LogoRegulatory Alerts
2019-08-21 | 130064

Regulation on Minimum Requirements for Internal Control Organization in Microfinance Organizations, Credit Unions, and Specialized Financial Institutions of the Kyrgyz Republic to Counter Terrorist Financing and Money Laundering

The National Bank of the Kyrgyz Republic issued this regulation to establish minimum internal control requirements for microfinance organizations, credit unions, and specialized financial institutions to combat money laundering and terrorist financing. The document mandates the development of comprehensive compliance programs, the appointment of dedicated responsible officers, and the implementation of strict customer due diligence and risk assessment procedures. It further enforces rigorous reporting timelines for suspicious transactions to the Financial Intelligence Unit and sets strict data retention and audit standards for these entities.

National Bank of the Kyrgyz Republic logo

Kyrgyzstan

National Bank of the Kyrgyz Republic

Click to view thumbnail

Return to previous page

Print version

Creation date: 2026-01-30

Approved

by the resolution of the Board of the National Bank of the Kyrgyz Republic

of August 21, 2019 No. 2019-P-33/43-6-(NFKU)

REGULATION

on minimum requirements for the organization of internal control in microfinance organizations, credit unions, and specialized financial institutions of the Kyrgyz Republic for the purpose of countering the financing of criminal activities and the legalization (money laundering) of criminal proceeds

(As amended by resolutions of the Board of the National Bank of the Kyrgyz Republic of December 21, 2022 No. 2022-P-12/81-7, December 27, 2023 No. 2023-P-12/82-7, December 19, 2025 No. 2025-P-12/68-2-(NPA))

Chapter 1. General Provisions

  1. The purpose of this Regulation is to define the minimum requirements for the organization of internal control in microfinance organizations not accepting deposits, credit unions, and specialized financial institutions of the Kyrgyz Republic (hereinafter referred to as MFOs, CUs, SFUs), for the purpose of countering the financing of terrorist activities and the legalization (money laundering) of criminal proceeds, as well as countering the financing of extremist activities, the financing of organized groups or criminal communities, and the financing of the proliferation of weapons of mass destruction and the legalization (money laundering) of criminal proceeds (hereinafter referred to as CFT/AML).

(As amended by the resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

  1. The National Bank of the Kyrgyz Republic (hereinafter referred to as the National Bank) conducts inspections of the activities of MFOs, CUs, and SFUs regarding the organization of internal control for CFT/AML purposes and sends information about its results to the authorized state body of the Kyrgyz Republic in the field of CFT/AML (hereinafter referred to as the Financial Intelligence Unit).

(As amended by the resolutions of the Board of the National Bank of the Kyrgyz Republic of December 21, 2022 No. 2022-P-12/81-7, December 19, 2025 No. 2025-P-12/68-2-(NPA))

  1. The following terms are used in this Regulation:

  1. Beneficial owner - a natural person (natural persons) who ultimately (through a chain of ownership and control) directly or indirectly (through third parties) owns the right of ownership or controls the client, or a natural person on whose behalf or in whose interest the transaction (deal) is carried out.

  2. Close relatives - parents, adoptive parents, adopted children, full and half brothers and sisters, grandfathers, grandmothers, grandchildren, with respect to whom a public official bears financial costs for covering living expenses, education, healthcare, and other necessary expenses.

  3. Verification - a procedure for checking the identification data of the client and/or the beneficial owner.

  4. Internal control - a set of measures taken by MFOs, CUs, and SFUs to identify transactions (deals) subject to control and reporting, and suspicious transactions (deals), as well as to prevent other transactions (deals) involving funds or property directly related to the financing of criminal activities and the legalization (money laundering) of criminal proceeds.

  5. High-risk countries - states and territories (entities) that do not apply or apply insufficiently international standards for countering money laundering, terrorist financing, and the financing of the proliferation of weapons of mass destruction, as well as offshore zones.

  6. Identification - a procedure for establishing identification data about the client and/or the beneficial owner.

  7. Source of funds - information about the origin of specific funds or assets that are the subject of business relations between the client and the MFO, CU, or SFU. The received information must be substantive, indicating the source and/or grounds for obtaining or acquiring these funds or assets.

