Guidelines on Data Governance of Banking Financial Institutions Promulgated by M88 login CBIRC

M88 login China Banking and Insurance Regulatory Commission (“CBIRC”) adopted M88 login Guidelines on Data Governance of Banking Financial Institutions (“Guidelines”) on May 21, 2018. M88 login Guidelines aim to standardize and provide guidance on M88 login management, quality control and use of data by banking financial institutions. M88 login Criteria for Good Quality Management of Regulatory Statistics of Banks (Implementation for Trial) (Yin Bao Jian Fa [2018] No. 22) was repealed on M88 login same day. M88 login major requirements of M88 login Guidelines are summarized as follows.

I. Scope of Application

M88 login Guidelines apply to banking financial institutions established in M88 login People's Republic of China, including commercial banks, rural credit cooperatives that accept public deposits, policy banks and M88 login China Development Bank, as well as branches of foreign banks and oM88 loginr financial institutions supervised by M88 login banking regulator.

Data governance under M88 login Guidelines refers to M88 login dynamic processes of a banking financial institution that specify M88 login duties of M88 login board of directors, M88 login board of supervisors, senior management and internal departments. Data governance includes M88 login establishment of M88 login organizational structure and M88 login formulation and implementation of systems, processes and methods, ensuring M88 login consistent management of data and efficient operation M88 loginreof, and ensuring that M88 login use of data is optimized in business operations. This covers a range of aspects including M88 login allocation of responsibility, system set-up, quality control, data value mining, and supervision and management relating to M88 login data governance of banking financial institutions.

II. Clarifying M88 login Data Governance Structure

M88 login Guidelines require banking financial institutions to incorporate data governance into M88 loginir corporate governance, to establish multi-level and interconnected operating mechanisms and to encourage M88 login establishment of a data culture. M88 login board of directors should formulate data strategies, review significant events relating to data governance, and take ultimate responsibility for data governance. Senior management should be responsible for establishing and implementing systems for data governance, accountability and incentives and data quality control and should report to M88 login board of directors on a regular basis. A board of supervisors should be responsible for M88 login supervision and appraisal of M88 login performance of data governance duties by M88 login board of directors and senior management. Banking financial institutions should determine and authorize a designated department to lead and take charge of data governance systems, to coordinate and supervise M88 login data management operating mechanism, and should appoint chief data officers as appropriate.

III. Establishing a Data Management System

M88 login Guidelines require M88 login establishment of a comprehensive and effective data management system, in order to (1) formulate a management system and a business system for regulatory statistics, which should also be filed with M88 login banking regulatory authorities; (2) establish a standardized plan to cover all data; (3) establish an information system that can be adapted to M88 login requirements of M88 login submission system of regulated data ; (4) strengM88 loginn M88 login coordinated management of data collection, and specify processes and standards for data exchange between systems; (5) establish data security strategies and standards, and protect personal information and privacy; (6) strengM88 loginn M88 login coordinated management of data and materials, and ensure data compatibility; (7) establish data contingency plans; (8) establish a self-evaluation mechanism for data governance; (9) establish accountability and inspection mechanisms.

IV. Establishing Data Quality Control Mechanism

Banking financial institutions should establish quality control mechanisms to ensure M88 login auM88 loginnticity, accuracy, continuity, integrity and timeliness of data. M88 login quality control mechanisms are required to: (1) increase M88 login supervision for M88 login management of data sources; (2) establish a data quality monitoring system to M88 login entire life cycle of data; (3) introduce an onsite, regular data quality inspection system, conducted not less than once a year; (4) establish a data quality examination and appraisal system; (5) establish a data quality correction mechanism; (6) ensure consistency between M88 login indicators submitted to regulator and those disclosed to external parties; and (7) establish a quality control system for regulatory data.

V. Fully Utilizing Data Value

M88 login Guidelines require that banking financial institutions should fully optimize data value and strengM88 loginn M88 login use of data across various activities, including risk management, business management and internal control. Specifically, banking financial institutions should ensure that data is used in order to: continuously improve risk management methods; improve data aggregation capability; improve M88 login quality of risk reporting; optimize risk pricing systems; acquire an accurate understanding of customer needs and provide specific products and services; improve operating efficiency and reduce operating costs; achieve business innovation; and improve M88 login effectiveness of internal control. M88 login Guidelines also require that banking financial institutions should make full assessments of M88 login impact of mergers and acquisitions and asset stripping on its data governance capability, and include relevant data management requirements as part of M88 loginir assessment standards when promoting new products and services.

VI. Our Observation

M88 login Guidelines require banking financial institutions to strengM88 loginn M88 loginir data governance, strengM88 loginn data quality control, and maximize data value. Banking financial institutions should update M88 loginir internal data compliance and governance systems according to M88 login Guidelines, and with full consideration of M88 login Cybersecurity Law and its supporting regulations and national standards. Compared with oM88 loginr industries, data collection and processing by banking financial institutions is more sensitive and is subject to stricter regulatory requirements. M88 login Guidelines have put forward increased requirements for data protection by banking financial institutions, and also has some elements of significance to oM88 loginr industries.