Document from CIS Legislation database © 2003-2020 SojuzPravoInform LLC

The document ceased to be valid since December 8, 2019 according to Item 2 of the Resolution of Board of National Bank of the Republic of Kazakhstan of November 12, 2019 No. 188

RESOLUTION OF BOARD OF NATIONAL BANK OF THE REPUBLIC OF KAZAKHSTAN

of February 26, 2014 No. 29

About approval of Rules of forming of risk management system and internal control for banks of the second level

(as amended on 29-10-2018)

For the purpose of enhancement of regulatory legal acts the Board of National Bank of the Republic of Kazakhstan DECIDES:

1. Approve the enclosed Rules of forming of risk management system and internal control for banks of the second level.

2. Recognize invalid regulatory legal acts according to appendix to this resolution.

3. This resolution becomes effective since January 1, 2015 and is subject to official publication.

4. To banks of the second level till January 1, 2015 to bring the activities into accord with requirements of this resolution.

Chairman of National Bank

K. Kelimbetov

Approved by the Resolution of Board of National Bank of the Republic of Kazakhstan of February 26, 2014 No. 29

Rules of forming of risk management system and internal control for banks of the second level

These rules of forming of risk management system and internal control for banks of the second level (further - Rules), are developed according to the Law of the Republic of Kazakhstan of August 31, 1995 "About banks and banking activity in the Republic of Kazakhstan" and establish procedure for forming of risk management system and internal control of banks of the second level (further - bank).

1. General provisions

1. The purpose of Rules is determination of requirements to forming at bank of the risk management systems, internal control providing implementation of effective control from the board of directors, bank board behind activities of bank and its financial condition including by providing:

proper practice of corporate management and proper level of business ethics and culture;

observance by bank and its workers of requirements of the legislation and regulatory legal acts of authorized body;

observance by bank and its workers of requirements politician and other internal documents of bank;

effective management of risks of bank by means of their timely identification, measurement, control and monitoring for ensuring compliance of the capital of bank to level accepted by it it is risk;

timely detection and remedial action in activities of bank and its workers;

creations in bank of adequate mechanisms for the solution of unforeseen or emergency situations.

2. Banks quarterly, no later than the 30th following reporting quarter represent to authorized body with use of transport system of the guaranteed delivery of information with cryptographic remedies providing confidentiality and not adjustability of the represented data on form according to appendix 1 to Rules the report on monitoring of the events of operational risk which entailed losses in the amount of 100 000 (hundred thousand) tenges and more.

3. In Rules the following concepts are used:

1) risk of information security - probability of emergence of damage owing to violation of integrity, confidentiality and availability of data assets of the bank which arose owing to deliberate destructive impact from employees of bank and (or) the third parties;

2) risk of information technologies - probability of emergence of damage owing to unsatisfactory creation of the processes connected with development and operation of information technologies by bank;

3) uncharged assets - assets of bank concerning which there are no legal, regulatory or technical obstacles (restrictions) for use in need of the purposes of satisfaction of the available requirements of bank for liquidity;

4) price risk - probability of emergence of financial losses owing to adverse changes in market value of financial instruments, goods;

5) control functions - the functions performed by structural divisions of bank on conducting independent checks and efficiency evaluations of internal control system, risk management systems, information security, reliability of financial accounting and the reporting and some other control functions according to internal documents of bank;

6) risk of loss of reputation - probability of emergence of losses, non receipt of the planned income in result of narrowing of client base, decrease in other indicators of development owing to forming in the society of negative idea of financial reliability of bank, quality of the rendered services or nature of activities of bank in general;

7) bek-testing - method of check of efficiency of procedures of risks measurement with use of historical data on transactions of bank and comparison of settlement results with the actual results from making of the specified transactions;

8) currency risk - probability of emergence of financial losses owing to adverse changes of the foreign exchange rates when implementing of the activities by bank;

9) Gap analysis - method by means of which the bank measures the interest risk and liquidity risk based on comparison of amounts of the assets and liabilities of bank subject to interest rate realignments or due for settlement during certain term;

10) legal risk - probability of emergence of losses owing to: non-compliance with requirements of the legislation of the Republic of Kazakhstan by bank, and in the relations with nonresidents of the Republic of Kazakhstan - the applicable legislation of other states; non-compliance by bank with conditions of the signed agreements; assumptions of legal mistakes when implementing activities (the wrong legal advice bureaus or incorrect creation of documents, including by consideration of matters of argument in judicial authorities); imperfections of system of law (discrepancy of the legislation, lack of precepts of law on regulation of the single questions arising in the course of activities of bank); violations by partners of requirements of regulatory legal acts, and also conditions of the signed agreements;