  8. Source of other property - information about the origin of the aggregate property of a public official (the source of formation of all assets belonging to the client). The received information reflects data on the client's status and how the client acquired it.

  9. Financial Intelligence Unit - the authorized state body of the Kyrgyz Republic in the field of countering the financing of criminal activities and the legalization (money laundering) of criminal proceeds.

  10. Public officials - one of the following natural persons:

a) foreign public official - a person performing or having performed significant state or political functions (public functions) in a foreign state (heads of state or government, senior officials in government, courts, armed forces, state bodies, enterprises or institutions, prominent political figures, including prominent figures of political parties);

b) national public official - a person holding or having held a political and special state position in the Kyrgyz Republic, provided for in the Registry of State and Municipal Positions approved by the President of the Kyrgyz Republic, as well as senior management of state corporations, prominent political figures, including prominent figures of political parties;

c) public official of an international organization - a senior official of an international organization entrusted or having been entrusted with important functions by the international organization (heads, deputy heads, and board members of an international organization or persons holding equivalent positions in an international organization).

  1. Suspicious transaction (deal) - a transaction (deal) falling under the following signs:

a) if there is suspicion or sufficient grounds to suspect that the funds are proceeds of crime, including from predicate crimes, or are related to the legalization (money laundering) of criminal proceeds;

b) if there is suspicion or sufficient grounds to suspect that the funds are related to financing:

  • terrorists and extremists;

  • terrorist and extremist organizations (groups);

  • terrorist and extremist activities;

  • the proliferation of weapons of mass destruction;

  • organized groups or criminal communities.

A suspicious transaction (deal) is determined by the CFT/AML official within the framework of legislation in the field of CFT/AML for transactions carried out with funds or other property of the client and the beneficial owner.

  1. Internal control program - internal measures, procedures, and control systems applied by MFOs, CUs, and SFUs for the purpose of complying with the legislation of the Kyrgyz Republic in the field of CFT/AML.

  2. Risk-based approach - the application of enhanced measures in the presence of a high level of risk or simplified measures in the presence of a low level of risk in accordance with established risk management procedures (identification, assessment, monitoring, control, risk reduction).

  3. Sanctions lists - The Consolidated Sanctions List of the Kyrgyz Republic and the Consolidated Sanctions List of the UN Security Council.

The procedure for forming and publishing the sanctions list is provided for in the Regulation "On lists of physical and legal persons, groups, and organizations regarding which there is information about their participation in criminal activities and the legalization (money laundering) of criminal proceeds," approved by the resolution of the Cabinet of Ministers of the Kyrgyz Republic of November 14, 2025 No. 739.

  1. Targeted financial sanctions - freezing of any transactions (deals) and/or funds of physical and legal persons, groups, and organizations included in the Sanctions Lists, and/or restricting access (direct or indirect) of such persons, groups, and organizations to any funds or financial services.

The concept of "Extremist Activity" corresponds to the norms of the conceptual apparatus of the Law of the Kyrgyz Republic "On Countering Extremist Activity."

(As amended by the resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

Chapter 2. Internal Control Program for CFT/AML

  1. MFOs, CUs, and SFUs are obliged to develop a corresponding internal control program for CFT/AML purposes. This program is part of the internal control system of MFOs, CUs, and SFUs and is subject to mandatory and full compliance by MFOs, CUs, and SFUs.

