The Bank is continuously improving its risk management system by making it more centralized in organization and more specialized in function. The result has been a constant improvement of asset quality, credit structure optimization and an increasingly higher provision coverage ratio, all at a reasonably maintained credit cost control level.

The Bank has adopted vertical risk management for its branches and horizontal risk management for its business lines. Credit management is highly centralized, with Head Office and tier-one branches conducting credit examination and approval, and determining the credit ratings of corporate customers and the risk classifications of loans.

The Bank has also enhanced its asset quality monitoring system, which has allowed it to improve the risk management and monitoring of Special Mention loans. The system places an emphasis on monitoring potentially high-risk customers, i.e. those characterized by large-scale credit exposures, frequent capital operation, incomplete governance mechanisms and non-transparent information.

The Bank has constructed three lines of defense into its internal control mechanism. First, the Bank has established legal and compliance departments in the Head Office and domestic tier-one branches, and appointed full-time and part-time compliance officers in its overseas operations. Second, the Bank has formulated and issued a Group-wide compliance policy, defining the compliance responsibilities of employees and management members at different levels. Third, the Bank has unified the management of regulations and rules, formulated a bank-wide credit management scheme, and established a contract reporting and filing system.

The Bank's audit optimization plan sets out an audit policy framework with distinctive layers and mutual linkages, so as to perform audit confirmation, anti-fraud activities, consultation and internal control evaluation in a comprehensive manner. Under the management of Head Office, this plan covers organizational structure, management systems, policies, regulations and practical technologies, as well as considering the reporting requirements of regulatory authorities. The Bank also engages with external institutions to evaluate the audit.

The Bank is committed to ensuring that there is proper risk control in its overseas branches. To this end, the Bank has formulated its Administrative Measures on Compliance Officers of Overseas Branches and reinforced communication with overseas regulatory institutions, thereby guaranteeing that the internal management of overseas institutions are in line with local regulatory requirements.

BOC's internal control mechanism also takes into account its affiliated businesses. To ensure that directors and supervisors understand the risk control implications of the Bank's relationship with its affiliated businesses, the Bank has formulated its Guidelines on Information Communication with Affiliated Companies, Guidelines on Management Functions and Work Flows of Overseas Affiliated Branches, as well as other regulations and bylaws.

The Bank links compliance with personnel performance and remuneration,and has strengthened compliance training and supervision.Its Addressing Measures on Personnel Violations policy document covers various business categories and management areas. The number of cases and persons liable for illegal acts and breaches of the rules and regulations of the Bank decreased by 63% and 96% respectively in 2007.

BOC is one of the first domestic banks to study and implement the Basel II Accord released by the Basel Committee on Banking Supervision. In addition, the Bank participated in the editing and translation of Basel II documents organized by the China Banking Regulatory Commission and attended the testing of quantitative impacts organized by the People's Bank of China. Since 2005, the Bank has carried out a series of studies including data gap analysis and corporate customer PD model development in fields such as credit risk, market risk and operational risk.

The Bank set up the Basel II Implementation and Leading Team, composed of senior management and the heads of principal departments,and established the Basel II Implementation, Planning and Coordination Office. The Board of Directors examined and approved the Report on Gap Analysis and Overall Planning for Basel Implementation of the Bank to Define the Implementation Standards, Roadmap and Schedule. Of the 14 overseas branches located in countries with regulatory requirements related to Basel II, seven already meet local regulatory requirements and seven are accelerating their efforts towards compliance.

The Bank's anti-money laundering management framework adheres to the requirements of the Law of the People's Republic of China on Anti-money Laundering and all related regulations. BOC rigorously meets its obligations in terms of customer identity recognition, employee training, accurate and timely reporting of large-sum and suspicious transactions, and actively cooperates with supervisory departments and international law enforcement agencies in anti-money laundering investigations. In 2007, domestic branches of the Bank held over 2,500 anti-money laundering awareness sessions involving more than 200,000 staff.

The Bank honors the relevant resolutions of the Security Council of the United Nations and does not provide financial services for institutions and individuals engaged in money laundering, terrorist financing, or the proliferation of weapons of mass destruction. The Bank is committed to compliance with the anti-money laundering and anti-terrorism provisions of international organizations and local jurisdictions.

The Bank's Administrative Measures on Intellectual Property policy sets out a unified regulatory process for the protection and management of the Bank's intellectual property rights.

The Bank has prepared reading materials such as the Interpretation of Relevant Legal Issues concerning Corporate Loan, the Collection of Legal Consultations, and the Case Study of Banks, to promote bank-wide employee education regarding legal matters.

Using its internal Legal and Compliance Information Network, the Bank issues timely updates on the latest laws, regulations and supervisory requirements, and uploads compliance risk reminders and materials and video documents of legal knowledge training on a regular and ad hoc basis.

The Bank also regularly carries out compliance testing. In 2007, a total of 204,000 managers and employees took part in testing with a success rate of 99.97%.