Compliance and Risk Control:
Our Commitment to Prudent Operation
To effectively prevent and resolve major risks, we have implemented comprehensive risk management and coordinated planning, while continuously improving our risk management practices. We attach great importance to anti-corruption and have established a comprehensive supervision system as well as a sound anti-corruption system to strictly crack down on all kinds of corruption issues and behaviors that violate business ethics. With the support of a rigorous supervision system, a sound auditing mechanism, as well as continuous cross-checks through employee code of conduct reviews and special inspections on fund utilisation, we are able to achieve a full supervision coverage of all employees at least once every three years to ensure that they adhere to integrity, honesty, and ethical business practices.
Comprehensive Risk Management
We have created a strategic framework for risk management, which serves as the basis for establishing a comprehensive risk management system that covers five key areas: organisation, policies, processes, technology, and culture. In addition, we have planned out three implementation stages in a systematic manner.
Stag 1: Establishment & Implementation 2021-2022 |
Stage 2: Consolidation & Improvement 2023-2024 |
Stage 3: Comprehensive Deepening 2025 |
---|---|---|
Complete the construction of a comprehensive risk management system in accordance with the strategy of “Prioritizing Finance Sectors and Following up with Industry Sectors”. The goals set for this stage have been successfully accomplished:
√ Put in place a sound risk management organisational structure and establish a comprehensive risk management system
√ Achieve standardized risk management throughout CITIC Financial Holdings, with a focus on deepening risk management in financial subsidiaries and strengthening risk management in the industrial sector
√ Conduct a trial run of our risk preference strategy
√ Ensure that the capital adequacy ratio of financial subsidiaries reaches the industry average level
√ Establish a sound risk management system for the industrial sector
√ Establish a unified mechanism for credit extension and risk management of major customers |
Continue to improve the risk management system:
√ Continue to enhance risk governance by reviewing and improving management systems and processes
√ Enhance risk preference management, the unified mechanism for credit extension, and risk management of major customers while strengthening the capability of early warning
√ Ensure the capital adequacy ratio of financial subsidiaries meets or exceeds the industry standard
√ Further improve the risk management organisational structure of industrial subsidiaries to strengthen risk control in critical areas
√ Strengthen risk management for overseas operations
√ Expand the functions and management scope of the risk management system |
Deepen the construction of the risk management system:
√ Achieve stable operation of risk management policies, systems, and processes, forming a good risk and compliance culture
√ Achieve comparable industryleading levels in corporate governance, capital adequacy, and non-performing asset ratio while establishing a financial service system that meets the requirements of high-quality economic development at financial subsidiaries
√ Improve risk warning and risk handling capabilities, while ensuring sufficient and effective risk monitoring at industrial subsidiaries
√ Enhance the supporting technical capabilities for the risk management system |
Risk Management Model
We have established a risk management organisation structure based on “Four layers and Three lines”. We have also developed a comprehensive risk management model that involves “centralised management by head office departments + institutionalised management by subsidiaries”.
“Four layers and Three lines” of Risk Management Model

Institutional Framework for Risk Management
Our institutional framework for risk management follows a layered approach and is guided by risk preferences. It includes comprehensive risk management guidelines, risk identification and evaluation system, and special risk management rules and operation rules, in an aim to specify the management requirements, maintain the standards, methodology and process of risk management, and enhance the application and effectiveness of the system.
Technical Systems
We have established an intelligent risk management platform that enables us to achieve a unified visualisation of risks, unified credit extension, risk preferences, early risk warning and special risk management. This platform provides robust support for managing different types of risks, and allows us to conduct in-depth analysis and application of risk information, thereby improving the accuracy of our risk analysis and enabling proactive risk management.
Anti-corruption and Business Ethics
We strictly adhere to the laws and regulations of the countries and regions in which we operate, including the Oversight Law, Anti-Money Laundering Law, and Anti-Unfair Competition Law of the People's Republic of China. This is to prevent corruption and unethical behavior such as bribery, extortion, fraud, money laundering, and unfair competition.
