LogoRegulatory Alerts
2022-12-30 | 112199

Recommendations on Compliance with Minimum Requirements for Credit Union Information Systems Imposed by the National Bank of the Kyrgyz Republic

The Supervisory Committee of the National Bank of the Kyrgyz Republic issued these recommendations to establish minimum standards for the information systems of credit unions holding deposits. The document mandates that systems must ensure functional accounting, credit and deposit management, and robust security through multi-level access controls and data protection protocols. It further requires the use of licensed software, defined operational procedures, and contractual accountability for third-party developers to ensure regulatory compliance and data integrity.

National Bank of the Kyrgyz Republic logo

Kyrgyzstan

National Bank of the Kyrgyz Republic

Click to view thumbnail

Return to previous page

Print version

Date of creation: 2023-01-20

Approved

by the Resolution of the Supervisory Committee of the National Bank of the Kyrgyz Republic

of July 26, 2005 No. 39/1

RECOMMENDATIONS

on compliance with the minimum requirements for the information system of credit unions imposed by the National Bank of the Kyrgyz Republic

(In the edition of the Resolutions of the Committee of the NB KR of June 29, 2017 No. 22/2, December 30, 2022 No. 43/2)

  1. General Provisions

1.1. These recommendations are developed in accordance with the Regulation "On Licensing of Credit Unions", according to which, in order to obtain a license for the right to attract deposits (deposits) from participants, a credit union must have an information system that meets the minimum requirements imposed by the National Bank of the Kyrgyz Republic.

(In the edition of the Resolution of the Committee of the NB KR of June 29, 2017 No. 22/2)

1.2. The purpose of this document is to describe the minimum requirements imposed by the National Bank of the Kyrgyz Republic on the information system of credit unions, and to assist credit unions in developing information systems, selecting, and implementing software.

1.3. In this document, the term "Information System of a Credit Union", hereinafter referred to as IS, implies a system based on the use of computing equipment, software, computer databases, and methods of their use for input, processing, storage, transmission, and output of financial and managerial information.

1.4. Processing and storage of accounting information in the IS of credit unions having the right to accept deposits (deposits) from participants of the credit union must be carried out by computerized means in compliance with the following main criteria: functionality; security and reliability; general requirements for computer databases, programs, and user interface.

1.5. Employees of Credit Unions are direct users of the IS. Supervisory authorities, if necessary, are also users of the system to obtain information from the IS.

  1. Computer Databases, Programs, and User Interface

2.1. The computer database of a credit union is one of the key elements in the information system of a credit union and represents a set of interconnected electronic tables storing information about the activities of the credit union, its clients, operations, etc., and intended for multifunctional use and modification.

Each table in the database must collect information grouped by a certain direction of the credit union's activity (for example: working chart of accounts, general ledger, auxiliary books for loans, deposits, fixed assets, income, expenses, savings shares, etc.).

The structure of tables and their interrelationships in the database must correspond to the organization of accounting in the credit union. Tables in the database must be maximally normalized, i.e., the same information in different tables should not be repeated.

2.2. Programs are tools used by the information system to search, select, process, and transmit information from the database. Programs must perform all necessary calculations with the required accuracy.

2.3. The interface is a control panel and various buttons and forms necessary to access the database and launch programs. The IS interface must be simple and understandable, and also allow performing all necessary actions with the database and programs.

2.4. It is recommended to create the IS primarily on the basis of existing database management systems and application software packages. The IS must allow, if necessary, replacement or modification of the database, programs, and system interface without correcting the software module as a whole.

  1. Functionality of the IS

3.1. Functionality is the ability of the IS to ensure the activities of the credit union in: performing daily operations; monitoring and managing risks; maintaining accounting records; preparing and providing reports to regulatory authorities, participants, and management of the credit union, as well as all other interested parties.

3.2. Minimum requirements for the functionality of the IS of a credit union are determined by the following main components:

  • accounting information system;
  • loan accounting;
  • deposit accounting;
  • client information;
  • output reports.

Normative Requirements for Functionality

Regulatory Documents

Accounting Information System

  1. Accounting of operations using the double-entry method

  2. Compliance with the accounting cycle

  3. Chart of accounts and the ability to modify it

  4. Integration of the synthetic accounting system with the analytical accounting system for credit and deposit accounts

  5. Organization of the general ledger and auxiliary books in accordance with the accounting policies of the credit union

Regulation "On Requirements for the Accounting Policy of Commercial Banks and Other Financial and Credit Organizations Licensed by the National Bank of the Kyrgyz Republic"

  1. Other cash operations of the Credit Union, not including work with credit and deposit accounts

  2. Accounting for other operations of the Credit Union, not including work with credit and deposit accounts

  3. Periodic operations (opening, closing the operating day, closing the month, closing the financial year)

Loan Accounting

  1. Filling out a loan application by the client, determining the terms of issuing the loan by the credit employee

  2. Consideration of the application by the Credit Committee, making changes to the terms (if required) and making a decision on issuing the loan

  3. Formation of the loan contract and disbursement of the loan

  4. Obtaining information about the loan during the work process

  5. Notification of upcoming repayment for issued loans

  6. Loan repayment (partial), interest, penalties

  7. Restructuring, changing terms, repayment schedule; prolongation, reissuance of the loan to another person, etc., for already issued loans

