Document from CIS Legislation database © 2003-2021 SojuzPravoInform LLC

RESOLUTION OF BOARD OF NATIONAL BANK OF THE REPUBLIC OF KAZAKHSTAN

of November 12, 2019 No. 188

About approval of Rules of forming of risk management system and internal control for banks of the second level, branches of nonresident banks of the Republic of Kazakhstan

(as amended on 24-02-2021)

According to the Law of the Republic of Kazakhstan of August 31, 1995 "About banks and banking activity in the Republic of Kazakhstan" the Board of National Bank of the Republic of Kazakhstan DECIDES:

1. Approve the enclosed Rules of forming of risk management system and internal control for banks of the second level, branches of nonresident banks of the Republic of Kazakhstan.

2. Recognize invalid regulatory legal acts of the Republic of Kazakhstan, and also structural elements of some regulatory legal acts of the Republic of Kazakhstan according to the list according to appendix to this resolution.

3. To provide to department of methodology and regulation of the financial organizations in the procedure established by the legislation of the Republic of Kazakhstan:

1) together with Legal department state registration of this resolution in the Ministry of Justice of the Republic of Kazakhstan;

2) placement of this resolution on official

Internet resource of National Bank of the Republic of Kazakhstan after its official publication;

3) within ten working days after state registration of this resolution submission to Legal department of data on execution of the actions provided by the subitem 2) of this Item and item 4 of this resolution.

4. To department of external communications - the press service of National Bank of the Republic of Kazakhstan to provide within ten calendar days after state registration of this resolution the direction it to the copy on official publication in periodic printing editions.

5. To impose control of execution of this resolution on the vice-chairman of National Bank of the Republic of Kazakhstan Smolyakov O. A.

6. This resolution becomes effective after ten calendar days after day of its first official publication.

7. To banks of the second level till October 1, 2020 to bring the activities into accord with requirements of this resolution.

Chairman of National Bank

E.Dosayev

Approved by the Resolution of Board of National Bank of the Republic of Kazakhstan of November 12, 2019 No. 188

Rules of forming of risk management system and internal control for banks of the second level, branches of nonresident banks of the Republic of Kazakhstan

Chapter 1. General provisions

1. These rules of forming of risk management system and internal control (further - Rules) are developed for banks of the second level, branches of nonresident banks of the Republic of Kazakhstan according to part two of Item 1 of article 40-5 of the Law of the Republic of Kazakhstan of August 31, 1995 "About banks and banking activity in the Republic of Kazakhstan" (further - the Law on banks) and establish procedure for forming of risk management system and internal control of banks of the second level, branches of nonresident banks of the Republic of Kazakhstan (further - bank).

2. In Rules the following concepts are used:

1) risk of information technologies - probability of emergence of damage owing to refusal (functioning violation) of the information and communication technologies operated by bank;

2) risk of information security - probable emergence of damage owing to violation of confidentiality, deliberate violation of integrity or availability of data assets of bank;

3) authorized collegiate organ of bank - the board of directors, committee in case of the board of directors, board, committee under board;

4) reputation risk - probability of emergence of losses, non receipt of the planned income in result of narrowing of client base, decrease in other indicators of development owing to forming in the society of negative idea of reliability of bank, quality of the services rendered to them or nature of activities of bank in general;

5) legal risk - probability of emergence of losses owing to non-compliance by bank or the partner of requirements of the civil, tax, bank law of the Republic of Kazakhstan, the legislation of the Republic of Kazakhstan on state regulation, control and supervision of the financial market and the financial organizations, legislations of the Republic of Kazakhstan on currency control and currency exchange control, on payments and payment systems, on provision of pensions, on the security market, on financial accounting and the financial reporting, on credit bureaus and forming of credit stories, on collection activities, on obligatory guaranteeing deposits, on counteraction of legalization (washing) of income gained in the criminal way, and to terrorism financing, about joint-stock companies, and in the relations with nonresidents of the Republic of Kazakhstan - legislations of the country of its origin, and also conditions of the signed agreements;

6) internal process of assessment of capital adequacy - set of processes of management of substantial risks, taking into account amount of assets, nature and level of complexity of activities, organizational structure, strategic plans, risk profile of bank, the regulatory legal base, assessment and aggregation of such risks for the purpose of determination of the target objective of capital adequacy of bank for maintenance of stable financial position and solvency.

