CBRC-银监发44号-银行业金融机构外包风险管理指引-CH-EN

银行业金融机构外包风险管理指引

Guidelines on the Management of Outsourcing Risks of Banking Financial Institutions

（中国银行业监督管理委员会办公厅 银监发[2010]44号 二0一0年六月七日） (General Office of China Banking Regulatory Commission, No. 44 [2010] of China

Banking Regulatory Commission, June 7, 2010)

第一章 总则

Chapter I General Provisions

第一条 为了规范银行业金融机构的外包活动，保障银行业金融机构业务持续经营，依据《中华人民共和国银行业监督管理法》、《中华人民共和国商业银行法》等有关法律法规，制定本指引。

Article 1 These Guidelines are formulated according to the Banking Supervision Law of the People’s Republic of China,the Law of the People’s Republic of China on Commercial Banks and other relevant laws and regulations in order to regulate the outsourcing activities of banking financial institutions and guarantee the continuous operation of the business of banking financial institutions.

第二条 在中华人民共和国境内设立的银行业金融机构适用本指引。

Article 2 These Guidelines shall be applicable to the banking financial institutions established within the territory of the People’s Republic of China.

第三条 本指引中的外包是指银行业金融机构将原来由自身负责处理的某些业务活动委托给服务提供商进行持续处理的行为。服务提供商包括独立第三方，银行业金融机构母公司或其所属集团设立在中国境内、外的子公司、关联公司或附属机构。

Article 3 The term “outsourcing” as mentioned in these Guidelines refers to the banking financial institutions’ entrustment of service providers with some of their own business for continuous handling. Service providers shall include independent third parties and the subsidiary companies, affiliated companies or related companies established inside

Page 1 of 11

and outside China by the parent companies of banking financial institutions or the groups to which they are subordinate.

第四条 银行业金融机构的董事会和高级管理层应当承担外包活动的最终责任。 Article 4 The board of directors and the senior management of a banking financial institution shall assume the final responsibility for the outsourcing activities.

第五条 银行业金融机构开展外包活动应当制定外包的风险管理框架以及相关制度，并将其纳入全面风险管理体系。

Article 5 When conducting outsourcing activities, a banking financial institution shall formulate an outsourcing risk management framework and the relevant rules and include them in the comprehensive risk management system.

第六条 银行业金融机构应当根据审慎经营原则制定其外包战略发展规划，确定与其风险管理水平相适宜的外包活动范围。

Article 6 A banking financial institution shall, under the principle of prudent business operation, formulate its outsourcing strategic development plan, and determine the scope of outsourcing activities compatible to its risk management level.

第七条 银行业金融机构的战略管理、核心管理以及内部审计等职能不宜外包。 Article 7 Such functions of banking financial institutions as strategic management, core management and internal audit are not appropriate to outsource.

第二章 组织结构

Chapter II Organizational Structure

第八条 银行业金融机构外包管理的组织架构应当包括董事会、高级管理层及外包管理团队。

Article 8 The organizational structure of outsourcing management of a banking financial institution shall include its board of directors, senior management and an outsourcing management team.

第九条 董事会的职责主要包括以下方面：

（一）审议批准外包的战略发展规划；

（二）审议批准外包的风险管理制度；

（三）审议批准本机构的外包范围及相关安排；

Page 2 of 11

（四）定期审阅本机构外包活动相关报告；

（五）定期安排内部审计，确保审计范围涵盖所有的外包安排。

Article 9 The functions of the board of directors shall mainly include the following:

(1) deliberating and approving the outsourcing strategic development plans;

(2) deliberating and approving the outsourcing risk management rules;

(3) deliberating and approving its outsourcing scope and the relevant arrangements;

(4) regularly reviewing the relevant reports of its outsourcing activities; and

(5) regularly arranging internal audit so as to ensure that the scope of audit covers all outsourcing arrangements.

