Regulation on the Regulation of Payment Organizations and Payment System Operators

---

Back

Print Version

Date of Creation: 2026-05-14

Appendix to the Resolution of the Board of the National Bank of the Kyrgyz Republic dated September 30, 2019 No. 2019-P-14/50-2-(PS)

REGULATION on the Regulation of Payment Organizations and Payment System Operators

(As amended by the Resolutions of the Board of the National Bank of the Kyrgyz Republic dated May 27, 2020 No. 2020-P-14/31-7, June 24, 2021 No. 2021-P-14/34-5, April 27, 2022 No. 2022-P-14/27-3, June 2, 2022 No. 2022-P-14/35-3, February 22, 2023 No. 2023-P-14/11-5, May 11, 2023 No. 2023-P-14/31-1, Resolution of the Supreme Court of the Kyrgyz Republic dated June 13, 2023 No. AD-703/22 abs5, Resolutions of the Board of the National Bank of the Kyrgyz Republic dated August 23, 2023 No. 2023-P-14/53-5, May 22, 2024 No. 2024-P-14/23-2, December 4, 2024 No. 2024-P-14/64-1-(PS), April 30, 2025 No. 2025-P-14/20-2-(PS), December 26, 2025 No. 2025-P-12/70-6-(PS))

Chapter 1. General Provisions

1. This Regulation "On the Regulation of Payment Organizations and Payment System Operators" (hereinafter - the Regulation) defines requirements mandatory for payment organizations and payment system operators holding a license from the National Bank of the Kyrgyz Republic (hereinafter - the National Bank) for:

• providing services for the acceptance, processing, and issuance of financial information (processing, clearing) regarding payments and settlements of third parties to participants of the payment system, this processing/clearing center;
• providing services for the acceptance and conduct of payments and settlements for goods and services, not resulting from their own activities, on behalf of third parties through payment systems based on information technology and electronic means/methods for conducting payments.

Payment organizations, payment system operators, as well as agents/sub-agents of a payment organization must comply with legislative requirements, including in the field of countering the financing of criminal activities and legalization (money laundering) in accordance with the Regulation "On Minimum Requirements for Internal Control Organization in Payment Organizations and Payment System Operators to Counter Financing of Criminal Activities and Legalization (Money Laundering)", approved by the Resolution of the Board of the National Bank of the Kyrgyz Republic dated August 19, 2020 No. 2020-P-14/46-4-(PS).

(As amended by the Resolutions of the Board of the National Bank of the Kyrgyz Republic dated June 24, 2021 No. 2021-P-14/34-5, December 26, 2025 No. 2025-P-12/70-6-(PS))

2. The scope of this Regulation does not extend to:

• payment systems where the operator is the National Bank;
• commercial banks providing services for the acceptance, processing, and issuance of financial information (processing, clearing) regarding payments and settlements within their own system for their own payments;
• commercial banks providing services for the acceptance and conduct of payments and settlements for goods and services, not resulting from their own activities, on behalf of third parties through payment systems based on information technology and electronic means/methods for conducting payments, except for sub-item 2 of item 98 of this Regulation;
• internal systems of economic entities providing acceptance, processing, and issuance of financial information (processing, clearing) regarding payments and settlements within their own structure for their own payments.

3. The National Bank regulates and exercises supervision over payment systems, payment organizations, and payment system operators to ensure the stability, reliability, and safety of the payment system of the Kyrgyz Republic in accordance with normative legal acts of the National Bank.

4. Antimonopoly regulation of the activities of payment organizations and payment system operators regarding consumer rights protection and competition development in the payment services market is carried out within the framework of the Policy and Basic Principles of Antimonopoly Regulation, Competition Development, and Consumer Rights Protection in the Market of Banking Services of the Kyrgyz Republic, provided by commercial banks, other financial-credit organizations, payment organizations, and payment system operators licensed and regulated by the National Bank of the Kyrgyz Republic, approved by the Resolution of the Board of the National Bank of the Kyrgyz Republic dated March 2, 2005 No. 4/1.

5. In case of violation of the requirements of this Regulation, the National Bank has the right to apply enforcement measures against payment organizations, payment system operators, and other participants of the interbank payment system in accordance with the legislation of the Kyrgyz Republic.

Chapter 2. Terms and Definitions Used

6. The following terms and definitions are used in this Regulation:

Automated System (AS) - a system consisting of an integrated hardware-software complex of automation tools, methods, and measures implementing the information technology for performing established functions.

