APPROVED BY

Decree No. 867 of the Management Board

of the National Bank of Ukraine
dated December 29, 2014

Guidelines
of Internal Controls in Ukrainian Banks
. General Provisions
1. These Guidelines have been developed in pursuance of the Ukrainian Banks and Banking
Act taking into account provisions of the Framework for Evaluation of Internal Control Systems
issued by the Basel Committee on Banking Supervision and customary international principles
and standards to improve ensuring and implementation of internal controls in Ukrainian Banks
and efficient functioning and applying of internal control systems for enhanced stability and
safety of banks operation and protection of depositors and creditors interests.
2. These Guidelines provide for binding minimum requirements to ensuring and
implementation of internal controls in a bank.
A bank may stipulate other additional requirements to its internal control system pertinent to
the nature of its business, kind and scope of banking or financial services and other types of
banks transactions (hereinafter also referred to as "banks transactions").
. Terms and Definitions
1. When used in these Guidelines, the following terms will have the meanings set forth in this
Clause hereafter:
Internal documents of a bank shall mean all regulations, guidelines, methodologies, rules,
ordinances, resolutions, orders, job descriptions, procedure and operational process descriptions,
as well as any other documents governing banks operation, including those applicable to
ensuring of internal controls in a bank;
Internal controls shall mean banks steps and measures (procedures) taken to ensure efficient
and successful implementation of banks transactions, efficient management of assets and
liabilities, risk management, full, timely and true accounting records, preparation and submission
of financial, statistic, management, tax and other statements, fraud prevention, compliance, etc.;
Information security shall mean a comprehensive set of organisational measures taken at a
bank, including software and hardware applied to protect information against incidental or
intended threats that may affect security services, i.e. accessibility, integrity, confidentiality and
controllability;
Compliance shall mean following and meeting by a bank of the applicable statutory
provisions, market standards, as well as banks own standards and provisions of internal
documents, including operating procedures;
Compliance risk shall mean the risk of legal sanctions, financial losses or loss to reputation a
bank may suffer as a result of its failure to comply with laws, acts, market standards, as well as
banks own standards and internal documents, including operating procedures;
A risk shall mean a probability that certain events, whether expected or not, would affect the
capital and / or proceeds of a bank. Main types of risks are defined in regulations and guidelines
of the National Bank of Ukraine;

2
An internal control system shall mean a set of control procedures, forms, ways and
directions designated to implement and attain objectives of internal controls at a bank;
Risk management shall mean regular ascertaining, identification, assessment, monitoring
and control of risks.
2. Any other terms used in these Guidelines shall have the meanings provided for in the
relevant statutory provisions, rules and regulations applicable in Ukraine.
. Implementation of Internal Control Systems in Banks
1. A bank shall implement an efficient system of internal controls to attain the objectives
listed hereafter:
1) efficient accomplishment of banks transactions, protection against possible mistakes,
infringements, losses, or damages in banks operation;
2) efficient risk management;
3) adequate, comprehensive, exhaustive, reliable, accessible, and timely providing users with
information required for appropriate decision making, including submission of financial,
statistic, management, tax and other reports and statements;
4) complete, timely and true entries on all banks transactions in accounting books and
records;
5) compliance;
6) efficient HR management; and
7) prevention of any use of banks services for unauthorised and unlawful purposes;
identification and prevention of financial transactions appertaining to money laundering (making
legal of fraudulently obtained proceeds) or terrorism financing.
2. A bank shall ensure functioning and application of its internal control system through:
1) bank Managements control of compliance with the applicable Ukrainian laws and internal
operating procedures of the bank;
2) allocation of responsibilities in the course of banks operation;
3) control of risk management system functioning;
4) supervision over information security and information exchange;
5) implementation of internal control procedures;
6) monitoring in respect of the banks internal control system; and
7) implementation of internal audit procedures.

3
3. When implementing its internal control system, a bank shall take into account:
1) the size of the bank (i.e. the amount of total assets, funds of legal entities and
individuals, etc.);
2) types and volume of banks transactions;
3) risks pertinent to banks operation;
4) the level of centralisation of banks management and operation; and
5) the level of implementation of information technologies and the area of their applying.
4. The internal control system of a bank shall be ensured and implemented by:
1) the Supervisory Council of the bank;
2) the Management Board of the bank;
3) the Internal Audit Department;
4) the Chief Accountant and his / her assistants;
5) managers and chief accountants of separate units and branches of the bank;
6) the Risk Management Department;
7) the Compliance Department; and
8) department / unit managers and employees ensuring internal controls in line with the
powers and authorities vested in them by the internal documents of the bank.
5. A bank shall prepare and have in place the relevant internal documents with respect to
implementation and applying of its internal control system, which documents shall be approved
by the Supervisory Council of the bank.
6. Please refer to Chapter IV of these Guidelines for the list of the minimum required internal
documents related to the organisational structure of a bank and description of its operational
procedures and the requirements applicable to them.
7. Implementation of an internal control system shall be in accord with the following
principles:
1) efficiency ensuring of permanent internal control procedures integrated into current
operation of a bank and understandable for all employees of the bank;
2) allocation of responsibilities avoidance of situations where one person fully controls a
certain function or direction / area of banks operation (i.e. separation of the control function
from banks transactions);
3) comprehensiveness covering of all directions / areas of banks operation and all its units
and departments;

