The IB’s overall compliance management system is based on the Commercial Bank Compliance Risk Management Guideline issued by the CBRC. Taking the “Process Mode” as the framework, process methodology and management is applied to develop integrated operation mechanisms for compliance risk management. Logically speaking, the overall compliance management system includes five modules, i.e. “compliance environment”, “risk identification and assessment”, “control measures”, ”supervision evaluation and remediation”, and “information exchange and feedback”. The five modules constitute a dynamic mechanism for risk control, including the identification and assessment of risks in the course of bank operations, the formulation and implementation of risk control plans, monitoring and improvement throughout the course of implementation and then re-identification and re-formulation. Thus, a constantly improving, dynamic risk control mechanism is formed. Based on the logic sequence in which compliance activities are carried out, the modules are used to work out control measures (systems) for identified risks and then implement the control measures (systems) to control operational risks. By controlling the risks in every process, all risks can be reduced to an extent that is acceptable by the bank.

Compliance system documents include five levels of document, i.e. Compliance Manual, Management Outline, Management Rules/Management Procedures, Operation Instructions and Location Files. The 1^st-level, Compliance Manual: this is a guide line document for compliance management throughout the bank, defining the relationship between the compliance management process and the business management process. The 2^nd-level, Management Outline: a supporting document for the Compliance Manual, describing the compliance management requirements for business lines / branches. The 3^rd-level, Management Rules/Management Procedures: setting forth how the management and implementation methods needed for the satisfaction of requirements set forth in the Compliance Manual, i.e. the management rules for a particular aspect or the process and sequence of a particular activity. The 4^th-level, operation instructions: a document specifying in detail a particular sub-process found in the process document or a particular business operation activity. The 5^th-level, location files: the base-level document, including department/branch organization structure, functions of management department, post duties and so on, and defining the inherent interrelationship between the duties of different posts and compliance system documents.