Regulation on Minimum Requirements for the Organization of Internal Control in Payment Organizations and Payment System Operators for the Purpose of Combating the Financing of Criminal Activities and the Legalization (Laundering) of Criminal Proceeds

Go back

Print version

Date of creation: 2026-02-12

Appendix

to the Resolution of the Board of the National Bank of the Kyrgyz Republic

of August 19, 2020 No. 2020-P-14/46-4-(PS)

REGULATION

on minimum requirements for the organization of internal control in payment organizations and payment system operators for the purpose of combating the financing of criminal activities and the legalization (laundering) of criminal proceeds

(As amended by resolutions of the Board of the National Bank of the Kyrgyz Republic of October 31, 2025 No. 2025-P-14/59-2-(PS), December 26, 2025 No. 2025-P-12/70-6-(PS))

Chapter 1. General Provisions

1. This Regulation "On Minimum Requirements for the Organization of Internal Control in Payment Organizations and Payment System Operators for the Purpose of Combating the Financing of Criminal Activities and the Legalization (Laundering) of Criminal Proceeds" (hereinafter - the Regulation) defines the minimum requirements for the organization of internal control in payment organizations and payment system operators for settlements using electronic money, which are not commercial banks (hereinafter - payment organizations/payment system operators) for the purpose of combating the financing of criminal activities and the legalization (laundering) of criminal proceeds (hereinafter - CFT/AML).

(As amended by the resolution of the Board of the National Bank of the Kyrgyz Republic of December 26, 2025 No. 2025-P-12/70-6-(PS))

2. The National Bank of the Kyrgyz Republic (hereinafter - the National Bank) supervises the activities of payment organizations/payment system operators, including issues of organizing internal control to comply with legislation in the field of CFT/AML, and sends information upon detection of payments to third parties having signs of suspicious transactions to the authorized state body in the field of CFT/AML (hereinafter - the financial intelligence unit).

(As amended by the resolution of the Board of the National Bank of the Kyrgyz Republic of December 26, 2025 No. 2025-P-12/70-6-(PS))

3. The activities of commercial banks providing services for receiving and processing payments and settlements for goods and services, which are not the result of their own activities, in favor of third parties through payment systems based on information technologies and electronic means, and payment methods, as well as being operators of payment systems for settlements using electronic money and agents (distributors) of electronic money that are partner banks, are regulated by the Regulation "On Minimum Requirements for the Organization of Internal Control in Commercial Banks for the Purpose of Combating the Financing of Criminal Activities and the Legalization (Laundering) of Criminal Proceeds", approved by the Resolution of the Board of the National Bank of August 14, 2019 No. 2019-P-12/42-1-(NPA).

(As amended by the resolution of the Board of the National Bank of the Kyrgyz Republic of December 26, 2025 No. 2025-P-12/70-6-(PS))

Chapter 2. Concepts and Definitions

4. For the purposes of this Regulation, the following concepts are used:

Beneficial owner - a natural person (natural persons) who ultimately (through a chain of ownership and control) directly or indirectly (through third parties) owns or controls the client, or a natural person on whose behalf or in whose interest a transaction is carried out.

Close relatives - parents, adoptive parents, adopted children, full and half-brothers and sisters, grandfathers, grandmothers, grandchildren, for whom a public official incurs financial costs, in terms of covering living expenses, education, healthcare, and other necessary expenses.

Verification - the procedure for checking the identification data of the client and (or) the beneficial owner.

High-risk countries - states and territories (entities) that do not apply or insufficiently apply international standards for combating money laundering, terrorist financing, and the financing of the proliferation of weapons of mass destruction, as well as offshore zones.

Identification of operations subject to control and reporting - a stage in the organization of internal control of payment organizations/payment system operators for CFT/AML purposes, which includes determining operations subject to control and reporting to the financial intelligence unit in accordance with the requirements of regulatory legal acts of the Kyrgyz Republic.

Business relations - relations between a client and a financial institution or a client and a non-financial category of persons, arising from an agreement (oral or written) on the provision of services for carrying out a transaction.

Identification - the procedure for establishing identification data about the client and (or) the beneficial owner.

Source of origin of other property - this is information about the origin of the total property of a public official (the source of formation of all assets belonging to the client). The information received reflects data on the client's status and how the client acquired it.

Source of origin of funds - this is information about the origin of specific funds or assets that are the subject of business relations between the client and the bank. The information received must be substantive, indicating the source and/or grounds for obtaining or acquiring these funds or assets.

Client (payer client, service provider client) - a client of a payment organization is a payer/user using the infrastructure/services of a payment organization/payment system operator to pay for goods/services, as well as a supplier of goods/services, an agent, sub-agent, counterparty, payment system participant, and any other natural or legal person (organization) accepted for service or being serviced by a payment organization/payment system operator, or with whom the payment organization has contractual relations.

