LogoRegulatory Alerts
2022-01-01

Instruction No. 2022-12/IMF on Internal Control

The Central Bank of Djibouti issued Instruction No. 2022-12/IMF mandating that all microfinance institutions establish and maintain a size-appropriate internal control system covering risk mapping, accounting organization, and compliance monitoring. The directive requires institutions to draft and update a procedures manual, conduct annual board reviews of internal control effectiveness, and submit a detailed annual report to the statutory auditor and the Central Bank by April 30. The annex specifies mandatory reporting components, including organizational structures, risk assessments, transaction logs with directors and members, and evaluations of control outcomes and audit recommendations.

Banque Centrale de Djibouti logo

Djibouti

Banque Centrale de Djibouti

Click to view thumbnail

CENTRAL BANK OF DJIBOUTI

INSTRUCTION NO. 2022-12/IMF

ON INTERNAL CONTROL

The Governor of the Central Bank of Djibouti,

Having regard to Law No. 118/AN/11/6th L of January 22, 2011 amending the statutes of the Central Bank of Djibouti;

Having regard to Law No. 179/AN/07/5th L of May 16, 2007 regulating microfinance activities on the territory of the Republic of Djibouti;

Having regard to Law No. 117/AN/11/6th L of May 25, 2011 regulating financial cooperatives;

Having regard to the Commercial Code, Book 3 on Company Law;

Having regard to Law No. 119/AN/11/6th L of January 22, 2011 on the establishment and supervision of credit institutions and financial auxiliaries;

Having regard to Decree No. 2018-171/PRE of May 8, 2018 appointing the Governor of the Central Bank of Djibouti.

Has decreed:

Article 1: Every microfinance institution (MFI) must establish an internal control system appropriate and adapted to its size.

Article 2: The terms "internal control system", "internal audit" and "audit charter" mean the following:

  • Internal control system: the set of mechanisms, human and technical resources, such as organization, procedures and systems aimed at ensuring:
    • The security of operations, assets and personnel;
    • The efficiency and quality of services;

  • Compliance with legal and regulatory provisions, professional and ethical standards and practices;

  • The promotion of a control and ethics culture;

  • The production and dissemination of reliable, quality information available in a timely manner;

  • Compliance with the objectives, rules and limits set by senior management;

  • The management of significant risks.

  • Internal audit: the function or entity whose mission is to continuously ensure that the internal control framework is effective and, if not, to quickly detect weaknesses to assist management in implementing appropriate solutions.

  • Audit charter: a document describing the objectives assigned to internal audit and approved by the various governing bodies. The content of said document must be understood by management and the institution's staff. The audit charter must include at least the following points:

    • The objectives of internal audit;
    • Its scope of competence;
    • The position of internal audit within the organization;
    • The responsibilities and powers of internal audit.

This document must grant the internal auditor the authority to intervene in all areas, access all information sources, and act on their own initiative.

Article 3: Every microfinance institution (MFI) is required to implement an internal control system covering all aspects relating to its organization and operations, enabling it to assess:

Risk Mapping:

  • Its financial policies and practices;
  • The quality and reliability of its accounting;
  • The effectiveness of its internal control;
  • The compliance of its operations with legislative and regulatory texts, its governing statutes, as well as with professional and ethical standards and practices, and with the management guidelines and standards formulated by its Board of Directors;
  • The quality, completeness and reliability of information, whether intended for the Central Bank, the Board of Directors, its management officials or its General Assembly;
  • The conditions for the evaluation, recording, retention and availability of this information.

The internal control system must be adapted to the nature, volume of activities and size of the MFI, as well as to the various types of risks to which the institution is exposed.

Article 4: Every MFI shall draft and maintain a procedures manual relating to its various activities. This document must in particular describe the methods for recording, processing and reporting information, accounting frameworks and transaction processing procedures.

The procedures manual shall, under the same conditions, establish documentation specifying the means intended to ensure the proper functioning of internal control, including:

  • The different levels of responsibility;
  • The delegated responsibilities and resources allocated to the functioning of internal control;
  • Procedures relating to the security of information and communication systems;
  • A description of risk measurement systems.

The documentation shall be organized so as to be made available, upon request, to members of the various governing bodies, external auditors and inspectors of the Central Bank.

Article 5: Every MFI must ensure that the accounting organization established to finalize the balance sheet, income statements and all other financial statements guarantees the existence of a set of procedures enabling:

  • To reconstruct operations in chronological order;
  • To substantiate any information with an original document from which it must be possible to trace uninterrupted back to the summary document and vice versa;
  • To explain the evolution of balances from one closing to the next by retaining the transactions affecting accounting items.

