The China Banking and Insurance Regulatory Commission (CBIRC) issued rules on related-party transactions and outsourcing risks while its Consumer Rights Protection Bureau set out the first issue of risk warnings in 2022, reminding consumers to pay attention to prevent "routine" behaviors that violate financial consumers' right to know, independent choice, fair trade, and property security. CBIRC formulated the rules on related-party transactions of banking and insurance institutions, which shall be effective from March 01, 2022. The regulator has published questions and answers related to the rules and plans to issue shortly a notice clarifying the transitional arrangements for implementation of these rules. Also published are the measures, or rules, on supervision of information technology outsourcing risks of banking and insurance institutions, along with a set of questions and answers on the measures; the measures shall come into force as of the date of promulgation.
The key provisions of the measures on information technology outsourcing relate to outsourcing governance, outsourcing access, monitoring, evaluation, and risk management associated with outsourcing. The measures set out
- banking and insurance institutions should establish an information technology outsourcing management system that is compatible with their own information technology strategic goals, incorporate information technology outsourcing risks into a comprehensive risk management system, and effectively control risks arising from outsourcing.
- requirements on the organization and responsibilities of banking and insurance institutions, outsourcing strategies, outsourcing prohibitions, service provider management strategies, outsourcing classification, outsourcing hierarchical management, and exit strategies in the governance of information technology outsourcing.
- regulatory requirements for the access of information technology outsourcing and put forward additional requirements for off-site centralized outsourcing, cross-border outsourcing, inter-bank and related outsourcing.
- put forward requirements for outsourcing risk identification and assessment, business continuity management, information security management, concentration risk management, off-site outsourcing on-site inspection, annual risk assessment, and audit.
- provisions on the implementation of outsourcing supervision and management by regulatory agencies, including pre-reporting requirements, major event reporting, regulatory assessment and supervision and inspection, risk monitoring, regulatory intervention, on-site inspection, and regulatory accountability.
Related Links (in Chinese/English)
- Press Release on Related-Party Transactions
- Rules on Related-Party Transactions
- Q&A on Rules on Related-Party Transactions
- Press Release on Outsourcing Risk
- Measures on Outsourcing Risk
- Q&A on Outsourcing Measures
- Press Release on Risk Warning for 2022
Keywords: Asia Pacific, China, Banking, Insurance, Related Party Transactions, Reporting, Disclosures, Outsourcing Risk, Regtech, Cloud Service Providers, Operational Risk, Operational Resilience, CBIRC
The European Commission (EC) published the Delegated Regulation 2022/786 with regard to the liquidity coverage requirements for credit institutions under the Capital Requirements Regulation (CRR).
The European Banking Authority (EBA) published the final draft regulatory technical standards specifying the criteria to identify shadow banking entities for the purposes of reporting large exposures.
The European Insurance and Occupational Pensions Authority (EIOPA) published a report assessing insurers' exposure to physical climate change risks
The Network for Greening the Financial System (NGFS) published two reports to aid central banks and regulators in their oversight of the financial sector and in their central bank operations
The European Commission (EC) published the results of a public consultation, held in October 2021, on the review of the Web Accessibility Directive.
The Monetary Authority of Singapore (MAS) and the SC-STS are jointly consulting, until June 10, 2022, on setting adjustment spreads for the conversion of legacy SOR contracts to SORA reference rate.
The Office of the Superintendent of Financial Institutions (OSFI) published the strategic plan for 2022-2025 and the departmental plan for 2022-23.
The European Banking Authority (EBA) is consulting, until August 31, 2022, on the draft implementing technical standards specifying requirements for the information that sellers of non-performing loans (NPLs) shall provide to prospective buyers.
The European Council and the Parliament reached an agreement on the revised Directive on security of network and information systems (NIS2 Directive).
The European Banking Authority (EBA) published the final draft regulatory technical standards specifying information that crowdfunding service providers shall provide to investors on the calculation of credit scores and prices of crowdfunding offers.