Notice of the Securities Association of China on Issuing Guidelines for Compliance Management of Securities Companies

 2018-06-24  60


  • Document NumberNo. 208 [2017] of the Securities Association of China
  • Area of LawSecurities
  • Level of AuthorityIndustry Regulations
  • Date issued09-08-2017
  • Effective Date10-01-2017
  • StatusEffective
  • Issuing AuthoritySecurities Association of China

Notice of the Securities Association of China on Issuing the Guidelines for the Compliance Management of Securities Companies
(No. 208 [2017] of the Securities Association of China)
All securities companies:
For the purposes of directing securities companies to effectively carry out the Measures for the Compliance Management of Securities Companies and Securities Investment Fund Management Companies, and enhancing the compliance management of securities companies, the Securities Association of China (“SAC”) has organized the drafting of the Guidelines for the Compliance Management of Securities Companies, which, as voted through at the 2nd Session of the Sixth Executive Council of the SAC and granted recordation by the China Securities Regulatory Commission, are hereby issued, and shall come into force on October 1, 2017.
Securities Association of China
September 8, 2017
Guidelines for the Compliance Management of Securities Companies
Chapter I General Provisions
Article 1 These Guidelines are developed for the purposes of directing securities companies to effectively carry out the Measures for the Compliance Management of Securities Companies and Securities Investment Fund Management Companies (hereinafter referred to as the “Measures”) and enhancing the compliance management of securities companies.
Article 2 A securities company shall establish and insist on the following compliance concepts:
(1) Compliance of all employees. Compliance is the basic code of conduct for all employees of a securities company. All employees of the securities company shall strictly comply with laws, regulations and rules, and actively prevent, find and resolve compliance risks.
(2) Compliance shall be first conducted by the management. The securities company shall establish a sound corporate governance structure, ensure that the board of directors effectively exercises major decision-making and supervision functions, and ensure that the board of supervisors effectively exercises the supervision function. The board of directors, the board of supervisors and senior executives of the securities company shall pay attention to the compliance of the company's business operation, assume the responsibility for effectively managing the company's compliance risks, actively practice and promote the compliance culture, and promote the company's compliance operation.
(3) Compliance creates value. The securities company shall prevent and resolve compliance risks through effective compliance management, enhance management and business capability, and create value for institutions, the industry and the society.
(4) Compliance is the basis for the existence of the company. The securities company shall attach more importance to compliance management, insist on compliance operation, and lay a basis for the normal operation and long-term sustainable development of the company.
Article 3 A securities company shall develop basic rules for compliance management, which shall be implemented after deliberation and adoption at the board of directors. The basic rules on compliance management shall cover such content as the objective and basic principles of compliance management, setup of institutions and their functions, guarantee for the performance of functions, compliance examination, reporting and handling of matters on regulatory violations, and accountability.
The securities company shall, in light of its actual business operation, develop specific management rules or operating procedures for directing the implementation of business activities in accordance with laws and regulations, and effectively strengthen the compliance management of all kinds of business activities.
The securities company shall develop the code of conduct for the practice of employees, direct employees to establish a sound awareness of compliance practice and morality code of conduct, and ensure that the practice of employees complies with laws and regulations.
The securities company shall take effective measures to guarantee the professional and vocational level of compliance managers.
Article 4 A securities company and its employees shall abide by the professional ethics and codes of conduct generally acknowledged by the industry, including but not limited to honesty and trustworthiness, diligence and responsibility, professionalism and devotion, fair competition, giving priority to clients' interests, effectively preventing and resolving conflicts of interest in an appropriate manner, voluntarily maintaining the sound reputation and order of the industry, and actively assuming social responsibilities.
Article 5 A securities company shall effectively prevent and handle conflicts of interest in an appropriate manner, and when the conflicts of interest between the company and the client is involved, the principle of giving priority to clients' interests shall be adhered to. When the conflicts of interest between clients are involved, the principle of fair treatment of clients shall be adhered to.