Building a Comprehensive Supervision System
We have established a comprehensive supervision system that is led by disciplinary inspection and supervision. This system coordinates various types of supervision, including regulatory supervision, functional supervision, special supervision, and public supervision. We have also developed a complete, closely-knit work mechanism that involves consultation, research, collaborative rectification, problem clue transfer, and warning notification, so as to enhance the systemic, continuous, and effective internal supervision.

Disciplinary Inspection and Supervision
We have an internal disciplinary and inspection mechanism in place to promote clean governance and combat corruption. This mechanism supervises and inspects the performance of duties, impartiality, integrity, and moral conduct of managers and all employees in accordance with the law. It investigates illegal and criminal activities such as embezzlement, bribery, abuse of power, rent-seeking, tunneling, and favoritism. Violators of the law will be punished accordingly, and managers who fail to fulfill their duties or demonstrate dereliction of duty will be held accountable. Those suspected of crimes will have their cases transferred to the prosecutor’s office for investigation and prosecution. We also provide suggestions to the organisation of the relevant personnel for improving their regulatory systems and mechanisms.
In 2022, a total of 298 cases were filed and 327 people were held accountable throughout the system. Among them, serious violations of discipline and law, such as those committed by Wu Xuewen, Lin Zhengyue, and Zhu Yanchen, were jointly investigated and dealt with by local supervisory agencies. Breakthroughs were made in investigating corruption cases of top executives in subsidiary companies, non-financial fields, and “fleeing resignation” cases, as well as urging corrupt individuals to hand themselves in voluntarily.
Disciplinary inspection and supervision agencies adhere to the established regulations for dealing with clues and materials related to disciplinary violations or illegal activities. They provide suggestions for handling relevant issues and categorise the received clues for proper processing. If evidence of disciplinary violations or illegal activities is found that requires investigation for disciplinary or legal responsibility, the agency files a case and collects evidence in accordance with regulations. Following the completion of the investigation, an internal review is carried out, and the agency proposes suggestions for approval and implementation based on specified limits of authority and procedures.
We have established an internal inspection and supervision institution. The inspection institution at the headquarters sets up inspection teams on a regular basis to monitor the compliance and performance of senior management personnel in both the headquarters departments and subsidiaries. The primary focus of these inspections is to identify issues such as abuse of power for personal gain, embezzlement, bribery, and corruption. Typically, all departments and subsidiaries receive a full inspection every five years.
To institutionalise and standardise anti-corruption efforts, we have compiled various anti-corruption systems involving fundamental regulations, guiding principles, and work standards, creating a rigorous institutional framework. In 2022, we made improvements to 19 anti-corruption systems, including the petition reporting and integrity filing systems, compiled five tool manuals, and achieved full coverage of the business process from petition reporting acceptance to case filing. We formulated and published CITIC Limited Anti-Corruption Code of Conduct , which is based on strict adherence to the Prevention of Bribery Ordinance of Hong Kong. The code specifies key areas such as bribery and embezzlement, abuse of power and company assets, conflicts of interest, and procurement and bidding procedures, with clear punitive measures for its violations.
Audit Supervision
The company strictly adheres to laws and regulations such as the Corporate Governance Code of the Hong Kong Stock Exchange, and actively promotes the construction of the internal audit system. The Audit and Risk Committee is established under the Board of Directors, and audit agencies are set up in the headquarters and important subsidiaries with about 600 audit personnel. Upholding the principle of “Thorough and Rigorous Auditing”, the audit agencies at all levels independently supervise the company’s risk management and internal control, aiming to assist the company in improving its management, achieving development goals, and fully leveraging the crucial role of internal audit in the corporate governance and supervision system.
The company has implemented a number of internal audit systems, including the Internal Audit Regulations, Management Regulations for Internal Audit Agencies of Subsidiaries, and Code of Ethics for Internal Audit Personnel . The headquarters’ audit agency reports to the Audit and Risk Committee on a quarterly basis regarding system-wide audit activities, audit findings and rectification, as well as internal audit personnel resources. Furthermore, an annual evaluation of internal audit work is conducted to assess subsidiary audit management, audit quality, audit performance, communication and coordination, and to provide specific guidance and suggestions.
