China Railway Prefabricated Construction Co.Ltd(300374) about
Handled in China Railway Finance Co., Ltd
Risk assessment report of deposit and loan business
In accordance with the relevant requirements of China Securities Regulatory Commission and Shenzhen Stock Exchange, China Railway Prefabricated Construction Co.Ltd(300374) (hereinafter referred to as “the company”) assessed the business qualification, business and risk status of the finance company by checking the business license, financial license and other certificates and qualification materials of China Railway Finance Co., Ltd. (hereinafter referred to as “the finance company”), and reviewing the capital verification and audit report of the finance company, The relevant risk assessment is reported as follows:
1、 Basic information of Finance Co., Ltd
China Railway Finance Co., Ltd. was established on February 28, 2014.
1. Business registration profile
Name: China Railway Finance Co., Ltd
Nature of enterprise: other limited liability companies
Registered address: 5th floor, block C, China Railway Group Limited(601390) building, No. 6, Fuxing Road, Haidian District, Beijing
Legal representative: Wang Guoming
Registered capital: 9 billion yuan
Unified social credit Code: 91110 Sgis Songshan Co.Ltd(000717) 838206y
The business scope of the finance company includes: handling financial and financing consulting, credit assurance and related consulting and agency business for member units; Assist member units to realize the receipt and payment of transaction funds; Approved insurance agency business; Provide guarantee to member units; Handle entrusted loans and entrusted investments between member units (fixed income); Handle bill acceptance and discount for member companies; Handle the internal transfer settlement between member units and the corresponding settlement and clearing scheme design; Absorbing deposits from member units; Handle loans and financial leases for member units; Engage in interbank lending; Underwriting corporate bonds of member units; Securities investment (fixed income); Buyer’s credit and financial leasing business of member units’ products. (enterprises shall independently choose business items and carry out business activities according to law; for projects subject to approval according to law, they shall carry out business activities according to the approved contents after being approved by relevant departments; they shall not engage in business activities of projects prohibited and restricted by industrial policies of this city.)
2. Up to now, the composition of shareholders of the finance company is as follows:
Serial number name of contributor subscribed capital (100 million yuan) equity ratio
1 China Railway Group Limited(601390) 85.5 95.00%
2 China Railway Engineering Group Co., Ltd. 4.5 5.00%
2、 Basic internal financial control of the company
(1) Control environment
According to the requirements of modern corporate governance structure, the finance company has established the board of shareholders, the board of directors and the board of supervisors, and has clearly stipulated the responsibilities of the board of directors, directors, supervisors and senior managers in risk management. The board of directors has a risk management committee, an audit committee, a Remuneration Committee and an investment decision-making committee, which are responsible to the board of directors. In accordance with the principle of mutual checks and balances among decision-making system, execution system and supervision and feedback system, the financial company establishes good corporate governance and an organizational structure with reasonable division of labor, clear responsibilities and clear reporting relationship, so as to provide necessary preconditions for the effectiveness of internal control.
The organization chart is as follows:
(2) Risk identification and assessment
The finance company has formulated a series of internal control systems and management methods, operating procedures and internal control manuals for various businesses, and set up a risk management department (legal compliance department) and an audit department to conduct all-round supervision and audit on the business activities of the finance company. The finance company has established a relatively perfect hierarchical authorization management system, with clear division of responsibilities among departments and posts and clear reporting relationship at all levels. Through the reasonable setting of departments and post responsibilities, a risk control mechanism of mutual supervision and restriction between departments and posts has been formed. The risk management committee supervises the overall risk control of the financial company, reviews the risk status report of the financial company, and puts forward opinions on improving risk management and internal control.
(3) Control activities
1. Settlement business control
In terms of deposit absorption and settlement business of member units, the finance company has formulated settlement management and business systems such as settlement business management measures, RMB settlement account management measures and RMB deposit business management measures in accordance with various regulatory laws and regulations; For cross-border capital business, the measures for the administration of foreign exchange capital deposit business and the operating procedures for foreign exchange capital settlement business are formulated. Each business system has detailed operating procedures, clear business links, executive roles and main business rules to effectively control business operation risks. In terms of deposits, the finance company shall strictly follow the principles of equality, voluntariness, fairness and good faith to handle deposit business for member units, and the relevant policies shall be implemented in strict accordance with the relevant provisions of the CBRC and the people’s Bank of China, so as to fully ensure the safety of the funds of member units and safeguard the legitimate rights and interests of all parties. In terms of fund settlement, the financial company mainly relies on the fund settlement system for system control. The fund settlement system supports customers’ multi-level authorization and approval of business to prevent customers’ operational risks. When member companies log in to the fund settlement system to submit instructions, the key elements cannot be deleted to ensure the integrity of the business instructions submitted by member companies. The settlement business of the financial company has set up three lines of Defense: the settlement post is based on the separation of incompatible posts as the first line of defense, the post role authorization is the second line of defense, and the comprehensive supervision of the audit department is the third line of defense. The finance company has established a relatively perfect business approval and authorization system to determine the authority of personnel in different positions of settlement to deal with business according to the type of business, amount and risk level. The fund settlement system supports the online reconciliation function and supports the real-time query and verification of the accounts of member companies.
