Procedure for Identification and Verification of Microfinance Organization Clients in Remote Mode

Return to previous page

Print version

Date of creation: 2025-08-20

Appendix to the Resolution of the Board of the National Bank of the Kyrgyz Republic of September 30, 2020 No. 2020-P-33/54-3-(NF KU)

PROCEDURE

for the identification and verification of microfinance organization clients in remote mode

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic of December 8, 2023 No. 2023-P-12/76-1)

Chapter 1. General Provisions

1. This Procedure for the identification and verification of microfinance organization clients in remote mode (hereinafter - the Procedure) defines the procedure for microfinance organizations (hereinafter - MFOs) to identify and verify natural persons who are citizens of the Kyrgyz Republic using client data obtained in electronic form without personal presence.

2. This Procedure does not apply to clients for whom the procedure for due diligence of clients has already been conducted and who are already served by the MFO.

3. This Procedure may be used for additional confirmation of the identity of a natural person when remotely providing access to remote service systems to clients who have previously undergone the identification procedure in person.

In this case, MFOs must use reliable access algorithms, including the use of appropriate technologies for client identification and verification via video communication and the determination of measures against unauthorized access on behalf of the client.

4. When identifying and verifying clients in remote mode, MFOs must:

• ensure an adequate internal control system, including a description of procedures related to the application of new technologies (new products) involving client identification without personal presence, the presence of internal regulatory documents on risk management, including measures for managing operational risk, risk of financing terrorist activities and legalization (money laundering) of criminal proceeds (hereinafter - AML/CFT), and compliance risk;

• train personnel responsible for client identification and verification and AML/CFT risk management on the aforementioned procedures and the proper application of this Procedure;

• use information systems and software sufficient to comply with the requirements of this Procedure;

• disclose information about the conditions and requirements for remote identification (on their official website or via the software used);

• verify client data using information from relevant state registration systems of the Kyrgyz Republic;

• record the results of client identification and verification and maintain a registry of clients who have undergone remote identification;

• take measures to limit AML/CFT risks for clients identified in remote mode in accordance with Appendix 1 to this Procedure;

• identify and document AML/CFT risks before launching client identification and verification procedures in remote mode, basing actions on the requirements of this Procedure. MFOs have the right to introduce additional criteria for risk limitation.

5. MFOs are obliged to obtain the client's consent to process their personal data through state information systems or available data sources, as well as to inform them about the consequences of providing incomplete information and inaccurate data during remote identification and verification.

5-1. In order to ensure accessibility and equal opportunities for all clients, including persons with disabilities (hereinafter - persons with disabilities), the website, mobile application, or specialized software of the MFO must have functionality that allows remote identification and verification for this category of clients.

The functionality must comply with applicable legislative acts and norms, guarantee a high level of security, and ensure the simplicity and clarity of the identification process for users - persons with disabilities. The MFO is obliged to provide appropriate instructions and guidelines for users, as well as to carry out regular monitoring and updating of the remote identification system, taking into account feedback from clients - persons with disabilities, with the aim of continuous improvement of the accessibility and convenience of the services provided.

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic of December 8, 2023 No. 2023-P-12/76-1)

Chapter 2. Remote Identification and Verification of Clients via Photo Comparison

6. Before starting identification, the MFO must register the client in its own information systems via electronic interaction channels (website, mobile application, specialized software, messengers, specialized devices, terminals, and via other channels, the use of which does not contradict the legislation of the Kyrgyz Republic) by indicating the client's phone number and data for filling out the client questionnaire.

7. The MFO also verifies the mobile phone number (registered in the territory of the Kyrgyz Republic) indicated by the client by sending information via a communication channel independent of the one used for registration (by sending codes, passwords in an SMS message to the mobile phone number indicated by the client or by other means).

8. During identification, the MFO must obtain a photograph of the front and back of the identity document, and a photograph of the client with the document via electronic interaction channels in accordance with the established requirements of the MFO.

9. If the quality of the photographs does not allow clearly determining that the photographs belong to the same person, the MFO may send an additional request to the client to obtain photographs.

10. The MFO conducts a check of the client for the presence or absence in sanction lists and the List of persons, groups, and organizations regarding which there is information about their participation in the legalization (money laundering) of criminal proceeds, in accordance with the legislation of the Kyrgyz Republic.

11. The identity document must be verified for authenticity by requesting or sending data about the document for verification to relevant state information systems.

