Return back
Print version
Creation date: 2024-07-30

 

 

Appendix 1

to Resolution No. 2019-П-12/42-1-(RLA) of the Management Board of the National Bank of the Kyrgyz Republic dated August 14, 2019

 

 

REGULATION 

On Minimum Requirements for the Organization of Internal Control in Commercial Banks for the Purpose of Combating the Financing of Terrorist Activities and Legalization (Laundering) of Criminal Proceeds 

(In the Wording of Resolutions of the Management Board of the National Bank of the Kyrgyz Republic No.2021-П-12/51-1 dated September 15, 2021, No.2022-П-12/78-10 dated December 14, 2022, No.2022-П-12/83-7 dated December 28, 2022, No.2023-П-12/82-7 dated December 27, 2023, No.2024-П-12/1-3 dated January 17, 2024 

Chapter 1. General Provisions 

1. This Regulation shall be developed for the purpose of determining the Minimum Requirements for the Organization of Internal Control in Commercial Banks, including those operating in accordance with the Principles of Islamic Banking and Finance, banks with an Islamic Window, microfinance companies collecting deposits, “Financial Company of Credit Unions” OJSC, housing savings and loan companies (hereinafter referred to as the banks), in order to combat the Financing of Terrorist Activities and Legalization (Laundering) of Criminal Proceeds (hereinafter referred to as the CFTA/LCP), and the suspicious transactions.

(In the Wording of Resolution No.2024-П-12/1-3 of the Management Board of the National Bank of the Kyrgyz Republic dated January 17, 2024) 

2. The National Bank of the Kyrgyz Republic (hereinafter referred to as the National Bank) shall inspect the activities of banks on the organization of internal control for the purposes of the CFTA/LCP and send information on its results to the authorized state body in the field of the CFTA/LCP (hereinafter referred to as the Financial Intelligence Unit).

Chapter 2. Terms and Definitions 

3. For the purposes of these Regulations, the following concepts shall be used:

Beneficial owner - an individual (individuals) who ultimately (through the chain of ownership and control) directly or indirectly (through third parties) shall own the right of ownership or control a customer or an individual on whose behalf or in whose interests a transaction (operation) shall be conducted.

Close relatives (parents, adoptive parents, adopted children, full and half brothers and sisters, grandparents, grandchildren in respect of whom the public official shall incur financial expenses to cover living expenses, education, health care and other necessary expenses).

Verification - a procedure for verifying the identification data of the customer and (or) the beneficial owner.

High-risk countries - states and territories (entities) that do not apply or insufficiently apply international standards on combating the laundering of criminal proceeds, financing of terrorist activities and financing of proliferation of weapons of mass destruction, as well as offshore zones.

Identification of operations subject to control and reporting - a stage of organization of the banks internal control for the purposes of the CFTA/LCP, which shall include identification of operations subject to control and reporting to the Financial Intelligence Unit in accordance with the requirements of the regulatory legal acts of the Kyrgyz Republic.

CFTA/LCP official a bank employee (at the level of the head of Compliance Control Service) appointed for the purpose of organization of internal CFTA/LCP control, who has access to all information related to identification, verification, detection, recording and transfer of data to the Financial Intelligence Unit.

In order to fulfil his/her functions promptly, the CFTA/LCP official shall be entitled to delegate authority to staff under his/her authority. At the same time, this circumstance shall not remove the responsibility of the official for improper fulfilment of his/her functions.

Identification - a procedure for establishing identification data about the customer and (or) the beneficial owner.

Customer an individual or legal person (organization), foreign trust or legal entity accepted for servicing or being serviced by the bank, or with whom the banks are establishing or have established business relations.

Financial Intelligence Unit - an authorized state body of the Kyrgyz Republic in the sphere of combating the financing of terrorist activities and legalization (laundering) of criminal proceeds.

Suspicious operation (transaction) - an operation (transaction) falling under the following characteristics:

a) if there is a suspicion or reasonable grounds to suspect that the funds are of criminal origin, including from predicate offences, or are related to legalization (laundering) of criminal proceeds;

b) if there is a suspicion or reasonable grounds to suspect that the funds are related to the financing of:

- terrorists and extremists;

- terrorist and extremist organizations (groups);

- terrorist and extremist activities.

Suspicious operation (transaction) shall be identified by the CFTA/LCP official within the framework of the CFTA/LCP legislation for transactions with funds or other property of the customer and the beneficial owner.

Internal Control Program - internal measures, procedures and control systems applied by the bank for the purpose of compliance with the CFTA/LCP legislation of the Kyrgyz Republic.

