关于落实《网上银行业务管理暂行办法》有关规定的通知
文章来源: 文章作者: 发布时间:2007-07-16 05:44 字体: [ ]  进入论坛
(单词翻译:双击或拖选)
 

银发[2002]102号

(Issued by the People's Bank of China on 23 April 2002.)

颁布日期:20020423  实施日期:20020423  颁布单位:中国人民银行

  All branches and business management departments of the People's Bank of China and all policy banks, wholly State-owned commercial banks and share system commercial banks:

  We hereby notify you concerning questions relevant to the implementation1 of the Administration of Online Banking2 Services Tentative Procedures (Order [2001] No. 6 of the People's Bank of China, hereafter the Procedures), as follows:

  1. Approval to Offer Online Banking Services

  (1) Procedure for Approval to Offer Online Banking Services

  Pursuant to Articles 7 and 9 of the Procedures, the People's Bank of China (PBOC) implements3 the principle of "first level oversight4" over market access for online banking services offered by banking institutions: when any type of banking institution wishes to launch online banking services, its head office shall apply to the head office, branch or business management department of the PBOC. If a bank wishes to increase the types of online banking service products it offers after it has obtained approval to offer online banking services, its head office or chief reporting bank shall apply to the head office, branch or business management department of the PBOC.

  When a bank adds service products offered over the internet that do not require examination and approval or record filing by the PBOC, it may commence to offer such services upon submission5 of a prior written report thereon by its head office or chief reporting bank to the head office, branch or business management department of the PBOC, without the need for a reply from the PBOC.

  When a share system commercial bank whose head office is located outside of Beijing or the head office or chief reporting bank of a Sino-foreign equity6 joint7 venture bank, wholly foreign-owned bank or branch of a foreign bank submits an application or report to the head office of the PBOC, it shall send copies to the appropriate branch or business management department of the PBOC as well as the competent local PBOC branch. If, during the period of examination, the appropriate branch or business management department of the PBOC or the competent local PBOC branch has an objection, it may give its feedback to the head office of the PBOC in a timely manner.

  If a (sub-)branch of a bank, or a foreign bank's branch other than its chief reporting branch, wishes to launch additional online banking services that fall within the scope of the online banking services for which its head office or chief reporting bank has obtained approval, it may do so upon receiving internal authorization8 and submitting a prior written report thereon to the competent local PBOC branch, without the need for a reply from the PBOC.

  After receipt of a report from a (sub-)branch of a bank, or from a foreign bank's branch other than its chief reporting branch, the competent local PBOC branch shall supervise and examine the said institution's offering of online banking services in a timely manner and report any problems it discovers to the branch of the PBOC at the next higher level.

  Pursuant to Article 26 of the Procedures, the PBOC has the power to appropriately punish commercial banks that offer new online banking services without submitting a prior report thereon to the PBOC.

  (2) Format9 of the Approval to Offer Online Banking Services

  Responses to commercial banks applying to offer online banking services governed by the record filing system shall uniformly be made using a "Notice of Record filing", which shall be dispatched directly after the regulatory department of the PBOC affixes10 its official seal thereto.

  For applications to offer online banking services governed by the examination and approval system, the PBOC shall issue an official written reply to the commercial bank.

  (3) Additional Information to be Submitted

  When a banking institution makes its initial application to offer online banking services, it shall submit, in addition to the relevant information specified11 in Article 8 of the Procedures, the following materials and information pursuant to Item (8) of Article 8 of the Procedures:

  1) its registered website name;

  2) a demo optical disk that demonstrates the user interface12 and introduces the basic structure of the operating system for the services of the applying institution;

  3) a branch of a foreign bank shall also submit a report on the online banking services offered by its parent, the specific contents of which shall include the types of service products, the scale of the services, the risk management measures, etc.

  2. Key Points of Examination of Applications to Offer Online Banking Services

  When examining applications by banking institutions wishing to offer online banking services, the regulatory department of the PBOC shall ascertain13 the following key points:

  (1) Risk management capabilities14

  Institutions applying to offer online banking services shall have qualified15 management personnel and professional personnel and shall establish methods and a management system to recognize, monitor, control and manage online banking service risks.

