LogoRegulatory Alerts
2016-06-15 | 94413

Risk Management Policy in the Payment System of the Kyrgyz Republic

The National Bank of the Kyrgyz Republic issued this Risk Management Policy to establish a comprehensive framework for identifying, assessing, monitoring, and mitigating risks across the country's payment systems. The document mandates licensed payment system participants to implement internal controls, ensure real-time liquidity management, and adhere to strict principles of payment finality, irrevocability, and straight-through processing. It further classifies systemic, liquidity, credit, operational, legal, fraud, hacker attack, and reputation risks while outlining standardized mitigation mechanisms such as large-value settlement windows, contingency funds, and dual-entry verification to guarantee uninterrupted financial operations.

National Bank of the Kyrgyz Republic logo

Kyrgyzstan

National Bank of the Kyrgyz Republic

Click to view thumbnail

Back to top

Print version

Date of creation: 2019-10-03

Appendix to the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated June 15, 2016 No. 25/8

RISK MANAGEMENT POLICY in the Payment System of the Kyrgyz Republic

(As amended by Resolutions of the Board of Directors of the National Bank of the Kyrgyz Republic dated June 8, 2017 No. 2017-P-14/23-11-(PS), September 2, 2019 No. 2019-P-14/46-3-(PS))

Chapter 1. General Provisions

  1. (Ceased to be in force in accordance with the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated June 8, 2017 No. 2017-P-14/23-11-(PS))

  2. (Ceased to be in force in accordance with the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated September 2, 2019 No. 2019-P-14/46-3-(PS))

  3. This Policy aims to organize the risk management process arising from the activities of payment system participants in the Kyrgyz Republic, to maintain the reliability and efficiency of the payment system through identification, assessment, and analysis, monitoring, prevention, and mitigation of risks. (As amended by the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated September 2, 2019 No. 2019-P-14/46-3-(PS))

  4. This Policy defines the main objectives, tasks, and principles of risk management in the payment system of the Kyrgyz Republic, methods of organization, and ways to reduce the probability of adverse consequences arising from disruptions in the uninterrupted functioning of the payment system. (As amended by the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated September 2, 2019 No. 2019-P-14/46-3-(PS))

  5. For the implementation of this Policy, payment system participants holding a license from the National Bank develop instructions and procedures for implementing measures aimed at minimizing risks and making managerial decisions regarding the regulation of payment systems operating within the territory of the Kyrgyz Republic. (As amended by the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated September 2, 2019 No. 2019-P-14/46-3-(PS))

Chapter 2. Terms and Definitions (As amended by the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated September 2, 2019 No. 2019-P-14/46-3-(PS))

Uninterrupted functioning of the payment system - the organization and provision of payment system operations to prevent violations of legislation, payment system rules, concluded contracts and agreements, use of information and communication technologies, technical maintenance of the payment system during participant interactions, as well as the restoration of proper functioning in case of such violations.

Risks in the payment system - the probability of adverse events specified in Chapter 4 of this Policy, as well as other risks that may have a negative impact or improper fulfillment of the objectives, tasks, and functions of the payment system of the Kyrgyz Republic.

Payment system components - payment systems designed for conducting interbank payments and settlements (large-value payment system, retail payment systems), and other interconnected payment system technologies through which payments and settlements are carried out in accordance with payment system rules.

Retail payment system - a system designed for processing retail and regular payments of payment system participants, which do not require immediate final settlement. The retail payment system is divided into interbank retail payment systems and other retail payment systems.

FIFO (first in first out) - the queue processing principle, under which payments are processed sequentially according to their arrival and established priorities.

Delivery Versus Payment (DVP) - a settlement principle guaranteeing that the final transfer of one asset occurs immediately and only if the final transfer of another asset occurs. Assets may be in the form of currency, securities, and other financial instruments.

Payment Versus Payment (PVP) - a settlement principle providing that the final transfer of one foreign currency occurs only if the final transfer of another foreign currency or currencies occurs.