第十条 高级管理层的职责主要包括以下方面：

（一）制定外包战略发展规划；

（二）制定外包风险管理的政策、操作流程和内控制度；

（三）确定外包业务的范围及相关安排；

（四）确定外包管理团队职责，并对其行为进行有效监督。

Article 10 The functions of the senior management shall mainly include the following:

(1) formulating outsourcing strategic development plans;

(2) formulating outsourcing risk management policies, operational processes and internal control system;

(3) determining the scope of the outsourcing business and the relevant arrangements; and

(4) determining the functions of the outsourcing management team and conducting effective supervision on the acts thereof.

第十一条 外包管理团队的职责主要包括以下方面：

（一）执行外包风险管理的政策、操作流程和内控制度；

Page 3 of 11

（二）负责外包活动的日常管理，包括尽职调查、合同执行情况的监督及风险状况的监督；

（三）向高级管理层提出有关外包活动发展和风险管控的意见和建议；

（四）在发现外包服务提供商业的业务活动存在缺陷时，采取及时有效的措施；

（五）高级管理层确定的其他职责。

Article 11 The functions of the outsourcing management team shall mainly include the following:

(1) implementing the outsourcing risk management policies, operational processes and internal control system;

(2) being responsible for the daily management of the outsourcing activities, including due diligence investigation, supervision on the implementation of the contracts and supervision on the risk status;

(3) putting forward opinions and suggestions to the senior management on the development of the outsourcing activities and risk control;

(4) taking timely and effective measures when it finds the outsourcing service provider has deficiencies in its business activities; and

(5) other functions as determined by the senior management.

第三章 风险管理 Chapter III Risk Management

第十二条 银行业金融机构在制定外包活动政策时，应当评估以下风险因素：

（一）银行业金融机构应当关注外包活动的战略风险、法律风险、声誉风险、合规风险、操作风险、国别风险等风险；

（二）影响外包活动的外部因素；

（三）本机构对外包活动的风险管控能力；

（四）服务提供商的技术能力及专业能力，业务策略和业务规模，业务连续性及破产风险，风险控制能力及外包服务的集中度；

（五）其他关注的事项。

Page 4 of 11

Article 12 When formulating policies for outsourcing activities, a banking financial institution shall assess the following risk factors:

(1) the banking financial institution shall focus on the strategic risks, legal risks, reputation risks, regulatory compliance risks, operational risks, country risks, etc. in the outsourcing activities;

(2) the external factors affecting the outsourcing activities;

(3) its risk control capability for outsourcing activities;

(4) technical capacity and professional competence, business strategies and business scope, business continuity and bankruptcy risks, risk control ability and degree of concentration of outsourcing service of the service provider; and

(5) other issues of concern.

第十三条 银行业金融机构在进行外包活动时应当对服务提供商进行尽职调查，尽职调查应当包括以下事项：

（一）管理能力和行业地位；

（二）财务稳健性；

（三）经营声誉和企业文化；

（四）技术实力和服务质量；

（五）突发事件应对能力；

（六）对银行业的熟悉程度；

（七）对其他银行业金融机构提供服务的情况；

（八）银行业金融机构认为重要的其他事项。

银行业金融机构的外包活动涉及多个服务提供商时，应当对这些服务提供商进行关联关系的调查。

Article 13 When conducting outsourcing activities, a banking financial institution shall carry out a due diligence investigation on the service provider, which shall include the following:

Page 5 of 11

(1) the management capability and the status in the industry;

(2) the financial stability;

(3) the business reputation and enterprise culture;

(4) technical strength and service quality;

(5) the emergency response capacity;

(6) the degree of familiarity to the banking industry;

(7) provision of service to other banking financial institutions; and

(8) other issues that the banking financial institution deems important.

When the outsourcing activities of a banking financial institution involve two or more service providers, it shall conduct an investigation on the affiliation relationship among these service providers.

