Overview and impact of Circular
Over the past three years, the CBIRC has been pushing companies in the banking and insurance sectors to address various issues, including insufficient corporate governance, infringement on consumer rights, and industry-specific integrity risks. The CBIRC required banks and insurance companies to review major issues identified and potential risks existing in their daily operations, take corrective actions and hold the individuals concerned liable.
The CBIRC is now undertaking follow-up checks, paying particular attention to the following and asking if:
- the relevant entities and persons have fulfilled their responsibilities to rectify identified problems
- the economy has benefitted from the rectification
- the rectification measures are thorough and effective
- the violations have been greatly contained
- the compliance mechanism is sound and functions effectively
The Circular also makes it clear that any financial irregularities or violations in the execution of the business (including corporate governance, business operations and equity management) will be handled seriously in accordance with the law.
On 4 July 2020, the CBIRC published a list of 38 shareholders who have allegedly engaged in improper activities, such as profiting from illegal transactions, fabricating materials, using unqualified sources of materials, and flouting regulatory rules. The CBIRC stated that it will regularly publish such lists in the future.
These follow-up checks by the CBIRC are consistent with the global push by regulators in the banking and insurance sectors to ensure that companies implement robust compliance programs. Companies need to take steps now to ensure that they have in place an effective compliance program that will hold up against the scrutiny of the CBIRC.
Such steps should include the following:
- Reviewing the existing set of policies and procedures, particularly in relation to corporate governance, anti-corruption and money laundering. The program should adequately cover the risks to the business, which should include a robust procedure (e.g., effective whistleblowing program and internal reporting mechanism) for escalating issues to top or senior level management. We have seen ineffective whistleblowing programs in many jurisdictions in Asia where local language is a must or where reports are directed to country management or legal counsel, thus reducing the likelihood of local employees utilizing the system to report issues.
- Addressing any gaps in the program. The current environment may give rise to additional anti-corruption or money laundering risks that need to be addressed. For example, are the organisation’s due diligence / background check procedures effective to deal with risks associated with engaging new or unfamiliar third parties (e.g., KYC procedures, managing interactions between agents and third parties)? Our experience in assessing these procedures is that many are scoped incorrectly or the red flags are not followed up with additional scrutiny.
- Reviewing high-risk transactions and irregularities. There are certain areas that carry a higher degree of risk in the financial services industry. The Circular makes it clear that banking and insurance companies need to be aware of these areas and take steps to actively monitor them. Companies should make sure that their compliance program includes a process that delegates responsible personnel to review transactions and records in a manner that is commensurate to the risk.
- Ensuring top-level management is actively involved in the program. Top-level management should be heavily involved in the construction and implementation of the compliance program. Management should take responsibility for ensuring that the program is appropriately resourced for the company’s needs, and it should be proactively involved in the program’s dissemination and practical implementation at an operational level on the ground.
If you would like clear, practical guidance on designing, establishing and implementing a robust compliance program, please refer to Baker McKenzie’s 5 Essential Elements Of Corporate Compliance.