12. If the data obtained from the client, as well as the client's photographs, correspond to the image on the identity document, the MFO sends a notification of successful identification and verification.

13. The obtained information is recorded in the client questionnaire, stored electronically with a mark of remote identification via photo comparison.

14. The MFO has the right to use software solutions that will ensure compliance with the conditions and procedures provided for by this Procedure and the legislation of the Kyrgyz Republic in automatic mode. Such software must at least ensure automatic comparison of the photograph in the identity document and the image of the client, and also provide protection against data substitution.

Chapter 3. Remote Identification and Verification of Clients Using Video Communication

§ 1. Organization of client identification and verification via video communication

15. Before conducting a video communication session, the MFO must register the client in its own information systems via electronic interaction channels (website, mobile application, specialized software, messengers, etc.) by indicating the client's phone number and data for filling out the client questionnaire.

16. The MFO also verifies the mobile phone number (registered in the territory of the Kyrgyz Republic) indicated by the client by sending information via a communication channel independent of the one used for registration (by sending codes, passwords in an SMS message to the mobile phone number indicated by the client or by other means).

17. The MFO conducts a check of the client for the presence or absence in sanction lists and the List of persons, groups, and organizations regarding which there is information about their participation in the legalization (money laundering) of criminal proceeds.

18. For the purpose of identifying and verifying the client via video communication, the MFO requests data about the client from relevant state registration systems.

19. It is permissible to obtain photographs of the identity document and the client in advance by an agreed method with verification by requesting or sending data about the document for verification to relevant state information systems.

20. For the purposes of identification using video communication, the MFO may use its own software or software provided by third parties, which will ensure compliance with the conditions and procedures provided for by this Procedure and the legislation of the Kyrgyz Republic. In this case, remote identification using video communication must be conducted by an MFO employee.

21. If the data obtained from the client, as well as photographs and video recording, allow identifying and verifying the client, the MFO must send a notification to the client about successful identification and verification.

22. The obtained information about the client is recorded in the client questionnaire and stored electronically with a mark of remote identification and verification using video communication.

§ 2. Requirements for Video Images

23. The video communication session must be performed in real-time without interruptions. Video and audio streams must be synchronized. The image must be in color.

24. During the communication session, the client's face and shoulders must be clearly visible. The client's face must be fully open; wearing sunglasses or other accessories covering the face is not allowed, nor is shadow falling on the client's face.

25. MFO employees may instruct the client on how to ensure image quality corresponding to the requirements of this Procedure.

26. During the video communication session, the client must be in a sufficiently lit room.

27. Participation of third parties in the identification process is not allowed, except in cases where the client requires assistance from a third party due to limited health capabilities.

§ 3. Interview During Video Communication Session

28. During the video communication session, an MFO employee who has undergone appropriate training on remote client identification must conduct an interview with the client.

29. The MFO employee must introduce themselves, indicating their first name, last name, position, and the name of the MFO.

30. During the video communication session, the MFO must take a photograph of the client's face and their identity document in one frame; this photograph must be stored together with the video recording.

31. If the quality of the video image or sound does not allow successful identification, and there is a probability of risk emergence, or if there are any doubts regarding the client's identity document, the MFO must take measures to eliminate obstacles or, indicating the reasons, terminate the video communication session.

32. A questionnaire developed in accordance with the MFO's internal control program is used for the interview. The questionnaire is used to obtain or verify information necessary for entering into the client questionnaire, while the MFO must verify other information about the client.

33. During the interview, the MFO employee must not use the same sequence of questions.

Chapter 4. Recognition of Client Identification as Unsuccessful

34. Client identification during remote service is recognized as unsuccessful in the following cases:

• the information provided by the client cannot be verified, or the verification results are negative;

• if the quality of photos, video, and audio does not meet the requirements and internal control rules of the MFO;

• failure to present necessary documents;

• non-compliance with requirements and instructions of the MFO established in internal regulatory documents;

• if the client uses the help of a third party during identification via video communication, except for cases provided for in this Procedure;

• if there are suspicions that the client is acting not of their own free will and/or under pressure from other persons;

• in the presence of signs that the identification was initiated for the purpose of financing terrorist activities and legalization (money laundering) of criminal proceeds.

Chapter 5. Requirements for Information and Telecommunication Technologies and Information Storage

35. MFOs must use information systems and methods that ensure protection against unauthorized access by third parties to the procedure and results of identification.