Agent - a legal entity or individual entrepreneur who has concluded an agency agreement with a payment organization to carry out activities for accepting payments from individuals and legal entities on behalf of suppliers of goods, works, and services.

Agency Agreement - an agreement concluded between a payment organization and an agent regarding the provision of services specified in this Regulation. In this case, the payment organization bears responsibility for the agent's actions.

Partner Bank - a bank authorized to conduct identification and verification procedures for users of the Mobile Agent Application (MAA) in accordance with legislation on countering financing of criminal activities and legalization (money laundering) (hereinafter - CFCA/LA).

Information System - a system designed for storing, searching, and processing information, along with corresponding organizational resources through which information is ensured and disseminated.

Identifier - a unique attribute of an access subject or object.

User of the Automated System - a subject registered in the automated system and using its resources (employees, agents, clients, or other persons) with different access rights.

Authentication - verification of the belonging of an access object/subject to the presented identifier or confirmation of authenticity.

Authorization - the process of granting a specific object/subject rights to perform certain actions in accordance with their role in the system.

Information Confidentiality - a state of resources where the processing, storage, and transmission of information assets are conducted such that information assets are accessible only to authorized users.

Information Integrity - the property of information to maintain unaltered state or detect changes in its information assets.

Information Availability - the property of information whereby information assets are provided to an authorized user, in the form and location necessary for the user, at the time when they are needed.

Information Security - preservation of confidentiality, integrity, and availability of information assets.

Sub-agent - a legal entity or individual entrepreneur who has concluded a sub-agency agreement with an agent of a payment organization to carry out activities for accepting payments from individuals and legal entities on behalf of suppliers of goods, works, and services (hereinafter - goods/services). In this case, the payment organization bears responsibility for the sub-agent's actions.

Mobile Agent Application (MAA) - a tool (software) provided by an agent of a payment organization, who is simultaneously a supplier of goods/services, through which users access via mobile devices/applications, and by means of which the payment organization independently or through an agent provides services for accepting payments on behalf of third parties using funds returned to the user (client)/subscriber of this supplier as an advance payment/prepayment or parts thereof credited to their account.

MAA User - an individual or individual entrepreneur, simultaneously a client of the payment organization and a subscriber of a supplier of goods and services acting as an agent of the payment organization, who uses the MAA to conduct payments and other operations (services) in accordance with the legislation of the Kyrgyz Republic.

Agent's Web Cash Register - access to the payment system of a payment organization via various devices (mobile phone, personal computer, tablet, etc.), provided to the agent of a payment organization for conducting payments.

Payment by Payment QR Code - cashless payment for goods or services using a mobile application of a bank/payment system or other devices by reading two-dimensional bar code symbols (QR Code).

Acquiring - activities related to owning and maintaining a network of peripheral devices for accepting payments using bank payment cards and other payment instruments/technologies based on agreements with trade-service enterprises for accepting and conducting payments and settlements for goods and services according to the rules of respective payment systems.

Depending on the instruments used for conducting settlements, acquiring includes the following main types:

Merchant Acquiring - a service provided by an acquirer to trade-service enterprises (hereinafter - TSE) for installing POS-terminals and other peripheral devices to accept cashless payments using various payment instruments based on a concluded agreement.

Internet Acquiring - a service provided by an acquirer for accepting cashless payments using payment cards and electronic money for goods and services sold through trading platforms and online stores via a special web interface that ensures the transmission of payment information and maintains its confidentiality.

Mobile Acquiring - a service provided by an acquirer for accepting cashless settlements using payment cards through a mobile application and a special mobile POS-terminal (mPOS-terminal) using a mobile phone or tablet.

Other terms and definitions used in this Regulation are understood according to their generally accepted meaning in the legislation of the Kyrgyz Republic.

(As amended by the Resolutions of the Board of the National Bank of the Kyrgyz Republic dated May 27, 2020 No. 2020-P-14/31-7, June 24, 2021 No. 2021-P-14/34-5, May 22, 2024 No. 2024-P-14/23-2, December 4, 2024 No. 2024-P-14/64-1-(PS), December 26, 2025 No. 2025-P-12/70-6-(PS))

Chapter 3. Basic Requirements for the Activities of Payment Organizations and Payment System Operators and Their Agents

(Chapter title as amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic dated June 24, 2021 No. 2021-P-14/34-5)

§ 1. Requirements for the Activity of a Payment System Operator

7. A payment system operator may engage only in the types of activities specified in its license, as well as provide consulting/information services and carry out other activities that are ancillary to or necessary for its main activity.