4
4) timeliness ensuring of an internal control system enabling early informing and
knowledge of any threat of losses for a bank before such losses are sustained;
5) independency separation of the internal control system efficiency assessment function
from the function related to ensuring and implementation of such internal control system; and
6) confidentiality prevention of any disclosures of information to unauthorised persons.
8. Functioning and applying of an internal control system shall ensure:
1) clear and unambiguous allocation of assignments, responsibilities, powers and liability
between the managing bodies of a bank, its organisational units, and its employees to avoid any
reiterations;
2) double control, which means following of the two hands rule when conducting banks
transactions, whereby powers of one person to simultaneously implement transactions and make
accounting entries in respect of such transactions are excluded. Always provided that the
relevant software supporting appropriate control levels is in place, separate banks transactions
may be implemented at all stages (from initiation up to making entries in accounting records and
/ or statements) by one person to the extent that such transactions are subject to further control;
3) thorough and comprehensive analysis of banks transactions before and after their
accomplishment in order to prevent any unauthorised transactions or transactions non-complying
with the requirements applicable to a procedure or process in question;
4) ensuring of banks operation and accounting of its transactions pursuant to the applicable
statutory provisions and regulations of the National Bank of Ukraine;
5) meeting of the requirements to data protection in software and hardware environments and
facilities pursuant to the applicable statutory provisions and regulations of the National Bank
of Ukraine;
6) implementation and functioning of information security control system in accordance with
the standards of the National Bank of Ukraine applicable to information security;
7) protection against intended and accidental acts by employees; and
8) employee qualification improvement.
9. An internal control system shall cover all stages of banks operation and include:
1) the preliminary control, which is ensured before actual implementation of banks
transactions in terms of:
personnel selection and recruitment ensured through a careful analysis of applicants business
and professional qualities, and employees professional skills and qualification improvement;
raising and allocation of funds ensured through a preliminary analysis of risk exposures and
efficiency of banks transactions, and finding of optimal ways and methods of transaction
completion in order to avoid or mitigate probable losses and risks;
engagement of material resources through the quality analysis and analysis of availability of
the required technical facilities, equipment, banking automation systems using up-to-date
information technologies consistent with the scope and complexity of transactions undertaken by
a bank;

5
selection of goods, work and service suppliers through a thorough analysis of business
reputation and professional skills of employees, compliance with the diversification principle
when selecting supplier, and prevention of orders overconcentration for one supplier; and
development and implementation of new products through a preliminary analysis of risk
exposures and efficiency of intended products / services;
2) the current control, which is ensured during implementation of banks transactions and
includes control of compliance with of the applicable statutory provisions / regulations and
banks internal documents governing such transactions, the mechanism of decision taking in
respect of such transactions, control of complete, timely and true entries made in accounting
records and statements to reflect such transactions, and control of banks assets and property
saving; and
3) the follow-up control, which is ensured after completion of banks transactions and
provides for the verification of justified and correct transactions, consistency of the relevant
documents with the applicable forms and requirements in respect of their filing and
formalisation, consistency of employees responsibilities with those stipulated in their respective
job descriptions, ascertaining of reasons of any non-compliances and faults, and ways or
methods to remove and cure the same, supervision over meeting of the planned performance
figures set forth in the banks development strategy, its business plans and budget, and
verification of complete and true data in financial, statistic, management, tax and other reports
and statements prepared by a bank.
IV. Minimum Requirements to List of Internal Documents Related to Banks
Organisational Structure and Description of Banks Operational Procedures
1. Internal documents of a bank governing its organisational structure, shall specify, in
particular:
1) the description (scheme) of the organisational set-up and structure of the bank;
2) allocation of personal functions and powers of members of the banks Management Board;
3) allocation of responsibilities between units and employees of the bank;
4) the terms and conditions and time limits of documents storing (archiving); and
5) the documents required by the applicable standards of the National Bank of Ukraine and
designated to manage information security in the Ukrainian banking system, including
protections against unauthorised access to, and dissemination of, confidential information,
prevention of any use of confidential information for personal purposes, and a plan of banks
operation restoring.
2. Banks internal documents providing for operational procedures and processes shall include
a detailed description of all banks transactions and control procedures undertaken by a bank
represented in a scheme and / or in a text version, specifying, in particular:
1) the order and sequence of all described operational procedures of a bank, and connections
between separate procedures and processes;
2) the time limits of stage-by-stage implementation of operational procedures of a bank;