2. Control of foreign exchange settlement and sales business
The foreign exchange settlement and sales business of the finance company includes the settlement and sales of foreign exchange on behalf of customers and self settlement and sales of foreign exchange. The finance company has formulated the operating procedures for agency spot foreign exchange settlement and sales business, management regulations for spot foreign exchange settlement and sales business and other system documents to standardize the daily operation of foreign exchange settlement and sales business.
The risk management department shall conduct overall risk management on the foreign exchange settlement and sales business, strengthen the business risk review, and ensure the legal compliance of the company’s foreign exchange settlement and sales business; The financial business department is the centralized management department of foreign exchange settlement and sales business, which is responsible for accepting applications for foreign exchange settlement and sales, making quotations for foreign exchange settlement and sales business, and completing transactions in the inter-bank foreign exchange market; The settlement business department is responsible for the settlement of foreign exchange settlement and sales funds and accounting treatment; The audit department is responsible for the audit and supervision of the foreign exchange settlement and sales business system and business operation.
3. Credit business control
In terms of credit business management, the finance company strictly implements credit management and handles various credit businesses within the credit line for member units. Detailed management measures have been formulated for all credit businesses, business is carried out in strict accordance with the system, and the whole process risk management of credit business is implemented. Specifically, it includes:
(1) Credit
The finance company establishes the credit scale and scope according to the financing needs and financial status of member units every year to ensure that the total amount of credit is reasonable and the structure is balanced.
The credit approval of member units shall follow the principle of “rating before credit”, and shall take effect only after being approved by risk review, loan review committee and authorized approver.
(2) Self operated loan
The financial company carries out self loan business within the credit limit of its member units, and carries out the three check system in its own loans, and conducts pre loan investigation, loan review and post loan inspection. The approval of the self financing loan strictly adhered to the principle of separation between the central and the backstage. The credit business, after the credit department launched and completed the pre loan investigation, reported the risk management department to the risk management review. After the approval of the finance company loan review committee and the authorized examiner, the loan could be released. According to different risk levels of member units, different guarantee methods such as credit, mortgage and pledge are required for self operated loans.
(3) Bill business
The finance company carries out bill acceptance and bill discount business. Strictly control credit risk in bill acceptance business: first, review the authenticity of trade background; Second, pay attention to the operation status of the applicant and bring the bill acceptance business into the unified credit management of customers. Strictly control operational risks in bill discount business: first, strictly review the elements and authenticity of bills, and pay attention to query; Second, strictly examine the qualification of discounters to ensure that Bill transactions are true and reasonable; Third, strictly follow the discount operation process to ensure the legality and compliance of system operation and business approval; Fourth, strengthen bill management and implement the system of special personnel.
(4) Guarantee business
The finance company manages the guarantee as a risky asset, and the guarantee business is carried out according to the index requirements of the regulatory authority
Total amount control, and regularly carry out five level classification of assets to ensure that asset risks are controllable.
(5) Intermediary business
The finance company carries out entrusted loans, financial consultants and other intermediary businesses, does not advance funds, only charges handling fees, and does not bear any form of capital risk. The entrusted loan business must be deposited before lending. If the borrower cannot repay the principal and interest of the loan, the finance company will not bear the responsibility of repaying the principal and interest. Financial advisory business adheres to independence, does not make financing commitments in financial advisory services, does not issue false reports, and does not support illegal requirements.