Article 6 The Securities Association of China (hereinafter referred to as the “SAC”) shall conduct self-disciplinary management of compliance management of securities companies.
Chapter II Compliance Management Functions
Article 7 The principal person in charge of business management, other senior executives, the person in charge of all affiliated entities and other employees of a securities company shall sufficiently understand and obtain the information on laws, regulations and rules relating to their business management and practice, sufficiently identify relevant compliance risks in business decision-making, operation management and practice, and actively prevent, respond to and report compliance risks.
Article 8 The principal person in charge of business management of a securities company shall assume responsibilities for the company's compliance operation, and perform the following compliance management functions:
(1) Organizing the formulation of the company's rules and regulations and overseeing the implementation thereof.
(2) Actively advocating the concept of compliance operation in routine operation, actively cultivating the company's compliance culture, diligently performing compliance management functions, and actively performing compliance management requirements.
(3) Attaching sufficient attention to the validity of the company's compliance management, and when finding any existing problem, requiring all affiliated entities and their employees to make improvement in a timely manner.
(4) Urging and reminding other senior executives of the company to perform compliance management functions in a diligent manner in the fields under their charge, and perform compliance management requirements.
(5) Supporting the work of the chief compliance officer and the compliance department, and urging all affiliated entities to provide effective guarantee for the performance of functions by compliance managers.
(6) Supporting the chief compliance officer and the compliance department in reporting compliance risk matters to the board of directors and regulatory authorities according to regulatory requirements and the provisions of the company's rules.
(7) Sufficiently soliciting the compliance opinion of the chief compliance officer and the compliance department in the company's business decision-making.
(8) Urging all affiliated entities of the company to conduct the self-examination of compliance risk matters or assist the company's investigation, conduct compliance accountability in strict accordance with the company's provisions, and carry out rectification measures.
Article 9 Other senior executives of a securities company shall assume responsibility for the compliance operation of the fields under their charge, and perform the following compliance management functions:
(1) Organizing the implementation of all rules and regulations of the company in the fields under their charge, organizing the drafting and formulation of rules and regulations in the fields under their charge, and overseeing the implementation thereof.
(2) Actively advocating the concept of compliance operation in the fields under their charge, and actively cultivating the company's compliance culture.
(3) Attaching sufficient attention to the validity of compliance management in the fields under their charge, and when finding any existing problem, requiring all affiliated entities and their employees to make improvement in a timely manner.
(4) Reminding and urging the persons in charge of all affiliated entities in the fields under their charge to diligently perform compliance management functions, and carry out compliance management requirements.
(5) Supporting the work of compliance managers of all affiliated entities in the fields under their charge, and urging all affiliated entities in the fields under their charge to provide effective guarantee for the performance of functions by compliance managers.
(6) Supporting all affiliated entities in the fields under their charge and their compliance managers to report compliance risk matters to the company and compliance department in accordance with the provisions of the company's rules.
(7) Soliciting the compliance opinion of the company's compliance department and compliance managers of all affiliated entities in the fields under their charge and paying sufficient attention in business decision-making within the scope of their functions.
(8) Urging all affiliated entities in the fields under their charge to conduct self-inspection on compliance risk matters or assist in the company's investigation, investigate the liability for compliance in strict accordance with the company's provisions, and carry out rectification measures.
Article 10 The person in charge of an affiliated entity of a securities company shall be responsible for carrying out the compliance management requirements of its entity, assume responsibility for the compliance operation of the entity, and perform the following compliance management functions:
(1) Carrying out all rules and regulations of the company in the entity, organizing the drafting and implementation of rules and regulations relating to the functions of the entity, and overseeing the implementation thereof.
(2) Establishing and improving the entity's compliance management rules and mechanism, and embedding compliance requirements of all business activities in business management rules and operating procedures.