The capital of branch of bank of the nonresident of the Republic of Kazakhstan is understood as the assets of branch of nonresident bank of the Republic of Kazakhstan accepted as reserve, calculated according to requirements of the resolution of Board of the Agency of the Republic of Kazakhstan for regulation and development of the financial market of February 12, 2021 No. 23 "About establishment of prudential standard rates and other regulations and limits, obligatory to observance, for branches of nonresident banks of the Republic of Kazakhstan (including branches of Islamic nonresident banks of the Republic of Kazakhstan), their normative values and technique of calculations, including procedure for forming of assets of branches of the nonresident banks of the Republic of Kazakhstan (including branches of Islamic nonresident banks of the Republic of Kazakhstan) accepted as reserve, and their minimum size", registered in the Register of state registration of regulatory legal acts at No. 22213;

7) unsecured consumer loan - the bank loan without condition about pledge at the time of issue provided to physical person on the purposes which are not connected with implementation of business activity;

8) komplayens-risk - probability of emergence of losses owing to non-compliance by bank and its workers of requirements of the civil, tax, bank law of the Republic of Kazakhstan, the legislation of the Republic of Kazakhstan on state regulation, control and supervision of the financial market and the financial organizations, legislations of the Republic of Kazakhstan on currency control and currency exchange control, on payments and payment systems, on provision of pensions, on the security market, on financial accounting and the financial reporting, on credit bureaus and forming of credit stories, on collection activities, on obligatory guaranteeing deposits, on counteraction of legalization (washing) of income gained in the criminal way and to terrorism financing, about joint-stock companies, the internal documents of bank regulating procedure for rendering by bank of services and carrying out transactions in the financial market and also the legislation of foreign states, the bank exerting impact on activities;

9) corporate management - system of relations between bank board (the relevant executive body of nonresident bank of the Republic of Kazakhstan which branch is open in the territory of the Republic of Kazakhstan leading employees of branch of nonresident bank of the Republic of Kazakhstan), the board of directors (relevant organ of management of nonresident bank of the Republic of Kazakhstan which branch is open in the territory of the Republic of Kazakhstan) of shareholders, leading employees and auditors, and also relations between authorized collegiate organs of bank.

The corporate management system allows to organize distribution of powers and responsibility, and also to construct corporate decision making process;

10) credit risk - the probability of emergence of losses arising owing to failure to carry out by the borrower or partner of the obligations in accordance with the terms of the agreement of bank loan;

11) creditworthness - the complex legal and financial characteristic of the borrower provided by financial and non-financial performance, allowing to estimate its opportunity in the future completely and in time to fulfill agreement obligations of bank loan;

12) the credit agreement - the agreement between bank and the borrower on financing provision (including conditional financing) as a result of which the bank has (or will arise in the future) requirements to the borrower;

13) funding plan on case of contingencies - set of procedures and the action plan for response to decline in the ability of bank timely to answer for the obligations;

14) division owner of the protected information - division of bank, the owner of information, violation of confidentiality, integrity or availability of which will lead to losses for bank;

15) critical data asset - the data asset determined according to the resolution of Board of National Bank of the Republic of Kazakhstan of March 27, 2018 No. 48 "About approval of Requirements to ensuring information security of the banks, branches of nonresident banks of the Republic of Kazakhstan and the organizations performing separate types of banking activities, Rules and terms of provision of information on incidents of information security, including data on violations, failures in information systems", registered in the Register of state registration of regulatory legal acts at No. 16772;

16) substantial risk - risk which realization will lead to deterioration in financial stability of bank;

17) conflict of interest - situation in case of which there is contradiction between personal interest of officials of bank its shareholders, (shareholders of nonresident bank of the Republic of Kazakhstan which branch is open in the territory of the Republic of Kazakhstan) and (or) his workers and proper execution of the ex-officio full powers by them or valuable and other interests of bank and (or) its workers and (or) clients which will entail adverse effects for bank and (or) its clients;

18) market risk - the probability of emergence of financial losses according to balance sheet and off-balance sheet items caused by adverse changes of market situation, which is expressed in changes of market interest rates, foreign exchange rates, market value of financial instruments, goods;

19) operational risk - probability of emergence of losses as a result of inadequate and insufficient internal processes, human resources and systems, or influences of external events, except for strategic risk and reputation risk;

20) internal process of assessment of sufficiency of liquidity - set of risk management processes of liquidity, for the purpose of maintenance of the proper level of liquidity by bank and implementation of proper risk management system of liquidity in various time frames depending on types of activity, currencies;

21) liquidity risk - probability of emergence of financial losses as a result of inability of bank to fulfill the obligations at the scheduled time without substantial damages;

22) policy - the internal document approved by the board of directors of bank determining the key quantitative and high-quality parameters, the principles, standards providing effective functioning of bank and compliance of its activities of strategy, risk profile, risk appetite. Within policy the board of directors of bank provides availability of the relevant internal documents, the describing separate procedures, processes, instructions;

