LogoRegulatory Alerts
2019-08-14 | 130063

Regulation on Minimum Requirements for Internal Control Organization in Commercial Banks to Counter Terrorist Financing and Money Laundering

The National Bank of the Kyrgyz Republic issued this regulation to establish minimum internal control requirements for commercial banks to prevent terrorist financing, money laundering, and the financing of weapons of mass destruction. The document mandates that bank Boards of Directors and Management ensure robust compliance programs, including risk assessments, customer due diligence, and the appointment of a dedicated AML/CFT officer. It further requires regular internal audits of these controls and strict reporting obligations to the Financial Intelligence Unit.

National Bank of the Kyrgyz Republic logo

Kyrgyzstan

National Bank of the Kyrgyz Republic

Click to view thumbnail

Back

Print Version

Creation Date: 2026-01-30

Appendix 1 to the Resolution of the Board of the National Bank of the Kyrgyz Republic of August 14, 2019 No. 2019-P-12/42-1-(NPA)

REGULATION

On the Minimum Requirements for the Organization of Internal Control in Commercial Banks for the Purpose of Countering the Financing of Criminal Activities and the Legalization (Money Laundering) of Criminal Proceeds

(As amended by the Resolutions of the Board of the National Bank of the Kyrgyz Republic of September 15, 2021 No. 2021-P-12/51-1, December 14, 2022 No. 2022-P-12/78-10, December 28, 2022 No. 2022-P-12/83-7, December 27, 2023 No. 2023-P-12/82-7, January 17, 2024 No. 2024-P-12/1-3, December 19, 2025 No. 2025-P-12/68-2-(NPA))

Chapter 1. General Provisions

  1. This Regulation is developed to define the minimum requirements for the organization of internal control in commercial banks, including those operating in accordance with Islamic principles of banking and financing, banks with an Islamic window, microfinance companies attracting deposits, JSC "Financial Company of Credit Unions", housing-savings credit companies (hereinafter - Banks), for the purpose of countering terrorist financing and the legalization (money laundering) of criminal proceeds, as well as countering the financing of extremist activities, financing of organized groups or criminal communities, and financing of the proliferation of weapons of mass destruction (hereinafter - CF/ML), as well as conducting operations having signs of suspicious transactions.

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

  1. The National Bank of the Kyrgyz Republic (hereinafter - National Bank) conducts inspections of Banks' activities regarding the organization of internal control for the purposes of CF/ML and sends information about its results to the authorized state body in the field of CF/ML (hereinafter - Financial Intelligence Unit).

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

Chapter 2. Concepts and Definitions

  1. For the purposes of this Regulation, the following concepts are used:

  1. Beneficial Owner - a natural person (natural persons) who ultimately (through a chain of ownership and control) directly or indirectly (through third parties) owns the right of ownership or controls the client, or a natural person on whose behalf or in whose interests the transaction (deal) is carried out.

  2. Close Relatives (parents, adoptive parents, adopted children, full and half-brothers and sisters, grandfathers, grandmothers, grandchildren, with respect to whom a public official bears financial costs, in part covering expenses for living, education, healthcare, and other necessary expenses).

  3. Verification - a procedure for checking the identification data of the client and (or) the beneficial owner.

  4. High-Risk Countries - states and territories (entities) that do not apply or apply insufficiently international standards for countering money laundering, terrorist financing, and financing of the proliferation of weapons of mass destruction, as well as offshore zones.

  5. Identification of Transactions Subject to Control and Reporting - a stage of the Bank's internal control organization for CF/ML purposes, which includes determining transactions subject to control and reporting to the Financial Intelligence Unit in accordance with the requirements of the regulatory legal acts of the Kyrgyz Republic.

  6. CF/ML Officer - a bank employee (at the level of the head of the compliance control service) appointed for the purpose of organizing internal control for CF/ML, having access to all information concerning identification, verification, identification, recording, and transmission of data to the Financial Intelligence Unit.

The CF/ML Officer, for the purpose of operational execution of their functions, has the right to transfer powers to employees under their command. At the same time, this circumstance does not relieve the officer of responsibility for improper performance of their functions.

  1. Identification - a procedure for establishing identification data about the client and (or) the beneficial owner.

  2. Source of Funds - information about the origin of specific funds or assets that are the subject of business relations between the client and the bank. The received information must be substantive, indicating the source and/or grounds for obtaining or acquiring these funds or assets.

  3. Source of Other Property - information about the origin of the aggregate property of a public official (source of formation of all assets belonging to the client). The received information reflects data about the client's status and how the client acquired it.

  4. Client - a natural or legal person (organization), foreign trust, or legal entity, accepted for service or currently being served by a bank, or with whom banks establish or have established business relations.

  5. Financial Intelligence Unit - the authorized state body of the Kyrgyz Republic in the field of countering the financing of criminal activities and the legalization (money laundering) of criminal proceeds.

  6. Suspicious Transaction (Deal) - a transaction (deal) falling under the following signs:

a) if there is suspicion or sufficient grounds to suspect that the funds are proceeds obtained through criminal means, including predicate crimes, or are related to the legalization (money laundering) of criminal proceeds;

b) if there is suspicion or sufficient grounds to suspect that the funds are related to financing:

  • terrorists and extremists;

  • terrorist and extremist organizations (groups);

  • terrorist and extremist activities;

  • proliferation of weapons of mass destruction;

  • organized groups or criminal communities.

A suspicious transaction (deal) is determined by the CF/ML Officer within the framework of legislation in the field of CF/ML for transactions carried out with the funds or other property of the client and the beneficial owner.

  1. Internal Control Program - internal measures, procedures, and control systems applied by the bank for the purpose of complying with the legislation of the Kyrgyz Republic in the field of CF/ML.

  2. Public Officials - one of the following natural persons:

a) foreign public official - a person performing or having performed significant state or political functions (public functions) in a foreign state (heads of state or government, senior officials in government, courts, armed forces, state bodies, enterprises or institutions, prominent political figures, including prominent figures of political parties);

b) national public official - a person holding or having held a political and special state position in the Kyrgyz Republic, provided for by the Registry of State and Municipal Positions approved by the President of the Kyrgyz Republic, as well as senior management of state corporations, prominent political figures, including prominent figures of political parties;

c) public official of an international organization - a senior official of an international organization entrusted or having been entrusted with important functions by an international organization (heads, deputy heads, and board members of an international organization or persons holding equivalent positions in an international organization).

  1. Risk-Based Approach - the application of enhanced measures in the presence of a high level of risk or simplified measures in the presence of a low level of risk in accordance with established risk management procedures (identification, assessment, monitoring, control, risk reduction).

  2. Sanctions Lists - The Consolidated Sanctions List of the Kyrgyz Republic and the Consolidated Sanctions List of the UN Security Council.

The procedure for forming and publishing sanctions lists is provided for in the Regulation "On Lists of Natural Persons and Legal Entities, Groups and Organizations, Regarding Which There Is Information About Their Participation in Criminal Activities and the Legalization (Money Laundering) of Criminal Proceeds", approved by the Resolution of the Cabinet of Ministers of the Kyrgyz Republic of November 14, 2025 No. 739.

  1. Targeted Financial Sanctions - freezing of any transactions (deals) and (or) funds of natural and legal persons, groups, and organizations included in the Sanctions Lists, and (or) restricting access (direct or indirect) of such persons, groups, and organizations to any funds or financial services.

The concept of "extremist activity" corresponds to the norms of the conceptual apparatus of the Law of the Kyrgyz Republic "On Countering Extremist Activity".

"Islamic Bank", "Bank with an 'Islamic Window'", "Islamic principles of banking and financing", "Sharia standards", "Sharia Council" - these terms correspond to the norms of the conceptual apparatus of the Law of the Kyrgyz Republic "On Banks and Banking Activity" and regulatory legal acts of the National Bank.

All other concepts used in this sphere must not contradict the main concepts set out in this chapter.

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

Chapter 3. Bank Activities in the Field of CF/ML

  1. Bank activities in the field of CF/ML, taking into account its subsidiaries and affiliated companies, include the following components:

  1. implementation of the internal control program for CF/ML;

  2. assessment of the effectiveness of internal control for CF/ML by the Bank's internal audit service;

  3. appointment of a CF/ML Officer and a person who will replace the CF/ML Officer in case of their dismissal (reserve cadre);

  4. training of bank employees participating in the implementation of the CF/ML policy.

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

  1. The Board of Directors jointly with the Management of the Bank is responsible for ensuring adequate and effective Bank activities in the field of countering the financing of criminal activities and the legalization (money laundering) of criminal proceeds, as well as preventing the Bank's involvement in conducting operations having signs of suspicious transactions.

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

  1. The Board of Directors is responsible for:

  • approving adequate and effective policy in the field of CF/ML;

  • approving the internal control program in the field of CF/ML, as well as exercising control over its implementation;

  • determining measures to ensure the effective work of the CF/ML Officer;

  • appointing and dismissing the CF/ML Officer;

  • reviewing the report of the internal audit service and reports of the CF/ML Officer;

  • determining measures aimed at eliminating deficiencies in the field of CF/ML identified by the internal audit service and indicated in the report of the CF/ML Officer, as well as controlling their implementation.

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

  1. The Management of the Bank is responsible for:

  • ensuring the implementation of the policy and internal control program in the field of CF/ML approved by the Board of Directors of the Bank;

  • ensuring control over the execution of the legislation of the Kyrgyz Republic in the field of CF/ML;

  • ensuring the training of bank employees in the field of CF/ML;

  • ensuring the implementation of measures aimed at eliminating deficiencies in internal measures, procedures, and the internal control system, as well as ensuring the conduct of independent audits;

  • ensuring compliance with the requirements of the regulatory legal acts of the Kyrgyz Republic concerning the opening of bank accounts (including identification and verification of clients and beneficial owners), conducting transactions on accounts, and terminating contracts with clients (account holders) and depositors.

The Bank Management must take exhaustive measures to prevent the Bank's involvement in conducting operations having signs of suspicious transactions.

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

Chapter 4. Internal Control Program for CF/ML

  1. The Internal Control Program for CF/ML is part of the Bank's internal control system and must ensure the conduct in the Bank of at least the following activities:

  1. organization of internal control aimed at establishing the powers and responsibilities of decision-making officers, interaction, and accountability between persons and subdivisions involved in the CF/ML process;

  2. implementation of measures to identify, assess, monitor, manage, reduce, and document risks of terrorist financing, proliferation of weapons of mass destruction, and legalization (money laundering) of criminal proceeds (hereinafter - TF/ML Risk);

  3. maintaining the TF/ML Risk assessment in an up-to-date state (updating no less than once a year) and providing information on the risk assessment to the National Bank and the authorized Financial Intelligence Unit (if necessary);

  4. when conducting TF/ML Risk assessment, considering all risk factors, and then determining the overall level of risk and measures to reduce it;

  5. having internal regulatory documents approved by the Board of Directors that ensure effective management of TF/ML Risk reduction, as well as taking into account risks identified at the country and/or relevant sector level;

  6. conducting monitoring of the application of control measures, expanding them if necessary, and applying measures to manage and reduce identified high TF/ML Risks;

  7. conducting proper customer due diligence, including:

  • identification and verification of the client (one-time and permanent);

  • obtaining information about the purpose and intended nature of business relations with the client;

  • identification of the beneficial owner and taking available and reasonable measures to verify the beneficial owner of clients, including those that are legal entities (foreign trusts, etc.);

  • identification and verification of client transactions that are most susceptible to the risk of use for financing criminal activities and legalization (money laundering) of criminal proceeds, conducting operations having signs of suspicious transactions;

  • identification and verification of Bank transactions for all banking products and services that are most susceptible to the risk of use for financing criminal activities and legalization (money laundering) of criminal proceeds, conducting operations having signs of suspicious transactions;

  • documentary recording of information obtained as a result of identification and verification of the client and beneficial owner;

  • storage and updating of information and documents about the client's activities and financial status, as well as information and documents obtained as a result of proper customer due diligence;

  • conducting continuous proper customer due diligence throughout the entire period of business relations with the client and analyzing the compliance of transactions (deals) conducted by the client with existing information about the content of their activities, financial status, and source of funds, as well as about the nature of risks of financing criminal activities and legalization (money laundering) of criminal proceeds.

The above-mentioned measures for proper customer due diligence are applied in cases and in the manner established by the Cabinet of Ministers of the Kyrgyz Republic, as well as taking into account the results of risk assessment.

  1. identification in the client's activities of transactions subject to control and reporting;

  2. identification in the client's activities of transactions having signs of suspicious transactions, in accordance with the requirements of the Financial Intelligence Unit, to confirm the validity or refute suspicions of the client carrying out such transactions;

  3. establishing the procedure and grounds for refusing to open accounts to potential clients and correspondent banks, as well as for terminating the service of client accounts and correspondent relations with banks;

  4. suspending transactions (deals) and applying targeted financial sanctions against persons included in the Sanctions Lists.

Suspension of transactions (deals) and application of targeted financial sanctions is carried out by the Bank in accordance with the Regulation "On the Procedure for Suspension of a Transaction (Deal), Freezing and Unfreezing of a Transaction (Deal) and (or) Funds, Providing Access to Frozen Funds, and Management of Frozen Funds", approved by the Resolution of the Cabinet of Ministers of the Kyrgyz Republic of November 14, 2025 No. 739;

  1. applying measures against high-risk countries in accordance with the requirements of the Regulation "On the Procedure for Applying Measures (Sanctions) Against High-Risk Countries", approved by the Resolution of the Cabinet of Ministers of the Kyrgyz Republic of November 14, 2025 No. 739;

  2. timely submission to the Financial Intelligence Unit of information and documents, as well as reports on transactions (deals) subject to control and reporting;

  3. ensuring the storage of information and documents about transactions (deals), as well as information obtained as a result of proper customer due diligence;

  4. ensuring confidentiality of information;

  5. implementation in the Bank of information systems that ensure the prompt provision of accurate and exhaustive information about the Bank's activities, including client transactions;

  6. establishing control and monitoring of the Bank's constant compliance with the legislation of the Kyrgyz Republic on CF/ML issues;

  7. establishing control over Bank employees whose activities are subject to high risk (cashiers, credit inspectors, employees of operational subdivisions of the Bank, etc.), reflecting in the job descriptions of employees of the corresponding subdivisions of the Bank the functions and duties for implementing the CF/ML policy;

  8. conducting monitoring of the application of the internal control program and internal documents of the Bank in the field of CF/ML and improving them if necessary;

  9. ensuring the performance of other duties provided for in the legislation of the Kyrgyz Republic in the field of CF/ML.

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

  1. For the purposes of CF/ML, Banks are obliged to develop a policy for organizing internal control in accordance with the requirements of this Regulation and the legislation of the Kyrgyz Republic in the field of CF/ML, which must be approved by the Board of Directors of the Bank. This policy is part of the general policy for organizing the Bank's internal control system.

The policy for organizing internal control for the purposes of CF/ML must define the principles for building the Bank's internal CF/ML system.

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

  1. The Bank must develop and ensure the implementation of internal control programs by its branches and representative offices, as well as subsidiaries and affiliated companies operating on the territory of the Kyrgyz Republic and foreign states.

In the event that the legislation of a foreign state does not allow the application of internal control programs and the requirements of the legislation of the Kyrgyz Republic in the field of CF/ML, the Bank's branches and representative offices, as well as subsidiaries and affiliated companies, apply necessary risk management measures and report this to the National Bank of the Kyrgyz Republic.

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

Chapter 5. Assessment of the Effectiveness of Internal Control for CF/ML by the Bank's Internal Audit Service

  1. The assessment of the effectiveness of the internal control system for CF/ML is carried out by the Bank's internal audit service no less than once a year or more often, depending on the level of transaction risks and the dynamics of the Bank's performance indicators.

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

  1. During the assessment of the effectiveness of internal control for CF/ML, the Internal Audit Service conducts at least the following:

  • assessment of the effectiveness of the organization of the internal control system, including policies, procedures, and the organization of the Bank's activities for CF/ML;

  • assessment of the methodology for determining risk levels accepted by the Bank;

  • assessment of the measures applied by the Bank to assess the Bank's exposure to TF/ML risks and manage them;

  • selective testing of the activities of the CF/ML Officer, including the software used, including compliance with the Bank's policies and procedures;

  • assessment of the measures applied by the Bank's Management, Board of Directors, and Board of Directors to eliminate violations identified during previous inspections by the Bank's internal audit service, external audit, National Bank, or Financial Intelligence Unit;

  • review-assessment of internal control, including assessment of the software used for the degree of effectiveness in identifying and forming reports on transactions (deals) subject to control and reporting;

  • verification of the adequacy of the reports of the CF/ML Officer provided to the Board of Directors and their compliance with the minimum requirements of the National Bank;

  • verification of the compliance of employee training programs participating in the implementation of the CF/ML policy.

As a result of the inspection of the Bank's structural subdivisions for compliance with the internal control system for CF/ML, the internal auditor develops recommendations, which are also transmitted to the CF/ML Officer for information.

  1. For the purpose of high-quality and comprehensive conduct of the audit, the Internal Audit Service conducts discussions with the CF/ML Officer to obtain information about internal measures, procedures, and control systems in the field of CF/ML, as well as information about existing problems. The internal auditor must have access to all materials and reports of the Bank.

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

  1. As a result of the conducted audit, the Internal Audit Service prepares a report on the results of the assessment of the effectiveness of internal control for CF/ML, including information on:

  1. risks of financing criminal activities and legalization (money laundering) of criminal proceeds;

  2. violations of internal control programs and other internal documents of the Bank in the field of CF/ML;

  3. violations of the legislation of the Kyrgyz Republic in the field of CF/ML;

  4. recommended measures necessary to eliminate and prevent identified violations.

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

  1. The internal auditor's report on the results of the assessment of the effectiveness of internal control for CF/ML is submitted to the Board of Directors within 5 (five) working days from the date of signing the report for subsequent consideration and adoption of measures to eliminate identified violations and prevent them in the future.

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

Chapter 6. Officer Appointed for the Organization of Internal Control for CF/ML

  1. For the purpose of developing and implementing internal control policy, corresponding procedures, as well as other internal organizational measures for CF/ML, the Board of Directors approves an officer accountable to the Board of Directors (hereinafter - CF/ML Officer) and takes measures to ensure continuity, independence, impartiality, professional competence, and effective organization of working conditions.

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic of December 19, 2025 No. 2025-P-12/68-2-(NPA))

  1. The tasks of the CF/ML Officer are:
  1. taking appropriate measures to minimize the risk of the Bank's involvement and the participation of its employees in committing criminal (illegal) acts related to the financing of criminal activities
Share