36. MFOs must use software that ensures end-to-end encryption of the video communication session and the photo transmission channel.

37. Photos, video, and audio recordings must be of high quality and inaccessible for use by unauthorized persons.

38. Photos, video, and audio recordings are stored without loss of quality.

39. Photo and video recording files must also contain information about the time and date of recording, the client's first name, last name, patronymic, as well as other metadata. The software must record any changes made to the video recording subsequently.

40. The recording of the video communication session, as well as the client's photo, must be stored by the MFO in the client's file together with other information provided for by the normative legal acts of the Kyrgyz Republic, for the purpose of countering AML/CFT.

41. During business relations, the MFO updates data in the manner established by the legal acts of the Kyrgyz Republic, for the purpose of countering AML/CFT.

42. MFOs must ensure proper control over the preservation of confidential information about clients obtained as a result of the remote identification procedure by continuously improving internal control processes, improving mechanisms and requirements for information security of their information resources.

Appendix 1

to the Procedure for the identification and verification of microfinance organization clients in remote mode

1. List of types of risks and measures to minimize them by type of operations

Note: operations conducted by microfinance organizations are limited by a license or other permit document allowing their implementation in accordance with the requirements of normative legal acts of the National Bank of the Kyrgyz Republic.

Table 1. List of types of risks and measures to minimize them by type of operations

Type of Operation

Risk

Measures to minimize risks (excluding limits on operation amounts)

Loan Issuance

Risks of money laundering of criminal proceeds

The identity of the client initiating the loan is established. MFOs follow signs of suspicious operations

Receiving applications for replenishing an electronic wallet/bank account (transfer of funds from the received loan)

Risks are insignificant

The identity of the holder of the electronic wallet/bank account is established in accordance with normative legal acts

2. Signs of increased risk during remote identification and verification of a client

MFOs must monitor and take measures regarding the following signs of suspicious operations during remote identification and verification of a client:

1. The client behaves nervously during the video communication session.

2. The client does not provide necessary information during the video communication session.

3. The client has difficulty providing necessary information during the video communication session.

4. The client asks to speed up the identification process, rushing MFO employees.

5. Other factors.

6. Differentiation of permitted operations and functionality of financial instruments during MFO client identification and verification in remote mode

Table 2. Operations during remote identification and verification of clients via photo comparison

Type of Operation

Established Restrictions

Receiving applications for a loan (with subsequent signing of the loan agreement in person)

No limits on amounts

Table 3. Operations during remote identification and verification of clients using video communication

Type of Operation

Established Restrictions

Loan Issuance

Maximum operation amount: 150 calculation indicators. Total operation amount per month: 300 calculation indicators

Cash Issuance

Within credit amount limits

Receiving applications for replenishing an electronic wallet/bank account (transfer of funds from the received loan)

Within credit amount limits

4. Monitoring of operations and data storage during remote identification and verification of a client

Table 4. Requirements for monitoring operations and data storage

Procedure

Compliance with Requirements

Current monitoring of operations

Identification of suspicious transactions in accordance with Article 23 of the Law of the Kyrgyz Republic of August 6, 2018 No. 87 "On Countering the Financing of Terrorist Activities and Legalization (Money Laundering) of Criminal Proceeds"

Data storage duration

In accordance with Article 22 of the Law of the Kyrgyz Republic of August 6, 2018 No. 87 "On Countering the Financing of Terrorist Activities and Legalization (Money Laundering) of Criminal Proceeds"

List of stored data

Identification data; data on transactions made in accordance with Article 22 of the Law of the Kyrgyz Republic of August 6, 2018 No. 87 "On Countering the Financing of Terrorist Activities and Legalization (Money Laundering) of Criminal Proceeds"

Data update

In accordance with current legislation of the Kyrgyz Republic

Contacts

Public Reception

+996 (312) 61-04-86 +996 (312) 66-90-15 +1257, +1256

Department for the Protection of Consumer Rights

+996 (312) 66-90-15 +1671, +1666

Report Corruption

+996 (312) 66-90-15 +2120 +996 (312) 61-04-00

Auto-informer of Official Exchange Rates

+996 (312) 61-07-11

Numismatic Museum

+996 (312) 66-90-15 +1232 +996 (312) 61-24-14

E-mail

mail@nbkr.kg

Media Relations

press@nbkr.kg

720010, Kyrgyz Republic, Bishkek, Kievskaya St., 189