Document from CIS Legislation database © 2003-2024 SojuzPravoInform LLC

RESOLUTION OF BOARD OF NATIONAL BANK OF THE REPUBLIC OF KAZAKHSTAN

of November 12, 2019 No. 188

About approval of Rules of forming of risk management system and internal control for banks of the second level, branches of nonresident banks of the Republic of Kazakhstan

(as amended on 29-12-2023)

According to the Law of the Republic of Kazakhstan of August 31, 1995 "About banks and banking activity in the Republic of Kazakhstan" the Board of National Bank of the Republic of Kazakhstan DECIDES:

1. Approve the enclosed Rules of forming of risk management system and internal control for banks of the second level, branches of nonresident banks of the Republic of Kazakhstan.

2. Recognize invalid regulatory legal acts of the Republic of Kazakhstan, and also structural elements of some regulatory legal acts of the Republic of Kazakhstan according to the list according to appendix to this resolution.

3. To provide to department of methodology and regulation of the financial organizations in the procedure established by the legislation of the Republic of Kazakhstan:

1) together with Legal department state registration of this resolution in the Ministry of Justice of the Republic of Kazakhstan;

2) placement of this resolution on official

Internet resource of National Bank of the Republic of Kazakhstan after its official publication;

3) within ten working days after state registration of this resolution submission to Legal department of data on execution of the actions provided by the subitem 2) of this Item and item 4 of this resolution.

4. To department of external communications - the press service of National Bank of the Republic of Kazakhstan to provide within ten calendar days after state registration of this resolution the direction it to the copy on official publication in periodic printing editions.

5. To impose control of execution of this resolution on the vice-chairman of National Bank of the Republic of Kazakhstan Smolyakov O. A.

6. This resolution becomes effective after ten calendar days after day of its first official publication.

7. To banks of the second level till October 1, 2020 to bring the activities into accord with requirements of this resolution.

Chairman of National Bank

E.Dosayev

Approved by the Resolution of Board of National Bank of the Republic of Kazakhstan of November 12, 2019 No. 188

Rules of forming of risk management system and internal control for banks of the second level, branches of nonresident banks of the Republic of Kazakhstan

Chapter 1. General provisions

1. These rules of forming of risk management system and internal control (further - Rules) are developed for banks of the second level, branches of nonresident banks of the Republic of Kazakhstan according to part two of Item 1 of article 40-5 of the Law of the Republic of Kazakhstan of August 31, 1995 "About banks and banking activity in the Republic of Kazakhstan" (further - the Law on banks) and establish procedure for forming of risk management system and internal control of banks of the second level, branches of nonresident banks of the Republic of Kazakhstan (further - bank).

2. In Rules the following concepts are used:

1) risk of information security – probable emergence of damage owing to violation of confidentiality, deliberate violation of integrity or availability of data assets of bank;

2) risk of information technologies – probability of emergence of damage owing to refusal (functioning violation) of the information and communication technologies operated by bank;

3) authorized collegiate organ of bank – the board of directors, committee in case of the board of directors, board, committee under board;

4) reputation risk – probability of emergence of losses, non receipt of the planned income in result of narrowing of client base, decrease in other indicators of development owing to forming in the society of negative idea of reliability of bank, quality of the services rendered to them or nature of activities of bank in general;

5) legal risk – probability of emergence of losses owing to non-compliance by bank or the partner of requirements of the civil, tax, bank law of the Republic of Kazakhstan, the legislation of the Republic of Kazakhstan on state regulation, control and supervision of the financial market and the financial organizations, legislations of the Republic of Kazakhstan on currency control and currency exchange control, on payments and payment systems, on provision of pensions, on the security market, on financial accounting and the financial reporting, on credit bureaus and forming of credit stories, on collection activities, on obligatory guaranteeing deposits, on counteraction of legalization (washing) of income gained in the criminal way, and to terrorism financing, about joint-stock companies, and in the relations with nonresidents of the Republic of Kazakhstan - legislations of the country of its origin, and also conditions of the signed agreements;

6) internal process of assessment of capital adequacy – set of processes of management of substantial risks, taking into account amount of assets, nature and level of complexity of activities, organizational structure, strategic plans, risk profile of bank, the regulatory legal base, assessment and aggregation of such risks for the purpose of determination of the target objective of capital adequacy of bank for maintenance of stable financial position and solvency.