6
3) the final outcomes and results of banks operational procedures (i.e. documents,
transactions, certain types of information, etc.);
4) the key criteria applied to determine the list of required banks processes and procedures in
line with its business areas and directions, for instance, management and control procedures (i.e.
corporate management, strategic management, etc.), key processes and procedures [i.e. loan,
deposit transactions, corporate finance, account management, etc.], support processes and
procedures (HR, financial, material, information resources, accounting, etc.);
5) the principles of the process description structure, for instance, integration and coordination
of Managements acts, profitability and efficiency of banks operation, improvement of
employees motivation, improvement of performance results and forecasts, etc.;
6) the approaches to selection of a process description methodology, for instance, choosing of
the description type (i.e. a graphical description employing schemes and / or a text description),
possibility to simultaneously apply both description types or determining of the only applicable
type of process description; and
7) the stages of banks processes and procedures implementation, for instance, development
of a process description (determining of consumers per each process, identifying of their
requirements and complete reflection of such requirements in the relevant process or procedure,
determining of interrelations between such process or procedure and other processes and
procedures of banks, determining of powers and responsibility for process / procedure
management, determining of resource support for a process or procedure, and process /
procedure results); keeping processes and procedures updated; terms and conditions of
improvement of the relevant processes and procedures, etc.
3. Banks internal documents related to HR management shall specify, in particular:
1) the terms and conditions of recruitment, employment, transfers / relocations / promotions,
overlapping positions, appointment of acting employees, formalising of business trips and
assignments, and discontinuation of employment;
2) the terms and conditions of remunerations, emoluments, incentives and disciplinary
penalties for employees;
3) the terms and conditions of assessment of employees discharging of their respective duties
and responsibilities;
4) the terms and conditions of personnel training and improvement of employees
qualification;
5) the terms and conditions of career promotion, and making of a HR succession pool;
6) the terms and conditions applicable to vacations;
7) the rules of corporate ethics, culture, communication, business reputation of employees,
requirements to employee behaviour (at workplace and in general);
8) the terms and conditions of bank employees informing on risks related to their
professional duties and responsibilities, and their function in the banks system of internal
controls;

7
9) the terms and conditions of the internal code of conduct, behaviour, and time- keeping of
working hours;
10) the terms and conditions of stuff list and schedule making and keeping;
11) the terms and conditions of communication of employees personal data;
12) the terms and conditions of occupation safety ensuring; and
13) the terms and conditions of HR documents keeping (i.e. generally accepted forms of HR
documents, personal files, employment record books, etc.).
4. Banks internal documents related to loan transactions shall specify, in particular:
1) the description of banks target markets and loan products;
2) the key criteria to be met by banks customers to receive loans;
3) the terms and conditions of loan interest charging, calculation of the total cost of a loan and
fair value of loan transactions;
4) the terms and conditions of decision making in respect of loan granting;
5) membership and number of members of the Loan Committee, their powers and
responsibilities;
6) the terms and conditions of contracting and contract relationships, appointment of persons
authorised to signed loan, pledge, guarantee, collateral, surety agreements and contracts etc. on
behalf of a bank;
7) the list of documents and information in respect of opening, keeping and storing of loan
files;
8) the description of operating procedures and sub-procedures of loan granting and follow-up
/ support;
9) the terms and conditions of loan securities, including, in particular:
acceptable types of loan security;
applicable security to loan ratios broken down by types of loan products and types of loan
security;
requirements applicable to documenting of loan security (notarys certification of
contracts, insurance of pledged assets in favour of the bank, registration of security in public
registers, etc.);
security / pledge related monitoring and frequency of security reassessment; and
requirements applicable to bank employees evaluating security, terms and conditions of
cooperation with independent evaluators;
10) information concerning loan monitoring, including such aspects as:
assessment of the borrowers (surety providers, guarantors) financial condition
specifying the assessment frequency (time limits) and the list of justification documents for the
purpose of such assessment;

8
borrowers (surety providers, guarantors) discharging of their respective duties and
obligations under contracts signed; and
authorised (permitted) use of loans, and implementation of business plans in respect of
loan use;
11) the loan repayment mechanism;
12) the terms and conditions of troubled debt handling;
13) the description of the communication (i.e. a newsletter, statement, notice, etc.) used to
provide consumers with true information in respect of borrowing conditions and estimated total
cost of a consumer loan formalised in conformity with the requirements of the currently effective
applicable Ukrainian laws;
14) the description of the procedure applicable to borrowers whose financial condition is or
may be affected to a great extent;
15) the terms and conditions of loan classification and allocation of reserve funds for loan
transactions of a bank;
16) the terms and conditions of loan concentration restriction, and the principle of loan
portfolio diversification;
17) justified reasons for unsecured loan granting;
18) the principles and restrictions applicable to granting of loans to persons having relations
with a bank (insiders, etc.);
19) the terms and conditions of loan portfolio quality management, and loan risk
management, including such management under stress scenarios;
20) the terms and conditions of banks providing of information constituting bank secrets to
third persons, including parties to service contracts in respect of debtors repayment of overdue
(troubled) debts under loans received by them; and
21) the description of the forms of reports on loan transactions and frequency of their
presentation to the managing bodies of a bank.
5. Banks internal documents related to investment operations shall specify, in particular:
1) the description of the objectives of investment operations, and terms and conditions of
decision making in respect of investments;
2) the principles of investments diversification based on types of investment tools, issuers of
securities, business areas, and countries;
3) the conditions and grounds for allocating of a security to the relevant portfolio taking into
account its intended purchase and holding;
4) the terms and conditions of a comprehensive analysis of the financial condition of an
issuer, determining of issuers category, and security related risks;