第十四条 银行业金融机构开展外包活动时应当签订书面合同或协议，明确双方的权利义务。合同或协议应当包括但不限于以下内容：

（一）外包服务的范围和标准；

（二）外包服务的保密性和安全性的安排；

（三）外包服务的业务连续性的安排；

（四）外包服务的审计和检查；

（五）外包争端的解决机制；

（六）合同或协议变更或终止的过渡安排；

（七）违约责任。

对于具有专业技术性的外包活动，可签订服务标准协议。

Article 14 When conducting outsourcing activities, a banking financial institution shall conclude a written contract or agreement, clarifying the rights and obligations of both parties. The contract or agreement shall include but is not limited to the following:

(1) the scope and standards of the outsourcing service;

Page 6 of 11

(2) the arrangements for the confidentiality and safety of the outsourcing service;

(3) the arrangements for the business continuity of the outsourcing service;

(4) the audit and inspection of the outsourcing service;

(5) the settlement mechanism for the outsourcing disputes;

(6) the transitional arrangements for the change or termination of the contract or agreement; and

(7) the responsibilities for breach of contract.

For professional and technical outsourcing activities, an agreement on service standards may be concluded.

第十五条 银行业金融机构在外包活动中应当建立严格的客户信息保密制度，并依法履行告知义务。

Article 15 A banking financial institution shall establish a strict confidentiality system for client information and fulfill the obligation of notification according to law in the outsourcing activities.

第十六条 银行业金融机构在外包合同中应当要求外包服务提供商承诺以下事项：

（一）定期通报外包活动的有关事项；

（二）及时通报外包活动的突发性事件；

（三）配合银行业金融机构接受银行业监督管理机构的检查；

（四）保障客户信息的安全性，当客户信息不安全或客户权利受到影响时，银行业金融机构有权随时终止外包合同；

（五）不得以银行业金融机构的名义开展活动；

（六）银行业金融机构认为应当承诺的其他事项。

Article 16 A banking financial institution shall request the outsourcing service provider to make commitments on the following issues in the outsourcing contract:

(1) regularly notifying the relevant issues in outsourcing activities;

Page 7 of 11

(2) timely notifying the emergencies in the outsourcing activities;

(3) cooperating with the banking financial institution in accepting the supervision of the banking regulatory institution;

(4) guaranteeing the safety of client information. When the client information is unsafe or the rights of clients are affected, the banking financial institution has the right to terminate the outsourcing contract at any time;

(5) not conducting activities in name of the banking financial institution; and

(6) other issues on which the banking financial institution believes it should make a commitment.

第十七条 银行业金融机构应当关注外包服务提供商分包的风险，并在合同中明确以下事项：

（一）服务提供商分包的规则；

（二）分包服务提供商应当严格遵守主服务提供商与银行业金融机构确定的外包合同或协议中的相关条款；

（三）主服务商应当确认在业务分包后继续保证对服务水平和系统控制负总责；

（四）不得将外包活动的主要业务分包。

Article 17 A banking financial institution shall concern the risks of subcontracting of the outsourcing service provider, and clarify the following issues in the contract:

(1) the rules for the subcontracting by the service provider;

(2) the subcontracting service provider shall strictly comply with the relevant clauses in the outsourcing contract or agreement concluded by the main service provider and the banking financial institution;

(3) the main service provider shall guarantee to continue to be responsible for the service quality and system control after the business is subcontracted; and

(4) the major business of outsourcing activities shall not be subcontracted.

第十八条 银行业金融机构应当在合同中约定服务提供商不得将外包活动转包或变相转包。

Page 8 of 11

Article 18 A banking financial institution shall stipulate in the contract that a service provider shall not sublet or sublet in disguise the outsourced services.

第十九条 银行业金融机构在开展跨境外包活动时，应当遵守以下原则：

（一）审慎评估法律和管制风险；

（二）确保客户信息的安全；

（三）选择境外服务提供商时，应当明确其所在国家或地区监管当局已与我国银行业监督管理机构签订谅解备忘录或双方认可的其他约定。

Article 19 A banking financial institution shall observe the following principles when conducting overseas outsourcing activities:

(1) prudently assessing the legal and control risks;

(2) ensuring the safety of client information; and

(3) when choosing an overseas service provider, it shall make sure that the regulatory bureau of the country or region where the service provider is has concluded a memorandum of understanding or other agreements recognized by both parties with China’s banking regulatory institution.