Each amount appearing in the accounting statement and its annexes and in other documents submitted to the Central Bank must be verifiable, in particular from the detail of the elements composing it.

Every MFI is required to retain all files and any other accounting records necessary to substantiate documents for at least ten years.

Article 6: At least once a year, the Board of Directors of the MFI shall review the internal control activity and results based on the information transmitted to it for this purpose by the management or the

audit committee of the institution and, where applicable, by the internal audit department. It shall prepare a report on the conditions under which internal control is ensured.

Article 7: Annex

The internal control report must include a presentation of significant developments since the previous fiscal year relating to activity, organization and the internal control framework. It shall be supplemented by any document the institution deems useful to inform the Central Bank of Djibouti of developments in its risks and control framework during the past year.

This report shall be submitted annually to the statutory auditor and to the Central Bank, no later than April 30 following the end of the fiscal year.

Article 8: This Instruction shall enter into force upon its signature.

Done in Djibouti, on March 14, 2022

The Governor

Annex to INSTRUCTION NO. 2022-12/IMF on Internal Control

Internal Control Report for the year …

(Report prepared pursuant to Article 7 of INSTRUCTION NO. 2022-12)

The report prepared pursuant to Article 7 of INSTRUCTION NO. 2022-12 aims to report on the conditions for exercising internal control and the means implemented to ensure this function. It thus seeks to describe the activity of the internal control function as organized within MFIs.

The report must also highlight actions taken during the fiscal year and outline any modifications made to the internal control framework during the past year.

The elements mentioned below must appear in the report to be transmitted to the CBD, pursuant to the aforementioned article. They shall be supplemented by any other relevant information necessary to assess the functioning of the implemented internal control system.

They will cover the following themes:

1. General presentation of the internal control system

  • Name, telephone number and email address of the internal control function manager(s) (ongoing controls);
  • Name, telephone number and email address of the manager, if different, of internal audit (periodic controls);
  • Hierarchical and functional reporting lines of these different managers (attach an organizational chart showing units dedicated to ongoing controls, as well as periodic control, and the hierarchical positioning of their managers);
  • Other functions potentially held by the aforementioned manager(s) within the institution or within other entities of the same group;
  • Summary description of the implemented internal control framework (attach the document, if it exists, that describes this framework in detail);
  • Number of staff assigned to internal control systems – including internal audit;
  • Description, formalization and update date(s) of the procedures relied upon by controllers and/or auditors;
  • Scope (perimeter) of ongoing and periodic controls (activities, processes and entities).

2. Conditions for applying procedures established for each activity

  • Description of activities carried out by the institution
  • Presentation of the main risks generated by these activities;
  • List and summary presentation of internal procedures defined to govern these activities;

3. Accounting organization

  • List, description and update date(s) of procedures relating to the accounting treatment of transactions;
  • Organization established to guarantee the quality and reliability of the audit trail.
  • Attach the reconciliation plan between the internal chart of accounts and the monthly statements transmitted to the CBD.

4. Transactions with directors and executives, and with members

  • List of transactions with directors and executives: specify the identity of beneficiaries, the type of beneficiaries -natural or legal person, director or executive-, the nature of commitments, their gross amount, any deductions made and weights used, the date of their establishment and their maturity date;
  • List of facilities granted to members linked to them: specify the identity of beneficiaries, the type of beneficiaries -natural or legal person, member or executive-, the nature of commitments, their gross amount, any deductions made and weights used, the date of their establishment and their maturity date.

5. Results of internal controls

The entirety of the institution's activities and associated risks (credit risk, concentration risk, foreign exchange risk, operational risk, risks related to money laundering and terrorist financing, among others), must be considered:

a) General information on the MFI b) Key findings outlining the main observations of controllers c) Breaches of regulatory provisions governing MFIs and the institution's internal texts d) Particular situation(s) primarily concerning cases of malice, conflicts of interest and exercise of unauthorized activities e) Findings regarding compliance with MFI internal policies and procedures by executives and employees. f) Assessment of savings management, and credit and signature commitments

g) Evaluation of budgetary procedures and their implementation as well as transactions appearing in clearing accounts. h) Evaluation of the implementation of agreements or conventions binding the MFI to its partners, where applicable. i) Evaluation of the follow-up on the implementation of recommendations from control inspection reports.

Share