Straight Through Processing (STP) - a continuous, fully automated data and payment processing process. Manual intervention is excluded at all stages of data processing, achieved by applying information exchange standards between automated systems and their full interaction. Initial payment data may be generated by both automated systems and manual input, but their subsequent transmission and processing occur fully automatically, except for erroneous/rejected payments, which may involve manual intervention for correction. (As amended by the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated September 2, 2019 No. 2019-P-14/46-3-(PS))

Chapter 3. Objectives, Tasks, and Principles of Risk Management in the Payment System of the Kyrgyz Republic

  1. The main objectives of risk management in the payment system of the Kyrgyz Republic are to ensure uninterrupted functioning and reduce the degree of influence of risk factors on systemic risk, which in general will contribute to increasing the efficiency and safety of the payment system.

  2. Achieving risk management objectives in the payment system of the Kyrgyz Republic involves performing the following tasks:

  • forecasting adverse events whose realization may disrupt uninterrupted functioning;
  • facilitating stable operation of the payment system;
  • prevention and mitigation of risk occurrence;
  • identification and detection of risks and determination of their causes;
  • prioritization of risks;
  • containment of risks;
  • assessment of risk levels and degree of influence;
  • continuous monitoring and analysis of risks;
  • organizing timely elimination of risk consequences and creating mechanisms for restoring payment system functionality in case of disruption;
  • determining ways to achieve and maintain an acceptable level of risks in the payment system;
  • ensuring information interaction among payment system participants to implement measures aimed at reducing identified risks;
  • developing and implementing measures to counter risk factors, and making managerial decisions regarding payment system regulation;
  • prompt response of the risk management process to changing conditions in the payment infrastructure services market. (As amended by the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated September 2, 2019 No. 2019-P-14/46-3-(PS))
  1. Risk management in the payment system of the Kyrgyz Republic is carried out by establishing measures to ensure compliance with the following main principles.

8.1. Allocation of responsibility for payment finality and irrevocability. 8.1.1. Payments and settlements conducted in the National Bank's large-value payment system are irrevocable for the paying bank at the moment of debiting the paying bank's account, and final - at the moment of crediting the receiving bank's accounts opened in the National Bank. The large-value payment system must ensure simultaneous execution of these two operations. Settlements in the National Bank's large-value payment system are carried out only via credit orders. Exceptions are net debit positions received from retail payment systems for settlement, as well as debit payments initiated by the National Bank. The paying bank may revoke a credit payment order only during the period while the payment is in the execution queue. (As amended by the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated September 2, 2019 No. 2019-P-14/46-3-(PS))

8.1.2. Payments and settlements conducted through interbank retail payment systems are irrevocable for the paying bank at the moment of final settlement of net positions in the National Bank's large-value payment system. (As amended by the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated September 2, 2019 No. 2019-P-14/46-3-(PS))

8.1.3. A payment becomes irrevocable and final for the client-payer at the moment of receiving the payment document and notification from the paying bank regarding acceptance for execution and debiting of the client-payer's account. A payment becomes final for the client-payee at the moment of crediting by the receiving bank to the client-payee's account. These provisions must be included in the contract signed between a commercial bank and its client. (As amended by the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated September 2, 2019 No. 2019-P-14/46-3-(PS))

8.1.4. Payments and settlements conducted through other retail payment systems are irrevocable for the payer at the moment of receiving notification from the payment system operator regarding acceptance for execution and/or issuance of a receipt (card-receipt, SMS confirmation) confirming the payment, and final - at the moment of funds deduction from the payer's bank account or electronic wallet and simultaneous crediting to the payee's account. These provisions must be included in the contract between the payment system operator/payment organization and its client, in the public offer. Conditions for guaranteed final settlement must be ensured in retail payment systems. A payment becomes irrevocable and final for the client-payer at the moment of fund input via an automated self-service terminal, receipt of notification regarding acceptance for execution, and issuance of a receipt. (As amended by the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated September 2, 2019 No. 2019-P-14/46-3-(PS))

8.2. Exclusion of net position recalculation (unwinding) in interbank retail payment systems. For all net positions obtained as a result of the operational/settlement cycle in interbank retail payment systems, conditions must be provided for guaranteed final settlement in the large-value payment system. The National Bank has the right to establish limits on the maximum volume of individual payments in interbank retail payment systems. (As amended by the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated September 2, 2019 No. 2019-P-14/46-3-(PS))

8.3. Requirements and responsibilities for participation in the payment system are divided for direct and special participants of payment systems. Direct participants must create their internal infrastructure to connect to the payment processing center at the head office of their branches, indirect participants, sub-participants, and special participants to ensure straight through processing (STP) and timely settlement of their clients' payments in the large-value payment system and interbank retail payment systems. (As amended by the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated September 2, 2019 No. 2019-P-14/46-3-(PS))

8.4. Conducting interbank settlements through a single account at the National Bank. Final settlements for interbank payments must be carried out via participants' accounts opened in the National Bank, through the National Bank's large-value payment system.