9
5) the description of banks adopted methods applied to determine the fair value of the
relevant securities, and methods applied to calculate expected indemnifications for securities in
banks portfolio of securities for sale and banks portfolio of matured securities, including the
criteria applied to assess future cash flows;
6) the information sources for the relevant securitys stock market quotes, and rating agencies
to be independent from the bank, and have no conflict of interest with the bank;
7) the description of investment restrictions depending on the rating of an issuer or issuers
securities;
8) the rules applicable to calculation of investment profitability, and provisions for security
transactions;
9) the strategy of transactions involving derivatives;
10) the terms and conditions and criteria of assessment of affected investments in associates
and subsidiaries;
11) the applicable limits for transactions by employees authorised to negotiate and sign
investment agreements;
12) the terms and conditions of investment portfolio quality management, including stress
scenarios;
13) the description of operating procedures and sub-procedures for investment transactions
and operations; and
14) the description of investment reports and frequency of their presentation to the managing
bodies of a bank.
6. Banks internal documents related to liquidity management shall specify, in particular:
1) members of the banks Assets and Liabilities Management Committee, terms and
conditions of their appointment, their powers and responsibilities;
2) the terms and conditions of banks daily liquidity management;
3) the requirements applicable to diversification of banks assets and liabilities based on types
of currencies, amounts and maturities;
4) the thresholds for divergences between maturities of bans assets and liabilities, and cash
flow forecasts;
5) the terms and conditions of determining of interest rates for banks assets and liabilities,
and limitation of interest rates, taking into account the risk of interest rate changes;
6) the terms and conditions of interest margin determining;
7) the principles of coordination of operations between units that may have influence on
banks liquidity;

10
8) assessment of market accessibility, market forecasts and financing options;
9) analysis of banks liquidity and liquidity risk management, including stress scenarios;
10) anti-crisis plans and contingency plans aimed at support of banks liquidity in
emergencies; and
11) the description of liquidity management reports and frequency of their presentation to the
managing bodies of a bank.
7. Banks internal documents related to deposit transactions shall specify, in particular:
1) the terms and conditions of raising funds and precious metals on customers current and
deposit accounts;
2) the principles of deposit portfolio diversification;
3) the terms and conditions in respect of deposit types and periods;
4) the terms and conditions applied to determine interest rates, terms and conditions of
interest accrual and payment, and fair value determining for deposit transactions;
5) the terms and conditions of contractual management of deposit transactions, and
determining of persons authorised to sign deposit agreements on behalf of the bank;
6) the terms and conditions of banks repayment of deposits;
7) the terms and conditions of issuance, allocation and redemption of saving (deposit)
certificates, and terms and conditions applicable to accounting, storing and destroying of blank
forms of saving (deposit) certificates;
8) the terms and conditions of banks communication and publication (for customers) of
information for individual depositors, and requirements to the contents of consumer rights
protection disclosures (notices);
9) the description of operating procedures and sub-procedures in respect of deposit
transactions; and
10) the description of deposit transaction reports and frequency of their presentation to the
managing bodies of a bank.
8. Banks internal documents related to banks maintenance and keeping of customers
accounts, operation of payment systems, support of payments and storing of documents shall
specify, in particular:
1) the procedures applicable to opening, maintenance, closing and control of customers bank
accounts;
2) the terms and conditions of customers keeping of their accounts with the bank and
information exchange using a remote service system;
3) the terms and conditions of banks measures applied to seize funds on customers accounts;