(As amended by the resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

  1. The internal control program for CFT/AML is part of the internal control system of MFOs, CUs, and SFUs and must ensure the implementation of at least the following activities:

  1. organization of internal control aimed at establishing the authority and responsibility of officials for decision-making, interaction, and accountability between persons and subdivisions involved in the CFT/AML process;

  2. implementation of measures to identify, assess, monitor, manage, reduce, and document the risks of financing terrorist activities, proliferation of weapons of mass destruction, and legalization (money laundering) of criminal proceeds (hereinafter referred to as TF/PML risks);

  3. maintaining the TF/PML risk assessment in an up-to-date state (updating no less than once a year) and providing information on the risk assessment to the National Bank and the authorized financial intelligence body (if necessary);

  4. when conducting TF/PML risk assessment, considering all risk factors, and then determining the overall level of risk and measures to reduce it;

  5. having internal regulatory documents approved by the executive body/monitoring body (if any), which ensure effective management of TF/PML risk reduction, and also taking into account risks identified at the country and/or relevant sector level;

  6. monitoring the application of control measures, expanding them if necessary, and applying measures to manage and reduce identified high TF/PML risks;

  7. conducting customer due diligence, including:

  • identification and verification of the client (one-time and permanent);

  • obtaining information about the purpose and intended nature of business relations with the client;

  • identification of the beneficial owner and taking available and reasonable measures to verify the beneficial owner of clients, including legal entities (foreign trusts, etc.);

  • identification and verification of client transactions most susceptible to the risk of use for CFT/AML purposes, conducting transactions having signs of suspicious transactions (deals);

  • identification and verification of transactions for all products and services most susceptible to the risk of use for CFT/AML purposes, conducting transactions having signs of suspicious transactions;

  • documentary recording of information obtained as a result of identification and verification of the client and beneficial owner;

  • storage and updating of information and documents about the client's activities and financial position, as well as information and documents obtained as a result of customer due diligence;

  • conducting continuous customer due diligence throughout the period of business relations with the client and analyzing the compliance of transactions (deals) conducted by the client with existing information about the content of their activities, financial position, and source of funds, as well as the nature of TF/PML risks.

The above-mentioned customer due diligence measures are applied in cases and in the manner established by the Cabinet of Ministers of the Kyrgyz Republic, as well as taking into account the results of risk assessment;

  1. identifying in the client's activities transactions subject to control and reporting;

  2. identifying in the client's activities transactions having signs of suspicious transactions, in accordance with the requirements of the Financial Intelligence Unit, to confirm the validity or refute suspicions of the client carrying out such transactions (deals);

  3. establishing the procedure and grounds for refusing to provide services and conduct transactions to potential clients, as well as for terminating the servicing of clients;

  4. suspending transactions (deals) and applying targeted financial sanctions against persons included in the Sanctions Lists.

Suspension of transactions (deals) and application of targeted financial sanctions are carried out by MFOs, CUs, and SFUs in accordance with the Regulation "On the procedure for suspending a transaction (deal), freezing and unfreezing a transaction (deal) and/or funds, providing access to frozen funds, and managing frozen funds," approved by the resolution of the Cabinet of Ministers of the Kyrgyz Republic of November 14, 2025 No. 739;

  1. applying measures against high-risk countries in accordance with the requirements of the Regulation "On the procedure for applying measures (sanctions) against high-risk countries," approved by the resolution of the Cabinet of Ministers of the Kyrgyz Republic of November 14, 2025 No. 739;

  2. timely submission to the Financial Intelligence Unit of information and documents, as well as reports on transactions (deals) subject to control and reporting;

  3. ensuring the storage of information and documents about transactions (deals), as well as information obtained as a result of customer due diligence;

  4. ensuring the confidentiality of information;

  5. implementing information systems in MFOs, CUs, and SFUs that ensure the prompt provision of reliable and comprehensive information about the activities of MFOs, CUs, and SFUs, including client transactions;

  6. establishing control and monitoring of the constant compliance of MFOs, CUs, and SFUs with the legislation of the Kyrgyz Republic on CFT/AML issues;

  7. establishing control over employees of MFOs, CUs, and SFUs whose activities are subject to high risk (cashiers, credit inspectors, operational department workers, etc.), reflecting in the job descriptions of employees of the corresponding subdivisions the functions and duties for implementing the CFT/AML policy;

  8. monitoring the application of the internal control program and internal documents of MFOs, CUs, and SFUs in the field of CFT/AML and improving them if necessary;

  9. ensuring the performance of other duties provided for in the legislation of the Kyrgyz Republic in the field of CFT/AML.