8.5. Compliance with payment priorities. 8.5.1. The following priorities are established in the National Bank's large-value payment system: highest priority is given to National Bank transactions and net positions of retail payment systems. Lowest priority is given to interbank payments initiated by banks. Payments must be processed according to the FIFO principle.

8.6. Securities settlement systems must include mechanisms guaranteeing simultaneous deduction of funds from securities accounts and cash accounts according to the DVP principle.

8.7. Foreign currency settlement systems must be conducted according to the PVP principle for cash settlements, where transfer of funds in one currency occurs simultaneously with transfer of funds in another currency.

8.8. Availability of liquidity management instruments in settlements. To create a liquidity management mechanism in interbank payment systems, a single liquidity pool is used, concentrated in accounts within the National Bank's large-value payment system, utilized for guaranteed timely final settlement of interbank payments, or a contingency fund. Operators of interbank retail payment systems must assess participant fund adequacy and implement mechanisms for final settlement (contingency fund, deposit, etc.). Other retail payment systems must provide liquidity management mechanisms in accordance with regulatory legal acts of the National Bank of the Kyrgyz Republic. (As amended by the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated September 2, 2019 No. 2019-P-14/46-3-(PS))

8.8.1. Funds in the National Bank account for interbank settlement purposes by payment system participants must be used upon bank application in accordance with regulatory legal acts of the National Bank, and contracts and agreements concluded between the National Bank and commercial banks. (As amended by the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated June 8, 2017 No. 2017-P-14/23-11-(PS))

8.8.2. Intraday credit must be available for payment system participants meeting the requirements of the "Regulation on Intraday Credit of the National Bank of the Kyrgyz Republic". (As amended by the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated September 2, 2019 No. 2019-P-14/46-3-(PS))

8.8.3. (Ceased to be in force in accordance with the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated September 2, 2019 No. 2019-P-14/46-3-(PS))

8.8.4. Overnight credit must be available for payment system participants meeting the requirements specified in the "Regulation on Overnight Credit of the National Bank of the Kyrgyz Republic". (As amended by the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated September 2, 2019 No. 2019-P-14/46-3-(PS))

8.8.5. Availability of a settlement window in the National Bank's large-value payment system. The National Bank's large-value payment system must provide an interbank settlement window at the end of the business day for settling payments in the queue at the time the window opens, and for repaying intraday credits by obtaining funds on the interbank market or through receiving overnight credit from the National Bank. Payments in the queue not settled by the time the settlement window closes must be rejected.

Chapter 4. Types of Risks in the Payment System

  1. Risk factors disrupting uninterrupted functioning of the payment system are divided into internal and external. Internal risk factors affect the efficiency of the payment system's functioning. Internal risk factors include inadequate internal control systems: deficiencies in internal documents, contract and agreement terms, information system failures, communication channel and equipment failures, imperfect business processes and information security systems, insufficient qualifications and improper actions of payment system participants' personnel, absence of backup schemes, etc. External risk factors impact the payment system from its external environment and can pose a threat to uninterrupted and safe functioning. External risk factors include natural forces (earthquakes, floods, natural disasters), technological factors (fires, flooding, explosions, chemical and radiation contamination, energy and telecommunications failures, etc.), social factors (military actions, mass riots, terrorist attacks, etc.), criminal factors (hacker attacks, fraudulent activities, or third-party interference in payment system operations, etc.), and political factors (nationalizations and expropriations, contract termination, restrictions on currency convertibility, military actions, and civil unrest). (As amended by the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated September 2, 2019 No. 2019-P-14/46-3-(PS))