The capital of branch of nonresident bank of the Republic of Kazakhstan is understood as the assets of branch of nonresident bank of the Republic of Kazakhstan accepted as reserve, calculated according to requirements of the resolution of Board of the Agency of the Republic of Kazakhstan for regulation and development of the financial market of February 12, 2021 No. 23 "About establishment of prudential standard rates and other regulations and limits, obligatory to observance, for branches of nonresident banks of the Republic of Kazakhstan (including branches of Islamic nonresident banks of the Republic of Kazakhstan), their normative values and technique of calculations, including procedure for forming of assets of branches of the nonresident banks of the Republic of Kazakhstan (including branches of Islamic nonresident banks of the Republic of Kazakhstan) accepted as reserve, and their minimum size", registered in the Register of state registration of regulatory legal acts at No. 22213;

7) capital funding plan – set of procedures and the action plan for response to critical decrease in the capital of bank;

8) the statistical magazine of cost of mortgage providing – the internal magazine of costs of mortgage providing including the description and the characteristic of mortgage providing, information following the results of the first and most urgent estimates of independent quality evaluation (date of assessment, the name of independent quality evaluation, cost, evaluation method), the conclusions of mortgage service (date, cost), the reasons of distinction of costs, information on realization (in the presence);

9) unsecured consumer loan – the bank loan without condition about pledge at the time of issue granted physical person on the purposes which are not connected with implementation of business activity;

10) komplayens-risk – probability of emergence of losses owing to non-compliance by bank and its workers of requirements of the civil, tax, bank law of the Republic of Kazakhstan, the legislation of the Republic of Kazakhstan on state regulation, control and supervision of the financial market and the financial organizations, legislations of the Republic of Kazakhstan on currency control and currency exchange control, on payments and payment systems, on provision of pensions, on the security market, on financial accounting and the financial reporting, on credit bureaus and forming of credit stories, on collection activities, on obligatory guaranteeing deposits, on counteraction of legalization (washing) of income gained in the criminal way and to terrorism financing, about joint-stock companies, the internal documents of bank regulating procedure for rendering by bank of services and carrying out transactions in the financial market and also the legislation of foreign states, the bank exerting impact on activities;

11) corporate management – system of relations between bank board (the relevant executive body of nonresident bank of the Republic of Kazakhstan which branch is open in the territory of the Republic of Kazakhstan leading employees of branch of nonresident bank of the Republic of Kazakhstan), the board of directors (relevant organ of management of nonresident bank of the Republic of Kazakhstan which branch is open in the territory of the Republic of Kazakhstan) of shareholders, leading employees and auditors, and also relations between authorized collegiate organs of bank.

The corporate management system allows to organize distribution of powers and responsibility, and also to construct corporate decision making process;

12) credit risk – the probability of emergence of losses arising owing to failure to carry out by the borrower or partner of the obligations in accordance with the terms of the agreement of bank loan;

13) creditworthness – the complex legal and financial characteristic of the borrower provided by financial and non-financial performance, allowing to estimate its opportunity in the future completely and in time to fulfill agreement obligations of bank loan;

14) the credit agreement – the agreement between bank and the borrower on financing provision (including conditional financing) as a result of which the bank has (or will arise in the future) requirements to the borrower;

15) funding plan on case of contingencies – set of procedures and the action plan for response to decline in the ability of bank timely to answer for the obligations;

16) supervising stress testing is the tool of authorized body directed to assessment of financial stability of banks to hypothetical (stressful) scenarios of succession of events. Banks based on methodology, single for all participants of supervising stress testing, and scenarios carry out calculations with use of internal models and stress testings report to authorized body results. At the same time banks are responsible for proper quality of the carried-out calculations and results of stress testing;

17) authorized body on financial monitoring – the state body performing financial monitoring and taking other measures for counteraction of legalization (washing) of income gained in the criminal way, to terrorism financing, financing of distribution of weapons of mass destruction;

18) division owner of the protected information – division of bank, the owner of information, violation of confidentiality, integrity or availability of which will lead to losses for bank;

