RESOLUTION OF BOARD OF NATIONAL BANK OF THE KYRGYZ REPUBLIC

of October 15, 2025 No. 2025-P-12/52-3-(NPA)

About approval of the Provision "About the Minimum Requirements to System of Counteraction to Internal and External Fraud in the Microfinancial Organizations of the Kyrgyz Republic"

According to Articles 5, "About National Bank of the Kyrgyz Republic" the Board of National Bank of the Kyrgyz Republic decides 9 and 64 constitutional Laws of the Kyrgyz Republic:

1. Approve the Provision "About the Minimum Requirements to System of Counteraction to Internal and External Fraud in the Microfinancial Organizations of the Kyrgyz Republic" it (is applied).

2. To legal management:

- from the date of receipt of the relevant documents within 3 (three) working days to publish this resolution on the official website of National Bank of the Kyrgyz Republic;

- after official publication to send this resolution to the Ministry of Justice of the Kyrgyz Republic for inclusion in the State register of regulatory legal acts of the Kyrgyz Republic.

3. This resolution becomes effective after 15 (fifteen) days from the date of official publication, except for Items 6-9 of the Provision "About the Minimum Requirements to System of Counteraction to Internal and External Fraud in the Microfinancial Organizations of the Kyrgyz Republic" (Appendix to this resolution) which become effective since March 1, 2026.

4. To management of methodology of supervision within 3 (three) working days to bring this resolution to the attention of the microfinancial organizations, OYuL "Association of the Microfinancial Organizations".

5. To department "Secretariat of Board" within 3 (three) working days to bring this resolution to the attention of management of supervision of the non-bank organizations, legal management, regional managements and Representative office of National Bank of the Kyrgyz Republic in Batken Province.

6. To impose control of execution of this resolution on the board member of the National Bank of the Kyrgyz Republic supervising management of methodology of supervision.

Appendix

to the Resolution of Board of National Bank of the Kyrgyz Republic of October 15, 2025 No. 2025-P-12/52-3-(NPA)

Provision "About the Minimum Requirements to System of Counteraction to Internal and External Fraud in the Microfinancial Organizations of the Kyrgyz Republic"

Chapter 1. General provisions

1. This Provision "About the Minimum Requirements to System of Counteraction to Internal and External Fraud in the Microfinancial Organizations" is applied as the main mechanism of counteraction to internal and external fraud in information systems of the microfinancial organizations, including in case of discrepancy which are available in information systems of the microfinancial organizations of algorithms of counteraction to internal and external fraud to requirements of this provision.

2. Requirements of this provision are obligatory for all microfinancial organizations providing services via remote/remote channels of servicing, and also microfinance companies, attracting term deposits (deposits) (further - IFI) based on the license (certificate) of National Bank of the Kyrgyz Republic.

3. IFIs shall provide availability and effective functioning of system of counteraction to internal and external fraud (antifrod-system) corresponding to scales, nature and types of their activities.

4. The system of counteraction to internal and external fraud shall be directed to protection of interests of clients and IFI from fraudulent actions, including actions from employees, clients, the third parties, and also affiliates.

Chapter 2. Policy and organizational measures

5. IFIs shall develop and approve Policy of counteraction to fraud in systems of remote/remote servicing.

The policy can be drawn up in the form of the separate document or be component of risk management policy of IFI.

The policy at least shall contain:

- the aspiration of management confirming commitment to protection of clients against internal and external fraud in systems of remote/remote servicing;

- the principles of early identification, the prevention and prevention of fraud in systems of remote/remote servicing;

- procedure for application adequate and the timely automated or semi-automated responses to the revealed cases or the attempts of fraud proportional to the estimated risk level;

- the responsibility measures according to the legislation of the Kyrgyz Republic applied to the staff of IFI for failure to act or inadequate actions in the sphere of counteraction to fraud including monitoring of threats, development and deployment of measures of counteraction, and also response to incidents.

The policy is subject to revision and updating at least once a year.

The internal procedures and documents of IFI regulating counteraction to fraud in systems of remote/remote servicing are subject to revision as required, but at least once in two years, taking into account efficiency of the applied measures, the best international experience and urgent threats.

IFIs shall integrate the above-stated procedures and documents into risk management system and to provide acquaintance with them of all necessary staff of IFI.

Chapter 3. Technical implementation of antifrod-control

6. IFIs shall implement systems of counteraction to fraud in information systems of remote/remote servicing for prevention of both internal, and external fraud. These systems shall perform monitoring and risk assessment of fraud for each transaction which is carried out through systems of remote/remote servicing. Realization of these systems is allowed by two methods:

- in the form of separate, independent program or the hardware and software system interacting with all the used automated systems of remote/remote servicing;

- by integration of the specialized module of counteraction to fraud it is direct in each of the used automated systems of remote/remote servicing.

7. The system of counteraction to internal and external fraud in information systems of remote/remote servicing shall make fraud risk assessment concerning each made transaction based on rules, templates and analysis results.

The system of counteraction to internal and external fraud shall provide at least:

- basic check of transactions;

- comparison with typical behavioural templates of the client (in the presence of the relevant data);

- blocking or suspension of suspicious transactions on in advance determined criteria.

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info