  8. Adjusting entries, reversals of previously made entries

  9. Introduction of new credit products and development of the range of provided credit services

  10. Monitoring and reporting on issued loans

  11. Full repayment of all loan debts and closing the account

  12. Reporting

Deposit Accounting

  1. Opening a deposit account and accepting deposits

Regulation "On Requirements for the Accounting Policy of Commercial Banks and Other Financial and Credit Organizations Licensed by the National Bank of the Kyrgyz Republic"

  1. Obtaining information about the current state of the deposit account

  2. Accrual and payment of interest on deposits. Capitalization of interest

  3. Tax on interest

  4. Reversing entries. Changing terms for accepted deposits

  5. Payment of funds from deposit accounts and closing accounts

  6. Reporting

Client Information

  1. Filling out an application for participation in the credit union. Registration and assignment of an identification number to the client

Operations with Savings Shares

  1. Opening a savings share account

  2. Accepting a savings share from a participant

  3. Obtaining information about the share account

  4. Changing account data and blocking the account (if necessary)

  5. Reversing incorrectly made entries

  6. Introduction of new types of share accounts and expansion of the participant base through improvement of operations on share accounts

  7. Exit of participants from membership in the Credit Union and closing the account

  8. Reporting

Output Reports

  1. Accounting reporting. The IS of the credit union must perform necessary calculations and generate key reports upon user command

Regulation "On Requirements for the Formation, Publication, and Submission to the National Bank of the Kyrgyz Republic of Financial Reporting of Non-Bank Financial and Credit Organizations"

  1. Reports reflecting information for controlling operations carried out over a certain period of time

  2. Reports on periodic operations (opening of the operating day, closing of the day, closing of the month, closing of the financial year)

  3. Reports created by the user and the report designer

(In the edition of the Resolution of the Committee of the NB KR of June 29, 2017 No. 22/2,

December 30,

2022 No. 43/2)

  1. Security and Reliability

4.1. Security and reliability of the IS - protection of the integrity and confidentiality of electronic information, as well as protection of hardware and software used for input, processing, transmission, and storage of electronic information, and their interrelationships.

4.2. Security - protection of data from unauthorized access, implying the introduction of means preventing the extraction and updating of data by unregistered users.

4.3. IS security covers three groups of controls: organizational, functional, and physical, which represent an indivisible whole.

IS security must be built based on the specific structure of the information system, taking into account the features of its individual elements. All elements of IS security provision are functionally divided into several levels.

Hardware level - related to ensuring security in the use of IS equipment. The hardware level must include technical means to protect against unauthorized use of equipment, its destruction or theft, to ensure equipment fault tolerance, as well as its restoration or replacement.

Application level - related to ensuring security in the use of resources of application programs by IS users. The application level must have its own protection means against unauthorized operations of users working with application programs.

System level - related to managing access to operating system resources. At this level, direct interaction with users occurs, application programs are launched, and interaction between the IS and users is managed. Due to the special importance of the system level, special attention must be paid to protecting system resources from unauthorized access.

4.3. In the credit union, policies and procedures for ensuring the IS must be developed and approved, including policies providing users with only those information resources that are explicitly assigned to them.

4.4. The security system must restrict access to databases and consist of several levels:

  • Level 1, access to data and operations on them are restricted at the level of the software application, this is achieved by giving each operator a certain range of rights and abilities to perform certain operations according to functional duties, and each operator has their own access password, which must be changed periodically. Also, each entry and exit from the system, and the operation performed by the operator, are recorded in a specific log.

  • Level 2, Activation Keys system - this system provides for the presence of activation keys for each software module, without the presence of these keys, operations in these modules are impossible. Activation keys are supplied by software manufacturers after payment for licenses for each specific module.

  • Level 3, access to data is restricted by network security means.

  • Level 4, access to data is restricted by database management system (DBMS) security means, using a password to access databases.

  • Level 5, provides for force majeure circumstances, i.e., loss or damage of data, due to computer breakdown or its parts, due to: wear and tear, poor equipment quality, physical impact, voltage "spikes", fire, flood, etc. In this case, the software provides a function of automatic creation of daily backup copies, so-called "BACKUP". This copy must be copied to another storage medium and stored separately in fireproof cabinets or safes. And in case of data loss, their recovery from the backup copy takes a few minutes and does not affect the normal operation of the financial institution.

  1. Final Provisions

5.1. When developing and implementing the IS, it is recommended to use licensed packages of database management systems and application software.

5.2. When developing and implementing the IS by third-party organizations or attracted specialists, it is mandatory to indicate in the contract their responsibility for the compliance of the developed system with the needs of the credit union and these requirements, as well as mutual obligations and further actions if it becomes necessary in the future to introduce corrections and improvements to the IS.

Contacts

Public Reception

+996 (312) 61-04-86 +996 (312) 66-90-15 +1257, +1256

Department for the Protection of Consumer Rights

+996 (312) 66-90-15 +1671, +1666

Report Corruption

+996 (312) 66-90-15 +2120 +996 (312) 61-04-00

Auto-informer of Official Currency Rates

+996 (312) 61-07-11

Numismatic Museum

+996 (312) 66-90-15 +1232 +996 (312) 61-24-14

E-mail

mail@nbkr.kg

For work with the media

press@nbkr.kg

720010, Kyrgyz Republic, Bishkek, Kievskaya St., 189

Share