23) strategic risk - probability of emergence of losses as a result of the mistakes (shortcomings) made in case of decision making, determining strategic development of bank and which are expressed in insufficient accounting of the possible dangers inherent in activities of bank, the wrong or insufficiently reasonable determination of perspective activities in which the bank will reach benefit before competitors, absence or providing in incomplete amount of the necessary resources and organizational measures providing achievement of strategic objectives of activities of bank;

24) stress testing - evaluation method of potential influence of exclusive, but possible events on financial condition of bank;

25) risk - probability that the expected or unforeseen events will exert negative impact on financial stability of bank, its capital and (or) the income;

26) risk culture - the processes, procedures, internal regulations of bank directed to understanding, acceptance, management and control of risks for the purpose of minimization of their influence on financial condition of bank and also ethical standards and standards of professional activity of all participants of organizational structure. The risk culture supplements the existing approved procedures, processes and mechanisms of activities of bank and is the integral component of risk management system;

27) risk profile - set of types of risk and other data characterizing degree of exposure of bank to the risks inherent in all types of activity of bank for detection of weaknesses and determination of priority of the subsequent actions within risk management system;

28) the statement risk appetite - the document approved by the board of directors of bank describing the aggregated (aggregated) level (levels) of substantial risks (limits of the admissible extent of risk) which (which) the bank is ready to accept or intends to exclude in case of strategy implementation. The statement risk appetite contains the statement of high-quality nature, and also quantitative nature, including indicators concerning profitability, the capital, liquidity, risks, other applicable indicators;

29) processing of risk - selection process and implementation of measures for change of risks;

30) the risk register - the structured list is risk, containing criteria and origins of risks, probability of their origin, impact (damage), priority and methods of processing of risk;

31) authorized body - the state body performing state regulation, control and supervision of the financial market and the financial organizations;

32) organizational structure - the internal document and (or) set of the internal documents installing the quantitative structure and system of governing bodies, leading employees and structural divisions of bank reflecting structure of subordination, accountability.

In case of application of requirements of Rules to branch of nonresident bank of the Republic of Kazakhstan:

the board of directors is understood as relevant organ of management of nonresident bank of the Republic of Kazakhstan;

the board is understood as leading employees of branch of nonresident bank of the Republic of Kazakhstan;

the equity is understood as the assets of branch of nonresident bank of the Republic of Kazakhstan accepted as reserve, calculated according to requirements of the resolution of Board of the Agency of the Republic of Kazakhstan for regulation and development of the financial market of February 12, 2021 No. 23 "About establishment of prudential standard rates and other regulations and limits, obligatory to observance, for branches of nonresident banks of the Republic of Kazakhstan (including branches of Islamic nonresident banks of the Republic of Kazakhstan), their normative values and technique of calculations, including procedure for forming of assets of branches of the nonresident banks of the Republic of Kazakhstan (including branches of Islamic nonresident banks of the Republic of Kazakhstan) accepted as reserve, and their minimum size", registered in the Register of state registration of regulatory legal acts at No. 22213;

the financial reporting is understood as the reporting under accounting data of branch of nonresident bank of the Republic of Kazakhstan;

the risk management is understood the division manager on risk management of branch of nonresident bank of the Republic of Kazakhstan as Chapter;

the main komplayens-controller is understood as the division manager on komplayens-control of branch of nonresident bank of the Republic of Kazakhstan.

3. The purpose of Rules is determination of requirements to forming by bank of risk management systems and internal control by providing:

1) effective management of risks of bank by means of their timely identification, measurement, control and monitoring for ensuring compliance of equity of bank to level of the risks accepted by it and availability of appropriate level of liquidity;

2) proper practice of corporate management and proper level of business ethics and risk culture;

3) observance by bank and its workers of requirements of the civil, tax, bank law of the Republic of Kazakhstan, the legislation of the Republic of Kazakhstan on state regulation, control and supervision of the financial market and the financial organizations, the legislation of the Republic of Kazakhstan on currency control and currency exchange control, on payments and payment systems, on provision of pensions, on the security market, on financial accounting and the financial reporting, on credit bureaus and forming of credit stories, on collection activities, on obligatory guaranteeing deposits, on counteraction of legalization (washing) of income gained in the criminal way and to terrorism financing, about joint-stock companies, domestic policy, procedures and other internal documents of bank;

4) timely detection and remedial action in activities of bank and its workers;

5) creations in bank of adequate mechanisms for the solution of unforeseen or emergency situations.

4. The board of directors of bank provides availability of the risk management system corresponding to the chosen business model, to the activities scale, types and complexity of transactions and provides proper process of identification, measurement and assessment, monitoring, control and procedures of minimization of substantial risks of bank for the purpose of determination by bank of size of equity and the liquidity necessary for covering of the substantial risks inherent in activities of bank.

