of indicators can be measure of operational risk, some indexes of indirect or direct influence on the other. Standards of measurement repeatability and reproducibility studies is under different conditions, repeated measurement to control whether the system of operational risk is accuracy, repeatability, the same staff working many times for the same or different staff working for the same) and reproducibility (or other staff to do the job the same workers for other job), stability (the above three characteristics will change over time).5 control operation risk, focus on resultsA framework is as follows: control process will do a lot of preparation work results into practice at the same time, one thing is crucial: participation and communication. Advocate using six sigma management of operational risk in commercial bank senior manager, not only should act as the leader and the role of advisor, but also for the specific work of the project team to provide support, allocation of resources, to remove obstacles of implementing six sigma. At the same time to cultivate a black belt in director in charge of training operation risk control team of staff, with six sigma method combined review, case study, using the strategy, to instill the idea of six sigma, in need of providing guidance; Black belt head with the support of the whole team members, go all out to control project of improvement.Flexibility, select the appropriate managing partner or a bank can help to achieve business results of experts, using his expertise and experience as much as possible. And at the outset defines what each person are the role of, let staff in the specific work clear know their responsibilities and how to coordinate the efforts of all people, to work in an orderly way.6 the future research directionClearly in the Basel ii requirements: Banks should develop operational risk management framework. This requirement has inspired academia and practice circle research and development the enthusiasm of the operational risk management framework. Operation risk of the basic definitions show that operational risk is the main carrier of business process, and produce on the production line of six sigma management mode and operation risk control method of similarity is very high, although there are still some problems need to be solved, but has certain effectiveness and operability. Commercial Banks according to their own characteristics, the use of six sigma to improve at the same time, make it more suitable for itself characteristic, become by the characteristics of the bank operation risk control methods, and to control the spread of the concept in the scope of the staff, to form part of the culture of Banks and control the incidence of operation risk and damage, improve the level of sales and service of bank management, bring profits and achieve their goals.译文商业银行操作风险控制的研究摘要商业银行操作风险的产生对银行经营效率和盈利水平都会产生影响, 在新巴塞尔协议的推动下, 各大银行都在寻找控制操作风险的方法。