  (2) Security assessment16

  Banks that wish to offer online banking services shall have the security of their service operations assessed. When examining such work of banks, the regulatory department of the PBOC shall ascertain the following:

  (i) The security assessment shall be carried out by a qualified institution or organization.

  The assessment institution selected by a bank may be the bank's internal auditing18 department, an external assessment institution recognized by the bank's department-in-charge of the bank or a panel of experts organized by the bank itself. When assessing whether the assessment institution or organization is qualified, consideration shall be given to whether the assessment institution or organization is independent from the department that developed and the department that operates the online banking system and whether it has professional assessors. Professional assessors shall have thorough knowledge of relevant domestic and international industry standards and professional skills and shall be competent to assess the security of online banking services.

  (ii) The security assessment report shall be submitted to the PBOC. The security assessment report shall meet the following minimum requirements:

  1) The assessment report shall specify19 the scope of the assessment. The assessment shall stress the assessment of information system security, including such aspects as security strategy, physical security, data communications security, application system security, etc.

  2) The assessment report shall specify the domestic and international standards on which the assessment was based and render a judgment20 on whether the operational system for the online banking services meets such standards.

  3) The assessment report shall point out any latent security flaws and make proposals for remedying the same and render an unequivocal conclusion on the security of the online banking services.

  4) The assessment report shall be signed by the relevant persons in charge. Firstly, the assessment report shall be signed by the person in charge of the assessment institution or organization. If the assessment was carried out by a panel of experts organized by the bank itself, the report shall expressly indicate which part of the assessment each expert was responsible for and be signed by each such expert. If the assessment was carried out by the bank's internal audit17 department or by an external assessment institution, the assessment report shall be signed by the top person in charge of the internal audit department or external assessment institution. Secondly21, the assessment report shall be signed, to show confirmation22 of the results, by the person in charge of the bank's department-in-charge, the manager of the bank-in-charge or the bank manager.

  Banking institutions that launched their online banking services with the approval of the PBOC before the promulgation23 of the Procedures shall have the security of their online banking service operations assessed anew in accordance with the requirements of the Procedures and this Circular and submit a supplementary24 assessment report.

  (3) Contingency25 and service continuity plans for online banking services

  Contingency and service continuity plans for online banking services shall cover at least the following four aspects:

  1) Information on system backup, including software and hardware backup and data backup. The focus of such examination shall be on the location of the core system of the backup system (e.g. the mainframe computer) and the level of security of the backup system. The location of the core system of the backup system shall be such as to ensure it will not be affected26 if the current system fails and the level of security of the backup system shall not be lower than that of the current system.

  2) Accident handling. This aspect mainly covers the response measures and implementing27 procedures in case of a sudden system failure and service interruption due to a natural disaster or sudden contingency (e.g. earthquake, lightning strike, abnormal power outage, physical damage due to an outside force, etc.), including the activation28 of backup equipment, measures to restore the system and data, etc.

  3) Handling of illegal access and attacks. This aspect mainly covers the response measures and implementing procedures in case of internal or external illegal access and attacks that result in data theft, loss of funds, damage to programs, system paralysis29, etc.

  4) System and arrangements for periodic testing of the rationality and effectiveness of the service operation contingency plan and continuity plan, including:

  5) a schedule for periodic testing should be in place;

  6) testing should be done under the direct supervision30 of senior management;

  7) any problems discovered during testing should be solved in a timely manner, etc.

  (4) Internal monitoring capabilities

  Institutions applying to offer online banking services shall establish an audit system for their online banking services and shall have appropriate personnel to audit such services.

  3. Requirements on Oversight of, and Reporting on, Online Banking Services

  Existing PBOC requirements on risk oversight governing traditional banking services shall also apply to online banking services. However, the complexity31 and formidability of the task of overseeing online banking services need to be fully33 realized, the oversight of technology related risks needs to be stressed, banking institutions shall be urged to strengthen examinations of the security of their online banking service operations and the training of the personnel overseeing online banking services shall be improved, so as to establish professional capabilities to oversee32 such services.

