LogoRegulatory Alerts
2024-12-27 | 123161

Regulation on Internal Procedures for Assessing Capital Adequacy of Commercial Banks of the Kyrgyz Republic

The National Bank of the Kyrgyz Republic issued this regulation to mandate that commercial banks develop and maintain robust internal capital adequacy assessment processes (ICAAP) tailored to their specific risk profiles and business models. The document establishes strict requirements for the annual preparation, board approval, and submission of comprehensive ICAAP reports by May 31, covering risk identification, capital planning, stress testing, and risk appetite frameworks. It further defines standardized terminology and detailed reporting structures to ensure consistent supervisory evaluation and proportional risk management across the banking sector.

National Bank of the Kyrgyz Republic logo

Kyrgyzstan

National Bank of the Kyrgyz Republic

Click to view thumbnail

Back

Print Version

Creation Date: 2025-01-11

Appendix to the Resolution of the Board of the National Bank of the Kyrgyz Republic of December 27, 2024 No. 2024-P-12/71-3-(BS)

REGULATION

"On Internal Procedures for Assessing Capital Adequacy of Commercial Banks of the Kyrgyz Republic"

Chapter 1. General Provisions

  1. This Regulation defines the grounds, order, and procedures for the development of internal procedures for assessing capital adequacy by commercial banks of the Kyrgyz Republic (hereinafter – banks).

The action of this Regulation extends to banks, including banks conducting operations in accordance with Islamic principles of banking and finance, including banks having an "Islamic window," taking into account the special terminology applied by them in carrying out banking operations.

  1. Internal procedures for assessing capital adequacy (hereinafter – ICAAP) will enable banks to implement reliable, effective, and comprehensive strategies and processes for the continuous assessment and maintenance of amounts, types, and distribution of capital that is sufficient to cover the level of risks to which banks are or may be exposed. These strategies and processes are subject to regular internal assessment to ensure their completeness and proportionality to the nature, volume, and complexity of the bank's activities.

  2. This Regulation provides a description of the main aspects that banks must consider when developing a reliable, effective, and comprehensive ICAAP process, as well as its content, which the National Bank of the Kyrgyz Republic (hereinafter – the National Bank) will assess as part of the annual supervisory assessment process of each bank's ICAAP.

  3. In addition to the norms of this Regulation, banks are also recommended to take into account other ICAAP-related publications of international institutions such as the Basel Committee on Banking Supervision.

Furthermore, banks must take into account all recommendations addressed to them related to ICAAP, for example, recommendations arising from the supervisory assessment process of the National Bank, as well as recommendations regarding risk management and control.

Chapter 2. Terms and Definitions Used

  1. The following definitions provided in the following normative legal acts of the Kyrgyz Republic are used in this Regulation:

  1. Law of the Kyrgyz Republic "On Banks and Banking Activity" of August 11, 2022 No. 93 (hereinafter – the Banking Law);

  2. Instruction on Determining Capital Adequacy Standards for Commercial Banks of the Kyrgyz Republic, approved by the Resolution of the Board of the National Bank dated October 12, 2022 No. 2022-P-12/63-1-(NPA) (hereinafter – the Capital Adequacy Instruction);

  3. Regulation "On Minimum Requirements for Risk Management in Banks of the Kyrgyz Republic", approved by the Resolution of the Board of the National Bank dated June 15, 2017 No. 2017-P-12/25-8-(NPA) (hereinafter – the Risk Management Regulation).

  1. For the purposes of this Regulation, the following concepts are used:

  1. Additional Capital – Additional Tier 1 Capital, specified in paragraph 17 of the Capital Adequacy Instruction;

  2. Internal Document on Risk Appetite Level is understood in the meaning specified in the Risk Management Regulation;

  3. Core Capital – Core Tier 1 Capital, provided for in paragraph 16 of the Capital Adequacy Instruction;

  4. Business Plans – plans concerning the bank's strategy and scope of activity in accordance with Article 25 of the Banking Law;

  5. Capital Allocation – the process of allocating a certain amount of capital to a specific type of risk (e.g., credit, operational, etc.) taking into account the level of the specific risk faced by the bank.

Capital allocation includes risks specified in the Capital Adequacy Instruction (credit risk and operational risk) and other risks not provided for in the Capital Adequacy Instruction (market risk, credit concentration risk, and other risks);

  1. Tier 1 Capital or Equity Capital – Tier 1 Capital, specified in paragraph 15 of the Capital Adequacy Instruction;

  2. Capital Planning – forecasting the bank's capital adequacy ratios for a certain period (usually for 3 years) through forward-looking assessment of the bank's capital and capital requirements, ensuring its full compliance with the bank's business plan;

  3. Capital Targets – various limits (such as targets, early warning indicators, or limits) established by the bank within its internal document on risk appetite level regarding indicators related to its capital adequacy (Core Tier 1 Capital adequacy ratios, Total Capital adequacy ratios, etc.);

  4. Key Business Lines – business lines that represent significant sources of the bank's income, profit, or franchise value, usually associated with segments used by the bank to inform the market, investors, etc.;

  5. Internal Capital Models – methodologies developed within the bank and used to quantify risks for which requirements are established in accordance with the Capital Adequacy Instruction, and other risks not provided for in the Capital Adequacy Instruction;

  6. Inherent Risk – the level of risk inherent in the bank's activities, products, or services, i.e., the probability that the bank will incur significant losses due to risk exposure and uncertainty arising from current and future events. In this context, the term "significant losses" refers to the amount of losses exceeding 5% of the bank's Tier 1 Capital value;

  7. Internal Capital Requirements – internally calculated capital limits by the bank to cover risks for which requirements are provided in the Capital Adequacy Instruction (credit risk and operational risk), and risks for which the Capital Adequacy Instruction does not provide requirements (e.g., credit concentration risk, market risk, etc.);

  8. Additional Buffer Reserve – is the amount of capital that a bank is willing to hold in excess of minimum capital requirements and the "capital buffer" index. The amount of the "additional buffer reserve" must be determined by the bank taking into account such factors as: (a) risk profile; (b) risk appetite; (c) minimum capital requirements; (d) the bank's dividend policy, etc.;

  9. Significant Risks – risks to which the bank's exposure is serious enough to potentially cause significant losses that could reduce the bank's capital. For the purposes of establishing significance, banks must consider a risk significant if their exposure to such risk is equal to or exceeds 5% of the bank's Tier 1 Capital value;

  10. Minimum Capital Requirements – the minimum size of equity capital and capital adequacy ratios that a bank must comply with in accordance with the normative legal acts of the National Bank;

  11. The Principle of Proportionality refers to the main principles by which one can be guided in implementing this Regulation, including the systemic importance of the bank, the complexity of its activities, business model, and size;

  12. Risk Appetite is understood in the meaning defined in the Risk Management Regulation;

  13. Risk Assessment –

a process by which a bank measures the inherent risk of all its significant risks and individually classifies each of these risks based on the level of risk to which it is exposed, as well as the adequacy of corresponding risk management and control systems;

  1. Risk Factors –

factors that can affect the significance of risks to which the bank is or may be exposed. Risk factors can be quantitative or qualitative;

  1. Risk Degree – the result of a four-point scale assessment conducted by the bank regarding its risks based on the aggregate of the bank's exposure to its significant risks and the adequacy of corresponding risk management and control systems;

  2. Risk Identification –

a regular process during which a bank identifies all significant risks it faces in carrying out its activities;

  1. Risk Limits are understood in the meaning defined in the Risk Management Regulation;

  2. Net Risk – a comprehensive assessment by the bank of its significant risks taking into account the level of inherent risk and the quality of risk management and control (RMC);

  3. Tier 2 Capital – Tier 2 Capital, provided for in paragraph 19 of the Capital Adequacy Instruction;

  4. Net Total Capital – the sum of Tier 1 Capital and Tier 2 Capital in accordance with sub-item (a) of paragraph 6 of the Capital Adequacy Instruction;

  5. Interest Rate Risk in the Banking Book – risk arising from banking operations with the banking book;

  6. CRA –

the sum of balance sheet assets and off-balance sheet liabilities, weighted by risk degree, minus special reserves for covering potential losses and losses.

Chapter 3. ICAAP Requirements

  1. Banks must annually develop a reliable, effective, and comprehensive ICAAP report in accordance with the following criteria:

  1. the report must be updated annually by banks and submitted to the National Bank by May 31;

  2. the report must relate to data as of December 31 of the previous year;

  3. the report must contain information required in paragraph 1 of Chapter 4 of this Regulation;

  4. the report must be assessed and approved by the bank's board of directors before its submission to the National Bank.

  1. The bank is independently responsible for implementing ICAAP in its activities, which would correspond to the specific circumstances (i.e., the bank's business model, significant risks, capital requirements, potential vulnerabilities of the bank in determining stress-testing scenarios, etc.) of the bank.

When assessing ICAAP, the National Bank will take into account the individual circumstances of each bank.

  1. The bank must ensure that its ICAAP remains comprehensive, covering all significant risks to which the bank is exposed, and corresponds to the nature, scale, and complexity of its activities.

  2. The bank's internal audit service must include the review of the ICAAP report in its annual audit plan. Such review must be conducted before its approval by the bank's board of directors.

  3. The National Bank assesses the ICAAP report submitted by the bank as an integral part of risk-oriented supervision of banks.

Chapter 4. Requirements for the Internal Procedures Report on Assessing Capital Adequacy

§ 1.

Content of the ICAAP Report

  1. The ICAAP report, which banks must prepare in accordance with paragraph 11 of this Regulation, must include at least the following chapters:

  1. Executive Summary;

  2. General Information;

  3. Business Model and Strategy;

  4. Risk Management Organization within ICAAP;

  5. Risk Identification;

  6. Risk Assessment;

  7. Risk Appetite;

  8. Internal Capital Requirements;

  9. Capital Planning;

  10. Stress Testing;

  11. Other Provisions.

  1. When filling out the chapters listed in the previous paragraph, banks must indicate information provided for in paragraphs 15 - 36 of this Regulation.

  2. Banks must adhere to the ICAAP reporting form provided in Appendix 1 to this Regulation.

§ 2. Executive Summary

  1. The bank must ensure that the executive summary provides a detailed explanation of the main elements of the ICAAP report in an easily readable and understandable manner.

In the executive summary, the bank must indicate:

  1. the bank's capital targets for the next 12 months. The bank must indicate at least its capital targets in terms of Core Tier 1 Capital and Net Total Capital;

  2. the bank's business model and current financial condition;

  3. the organization of the risk management system, including the strategic level and macro level defined in the Risk Management Regulation;

  4. the bank's significant risks and the assessment

of net risk based on self-assessment results;

  1. the bank's risk appetite, including the bank's key indicators and risk limits;

  2. the bank's internal capital requirements;

  3. forecasted capital adequacy ratios in capital planning. Forecasts for December 31 for each of the covered three years;

  4. the results of the bank's internal stress testing conducted within the ICAAP;

  5. capital decisions made by the bank based on the ICAAP process;

  6. a brief description of the self-assessment of the ICAAP report's adequacy, including weaknesses and shortcomings, as well as the ICAAP improvement plan and the implementation schedule of this plan.

§ 3. General Information

  1. The bank must provide basic and general information about the bank and the ICAAP report, including the following information:

  1. Full Name, organizational unit or department, and position of the person or persons responsible for preparing the ICAAP report or the person responsible for submitting the ICAAP report information to the National Bank;

  2. contact details (i.e., phone, fax, email address, etc.);

  3. data related to the ICAAP report (reporting period, date of report preparation, date of last update, date of review and approval by the board of directors, whether the information is presented on an individual or consolidated basis);

  4. signature of the person and/or persons responsible for preparing the ICAAP report.

§ 4. Business Model and Strategy

  1. The bank must ensure that the ICAAP report includes the following aspects:

  1. description of the bank's current business model, including the definition of key business lines, markets, geographic zones, and products;

  2. a brief summary of the business plan in effect as of the reporting date, approved by the board of directors;

  3. any significant changes expected in the current business model or underlying activities (including information on operational changes (e.g., in IT infrastructure) or risk management organization issues);

  4. forecasts of key financial parameters for key business lines and markets: it is necessary to include a description of main sources of income and expenses, distributed by key business lines, markets, and subsidiaries.

  1. The bank may include the information specified in paragraph 17 of this Regulation by cross-referencing its current business plans submitted to the National Bank in accordance with Article 25 of the Banking Law.

§ 5. Risk Management Organization within ICAAP

  1. The bank's board of directors:

  1. bears overall responsibility for the implementation of ICAAP. For these purposes, the board of directors assesses and approves the ICAAP report in accordance with sub-item 4 of paragraph 7 of this Regulation;

  2. is responsible for organizing risk management within ICAAP, in which functions and responsibilities for preparing the ICAAP report are clearly distributed. The bank's board of directors approves a separate internal document regulating the procedure for preparation, methodology, and distributing functions and responsibilities of bank subdivisions in preparing the ICAAP report;

  3. must have a deep understanding of the bank's capital adequacy, its main strengths and weaknesses, main inputs and outputs of ICAAP, parameters and processes underlying ICAAP, and the consistency of ICAAP with the bank's business plan (reserves, dividends, profit, assets weighted by risk, etc.);

  1. The bank's management board aligns and implements ICAAP, effectively integrating it into the bank's risk management system.

  2. In connection with the fact that ICAAP are an integral part of the bank's risk management system and decision-making, the bank must:

a) integrate results related to ICAAP (such as significant risk developments, key indicators, etc.) into internal management reporting with the appropriate frequency;

b) use ICAAP results in the decision-making process, including in:

  • establishing the bank's capital targets;

  • making decisions regarding the bank's capital, such as dividend payments, increasing the loan portfolio, or attracting new capital;

  • making decisions on capital allocation by business lines, products, or customers, to ensure risk-adjusted profit.

  1. ICAAP undergo regular internal verification. The bank's internal audit service conducts ICAAP verification in accordance with paragraph 10 of this Regulation.

§ 6. Risk Identification

  1. The bank must continuously identify all significant risks to which it is exposed in carrying out its activities. For this purpose, the ICAAP must contain the following elements:
  1. when determining the risks to which the bank is exposed in carrying out activities, banks proceed from the list and definitions of risks provided in the Risk Management Regulation, namely:

a) credit risk;

b) liquidity risk;

c) market risk, which also includes:

  • price risk;

  • interest rate risk;

  • currency risk;

d) country risk, including transfer risk and sovereign risk;

e) operational risk;

f) reputational risk;

g) compliance risk.

  1. risk classification must cover all types of risks to which the bank is exposed in its daily activities, including those that are harder to quantify (reputational, compliance risk, etc.). In addition to its current risks, the bank must take into account in its forward-looking capital adequacy assessments any risks that may arise as a result of implementing its strategies or corresponding changes in its operating environment (e.g., risks related to climate change; risks related to cryptocurrency assets, etc.);

  2. the bank must provide a detailed justification indicating the reasons why it does not consider a particular risk significant (e.g., possible losses do not exceed 5% of the bank's Tier 1 Capital, etc.).