Public officials - one of the following individuals:

a) foreign public official - a person who is performing or has performed significant state or political functions (public functions) in a foreign state (heads of state or government, top officials in the government, courts, armed forces, state bodies, enterprises or institutions, prominent political figures, including prominent figures of political parties);

b) national public official - a person who is holding or has held a political and special public office in the Kyrgyz Republic provided for in the Register of State and Municipal Positions approved by the President of the Kyrgyz Republic, as well as senior management of state corporations, prominent political figures, including prominent figures of political parties;

c) public official of an international organization - the highest official of an international organization who is or has been entrusted with important functions by the international organization (heads, deputy heads and board members of an international organization or persons holding equivalent positions in an international organization).

Risk-based approach - application of enhanced measures in case of high risk or simplified measures in case of low risk in accordance with the established risk management procedures (identification, assessment, monitoring, control, risk mitigation).

Sanctions List - a list of individuals, legal entities, groups and organizations, involved in terrorist or extremist activities and proliferation of weapons of mass destruction.

The Sanctions List shall include:

a) the consolidated Sanctions List of the Kyrgyz Republic;

(b) the consolidated Sanctions List of the United Nations Security Council.

Procedure for the formation and publication of the Sanctions List shall be provided for in the Regulation “On Lists of Individuals and Legal Entities, Groups and Organizations, Involved in Terrorist and Extremist Activities, Proliferation of Weapons of Mass Destruction and Legalization (Laundering) of Criminal Proceeds” approved by Resolution No.606 of the Government of the Kyrgyz Republic dated December 25, 2018.

Targeted financial sanctions - freezing of any operations (transactions) and (or) funds of individuals and legal entities, groups and organizations, involved in terrorist or extremist activities and proliferation of weapons of mass destruction, and (or) restriction of access (direct or indirect) to any funds or financial services for such individuals, legal entities, groups and organizations.

The “Extremist Activity” concept shall correspond to the norms of the conceptual framework of the Law of the Kyrgyz Republic “On Combating Extremist Activity”.

“Islamic bank”, “bank with an “Islamic Window”, “Principles of Islamic Banking and Finance, “Shariah standards”, “Shariah Council” - these terms shall comply with the norms of the conceptual framework of the Law of the Kyrgyz Republic “On Banks and Banking Activity” and regulatory legal acts of the National Bank.

All other concepts used in this sphere shall not contradict the basic concepts set forth in this Chapter.

(In the Wording of Resolutions of the Management Board of the National Bank of the Kyrgyz Republic No.2021-П-12/51-1 dated September 15, 2021, No.2022-П-12/78-10 dated December 14, 2022, No.2022-П-12/83-7 dated December 28, 2022, No.2023-П-12/82-7 dated December 27, 2023) 

Attention! Paragraph 3 was amended in the state language by Resolution No.2021-П-12/51-1-(RLA) of the Management Board of the National Bank of the Kyrgyz Republic dated September 15, 2021. 

Chapter 3. CFTA/LCP Activities of the Bank 

4. The CFTA/LCP activities of the bank, taking into account its subsidiaries and affiliates, shall include the following components:

1) implementation of the CFTA/LCP Internal Control Program;

2) evaluation of the effectiveness of the CFTA/LCP Internal Control Program by the banks Internal Audit Service;

3) appointment of a CFTA/LCP official and a person who will replace such official in case of his/her dismissal (personnel reserve);

4) training of the banks employees involved in the implementation of the CFTA/LCP policy.

5. The Board of Directors together with the banks Management Board shall be responsible for ensuring adequate and effective activity of the bank in the field of combating the financing of terrorist activities and legalization (laundering) of criminal proceeds, as well as preventing the involvement of the bank in suspicious transactions.

6. The Board of Directors shall be responsible for:

- Approving an adequate and effective CFTA/LCP Policy;

- Approving the CFTA/LCP Internal Control Program, as well as monitoring its implementation;

- Determining measures to ensure the effective performance of the CFTA/LCP official;

- Appointment and dismissal of the CFTA/LCP official;

- Reviewing the report of the Internal Audit Service and the reports of the CFTA/LCP official;

- Determining measures aimed at eliminating the deficiencies in the area of CFTA/LCP identified by the Internal Audit Service and indicated in the report of the CFTA/LCP official, and control over their implementation.

7. The banks Management Board shall be responsible for:

- ensuring implementation of the policy and program of the CFTA/LCP Internal Control, approved by the Board of Directors of the bank;

- ensuring control over the implementation of the CFTA/LCP legislation of the Kyrgyz Republic;

- ensuring training of the banks CFTA/LCP employees;

- ensuring implementation of measures aimed at eliminating deficiencies in internal measures, procedures and internal control system, as well as ensuring independent audit;

- ensuring fulfilment of requirements of regulatory legal acts of the Kyrgyz Republic related to the opening of bank accounts (including identification and verification of customers and beneficial owner), conducting account transactions and cancellation of agreements with customers (account holders) and depositors.

The banks Management Board shall take exhaustive measures to prevent involvement of the bank in conducting suspicious transactions.

Chapter 4. CFTA/LCP Internal Control Program 

8. The CFTA/LCP Internal Control Program is a part of the banks internal control system and shall presuppose that at least the following activities shall be carried out in the bank:

1) Organization of internal control aimed at establishing decision-making powers and responsibilities of officials, interaction and accountability between persons and units involved in the CFTA/LCP process;

2) Implementing measures to identify, assess, monitor, manage, mitigate and document risks;

3) Performing customer due diligence, which shall include:

- Identifying and verifying the customer;

- obtaining information on the purpose and intended nature of the customers business relationship;

- identification of the beneficial owner and taking available and reasonable measures to verify the beneficial owner of customers, including those that are legal entities (foreign trusts, etc.);

- identification and verification of customer transactions that are most exposed to the risk of the financing of terrorist activities and legalization (laundering) of criminal proceeds, suspicious transactions;

- identification and verification of the banks operations for all banking products and services that are most exposed to the risk of the financing of terrorist activities and legalization (laundering) of criminal proceeds, and to suspicious transactions;

- documenting information obtained as a result of identification and verification of the customer and beneficial owner;

- keeping and updating of information and documents on the customers activity and financial position, as well as information and documents obtained as a result of customer due diligence;

- conducting customer due diligence on a continuous basis throughout the entire period of business relations with the customer and analyzing the compliance of operations (transactions) conducted by the customer with the available information on the content of its activities, financial position and source of funds, as well as on the nature of risks of the financing of terrorist activities and legalization (laundering) of criminal proceeds.

The above measures for customer due diligence shall be applied in cases and in accordance with the procedure established by the Cabinet of Ministers of the Kyrgyz Republic, as well as taking into account the results of risk assessment.

4) identification of transactions subject to control and reporting in the customers activities;

5) identification of suspicious transactions in the customers activity in accordance with the requirements of the Financial Intelligence Unit, in order to confirm the validity or refute suspicions of such transactions by the customer;

6) establishment of the procedure and grounds for refusal to open accounts for potential customers and correspondent banks, as well as for termination of servicing customer accounts and correspondent relations with banks;

7) suspension of operations (transactions) and application of targeted financial sanctions;

Suspension of operations (transactions) and application of targeted financial sanctions shall be carried out by the bank in accordance with the Regulation “On the Procedure for Suspension of Operation (Transaction), Freezing and Unfreezing of Operation (Transaction) and (or) Funds, Provision of Access to Frozen Funds and Management of Frozen Funds” approved by Resolution No.606 of the Government of the Kyrgyz Republic December 25, 2018.

8) application of measures against high-risk countries in line with the requirements of the Regulation “On the Procedure for Application of Measures (Sanctions) against High-Risk Countries” approved by Resolution No.606 of the Government of the Kyrgyz Republic dated December 25, 2018;

9) timely submission to the Financial Intelligence Unit of information and documents, as well as reports on operations (transactions) subject to control and reporting;

10) ensuring storage of information and documents on operations (transactions), as well as information obtained as a result of customer due diligence;

11) ensuring confidentiality of information;

12) implementation in the bank of information systems ensuring prompt provision of reliable and comprehensive information on the banks activity, including on customers operations;

13) establishment of control and monitoring of the banks continuous compliance with the legislation of the Kyrgyz Republic on CFTA/LCP issues;

14) establishment of control over the bank employees whose activity is exposed to high risk (cashiers, credit inspectors, employees of operational units of the bank, etc.), reflection of functions and responsibilities for implementation of the CFTA/LCP Policy in job descriptions of employees of the relevant units of the bank;

14-1) monitoring of application of the CFTA/LCP Internal Control Program and internal documents of the bank and, if necessary, their improvement;

15) ensuring fulfilment of other obligations stipulated by the CFTA/LCP legislation of the Kyrgyz Republic.

(In the Wording of Resolutions of the Management Board of the National Bank of the Kyrgyz Republic No.2022-П-12/83-7 dated December 28, 2022, No.2023-П-12/82-7 dated December 27, 2023) 

9. For the purposes of the CFTA/LCP, banks shall be required to develop an internal control organization policy to be approved by the banks Board of Directors. This policy is part of the overall policy for the bank's internal control system organization.

The Internal control organization policy for the purposes of the CFTA/LCP should define the principles of building the banks internal system for the CFTA/LCP.