19) critical data asset – the data asset determined according to the resolution of Board of National Bank of the Republic of Kazakhstan of March 27, 2018 No. 48 "About approval of Requirements to ensuring information security of the banks, branches of nonresident banks of the Republic of Kazakhstan and the organizations performing separate types of banking activities, Rules and terms of provision of information on incidents of information security, including data on violations, failures in information systems", registered in the Register of state registration of regulatory legal acts at No. 16772;

20) substantial risk – risk which realization will lead to deterioration in financial stability of bank;

21) conflict of interest – situation in case of which there is contradiction between personal interest of officials of bank (officials of governing body, executive body of nonresident bank of the Republic of Kazakhstan which branch is open in the territory of the Republic of Kazakhstan, leading employees of branch of nonresident bank of the Republic of Kazakhstan), its shareholders and (or) his workers and proper execution of the ex-officio full powers by them or valuable and other interests of bank and (or) its workers and (or) clients which will entail adverse effects for bank and (or) its clients;

22) market risk – the probability of emergence of financial losses according to balance sheet and off-balance sheet items caused by adverse changes of market situation, which is expressed in changes of market interest rates, foreign exchange rates, market value of financial instruments, goods;

23) operational risk – probability of emergence of losses as a result of inadequate and insufficient internal processes, human resources and systems, or influences of external events, except for strategic risk and reputation risk;

24) internal process of assessment of sufficiency of liquidity – set of risk management processes of liquidity, for the purpose of maintenance of the proper level of liquidity by bank and implementation of proper risk management system of liquidity in various time frames depending on types of activity, currencies;

25) liquidity risk – probability of emergence of financial losses as a result of inability of bank to fulfill the obligations at the scheduled time without substantial damages;

26) interest risk – risk of emergence of financial expenses (losses) owing to adverse interest rate realignment on assets, liabilities of bank;

27) policy – the internal document approved by the board of directors of bank determining the key quantitative and high-quality parameters, the principles, standards providing effective functioning of bank and compliance of its activities of strategy, risk profile, risk appetite. Within policy the board of directors of bank provides availability of the relevant internal documents, the describing separate procedures, processes, instructions;

28) strategic risk – probability of emergence of losses as a result of the mistakes (shortcomings) made in case of decision making, determining strategic development of bank and which are expressed in insufficient accounting of the possible dangers inherent in activities of bank, the wrong or insufficiently reasonable determination of perspective activities in which the bank will reach benefit before competitors, absence or providing in incomplete amount of the necessary resources and organizational measures providing achievement of strategic objectives of activities of bank;

29) stress testing – evaluation method of potential influence of exclusive, but possible events on financial condition of bank;

30) risk – probability that the expected or unforeseen events will exert negative impact on financial stability of bank, its capital and (or) the income;

31) risk profile – set of types of risk and other data characterizing degree of exposure of bank to the risks inherent in all types of activity of bank for detection of weaknesses and determination of priority of the subsequent actions within risk management system;

32) risk appetite – the aggregated (aggregated) level (levels) of substantial risks (limits of the admissible extent of risk) which (which) the bank is ready to accept or intends to exclude in case of strategy implementation;

33) the statement risk appetite – the document approved by the board of directors of bank describing the aggregated (aggregated) level (levels) of substantial risks (limits of the admissible extent of risk) which (which) the bank is ready to accept or intends to exclude in case of strategy implementation. The statement risk appetite contains the statement of high-quality nature, and also quantitative nature, including indicators concerning profitability, the capital, liquidity, risks, other applicable indicators;

34) risk culture – the processes, procedures, internal regulations of bank directed to understanding, acceptance, management and control of risks for the purpose of minimization of their influence on financial condition of bank and also ethical standards and standards of professional activity of all participants of organizational structure. The risk culture supplements the existing approved procedures, processes and mechanisms of activities of bank and is the integral component of risk management system;

35) processing of risk – selection process and implementation of measures for change of risks;

36) the risk register – the structured list is risk, containing criteria and origins of risks, probability of their origin, impact (damage), priority and methods of processing of risk;

37) authorized body – the state body performing state regulation, control and supervision of the financial market and the financial organizations;

38) organizational structure – the internal document and (or) set of the internal documents installing the quantitative structure and system of governing bodies, leading employees and structural divisions of bank reflecting structure of subordination, accountability;

39) the member of the International financial center "Astana" rendering services in management of platform of digital assets – the legal entity registered according to the law in force of the International financial center "Astana" and performing activities for management of platform of digital assets in the territory of the International financial center "Astana";

40) the domestic (economic) capital – the capital necessary for covering of substantial risks, including potential, accepted by bank, calculated in bank with use of own models.