(3) Actively advocating the concept of compliance operation in the entity and actively cultivating the company's compliance culture.
(4) Actively assisting in the work of the chief compliance officer and the compliance department, and diligently soliciting and implementing the compliance management opinions of the chief compliance officer and the compliance department.
(5) Assigning qualified compliance managers to the entity, and avoiding the distribution of work in conflict with the performance of compliance functions.
(6) Supporting the work of compliance managers of the entity, providing performance guarantee for compliance managers of the entity, including but not limited to participating in the entity's important meetings, consulting the entity's various types of business and management documents, and sufficiently respecting their rights to offer professional compliance opinions in an independent manner.
(7) Sufficiently demonstrating the compliance with laws and regulations of the business before conducting the business, sufficiently soliciting the compliance examination opinion of compliance managers of the entity, effectively assessing the compliance risks of the business, and actively avoiding the implementation of any business with compliance risks.
(8) When he or she finds any compliance risk matter relating to the entity's business, it shall report the matter in a timely manner according to the company's rules, offer rectification measures, and urge the rectification.
Article 11 All employees of a securities company shall be responsible for the compliance of all business matters and practice within the scope of their business activities, and perform the following compliance management functions:
(1) Actively obtaining the information on and abiding by relevant laws, regulations and rules.
(2) Actively participating in the compliance training and compliance publicity and guidance arranged by the company.
(3) Signing and abiding by relevant compliance commitments according to the company's requirements.
(4) Paying sufficient attention to the compliance of practice in the course of practice.
(5) Actively identifying and preventing business compliance risks in the course of business implementation.
(6) Actively reporting any violation of law or regulation or potential compliance risks in a timely manner according to the company's provisions.
(7) Actively assisting the company's investigation of compliance risk matters, accepting the company's accountability, and carrying out rectification requirements.
Article 12 The chief compliance officer shall not concurrently serve as the person in charge of the business department and the person in charge of the branch office with business functions, shall not take charge of the business department or any branch office with business functions, and shall not concurrently serve on the position with the nature of business operation in the affiliated subsidiary.
The securities company shall not distribute or exercise business assessment indicators and tasks to the chief compliance officer, the compliance department or any other compliance manager.
Article 13 A securities company shall establish the new product and new business assessment and decision-making mechanism, and the chief compliance officer and the compliance department shall offer compliance examination opinions on new products and new businesses. The securities company shall, when making relevant decisions, sufficiently consider and adopt compliance examination opinions.
New products and new businesses mean the products and services provided by the company for the first time on the demonstration of the compliance of businesses, and business implementation methods, among others.
Article 14 A securities company shall, according to the requirements of the regulatory authority and self-disciplinary organization, the provisions of relevant rules and management requirements of the company, inspect the compliance of business management and practice of all affiliated entities and their employees. Compliance inspection includes the compliance inspection organized by all affiliated entities, and also covers the compliance inspection organized by the compliance department independently or jointly with other departments.
Article 15 A securities company that conducts compliance inspection shall observe the principles of objectivity, prudence and efficiency, and conduct inspection jointly with the company's risk management and internal auditing activities.
Compliance inspection is divided into routine inspection and special inspection. Special inspection shall be conducted under any of the following circumstances:
(1) The company has any violation of law or regulation or has any potential compliance risk.
(2) The board of directors, the board of supervisors, the senior executive, the chief compliance officer or the compliance department of the company deems it necessary.
(3) Any affiliated entity of the company or its employee fails to assist in supervision or supervision of case handling in an effective manner.
(4) The regulatory authority or self-disciplinary organization has such an requirement.
(5) Any other circumstance where it is necessary to conduct special inspection.
Where a securities company has frequent violations of laws and regulations, it shall increase the frequency of compliance inspection.
Article 16 When an affiliated entity of a securities company or any of its employees encounters any problem on the application and understanding of any law, regulation or rule in the course of business management and practice, it may consult the chief compliance officer and the compliance department, and the chief compliance officer and the compliance department shall provide compliance consulting opinion based on professional analysis and judgment.