Strengthening Overseas Compliance Operations to Guard Against Integrity Risks
In 2022, we undertook a specialised study to enhance our compliance operations overseas, which has yielded significant advancements in mitigating integrity risks in our foreign investments and operations.
Organisational Structure |
√ We’ve established a leadership group for overseas compliance management at the company’s headquarter, which is composed of the chairman, vice-chairman, senior executives, and some mid-level management personnel.
√ Subsidiaries with substantial overseas operations, including CITIC Securities, China Securities, CITIC Metal, and CITIC Heavy Industries, have each established integrity and compliance management bodies headed by their respective responsible persons. |
---|
Institutional building |
√ We have issued the Guiding Opinions on Strengthening Overseas Integrity and Compliance Management, which puts forward specific requirements for financial management and control, procurement of materials, commissions, and hospitality expenses within our overseas institutions. By doing so, we aim to enhance the management and control of integrity and compliance risks.
√ We have developed eight regulatory documents covering critical areas, including risk, investment, finance, and security management, to refine the requirements for integrity operations. Overseas project managers are now required to sign an Integrity Commitment Letter, and we have included overseas integrity risk indicators in the performance assessment of management personnel at our headquarters and subsidiaries such as CITIC Bank, and CITIC Environment. CITIC Metal has also established mechanisms for reclaiming and withholding the compensation of leaders of overseas institutions in case of integrity violations.
√ We have compiled the Overseas Risk Management Manual (5 volumes and 7 books), which combs through relevant policies, laws and regulations, international treaties, and practical tools related to overseas business for use by our various overseas institutions.
√ 15 subsidiaries, including CITIC Construction, CITIC Dicastal, and CITIC Heavy Industries, have made improvements to 220 relevant institutional documents. Four subsidiaries, including CITIC Bank, have set integrity requirements for overseas operations in 44 institutional documents. |
---|
Learning and training |
√ We have organised special training for all overseas employees in eight areas, including overseas business strategy and investment management, key personnel management, hospitality expenses, and performance compensation.
√ We have offered lectures and training sessions on overseas integrity and compliance management for a total of 111 times in 8 subsidiaries including CITIC Metal. |
---|
Integrity education
We place a high value on anti-corruption training for everyone involved in our organisation. This includes the board of directors, management, as well as all employees, including third-party staffing. We educate our staff on the importance of maintaining good behavior standards and moral norms by offering warning education conferences, integrity education lectures, business training sessions, and integrity education videos, as well as reporting typical cases of violations of discipline, law and dereliction of duty. Our aim is to actively guide the entire company towards building a solid defense against corruption by creating a culture where it is impossible, unthinkable, and unacceptable to engage in corrupt practices.
In 2022, the company’s headquarters released a number of online courses on integrity and compliance training via the internal learning platform and procured books on anti-corruption and clean governance policies for its staff. In addition to these efforts, the headquarters also continued to carry out integrity education in various forms.
Types of Training |
Employee Coverage |
---|---|
Organised the board of directors, management to learn about relevant policies and regulations |
Covering about 3,000 person-times |
Organised all employees to learn about warning education |
Covering over 220,000 person-times |
Invited senior executives and internal and external experts to give lectures on anti-corruption education |
Covering about 2,000 person-times |
Provided training courses for full-time discipline inspection and supervision personnel |
Covering 1,106 people |
Organised all employees to learn about relevant policies and regulations |
Covering about 10,000 person-times |
Daily Integrity Education |
Played educational videos such as “Integrity Classroom” in public places such as elevators |
Reminded all employees to maintain integrity on a regular basis through notifications, text messages, and other forms covering 180,000 person-times |
CITIC Bank has offered nearly 60,000 compliance training sessions and over 6,000 inspection visits at all levels throughout its organisation. They distributed articles on regulatory environment, policy interpretations, and experience sharing through their corporate WeChat account.
CITIC Securities has rolled out anti-commercial bribery and integrity policies, established a sound commitment system for integrity practice, and offered multiple online training sessions on integrity operations covering over 20,000 people.
CITIC Trust has been organizing the “Integrity Culture Month” event for nine consecutive years, and has also released 24 issues of the “Discipline Inspection Classroom”.