In case of application of requirements of Rules to branch of nonresident bank of the Republic of Kazakhstan:

the board of directors is understood as relevant organ of management of nonresident bank of the Republic of Kazakhstan;

the board is understood as leading employees of branch of nonresident bank of the Republic of Kazakhstan;

the equity is understood as the assets of branch of nonresident bank of the Republic of Kazakhstan accepted as reserve, calculated according to requirements of the resolution of Board of the Agency of the Republic of Kazakhstan for regulation and development of the financial market of February 12, 2021 No. 23 "About establishment of prudential standard rates and other regulations and limits, obligatory to observance, for branches of nonresident banks of the Republic of Kazakhstan (including branches of Islamic nonresident banks of the Republic of Kazakhstan), their normative values and technique of calculations, including procedure for forming of assets of branches of the nonresident banks of the Republic of Kazakhstan (including branches of Islamic nonresident banks of the Republic of Kazakhstan) accepted as reserve, and their minimum size", registered in the Register of state registration of regulatory legal acts at No. 22213;

the financial reporting is understood as the reporting under accounting data of branch of nonresident bank of the Republic of Kazakhstan;

the risk management is understood the division manager on risk management of branch of nonresident bank of the Republic of Kazakhstan as Chapter;

the main komplayens-controller is understood as the division manager on komplayens-control of branch of nonresident bank of the Republic of Kazakhstan.

3. The purpose of Rules is determination of requirements to forming by bank of risk management systems and internal control by providing:

1) effective management of risks of bank by means of their timely identification, measurement, control and monitoring for ensuring compliance of equity of bank to level of the risks accepted by it and availability of appropriate level of liquidity;

2) proper practice of corporate management and proper level of business ethics and risk culture;

3) observance by bank and its workers of requirements of the civil, tax, bank law of the Republic of Kazakhstan, the legislation of the Republic of Kazakhstan on state regulation, control and supervision of the financial market and the financial organizations, the legislation of the Republic of Kazakhstan on currency control and currency exchange control, on payments and payment systems, on provision of pensions, on the security market, on financial accounting and the financial reporting, on credit bureaus and forming of credit stories, on collection activities, on obligatory guaranteeing deposits, on counteraction of legalization (washing) of income gained in the criminal way and to terrorism financing, about joint-stock companies, domestic policy, procedures and other internal documents of bank;

4) timely detection and remedial action in activities of bank and its workers;

5) creations in bank of adequate mechanisms for the solution of unforeseen or emergency situations.

4. The board of directors of bank provides availability of the risk management system corresponding to the chosen business model, to the activities scale, types and complexity of transactions and provides proper process of identification, measurement and assessment, monitoring, control and procedures of minimization of substantial risks of bank for the purpose of determination by bank of size of equity and the liquidity necessary for covering of the substantial risks inherent in activities of bank.

Risk management system represents set of the components installed by Rules which provides the mechanism of interaction of the internal procedures developed and regulated by bank, processes, the politician, structural divisions of bank for the purpose of timely identification, measurement, control and monitoring of risks of bank, and also their minimization for ensuring its financial stability and stable functioning.

5. Risk management system provides:

1) the optimum ratio between profitability of the main activities of bank and level of the accepted risks based on the choice of viable and steady business model, effective planning process of strategy and the budget taking into account strategy risk appetite;

2) objective assessment of the extent of risks of bank, completeness and documentation of risk management processes, their preventive identification, measurement and assessment, monitoring and control, minimization of essential types of risks at each level of organizational structure with optimum use of financial resources, personnel and information systems for the purpose of maintenance of sufficient amount of equity of bank and liquidity;

3) scope of all types of activity of bank subject to substantial risks, at all levels of organizational structure, completeness of assessment of separate essential types of risks, their mutual influence for the purpose of determination risk profile of bank and creation of strategy risk appetite;

