According to the draft, the internal control system is a set of mechanisms, policies, procedures, internal regulations, and organizational structure of a credit institution that is built in accordance with the provisions of the Law on Credit Institutions, this Circular, and relevant legal provisions and is organized and implemented to control, prevent, detect, and promptly handle risks and achieve the set requirements. The internal control system implements supervision by senior management, internal control, risk management, and internal audit.
Requirements for internal control systems
According to the draft, the internal control system of a credit institution must meet the following requirements: Effective and safe in operation; protection, management, safe and effective use of assets and resources; honest, reasonable, complete and timely financial and management information systems; compliance with laws and internal mechanisms, policies, procedures and regulations. At the same time, it must be appropriate to the scale, conditions and complexity of the credit institution's business operations; have sufficient financial, human and information technology resources to ensure the effectiveness of the internal control system; build and maintain a culture of control and professional ethics for the credit institution.
Credit institutions must have internal regulations according to the provisions of the Law on Credit Institutions, which must ensure:
Comply with the provisions of this Circular and relevant legal provisions.
The Board of Directors and the Board of Members issue regulations on the organization, administration and operation of the credit institution, except for matters under the authority of the General Meeting of Members and Owners; the Board of Supervisors issues internal regulations of the Board of Supervisors; the General Director (Director) issues regulations, processes and operating procedures (internal processes);
Meet the requirements and contents of control activities as prescribed.
Periodically assessed according to the provisions of this Circular and the regulations of the credit institution on suitability, compliance with legal provisions and amendments and supplements (if necessary).
The internal control system must have three independent lines of protection as follows:
The first line of defense is responsible for identifying, controlling and minimizing risks, performed by the following departments: Business departments (including product development departments), departments with other revenue generating functions; departments with risk decision-making functions; departments with risk limit allocation functions, risk control, and risk reduction functions (belonging to the business department or independent departments) for each type of transaction and business activity; Human resources department, accounting department.
The second line of defense is responsible for developing risk management policies, internal regulations on risk management, risk monitoring and compliance with legal regulations, which are carried out by the following departments: Compliance Department; Risk Management Department.
The third line of defense has the internal audit function performed by the internal audit department in accordance with the provisions of the Law on Credit Institutions and this Circular.
The State Bank said that the model of three independent lines of defense is designed to enhance the connection and interaction between departments involved in the operations and governance of credit institutions, which are cooperatives and microfinance institutions, in risk management, thereby contributing to the sustainable development of credit institutions, which are cooperatives and microfinance institutions. In this model, the roles of different leadership levels in an organization are clearly defined, including the supervision of the Board of Directors/Members' Council over the General Director (Director), the General Director (Director) over departments with activities including risk and compliance (first-line and second-line roles); and ensuring independent supervision through internal audit (third-line role). Clause 1, Article 101 of the Law on Credit Institutions (CIs) 2024 stipulates: CIs must develop and promulgate internal regulations for the business operations of the credit institution, including the implementation of business operations by electronic means, ensuring that there are internal control, audit, and risk management mechanisms associated with each business process, and emergency response plans. This provision is also equivalent to the three-line protection model. The draft Circular proposes to stipulate that the internal control system of credit institutions that are cooperatives and microfinance institutions (MFIs) must have 03 independent lines of protection similar to those of other types of credit institutions, but there will be specific regulations to suit the practical operations of People's Credit Funds. |
The draft clearly states that the discussion and conclusions on the internal control system in the meetings of the Board of Directors, Board of Members, Supervisory Board, Risk Management Committee, and Personnel Committee (if any) must be recorded in minutes, clearly stating the agreed and disagreed opinions of each member.
The assessment of the internal control system by an independent auditing organization (if any) is carried out in accordance with the State Bank's regulations on independent auditing of credit institutions and foreign bank branches.
State Bank report on internal control system
Credit institutions must prepare reports on the internal control system according to the appendices issued with this Circular, including: Annual report on internal control and risk management (Appendix No. 01); Annual report on internal audit (Appendix No. 02); Ad hoc report on internal audit (if any).
The report on the internal control system must update the existing problems, limitations, and risks (if any) arising in the entire credit institution (including departments at the head office; branches; transaction points and other affiliated units of the credit institution).
Deadline for submitting reports:
Annual report on internal control and risk management: Within 45 days from the end of the fiscal year.
Annual report on internal audit: Within 60 days from the end of the fiscal year.
Ad hoc report on internal audit (if any): Within 15 working days from the date of completion of the ad hoc internal audit (including approval by the Board of Supervisors).
The deadline for closing reporting data is the end of the fiscal year.
The report is made in writing and sent directly or by post to the State Bank (Department of Credit Institution Management and Supervision) for cooperative banks and microfinance institutions, and to the State Bank of the region where the head office is located for People's Credit Funds.
The State Bank is seeking comments. draft on the Electronic Information Portal of this agency./.
Source: https://baolangson.vn/de-xuat-quy-dinh-moi-ve-he-thong-kiem-soat-noi-bo-cua-to-chuc-tin-dung-la-hop-tac-xa-to-chuc-tai-chinh-vi-mo-5060427.html
![[Photo] Hanoi morning of October 1: Prolonged flooding, people wade to work](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/1/189be28938e3493fa26b2938efa2059e)
![[Photo] Panorama of the cable-stayed bridge, the final bottleneck of the Ben Luc-Long Thanh expressway](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/30/391fdf21025541d6b2f092e49a17243f)
![[Photo] The 1st Congress of Phu Tho Provincial Party Committee, term 2025-2030](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/30/1507da06216649bba8a1ce6251816820)
![[Photo] President Luong Cuong receives President of the Cuban National Assembly Esteban Lazo Hernandez](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/30/4d38932911c24f6ea1936252bd5427fa)
Comment (0)