Whistleblower Protection
We’ve established an accessible reporting channel and follow the Rules for Handling Reports and Accusations by Disciplinary Inspection and Supervision Organisations. We’ve developed Management Methods for Disciplinary Inspection, Supervision, and Reporting, Management Measures for Petition, and Measures for Encouraging Real-name Reporting and Punishing False Accusations and Framing. We’ve created Reporting Policies and Guidelines for Handling Reports for our operations in Hong Kong. We’ve defined the scope, channels, and processes for handling reports and petitions, while protecting the information of whistleblowers and safeguarding their legitimate rights and interests.
Reporting Channels |
Whistleblower Protection |
---|---|
√ Disciplinary inspection, supervision, and petition institutions at all levels have publicly disclosed their scope of acceptance for handling reporting and complaints, mailing address, reception address, reporting hotline, fax number, email address, and reporting mailbox.
√ The headquarters have established a mailbox for the Chairman and CEO (chairman-president@citic. com) which is monitored by a dedicated person who forwards these emails to the disciplinary inspection, supervision, or petition institutions for processing. |
√ We encourage whistleblowers to leave their names and contact information. We ensure strict protection of their information, and prohibit any threats, attacks, or retaliation against them.
√ We accept anonymous reporting through any channel.
√ We treat whistleblowers with courtesy and respect, without subjecting them to harassment or discrimination in any manner. |
Beijing Headquarter: |
Hong Kong Headquarter: |
---|---|
Fax: 86-10-64661186 Email: g-contact@citic.com Petition Hotline: 010-64665166 Petition Email: xinfang@citic.com Address: CITIC Tower, No. 10 Guanghua Road, Chaoyang District, Beijing |
Email: zxgfjb@citic.com Address: 31st Floor, CITIC Tower, 1 Tim Mei Avenue Central, Hong Kong |
Employee Conduct Management
We’ve developed and implemented an Employee Code of Conduct in accordance with the Corporate Governance Code of the Hong Kong Stock Exchange. This code outlines requirements for directors and employees regarding personal behaviors, such as bribery, illegal gifts and commissions, acceptance and provision of hospitality, as well as relationships with suppliers and contractors, customers and consumers, employment regulations, compliance supervision, and enforcement methods. It stipulates that employees must comply with relevant laws, regulations, and company policies during work and related business activities. The company summarises and reports on its compliance performance twice a year across the entire system, and submits it for review by the Board’s Audit and Risk Committee. In the event of noncompliance, the company takes appropriate corrective measures and makes prompt rectification in accordance with relevant regulations.
We, along with all subsidiaries have put in place management systems for the use of funds, including Regulations on Official Hospitality Management, Implementation Rules for the Remuneration and Business Expenses of Enterprise Leaders, Measures for the Management of Business Hospitality Expenses , and Administrative Fund Management Measures. These systems ensure comprehensive management of budgeting, planning, approval, use, reimbursement, supervision, and accountability for funds. In addition, a special inspection team for fund use has been established by relevant departments, which carries out inspections across all departments and subsidiaries every three years.
CITIC Bank has formulated the Anti-fraud Audit Management Measures and conducts annual audits on employee behavior. By leveraging digital technology, they continuously improve their monitoring methods for employee behavior and focus on monitoring instances of malfeasance and violations of duty by employees in areas such as credit access, credit approval, asset disposal, centralised procurement, and salary expenses. In 2022, CITIC Bank integrated employee behavior audits into their special and economic responsibility audit work, with a focus on key positions and higher-level leadership. In addition, CITIC Bank has also established the Implementation Measures for Supervision and Discipline Enforcement Work, which provides clear regulations on the acceptance, processing, feedback mechanisms, and time limits for employees who wish to appeal disciplinary decisions and contest their penalties.
CITIC Securities has established an authorisation management system to effectively manage critical permissions within appropriate levels. This system comprises management authorisation, contract agreement authorisation, and special authorisation, and has proven effects in preventing and detecting risks related to integrity. Furthermore, the company has implemented a system to monitor employee communication behavior in order to comprehensively regulate their professional conduct.
