Internal report on internal control system of non-bank credit institutions in Vietnam

What is an internal control system?

Pursuant to the provisions of Circular 14/2023/TT-NHNN, internal control system means a combination of mechanisms, policies, processes, internal regulations and organizational structures of a non-bank credit institution in accordance with regulations of the Law on Credit Institutions, this Circular and other relevant regulations of law and is implemented with a view to controlling, preventing, detecting and handling risks, and fulfilling requirements that have been set out.

The internal control system carries out senior management supervision, internal control, risk management and internal audit.

Internal report on internal control system of non-bank credit institutions in Vietnam (Internet image)

Internal report on internal control system of non-bank credit institutions in Vietnam

Internal report on internal control system of non-bank credit institutions is prescribed in Article 7 of Circular 14/2023/TT-NHNN as follows:

(1) Internal reports on the internal control system include:

- Internal report on internal control;

- Internal report on credit risk;

- Internal report on operational risk;

- Internal report on internal audit results;

(2) The internal report on internal control contains assessment of control activities according to regulations in Article 14 of Circular 14/2023/TT-NHNN and other contents under internal regulations of the non-bank credit institution.

(3) The internal report on credit risk shall contain at least the following contents:

- Quality of credit extensions and credit extension portfolios by customer and product;

- Credit extensions requiring attention and measures for handling them;

- Customers who have outstanding loan balances exceeding the credit risk limits mentioned in Point a, Clause 2, Article 20 of Circular 14/2023/TT-NHNN;

- State of establishment and use of provisions for credit risk;

- Early warning about violations against credit risk limits and restrictions;

- Violations against regulations on credit risk management and their causes;

- Proposals and recommendations about credit risk management;

- Results of fulfillment of requests and implementation of recommendations from internal auditors, the State Bank, independent auditing organizations and other functional authorities.

(4) The internal report on operational risk shall contain at least the following contents:

- Operational risks that have arisen during the reporting period and their causes;

- Loss caused by operational risk, and measures for recovering loss and sustaining operations (if any);

- External events and factors that influence the non-bank credit institution’s operational risk;

- State of outsourcing and its operational risk management;

- Changes to technology application (if any) and state of its operational risk management;

- Proposals and recommendations about operational risk management;

- Results of fulfillment of requests and implementation of recommendations about operational risk management from internal auditors, the State Bank, independent auditing organizations and other functional authorities.

(5) The internal report on internal audit results (annual and ad hoc internal audits) shall contain the following contents:

- State of implementation of contents and scope of audit in the fiscal year;

- Compliance with mechanisms, policies and internal regulations on senior management supervision, internal control, risk management issued by the Board of Directors, Council of Members, Director General (Director), individuals and departments;

- Appropriateness and compliance with law regulations and those in this Circular of mechanisms, policies and internal regulations on senior management supervision, internal control, and risk management;

- Shortcomings and restrictions that have been detected during the process of internal audit and recommendations about the competent person/department and relevant departments;

- Other contents under internal regulations of the Board of Controllers of the non-bank credit institution.

(6) Report period:

- The internal report on internal control shall be made on an annual or ad hoc basis according to internal regulations of the non-bank credit institution;

- The internal report on credit risk shall be made on at least a quarterly or ad hoc basis according to internal regulations of the non-bank credit institution;

- The internal report on operational risk shall be made on at least a biannual or ad hoc basis according to internal regulations of the non-bank credit institution;

- Regarding internal report on internal audit results: After completion of the internal audit, the internal audit department shall submit the report on internal audit results to the Board of Controllers for approval and submission to the Board of Directors, Council of Members, Director General (Director) according to internal regulations of the Board of Controllers of the non-bank credit institution.

(7) Individuals and departments receiving reports:

Individuals and departments receiving reports are the Board of Directors, Council of Members, Board of Controllers, Director General (Director) and relevant individuals and departments according to internal regulations of the non-bank credit institution.

Mai Thanh Loi

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE