LogoRegulatory Alerts
2025-07-31 | 126808

Recommendations on the Automation of Sanctions List Screening

The National Bank of the Kyrgyz Republic issued recommendations requiring commercial banks to implement automated sanctions screening systems to enhance compliance and reduce operational risks. The guidelines mandate the use of reliable data sources, robust algorithmic matching, and strict data security protocols while covering all relevant client categories and transaction types. Banks are further required to conduct regular testing, maintain comprehensive audit trails, and continuously adapt their internal policies to regulatory standards.

National Bank of the Kyrgyz Republic logo

Kyrgyzstan

National Bank of the Kyrgyz Republic

Click to view thumbnail

Return to previous page

Print version

Date of creation: 2025-08-06

Appendix to the resolution

of the Supervisory Committee

of the National Bank

of the Kyrgyz Republic

of July 31, 2025

No. 39/1

Recommendations

on the automation of sanctions list screening

  1. General Provisions

  2. These Recommendations on the automation of sanctions list screening (hereinafter referred to as the Recommendations) are developed to improve the efficiency of commercial banks (hereinafter referred to as banks) in identifying persons and organizations subject to sanctions measures, and to comply with the legislation of the Kyrgyz Republic in the field of counter-terrorism financing and combating the legalization (money laundering) of criminal proceeds.

  3. The purpose of the Recommendations is to form unified approaches to:

  • automation of processes for checking against sanctions lists;
  • selection of sanctions data sources;
  • application of technological solutions (including those based on artificial intelligence and machine learning algorithms);
  • management of screening results.

  1. These Recommendations may be used by banks as a basis for the bank's internal policy regarding compliance with sanctions regimes and risk minimization.

  2. Screening against sanctions lists must be carried out within the framework of the bank's internal control system in accordance with the legislation of the Kyrgyz Republic, international obligations, and recommendations of the Financial Action Task Force (FATF).

  3. The bank should develop internal documents regulating:

  • the procedure for working with the automated sanctions monitoring (screening) system (hereinafter referred to as the automated system);
  • the distribution of responsibilities among structural subdivisions of the bank during the implementation and use of the automated system;
  • actions of bank employees upon confirmation of matches and the procedure for processing screening results;
  • the decision-making process by the responsible structural subdivision regarding the results of match confirmation in accordance with the legislation of the Kyrgyz Republic;
  • the procedure for documenting and storing obtained data;
  • periodic checks of the effectiveness of the internal system.

  1. Approaches to Automated Screening

  2. Banks are recommended to use automation to reduce operational and regulatory risks, eliminate human error, and ensure compliance with sanctions requirements in real-time.

  3. Automation of sanctions list screening is a measure to improve the accuracy, timeliness, and completeness of sanctions compliance.

  4. An effective sanctions monitoring (screening) system must ensure:

  • rapid identification of persons and organizations from sanctions lists;
  • reduction of false positives while maintaining high algorithm sensitivity;
  • integration with internal bank systems;
  • reproducibility of screening results and the ability to audit employee actions.
  1. The system must conduct sanctions compliance checks regarding the following categories:
  • clients – natural and legal persons;
  • beneficial owners and controlling persons;
  • authorized persons and representatives;
  • counterparties to transactions;
  • correspondent banks and other financial intermediaries.
  1. Screening against sanctions lists must be carried out in the following cases:
  • upon establishing business relations (start of client service);
  • upon conducting a one-time transaction (without opening an account);
  • upon each update of sanctions lists;
  • upon changes in client information (including full name, address, documents);
  • upon conducting incoming and outgoing transactions, including payments and transfers.

Information Security and Data Protection

  1. The automated system must:
  • comply with the legislation of the Kyrgyz Republic on information protection, including in part the protection of personal data and banking secrecy;
  • ensure backup;
  • ensure protection against unauthorized access;
  • ensure user rights segregation (role-based access model).

  1. Testing and Quality Control

  2. Before commissioning, the automated system must undergo testing, including:

  • verification of the correctness of matching algorithms;
  • verification of the completeness of coverage of sanctions lists;
  • simulation of typical scenarios and edge cases.
  1. After implementation, the bank should:
  • periodically check the effectiveness of the system;
  • analyze statistics on false matches and missed sanctioned persons;
  • document results and, if necessary, adjust algorithm parameters.

  1. Audit and Reporting

  2. The automated system must:

  • maintain a complete history of all screenings, including matches and employee actions (date, matching methods, result, basis for the decision made);
  • ensure automatic generation of reports on sanctions screening.

  1. Sources of Sanctions Data

  2. The automated system must ensure automatic loading and regular updating of sanctions lists, including but not limited to:

  • the consolidated sanctions list of the Kyrgyz Republic;
  • the United Nations Security Council sanctions list;
  • the European Union sanctions list;
  • the list of sanctions by the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC);
  • the United Kingdom sanctions list (OFSI);
  • and others.
  1. To improve data quality and extended matching, banks may use commercial databases that:
  • aggregate data from sanctions sources;
  • contain additional attributes (aliases, links, photographs, transliterations);
  • are updated in real-time or several times a day.
  1. Banks may integrate with the following sanctions data sources, including but not limited to:
  • LexisNexis (World Compliance);
  • Refinitiv (World-Check One);
  • Dow Jones Risk & Compliance;
  • Accuity/Fircosoft (Firco List Update);
  • Acuris Risk Intelligence;
  • and others.

  1. Final Provisions

  2. The Recommendations must be adapted taking into account:

  • the scale of the bank's activities;
  • the IT solutions used;
  • the specifics of client and operational profiles.
  1. Banks should:
  • regularly review and improve their sanctions screening procedures;
  • ensure technical and organizational relevance of solutions;
  • improve the qualifications of personnel responsible for sanctions compliance.

Contacts

Public Reception

+996 (312) 61-04-86 +996 (312) 66-90-15 +1257, +1256

Department for the Protection of Consumer Rights

+996 (312) 66-90-15 +1671, +1666

Report Corruption

+996 (312) 66-90-15 +2120 +996 (312) 61-04-00

Automated Information Service for Official Exchange Rates

+996 (312) 61-07-11

Numismatic Museum

+996 (312) 66-90-15 +1232 +996 (312) 61-24-14

E-mail

mail@nbkr.kg

For Media Relations

press@nbkr.kg

720010, Kyrgyz Republic, Bishkek, Kievskaya St., 189

Share