11
4) the terms and conditions of discontinuation of financial transactions for customers
accounts;
5) the terms and conditions of banks enforcement of payment documents related to debiting /
forced debiting, or collecting of funds from, customers accounts;
6) the terms and conditions of internal payment system functioning, and the description of
possible faults in such system and operations / measures to remove and cure the same;
7) applicable payment system rules, including the payment system structure, terms and
conditions of payment system participation, types of services offered by a payment system, time
limits of money transfers, a risk management system applicable to a payment system, etc.;
8) the terms and conditions of functioning of the system of information protection during
money transfers;
9) the terms and conditions of the monitoring to identify erroneous and improper money
transfers, persons involved in such erroneous and improper money transfers, and steps and
measures taken to prevent or discontinue such transfers;
10) the rules of money transfers by a bank and its branches if the bank is a participant of the
electronic payment system of the National Bank of Ukraine in line with the relevant consolidated
correspondent account service model;
11) the procedures applicable to payment transactions, including transactions with bills of
exchange and cheques, i.e. terms and conditions of payment instrument issuance and
maintenance, fees, etc.;
12) the procedures applicable to transactions with documents, terms and conditions and types
of such transactions, and restrictions applicable to such transactions;
13) the terms and conditions of electronic payment instrument issuance and procedures
applicable to of payment transactions involving payment instruments, terms and conditions of
fee charging / payment, setting of limit and / or restrictions for transactions involving specific
payment instruments, etc.;
14) the terms and conditions of terms and conditions of banks communication and
publication of information (for customers) advising on the conditions applicable to use of an
electronic payment instrument;
15) the procedures applicable to advising of an electronic payment instrument user of
electronic payment instrument transactions;
16) the procedures applicable to users notifying of the bank of a lost electronic payment
instrument;
17) the procedures applicable to ensuring of physical and technical safety for installed
payment facilities and equipment (i.e. choosing of an installation place, safety precautions,
pertinent contracts, etc.), and terms and conditions of monitoring in respect of such facilities and
equipment operation and functioning, and steps and measures taken to prevent reasons and
conditions that could contribute to possible fraud transactions (stealing of funds);

12
18) the procedures applicable to identifying of persons when rendering services to customers;
19) the terms and conditions of documents storing (archiving); and
20) the description of reports on banks maintenance of customers accounts, operation and
functioning of payment systems, making of payments, and frequency of submitting of such
reports to the managing bodies of a bank.
9. Banks internal documents related to ensuring of cash transactions shall specify, in
particular:
1) the requirements to bank officials responsibility for storing of cash and other valuables of
the bank in the vault, and procedures applicable to their professional duties;
2) the requirements to responsibility of bank employees who carry out transactions involving
cash and other valuables;
3) the terms and conditions of cash desk (cash office) operation in working and post-working
hours;
4) the terms and conditions of relocation and transferring of cash and other valuables of the
bank to bank employees;
5) the terms and conditions of carrying out by bank employees of cash transactions related to
cash acceptance and issuance, including transactions involving electronic payment instruments
through the cash desk (cash office) of the bank, and use of automatic telling machines (ATMs);
6) the terms and conditions applicable to operation and use of payment facilitates, equipment
and devices, and control of cash transactions involving such payment facilitates, equipment and
devices;
7) the terms and conditions of banks operations related to acceptance, issuance and storing of
cash and other valuables at the cash desk (cash office) of the bank;
8) the terms and conditions of appointment of responsible persons authorised to sign cash
documents;
9) the requirements to the system of cash transactions control;
10) the terms and conditions applicable to cash packing for purposes of cash transaction with
banks customers and cash transfers to other banks;
11) the terms and conditions of providing cash to, and receiving cash from, banks branches /
offices;
12) the rules applicable to cash balances control at the cash desk (cash office);
13) the terms and conditions of solving cash service disputes between the bank and its
customers, including cash services provided through payment facilities and equipment;

13
14) the terms and conditions of safe keeping of cash and other valuables of the bank:
control and storing of keys, their duplicates, seals and stamps, and temper-evident seals;
and
rules applicable to opening and closing of vaults for valuables;
15) the terms and conditions of deposit system operation, guarding of vaults for valuables and
deposit systems, and storing of keys and their duplicates;
16) the terms and conditions of acceptance from customers of valuables for safe keeping
thereof, and their returning to customers;
17) the terms and conditions of lease of individual safe boxes, and storing of valuables placed
therein by customers of the bank;
18) the terms and conditions of valuables shipments and cash collection following the
requirements of the applicable statutory provisions and guidelines of the National Bank of
Ukraine;
19) the terms and conditions of recount office operation;
20) the terms and conditions of acceptance of cash bags with moneys;
21) the terms and conditions applicable to operations with other valuables (i.e.
commemorative and investment coins, souvenirs, etc.);
22) the terms and conditions of inspections and audits of cash and other valuables stored at
the cash desk (cash office) and in payment facilities and equipment (including frequency, time
limits and types of such inspections and audits, and making records and formalisation of their
results);
23) the terms and conditions of cash transaction quality management, including stress
scenarios;
24) the description of operating procedures and sub-procedures applicable to cash
transactions; and
25) the description of cash transaction reports and frequency of their presentation to the
managing bodies of a bank.
10. Banks internal documents related to fixed assets and intangible assets transactions shall
specify, in particular:
1) the criteria of recognition, and classification of fixed assets and intangible assets;
2) the terms and conditions of determining of the prime cost of fixed assets and intangible
assets, and their useful lives;
3) the terms and conditions of documenting and accounting of fixed assets and intangible
assets transactions;
4) the list of persons responsible for safe keeping of fixed assets and intangible assets;

