Internal Control Systems

(1) Internal Control

Internal control systems have been designed to monitor and facilitate the accomplishment of the Company's business objectives, safeguard its assets against loss and misappropriation, ensure maintenance of proper accounting records for the provision of reliable financial information, ensure the Company's compliance with applicable laws, rules and regulations, and to provide reasonable, but not absolute, assurance against fraud and errors.

The Company has continuously refined the policies and standards for the control environment based on the risk control framework established in the Internal Control Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (the "COSO"). In the past few years, the Company has: standardized control procedures for monitoring the financial reporting and period-end financial closing procedures at the branch level and upgraded the business performance review processes and controls; expanded accounting manuals to clearly document key controls and processes for preparing consolidated financial statements in accordance with applicable accounting standards; hired additional accounting professionals with experience in financial reporting and familiarity with international accounting practices and increased technical training for the finance and accounting personnel in respect of relevant accounting standards; established and implemented the code of ethics for senior officers and employees, company-wide anti-fraud policies and whistle-blowing mechanisms; enhanced internal controls over branches by assessing the effectiveness of internal controls at branch-level based on our enterprise risk assessment results and preliminarily formulated long-term implementation plan on internal control.

The Company has an internal audit department of over 150 staffs, with officers stationed at various provincial branches. The internal audit department reports directly to the Audit Committee and is independent of the Company's daily operation and accounting functions. Internal audit focuses on efficiency, accountability and internal controls of the Company. It contributes to the strengthening of operation and management of the Company, improvement in internal control systems, mitigation of operational risks and increases in economic efficiency. Internal audit also enhances the monitoring of the operation and financial management of the Company, so that the internal audit system can further satisfy the requirements of internal controls.

The Board has overall responsibility for maintaining sound and effective internal control systems. For the year ended 31 December 2007, the Board, pursuant to the Code Provision, conducted an annual review of the effectiveness of the internal control systems of the Company and its subsidiaries based on thorough discussions with and review of evaluation report prepared by the Company's Internal Audit Department, as well as frequent meetings with the Company's management. The review covered all material aspects of our control functions, including financial, operational, information system and compliance controls and risk management functions.

(2) Information Disclosure Controls and Procedural Standards

In order to further enhance the Company's system of information disclosure, and to ensure the truth, accuracy, completeness and timeliness of our public disclosures, the Company has adopted and implemented Information Disclosure Controls and Procedural Standards, pursuant to which the Information Disclosure Review Committee, led by the management, was established by the Company and the procedures were established to compile and report the Company's financial and operational statistics and other information and to review the periodic reports. Detailed implementation rules were also established for the verifications on the contents and requirements of financial data, especially the upward declarations from the individual responsible officers at the subsidiary, branch and major department levels of the Company, which in turn standardized the fundamental principles of information disclosures that need to be complied with.