LogoRegulatory Alerts
 | 5888

Directive No. 9 on Internal Control in Commercial Banks

The National Bank of the Kyrgyz Republic issued Directive No. 9 to establish internal control as a fundamental mechanism for protecting commercial banks from errors, losses, and violations. The directive mandates that the Board and Management implement a comprehensive system comprising five core elements: control environment, risk assessment, control measures, information and communication, and monitoring. It further requires specific operational practices such as segregation of duties, dual control, and regular audits to ensure compliance with laws and safeguard bank assets.

National Bank of the Kyrgyz Republic logo

Kyrgyzstan

National Bank of the Kyrgyz Republic

Click to view thumbnail

Go Back

Print Version

Date of creation: 2009-08-05

(Ref. No. 073-2/125 dated 13.01.97)

Directive No. 9

"On Internal Control in Commercial Banks"

Internal control is the primary mechanism for protection against potential errors, losses, and violations in bank operations. It is necessary to ensure the reliability, safety, efficiency, and legality of banking operations. Thus, the internal control system is very important for the normal functioning of the bank.

Internal control represents a system of organization, policies, procedures, and methods adopted by the bank for:

·

maximizing financial objectives while simultaneously minimizing risks;

·

creating conditions for efficient work;

·

ensuring the reliability, completeness, and timeliness of financial information used for decision-making, preparation of financial and regulatory reports;

·

safeguarding assets;

·

ensuring compliance of current accounting practices with general principles and standards of accounting;

·

preventing errors, inaccuracies, and fraud;

·

ensuring compliance of activities with the bank's established policies and procedures;

·

ensuring compliance of the bank's activities with legislation and regulatory acts.

Internal control is a process, not an end in itself. It is not a "necessary burden" imposed on the bank by banking supervision authorities and auditors. It is a fundamental principle of business conduct that must be implemented in the bank.

Establishing an effective internal control and audit system is the responsibility of the Board and the Management of the bank.

Internal control is carried out by all bank personnel - from junior executive staff to the Chairman of the Board of the bank. Thus, every bank employee plays a certain role in ensuring internal control. A necessary condition for effective internal control is the competence of personnel. Incompetent employees cannot follow the procedures adopted in the bank.

Good internal control exists only when no bank employee can make a significant error or unauthorized action without it being detected in a timely manner.

For effective implementation of internal control, five elements are necessary:

  1. Control Environment.

The foundation for internal control is the control environment, which sets the tone in any organization. The control environment includes the following components:

·

honesty, moral values, and ethical principles of the bank;

·

attention and guidance by the Bank Board;

·

philosophy and style of management of the bank;

·

means by which bank management transfers authority and responsibilities;

·

incentives and temptations created by the organization and its work environment.

  1. Risk Assessment.

Bank management and the internal auditor must assess the bank's objectives in its operations, finance, and compliance with current laws and regulations, and determine what risk is associated with the failure to achieve these objectives. Such an assessment is a means of identifying and prioritizing individual types of risks for their evaluation and control.

  1. Control Measures.

The bank's policy must provide for internal instructions and procedures aimed at ensuring internal control.

  1. Information and Communication.

Bank management makes decisions, and personnel works with information that must be timely, current, accurate, accessible, and sufficient for decision-making. Bank personnel ensures information links inside and outside the bank in both oral and written forms.

  1. Monitoring.

Bank activities require continuous and periodic evaluation to determine whether it is fulfilling its tasks. Monitoring of the effectiveness of internal control is carried out by auditors.

Monitoring carried out by bank employees is called self-assessment.

Internal control of any bank must cover all functions and forms of bank activity: data processing operations, general ledger maintenance, lending, investment securities, deposits, borrowings, hedging, trust activities, information application systems, cash operations, etc.

Basic internal control techniques include:

  1. Segregation of functional responsibilities.

  2. Dual control.

  3. Analysis of operations.

  4. Reports on operational results.

  5. Keeping records of operations and transactions.

  6. Staff training.

  7. Ensuring data protection (protective devices and mechanisms).

  8. Techniques for protecting against staff errors.

  9. Control over calculation errors for their timely detection.

  10. The most important practice of internal control is the separation of functional responsibilities of bank employees, which will ensure the separation of responsibility in making any decisions, thereby providing protection against fraudulent actions.

It must not be allowed for an employee who has access to bank assets (cash, fixed assets, etc.) to also account for them or check the accuracy of the accounting. Combining these functions increases the possibility of committing fraud and concealing it.

To ensure effective internal control, it is important that a bank employee performing certain functions is not distracted by other assignments, as this weakens or makes impossible the compliance with policies and procedures adopted in the bank.

  1. To avoid various types of fraud, dual control must be applied, i.e., at least two people are required to perform any operation.

  2. When conducting any operation, it must be carefully analyzed.

Preliminary analysis of the operation will help prevent incorrect or unauthorized operations, and analysis after its completion can reveal the fact of its conduct.

To ensure the effectiveness of the analysis, it must be thorough and complete, and the person preparing the analysis must be independent of the employee handling the specific operation.

  1. Reporting provides bank management with information on the bank's performance indicators, financial conditions, and deviations from the budget. In addition, reports on conducted operations confirm the fact of the operations themselves.

  2. For ensuring internal control, keeping records of conducted operations is also of great importance. They facilitate the analysis of operations and the work of internal and external audits.

  3. Bank employees must know their functional responsibilities. Training must include an explanation of the interrelationship between the performance of individual duties of each employee and the general tasks provided for by the bank's policy.

When considering internal control risk, it is important to consider not personal qualities (such as competence and honesty), but the position held and the functional responsibilities performed by the bank employee.

  1. The bank must provide for data protection. Protection against unauthorized access or unauthorized operations is ensured by security devices such as locked safes with cash, vaults, construction of special doors, installation of cameras, dual control, management awareness, electronic protection, etc.

  2. Protection against staff errors must be ensured by accuracy in reporting on operations performed by the bank and prevention of unintentional errors. Protection techniques include, for example, double-entry bookkeeping, independent recalculation of results, as well as the use of mechanical devices (computers, calculators, cash registers, accounting machines, etc.).

  3. Control over calculation errors must be carried out by the internal auditor for the timely detection and prevention of errors and inaccuracies. Based on the results of the inspection, a report must be prepared for the bank management indicating identified deficiencies and measures to improve the level of internal control.

In addition, bank management must regularly review the state of the internal control system and, if necessary, make appropriate adjustments to ensure a high level of control.

Contacts

Public Reception

+996 (312) 61-04-86 +996 (312) 66-90-15 +1257, +1256

Consumer Protection Department

+996 (312) 66-90-15 +1671, +1666

Report Corruption

+996 (312) 66-90-15 +2120 +996 (312) 61-04-00

Auto-informer of official currency rates

+996 (312) 61-07-11

Numismatic Museum

+996 (312) 66-90-15 +1232 +996 (312) 61-24-14

E-mail

mail@nbkr.kg

For media relations

press@nbkr.kg

720010, Kyrgyz Republic, Bishkek, Kievskaya St., 189

Share