The compliance consulting of important matters shall be requested in a written form, and the chief compliance officer and the compliance department shall give a written reply.
Where consulting matters are not specified in any law, regulation or rule, or there are contravening provisions or lack of provisions on such matters, the compliance department shall conduct compliance analysis and demonstration, issue accurate, objective and complete compliance consulting opinions, and make an explanation on the laws and regulations serving as the basis and the understanding of the application thereof.
Compliance consulting cannot replace compliance examination and compliance inspection. The compliance consulting opinion, as the reference opinion of all affiliated entities and their employees that request consulting in making decisions or conducting business management activities, cannot replace the compliance examination opinion or compliance inspection conclusion.
Article 17 A securities company shall conduct multiple forms of compliance publicity, guidance and training, develop the code of conduct, compliance manual and other documents, help employees obtain, accurately understand and strictly observe the requirements of laws, regulations and rules in a timely manner, and advocate and promote the construction of compliance culture.
The compliance department shall be responsible for the publicity, guidance and training of all departments of the securities company.
Article 18 A securities company shall take information technology means to monitor anti-money laundering, management of information isolation walls, duty communication of employees, and securities investment of employees, among others, and if it finds any violation of law or regulation or potential compliance risk, shall handle in a timely manner.
The compliance department or other departments may organize compliance monitoring in an independent or joint manner, or all affiliated entities may organize compliance monitoring under the guidance of the company's head office.
Article 19 A securities company shall, when examining senior executives and all affiliated entities, require the chief compliance officer to issue special opinion on compliance examination, the proportion of special compliance examination to the performance assessment result shall not be lower than 15%. For major compliance matters, the one-vote negation rules may be developed.
Article 20 A securities company shall establish the compliance accountability mechanism, investigate the liability of the liable person or liable entity that violates any law, regulation or rule in business management and practice, and link performance assessment with the granting of remuneration.
The deduction of points in performance assessment led by compliance accountability shall not be subject to the restriction of proportion of the aforesaid special compliance examination.
The chief compliance officer has the right to offer suggestions, the right to know and the right to inspect for compliance accountability. All affiliated entities of the company shall report the ultimate compliance accountability to the chief compliance officer.
Article 21 A securities company shall, in accordance with Article 30 of the Measures, prepare the annual compliance report, and emphasize the following content:
(1) The performance of compliance management functions by the board of directors, the board of supervisors, the management and all affiliated entities.
(2) The performance of compliance management functions by the chief compliance officer and the compliance department.
(3) The company's discovery of violations of laws and regulations and compliance risks, the punishment and rectification of the regulatory authority and the self-disciplinary organization.
(4) The assignment of compliance personnel, special compliance examination, and the guarantee of remuneration of the chief compliance officer and compliance managers.
(5) Other content where the regulatory authority, the self-disciplinary organization and the securities company deem necessary.
Article 22 A securities company shall uniformly include the compliance management of subsidiaries conducting alternative investment, and the management of privately offered funds, among others, in the assessment of validity of compliance management of the company.
The securities company shall assess the validity of compliance management, take compliance risks as the direction, focus on possible links of lacking, omitting or weak compliance management, reflect the problems existing in compliance management in a comprehensive and objective manner, and sufficiently disclose compliance risks.
For the problems found through the assessment of validity of compliance management, the securities company shall strengthen the rectification, implementation and tracking of problems, and include the rectification information in the company's scope of compliance examination and accountability.
Article 23 A securities company may entrust a qualified accounting firm, law firm, management consulting company or any other external professional institution to assess the validity of compliance management.
Chapter III Compliance Management Guarantee Mechanism
Article 24 Where a securities company is removed from the office of chief compliance officer, the board of directors shall make a decision and notify the chief compliance officer. If the chief compliance officer is of the opinion that the grounds for removal from office are insufficient, he or she has the right to file an appeal with the board of directors. Written documents shall be formed for the relevant notices, decisions and appeal opinions for archives and reference.