  Additionally, the PBOC shall urge commercial banks to establish online banking service information management systems and report on the status of the operation of, and problems existing in, their online banking services to the PBOC in accordance with the following requirements:

  (1) periodically submitting to the regulatory and statistics departments of the PBOC and its (sub-)branches a Statistical34 Table on the Basic Information Concerning Online Banking Services, submitting, by 10 April, 10 July and 10 October each year, information on the online banking services offered during the preceding quarter, submitting, by 10 January each year, information on the online banking services offered during the fourth quarter of the preceding year and submitting, by 20 January each year, information on the online banking services offered during the entire preceding year;

  (2)submitting, at the beginning of each year, a report summing up basic information concerning the online banking services offered during the preceding year, existing problems and development plans for the current year to the regulatory department of the PBOC;

  (3)pursuant to Article 24 of the Procedures, establishing a system for reporting major online banking service operational matters and reporting to the regulatory authority such major matters as major security leaks, hacker35 intrusions, changes in internet address names, etc. that occur in the course of operating online banking services.

  All banking institutions shall, commencing from the first quarter of 2002, report to the PBOC information on their online banking services using the prescribed report format. The regulatory department of the PBOC has the right to punish, in accordance with relevant provisions, those banking institutions that fail to report the basic information on their online banking services and risk status in accordance with requirements.

  4. Miscellaneous Matters

  Pursuant to the PRC, Commercial Banking Law, the offering of online banking services by urban credit cooperatives, rural credit cooperatives and postal36 savings37 institutions may be handled by reference hereto.

  All branches and business management departments of the PBOC are requested to transmit this Circular to such relevant financial institutions in their jurisdictions38 as foreign-funded banks, etc. after receipt hereof.



