On 24 June 2020, the China Banking and Insurance Regulatory Commission (CBIRC) issued a circular on Carrying out the Follow-up Checks for the Rectification of Market Problems in the Banking and Insurance Sectors.
The CBIRC proposes to launch follow-up checks to review the steps taken to correct industry problems identified in the past three years following some high-profile cases, particularly in the areas of corporate governance, risk management and repeated violations of several laws and regulations.
In the past three years, the CBIRC has been pushing companies in the banking and insurance sectors to address various issues including insufficient corporate governance, infringement on consumer rights, and industry-specific integrity risks. The CBIRC required banks and insurance companies to review major issues identified and potential risks existing in their daily operations, take corrective action, and hold individuals concerned liable.
The CBIRC is now undertaking follow up checks to see if:
- Relevant entities and persons have fulfilled their responsibilities to rectify identified problems;
- The economy has benefitted from the rectification;
- Rectification measures are thorough and effective;
- Violations have been greatly contained; and
- Compliance mechanisms are sound and function effectively.
The circular also makes clear that any financial irregularities or violations in the execution of business (including corporate governance, business operations and equity management) will be handled seriously in accordance with the law.
On 4 July 2020, the CBIRC published a list of 38 shareholders who have allegedly engaged in improper activities, such as profiting from illegal transactions, fabricating material, using unqualified sources of material, and flouting regulatory rules. The CBIRC stated that it will regularly publish such lists in the future.
The follow-up checks are consistent with a global push by regulators in the banking and insurance sectors to ensure that companies implement robust compliance programmes. Companies need to take steps now to ensure that they have in place an effective compliance programme that will hold up against CBIRC scrutiny. Such steps should include the following:
• Reviewing existing policies and procedures, particularly in relation to corporate governance, anti-corruption and money laundering. The programme should adequately cover the risks to the business, which should include a robust procedure (e.g., effective whistleblowing programme and internal reporting mechanism) for escalating issues to top or senior-level management. The authors have seen ineffective whistleblowing programmes in many jurisdictions in Asia where the local language is a must, or where reports are directed to country management or legal counsel, thus reducing the likelihood of local employees utilizing the system to report issues.
• Addressing any gaps in the programme. The current environment may give rise to additional anti-corruption or money laundering risks that need to be addressed. For example, are the organization’s due diligence/background check procedures effective to deal with risks associated with engaging new or unfamiliar third parties (e.g., KYC [know your customer] procedures, and managing interactions between agents and third parties). It is common when assessing these procedures to see that many are scoped incorrectly, or the red flags are not followed up with additional scrutiny.
• Reviewing high-risk transactions and irregularities. There are certain areas that carry a higher degree of risk in the financial services industry. The circular makes clear that banking and insurance companies need to be aware of these areas and take steps to actively monitor them. Companies should make sure that their compliance programme includes a process that delegates responsible personnel to review transactions and records in a manner that is commensurate to the risk.
• Ensuring top-level management is actively involved in the programme. Top-level management should be heavily involved in the construction and implementation of the compliance programme. Management should take responsibility for ensuring that the programme is appropriately resourced for the company’s needs, and it should be proactively involved in the programme’s dissemination and practical implementation at an operational level.