Guidelines on Operational Risk Management of CommercialBanksChapter I General ProvisionsArticle 1 Pursuant to the Law of the People’s Republic of China on Banking Regulation and Supervision, the Law of the People’s Republic of China on Commercial Banks as well as other applicable laws and regulations, the Guidelines are formulated so as to enhance the operational risk management of commercial banks.Article 2 The Guidelines apply to domestic commercial banks, wholly foreign-funded banks and Chinese-foreign joint venture banks incorporated within the territory of the People’s Republic of China.Article 3 The operational risk in the Guidelines refers to the risk of loss resulting from inadequate or failed internal processes, people and IT system, or from external events. It includes legal risk but excludes strategic and reputational risk.Article 4 The China Banking Regulatory Commission (hereinafter referred to as the “CBRC”) supervises and regulates the operationalrisk management of commercial banks and evaluates the effectiveness thereof under its authority by law.Chapter II Operational Risk ManagementArticle 5 Commercial banks should, in line with the Guidelines, set up an operational risk management system suitable to their own business nature, scale and complexity to effectively identify, assess, monitor and control/mitigate operational risk. This system can be in any form, but should comprise at least the following basic elements:1)oversight and control by the board of directors;2)roles and responsibilities of senior management;3)appropriate organizational structure;4)operational risk management policies, methods, and procedures;and5)requirements on making capital provisions for operational risk.Article 6 The board of directors in a commercial bank should treat operational risk as a major risk and charge the ultimate responsibility for monitoring the effectiveness of operational risk management. The responsibilities of the board shall include:1) developing strategies and general policies for bank-wideoperational risk management that are aligned with the bank’sstrategic goals;2) reviewing and approving the senior management’s functions,authorization and reporting arrangement with regard to operational risk management so as to ensure the effectiveness of the bank’s decision-making system in operational risk management and ensure that the operational risk facing thebank’s operations is controlled within its endurance capacity; 3) reviewing regularly the operational risk reports submitted by thesenior management; fully understanding the bank’s overall operational risk management and the effectiveness of the senior management in handling material operational risk events; and monitoring and evaluating the effectiveness of daily operationalrisk management;4) ensuring that the senior management takes necessary measuresto effectively identify, assess, monitor and control/mitigateoperational risk;5) ensuring that the bank’s operational risk m anagement system iseffectively audited and overseen by internal audit department;and6) having in place an appropriate reward-punishment system so asto effectively promote the development of operational risk management system in the bank as a whole.Article 7 The senior management in a commercial bank isresponsible for implementing the operational risk management strategies, general policies and running the system approved by theboard. It shall:1) be ultimately responsible to the board regarding daily operationalrisk management;2) lay out and regularly review the operational risk managementpolicies, procedures and detailed processes in accordance with the strategies and general policies developed by the board, and oversee the implementation thereof, and submitting to the board reports on overall operational risk management in a regularmanner;3) sufficiently understand the overall situation of the bank’soperational risk management, particularly the events or programswith material operational risk;4) Clearly define each department’s responsibilities in operationalrisk management as well as the reporting line, frequency andcontents; urge each department to really charge its responsibilities in a bid to ensure the sound performance of theoperational risk management system;5) equip operational risk management with appropriate resources,including but not limited to providing necessary funds, setting up necessary positions with eligible staff, offering training courses to operational risk management personnel, delegating authorizaion to the said personnel to fulfill their duties, etc.; and6) make promptly checks and revision on the operational riskmanagement system so as to effectively respond to operational risk events brought about by the changes of internal procedures, products, business activities, IT system, staff, external events orother factors.Article 8 Commercial banks should designate a certain department to be responsible for the construction and implementation of operational risk management system. This department should be independent from others in order to ensure the system’s consistency and effectiveness. Its responsibilities shall mainly include:1) drafting operational risk management policies, procedures andspecific processes and submitting them to the senior management and the board for review and approval;2) assisting other departments to identify, assess, monitor andcontrol/mitigate operational risk;3) working out methods to identify, assess, mitigate (includinginternal controls) and monitor operational risks, formulating bank-wide reporting processes of operational risk and organizingthe implementation thereof;4) putting in place basic criteria for operational risk control over thebank, and guiding and coordinating the operational riskmanagement;5) providing each department with trainings on operational riskmanagement, and helping them improve operational risk management capacity and fulfill their own duties;6) regularly checking and analyzing the practices of operational riskmanagement in business departments and other departments;7) regularly submitting operational risk reports to seniormanagement; and8) ensuring that the operational risk management system andmeasures are observed.Article 9 The relevant departments in a commercial bank should be directly responsible for operational risk management. Majorresponsibilities include:1) appointing designated staff to take charge of operational riskmanagement, including observing operational risk management policies, procedures and specific processes;2) following the assessment methods for operational riskmanagement to identify and assess the operational risks in the departments, and to have in place an effective on-going procedure to monitor, control/mitigate and report operational risks, thenorganize