China Banking Regulatory Commission issued the "Guidelines on Information technology risk management of commercial banks", the CBRC's responsible officials answered questions about relevant questions in response to a reporter. Q: In 2006, the CBRC issued the "Guidelines on risk management of information systems in banking institutions", and why is it now promulgated the guidelines on Information technology risk management of commercial banks? A: In 2006, the CBRC issued the guidelines on risk management of information systems of banking financial institutions (hereinafter referred to as the original "Guidelines"), which fills the gap in the field of banking information system supervision in China. However, with the development of banking informationization, the role of information technology has been gradually from business support to the integration of business, become the backbone of the bank's sound operation and development, positioning in the basic requirements of the original "guide" has been difficult to further meet the needs of commercial bank information technology risk management. In addition, the original "guideline" on information system risk management in principle, the implementation of commercial banks, operating level of guidance is not perfect. To this end, the CBRC decided to revise the original guideline and renamed it the "Commercial Bank information Technology Risk Management Guideline" (hereinafter referred to as the new guideline), and the original guideline was abolished at the same time. Q: What are the basic principles and guidelines for drafting the new guideline? A: During the drafting of the new guidelines, the CBRC the bank supervision concept of "managing legal person, managing risk, controlling internal control and improving transparency" is implemented in the following aspects: first, it points out that the legal representative of Commercial Bank is the first responsibility of the information technology risk management of the corporation. Second, from insisting on the risk supervision, the commercial Bank should establish an effective mechanism to realize the identification, measurement, monitoring and control of it risk and improve the level of information technology use. Third, from the requirements of internal control supervision, commercial banks should establish a complete management organization structure, formulate perfect management system and process, and control each link of information technology with the management mechanism of each other. Four, from the protection of the interests of the vast number of savers, commercial banks in the information system development, testing and maintenance, and service outsourcing process to strengthen the protection of customer information, to prevent sensitive information disclosure, business continuity management is also standardized to ensure customer data security and service continuity. Q: What is the basic framework and main content of the new guideline? A: "Commercial bank information Technology risk Management Guideline" a total of 11 chapters 76, the main content includes general principles, information technology management, information technology risk management, information security, Information system development test and maintenance, information technology operation, business continuity management, outsourcing, internal audit, external audit, annex and so on. Q: What are the characteristics of the new guidelines compared to the original guidelines? A: Compared with the original guideline, the new guideline has the following six distinct features: first, the management category extends from information system risk to it risk, comprehensively covers all aspects of the information technology activities of commercial banks, further clarifying the relationship between information technology and banking business;From banking financial institutions to corporate commercial banks, other banking financial institutions in reference to the implementation of the third is the information technology governance as the primary content proposed to enrich and refine the commercial banks in the governance level of the specific requirements; The contents of the Information technology risk management and internal and external audit requirements are expounded in three separate chapters. In particular, it requires an audit to penetrate the whole process of information technology activities; According to the international and domestic standards and successful practice, it puts forward high standard and high requirements to the information security, business continuity management and outsourcing in the whole lifecycle of the Commercial Bank information technology, and makes the operation more strong. Six is to strengthen the customer information protection requirements. Q: What is the impact of the release of the new guidelines on our commercial banks? A: The release of the new guideline will have a positive effect on China's banking information technology risk management. First, the new guidelines set out the main responsibilities of board and senior management in information technology risk management, it is proposed that the "three lines of defence" of Information Technology risk management (information technology management, information technology risk management, it risk audit) should be set up, and the commercial bank should establish the chief information officer at the decision-making level. It is advantageous for the commercial bank to strengthen the information technology governance, secondly, the new "guideline" provides the commercial bank in the concrete operation level to provide the reference, the operational strong request, is advantageous to promotes the commercial bank information technology risk management level the continuous promotion; In addition, the request for the protection of sensitive information, In particular, the requirements of information protection for outsourced services will encourage commercial banks to further strengthen customer information protection and provide more secure service for the majority of depositors. Q: What measures will the CBRC take in respect of the information technology risk supervision of commercial banks in the future? A: In the future, the CBRC will continue to strengthen its supervision over the information technology risks of commercial banks. First, the banking financial institutions to carry out the new "guidance" to track the situation of the different types of information technology risk analysis, research and improve the information technology risk supervision system; second, the field inspection to prevent and dissolve the risk of information technology in the banking industry Third, to strengthen the off-site supervision of the banking information technology risk, to study and establish the Information Technology risk rating system, to achieve classified supervision and differential supervision, and to encourage commercial banks to continuously upgrade the information technology risk management level.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.