10. The bank shall ensure that its subsidiaries and affiliated companies, located both in the Kyrgyz Republic and abroad, comply with the appropriate measures for organization of internal control for the purposes of the CFTA/LCP.

Chapter 5. Assessment of CFTA/LCP Internal Control Efficiency by the Banks Internal Audit Service 

11. Assessment of the CFTA/LCP internal control efficiency shall be carried out by the banks Internal Audit Service at least once a year or more frequently, depending on the level of risk of operations and dynamics of the banks performance indicators.

12. The Internal Audit Service, in the course of assessment of the CFTA/LCP internal control efficiency, shall carry out at least the following:

- assessing the effectiveness of the internal control system organisation, including the policies, procedures and organization of the bank's CFTA/LCP activities;

- assessing the methodology for determining the levels of risks assumed by the bank;

- an assessment of the measures used by the bank to assess and manage the banks exposure to CFTA/LCP risks;

- random testing of the activities of the CFTA/LCP official, as well as the software used, including for compliance with the banks policies and procedures;

- an assessment of the measures applied by the banks management, the Management Board and the Board of Directors to address violations identified during previous inspections by the banks internal audit function, external audit, the National Bank or the Financial Intelligence Unit;

- review-assessment of internal control, including assessment of the software used for the degree of efficiency of detection and formation of reports on operations (transactions) subject to control and reporting;

- verifying the adequacy of the CFTA/LCP officials reports submitted to the Board of Directors and their compliance with the minimum requirements of the National Bank;

- verification of compliance with the training programs of the banks employees involved in the implementation of the CFTA/LCP policy.

Based on the results of inspection of activity of structural units of the bank with regard to compliance with the CFTA/LCP internal control system, the internal auditor shall develop recommendations, which shall also be submitted to the CFTA/LCP official for familiarization.

13. In order to ensure a quality and comprehensive audit, the Internal Audit Service shall hold discussions with the CFTA/LCP official to obtain information on the CFTA/LCP internal controls, procedures and systems, as well as information on problems. The internal auditor shall have access to all records and reports of the bank.

14. Based on the results of the conducted audit, the Internal Audit Service shall prepare a report on the results of the assessment of the efficiency of the CFTA/LCP internal control, including information on:

1) risks of the financing of terrorist activities and legalization (laundering) of criminal proceeds;

2) violations of CFTA/LCP internal control programs and other internal documents of the bank;

3) violations of the CFTA/LCP legislation of the Kyrgyz Republic;

4) recommended measures necessary for the elimination and prevention of revealed violations.

15. The internal auditors report on the results of the assessment of the effectiveness of the CFTA/LCP internal control shall be submitted to the Board of Directors within 5 (five) business days from the date of signing the report for further review and taking measures to eliminate the identified violations and prevent them in the future.

Chapter 6. Official Appointed for the Organization of CFTA/LCP Internal Control 

16. For the purpose of developing and implementing the CFTA/LCP internal control policy, relevant procedures, as well as other internal organizational arrangements, the Board of Directors shall approve an official who is reporting to the Board of Directors (hereinafter referred to as the CFTA/LCP official) and shall take measures to ensure continuity, independence, impartiality, professional competence, effective organization of his/her working conditions.

17. The tasks of the CFTA/LCP official shall be:

1) taking appropriate measures to minimize the risk of involvement of the bank and participation of its employees in committing criminal (illegal) acts related to the financing of terrorist activities and legalization (laundering) of criminal proceeds;

2) effective implementation of the CFTA/LCP legislation of the Kyrgyz Republic;

3) assistance to the Financial Intelligence Unit and the National Bank in fulfilment of tasks and functions stipulated by the CFTA/LCP legislation of the Kyrgyz Republic.

18. For the purposes of the CFTA/LCP, the CFTA/LCP official shall perform the following functions:

- develop and submit for approval to the Board of Directors, in coordination with the Management Board of the bank, the relevant internal control policy and bring this policy to the attention of all employees who participate in its implementation;

- ensure implementation of the internal control policy and monitor the fulfilment of the banks CFTA/LCP internal regulatory documents in accordance with this policy;

- ensure provision of information and data to the Financial Intelligence Unit, including reports on operations (transactions) subject to control and reporting in line with the requirements established by the legislation of the Kyrgyz Republic;

- make a decision on recognizing an operation (transaction) as suspicious and sending a report on suspicious operation (transaction) to the Financial Intelligence Unit, with subsequent notification of the banks Management Board;

- provide information and assistance to the authorized representatives of the National Bank during their inspections of the banks activity on issues referred to its competence by this Regulation and internal documents of the bank;

- organize training and consult the banks employees involved in the implementation of the CFTA/LCP policy;

- if necessary, but at least once a quarter, submit a written report on the results of the implementation of the CFTA/LCP internal control policy for consideration of the Board of Directors, with prior familiarization of the banks Management Board, in accordance with the procedure established by the internal documents of the bank;

- assess the CFTA/LCP risks, including at introduction of new banking products.