the implementation thereof;3) fully considering the requirements on operational riskmanagement and internal control when making department specific business processes and related business policies, with a view to ensuring operational risk management personnel at alllevels participate in the course of reviewing and approvingimportant procedures, controls and policies, thus making these aligned with the bank’s general policy on operational riskmanagement; and4) monitoring key risk indicators and regularly reporting their owndepartment’s operational risk management situation to thedepartment which takes charge of or take the leading role in operational risk management of the whole bank.Article 10 The legal office, compliance office, IT office, security office, and human resource office in a commercial bank should, besides properly managing their own operational risks, provide relevant resources and assistance within their strength and respective responsibilities to other departments for the purpose of operationalrisk management.Article 11 The internal audit department in a commercial bank does not directly take charge of or participate in other departments’ operational risk management, but it should regularly check and evaluate how well the bank’s operational risk management system operates, supervise the implementation of operational riskmanagement policies, independently evaluate the bank’s newoperational risk management policies, processes and specific procedures, and report to the board of directors the evaluation results of operational risk management system.A commercial bank with high business complexity and large scale is encouraged to entrust intermediary agencies to audit and evaluate its operational risk management system on a regular basis.Article 12 A commercial bank should have in place bank-wide operational risk management policies that are commensurate with its nature, scale, complexity and risk profile. Main contents include:1) definition of operational risk;2) appropriate organizational structure, authorization andresponsibilities with regard to operational risk management;3) procedures to identify, assess, monitor and control/mitigateoperational risks;4) reporting procedures of operational risk, including reportingresponsibilities, path and frequency, and other specificrequirements on other departments; and5) requirements on promptly assessing operational risks associatedwith existing and newly-developed important products, business practices, procedures, IT system, human resource management,external factors and changes thereof.Article 13 A commercial bank should choose appropriate approaches to manage operational risks, which may include: assessment of operational risk and internal control, loss event reporting and data collection, monitoring of key risk indicators, risk assessment regarding new products and business practices, testing and audit of internal control, and operational risk reporting.Article 14 A commercial bank with high business complexity and large scale should adopt more sophisticated risk management methods (e.g. quantitative methods) to assess each department’s operational risk, collect operational risk loss data, and make arrangements according to the characteristics of operational riskassociated with each line of business.Article 15 A commercial bank should develop effective processes to regularly monitor and report operational risk status and material losses. As to risks with increasing loss potential, early-warning system of operational risk should be put in place so as to take timely controls to mitigate risk and reduce the occurrence and severity ofloss events.Article 16 Material operational risk events should be reported to the board, senior management and appropriate management personnel according to the bank’s operational risk management policies.Article 17 A commercial bank should enhance internal control for effective operational risk management. Related internal controlsshould at least include:1) clearly defining the roles and responsibilities of each departmentand making proper separation among relevant functions so as toavoid potential conflicts of interests;2) closely watching how well specified risk limit or authorization isobserved;3) monitoring the records of access to and use of the bank’s assets;4) ensuring the staff are appropriately trained and eligible for theirpositions;5) identifying the business activities or products that do not generatereasonable prospective returns or that contain potential risks;6) regularly reviewing and checking up transactions and accounts;7) putting in place a system for the heads and the staff in keypositions to have job rotation and compulsory leaves and setting up a mechanism of off-job auditing as well;8) working out a code of conduct to regulate on-job and off-jobbehavior particularly for the staff in important positions or atsensitive links;9) establishing an incentive and protection system to encouragestaff to report violations on a real-name basis;10) setting up a dual-appraisal system to investigate and solve bankfraudulent cases as well as make punishments in a timely andproper manner;11) having in place an information disclosure system for the bankcase investigation; and12) e stablishing an incentive-restrictive mechanism with regard to themanagement and control of operational risk at front line.Article 18 A commercial bank should establish and gradually improve the operational risk management information system (MIS) so as to effectively identify, assess, monitor, control and report operational risks. The system should at least record and store the date about operational risk losses and events, support self-assessment on operational risk and control measures, monitor key risk indicators, and provide relevant information contained in operational riskreports.Article 19 To ensure business continuation, a commercial bank should develop a scheme for emergency response that matches their business scale and complexity, make a back-up arrangement for service recovery, and regularly check and test the catastrophe recovery function and business continuation mechanism so as to make sure that these actions can go in operation properly in the event of catastrophe and severe business disruption.Article 20 A commercial bank should develop risk management policies with regard to outsourcing practices in order to make sure that outsourcing is subject to rigorous contracts and service agreements which clearly specify the obligations of involved parties.Article 21 A commercial bank may purchase insurance and enter into contract with a third party, and consider it a way to mitigate operational risk. But they should by no means neglect the importanceof controls.A commercial bank that mitigates