CBIRC Issues Rules on Related-Party Transactions and Outsourcing Risks
The China Banking and Insurance Regulatory Commission (CBIRC) issued rules on related-party transactions and outsourcing risks while its Consumer Rights Protection Bureau set out the first issue of risk warnings in 2022, reminding consumers to pay attention to prevent "routine" behaviors that violate financial consumers' right to know, independent choice, fair trade, and property security. CBIRC formulated the rules on related-party transactions of banking and insurance institutions, which shall be effective from March 01, 2022. The regulator has published questions and answers related to the rules and plans to issue shortly a notice clarifying the transitional arrangements for implementation of these rules. Also published are the measures, or rules, on supervision of information technology outsourcing risks of banking and insurance institutions, along with a set of questions and answers on the measures; the measures shall come into force as of the date of promulgation.
The key provisions of the measures on information technology outsourcing relate to outsourcing governance, outsourcing access, monitoring, evaluation, and risk management associated with outsourcing. The measures set out
- banking and insurance institutions should establish an information technology outsourcing management system that is compatible with their own information technology strategic goals, incorporate information technology outsourcing risks into a comprehensive risk management system, and effectively control risks arising from outsourcing.
- requirements on the organization and responsibilities of banking and insurance institutions, outsourcing strategies, outsourcing prohibitions, service provider management strategies, outsourcing classification, outsourcing hierarchical management, and exit strategies in the governance of information technology outsourcing.
- regulatory requirements for the access of information technology outsourcing and put forward additional requirements for off-site centralized outsourcing, cross-border outsourcing, inter-bank and related outsourcing.
- put forward requirements for outsourcing risk identification and assessment, business continuity management, information security management, concentration risk management, off-site outsourcing on-site inspection, annual risk assessment, and audit.
- provisions on the implementation of outsourcing supervision and management by regulatory agencies, including pre-reporting requirements, major event reporting, regulatory assessment and supervision and inspection, risk monitoring, regulatory intervention, on-site inspection, and regulatory accountability.
Related Links (in Chinese/English)
- Press Release on Related-Party Transactions
- Rules on Related-Party Transactions
- Q&A on Rules on Related-Party Transactions
- Press Release on Outsourcing Risk
- Measures on Outsourcing Risk
- Q&A on Outsourcing Measures
- Press Release on Risk Warning for 2022
Keywords: Asia Pacific, China, Banking, Insurance, Related Party Transactions, Reporting, Disclosures, Outsourcing Risk, Regtech, Cloud Service Providers, Operational Risk, Operational Resilience, CBIRC
Featured Experts
María Cañamero
Skilled market researcher; growth strategist; successful go-to-market campaign developer
Nicolas Degruson
Works with financial institutions, regulatory experts, business analysts, product managers, and software engineers to drive regulatory solutions across the globe.
Scott Dietz
Scott is a Director in the Regulatory and Accounting Solutions team responsible for providing accounting expertise across solutions, products, and services offered by Moody’s Analytics in the US. He has over 15 years of experience leading auditing, consulting and accounting policy initiatives for financial institutions.
Previous Article
FCA Issues Updates on Permissions Regime, Examines Banking ModelsRelated Articles
OSFI Issues Phase2 Consultation on Climate Scenario Exercise for Banks
The Office of the Superintendent of Financial Institutions (OSFI) recently announced a consultation on the second phase of the Standardized Climate Scenario Exercise (SCSE) for banks and other financial institutions it regulates in Canada.
BIS and Central Banks Experiment with GenAI to Assess Climate Risks
A recent report from the Bank for International Settlements (BIS) Innovation Hub details Project Gaia, a collaboration between the BIS Innovation Hub Eurosystem Center and certain central banks in Europe
Nearly 25% G-SIBs Commit to Adopting TNFD Nature-Related Disclosures
Nature-related risks are increasing in severity and frequency, affecting businesses, capital providers, financial systems, and economies.
Singapore to Mandate Climate Disclosures from FY2025
Singapore recently took a significant step toward turning climate ambition into action, with the introduction of mandatory climate-related disclosures for listed and large non-listed companies
SEC Finalizes Climate-Related Disclosures Rule
The U.S. Securities and Exchange Commission (SEC) has finalized the long-awaited rule that mandates climate-related disclosures for domestic and foreign publicly listed companies in the U.S.
EBA Proposes Standards Related to Standardized Credit Risk Approach
The European Banking Authority (EBA) has been taking significant steps toward implementing the Basel III framework and strengthening the regulatory framework for credit institutions in the EU
US Regulators Release Stress Test Scenarios for Banks
The U.S. regulators recently released baseline and severely adverse scenarios, along with other details, for stress testing the banks in 2024. The relevant U.S. banking regulators are the Federal Reserve Bank (FED), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
Asian Governments Aim for Interoperability in AI Governance Frameworks
The regulatory landscape for artificial intelligence (AI), including the generative kind, is evolving rapidly, with governments and regulators aiming to address the challenges and opportunities presented by this transformative technology.
EBA Proposes Operational Risk Standards Under Final Basel III Package
The European Union (EU) has been working on the final elements of Basel III standards, with endorsement of the Banking Package and the publication of the European Banking Authority (EBA) roadmap on Basel III implementation in December 2023.
EFRAG Proposes XBRL Taxonomy and Standard for Listed SMEs Under ESRS
The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.