4) availability of levels risk appetite by all types of substantial risks and algorithm of actions in cases of violation of the established levels, including responsibility for acceptance of risks which level is determined as high, procedures for informing the board of directors, committees in case of the board of directors and bank boards (the relevant executive body of nonresident bank of the Republic of Kazakhstan which branch is open in the territory of the Republic of Kazakhstan) within strategy risk appetite;

5) awareness of the authorized collegiate organs of bank making the decisions bearing for themselves risks by means of creation of effective corporate management system, availability of complete, reliable and timely management information on the substantial risks inherent in activities of bank;

6) rational decision making and action for the benefit of bank based on comprehensive assessment of the provided information is fair, with due discretion and care (duty of care). Obligation show discretion and care does not extend to mistakes in the course of acceptance of business solutions if only workers and officials of bank did not show at the same time rough negligence;

7) decision making by workers and officials of bank and action is fair for the benefit of bank, disregarding personal benefits, interests of faces tied with bank the special relations in damage of interests of bank (duty of loyalty);

8) accurate distribution of functions, obligations and powers of risk management between all structural divisions and employees of bank, and their responsibility taking into account minimization of conflict of interest;

9) separation of risk management function and internal control from operating activiies of bank by means of creation of system of three lines of protection which includes:

the first line - at the level of structural divisions of bank;

the second line - at the level of divisions on risk management and performing control functions;

the third line - at the level of division of internal audit regarding efficiency evaluation of functioning of risk management system;

10) availability of the documents developed for the purpose of regulation of activities of bank, creation and functioning in bank of effective risk management systems and internal control and corresponding to strategy, organizational structure, risk profile of bank and requirements of the civil, tax, bank law of the Republic of Kazakhstan, the legislation of the Republic of Kazakhstan on state regulation, control and supervision of the financial market and the financial organizations, legislations of the Republic of Kazakhstan on currency control and currency exchange control, on payments and payment systems, on provision of pensions, on the security market, on financial accounting and the financial reporting, on credit bureaus and forming of credit stories, on collection activities, on obligatory guaranteeing deposits, on counteraction of legalization (washing) of income gained in the criminal way and to terrorism financing on joint-stock companies, and also their periodic review and updating;

11) observance of requirements of the civil, tax, bank law of the Republic of Kazakhstan, the legislation of the Republic of Kazakhstan on state regulation, control and supervision of the financial market and the financial organizations, legislations of the Republic of Kazakhstan on currency control and currency exchange control, on payments and payment systems, on provision of pensions, on the security market, on financial accounting and the financial reporting, on credit bureaus and forming of credit stories, on collection activities, on obligatory guaranteeing deposits, on counteraction of legalization (washing) of income gained in the criminal way and to terrorism financing, about joint-stock companies;

12) observance of the operating procedures, processes, the politician and other internal documents of bank on risk management by means of creation of effective internal control system.

6. The authorized body within efficiency evaluation of risk management system of bank is guided by the following principles:

1) ensuring financial stability of banks, non-admissions of deterioration in financial position of banks and increase in the risks connected with activities of banks, protection of legitimate interests of depositors, creditors, clients and correspondents of banks;

2) the prevalence of essence over form which is expressed in assessment of risk management system of bank as the mechanism of measurement and assessment, monitoring, control, and minimization of substantial risks of bank, but not formally regulated procedures of bank and observance of requirements of the civil, tax, bank law of the Republic of Kazakhstan, the legislation of the Republic of Kazakhstan on state regulation, control and supervision of the financial market and the financial organizations, the legislation of the Republic of Kazakhstan on currency control and currency exchange control, on payments and payment systems, on provision of pensions, on the security market, on financial accounting and the financial reporting, on credit bureaus and forming of credit stories, on collection activities, on obligatory guaranteeing deposits, on counteraction of legalization (washing) of income gained in the criminal way and to terrorism financing, about joint-stock companies internal documents of bank;

Proportionality when implementing functions on control and supervision, and also in case of application by results of control and supervision, died 3) provided by the laws of the Republic of Kazakhstan, proceeding from the business model accepted by bank, the scale of activities, types and complexity of transactions and materiality of risks of bank;

4) application of uniform approach to assessment of risk management system and to measures of supervising reaction;

5) identification of substantial risks in activities of bank.