A payment system operator may provide retail banking services in accordance with an agency agreement concluded with a commercial bank of the Kyrgyz Republic in compliance with normative legal acts of the National Bank.

A payment system operator may combine its activities only with the activity of a payment organization.

Transfer of the license and rights thereunder to another entity for licensed activities is prohibited.

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic dated June 24, 2021 No. 2021-P-14/34-5, Resolution of the Supreme Court of the Kyrgyz Republic dated June 13, 2023 No. AD-703/22 abs5)

7-1. A payment system operator must, within 12 (twelve) months from the date of obtaining its license, conclude agreement(s) with payment system participants and commence activities for accepting, processing, and issuing financial information (processing, clearing) regarding payments and settlements of third parties to participants of the payment system, this processing/clearing center. Otherwise, the license of the payment system operator is subject to revocation in accordance with normative legal acts of the National Bank.

(As amended by the Resolutions of the Board of the National Bank of the Kyrgyz Republic dated June 24, 2021 No. 2021-P-14/34-5, June 2, 2022 No. 2022-P-14/35-3)

8. The authorized capital of a payment system operator must be at least the size established in the normative legal act of the National Bank on the minimum authorized capital of payment organizations and payment system operators.

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic dated April 30, 2025 No. 2025-P-14/20-2-(PS))

9. A payment system operator with a subsidiary enterprise outside the Kyrgyz Republic must mandatory provide information about it to the National Bank along with copies of supporting documents.

10. A payment system operator may be reorganized (merger, accession, division, separation, transformation) subject to requirements established by the legislation of the Kyrgyz Republic.

In case of reorganization, the payment system operator must submit a notification to the National Bank along with an appropriately certified corresponding reorganization decision within no later than 15 (fifteen) working days after passing state re-registration due to reorganization.

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic dated June 24, 2021 No. 2021-P-14/34-5)

11. The National Bank may establish restrictions on tariff formation by a payment system operator if the operator violates requirements of antimonopoly legislation and consumer protection of the Kyrgyz Republic.

12. A payment system operator must develop and approve a tariff policy and pricing principles for its services, and provide information on approved and active tariffs to the National Bank once a year from the date of obtaining its license.

Subsequently, the payment system operator provides information on tariff policy to the National Bank no less than once (one) a year by the end of the first (first) quarter of the current calendar year.

A payment system operator must, within 10 (ten) working days after changes to tariff policy and/or tariffs, notify the National Bank of all changes.

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic dated June 24, 2021 No. 2021-P-14/34-5)

13. A payment system operator must have rules and procedures for the functioning of the payment system, complying with requirements of the legislation of the Kyrgyz Republic, including normative legal acts of the National Bank. A payment system operator ensures the functioning of the payment system in accordance with developed internal rules and procedures. Relations with participants are established by system rules, agreements related to the functioning of the payment system, as well as concluded agreements with participants.

14. A payment system operator must ensure uninterrupted functioning of its payment system, timely processing (processing/clearing) of payments, and information security in the system. A payment system operator bears responsibility, including financial, for violations of uninterrupted functioning of its payment system, for non-provision or poor-quality services regarding processing/clearing and issuance of financial information to payment system participants, for untimely delivery of information about conducted payments by consumers to suppliers of goods/services, including according to contractual relations with participants of the payment system.

A payment system operator must provide a service for conducting a payment from the consumer to the supplier of goods/services in full volume.

15. A payment system operator does not bear responsibility if violations of uninterrupted functioning arose due to third parties, unless otherwise provided by the terms of the agreement with participants of the payment system.

16. The processing center of a payment system operator must comply with the minimum requirements established by this Regulation for automated systems.

17. A payment system operator must:

1. control compliance with current rules and procedures, as well as their compliance with requirements of this Regulation and legislation of the Kyrgyz Republic;

2. impose requirements on necessary technical and software means for conducting payments to other participants of the payment system;

3. maintain a database of payment system participants containing at least:

• agreement details (date, number);
• name of the legal entity/full name of the individual entrepreneur;
• state registration data, passport data of the individual entrepreneur, supporting documents confirming registration as an individual entrepreneur/active patent;
• location/residential address, address of conducting business activities;
• information on executives;
• contact details;
• information on the type of activity (banking, utilities, etc.);

4. assess and manage risks in the payment system;

5. ensure safe functioning of information processing tools;

6. ensure a unified approach to incident management and maintain an incident registry;

7. ensure timely delivery of information on accepted system payments to the supplier of goods/services in case of abnormal situations in accordance with agreement terms and requirements of normative legal acts of the National Bank.