19. When exercising his/her functions, the CFTA/LCP official shall be entitled to:

- receive from the managers and employees of the banks units the necessary documents, including orders and other administrative documents issued by the management of the bank and its units, accounting and monetary settlement documents;

- get access to the databases of customers and beneficial owners formed by the bank;

- initiate the process of obtaining additional information on the customer, beneficial owner and/or operation (transaction) to confirm the validity or refute suspicions of the financing of terrorist activities and legalization (laundering) of criminal proceeds by the customer;

- enter the premises of the banks units, as well as the premises used for storage of documents (archives), cash and valuables (cash vaults), information database in line with the established procedure;

- make copies of the received documents, including copies of electronic documents;

- give temporary instructions regarding the conduct of the operation (transaction), including orders to suspend the operation (transaction) and freeze the operation (transaction) and (or) funds, according to the Regulation “On the Procedure for Suspension of Operation (Transaction), Freezing and Unfreezing of Operation (Transaction) and (or) Funds, Providing Access to Frozen Funds and Management of Frozen Funds” approved by Resolution No.606 of the Government of the Kyrgyz Republic dated December 25, 2018;

- address the Board of Directors of the bank, where necessary;

- interact with and address the Shariah Council (*).

Note: (*) Refers to banks operating in accordance with the Principles of Islamic Banking and Finance.

20. In the exercise of his/her functions, the CFTA/LCP official shall:

- ensure the safekeeping and return of documents received from the relevant units of the bank;

- ensure confidentiality of information obtained in the course of fulfilment of his/her functions and not to disclose the data on transfer of information to the Financial Intelligence Unit;

- notify the banks Management Board on recognizing the operation (transaction) as suspicious and sending the report on suspicious operation (transaction) to the Financial Intelligence Unit.

21. When implementing the banks CFTA/LCP policy, the CFTA/LCP official may combine the activities falling within his/her competence according to this Regulation with the fulfilment of other functions, except for the functions of:

- an employee of the Internal Audit Service;

- an employee performing operational activities;

- an employee performing activities that shall not ensure his/her independence.

22. The CFTA/LCP official shall:

- have knowledge of the CFTA/LCP legislation;

- have a clear understanding of the banking products, operations, services, customer transactions, and potential risks inherent in the banks CFTA/LCP activities.

23. Training (retraining) of the CFTA/CLP official, front office staff, as well as other employees of the bank involved in the implementation of the CFTA/LCP policy shall be carried out on a regular basis, at least once a year in accordance with the requirements established by the Regulation “On General Requirements for the Internal Control Program Approved by Resolution No.606 of the Government of the Kyrgyz Republic dated December 25, 2018.

(In the Wording of Resolution No.2022-П-12/83-7 of the Management Board of the National Bank of the Kyrgyz Republic dated December 28, 2022) 

24. Responsibility of the CFTA/LCP official, the banks Management Board and the Board of Directors shall be incurred on the grounds stipulated by the legislation of the Kyrgyz Republic.

25. The written report of the CFTA/LCP official submitted to the Board of Directors of the bank shall contain at least the following information for the reporting period and, if necessary, for other periods:

1) the results of control over compliance with the requirements for customer identification, verification and study, and beneficial owner identification;

2) results of analyses of operations of the banks customers conducted for the purpose of identification of suspicious operations (transactions), including information regarding:

- significant dynamics of movement of funds on customers accounts (current accounts of customers, accounts of bank employees);

- transactions of the largest amounts;

- purchase or sale of foreign currency to customers;

- transactions of customers, the amounts of which significantly exceed the turnovers inherent in the usual activities of the customer;

- cash transactions (cashing out of funds, exchange of assets, cash deposit for replenishment of the bank account through specialized peripheral devices of the bank);

- operations on granting loans and accepting deposits (term deposits);

- operations with guarantees, letters of credit and other contingent liabilities;

- transfers without opening an account through money transfer systems, as well as through the SWIFT system (or other systems acting as main systems in banks);

- operations of customers and the bank on purchase and sale of securities;

- cash flow of bank customers located in other countries;

3) on the provision of information to the Financial Intelligence Unit in accordance with the requirements established by the legislation of the Kyrgyz Republic;

4) on suspension of operations (transactions) and freezing of operations (transactions) and (or) funds with description of justification for their suspension and freezing, submission of information about them to the Financial Intelligence Unit and further work in accordance with the legislation;

