Navigating NFRA Compliance Measures for Foreign Funded Banks

Authors: Ting ZHENG丨Raymond YAN丨Eryin YING丨Lin ZHU丨Shirley LIANG丨Hattie ZHANG

Overview

On 27 December 2024, the National Financial Regulatory Administration ("NFRA") issued the Measures for the Compliance Management of Financial Institutions (《金融机构合规管理办法》)("Compliance Measures"), which will take effect on 1 March 2025.  Prior to that, the NFRA released the consultation draft of the Compliance Measures to solicit public comments on 16 August 2024 ("Consultation Paper").

The Compliance Measures are built upon the Guidelines on Compliance Risk Management for Commercial Banks (《商业银行合规风险管理指引》)("Old Compliance Guidelines"), and the Administrative Measures for the Compliance Management of Insurance Companies (《保险公司合规管理办法》), and will replace them from 1 March 2025, aiming to guide financial institutions (including commercial banks) in establishing more comprehensive and effective compliance management systems by drawing from years of market practice.

We outline below the key requirements under the Compliance Measures and their potential implications for foreign funded banks (including subsidiary banks and where applicable, foreign bank branches) in China ("Banks" or a "Bank").  Please note a one-year transition period is granted and Banks should complete their alignment with the Compliance Measures by the end of February in 2026.

Key requirements

I.   Scope of application

The Compliance Measures apply to wholly foreign owned subsidiary banks and JV banks, among other banking and insurance institutions.  Foreign bank branches, among other specified NFRA regulated entities, will need to comply with the Compliance Measures mutatis mutandis according to their industry-specific characteristics and regulatory requirements.

II.   Expanding coverage

Article 3 of the Compliance Measures provides that "Compliance" for Banks refers to the compliance with such rules that govern Banks' operations and employee conducts, including laws, administrative regulations, departmental rules, normative documents, and internal policies formulated by Banks to meet regulatory requirements.

Compared to the Old Compliance Guidelines and the Consultation Paper, the Compliance Measures remove the industry self-regulation standards out of compliance's coverage.  However, Article 6 of the Compliance Measures provides that the China Banking Association shall formulate implementing rules of the Compliance Measures and implement self-regulatory management on the compliance work of its member banks.  Banks will still need to abide by those industry self-regulation standards to avoid potential disciplinary measures.

Another point worth noting is that the internal policies formulated by financial institutions to meet regulatory requirements are added into the scope of compliance obligations, which echoes NFRA's requirement for all banking and insurance financial institutions (including Banks) to timely and dynamically incorporate regulatory provisions into their internal policies under the Notice of the China Banking and Insurance Regulatory Commission on launching the "Internal Control and Compliance Management Construction Year" Activity in the Banking and Insurance Industries (《中国银保监会关于开展银行业保险业"内控合规管理建设年"活动的通知》).  Banks will need to revisit their internal policies from time to time and ensure they properly incorporate then applicable regulatory requirements.

III.   Compliance management system

1.   Top-down responsibility system

The Compliance Measures assign compliance responsibilities to all levels of departments and employees within Banks, creating a comprehensive top-down responsibility system, which is detailed in the following table:

2.   Compliance management department

(1) Department set-up — according to Article 3 of the Compliance Measures, Banks are free to decide whether to concentrate all compliance management functions within a single department or split into several non-conflicting departments to jointly undertake compliance management duties, provided that in the latter case, Banks shall clearly designate the leading department responsible for compliance management.

(2) Duties — Article 28 of the Compliance Measures outlines the main responsibilities of the compliance management department, covering the entire process of pre-, during-, and post-event activities, including: leading the organization of compliance reviews, compliance checks, evaluations, compliance risk monitoring, and handling compliance events; formulating compliance norms; promoting the effective implementation of compliance norms etc.  These duties clarify the basic workflow of compliance management.

(3) Reporting lines — the compliance management department at Banks shall report to CCO.  The compliance management departments at provincial-level or first-tier branches shall report to compliance officers at the same level, and any compliance management department of a Subordinate Institution shall be guided and supervised by higher-level compliance management department.

IV.   Compliance personnel management system

1.   CCO and compliance officers

According to Article 13 of the Old Compliance Guidelines, CCO (practically often referred to as the compliance head ("合规负责人" in Chinese) in Banks) shall be appointed by the SMP, typically the president ("行长" in Chinese).  The Compliance Measures establish unified requirements for Banks to appoint CCO and compliance officers, with the specific requirements as follows:

2.   Rights and obligations of CCO and compliance officers

3.   Compliance personnel

(1)  Professional background

According to Article 38 of the Compliance Measures, the compliance management department should be mainly comprised of those personnel having education background in law or economics or finance, but there is no quantified criteria for the "mainly" referred to in this article.

Additionally, it is required that, in principle, personnel who are engaged in reviewing Banks' contracts from legal and compliance perspective for the first time, or issuing legal and compliance opinions on Banks' major events such as reform and reorganization, merger and acquisition and listing, transfer of property rights, bankruptcy reorganization, reconciliation and liquidation, shall have a legal background or have passed the legal professional qualification examination.  Compared to the Consultation Paper, "in principle" is added to provide more flexibility.

(2)  Compliance personnel in business departments and subordinate institutions

Article 39 requires all departments and Subordinate Institutions shall be equipped with full-time or part-time personnel engaged in compliance work that are commensurate with their business scale and risk control difficulty.  Compared to the Consultation Paper, the Compliance Measures allow those departments and Subordinate Institutions having lower compliance risks to have part-time compliance personnel.

4.   Evaluation of compliance personnel and remuneration system

Article 43 of the Compliance Measures requires that Banks shall formulate an evaluation and management system for CCO, compliance officers, compliance management department, and full-time compliance management personnel, and shall not adopt evaluation methods that are not conducive to compliance independence, such as the evaluation of SMP who are not in charge of the compliance management department, the evaluation of other departments, or the evaluation based on the business performance of the business department, except for the principal person in charge of Banks; compliance work that requires the joint efforts of all departments must not be used as a separate evaluation indicator for compliance management departments.

Banks shall also establish a mechanism for managing the remuneration of CCO, compliance officers and compliance management personnel, and the remuneration shall comply with following standards:

(1)  CCO: the annual total remuneration should generally not be lower than the average level for SMP with the same qualifications (same rank, same evaluation results).

(2)  Compliance officers and compliance management personnel: the annual total remuneration should generally not be lower than the average level for personnel with the same qualifications (same job type, same rank, same evaluation results).

Outlook

The Compliance Measures set a comprehensive guideline for the establishment and operation of compliance management systems within Banks.  Banks will need to revisit existing compliance management systems and make necessary adjustments to fully comply with the Compliance Measure by the end of February in 2026.  It also remains to be seen whether NFRA will provide window guidance on the scope of Major Violations and Significant Risks, application of the Compliance Measures to foreign bank branches.  Han Kun will closely monitor the regulatory updates and assist Banks to achieve continuous compliance.