Where the appeal of the chief compliance officer is rejected by the board of directors of the securities company, the chief compliance officer may, in addition to filing an appeal with the CSRC and the relevant local office, request the SAC to conduct mediation.
Article 25 When the chief compliance officer fails to perform functions or is vacant, the person of the securities company who performs functions on behalf of the chief compliance officer shall not directly take charge of the business department in conflict with the management functions of the chief compliance officer during the period of performing functions.
Article 26 A securities company shall specify the division of functions of internal control departments such as the compliance department and the legal affairs department, risk management department and internal audit department and other front, middle and back offices that assume compliance management functions.
Where the chief compliance officer and the compliance department need to take the assessment conclusion of such professional matters on finance and information technology as the precondition for compliance examination in the course of performing compliance examination functions, the relevant department shall issue accurate, objective and complete assessment opinions in advance.
The compliance department of the securities company shall not undertake the functions in conflict with compliance management functions such as business, finance and information technology.
Article 27 The proportion of the number of compliance managers with work experiences in relevant fields such as securities, finance, law, accounting and information technology for three years or more in the compliance department of the head office of the company to the number of employees of head office of the company shall not be lower than 1.5%, and shall not be less than five.
The aforesaid compliance managers shall exclude employees on the posts of legal affairs, auditing, internal audit and risk control.
The securities company shall ensure the reasonable budget prepared by the personnel of the compliance department, and permit the chief compliance officer and the compliance department to adjust the relevant budgets on a periodical basis or in a timely manner according to the company's business and risks.
Article 28 The business departments and branch offices of a securities company may, as required, set the person in charge of the compliance team or the compliance officer and other full-time compliance managers, and the person in charge of the compliance team or compliance officer shall be assumed by the person at or above a certain level of the entity, and are capable of performing functions.
The departments of a securities company that conduct such businesses as proprietary trading, investment banking and bonds, branch offices with 15 or more employees and head offices of securities companies in different places shall assign full-time compliance managers.
Article 29 The person in charge of the compliance department of a securities company shall be nominated by the chief compliance officer. The securities company that appoints or removes the person in charge of the compliance team of a business department or branch office or selects the chief compliance officer of any subsidiary conducting alternative investment, and the management of privately offered funds, among others, shall sufficiently solicit the opinion of the chief compliance officer.
Article 30 A securities company shall include subsidiaries at all levels in the uniform compliance management system. The head office and branch offices shall pay attention to the implementation of uniform compliance management standards, ensure the consistency of compliance culture, and at the same time, pay attention to the particular compliance management requirements of different areas under judicial jurisdiction and industries. The specific requirements shall include but not be limited to:
(1) A subsidiary shall submit a compliance report to the chief compliance officer and compliance department of the securities company on an annual basis, and the specific content of the compliance report shall include but not be limited to the basic information on compliance management, the formulation and implementation of compliance management rules, the performance of all compliance management functions, the compliance operation of all businesses, the discovery and rectification of compliance risk matters, and the compliance work plan in the next year.
(2) The subsidiary shall, in a timely manner, report major compliance risk matters to the chief compliance officer and the compliance department of the securities company, including but not limited to administrative regulatory measures, administrative penalties, serious potential compliance risks, and the events on violations of laws and regulations of subsidiaries and senior executives.
(3) The securities company shall examine basic compliance management rules of subsidiaries, and on a periodical basis or from time to time, conduct the supervision and inspection of the compliance management work and business management of subsidiaries.
(4) Where a subsidiary has any serious compliance risk matter, the securities company shall, in accordance with the relevant rules, investigate the liability for compliance of the principal person in charge, and require the subsidiary to investigate the liability for compliance of the relevant liable person.