5) on compliance with measures for the implementation of the CFTA/LCP Internal Control Program by subsidiaries and associated companies of the bank located in the territory of the Kyrgyz Republic and abroad;

6) on monitoring of implementation of the CFTA/LCP legislation and internal regulatory documents of the bank in line with the bank's policy, their violation and measures taken;

7) information on the results of work on elimination of violations noted in previous reports of the CFTA/LCP official submitted to the Board of Directors;

8) results of the work of the employees involved in the implementation of the CFTA/LCP policy, measures taken to organize their training and counselling;

9) analytical information regarding:

- possible interconnection of customers;

- correspondent banks;

- trust management of property under contracts with customers;

- introduction of new banking products and technologies and risks associated with their introduction.

26. Based on the results of consideration of the written report of the CFTA/LCP official, the Board of Directors shall establish control over the activities of the banks Management Board to eliminate violations noted in the report and take measures to prevent violations of the CFTA/LCP policy in the future.

Chapter 7. Risk-Based Approach Applied in Customer Due Diligence 

27. The Bank shall be obliged to:

1) assess, identify, document and continuously update its risks by customers, countries, products, services, operations (transactions) and delivery channels in order to allocate resources and mitigate risks, including taking into account the results of the national risk assessment and typical criteria of high and low risks;

2) submit information on identified risks to the National Bank and the Financial Intelligence Unit in accordance with the established procedure;

3) develop and apply enhanced or simplified policies, as well as controls, procedures for risk management and their mitigation.

(In the Wording of Resolution No.2023-П-12/82-7 of the Management Board of the National Bank of the Kyrgyz Republic dated December 27, 2023) 

28. The Bank shall apply enhanced or simplified customer due diligence measures using a risk-based approach in the course of customer due diligence.

29. The bank shall be obliged to classify its customers taking into account risk criteria (high and low). To determine the level of risk, it shall be taken into account, at least, the type of the customers activity and the location (origin) of the customer and/or its business, as well as the transactions carried out by the customer, the services provided and the purpose of the customers payments. Typical high and low risk criteria shall be established and published by the Financial Intelligence Unit. Banks may develop and apply medium risk criteria.

30. On the basis of all information and documents enabling to identify, verify and study its customer, the bank shall assess the risk level of possible financing of terrorist activities and legalization (laundering) of criminal proceeds by the customer, which shall be reflected in the customer questionnaire.

31. The bank shall pay special attention to and exercise appropriate control over the banks operations exposed to a high risk of the financing of terrorist activities and legalization (laundering) of criminal proceeds, and the performance of suspicious operations.

32. If a high risk is established, the bank shall apply the following enhanced measures of customer due diligence:

1) collection of additional identification information and documents regarding the customer from available and reliable sources, as well as use of this information in assessing the customer related risk;

2) collection of additional information about the customer and the beneficial owner to gain a thorough understanding of the risk of possible involvement of such customer and the beneficial owner in criminal activities;

3) requesting additional information from the customer regarding the purpose and intended nature of the business relationship and the source of the customers funds;

4) verification of the sources of the customers funds used in establishing the business relationship to ensure that the funds are not the criminal proceeds;

5) regularly updating the identification data of the customer and the beneficial owner using a risk-based approach, but at least once a year;

6) requesting additional information from the customer explaining the reason or economic substance of planned or performed operations (transactions);

7) obtaining authorization of the Management Board/Chairman of the Management Board or a member of the Management Board supervising the operational activity of the bank (provided that such powers have been delegated to him/ger by the Chairman of the banks Management Board) to establish or continue business relations with the customer;

8) implementation of enhanced monitoring of business relations by means of daily monitoring of operations (transactions), analysis of information, consideration and accounting of assignment of funds, using both information automated systems and manual mode, in order to identify suspicious operations (transactions) and operations (transactions) that do not have obvious economic substance or obvious legal purpose, as well as communicating the results of monitoring to the CFTA/LCP official and the banks Management Board;

9) a proposal to conduct an operation (transaction) through a bank account, if the operation (transaction) is planned to be conducted without opening a bank account.

Assignment of a high-risk level to a customer shall entail application by the bank of enhanced measures of proper customer due diligence for effective management and (or) mitigation of risks.

Enhanced customer due diligence measures should also be applied to customers from high-risk countries.

The bank should establish reasonable terms for the customer to submit additional documents, including information on the counterparty, but not more than 10 (ten) business days in order to determine the economic feasibility and legality of transactions, as well as the source of origin of the funds of the customer and the beneficial owner.

