第1页共16页编号:时间:2021年x月x日书山有路勤为径,学海无涯苦作舟页码:第1页共16页GuidelinesontheRiskManagementofCommercialBanks’InformationTechnologyChapterIGeneralProvisionsArticle1.PursuanttotheLawofthePeople’sRepublicofChinaonBankingRegulationandSupervision,theLawofthePeople'sRepublicofChinaonCommercialBanks,theRegulationsofthePeople’sRepublicofChinaonAdministrationofForeign-fundedBanks,andotherapplicablelawsandregulations,theGuidelinesontheRiskManagementofCommercialBanks’InformationTechnology(hereinafterreferredtoastheGuidelines)isformulated.Article2.TheGuidelinesapplytoallthecommercialbankslegallyincorporatedwithintheterritoryofthePeople’sRepublicofChina.TheGuidelinesmayapplytootherbankinginstitutionsincludingpolicybanks,ruralcooperativebanks,urbancreditcooperatives,ruralcreditcooperatives,villagebanks,loancompanies,financialassetmanagementcompanies,trustandinvestmentcompanies,financefirms,financialleasingcompanies,automobilefinancialcompaniesandmoneybrokers.Article3.Theterm“informationtechnology”statedintheGuidelinesshallrefertothesystembuiltwithcomputer,communicationandsoftwaretechnologies,andemployedbycommercialbankstohandlebusinesstransactions,operationmanagement,andinternalcommunication,collaborativeworkandcontrols.ThetermalsoincludeITgovernance,ITorganizationstructureandITpoliciesandprocedures.Article4.Theriskofinformationtechnologyreferstotheoperationalrisk,legalriskandreputationriskthatarecausedbynaturalfactor,humanfactor,technologicalloopholesormanagementdeficiencieswhenusinginformationtechnology.Article5.Theobjectiveofinformationsystemriskmanagementistoestablishaneffectivemechanismthatcanidentify,measure,monitor,andcontroltherisksofcommercialbanks’informationsystem,ensuredataintegrity,availability,confidentialityandconsistency,providetherelevantearlywarning,andtherebyenablecommercialbanks’businessinnovations,uplifttheircapabilityinutilizinginformationtechnology,improvetheircorecompetitivenessandcapacityforsustainabledevelopment.第2页共16页第1页共16页编号:时间:2021年x月x日书山有路勤为径,学海无涯苦作舟页码:第2页共16页ChapterIIITgovernanceArticle6.Thelegalrepresentativeofcommercialbankshouldberesponsibletoensurecomplianceofthisguideline.Article7.Theboardofdirectorsofcommercialbanksshouldhavethefollowingresponsibilitieswithrespecttothemanagementofinformationsystems:(1)Implementingandcomplyingwiththenationallaws,regulationsandtechnicalstandardspertainingtothemanagementofinformationsystems,aswellastheregulatoryrequirementssetbytheChinaBankingRegulatoryCommission(hereinafterreferredtoasthe“CBRC”);(2)PeriodicallyreviewingthealignmentofITstrategywiththeoverallbusinessstrategiesandsignificantpoliciesofthebank,assessingtheoveralleffectivenessandefficiencyoftheITorganization.(3)ApprovingITriskmanagementstrategiesandpolicies,understandingthemajorITrisksinvolved,settingacceptablelevelsfortheserisks,andensuringtheimplementationofthemeasuresnecessarytoidentify,measure,monitorandcontroltheserisks.(4)Settinghighethicalandintegritystandards,andestablishingaculturewithinthebankthatemphasizesanddemonstratestoalllevelsofpersonneltheimportanceofITriskmanagement.(5)EstablishinganITsteeringcommitteewhichconsistsofrepresentativesfromseniormanagement,theITorganization,andmajorbusinessunits,tooverseetheseresponsibilitiesandreporttheeffectivenessofstrategicITplanning,...