14
5) the list of managers empowered to authorise and permit purchasing and write-offs of fixed
assets and intangible assets;
6) the terms and conditions applicable to formation of permanent committees in charge of
setting into operation, efficient use, inventory taking, revaluation, and write-offs of fixed assets
and intangible assets, as well as members and roles of such permanent committees;
7) the rules applicable to acquiring, purchasing, creation, improvement and restoring of fixed
assets and intangible assets;
8) the terms and conditions of revaluation of fixed assets and intangible assets, including the
revaluation frequency;
9) the terms and conditions in respect of depreciation of fixed assets and intangible assets, and
depreciation methods;
10) the terms and conditions applicable to write-offs of fixed assets and intangible assets:
sale of fixed assets and intangible assets;
cost-free transfer of fixed assets and intangible assets;
write-offs of fixed assets and intangible assets when they are withdrawn (take out of
service) due to physical wear and tear, obsolescence or impossible further use;
disposition of fixed assets and intangible assets;
contributing of fixed assets and intangible assets to authorised capitals of entities
(business companies and partnerships);
11) the terms and conditions of fixed assets transferring and receiving on operative and
financial lease;
12) the terms and conditions applicable to stock-taking of fixed assets and intangible assets,
as frequency (time limits) and stock-taking results;
13) the terms and conditions of banks recognition of fixed assets and intangible assets
impairment;
14) the terms and conditions of banks exercising and enforcement of rights to pledged assets
and property; and
15) the description of reports related to fixed assets and intangible assets control and
management, and frequency of their presentation to the managing bodies of a bank.
11. Banks internal documents related to foreign currency and precious metals transactions,
and to banks responsibilities of a currency control agent, shall specify, in particular:
1) the terms and conditions applicable to currency exchange transactions with foreign
currency cash, travellers cheques and personal cheques (i.e. sale and purchase of foreign
currency and cheques, reverse conversion, conversion, and collection of banknotes and cheques);
2) the terms and conditions of purchase and sale prices (quotes) for foreign currency cash and
precious metals;
3) the terms and conditions of banks importation and exportation of foreign currency cash
and precious metals to / from Ukraine;

15
4) the rules applicable to precious metals transactions at the cash desk (cash office) of a bank;
5) the terms and conditions applicable to banks of transactions of precious metals purchase
and sale acting on its own name, by order and for the account of customers, and within the limits
of the banks open currency position (either with or without physical delivery), at the Ukrainian
interbank currency market and at the international currency market;
6) the terms and conditions applicable to loan transactions with precious metals;
7) the rules applicable to pledge of precious metals;
8) the terms and conditions of precious metals depositing by customer (either with or without
physical delivery thereof);
9) the terms and conditions of precious metal weight recording and keeping of accounting
registers to collect information concerning the weight of precious metals;
10) the requirements to qualification of banks expert working with precious metals;
11) the terms and conditions of opening, keeping and closing of customers foreign currency
and precious metals accounts, including current, deposit and correspondent accounts;
12) the rules applicable to banks honouring of payment orders, and control of customers
foreign trade transactions;
13) the terms and conditions of banks supervision over foreign currency use in Ukraine as
payment vehicle based on separate licences issued by the National Bank of Ukraine;
14) the terms and conditions of foreign currency purchasing and exchange at the Ukrainian
interbank currency market;
15) the terms and conditions of sale (by customers order or without such order), at the
Ukrainian interbank currency market, of foreign currency remitted to customers;
16) the rules applicable to banks foreign currency operations at the international currency
market;
17) the terms and conditions of banks calculation of its open currency position for foreign
currencies and precious metals, and control of compliance with the applicable limits of such
open currency position;
18) the terms and conditions of banks enforcement of documents related to involuntary
write-offs and seizure of foreign currency moneys and precious metals;
19) the terms and conditions applicable to quality management of foreign currency and
precious metals transactions, including stress scenarios;
20) the terms and conditions of transactions support under a contract providing for fulfilment
of loan liabilities before a non-resident under a loan, credit, or repayable financial aid received
from such non-resident;

16
21) the terms and conditions applicable to individuals money transfers within Ukraine and to
other countries under current currency non-trade transactions, and transferred money payment in
Ukraine;
22) the description of operating procedures and sub-procedures applicable to foreign currency
and precious metals transactions; and
23) the description of reports in respect of foreign currency and precious metals transactions,
and frequency of their presentation to the managing bodies of a bank.
12. Banks internal documents related to compliance issues and matters shall specify, in
particular:
1) determining and assessment of compliance risks;
2) key principles and terms and conditions applicable to compliance risk management at a
bank, including stress scenarios;
3) powers and responsibilities of the Compliance Department, the Chair and members of the
Compliance Department, or an employee authorised to ensure and implement compliance
functions if bank has no Compliance Department;
4) the terms and conditions of cooperation between units and departments of a bank in respect
of compliance risk management;
5) the terms and conditions applicable to compliance risk management at the group level (for
banking groups, including international ones);
6) the internal documents concerning legal support of banks operation; and
7) the procedures and processes designated to ensure compliance and consistency of banks
operation with the requirements and provisions of the applicable laws in respect of money
laundering (making legal of fraudulently obtained proceeds) or terrorism financing.
V. Bank Managements Control over Compliance with Ukrainian Laws and Banks
(Internal) Operating Procedures
1. A bank shall ensure clear allocation of responsibilities, powers and responsibility among all
persons involved in the internal control system of the bank.
2. The Supervisory Council of a bank shall ensure functioning of the internal control system
and control its efficient functioning within the powers vested in the Supervisory Council by the
applicable laws, banks Articles of Association and internal documents.
3. The Management Board of a bank shall ensure formation and support of its internal control
system.
4. The Management Board of a bank may delegate a part of its responsibilities related to
internal control system formation and support to permanent committees, or managers of banks
units and departments. The Management Board of a bank shall ensure control of discharging of
any such delegated responsibilities.