点击收听单词发音收听单词发音  

1 implementation 2awxV     
n.实施,贯彻
参考例句:
  • Implementation of the program is now well underway.这一项目的实施现在行情看好。
2 banking aySz20     
n.银行业,银行学,金融业
参考例句:
  • John is launching his son on a career in banking.约翰打算让儿子在银行界谋一个新职位。
  • He possesses an extensive knowledge of banking.他具有广博的银行业务知识。
3 implements 37371cb8af481bf82a7ea3324d81affc     
n.工具( implement的名词复数 );家具;手段;[法律]履行(契约等)v.实现( implement的第三人称单数 );执行;贯彻;使生效
参考例句:
  • Primitive man hunted wild animals with crude stone implements. 原始社会的人用粗糙的石器猎取野兽。 来自《现代汉英综合大词典》
  • They ordered quantities of farm implements. 他们订购了大量农具。 来自《现代汉英综合大词典》
4 oversight WvgyJ     
n.勘漏,失察,疏忽
参考例句:
  • I consider this a gross oversight on your part.我把这件事看作是你的一大疏忽。
  • Your essay was not marked through an oversight on my part.由于我的疏忽你的文章没有打分。
5 submission lUVzr     
n.服从,投降;温顺,谦虚;提出
参考例句:
  • The defeated general showed his submission by giving up his sword.战败将军缴剑表示投降。
  • No enemy can frighten us into submission.任何敌人的恐吓都不能使我们屈服。
6 equity ji8zp     
n.公正,公平,(无固定利息的)股票
参考例句:
  • They shared the work of the house with equity.他们公平地分担家务。
  • To capture his equity,Murphy must either sell or refinance.要获得资产净值,墨菲必须出售或者重新融资。
7 joint m3lx4     
adj.联合的,共同的;n.关节,接合处;v.连接,贴合
参考例句:
  • I had a bad fall,which put my shoulder out of joint.我重重地摔了一跤,肩膀脫臼了。
  • We wrote a letter in joint names.我们联名写了封信。
8 authorization wOxyV     
n.授权,委任状
参考例句:
  • Anglers are required to obtain prior authorization from the park keeper.垂钓者必须事先得到公园管理者的许可。
  • You cannot take a day off without authorization.未经批准你不得休假。
9 format giJxb     
n.设计,版式;[计算机]格式,DOS命令:格式化(磁盘),用于空盘或使用过的磁盘建立新空盘来存储数据;v.使格式化,设计,安排
参考例句:
  • Please format this floppy disc.请将这张软盘格式化。
  • The format of the figure is very tasteful.该图表的格式很雅致。
10 affixes 08151eb2b04520ead4fa86bc6ceb3bf8     
v.附加( affix的第三人称单数 );粘贴;加以;盖(印章)
参考例句:
  • She affixes her real name to her writings. 她的著作都署上真名。 来自《简明英汉词典》
  • The affixes "un-"and"-less"are often used make negative words, such as unhappy or careless. 词缀un-和-less常用来构成否定词,如unhappy和careless。 来自《简明英汉词典》
11 specified ZhezwZ     
adj.特定的
参考例句:
  • The architect specified oak for the wood trim. 那位建筑师指定用橡木做木饰条。
  • It is generated by some specified means. 这是由某些未加说明的方法产生的。
12 interface e5Wx1     
n.接合部位,分界面;v.(使)互相联系
参考例句:
  • My computer has a network interface,which allows me to get to other computers.我的计算机有网络接口可以与其它计算机连在一起。
  • This program has perspicuous interface and extensive application. 该程序界面明了,适用范围广。
13 ascertain WNVyN     
vt.发现,确定,查明,弄清
参考例句:
  • It's difficult to ascertain the coal deposits.煤储量很难探明。
  • We must ascertain the responsibility in light of different situtations.我们必须根据不同情况判定责任。
14 capabilities f7b11037f2050959293aafb493b7653c     
n.能力( capability的名词复数 );可能;容量;[复数]潜在能力
参考例句:
  • He was somewhat pompous and had a high opinion of his own capabilities. 他有点自大,自视甚高。 来自辞典例句
  • Some programmers use tabs to break complex product capabilities into smaller chunks. 一些程序员认为,标签可以将复杂的功能分为每个窗格一组简单的功能。 来自About Face 3交互设计精髓
15 qualified DCPyj     
adj.合格的,有资格的,胜任的,有限制的
参考例句:
  • He is qualified as a complete man of letters.他有资格当真正的文学家。
  • We must note that we still lack qualified specialists.我们必须看到我们还缺乏有资质的专家。
16 assessment vO7yu     
n.评价;评估;对财产的估价,被估定的金额
参考例句:
  • This is a very perceptive assessment of the situation.这是一个对该情况的极富洞察力的评价。
  • What is your assessment of the situation?你对时局的看法如何?
17 audit wuGzw     
v.审计;查帐;核对;旁听
参考例句:
  • Each year they audit our accounts and certify them as being true and fair.他们每年对我们进行账务审核,以确保其真实无误。
  • As usual,the yearly audit will take place in December.跟往常一样,年度审计将在十二月份进行。
18 auditing JyVzib     
n.审计,查账,决算
参考例句:
  • Auditing standards are the rules governing how an audit is performed.收支检查标准是规则统治一个稽核如何被运行。
  • The auditing services market is dominated by a few large accounting firms.审计服务市场被几家大型会计公司独占了。
19 specify evTwm     
vt.指定,详细说明
参考例句:
  • We should specify a time and a place for the meeting.我们应指定会议的时间和地点。
