THE STATE BANK OF VIETNAM
Circular No. 13/2018/TT-NHNN dated May 18, 2018 of the State Bank of Vietnam on internal control systems of commercial banks and foreign banks branches
Pursuant to the Law on the State Bank of Vietnam dated June 16, 2010;
Pursuant to the Law on Credit Institutions dated June 16, 2010 and the Law on Amendments to some Articles of the Law On Credit Institutions dated November 20, 2017;
Pursuant to the Government’s Decree No. 16/2017/ND-CP dated February 17, 2017 defining the functions, tasks, powers and organizational structure of the State Bank of Vietnam;
At the request of the Chief Bank Inspector and Overseer;
The State Bank of Vietnam promulgates a Circular on internal control systems of commercial banks and foreign banks’ branches.
Chapter I
GENERAL PROVISIONS
Article 1. Scope of adjustment
This Circular regulates internal control systems of commercial banks and foreign banks’ branches.
Article 2. Subjects of application
1. Commercial banks, including: State-owned commercial banks, joint stock commercial banks, joint-venture banks, wholly foreign-owned banks.
2. Foreign banks’ branches.
Article 3. Definitions
For the purpose of this Circular, the terms below shall be construed as follows:
1. An internal control system is a combination of mechanisms, policies, processes, internal regulations, and organizational structures of a commercial bank or a foreign bank’s branch which follows the regulations of the Law on Credit Institutions, this Circular and other relevant regulations of law and is implemented for control, prevention, detection and handling of risks, fulfilling the set requirements. The internal control system carries out senior management oversight, internal control, risk management, internal capital adequacy assessment and internal audit.
2. Senior management oversight is carried out by the Board of Directors, Member’s Council, Director General (Director) and parent bank in internal control, risk management, internal capital adequacy assessment and by Control Boards of the commercial bank, the parent bank, the Director General (Director) and the foreign bank’s branch in internal audit.
3. Internal control is inspection and oversight of individuals and departments in implementation of mechanisms, policies, internal regulations, work ethics and control culture in order to control conflict of interest and risks, ensuring that the activities of the commercial bank or the foreign bank's branch fulfill the set requirements as well as comply with the law.
4. Risk management is identification, measurement, monitoring and control of risks in the commercial bank’s/foreign bank’s branch's operation.
5. Internal capital adequacy assessment is self-assessment of capital adequacy in order to ensure compliance with the State Bank’s regulations on capital safety ratio and fulfill the commercial bank’s/foreign bank’s branch’s set requirements.
6. Control culture is the cultural value of a commercial bank/foreign bank’s branch showing unity in awareness of risk control and management among the Board of Directors, Members' Council, Control Board, Director General (Director), individuals and departments. The control culture is created from work ethics, internal regulations and reward/disciplinary schemes in order to encourage individuals and departments to actively identify and control risks in their own activities as well as the commercial bank’s/foreign bank’s branch’s.
7. Economic capital is the capital level designated by the commercial bank/foreign bank’s branch, based on calculation of necessary capital for addressing material risks and maintaining the capital safety ratio in stress scenarios.
8. A stress test is an assessment of volatility's and unfavorable developments’ impact on the capital safety ratio and liquidity in various scenarios in order to determine the commercial bank’s/foreign bank’s branch’s risk resistance.
9. Risk is the probability of loss (financial or non-financial), causing decrease in the commercial bank’s/foreign banks’ branch’s own capital and income, hence decreasing the capital safety ratio or hindering the bank from achieving its business goals.
10. Risk appetite is the risk level commercial banks and foreign banks’ branches are willing to take during implementation of their business strategies, indicated by ratios and criteria specified in Point a, Clause 2, Article 24 of this Circular.
11. Risk position is a commercial bank’s/foreign banks’ branch’s risk assets, liabilities and off-balance sheet items.
12. Material activities are activities designated by a commercial bank/foreign bank’s branch, based on the scale of that activity compared to one of the financial indicators (equity, total assets, income, costs or other financial criteria) in accordance with the bank’s internal regulations.
13. Material risks include:
a) Credit risk, operational risk, market risk and interest rate risk in the banking book (IRRBB) as specified in the State Bank’s regulations on capital safety ratio in commercial banks and foreign banks’ branches;
b) Liquidity risk, concentration risk;
c) Other risks arising from material activities.
14. Liquidity risk is caused by:
a) The commercial bank’s/foreign bank’s branch’s inability to fulfill debt obligations at maturity; or
b) The commercial bank/foreign bank’s branch being able to fulfill debt obligations at maturity, but at higher costs than the average market costs, as specified in the bank’s internal regulations.
15. Concentration risk is the risk caused by the business of a commercial bank/foreign bank’s branch focusing on a customer (including related parties), partner, product, transaction, sector, economic field, currency to the point of causing significant impact to income and risk position, as specified in the bank’s internal regulations.
16. Conflict of interest is a situation where an individual or department makes decisions within their competence that are not appropriate for or go against interests of the commercial bank/foreign bank’s branch.
17. Risk-bearing decisions are decisions of the commercial bank’s/foreign bank’s branch’s competent level that create risks or changing the bank’s risk position.
18. Credit risk-bearing decisions are risk-bearing decisions of a commercial bank/foreign bank’s branch in credit activities, including at least: credit extension decisions; credit limit decisions; limit-exceeding loan decisions; loan term restructuring decisions; loan group transfer decisions.
19. Credit extensions requiring attention, with the minimum amount regulated by commercial banks or foreign banks’ branches are loans belonging to loan group 2 or above, as specified in the State Bank’s regulations on classification of assets, ratio and method of establishment of provisions for credit losses and use of provisions for credit losses.
20. Outsourcing is the commercial bank/foreign bank’s branch (hereinafter referred to as the client) making an agreement in writing (an outsourcing contract) on hiring another enterprise, credit institution or foreign bank’s branch (hereinafter referred to as the contractor) to carry out one or multiple activities (including data processing or some steps of the business process) in the bank’s stead, in accordance with the law.
21. Internal auditors are persons who carry out internal audits and belong to internal audit departments of commercial banks and foreign banks’ branches.
22. Parent banks are foreign banks that have branches approved to operate in Vietnam.
Article 4. Application of related legal documents
The internal control systems of commercial banks and foreign banks’ branches shall act in accordance with regulations specified in the Law on Credit Institutions, this Circular and other related legal documents.
Article 5. Requirements for internal control systems
1. The internal control system of a commercial bank/foreign bank’s branch must fulfill the following requirements:
a) Requirements stated in Clause 2, Article 40 of the Law on Credit Institutions;
b) Appropriate for the scale, conditions and complexity of the commercial bank’s/foreign bank’s branch’s business activities;
c) Have sufficient financial, human and IT resources in order to ensure the internal control system’s effectiveness;
d) Create and maintain a control culture and work ethics for the commercial bank/foreign bank’s branch.
2. The commercial bank/foreign bank’s branch must have internal regulations in compliance with Article 93 of the Law on Credit Institutions, in which the following requirements must be met:
a) Compliant to regulations of this Circular and related regulations of law;
b) Competence to promulgate:
(i) In the case of commercial banks: The Board of Directors or the Members' Council promulgates regulations on the bank's organization, management and activities, except matters that belong to the Shareholders’ Council and owner; the Control Board promulgates its own internal regulations; the Director General (Director) promulgates work regulations, processes and procedures (hereinafter referred to as the internal process);
(ii) In the case of foreign banks’ branches: The Director General (Director) promulgates the branch’s internal regulations in accordance with the parent bank’s regulations or uses the internal regulations promulgated by the parent bank;
Click download to see the full text