(As amended by the Resolutions of the Board of the National Bank of the Kyrgyz Republic dated June 24, 2021 No. 2021-P-14/34-5, December 26, 2025 No. 2025-P-12/70-6-(PS))

18. A payment system operator must:

• develop measures and take actions to ensure information security of the processing center and all participants involved in receiving, processing, storing, and providing information, including measures for cybersecurity;
• develop a software complex for vulnerability management and protect all systems from malicious software, regularly updating antivirus software.

19. Officials of a payment system operator - members of the executive body managing current operations, must ensure:

• management control over the organization;
• assessment of control system adequacy - conducting management chain checks, making decisions to eliminate identified deficiencies and improve management efficiency;
• assessment of operational effectiveness - evaluating various aspects of organization functioning and making decisions for their improvement.

20. A payment system operator must have at least technical personnel (permanent positions) responsible for the functioning and security of the hardware-software complex, a chief accountant (permanent position), as well as other personnel according to its organizational structure. In accordance with functional duties, the operator's personnel must be responsible for:

• assessment of information system control adequacy - conducting management chain checks, providing reasoned proposals to the executive body for eliminating identified deficiencies and recommendations for improving management efficiency;
• assessment of security provision - increasing the level of information security, as well as minimizing possible losses caused by malicious actions, emergency failures, and personnel errors;
• assessment of operational effectiveness - conducting expert evaluations of various aspects of organization functioning and providing reasoned proposals for their improvement;
• verification of system functioning compliance with requirements of this Regulation and legislation of the Kyrgyz Republic;
• ensuring reliability, completeness, and timeliness of financial information used for decision-making, preparation of financial and regulatory reporting;
• preparing proposals for selecting external auditors and, if necessary, initiating special audit checks;
• maintaining accounting records and preparing financial reporting in accordance with International Financial Reporting Standards.

The operator must ensure continuity of personnel functions, and if necessary, provide duplication of functions for personnel participating in performing the main activities of a payment system operator. Upon dismissal/change of personnel, a procedure for handover of functional duties and documentation must be determined with proper documentation (act, protocol).

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic dated June 24, 2021 No. 2021-P-14/34-5)

20-1. A payment system operator must have an approved accounting policy complying with requirements of normative legal acts of the National Bank.

(As amended by the Resolution of the Board of the National Bank of the Kyrgyz Republic dated June 24, 2021 No. 2021-P-14/34-5)

21. Administration of the automated system must be carried out by permanent technical personnel of a payment system operator. A payment system operator may additionally attract non-permanent technical personnel upon having an agreement concluded in accordance with the legislation of the Kyrgyz Republic specifying obligations and responsibilities of parties.

22. Personnel having access to work with the automated system of a payment system operator must:

• be familiar with norms and requirements for ensuring information security when working with financial information, regulated by internal rules and procedures;
• have the qualification level necessary for managing software-technical means of access to the automated system and processing financial information, according to internal documents;
• bear responsibility for violation of requirements for ensuring information security when working with financial information in accordance with the legislation of the Kyrgyz Republic.

23. The automated system of a payment system operator must ensure:

• uninterrupted exchange and processing (processing/clearing) of information in accordance with criteria for uninterrupted system functioning;
• integrity and authenticity of data during transmission via communication channels from the place of initiation to the processing center and back;
• authorization/authentication of technical personnel of a payment system operator having access to work with the automated system;
• data preservation in the system within periods established by legislation of the Kyrgyz Republic for payment documents, integrity and confidentiality of data;
• timely switching/restoration/deployment of system functioning on a backup hardware-software complex/backup site in case of abnormal situations;
• protection of data and equipment during automated system failures, abnormal situations, or unauthorized access to data;
• monitoring and control over the operability of objects connected to the processing center, access sessions to system information resources, in accordance with requirements of normative legal acts of the National Bank.

24. A payment system operator must have in place:

• an agreement concluded with the organization that developed the software, or an organization authorized by the copyright holder (in case of purchased software);
• an agreement for technical support with the development company (in case of purchased software) or licensed entity.