operational risks by means ofinsurance should formulate written policies and proceduresaccordingly.Article 22 A commercial bank should make adequate capitalprovisions for the operational risk it undertakes as per the requirements of CBRC on capital adequacy of commercial banks.Chapter III Supervision of Operational RiskArticle 23 Commercial banks should submit to the CBRC their operational risk management policies and processes for filing. They should submit operational risk related reports to the CBRC or its local offices as per regulations. Banks that entrust intermediary agencies to audit their operational risk management system should also submit audit reports to the CBRC or its local offices.Article 24 Commercial banks should promptly report to the CBRC or its local offices about the following material operational risk events ifany:1) banking crimes in which more than RMB300,000 is robbed from acommercial bank or cash truck or stolen from a banking financial institution; bank fraud or other cases involving an amount of morethan RMB10 million;2) events that result in serious damage or loss of the bank’simportant data, books, blank vouchers, or business disruption for over three hours in two or more provinces (autonomous regions/municipalities), or business disruption for over six hours in one province (autonomous region/municipality) and severelyaffect the bank’s normal operations;3) confidential information being stolen, sold, leaked or lost that mayaffect financial stability and lead to economic disorder;4) senior executives severely violating applicable regulations;5) accident or natural catastrophe caused by force majeure, resultingin immediate economic loss of more than RMB10 million;6) other operational risk events that may result in a loss of more than1‰ of the bank’s net capital; and7) other material events as specified by the CBRC.Article 25 The CBRC should regularly check and assess the operational risk management policies, processes and practices of commercial banks. Main items to be checked and assessed include:1) effectiveness of the bank’s operational risk managementprocesses;2) the bank’s approaches to monitor and report operational risks,including key operational risk indicators and operational risk lossdata;3) the bank’s measures to timely and effectively handle operationalrisk events and weak links;4) the bank’s procedures of internal control, reviewing and auditingwithin its operational risk management processes;5) the quality and comprehensiveness of the bank’s catastropherecovery and business continuation plans;6) adequacy level of capital provisions for operational risks; and7) other aspects of operational risk management.Article 26 As to the operational risk management problems discovered by the CBRC during supervision, the commercial bank should submit correction plan and take correction actions within thespecified time limit.When a material operational risk event occurs, if the commercial bank fails to adopt effective correction measures within the specified time limit, the CBRC should take appropriate regulatory actions in line withlaws and regulations.Chapter IV Supplementary ProvisionsArticle 27 This Guidelines may apply to other banking institutions including policy banks, financial asset management companies, urban credit cooperatives, rural credit cooperatives, rural cooperative banks, trust and investment companies, finance firms, financial leasing companies, automobile financial companies, money brokers, and postsavings institutions.Article 28 Banking institutions without the board of directors should have their operating decision-making bodies perform theresponsibilities of the board with regard to operational riskmanagement specified herein.Article 29 Branches set up by foreign banks within the territory of People’s Republic of China should follow the operational risk management policies and processes developed by their head offices, report to the CBRC or its local offices about material operational risk events, and accept the supervision of the CBRC. Where their head offices do not lay out operational risk management policies andprocesses, such branches should comply with the Guidelines.Article 30 Relevant terms mentioned herein are defined in theAppendix.Article 31 The Guidelines shall become effective as of the date ofpromulgation.Appendix: Definitions of Relevant Terms1.Operational risk eventsOperational risk events refer to the operational events resulting from inadequate or failed internal processes, people and IT system, or from external factors, which bring about financial losses or affect the bank’s reputation, clients and staff. Specific events include: internal fraud, external fraud, employment practices and workplace safety, clients, products & business practices, damages to physical assets, business disruption and system failures, execution, delivery & process management (see Annex 7 – Detailed Loss Event Type Classification of The International Convergence of Capital Measurement and Capital Standards: A Revised Framework or the New Basel Capital Accord).2.self-assessment on risk, key risk indicatorsTools used by commercial banks to identify and assess operationalrisks.1) self-assessment on riskSelf-assessment on risk is a tool for operational risk management by commercial banks to identify and assess the control measures and appropriateness and effectiveness thereof with regard to potential operational risk and their own business practices.2) Key Risk IndicatorKey risk indicators refer to the statistical indicators that represent the changes in a certain area of risk and can be monitored on a regular basis. These indicators can be used to monitor various risks and control measures that may result in loss events and to function as early-warning indicators for risk changes (so that senior management can take timely actions accordingly). Examples of specific indicators: loss ratio per RMB100 million asset, number of banking crimes per 10,000 people, ratio of the cases with each involving a cash value of RMB1 million, number of transactions unconfirmed beyond a certaintime limit, percentage of failed transactions, staff turnover, number of client complaints, frequency and severity of errors and omissions, etc.3.Legal RiskLegal risk includes, but is not limited to, the following: 1) the contract signed by a commercial bank violating laws or administrative regulations and therefore being probably cancelled or confirmed invalid according to law; 2) the bank being sued or in arbitration because of its breach of contract, infringement or other reasons and held liable for compensation according to law; 3) the bank’s business practices violating laws or administrative regulations and therefore being held liable administratively or criminally.。