(5) The securities company shall examine the subsidiaries' compliance management on an annual basis.
The securities company shall urge overseas subsidiaries to satisfy their local regulatory requirements.
Article 31 A securities company shall specify the scope of the meeting that the chief compliance officer has the right to attend or attend as the nonvoting delegate, and before the convening of the relevant meeting, notify the chief compliance officer to attend the meeting in a timely manner. The chief compliance officer has the right to attend the following meetings or attend the meetings as the nonvoting delegate:
(1) Meetings of the board of directors and relevant special committees.
(2) Meetings of the board of supervisors.
(3) Executive meetings of the general manager.
(4) Meetings involving the company's matters on the “decision-making of major matters, appointment and removal of important officers, arrangements on major projects, and use of large-sum funds.”
(5) Meetings of special committees of the management.
(6) Various kinds of special meetings on business management.
(7) Other meetings that are conducive to the chief compliance officer's sufficient performance of functions.
Article 32 The chief compliance officer and compliance managers have the right to require all affiliated entities and their employees to make an explanation, provide materials, accept inspection, obtain information from the institutions that provide auditing and other intermediary services to the company, among others, for the performance of functions. All affiliated entities and their employees shall cooperate, shall not interfere with or obstruct in any form or under any excuse, and shall ensure that the information is provided in a true, accurate and complete manner.
When the securities company adjusts the organizational structure and the division of functions of senior executives, it shall solicit the opinion of the chief compliance officer on whether there is conflicts of interest in the relevant matters.
Article 33 For the purpose of Article 28 of these Measures, “annual remuneration income” includes total income such as basic wages, performance-related wages and bonuses.
Article 34 A securities company shall provide sufficient fund support for the performance of functions by the chief compliance officer and the compliance department. The chief compliance officer and the compliance department may, as required, retain an accounting firm, law firm, professional consulting institution, and information system service provider, among others, to assist in the work in such aspects as compliance inspection, investigation, consulting and system construction.
Chapter IV Self-Disciplinary Management
Article 35 The SAC shall conduct practice inspection of compliance management of securities companies and securities companies shall cooperate.
Article 36 With respect to a securities company that has incomplete compliance rules, or fails to conduct compliance management in an effectively manner or an employee that fails to perform compliance management functions in accordance with these Guidelines, the SAC shall take corresponding self-disciplinary punishment measures according to the seriousness of circumstances, and include them in the good faith information management system. For a securities company that commits any violation of law or regulation and the relevant employees, the case shall be transferred to the CSRC or any other competent authority for investigation and punishment in accordance with the law.
Article 37 Where a securities company has frequent regulatory violations or any major vicious event, the securities company and relevant liable persons shall be taken against serious self-disciplinary punishment measures. Any employee that fails to perform the corresponding compliance management functions in a diligent and responsible manner or colludes with the business department or directs the business department to evade supervision shall be taken against serious self-disciplinary punishment measures.
Article 38 The SAC shall, when taking self-disciplinary punishment measures, differentiate the company's responsibility and individual responsibility. If the securities company establishes effective compliance management rules, actively conducts compliance management, and strictly carries out the internal accountability mechanism, the SAC shall, in accordance with these Guidelines, impose a lighter, mitigated punishment or exempt self-disciplinary punishment measures against the securities company and staff members who perform functions in strict accordance with compliance rules.
Chapter V Supplementary Provisions
Article 39 Where any law, regulation or rule has particular provisions on the persons in charge of compliance of securities companies and their subsidiaries, such provisions shall apply.
Article 40 The terms and concepts used in these Guidelines are same with those mentioned in the Measures.
For the purposes of these Guidelines, “duty communication of employees” means the e-mails, instant messaging information, conversation information and other communication information formed through the company's information system or the equipment provided by the company used by employees who may have access to sensitive information.
Article 41 These Guidelines shall be subject to interpretation by the SAC, and shall come into force on October 1, 2017.