  2. The main focus in the payment system is on risks that can disrupt settlement timeliness and, consequently, uninterrupted functioning. Systemic risk - the risk of an adverse event occurring where one payment system participant's inability to fulfill its payment obligations will cause other participants to fail to fulfill their obligations upon the payment due date. Such failure may threaten the stability of the entire payment system (domino effect). Liquidity risk - the risk arising from a payment system participant's inability, due to insufficient or absent funds, to fulfill its obligations in full by the payment due date. The occurrence of this risk is related to the imbalance between financial assets and financial obligations of the payment system participant. Credit risk - the risk arising from a payment system participant's inability to fulfill its financial obligations for paying for payment infrastructure services provided to other participants upon the payment due date or at any subsequent time. Credit risk threatens the financial stability of payment system participants, which may affect uninterrupted functioning. Operational risk - the risk arising from hardware-software complex and communication channel failures, improper actions of personnel and officials of payment system participants, as well as the impact of external factors leading to the inability to conduct payments and settlements, violation of payment system rules, information security breaches, or complete failure of the payment system. Legal/Risk - the risk arising from non-compliance with Kyrgyz Republic legislation, contract and agreement terms, internal documents of payment system participants defining norms and rules for payment system operations. This risk includes imperfections in the legal system, frequent legislative changes, and legal uncertainty among payment system participants that may lead to court disputes. Fraud risk arises from unlawful actions of employees and officials of payment system participants, involving abuse of position, unauthorized use of official information, theft of funds, intentional concealment of operations within the payment system, as well as unlawful actions by third parties regarding the payment system, such as theft of personal data, obtaining confidential information, database penetration for fund theft, etc. Hacker attack risk - the risk arising from the impact on information resources and information-telecommunication means of the payment system through unauthorized access to information systems, installation of special technical equipment, infection with computer viruses and other malicious programs aimed at stealing funds, obtaining users' personal information (passwords, PIN codes, bank card numbers, analog of handwritten signature, user personal data), destruction and violation of database integrity, blocking and disabling information computer systems. Reputation risk - the risk arising from the formation of a negative public perception regarding payment system stability, negative assessment of service quality in the payment system, including due to the spread of false information leading to loss of trust in the payment system or its participants. (As amended by the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated September 2, 2019 No. 2019-P-14/46-3-(PS))

  3. Payment system participants holding a license from the National Bank must have internal regulatory legal documents governing the risk management process, as well as ensure their compliance. (As amended by the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated September 2, 2019 No. 2019-P-14/46-3-(PS))

Chapter 5. Main Stages of Risk Management in the Payment System

  1. Risk identification - the process of detecting risks, determining causes and prerequisites for risk appearance threatening uninterrupted and safe functioning of the payment system.

  2. Risk assessment and analysis - the process of processing information obtained as a result of risk identification, studying features and consequences of risk realization.

  3. Risk monitoring - the process of tracking factors influencing uninterrupted and safe functioning of payment systems.

  4. Development and implementation of risk prevention measures - the process of developing and implementing measures to reduce negative events affecting payment system functioning. (As amended by the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated September 2, 2019 No. 2019-P-14/46-3-(PS))

  5. Development and implementation of risk mitigation measures - the risk management process representing a set of measures aimed at minimizing consequences of risk realization and obtaining compensation for losses related to risk realization (Appendix 1).

Chapter 6. Risk Mitigation Mechanisms in the Payment System (Chapter as amended by the Resolution of the Board of Directors of the National Bank of the Kyrgyz Republic dated September 2, 2019 No. 2019-P-14/46-3-(PS))

  1. To mitigate risks associated with conducting time-sensitive and large-value payments, the interbank payment system provides the following risk management mechanisms:
  • real-time monitoring of participant fund adequacy for fulfilling payment obligations;
  • settlement operations within the credit balance of the paying participant's account opened in the National Bank;
  • ensuring participants view their balances at the National Bank in real-time;
  • providing fund reservation capability to ensure guaranteed settlement from adjacent systems;
  • processing payments according to established priorities;
  • managing participants' payment queues (changing payment priorities, revoking payments from the queue, etc.);
  • establishing limits on net debit positions of retail system participants;
  • mechanisms for increasing participant liquidity in the system to a volume sufficient for fulfilling obligations;
  • double entry of key fields when preparing payment documents manually;
  • duplication of hardware and software in the main node;
  • duplication of the main node's hardware-software complex in the backup center;
  • availability of a remote backup center;
  • duplication of communication channels to ensure uninterrupted operation.
Share