(As amended by the resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

5-1. MFOs, CUs, and SFUs must develop and ensure the implementation of internal control programs by their branches and representative offices, as well as subsidiary and dependent companies operating on the territory of the Kyrgyz Republic and foreign states.

In cases where the legislation of a foreign state does not allow the application of internal control programs and the requirements of the legislation of the Kyrgyz Republic in the field of CFT/AML, branches and representative offices, as well as subsidiary and dependent companies of MFOs, CUs, and SFUs apply necessary risk management measures and report this to the National Bank.

(As amended by the resolutions of the Board of the National Bank of the Kyrgyz Republic of December 27, 2023 No. 2023-P-12/82-7, December 19, 2025 No. 2025-P-12/68-2-(NPA))

Chapter 3. Authority and Duties of the Employee Responsible for Implementing the Internal Control Program for CFT/AML

  1. An employee responsible for the development and implementation of the internal control program for compliance with CFT/AML legislation (hereinafter referred to as the responsible employee) must be appointed in MFOs, CUs, and SFUs. The responsible employee cannot combine the functions of internal auditor/revision commission/person responsible for assessing the effectiveness of internal control for CFT/AML purposes, except for MFOs, CUs, and SFUs where only one person works.

The same responsible employee of MFOs, CUs, and SFUs is sent for training no less than once every three years. At the same time, the responsible employee must know the current legislation on CFT/AML issues.

(As amended by the resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

  1. The responsible employee, for the purpose of complying with CFT/AML legislation, performs the following tasks:

  1. taking appropriate measures to minimize the risk of involvement of MFOs, CUs, and SFUs and the participation of their employees in committing criminal (illegal) acts related to TF/PML;

  2. effective implementation of the legislation of the Kyrgyz Republic in the field of CFT/AML;

  3. assisting the Financial Intelligence Unit and the National Bank in performing tasks and functions provided for by the legislation of the Kyrgyz Republic in the field of CFT/AML.

(As amended by the resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

  1. The responsible employee, for the purpose of complying with CFT/AML legislation, carries out:

  1. development and submission to the monitoring or executive management body of MFOs, CUs, and SFUs of draft internal control programs and other internal documents in the field of CFT/AML, including risk assessment methodology and risk management procedures;

  2. organization of the implementation of internal control programs;

  3. monitoring of customer due diligence and other participants in transactions (deals);

  4. monitoring and analysis of client transactions (deals);

  5. making a decision to recognize a transaction (deal) as suspicious and sending a report on the suspicious transaction (deal) to the Financial Intelligence Unit, with subsequent notification of the executive body;

  6. submission to the Financial Intelligence Unit of reports on transactions (deals) subject to control and reporting, in accordance with the legislation of the Kyrgyz Republic in the field of CFT/AML;

  7. providing assistance to authorized representatives of the National Bank during their inspection of the activities of MFOs, CUs, and SFUs regarding compliance with the legislation of the Kyrgyz Republic in the field of CFT/AML;

  8. submission to the monitoring or executive management body of MFOs, CUs, and SFK (if any) of a written report on the results of the implementation of internal control programs. The order of current reporting of the responsible employee is determined by the internal documents of MFOs, CUs, and SFUs;

  9. assessing TF/PML risks, including when introducing new products, services, and technologies;

  10. organizing training and consultations for employees participating in the implementation of the internal control program for CFT/AML, bringing to their attention the necessary information related to the field of CFT/AML.

(As amended by the resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

Chapter 4. Procedure for Documenting and Storing Information

  1. MFOs, CUs, and SFUs record information and collect documents on identification, verification, and study of the client, as well as on establishing the beneficial owner, and on transactions (deals) subject to control and reporting for CFT/AML purposes, in such a way that the collected information is sufficient to restore the details of individual transactions (deals) for the purpose of presenting relevant evidence during their consideration and investigation.

MFOs, CUs, and SFUs form and send to the Financial Intelligence Unit reports on transactions (deals) subject to control and reporting, specified in paragraph 29 of this Regulation, regardless of the amount of the transaction (deal) completed or being completed, except for transactions (deals) in cash and non-cash funds, the threshold amount for which is established by the Cabinet of Ministers of the Kyrgyz Republic.