(In the Wording of Resolutions of the Management Board of the National Bank of the Kyrgyz Republic No.2021-П-12/51-1 dated September 15, 2021, No.2022-П-12/83-7 dated December 28, 2022, No.2023-П-12/82-7 dated December 27, 2023) 

33. Where low risk is established, the bank shall apply the following simplified customer due diligence measures:

1) obtaining general information about the purpose and intended nature of the business relationship;

2) verification of the customer and the beneficial owner after the establishment of the business relationship;

3) reducing the frequency of updating the identification data of the customer and the beneficial owner;

4) reduced monitoring of operations (transactions) of the customer using an automated system for verification of operations (transactions) based on the limit determined by the bank.

It shall not be allowed to apply simplified measures for management and risk mitigation if there are suspicions of the financing of terrorist activities and legalization (laundering) of criminal proceeds by the customer.

(In the Wording of Resolution No.2023-П-12/82-7 of the Management Board of the National Bank of the Kyrgyz Republic dated December 27, 2023) 

34. When serving foreign public officials, the bank shall apply the following measures:

- use tools to determine whether the customer or beneficial owner is a public official;

- obtain written authorization from the banks Management Board to establish or continue (for existing customers) a business relationship with a public official. The authorization of the Management Board shall not be required when the public official performs a one-off transaction;

- establish the source of origin of funds or other property of the foreign public official;

- conduct continuous and in-depth monitoring of business relations, including operations (transactions) carried out by a foreign public official, in accordance with the procedure established for high-risk customers;

- continuously update the information available on foreign public officials.

The bank shall apply the above measures to family members and close persons (close relatives, business partners and official representatives) of a foreign public official.

35. The measures referred to in Paragraph 34 shall also apply to national public officials and public officials of international organizations, as well as their family members and close associates in case of determination of high risk of business relations with such persons.

36. Upon identification of national public officials, the bank shall record the obtained information in electronic format, according to the form of the public official questionnaire established by the Financial Intelligence Unit, and shall send the information recorded in the national public official questionnaire to the Financial Intelligence Unit via electronic communication channels within 3 (three) business days.

37. The bank may use open sources of information to establish, monitor and verify information regarding public officials.

38. The bank shall update the information obtained as a result of identification, verification and examination of the customer, as well as identification of the beneficial owner periodically, at least once a year in cases when the bank shall assess the risk of the financing of terrorist activities and legalization (laundering) of criminal proceeds by the customer as high, and in other cases at least once every three years.

39. The bank shall ensure compliance with all procedures designed to exercise appropriate control over the risk of the financing of terrorist activities and legalization (laundering) of criminal proceeds associated with the application and implementation of new technologies, products and services, as well as new business practices for existing or new banking products using new mechanisms or emerging technologies, including those involving operations (transactions) without direct contact with the customer.

(In the Wording of Resolution No.2023-П-12/82-7 of the Management Board of the National Bank of the Kyrgyz Republic dated December 27, 2023) 

40. When establishing correspondent relations, the bank shall establish, including by sending an enquiry to the correspondent bank, whether the correspondent bank implements CFTA/LCP measures, including identification, verification and examination of its customers.

Chapter 8. Identification of Operations (Transactions) Subject to Control and Reporting 

41. The bank shall determine the procedure for checking the customers activities for the presence of criteria and signs indicating possible financing of terrorist activities and legalization (laundering) of criminal proceeds established by the regulatory legal acts of the Kyrgyz Republic. For this purpose, the bank shall monitor its business relations with customers on a permanent basis, which shall provide for the following activities:

- examination of transactions conducted on the customers account to make sure that the customers activity corresponds to the information available to the bank about the customer, its business and the level of risk for this customer;

- where necessary, ascertaining the origin of the funds deposited in the customers account;

- analyzing all complex or unusually large transactions that have no obvious or apparent economic or legal purpose;

- recording and documenting all information obtained by the bank and, if necessary, forwarding this information to the Financial Intelligence Unit.

42. Operation (transaction) with funds or other property shall be subject to control and reporting to the Financial Intelligence Unit.

Operations (transactions) subject to control and reporting shall include the following operations (transactions):

- suspicious operations (transactions);

- operations (transactions) with individuals or legal entities from high-risk countries. The list of operations (transactions) with individuals or legal entities from high-risk countries to be reported to the Financial Intelligence Unit shall be determined in accordance with the procedure established by the Cabinet of Ministers of the Kyrgyz Republic;

- operations (transactions) made by an individual who has served a sentence for legalization (laundering) of criminal proceeds, terrorist or extremist activities, or for financing of such activities;

- cash operations (transactions).