11) komplayens-risk - probability of emergence of losses owing to non-compliance by bank and its workers of requirements of the legislation of the Republic of Kazakhstan, regulatory legal acts of authorized body, the internal documents of bank regulating procedure for rendering by bank of services and carrying out transactions in the financial market and also the legislation of foreign states exerting impact on activities of bank;

12) credit risk is the probability of emergence of losses arising owing to failure to carry out by the borrower or partner of the obligations according to resolutive conditions;

13) Committee of financial monitoring of the Ministry of Finance of the Republic of Kazakhstan - the state body performing financial monitoring and taking other measures for counteraction of legalization (washing) of income gained in the criminal way and financing of terrorism according to the Law of the Republic of Kazakhstan of August 28, 2009 "About counteraction of legalization (washing) of income gained in the criminal way and to terrorism financing" (further - KFM);

14) conflict of interest - situation in case of which there is contradiction between personal interest of officials of bank and (or) its workers and proper execution of the ex-officio full powers by them or valuable and other interests of bank and (or) its workers and (or) clients which can entail adverse effects for bank and (or) its clients;

15) market risk - the probability of emergence of financial losses according to balance sheet and off-balance sheet items caused by adverse changes of market interest rates, foreign exchange rates, market value of financial instruments, goods;

16) operational risk - probability of emergence of losses as a result of inadequate or insufficient internal processes, human resources and systems or external events, including including legal risk (excepting strategic and risk of loss of reputation) and:

the risk connected with uncertain, inadequate organizational structure of bank including distribution of responsibility, structure of accountability and management;

the risk caused by inadequate strategy, politicians and (or) standards in information technologies, shortcomings use of the software;

the risk connected with inadequate information or its inappropriate use;

the risk connected with inappropriate personnel management and (or) unqualified bank staff;

the risk connected with inadequate creation of business processes or weak control of observance of internal documents and rules;

the risk caused by unforeseen or uncontrollable factors of external impact on transaction of bank;

the risk connected with discrepancy of internal documents of bank, to requirements of the legislation;

the risk connected with actions of bank staff which can negatively affect activities of bank, fraud;

the risk caused by provision of banking services to persons with negative goodwill, and also carrying out transactions, including payments and money transfers which can negatively affect activities of bank, including the transactions connected with the sizes created and considered in the decentralized information system using means of cryptography and (or) computer calculations, the financial instruments or financial assets which are not according to the civil legislation of the Republic of Kazakhstan and not containing right to claim against someone;

17) liquidity risk - probability of emergence of losses as a result of inability of bank to fulfill the obligations at the scheduled time without substantial damages;

18) interest risk - probability of emergence of financial losses owing to adverse change of market interest rates on assets, liabilities and off-balance tools;

19) the comparative analysis - comparison of results of use of various tools of risks assessment that allows to estimate their efficiency and to gain to bank better understanding about the level of its risk exposure;

20) policy - set of the internal documents including the policy and (or) other internal documents determining the necessary criteria, parameters, approaches, the principles, standards, procedures and mechanisms providing effective functioning of bank and compliance of its activities of strategy and to admissible risk level;

21) strategic risk - risk of emergence of losses, non receipt of the planned income in result of the mistakes (shortcomings) made in case of decision making determining the strategy and the developments of bank (strategic management) and which are expressed in not accounting or insufficient accounting of possible dangers which can threaten activities of bank, the wrong or insufficiently reasonable determination of perspective activities in which the bank can reach benefit before competitors, absence or providing in incomplete amount of necessary resources (financial, material, human) and organizational measures (management decisions) which shall provide goal achievement of activities of bank;

22) stress testing - evaluation method of potential influence of exclusive, but possible events on financial condition of bank;

23) the scenario analysis - the process performed by structural divisions together with division on risk management, allowing to reveal potential risk events and to estimate their potential influence on activities of bank in case of their approach;

24) risk - probability that the expected or unforeseen events can exert negative impact on bank, its capital or the income;

25) self-assessment of risks - the tool by means of which the bank reveals and estimates the risks inherent in processes of bank estimates efficiency of control of the revealed risks and determines the level of residual risk;

26) the card of risks - the description of types and level of the risks inherent in various business processes and (or) structural divisions of bank for detection of weaknesses and ranging on priority of the subsequent actions for risk management;

27) admissible risk level - the level (size) of risk which the bank determines for itself as admissible (acceptable, safe) for ensuring the financial reliability and long-term functioning proceeding from strategy, nature, scales and complexity of types of activity, and also financial position;