MFOs, CUs, and SFUs ensure the submission of reports within the following timeframes:

  1. report on a suspicious transaction (deal) - within 5 (five) hours from the moment the transaction (deal) is officially recognized as suspicious;

  2. report on a transaction (deal) with physical or legal persons from high-risk countries - within 2 (two) working days from the day of completion of such transaction (deal);

  3. report on a transaction (deal) completed by a physical person who has served a sentence for carrying out (committing) legalization (money laundering) of criminal proceeds, criminal activities, as well as for financing such activities - within 2 (two) working days from the day of completion of such transactions (deals);

  4. report on a transaction (deal) in cash and non-cash funds in an amount equal to or exceeding the threshold amount - within 3 (three) working days from the day of completion of such transaction (deal);

The list of transactions (deals) in cash and non-cash funds and their threshold amount are established by the Cabinet of Ministers of the Kyrgyz Republic;

  1. report on a transaction (deal) in cash and non-cash funds - upon request of the Financial Intelligence Unit within 10 (ten) working days from the day of receipt of the request.

Reports are sent to the Financial Intelligence Unit in accordance with the requirements of the Regulation "On the procedure for submitting information and documents to the Financial Intelligence Unit of the Kyrgyz Republic," approved by the resolution of the Cabinet of Ministers of the Kyrgyz Republic of November 14, 2025 No. 739.

(As amended by the resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

  1. Information and documents containing information about the client, beneficial owner, including business correspondence, as well as about the client's transactions (deals), the results of any analysis conducted, and other data obtained during the verification, according to this Regulation, must be stored for no less than 5 (five) years after the termination of relations between the MFO, CU, SFU and the client/conducting a one-time transaction (deal) with the client.

Information must be stored in sufficient volume, which allows restoring the characteristics of the completed transaction (deal) or tracking funds by restoring the entire chain of the transaction (deal) and, if necessary, using it as evidence during investigation and court proceedings in accordance with the criminal procedural legislation of the Kyrgyz Republic.

MFOs, CUs, and SFUs provide information and documents to authorized law enforcement agencies, national security agencies, and prosecutor's offices of the Kyrgyz Republic in accordance with the requirements of the legislation of the Kyrgyz Republic.

(As amended by the resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

  1. Copies of all reports on suspicious transactions (deals) sent to the Financial Intelligence Unit, as well as those subject to control and reporting, must be stored by the responsible employee for no less than 5 (five) years from the date of compilation of the report (message).

  2. MFOs, CUs, and SFUs must update information obtained as a result of identification, verification, and study of the client, as well as establishing the beneficial owner, periodically, no less than once a year in cases where the MFO, CU, SFU assesses the risk of the client carrying out financing of criminal activities and legalization (money laundering) of criminal proceeds as high, and in other cases - no less than once every three years.

(As amended by the resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

Chapter 5. Assessment of the Effectiveness of Internal Control for CFT/AML

  1. MFOs, CUs, and SFUs must have procedures for assessing the effectiveness of internal control for CFT/AML purposes.

(As amended by the resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

  1. Assessment of the adequacy of the program and procedures to the requirements of CFT/AML legislation, as well as assessment of the effectiveness and reliability of internal control for compliance with CFT/AML legislation, are carried out by the internal auditor/revision commission/person responsible for assessing the internal control system in MFOs, CUs, and SFUs.

In the absence of an internal auditor/revision commission/person responsible for assessing the internal control system in MFOs, CUs, and SFUs, the assessment of the adequacy of the program and procedures to the requirements of CFT/AML legislation is carried out by the external auditor of MFOs, CUs, and SFUs.

The general assessment of the adequacy of the program and procedures, as well as the assessment of the effectiveness and reliability of internal control rules for compliance with CFT/AML legislation, are carried out on a continuous basis, depending on the level of transaction risks, but no less than once a year.

(As amended by the resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

  1. Results of the effectiveness assessment of internal control for CFT/AML...
Share