§ 7. Risk Assessment

  1. After the bank has determined the significant risks to which it is exposed, it must assess these risks. In conducting such assessment, the bank must meet the following requirements:
  1. assess the inherent risk of all significant risks to which the bank is exposed, using four possible levels (1 (low), 2 (acceptable), 3 (significant) and

4 (high)). The "Inherent Risk" level should be considered as risk exposure in the absence of any control means and methods:

a) high (4): the probability that the bank's losses arising from the impact and uncertainty related to current and potential future events will not be covered by the bank's capital (bankruptcy of the bank) is high;

b) significant (3): the probability that the bank's losses arising from the impact and uncertainty related to current and potential future events will not be covered by the bank's capital (bankruptcy of the bank) is significant;

c) acceptable (2): the probability that the bank's losses arising from the impact and uncertainty related to current and potential future events will not be covered by the bank's capital (bankruptcy of the bank) is acceptable;

d) low (1): the probability that the bank's losses arising from the impact and uncertainty related to current and potential future events will not be covered by the bank's capital (bankruptcy of the bank) is low.

  1. the bank must justify the assessment of its significant risks based on quantitative and qualitative criteria. Quantitative criteria may include financial indicators, the bank's capital allocation, results of internal stress tests, or other relevant information where applicable. Qualitative information may include a detailed explanation of the main factors determining the bank's risk degree;

  2. the bank must determine the trend (direction) of its significant risks, indicating whether the risk is increasing, stable, or decreasing;

  3. the bank must determine its net risk. Net risk is the result of aggregating the bank's inherent risk associated with its significant risks, using the risk degree and the quality of risk management and control (RMC).

  1. The assessment of the quality of management and control (RMC) of a bank's significant risk must be classified as: weak (4), inadequate (3), adequate (2), and strong (1) management quality, as presented below:

  1. weak : RMC characteristics significantly do not correspond to what is considered necessary, given the nature, volume, complexity, and risk profile of the bank. RMC needs to be radically and immediately improved;

  2. inadequate : RMC characteristics in some significant aspects do not correspond to what is considered necessary, given the nature, volume, complexity, and risk profile of the bank. RMC mechanisms' characteristics and/or performance do not correspond to proper industry practice, however, areas needing improvement are not serious enough to cause prudential concerns if timely measures are taken;

  3. adequate: RMC characteristics correspond to what is considered necessary, given the nature, volume, complexity, and risk profile of the bank. RMC has proven its effectiveness and compliance with requirements, with minor shortcomings. RMC mechanisms' characteristics and implementation results correspond to leading industry practice;

  4. strong : RMC characteristics (policies and strategies, processes and procedures, control means, and personnel) exceed indicators considered necessary, given the nature, volume, complexity, and risk profile of the bank. RMC consistently demonstrates high effectiveness. RMC mechanisms' characteristics and implementation results exceed proven industry standards.

§ 8. Risk Appetite

  1. The bank must establish its risk appetite through an internal document on risk appetite level, which must be closely interconnected with ICAAP. Within the ICAAP, the bank must:
  1. determine the levels of capital that the bank considers sufficient for its activities, taking into account at least the following aspects:

a) the bank's net risk;

b) minimum capital requirements;

c) "capital buffer" index;

d) internal capital requirements calculated in accordance with the ICAAP document;

e) additional buffer reserve that the bank is willing to maintain in excess of its minimum capital requirements and "capital buffer" index;

f) available measures by which the bank can form capital in accordance with the financial recovery plan;

g) results of bank stress tests conducted in accordance with ICAAP;

h) potential capital needs determined in the bank's capital plans;

i) dividend policy.

  1. description of the risk appetite level and limits established for identified significant risks, as well as time horizons and the process applied to keep such limits up to date. The bank must provide justification for the definition of the internal risk appetite document. The bank is expected to provide sufficient explanation (present its own past experience, current level of the banking sector, goals provided for in its business strategy, etc.) so that supervisory authorities can understand the thresholds established by the bank itself;

  2. risk appetite must cover the bank's risks if they are recognized as significant (operational risk, reputational risk, etc.).

  1. The bank may cross-reference risk appetite in business plans. In this case, the bank will need to confirm how all its significant risks were covered by the risk appetite.

§ 9. Internal Capital Requirements

  1. Taking into account the requirements of the Capital Adequacy Instruction, the bank must provide for an internal approach according to which the bank must identify and quantitatively assess all significant risks that can lead to losses and affect the reduction of capital size
Share