28) key indicators of risk - the quantitative indices characterizing degree of exposure of bank to risk and on the basis of which extent of approach of bank to critical risk level comes to light and measures for risk minimization are taken;

29) risk profile - set of the hazard rates and other data characterizing degree of exposure of bank to different types of risks;

30) authorized collegiate organ (further - UKO) - committee in case of the board of directors, board, committee under board, group of the authorized persons of bank responsible for assistance to accomplishment of obligations of the board of directors of bank according to requirements of the Rules performing the activities based on provision or other internal document of the bank approved by the board of directors of bank;

31) authorized body - National Bank of the Republic of Kazakhstan;

32) organizational structure - the internal document and (or) set of the internal documents installing the quantitative structure and system of governing bodies, leading employees and structural divisions of bank which is schematically reflecting structure of subordination, accountability and procedure for their interaction among themselves.

2. Organization of risk management system and internal control

4. The board of directors of bank for the purpose of effective implementation of the assigned obligations exercises monitoring and control of questions of risk management, audit, observance of requirements of the legislation of the Republic of Kazakhstan and internal documents of bank by means of UKO.

5. The board of directors of bank for the purposes of implementation of requirements of Rules and depending on the size, nature and level of complexity of activities, organizational structure, risk profile and the number of board members of bank makes the decision on creation of one and (or) several UKO on various questions which can differ on quantitative structure.

6. The board of directors of bank excludes conflict of interest during creation of UKO.

7. Risk management system represents system of the organization, the politician, the procedures and methods accepted by bank for the purpose of timely identification, measurement, control and monitoring of risks of bank for ensuring its financial stability and stable functioning.

8. The internal control system represents system of the organization, the policy, procedures and methods accepted by bank for:

ensuring efficiency of activities of bank, including effective management of bank risks, assets and liabilities, ensuring safety of assets;

ensuring completeness, reliability and timeliness of financial, regulatory and other reporting for internal and external users, and also information security;

ensuring accomplishment by bank of legislative and regulatory requirements, internal documents of bank;

non-admissions of involvement of bank and its workers in implementation of unlawful activity, including fraud, mistakes, inaccuracies, deception, legalization (washing) of income gained in the criminal way and terrorism financings, in implementation of the transactions in the territory of the Republic of Kazakhstan connected with the sizes created and considered in the decentralized information system using means of cryptography and (or) computer calculations, the financial instruments or financial assets which are not according to the civil legislation of the Republic of Kazakhstan and not containing right to claim against someone.

9. The system of internal audit represents system of the organization, the policy, procedures and methods accepted by bank for check and objective efficiency evaluation of functioning of internal control systems and risk management on all aspects of activities of bank for the purpose of ensuring effective activities of bank and provision of efficient recommendations about its improvement.

10. The organization of risk management systems, internal control is provided with compliance of activities of bank, its governing bodies and workers to the minimum requirements specified in appendix 2 to Rules.

11. In the presence in activities of bank of other types of risk, the board of directors of bank approves policy on data management by types of risks, the bank board provides implementation the politician by development of the corresponding procedures and processes in relation to them. The minimum requirements, such as identification, measurement, monitoring and risk control extend also to other types of risks.

Appendix 1

to Rules of forming of risk management system and internal control for banks of the second level

The form intended for collection of administrative data

The report on monitoring of the events of operational risk which entailed losses in the amount of 100 000 (hundred thousand) tenges and more

__________________________________

on "___" _________________ 20 __ years

____________________________________________________________________

Accounting period: as of __________________ 20 ___ years

Index: 1-RISK

Frequency: quarterly

Represent: banks of the second level

Where the form is represented: National Bank of the Republic of Kazakhstan (further - National Bank)

Representation term: no later than the 30th following reporting quarter

Form

No. of payment order

The description of event of operational risk in case of which losses (the reason of losses) were suffered


Form and the size of consequences from realization of events of operational risk (in tenge)

the imposed and collected penalties on the bases established by legal acts of the Republic of Kazakhstan

legal costs, penalties by a court decision

extrajudicial compensations to employees of bank

extrajudicial compensations to clients of bank

early write-off of tangible assets of bank

costs for elimination of consequences of realization of operational risk

the other losses which are not covered with reserves

reduction in cost of assets of bank

others (to specify what)

1

2

3

4

5

6

7

8

9

10

11

1





















2





















3





















4





















5









































 ___________________________________ _________ ________

(surname, name, in the presence - middle name) (signature) (date)

Note: the explanation on filling of the form intended for collection of administrative data is given in appendix to this form

Appendix

to the Report form about monitoring of the events of operational risk which entailed losses in the amount of 100 000 (hundred thousand) tenges and more

The explanation on filling of the form intended for collection of administrative data

The report on monitoring of the events of operational risk which entailed losses in the amount of 100 000 (hundred thousand) tenges and more

Chapter 1. General provisions

1. This explanation determines requirements for filling of the form intended for collection of the administrative data "The Report on Monitoring of the Events of Operational Risk Which Entailed Losses in the amount of 100 000 (hundred thousand) Tenges and More" (further - the Form).