Clients of a payment organization, if it has a license to issue electronic money, also include electronic money holders - natural and legal persons, electronic money acceptors, who have undergone identification and verification in accordance with the legislation of the Kyrgyz Republic in the field of CFT/AML.

Payment - the fulfillment of a monetary obligation using cash or the process of transferring non-cash funds by the payer.

Suspicious transaction - a transaction falling under the following signs:

a) if there is suspicion or sufficient grounds to suspect that the funds are proceeds from crime, including predicate offenses, or are related to the legalization (laundering) of criminal proceeds;

b) if there is suspicion or sufficient grounds to suspect that the funds are related to the financing of:

• terrorists and extremists;

• terrorist and extremist organizations (groups);

• terrorist and extremist activities;

• organized groups or criminal communities;

• proliferation of weapons of mass destruction.

A suspicious transaction is determined by the internal control service within the framework of legislation in the field of CFT/AML for transactions involving funds or other property of the client and the beneficial owner.

Internal control program - internal measures, procedures, and control systems applied by payment organizations for the purpose of implementing the legislation of the Kyrgyz Republic in the field of CFT/AML.

Public officials - one of the following natural persons:

a) foreign public official - a person performing or having performed significant state or political functions (public functions) in a foreign state (heads of state or government, senior officials in government and other state bodies, courts, armed forces, state enterprises or institutions, as well as prominent political figures, including prominent figures of political parties);

b) national public official - a person holding or having held a political and special state position or a political municipal position in the Kyrgyz Republic, as provided for in the Register of State and Municipal Positions of the Kyrgyz Republic, approved by the President of the Kyrgyz Republic, as well as senior management of state corporations, prominent political figures, including prominent figures of political parties;

c) public official of an international organization - a senior official of an international organization who has been entrusted with or has performed important functions by an international organization (heads, deputy heads, and board members of an international organization or persons holding equivalent positions in an international organization).

Risk-based approach - the application of measures commensurate with the level of risk for their effective reduction, including the application of enhanced measures by payment organizations in the presence of a high level of risk or simplified measures in the presence of a low level of risk in accordance with established risk management procedures (identification, assessment, monitoring, control, risk reduction).

Sanction lists - the Consolidated Sanction List of the Kyrgyz Republic and the Consolidated Sanction List of the UN Security Council.

The procedure for forming and publishing the sanction list is provided for in the Regulation "On Lists of Natural Persons and Legal Entities, Groups and Organizations for which there is Information about their Participation in Terrorist and Extremist Activities, Proliferation of Weapons of Mass Destruction, and Legalization (Laundering) of Criminal Proceeds", approved by the Resolution of the Cabinet of Ministers of the Kyrgyz Republic of November 14, 2025 No. 739.

Targeted financial sanctions - freezing of any transactions and (or) funds of natural and legal persons, groups and organizations for which there is information about their participation in criminal activities, and (or) restricting the provision of direct or indirect access to any funds or financial services to such persons, groups and organizations.

Internal control service - an authorized employee/official or structural unit of a payment organization/payment system operator responsible for implementing internal control programs for CFT/AML.

Other terms and concepts in this Regulation are used according to their definitions provided in the regulatory legal acts of the National Bank and the legislation of the Kyrgyz Republic, including the Law of the Kyrgyz Republic "On Combating Extremist Activities."

(As amended by the resolution of the Board of the National Bank of the Kyrgyz Republic of December 26, 2025 No. 2025-P-12/70-6-(PS))

Chapter 3. Activities of a Payment Organization/Payment System Operator in the Field of CFT/AML

5. The activities of a payment organization/payment system operator in the field of CFT/AML, taking into account the agency, sub-agency network, electronic money agents (distributors), and payment system participants, must include the following components:

1. implementation of the internal control program for CFT/AML;

2. assessment of the effectiveness of internal control for CFT/AML by the internal audit service (if available)/independent auditor;

3. designation of the internal control service, appointment of an official for CFT/AML and a person who will replace the official for CFT/AML in case of their temporary absence/dismissal (personnel reserve);

4. training of agents and employees of the payment organization/payment system operator involved in the implementation of the internal control program for CFT/AML. If the agent of the payment organization is a commercial bank or a payment organization, the payment organization must request relevant documents confirming the completion of training;

5. inclusion of mandatory conditions in the contract with agents, sub-agents, electronic money agents (distributors), and payment system participants regarding compliance with CFT/AML legislation. The payment organization/payment system operator is responsible for agents, electronic money agents (distributors), and payment system participants' compliance with CFT/AML requirements when concluding a contract.