第二十条 银行业金融机构应当事先制定和建立外包突发事件应急预案和机制。通过采取替代方案、寻求合同项下的保险安排等措施，确保业务活动的正常经营。

Article 20 A banking financial institution shall formulate and establish an outsourcing emergency response plan and mechanism in advance, and ensure the normal operation of the business activities through taking an alternative plan, seeking insurance arrangements under the contract and other measures.

第二十一条 银行业金融机构应当定期对外包活动进行全面审计与评价。

Article 21 A banking financial institution shall conduct comprehensive audit and assessment on the outsourcing activities on a regular basis.

第四章 监督管理

Chapter IV Supervision and Administration

第二十二条 银行业金融机构在开展外包活动时，应当定期向所在地银行业监督管理机构递交本机构外包活动的评估报告。

Page 9 of 11

Article 22 When conducting outsourcing activities, a banking financial institution shall submit an assessment report of its outsourcing activities to the local banking regulatory institution on a regular basis.

第二十三条 银行业金融机构在开展外包活动时如遇到对本机构的业务经营、客户信息安全、声誉等产生重大影响事件，应当及时向所在地银行业监督管理机构报告。

Article 23 Where a banking financial institution encounters any event which has significant impact on its business operation, safety of client information, reputation, etc. when conducting outsourcing activities, it shall timely report such event to the local banking regulatory institution.

第二十四条 银行业监督管理机构及其派出机构根据需要对外包活动进行现场检查，采集外包活动过程中数据信息和相关资料，并将检查结果纳入对该机构的监管评级。

Article 24 A banking regulatory institution and its local offices shall conduct on-site inspection on the outsourcing activities where necessary, collect the data information and the relevant materials during the outsourcing activities, and include the inspection results in the supervision rating of the relevant institution.

第二十五条 对外包活动存在以下情形的，银行业监督管理机构可以要求银行业金融机构纠正或采取替代方案，并视情况予以问责。

（一）违反相关法律、行政法规及规章；

（二）违反本机构风险管理政策、内控制度及操作流程等；

（三）存在重大风险隐患；

（四）其他认定的情形。

Article 25 Where any outsourcing activity falls under any of the following circumstances, the banking regulatory institution may request the banking financial institution to make rectifications or take an alternative plan, and investigate into the liability in light of the circumstances.

(1) violating the relevant laws, administrative regulations and rules;

(2) violating the risk management policies, internal control system, operating procedures, etc. of the banking financial institution;

Page 10 of 11

(3) has major potential risks; or

(4) other confirmed circumstances.

第五章 附则

Chapter V Supplementary Provisions

第二十六条 经银行业监督管理机构批准的其他金融机构开展外包活动时遵照本指引执行。

Article 26 Other financial institutions conducting outsourcing activities approved by banking regulatory institutions shall be governed by these Guidelines.

第二十七条 本指引由中国银行业监督管理委员会负责解释。

Article 27 The power to interpret these Guidelines shall remain with China Banking Regulatory Commission.

第二十八条 本指引自发布之日起实施。

Article 28 These Guidelines shall come into force on the date of issuance.

Page 11 of 11

(3) has major potential risks; or

(4) other confirmed circumstances.

第五章 附则

Chapter V Supplementary Provisions

第二十六条 经银行业监督管理机构批准的其他金融机构开展外包活动时遵照本指引执行。

Article 26 Other financial institutions conducting outsourcing activities approved by banking regulatory institutions shall be governed by these Guidelines.

第二十七条 本指引由中国银行业监督管理委员会负责解释。

Article 27 The power to interpret these Guidelines shall remain with China Banking Regulatory Commission.

第二十八条 本指引自发布之日起实施。

Article 28 These Guidelines shall come into force on the date of issuance.

Page 11 of 11

本文来源：https://www.bwwdw.com/article/7cer.html