Recently, the official website of the State Administration of Financial Supervision and Administration published three administrative penalty information disclosure forms (gold penalty decision number) at one timeInvolving Bank of China, China CITIC Bank, and China Construction Bank, the total fine amount reached 10 million yuan. Among them, Bank of China and China CITIC Bank focused on information systems and data centers, while China Construction Bank had deficiencies in the internal audit of consolidated statement management and inadequate case management of overseas institutions by its parent bank.
Bank of China was fined 4.3 million yuan
Involved in 9 violations of laws and regulations
According to the Administrative Penalty Information Disclosure Form of the State Administration of Financial Supervision and Administration (Jin Zhi Zhi Zi 2023 No. 68),Bank of China was mainly involved in 9 violations of laws and regulations:
1. The identification of some important information systems is not comprehensive, and the disaster recovery construction and disaster recovery capabilities do not meet regulatory requirements. 2. The commissioning and alteration of important information systems have not been reported to the regulatory authorities, and the long-term non-standardization of the commissioning and alteration of important information systems has caused major or higher emergencies of important information systems. 3. The identification of operational risks in the information system is not in place, and the handling is not timely, causing major emergencies in important information systems. Fourth, the implementation of regulatory opinions and rectification is not in place, causing major emergencies in important information systems.
Fifth, the management of information technology outsourcing is not prudent. 6. Failure to carry out security assessments in the cybersecurity domain, failure to conduct risk assessments for major changes in the network architecture, and failure to report to regulatory authorities. 7. The classification of information system emergencies is inaccurate, resulting in failure to report in accordance with regulatory requirements. 8. Late reporting of major emergencies in important information systems. 9. Misreporting and omission of regulatory standardization (EAST) data.
In accordance with Articles 21 and 46 of the Banking Supervision Law of the People's Republic of China and relevant prudential business rulesThe State Administration of Financial Supervision fined Bank of China 4.3 million yuanThe date of the penalty is December 28, 2023.
China CITIC Bank was fined 4 million yuan
Involved in 6 violations of laws and regulations
According to the Administrative Penalty Information Disclosure Form of the State Administration of Financial Supervision and Administration (Jin Zhi Zhi Zi 2023 No. 69),China CITIC Bank was mainly involved in 6 violations of laws and regulations:
1. Some important information systems should be found to have not been identified, and the relevant systems have not built disaster recovery or disaster recovery capabilities that do not meet regulatory requirements. 2. There have been long-term infrastructure risks and hidden dangers in the data center in the same city that have not been rectified. 3. The pre-entry due diligence and daily management of outsourced data centers do not meet regulatory requirements, and some data centers have hidden risks.
Fourth, the drill of the data center computer room was a mere formality, and some of the drills were false drills, which were not actually carried out. 5. Major changes in the data center have not been reported to the regulatory authorities. 6. Operational disruption event reporting does not meet regulatory requirements.
In accordance with Articles 21 and 46 of the Banking Supervision Law of the People's Republic of China and relevant prudential business rulesThe State Administration of Financial Supervision fined China CITIC Bank 4 million yuanThe penalty was imposed on December 29, 2023.
China Construction Bank was fined 1.7 million yuan
Involved in 4 violations of laws and regulations
According to the Administrative Penalty Information Disclosure Form of the State Administration of Financial Supervision and Administration (Jin Zhu Zi 2023 No. 41),China Construction Bank was mainly involved in 4 violations of laws and regulations:
1. There are deficiencies in the internal audit of consolidated statement management. 2. The parent bank did not properly manage the cases of overseas institutions. 3. Failure to report the appointment of senior management personnel of overseas subsidiaries in a timely manner. Fourth, the supervision and inspection found that the rectification of problems is not effective.
In accordance with Articles 21 and 46 of the Banking Supervision Law of the People's Republic of China and relevant prudential business rulesThe State Administration of Financial Supervision fined China Construction Bank 1.7 million yuanThe date on which the penalty was imposed is December 27, 2023.
*: China ** Daily.