Supplier management
We have established a procurement management mechanism and formulated the Procurement Management Regulations in accordance with the Bidding Law of the People’s Republic of China and the Ministry of Finance Interim Provisions on the Centralised Purchasing Management of State-owned Financial Enterprises. This ensures full-process management of procurement work throughout our organisation. By the end of 2022, the headquarter of the company had a total of 187 qualified suppliers registered, among which 176 are domestic and 11 are overseas.
In 2022, we identified weaknesses in the overall management, supervision, and inspection of our procurement processes. To address these issues, we have launched a special rectification session that is scheduled to be completed in 2023. As part of this effort, we have developed a Reform Program on Centralised Procurement Management Mechanism, which identified 10 reform measures and key tasks including the establishment of management agencies, clear division of powers and responsibilities, optimisation of procurement systems and workflows, enhancement of professional talent, and strengthened supervision and inspection, with the following key measures being taken to mitigate integrity risks:
Strengthening supplier management |
√ Urge all levels to establish and strictly adhere to supplier admission standards. When selecting new suppliers, important factors such as commercial bribery, fraud and malicious bidding, should be taken into consideration. The admission of suppliers for products and services that do not meet the requirements should be strictly restricted.
√ Establish a Ethical Cooperation Agreement with suppliers that promotes transparency, fairness, and open competition in the procurement processes. Strengthen anti-corruption education and supervision for personnel involved in procurement work. |
---|
Optimising institutional system |
We have implemented additional measures under the newly revised Procurement Management Regulations to further enhance the integrity management of our registered suppliers, procurement departments, and relevant personnel:
√ Any supplier who engages in the following behaviors will be removed from the supplier pool and, generally, will not be recommended for inclusion in the registered supplier database for a period of one year: serious illegal or unethical behavior, such as commercial bribery or fraud; actions that disrupt the procurement processes, such as malicious bidding, collusion, false reporting, or malicious complaints; serious issues related to their business reputation or product quality; and any illegal or unethical conduct that causes negative consequences for our company.
√ Procurement departments and personnel must maintain high ethical standards and avoid any personal interest relationship with suppliers or illicit activities that result in personal gain from suppliers during the procurement process. These activities may include holding a part-time position or receiving compensation from an enterprise with a vested interest in the procurement, engaging in paid intermediary activities using job- related advantages, and accepting or soliciting intermediary fees, rebates, commissions, gifts, securities, or consumer services provided by suppliers. Procurement personnel must proactively recuse themselves from the procurement process when they have a personal interest relationship with relevant suppliers. |
---|
Enhancing audit and control |
√ Prioritising procurement management in internal auditing, establishing a supervisory system that covers all levels of the organisation, carrying out regular audits and supervision of bidding and procurement processes as a standard practice, and dealing with any illegal and violating activities such as fraudulent procurement, bid-rigging, and bribery in centralised procurement severely. |
---|
Anti-Money Laundering
CITIC Limited has established the Anti-money Laundering Management Measures, which defines the management structure and devision of duties, and requires strict compliance with relevant laws and regulations. In the meanwhile, the company has built up and upgraded the Anti-money laundering screening system. CITIC Financial Holdings has developed the Anti-money Laundering and Anti-Terrorist Financing Management Measures, promoting the establishment of a clear and well-defined Anti-money laundering management system. The board of directors fulfill their management responsibilities in accordance with CITIC Financial Holdings’ articles of association and relevant regulatory requirements. Meanwhile, the management team is responsible for implementing Anti-money laundering risk management. CITIC Financial Holdings’ Compliance and Risk Management Department is in charge of centralized management of Anti-money laundering and implements Anti-money laundering policy. It also researches, implements, and guides the Anti-money laundering efforts of CITIC Financial Holdings and its financial subsidiaries.
|
CITIC Bank |
CITIC Securities |
---|---|---|
Institutional Building |
√ Established a three-tiered anti-money laundering internal control system consisting of “top-level system + special system + line system” and an anti-money laundering system library.