17
5. A bank shall implement the agreed and accepted principles of corporate management,
professional standards and ethics codes for employees to promote and improve efficient
functioning of the banks internal control system.
6. The Supervisory Council of a bank shall take steps and measures aimed at prevention of
conflicts of interests and help solve the same, and notify the National Bank of Ukraine of any
conflicts of interests arising in the bank.
7. Managers of a bank shall take steps and measures (pursuant to the applicable laws) to
ensure control over fulfilment and discharging of bank employees professional responsibilities,
and improved efficiency of such fulfilment, taking into account the relevant banks strategy and
business development plans.
V. Allocation of Responsibilities in Banks Operation
1. The Management Board of a bank shall determine clear responsibilities of banks units and
departments, their managers and employees in the course of banks transactions.
2. The Management Board of a bank shall allocate responsibilities so that to avoid:
1) any conflict of interests and conditions attributable to its emergence;
2) any possible crimes, offences and other wrongdoings in the course of banks transactions;
3) situations where one unit or employee (save for transactions carried out with the use of
specific software ensuring proper control and conditions of further control of such transactions)
has the possibility to:
carry out banks transactions and register them and / or make entries in respect of them in
accounting books and records;
ensure documenting of cash transactions, implement and accomplish them and make
timely entries in respect of them in accounting books and records;
carry out transactions involving customers accounts and accounts appertaining to
financial an business operations of a bank;
examine and verify true and complete documents to be provided by customers when
applying for a loan, and monitoring in respect of a borrower after a loan is granted; or
take acts in any other areas where there is a possibility of arising of a conflict of interests.
3. Managers of a bank and managers of banks units and departments shall ensure that all
tasks and assignments given to employees are consistent with their respective professional
responsibilities and roles.
4. Managers of banks units and departments shall ensure control of their reporting
employees fulfilment and discharging of the responsibilities and roles provided for in their
respective job descriptions.
5. Employees of a bank shall confirm against signature to have read and understood their
respective job descriptions, and shall act within their respective powers and authorities.
VI. Control of Risk Management System Functioning
1.
An internal control system shall include control over banks risk management system
functioning.

18
2. A bank shall build a comprehensive and adequate risk management system ensuring
identification, assessment, monitoring and control of all types of risks at all organisation levels
taking into account the nature and peculiarities of banks operation, and assessment of adequate
and sufficient banks capital to cover risk of all types, acting, for such purposes, pursuant to the
applicable requirements of the National Bank of Ukraine.
3. A bank shall develop a risk management system ensuring:
1) assessment of external factors (i.e. changes in political or business environment; changes
related to a separate type of business; technology changes, etc.);
2) assessment of internal factors (i.e. complexity of banks organisational structure, nature
and peculiarities of banks operation, employees qualification, organisational changes,
implementation of new products, etc.);
3) assessment of measurable and non-measurable risks;
4) determining of risks that may not be controlled by a bank; and
5) control over the ratio between the risk management cost and the cost that may be incurred
due to exposure to such risks.
4. A bank shall make changes in its risk management system in the event of its exposure to
new risks.
VII. Control of Information Security and Information Exchange
1. In its internal documents, a bank shall provide for terms and conditions of information
security management following the information security management standards of the National
Bank of Ukraine applicable in the Ukrainian banking system.
2. A bank shall control information exchange by:
1) ensuring and providing of appropriate, comprehensive, integral, reliable, accessible,
confidential and timely internal financial transactions related and statistic data, information on
compliance with the requirements of the applicable Ukrainian laws, banks internal documents,
and market data required for decision making and discharging of professional duties and
responsibilities;
2) determining of terms and conditions of information communicating and information
exchange ensuring bank employees exhaustive understanding of, and compliance with, all
internal policies and procedures of the bank.
3. A bank shall determine the form of information communicating with due regard to needs
and requirements of each separate user (managing bodies of the bank, units and departments of
the bank, employees of the bank, regulators, or shareholders and customers of the bank).
4. A bank shall implement efficient information exchange in the following directions:
1) vertically (upwards), so that the Supervisory Council of the bank and the Management
Board of the bank could have knowledge and understanding of the risks to which the bank is
exposed, and could adequately respond, and support and control banks operation;