2. The form is developed according to the Rules of forming of risk management system and internal control for banks of the second level approved by the resolution of Board of National Bank of the Republic of Kazakhstan of February 26, 2014 No. 29, registered in the Register of state registration of regulatory legal acts at No. 9322.

3. The form is constituted quarterly by bank.

4. The form is signed by the division manager on management of operational risk of bank.

Chapter 2. Filling of the Form

5. In column 2 the description of event of operational risk in case of which losses (the reason of losses) were suffered is specified.

6. In column 3 the imposed and collected penalties on the bases established by legal acts of the Republic of Kazakhstan are specified.

7. In column 4 legal costs, penalties by a court decision are specified.

8. In column 5 extrajudicial compensations are specified to employees of bank.

9. In column 6 extrajudicial compensations are specified to clients of bank.

10. In column 7 early write-off of tangible assets of bank is specified.

11. In column 8 costs for elimination of consequences of realization of operational risk are specified.

12. In column 9 the other losses which are not covered with reserves are specified.

13. In column 10 reduction in cost of assets of bank is specified.

14. In column 11 other data are specified.

Appendix 2

to Rules of forming of risk management system and internal control for banks of the second level

Minimum requirements to the organization of risk management systems, internal control

payment order

Requirement

The list of persons responsible and participating in implementation of the requirement

Procedures of implementation of the requirement

Form of implementation of the requirement

Terms of implementation of the requirement

1

2

3

4

5

6

1. Board of directors

1.1

The board of directors of bank for the purpose of the organization and control of activities of bank, creation and functioning in bank of effective risk management systems, internal control and internal audit approves the internal document determining competence of bodies and officials of bank according to internal documents of bank.

Exclusive competence of the board of directors of bank according to internal documents of bank is:

approval of organizational structure of bank;

approval of strategy of bank, including admissible risk level of bank;

approval politician of bank;

approval of scenarios of stress testing;

approval of the Funding plan on case of unforeseen situations;

approval of the plan (plans) for providing going concern;

approval of the internal document determining payment procedure of remunerations to the leading employees of bank and employees of bank directly accountable to the board of directors of bank.

Board of directors of bank, UKO

The board of directors of bank determines UKO responsible for development of the internal document determining competence of bodies and officials of bank according to internal documents of bank according to requirements of the legislation of the Republic of Kazakhstan.

By results of consideration of the draft of the internal document the Protocol/solution of the board of directors of bank is drawn up.

Internal document / Protocol / Decision of the board of directors of bank

-

1.2

The board of directors of bank provides availability and compliance of the charter of bank to requirements of the legislation of the Republic of Kazakhstan, and also maintenance of the charter in urgent condition.

Board of directors of bank, UKO

1) the board of directors of bank determines UKO responsible for monitoring and control regarding compliance of the charter of bank to the current legislation of the Republic of Kazakhstan;

Internal document / Protocol / Decision of the board of directors of bank

-

2) the board of directors of bank, following the results of monitoring on compliance of the charter of bank to the current legislation of the Republic of Kazakhstan, hears the report of UKO and, if necessary, charges to UKO to prepare the project of changes and amendments in the charter of bank.

Protocol / Solution of the board of directors of bank

-

1.3

The board of directors of bank provides compliance of organizational structure to the size, structure, nature and level of complexity of activities of bank.

Board of directors of bank, UKO

1) the board of directors of bank determines UKO responsible for project development of organizational structure and monitoring of compliance of organizational structure of the current market and economic situation, to risk profile and financial capacity of bank, and Rules;

Internal document / Protocol / Decision of the board of directors of bank

-

2) by results of consideration of the project of organizational structure the Protocol/solution of the board of directors of bank is drawn up;

Protocol / Solution of the board of directors of bank

-

3) the board of directors of bank following the results of monitoring hears the report of UKO and if necessary charges to UKO to prepare the project of changes and amendments in organizational structure.

Protocol / Solution of the board of directors of bank

at least 1 time a year

1.4

The board of directors of bank approves the strategy of bank.