(In the Wording of Resolution No.2022-П-12/83-7 of the Management Board of the National Bank of the Kyrgyz Republic dated December 28, 2022) 

43. Prior to the introduction of new types of services, operations, technologies, as well as business practices for existing or new products, the bank shall identify and assess all possible risks related to this service, operation, technology and business practices in order to combat the financing of terrorist activities and legalization (laundering) of criminal proceeds.

(In the Wording of Resolution No.2023-П-12/82-7 of the Management Board of the National Bank of the Kyrgyz Republic dated December 27, 2023) 

44. The bank shall be obliged to take necessary measures to verify whether there is information about the participation of the customer, beneficial owner in terrorist or extremist activities and proliferation of weapons of mass destruction, as well as legalization (laundering) of criminal proceeds.

The said information shall be contained in the Sanctions List, as well as in the List of persons, groups, organizations, involved legalization (laundering) of criminal proceeds. The Financial Intelligence Unit shall be responsible for the generation and updating of such information.

45. The employees of the structural units of the bank, who carry out identification of customers and detection of suspicious transactions, in line with the procedure determined by the policies and procedures of the bank, shall inform the CFTA/LCP official of all cases of identified suspicious transactions.

Chapter 9. Recording, Storage and Transmission of Information Obtained in the Course of Internal Control to the Financial Intelligence Unit 

46. Information on operations (transactions) of the customer, received during the implementation of internal control, shall be subject to mandatory documentary recording in the amounts sufficient to confirm or refute suspicions of the financing of terrorist activities and legalization (laundering) of criminal proceeds by the customer.

47. Upon confirmation of suspicions in determining the customers operation, the CFTA/LCP official shall make a decision on recognizing the operation (transaction) as suspicious and shall send a report on the suspicious operation (transaction) to the Financial Intelligence Unit in accordance with the procedure of information transmission approved by the Financial Intelligence Unit, with subsequent notification of the banks Management Board.

The banks Management Board shall be responsible for timely implementation of further actions, including suspension of operation (transaction) and/or termination of business relations with the customer.

(In the Wording of Resolution No.2021-П-12/51-1 of the Management Board of the National Bank of the Kyrgyz Republic dated September 15, 2021) 

Attention! Paragraph 3 was amended in the state language by Resolution No.2021-П-12/51-1-(RLA) of the Management Board of the National Bank of the Kyrgyz Republic dated September 15, 2021. 

48. The bank shall form and send to the Financial Intelligence Unit reports on operations (transactions) subject to control and reporting specified in Paragraph 42 of this Regulation, regardless of the amount of the operation (transaction) performed or being performed, except for cash operations (transactions), the threshold amount for which shall be established by the Cabinet of Ministers of the Kyrgyz Republic.

(In the Wording of Resolution No.2022-П-12/83-7 of the Management Board of the National Bank of the Kyrgyz Republic dated December 28, 2022) 

49. The bank shall ensure submission of the notice within the following terms:

1) reporting of suspicious operation (transaction) - within 5 (five) hours from the moment when the operation (transaction) is recognized as suspicious in line with the established procedure;

2) reporting of operation (transaction) with individuals or legal entities from high-risk countries - within 2 (two) business days from the date of such operation (transaction);

3) reporting of operations (transactions) made by an individual who has served a sentence for legalization (laundering) of criminal proceeds, terrorist or extremist activities, as well as for the financing of such activities - within 2 (two) business days from the date of such operation (transaction);

4) report of cash operation (transaction) - within 3 (three) business days from the date of such operation (transaction).

The above reports shall be sent to the Financial Intelligence Unit in accordance with the requirements of the Regulation “On the Procedure for Submission of Information and Documents to the Financial Intelligence Unit of the Kyrgyz Republic” approved by Resolution No.606 of the Government of the Kyrgyz Republic dated December 25, 2018.

50. The bank shall not be entitled to inform the customers about the transmission of information to the Financial Intelligence Unit, except for the cases stipulated by the CFTA/LCP legislation.

51. Information and documents containing information on the customer, beneficial owner, including business correspondence, as well as on operations (transactions) of the customer obtained in the course of verification, according to this Regulation, shall be kept for at least 5 (five) years after termination of relations between the bank and the customer.

 

Contacts
  • Public Information Service
    +996 (312) 61-04-86
    +996 (312) 66-90-15 +1257, +1256
  • Consumer protection department
    +996 (312) 66-90-15 +1671, +1666
  • Inform about corruption
    +996 (312) 61-10-51
  • Autoinformer official exchange rates
    +996 (312) 61-07-11
  • Numismatic museum
    +996 (312) 66-90-08
  • E-mail
    mail@nbkr.kg
  • Working with the media
    press@nbkr.kg
  • 168 Chuy Avenue, Bishkek, 720001, Kyrgyz Republic