(As amended by the resolution of the Board of the National Bank of the Kyrgyz Republic of December 26, 2025 No. 2025-P-12/70-6-(PS))

6. The collegial executive body (hereinafter - the Board) of the payment organization/payment system operator, together with the board of directors (if available) (hereinafter - the board of directors), is responsible for ensuring adequate and effective activities of the payment organization/payment system operator in the field of CFT/AML, as well as preventing the involvement of the payment organization/payment system operator in carrying out transactions with signs of suspicious operations. The collegial body is also responsible for preventing the involvement of the payment organization/payment system operator, agents, electronic money agents (distributors) in carrying out transactions with signs of suspicious operations.

(As amended by the resolution of the Board of the National Bank of the Kyrgyz Republic of December 26, 2025 No. 2025-P-12/70-6-(PS))

7. The board of directors (if available) is responsible for:

• approving an adequate and effective policy in the field of CFT/AML;

• approving the internal control program in the field of CFT/AML, as well as exercising control over its implementation;

• defining measures to ensure the effective operation of the internal control service or the official for CFT/AML;

• appointing and dismissing employees of the internal control service or the official for CFT/AML;

• reviewing the report/recommendations of the internal audit service (if available)/independent audit;

• defining measures aimed at eliminating deficiencies in the field of CFT/AML identified by audit and inspection checks and indicated in the report of the official for CFT/AML, as well as controlling their implementation.

In the absence of a board of directors in the management structure of a payment organization/payment system operator, the functions of the board of directors provided for in this paragraph are assigned to the board.

(As amended by the resolution of the Board of the National Bank of the Kyrgyz Republic of December 26, 2025 No. 2025-P-12/70-6-(PS))

8. The Board of the payment organization/payment system operator is responsible for:

• ensuring the implementation of the CFT/AML policy and internal control program approved by the board of directors of the payment organization/payment system operator;

• ensuring control over the execution of the legislation of the Kyrgyz Republic in the field of CFT/AML;

• ensuring employee training in the field of CFT/AML;

• ensuring the implementation of measures aimed at eliminating deficiencies in internal measures, procedures, and the internal control system, as well as ensuring the conduct of an independent audit;

• ensuring compliance with the requirements of regulatory legal acts of the Kyrgyz Republic regarding the acceptance and processing of payments (including identification and verification of clients and beneficial owners).

The Board of the payment organization/payment system operator must take measures to minimize the risks of involvement through their software in carrying out transactions with signs of suspicious operations.

(As amended by the resolution of the Board of the National Bank of the Kyrgyz Republic of December 26, 2025 No. 2025-P-12/70-6-(PS))

Chapter 4. Application of the CFT/AML Internal Control Program

9. Payment organizations/payment system operators must develop and apply an internal control program for CFT/AML in accordance with the legislation of the Kyrgyz Republic in the field of CFT/AML, which will include at least the following main procedures:

1. organization of internal control aimed at establishing the powers and responsibilities of officials for decision-making, interaction, and accountability between persons and departments involved in the CFT/AML process;

2. implementation of measures for identifying, assessing, monitoring, managing, reducing, and documenting the risks of financing terrorist, extremist activities, proliferation of weapons of mass destruction, organized groups or criminal communities, legalization (laundering) of criminal proceeds (hereinafter - FT/AML risk);

3. maintaining FT/AML risk assessments up-to-date and providing information on risk assessments to the National Bank and the authorized financial intelligence unit (if necessary);

4. when conducting FT/AML risk assessments, considering all risk factors and then determining the overall risk level and measures to reduce it;

5. availability of internal regulatory documents, approved by the board of directors (if available), which ensure effective management of FT/AML risk reduction, and also take into account risks identified at the country and/or relevant sector level;

6. monitoring the application of controls, expanding them if necessary, and applying measures to manage and reduce identified high FT/AML risks;

7. conducting due diligence on clients, including:

• identification and verification of the client (one-time and ongoing);

• obtaining information about the purpose and intended nature of business relations with the client;

• identification of the beneficial owner and taking available and reasonable measures to verify the beneficial owner of clients, including those that are legal entities (foreign trusts, etc.);

• identification and verification of client transactions that are most susceptible to the risk of being used for FT/AML purposes, carrying out transactions with signs of suspicious operations;

• monitoring and identifying transactions of the payment organization/payment system operator for all provided services that are most susceptible to the risk of being used for FT/AML purposes, carrying out transactions with signs of suspicious operations;

• documenting information obtained as a result of client and beneficial owner identification and verification;

• storing and updating information and documents about the client's activities and financial position, as well as information and documents obtained as a result of client due diligence;

• conducting ongoing client due diligence throughout the entire period of business relations with the client and analyzing the compliance of transactions (payments) carried out by the client with available information about the content of their activities, financial position, and source of funds, as well as the nature of