7. The authorized body performs assessment:

1) system effectiveness of corporate management;

2) the substantial risks inherent in activities of bank, taking into account types and complexity of transactions of bank;

3) compliance of risk management systems of the chosen business model, to the activities scale, types and complexity of transactions of bank;

4) financial condition of large members of bank for the purpose of determination of possibility of maintenance of financial stability of bank;

5) influences of financial condition of members of banking conglomerate on financial stability of bank;

6) efficiency of application of preventive measures for the purpose of non-admission of deterioration in financial stability of bank by means of adjustment of risk management systems, proceeding from the scale of activities and level of the accepted risks;

7) use of system of quantitative and qualitative indexes within assessment of activities of bank and efficiency of methods of modeling.

Chapter 2. Business model

8. The business model of bank is set of the chosen strategy, the products, planning processes providing competitiveness and sufficient level of profitability. The basic principles when forming business model of bank are:

1) the viability which is expressed in capability of bank to provide the sufficient level of profitability in the next 12 (twelve) months and based on budgetary planning and forecasting of financial performance;

2) the stability which is expressed in capability of bank to provide the sufficient level of profitability for at least 3 (three) years and based on strategic planning and forecasting of financial performance.

The bank carries out the regular analysis of business model for the purpose of impact assessment on it the strategic risks and risks inherent in activities of bank.

Banking activity is performed within the chosen business model taking into account amount of assets, nature and level of complexity of activities, organizational structure, risk profile.

9. The strategy of bank affirms the board of directors of bank for at least 3 (three) years and contains:

1) missions and purposes of development of activities of bank. The purposes are measurable, achievable, realistic and having exact terms of realization;

2) target segments of the market by sectors of economy and geographical distribution of development of activities of bank;

3) strengths and weaknesses analysis of the chosen strategy of bank taking into account key sources of the income;

4) quantitative indices of credit portfolio, quick assets, deposits of clients and other raised funds taking into account the established levels risk appetite. At the same time the used realistic assumptions which consider the available and available resources, the current and potential economic conditions;

5) analysis of key sources of the income;

6) key types of investments, their structure and the planned changes, including on implementation and development of new products and services taking into account the risks assessment and processes connected with their implementation and development and also assessment of the current opportunities of bank for implementation and development of such products;

7) scenarios of strategic development of activities of bank (negative, and the most probable options of succession of events).

10. The budget of bank annually affirms the board of directors of bank and contains the monthly forecast of financial performance (assets and liabilities, the income and expenses, information on loan portfolio, deposits of clients and other raised funds, by currencies (national and foreign currencies in total), categories of clients).

The budget corresponds to the strategy of bank. At the same time the used assumptions are realistic and consider the available and available resources, the current and potential economic conditions and possible risks.

One of components of effective budgetary planning is the tariff policy which minimum includes the following components:

internal procedure and procedures of carrying out market demand analysis and prices of banking services;

internal procedure and procedures of forming of structure of interest rates and rates;

the lower and upper bounds of interest rates and rates, acceptable for limiting bank, and also requirements to internal procedure for their approval taking into account requirements of the civil, bank law of the Republic of Kazakhstan, about payments and payment systems, about obligatory guaranteeing deposits, their application and periodic review;

criteria of the choice of method of determination of the prices of banking services, and also requirements to the techniques based on assessment of nature and level of complexity of activities of bank and risks inherent in bank;

participants of process of pricing and order of interaction between them, including exchange of information;

internal procedure and procedures of timely informing clients of bank on conditions of provision of banking services, and also informing on changes.

The bank carries monthly out the analysis of the budget regarding compliance of forecast indicators to the actual values, the reasons established variations with the subsequent development in need of the adjusting measures for correction and makes reasonable corrections with their further documentation.

Warning!!!

This is not a full text of document! Document shown in Demo mode!

If you have active License, please Login, or get License for Full Access.

With Full access you can get: full text of document, original text of document in Russian, attachments (if exist) and see History and Statistics of your work.

Get License for Full Access Now

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.

Search engine created by SoyuzPravoInform LLC.