Board of directors of bank, UKO

1) the board of directors of bank determines UKO responsible for development and representation on approval of the project of strategy of bank;

Internal document / Protocol / Decision of the board of directors of bank

-

2) by results of consideration of the project of strategy the Protocol/solution of the board of directors of bank is drawn up.

Protocol / Solution of the board of directors of bank

no later than October 1 of the year preceding the period for which strategy is developed

1.5

The board of directors of bank within approval of strategy establishes and approves admissible levels of risks.

Board of directors of bank, UKO

1) the board of directors of bank determines UKO responsible for development and representation on approval of the project of technique of determination and calculation of admissible levels of risks of bank;

Internal document / Protocol / Decision of the board of directors of bank

-

2) by results of consideration of the project of technique of determination and calculation of admissible levels of risks the Protocol/solution of the board of directors of bank is drawn up;

Protocol / Solution of the board of directors of bank

no later than October 1 of the year preceding the period for which strategy is developed

3) the board of directors of bank is got by the report on results of calculations of admissible levels of risks and their comparison with the current level of risks of bank.

Following the results of consideration of the report the Protocol / Solution of the board of directors of bank is drawn up.

Protocol / Solution of the board of directors of bank

no later than October 1 of the year preceding the period for which strategy is developed

1.6

The board of directors of bank performs monitoring of execution of strategy and assessment of conformity of strategy of bank of the current market and economic situation, to risk profile and financial capacity, and also the legislation of the Republic of Kazakhstan.

Board of directors of bank, UKO

1) the board of directors of bank determines UKO responsible for monitoring of execution of strategy of bank and assessment of conformity of strategy of bank of the current market and economic situation, to risk profile and financial capacity, and also the legislation of the Republic of Kazakhstan;

Internal document / Protocol / Decision of the board of directors of bank

-

2) by results of monitoring and assessment is heard by the report of UKO, in case of detection of discrepancies charges to UKO to prepare the project of corresponding changes and amendments in the strategy of bank.

Protocol / Solution of the board of directors of bank

at least 1 time a half-year

1.7

The board of directors of bank approves the budget of bank for the corresponding year and exercises control of its execution.

Board of directors of bank, UKO

1) the board of directors of bank determines UKO responsible for:

development and representation on approval the budget statement for the corresponding year;

preparation of performance reports of the budget, containing explanations, in the presence, about discrepancies between planned and actual targets;

Internal document / Protocol / Decision of the board of directors of bank

-

2) by results of consideration of the budget statement the Protocol/solution of the board of directors of bank, containing the decision on approval of the budget of bank is drawn up;

Protocol / Solution of the board of directors of bank

no later than December 31 of the year preceding year on which the budget is drafted

 

 

 

3) following the results of consideration of the report the Protocol/solution of the board of directors of bank is drawn up.

Protocol / Solution of the board of directors of bank

at least 1 time a quarter

1.8

The board of directors of bank approves personnel policy and provides its compliance of strategy, to organizational structure, risk profile of bank, the achieved results and requirements of the legislation of the Republic of Kazakhstan.

Board of directors of bank, UKO

1) the board of directors of bank determines UKO responsible for:

development and representation on approval of the project of personnel policy of bank;

monitoring of compliance of personnel policy of bank of strategy, to organizational structure, risk profile of bank, the achieved results and requirements of the legislation of the Republic of Kazakhstan;

Internal document / Protocol / Decision of the board of directors of bank

-

2) by results of consideration of the project of personnel policy the Protocol/solution of the board of directors of bank is drawn up;

Protocol / Solution of the board of directors of bank

-

3) following the results of monitoring the Protocol/solution of the board of directors of bank is drawn up.

Protocol / Solution of the board of directors of bank

at least 1 time a half-year

1.9

The board of directors of bank approves accounting policy.

Board of directors of bank, UKO

1) the board of directors of bank determines UKO responsible for:

development and representation on approval of the project of accounting policy;

monitoring and control of observance by bank and its workers of accounting policy;

Internal document / Protocol / Decision of the board of directors of bank

-

2) by results of consideration of the project of accounting policy the Protocol/solution of the board of directors of bank is drawn up;

Protocol / Solution of the board of directors of bank

-

Warning!!!

This is not a full text of document! Document shown in Demo mode!

If you have active License, please Login, or get License for Full Access.

With Full access you can get: full text of document, original text of document in Russian, attachments (if exist) and see History and Statistics of your work.

Get License for Full Access Now

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 40000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.

Search engine created by SojuzPravoInform LLC. UI/UX design by Intelliants.