Risk management system represents set of the components installed by Rules which provides the mechanism of interaction of the internal procedures developed and regulated by bank, processes, the politician, structural divisions of bank for the purpose of timely identification, measurement, control and monitoring of risks of bank, and also their minimization for ensuring its financial stability and stable functioning.

5. Risk management system provides:

1) the optimum ratio between profitability of the main activities of bank and level of the accepted risks based on the choice of viable and steady business model, effective planning process of strategy and the budget taking into account strategy risk appetite;

2) objective assessment of the extent of risks of bank, completeness and documentation of risk management processes, their preventive identification, measurement and assessment, monitoring and control, minimization of essential types of risks at each level of organizational structure with optimum use of financial resources, personnel and information systems for the purpose of maintenance of sufficient amount of equity of bank and liquidity;

3) scope of all types of activity of bank subject to substantial risks, at all levels of organizational structure, completeness of assessment of separate essential types of risks, their mutual influence for the purpose of determination risk profile of bank and creation of strategy risk appetite;

4) availability of levels risk appetite by all types of substantial risks and algorithm of actions in cases of violation of the established levels, including responsibility for acceptance of risks which level is determined as high, procedures for informing the board of directors, committees in case of the board of directors and bank boards (the relevant executive body of nonresident bank of the Republic of Kazakhstan which branch is open in the territory of the Republic of Kazakhstan) within strategy risk appetite;

5) awareness of the authorized collegiate organs of bank making the decisions bearing for themselves risks by means of creation of effective corporate management system, availability of complete, reliable and timely management information on the substantial risks inherent in activities of bank;

6) rational decision making and action for the benefit of bank based on comprehensive assessment of the provided information is fair, with due discretion and care (duty of care). Obligation show discretion and care does not extend to mistakes in the course of acceptance of business solutions if only workers and officials of bank did not show at the same time rough negligence;

7) decision making by workers and officials of bank and action is fair for the benefit of bank, disregarding personal benefits, interests of faces tied with bank the special relations in damage of interests of bank (duty of loyalty);

8) accurate distribution of functions, obligations and powers of risk management between all structural divisions and employees of bank, and their responsibility taking into account minimization of conflict of interest;

9) separation of risk management function and internal control from operating activiies of bank by means of creation of system of three lines of protection which includes:

the first line - at the level of structural divisions of bank;

the second line - at the level of divisions on risk management and performing control functions;

the third line - at the level of division of internal audit regarding efficiency evaluation of functioning of risk management system;

10) availability of the documents developed for the purpose of regulation of activities of bank, creation and functioning in bank of effective risk management systems and internal control and corresponding to strategy, organizational structure, risk profile of bank and requirements of the civil, tax, bank law of the Republic of Kazakhstan, the legislation of the Republic of Kazakhstan on state regulation, control and supervision of the financial market and the financial organizations, legislations of the Republic of Kazakhstan on currency control and currency exchange control, on payments and payment systems, on provision of pensions, on the security market, on financial accounting and the financial reporting, on credit bureaus and forming of credit stories, on collection activities, on obligatory guaranteeing deposits, on counteraction of legalization (washing) of income gained in the criminal way and to terrorism financing on joint-stock companies, and also their periodic review and updating;

11) observance of requirements of the civil, tax, bank law of the Republic of Kazakhstan, the legislation of the Republic of Kazakhstan on state regulation, control and supervision of the financial market and the financial organizations, legislations of the Republic of Kazakhstan on currency control and currency exchange control, on payments and payment systems, on provision of pensions, on the security market, on financial accounting and the financial reporting, on credit bureaus and forming of credit stories, on collection activities, on obligatory guaranteeing deposits, on counteraction of legalization (washing) of income gained in the criminal way and to terrorism financing, about joint-stock companies;

12) observance of the operating procedures, processes, the politician and other internal documents of bank on risk management by means of creation of effective internal control system.

6. The authorized body within efficiency evaluation of risk management system of bank is guided by the following principles:

1) ensuring financial stability of banks, non-admissions of deterioration in financial position of banks and increase in the risks connected with activities of banks, protection of legitimate interests of depositors, creditors, clients and correspondents of banks;

Warning!!!

This is not a full text of document! Document shown in Demo mode!

If you have active License, please Login, or get License for Full Access.

With Full access you can get: full text of document, original text of document in Russian, attachments (if exist) and see History and Statistics of your work.

Get License for Full Access Now

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.

Search engine created by SojuzPravoInform LLC. UI/UX design by Intelliants.