√ This comprises two top-level systems, Basic Regulations for anti- money Laundering Internal Control Management and Anti-money Laundering Risk Management Policy, which cover the entire process of anti-money laundering from risk identification, assessment, monitoring, control, and reporting, along with 28 specialised systems for money laundering inspection and assessment, and 32 line systems targeted at combating money laundering. |
√ Formulated the Implementation Rules for Anti-money Laundering Inspection and Rectification, revised the Performance Evaluation and Reward/ Punishment Guidelines for Antimoney Laundering, and continuously strengthened the supervision and management of anti-money laundering work.
√ Revised the Anti-money Laundering Compliance Manual to improve employees' Anti-money laundering capabilities during their daily work. |
Anti-Money Laundering Training |
√ Provided regular anti-money laundering training to directors, supervisors, and senior management personnel; continued to offer both online and offline anti-money laundering training sessions to all employees, with a total of 1,110 Anti-money laundering training sessions organised in 2022. |
√ Provided 13 anti-money laundering training sessions to employees with a coverage rate of 100%.
√ Provided 22 anti-money laundering training sessions to the board of directors with a participation rate of 100%. |
---|
Anti-money laundering advocacy |
√ Integrated Anti-money laundering advocacy with consumer rights protection and other initiatives, and organised four social advocacy campaigns under relevant themes such as “Crackdown on Online Gambling and Scams to Protect Financial Security” and “Guard Against Illegal Fundraising and Combat Telecom Fraud”.
√ Utilised various internal platforms such as the enterprise intranet, “CITIC Bank Anti-money Laundering” public account, and short videos to promote financial knowledge about anti-money laundering to all employees and enhance the overall awareness of the bank about this issue. |
√ Conducted anti-money laundering advocacy campaigns at the banking hall, which reached 120,000 employees and customers.
√ Conducted 317 on-site advocacy activities, reaching an audience of 15,000 people.
√ Posted 41 anti-money laundering advocacy articles on WeChat public account and other platforms, with a total of more than 170,000 views. |
---|
Intellectual Property Management
We’ve put in place a specialised department that oversees the day-to-day management of legal affairs related to intellectual property right. In accordance with laws and regulations such as the Civil Code, Trademark Law, Copyright Law, and Patent Law of the People’s Republic of China, we have developed the Intellectual Property Management Measures to safeguard the rights of patents, works, trademarks, process flows, technical secrets, and other legally owned rights that arise from our business activities. In 2022, we focused on various initiatives such as “Protecting Proprietary Intellectual Property”, “Strengthening Brand Management”, and “Combating Intellectual Property Infringement”.
Protecting proprietary intellectual property |
√ We organised our subsidiaries to sort out their intellectual property achievements, including invention patents, utility model patents, and software copyrights. In 2022, we published one international standard and 17 national standards, and obtained 1,203 authorised patents, of which 424 were invention patents. |
---|
Combating intellectual property infringement |
√ We have developed the Guidelines for Dealing with Intellectual Property Infringement. Based on the precondition of respecting the intellectual property of others, these guidelines outline a four-stage process for investigating and managing infringement, including preserving relevant evidence, verifying and reporting the findings, taking necessary actions, and reporting the results. We also pay close attention to six frequently occurring types of infringement and provide corresponding measures to address them.
√ CITIC Dicastal has established a non-profit organisation —— Wheel Hub (Auto Parts) Intellectual Property Protection and Anti-Counterfeiting Center, which specialises in industry-specific intellectual property protection.
√ CITIC Press has set up a specialised Intellectual Property Protection Center that serves as an exclusive channel for readers and copyright holders to report and resolve intellectual property disputes. It collaborates with governmental entities, industry association to combat intellectual property infringement. |
---|
Strengthen brand management |
√ We’ve updated our Trademark Management Measures to impose strict requirements on brand usage and management, and to reduce risks associated with renting or selling the CITIC brand. We’ve also created the CITIC Trademark Registration and Usage Management Guidelines to refine our trademark management. Additionally, we’ve conducted a “negative list” investigation of the CITIC brand in Hong Kong and launched an investigation into accounts on new media platforms that infringe on our trademark. We push ahead with making necessary rectifications and update the positive list for brand usage. |
---|