商业银行操作风险管理指引第一章总则第一条为加强商业银行的操作风险管理，根据《中华人民国银行业监督管理法》、《中华人民国商业银行法》以及其他有关法律法规，制定本指引。

第二条在中华人民国境设立的中资商业银行、外商独资银行和中外合资银行适用本指引。

第三条本指引所称操作风险是指由不完善或有问题的部程序、员工和信息科技系统，以及外部事件所造成损失的风险。

本定义所指操作风险包括法律风险，但不包括策略风险和声誉风险。

第四条中国银行业监督管理委员会（以下简称银监会）依法对商业银行的操作风险管理实施监督检查，评价商业银行操作风险管理的有效性。

第二章操作风险管理第五条商业银行应当按照本指引要求，建立与本行的业务性质、规模和复杂程度相适应的操作风险管理体系，有效地识别、评估、监测和控制/缓释操作风险。

操作风险管理体系的具体形式不要求统一，但至少应包括以下基本要素：（一）董事会的监督控制；（二）高级管理层的职责；（三）适当的组织架构；（四）操作风险管理政策、方法和程序；（五）计提操作风险所需资本的规定。

第六条商业银行董事会应将操作风险作为商业银行面对的一项主要风险，并承担监控操作风险管理有效性的最终责任。

主要职责包括：（一）制定与本行战略目标相一致且适用于全行的操作风险管理战略和总体政策；（二）通过审批及检查高级管理层有关操作风险的职责、权限及报告制度，确保全行的操作风险管理决策体系的有效性，并尽可能地确保将本行从事的各项业务面临的操作风险控制在可以承受的围；（三）定期审阅高级管理层提交的操作风险报告，充分了解本行操作风险管理的总体情况、高级管理层处理重大操作风险事件的有效性以及监控和评价日常操作风险管理的有效性；（四）确保高级管理层采取必要的措施有效地识别、评估、监测和控制/缓释操作风险；（五）确保本行操作风险管理体系接受审部门的有效审查与监督；（六）制定适当的奖惩制度，在全行围有效地推动操作风险管理体系地建设。

第七条商业银行的高级管理层负责执行董事会批准的操作风险管理战略、总体政策及体系。

商业银行操作风险管理指引第一章总则第一条为加强商业银行的操作风险管理，根据《中华人民共和国银行业监督管理法》、《中华人民共和国商业银行法》以及其他有关法律法规，制定本指引。

第二条在中华人民共和国境内设立的中资商业银行、外商独资银行和中外合资银行适用本指引。

第三条本指引所称操作风险是指由不完善或有问题的内部程序、员工和信息科技系统，以及外部事件所造成损失的风险。

本定义所指操作风险包括法律风险，但不包括策略风险和声誉风险。

第四条中国银行业监督管理委员会（以下简称银监会）依法对商业银行的操作风险管理实施监督检查，评价商业银行操作风险管理的有效性。

第二章操作风险管理第五条商业银行应当按照本指引要求，建立与本行的业务性质、规模和复杂程度相适应的操作风险管理体系，有效地识别、评估、监测和控制 /缓释操作风险。

操作风险管理体系的具体形式不要求统一，但至少应包括以下基本要素：（一）董事会的监督控制；（二）高级管理层的职责；（三）适当的组织架构；（四）操作风险管理政策、方法和程序；（五）计提操作风险所需资本的规定。

第六条商业银行董事会应将操作风险作为商业银行面对的一项主要风险，并承担监控操作风险管理有效性的最终责任。

主要职责包括：（一）制定与本行战略目标相一致且适用于全行的操作风险管理战略和总体政策；（二）通过审批及检查高级管理层有关操作风险的职责、权限及报告制度，确保全行的操作风险管理决策体系的有效性，并尽可能地确保将本行从事的各项业务面临的操作风险控制在可以承受的范围内；（三）定期审阅高级管理层提交的操作风险报告，充分了解本行操作风险管理的总体情况、高级管理层处理重大操作风险事件的有效性以及监控和评价日常操作风险管理的有效性；（四）确保高级管理层采取必要的措施有效地识别、评估、监测和控制/缓释操作风险；（五）确保本行操作风险管理体系接受内审部门的有效审查与监督；（六）制定适当的奖惩制度，在全行范围有效地推动操作风险管理体系地建设。