19
2) vertically (downwards), so that the information in respect of the banks strategy and policy
could be communicated at all management levels and to other employees engaged in information
security and information exchange management; and
3) horizontally, so that any information available to any unit or department of the bank could
be communicated to any other unit or department requiring such information to accomplish its
respective functions, roles and responsibilities.
I. Internal Control Procedures
1. To support functioning of its internal control system, a bank shall ensure availability of the
relevant organisational structure and experts, banking equipment, hardware, software and
premises following the requirements set by the by the National Bank of Ukraine, and develop
and implement the relevant internal control procedures.
2. A bank shall permanently ensure applying of its internal control procedures in banks daily
operation.
3. Internal control procedures shall be properly documented and provide for at least three
stages, namely: i) development of control policy and procedure, ii) verification of their
compliance and consistency, and iii) control of their efficiency.
4. A bank shall implement internal control procedures ensuring and providing for:
1) reporting to the Management Board of the bank and Supervisory Council of the Bank.
Within the scope of their respective roles, functions and responsibilities, managers of the bank
shall permanently receive and analyse reports on achievement of targets and objectives set in
order to ascertain whether the actual financial results correspond to the planned and expected
performance indicators and figures;
2) multi-stage control of banks operation, including control (by managers of banks units and
departments) of employees compliance with their respective roles, functions and
responsibilities; control (by the Management Board of the bank) of operation and performance of
banks units and departments; and control (by the Supervisory Board of the bank) of operation
and performance of the Management Board of the bank;
3) the list of the steps and measures to be taken by the bank to ensure control of availability of
banks assets, which includes regular stock-takings, double control, and restricted access to
banks assets;
4) the list of the steps and measures to be taken by the bank to ensure control of access to
electronic banking systems, data bases and software, which includes development of the relevant
authorisations procedure and terms and conditions;
5) the list of the steps and measures to be taken by the bank to ensure control of access to any
information containing bank secrets, which includes development of the relevant access
procedure and terms and conditions;
6) the list of the steps and measures to be taken by the bank to ensure control of bank
employees access to banks transactions, which includes development the relevant access
procedure and terms and conditions;

20
7) making entries in respect of all banks transactions in its accounting books and records on
the same day or on the immediately following business day, if a transaction is carried out after
the closing time for transactions, or on holidays and non-business days;
8) the list of the steps and measures to be taken by the bank to ensure control of filing and
formalisation of accounting books and records by the employees authorised by a manager of the
bank, or by any other authorised person;
9) verification of compliance with the applicable limits and restrictions;
10) verification of complete, true and timely financial, statistic, management, tax and other
statements and reports; and
11) permanent assessment of appropriateness and efficiency of the banks internal control
system.
5. Acting within the scope of their respective roles, functions and responsibilities, bank
employees shall ensure implementation and applying of internal control procedures.
X. Monitoring in Respect of Internal Control System
1. The Supervisory Council of a bank shall ensure regular control (at least quarterly) of
efficient applying and functioning of the banks internal control system.
2. The Management Board of a bank shall ensure permanent monitoring of efficient applying
and functioning of the banks internal control system.
3.
A bank shall sum up and analyse the results of monitoring of internal controls
efficient applying and functioning. Reports on such results of monitoring of internal controls
efficient applying and functioning shall be prepared at all units and departments involved in the
internal control system to be made knowledgeable to all members of the Management Board of
the bank and of the Supervisory Board of the bank, managers of other units and departments, and
always including the information on general faults and weaknesses of internal control system,
their reasons, probable consequences, and suggested improvements of efficient applying and
functioning of the banks internal control system.
X. Internal Audit Procedures
1.
The Internal Audit Unit of a bank shall inspect and assess efficient applying and
functioning of the banks internal control system, with results thereof communicated to the
Supervisory Board of the bank and to the Management Board of the bank by providing of
impartial and fair judgements, opinions and assessment of sufficient and efficient functioning of
risk management systems, suitability of such systems in terms of types and scope of banks
transactions, and internal controls of the bank.
2.
A bank shall ensure inspections and verifications by its Internal Audit Unit of
efficiency of the banks internal control system, with the frequency and scope of such
inspections and verifications depending on the nature, complexity and risk exposures of
transactions.
Reports on assessment of efficiency of the banks internal control system based on the results
of inspections and verifications made in accordance with the approved procedures

21
(methodologies) shall be presented by the Internal Audit Unit directly to the Supervisory Board
of the bank and to the Management Board of the bank.
3.
A bank shall develop internal audit procedures to satisfy the requirements referred to
in Clause 1 of this Chapter.
4.
Requirements to internal audit procedures and internal audit support and
implementation in a bank shall be contemplated by separate regulations of the National Bank of
Ukraine.
5.
The National Bank of Ukraine shall be entitled to inspect and verify efficient applying
and functioning of a banks internal control system.

Chair of the Department of Regulatory and

Methodological Support of Banking Control and Supervision

N. V. Ivanenko