  • Please specify what you will do.请你详述一下你将做什么。
20 judgment e3xxC     
n.审判;判断力,识别力,看法,意见
参考例句:
  • The chairman flatters himself on his judgment of people.主席自认为他审视人比别人高明。
  • He's a man of excellent judgment.他眼力过人。
21 secondly cjazXx     
adv.第二,其次
参考例句:
  • Secondly,use your own head and present your point of view.第二,动脑筋提出自己的见解。
  • Secondly it is necessary to define the applied load.其次,需要确定所作用的载荷。
22 confirmation ZYMya     
n.证实,确认,批准
参考例句:
  • We are waiting for confirmation of the news.我们正在等待证实那个消息。
  • We need confirmation in writing before we can send your order out.给你们发送订购的货物之前,我们需要书面确认。
23 promulgation d84236859225737e91fa286907f9879f     
n.颁布
参考例句:
  • The new law comes into force from the day of its promulgation. 新法律自公布之日起生效。 来自《简明英汉词典》
  • Article 118 These Regulations shall come into effect from the day of their promulgation. 第一百一十八条本条例自公布之日起实施。 来自经济法规部分
24 supplementary 0r6ws     
adj.补充的,附加的
参考例句:
  • There is a supplementary water supply in case the rain supply fails.万一主水源断了,我们另外有供水的地方。
  • A supplementary volume has been published containing the index.附有索引的增补卷已经出版。
25 contingency vaGyi     
n.意外事件,可能性
参考例句:
  • We should be prepared for any contingency.我们应该对任何应急情况有所准备。
  • A fire in our warehouse was a contingency that we had not expected.库房的一场大火是我们始料未及的。
26 affected TzUzg0     
adj.不自然的,假装的
参考例句:
  • She showed an affected interest in our subject.她假装对我们的课题感到兴趣。
  • His manners are affected.他的态度不自然。
27 implementing be68540dfa000a0fb38be40d32259215     
v.实现( implement的现在分词 );执行;贯彻;使生效
参考例句:
  • -- Implementing a comprehensive drug control strategy. ――实行综合治理的禁毒战略。 来自汉英非文学 - 白皮书
  • He was in no hurry about implementing his unshakable principle. 他并不急于实行他那不可动摇的原则。 来自辞典例句
28 activation 24eed33ee38027d124839f0fcdf6adcb     
n. 激活,催化作用
参考例句:
  • A computer controls the activation of an air bag.电脑控制着气囊的启动。
29 paralysis pKMxY     
n.麻痹(症);瘫痪(症)
参考例句:
  • The paralysis affects his right leg and he can only walk with difficulty.他右腿瘫痪步履维艰。
  • The paralysis affects his right leg and he can only walk with difficulty.他右腿瘫痪步履维艰。
30 supervision hr6wv     
n.监督,管理
参考例句:
  • The work was done under my supervision.这项工作是在我的监督之下完成的。
  • The old man's will was executed under the personal supervision of the lawyer.老人的遗嘱是在律师的亲自监督下执行的。
31 complexity KO9z3     
n.复杂(性),复杂的事物
参考例句:
  • Only now did he understand the full complexity of the problem.直到现在他才明白这一问题的全部复杂性。
  • The complexity of the road map puzzled me.错综复杂的公路图把我搞糊涂了。
32 oversee zKMxr     
vt.监督,管理
参考例句:
  • Soldiers oversee the food handouts.士兵们看管着救济食品。
  • Use a surveyor or architect to oversee and inspect the different stages of the work.请一位房产检视员或建筑师来监督并检查不同阶段的工作。
33 fully Gfuzd     
adv.完全地,全部地,彻底地;充分地
参考例句:
  • The doctor asked me to breathe in,then to breathe out fully.医生让我先吸气,然后全部呼出。
  • They soon became fully integrated into the local community.他们很快就完全融入了当地人的圈子。
34 statistical bu3wa     
adj.统计的,统计学的
参考例句:
  • He showed the price fluctuations in a statistical table.他用统计表显示价格的波动。
  • They're making detailed statistical analysis.他们正在做具体的统计分析。
35 hacker Irszg9     
n.能盗用或偷改电脑中信息的人,电脑黑客
参考例句:
  • The computer hacker wrote that he was from Russia.这个计算机黑客自称他来自俄罗斯。
  • This site was attacked by a hacker last week.上周这个网站被黑客攻击了。
36 postal EP0xt     
adj.邮政的,邮局的
参考例句:
  • A postal network now covers the whole country.邮路遍及全国。
  • Remember to use postal code.勿忘使用邮政编码。
37 savings ZjbzGu     
n.存款,储蓄
参考例句:
  • I can't afford the vacation,for it would eat up my savings.我度不起假,那样会把我的积蓄用光的。
  • By this time he had used up all his savings.到这时,他的存款已全部用完。
38 jurisdictions 56c6bce4efb3de7be8c795d15d592c2c     
司法权( jurisdiction的名词复数 ); 裁判权; 管辖区域; 管辖范围
参考例句:
  • Butler entreated him to remember the act abolishing the heritable jurisdictions. 巴特勒提醒他注意废除世袭审判权的国会法令。
  • James I personally adjudicated between the two jurisdictions. 詹姆士一世亲自裁定双方纠纷。
TAG标签:
发表评论
请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
评价:
表情:
验证码:点击我更换图片