《商业银行操作风险管理指引》一、引言随着金融市场的复杂性和不确定性的增加，商业银行面临着越来越多的风险。

其中，操作风险是商业银行面临的重要风险之一，它涵盖了内部欺诈、外部欺诈、雇佣关系、系统故障、业务中断等众多领域。

为了有效管理和控制操作风险，中国银行业监督管理委员会（CBRC）制定了《商业银行操作风险管理指引》。

二、主要内容该指引包括总则、风险识别、评估和量化、管理策略、保障措施、监督和评价六个部分。

1、总则：明确指引的目的和适用范围，强调商业银行应建立和完善操作风险管理体系，确保业务持续稳定运行。

2、风险识别：要求商业银行建立有效的风险识别机制，及时发现和评估潜在的操作风险。

3、评估和量化：要求商业银行对识别出的操作风险进行评估和量化，以便更准确地了解风险的大小和影响。

4、管理策略：要求商业银行制定针对不同类型操作风险的管理策略，包括预防、减轻、转移和应对措施。

5、保障措施：要求商业银行建立保障措施，确保操作风险管理的有效实施和执行。

6、监督和评价：要求商业银行建立监督和评价机制，对操作风险管理效果进行持续跟踪和评估。

三、意义和影响该指引的制定和实施对商业银行操作风险管理具有重要意义。

它为商业银行提供了操作风险管理的标准和指导，有助于提高商业银行操作风险管理的水平。

它有助于保障金融市场的稳定和健康发展，防止类似事件的再次发生。

它为监管机构提供了监管依据和指导，有助于提高监管效率和效果。

四、结论《商业银行操作风险管理指引》的出台对于中国银行业的发展具有重要的意义。

它不仅为商业银行提供了操作风险管理的标准和指导，还有助于保障金融市场的稳定和健康发展。

在实践中，商业银行应认真贯彻落实该指引的各项要求，建立健全操作风险管理体系，提高操作风险管理水平。

监管机构也应加强监督和检查力度，确保商业银行能够有效地管理和控制操作风险。

商业银行操作风险管理研究随着全球金融市场的不断发展和创新，商业银行所面临的风险也日益复杂。

《商业银行操作风险管理指引》商业银行操作风险管理指引第一章总则第一条为加强商业银行的操作风险管理，根据《中华人民共和国银行业监督管理法》、《中华人民共和国商业银行法》以及其他有关法律法规，制定本指引。

第二条在中华人民共和国境内设立的中资商业银行、外商独资银行和中外合资银行适用本指引。

第三条本指引所称操作风险是指由不完善或有问题的内部程序、员工和信息科技系统，以及外部事件所造成损失的风险。

本定义所指操作风险包括法律风险，但不包括策略风险和声誉风险。

第四条中国银行业监督管理委员会(以下简称银监会)依法对商业银行的操作风险管理实施监督检查，评价商业银行操作风险管理的有效性。

第二章操作风险管理第五条商业银行应当按照本指引要求，建立与本行的业务性质、规模和复杂程度相适应的操作风险管理体系，有效地识别、评估、监测和控制/缓释操作风险。

操作风险管理体系的具体形式不要求统一，但至少应包括以下基本要素：(一)董事会的监督控制；(二)高级管理层的职责；(三)适当的组织架构；(四)操作风险管理政策、方法和程序；(五)计提操作风险所需资本的规定。

第六条商业银行董事会应将操作风险作为商业银行面对的一项主要风险，并承担监控操作风险管理有效性的最终责任。

主要职责包括：(一)制定与本行战略目标相一致且适用于全行的操作风险管理战略和总体政策；(二)通过审批及检查高级管理层有关操作风险的职责、权限及报告制度，确保全行的操作风险管理决策体系的有效性，并尽可能地确保将本行从事的各项业务面临的操作风险控制在可以承受的范围内；(三)定期审阅高级管理层提交的操作风险报告，充分了解本行操作风险管理的总体情况、高级管理层处理重大操作风险事件的有效性以及监控和评价日常操作风险管理的有效性；(四)确保高级管理层采取必要的措施有效地识别、评估、监测和控制/缓释操作风险；(五)确保本行操作风险管理体系接受内审部门的有效审查与监督；(六)制定适当的奖惩制度，在全行范围有效地推动操作风险管理体系地建设。