4. Internal audit control
The finance company has formulated internal audit management measures, audit procedure management regulations, business audit operation rules and internal control evaluation management measures, defined the responsibilities and authorities of internal audit institutions and auditors, the contents and procedures of internal audit work, and established a relatively perfect audit system. Under the leadership of the company’s Party committee and the board of directors, the audit department shall independently carry out audit work, conduct comprehensive audit at least once a year, and audit the implementation of regulatory requirements and superior deployment, corporate governance, operation management, internal control and compliance, information system and rectification of problems found in audit; Conduct special rotation review on the compliance and effectiveness of business activities of all business lines and departments of the company in a three-year cycle; Carry out internal control evaluation on an annual basis, and inspect and evaluate the design and operation of the company’s internal control system. Through comprehensive and systematic audit, it has played the role of “the third line of defense” of risk management and ensured the stable operation of the company.
5. Information system control
In accordance with the information technology risk supervision requirements issued by the China Banking and Insurance Regulatory Commission and other regulatory bodies, the finance company has established a perfect information security control system and information technology risk identification and management mechanism, established a network information security leading group, defined the responsibilities of information security, and continued to promote the construction of host, network, data, software system and other information facilities in accordance with the principle of autonomy and controllability.
(1) Submit information technology risk reports and statements, network security self inspection reports, etc. according to the requirements of benchmarking supervision, improve the information security management mechanism, formulate and improve the management methods of computer room, network, data and other security aspects, clarify the quantitative indicators of system operation and maintenance and patrol inspection, and realize the online management of demand application, production change and other processes. (2) Regularly carry out information system level protection evaluation, special information audit and security self inspection, strictly inspect information security and system construction and operation and maintenance, locate work weaknesses and missing items, and accurately carry out information security rectification and reinforcement.
(3) Continuously strengthen the security construction, security management and security operation and maintenance of core business systems in accordance with the three-level system security standard of information system level protection. Adopt digital signature encryption technology to realize information security protection such as data encryption, secure session and identity authentication; Adopt distributed application technology to realize system redundancy deployment and load balancing to ensure the safe, efficient and stable operation of the system; Continuously improve the system baseline, standard operation, work manual and script, and strengthen the standardized management of system operation and maintenance and operation.
(4) Formulate the top-level architecture design of information security, complete the network topology design and equipment deployment according to the principle of autonomy and controllability, divide the network into different areas such as Internet, core business, e-ticket, foreign exchange and bank enterprise according to business applications, realize network isolation and boundary protection, and deploy special security equipment such as leak scanning, intrusion detection and log audit to ensure network security; Adopt encryption machine, bank enterprise special line and other measures to ensure the security of bank enterprise payment channel; Deploy fortress machines to uniformly manage the access to the production environment, and strengthen access control and process monitoring; Deploy ads devices to effectively clean external DDoS attack traffic.
(5) Deploy large amount monitoring, supervision and reporting system to control fund payment and daily management, analyze daily business through fund business data establishment, strengthen risk early warning and management, deploy data disaster recovery system to back up business data, regularly carry out data backup and recovery test, and verify the security and effectiveness of data backup.
(6) Formulate emergency plans for computer rooms, networks, business systems, etc., regularly carry out emergency training and drills, improve emergency response and disposal capabilities, and timely report the discovery and disposal process of emergencies.
(4) Overall evaluation of internal control
The internal control system of the financial company is perfect and implemented effectively. All businesses can be carried out in strict accordance with the system and process without major operational risks; All regulatory indicators meet the requirements of regulatory authorities; The business operation is legal and compliant, the management system is sound, and the risk management is effective.
3、 Operation management and risk management of finance company
(1) Operation
As of September 30, 2021, the total assets of the finance company were 75.212 billion yuan and the owner’s equity was 11.967 billion yuan. Deposits from member units reached 63.089 billion yuan. From January to September 2021, the company realized an operating revenue of 1.364 billion yuan, a total profit of 673 million yuan and a net profit of 529 million yuan. (the above data has not been audited)
(2) Management situation
Since its establishment, the finance company has adhered to the principle of sound operation, and has managed through routine audit, special internal audit and system construction in strict accordance with the company law of the people’s Republic of China, the law of the people’s Republic of China on banking supervision and administration, the accounting standards for business enterprises – basic standards, the measures for the administration of financial companies of enterprise groups, relevant national financial laws, regulations and articles of association under the framework of comprehensive risk management Internal control construction and evaluation, standardize business behavior, and consolidate the internal control management of the financial company.
(3) Regulatory indicators
According to the measures for the administration of financial companies of enterprise groups and other relevant provisions, as of September 30, 2021, all regulatory indicators of the financial company have met the specified requirements.
Classification index name regulatory requirements September 30, 2021
Capital adequacy ratio
