Author: Advisor to the Chairman of the Board Halyk Finance Murat Temirkhanov
In the September 2024 address, the head of state emphasized the following: “We need a new banking law that addresses the current tasks of stimulating economic activity and further dynamic development of the fintech sector. The existing law is nearly 30 years old and was adopted under completely different realities.”
Currently, an online discussion is underway regarding the consultative document on regulatory policy for the draft new law "On Banks and Banking Activities," developed by the ARRFR. We have decided to express our opinion on the new banking law in this publication. We fully agree that the current law, approved 30 years ago, is outdated, and a new banking law is necessary. However, we believe that broader and deeper changes to the laws are needed than what is proposed in this consultative document.
The current law is overloaded with procedural norms and requires updating in accordance with modern realities
The consultative document on regulatory policy for the draft new Law “On Banks and Banking Activities” notes the need for a review of excessive and outdated regulatory norms. At the same time, it lacks specific provisions regarding what should be included in the banking law and what should be outlined at the level of subordinate legislation.
In our opinion, the law is rife with procedural issues that should be included in subordinate legislation. For example, it details procedural issues regarding the opening of a new bank, including what documents need to be submitted for opening a new bank, the timeframes for reviewing these documents, and the requirement that documents be in two languages, etc. With this approach, the main principles and requirements for opening a new bank in Kazakhstan become less prominent.
We believe that there are especially many excessive and possibly outdated norms in one of the most important chapters of the law – “Regulation of Banking Activities.” First of all, the law does not distinguish between the two concepts of “regulation” and “supervision” of banks. The term “regulation” implies the establishment of rules under which financial institutions operate, including their creation and activities. The term “supervision” includes monitoring and checking regulated financial institutions to ensure compliance with laws and regulations. According to best global practices, the new law should establish the following provisions: delineation of responsibilities of state bodies, principles of regulation and supervision, and general rules and requirements for them.
Another example of incompleteness and excessive detail, in our opinion, is the very important article of the law – “Prudential Norms and Other Mandatory Norms and Limits.” This article originally listed prudential norms that have largely become outdated and incomplete over the past 30 years, as many other very important norms have emerged in international requirements for prudential regulation of banks during this period.
We believe that the new banking law should exclude all procedural and overly detailed provisions. It should only contain high-level provisions that describe the delineation of responsibilities and general rules and principles for the regulation and supervision of banking activities. In this regard, it is very important to choose the right model of what needs to be included in banking legislation. The law should be based on directives and other EU legislation on banking regulation and supervision.
A clear description of the principles and rules of risk-oriented regulation and supervision is necessary
The Concept for the Development of the Financial Sector of the Republic of Kazakhstan, approved by presidential decree in September 2022, notes that in order to eliminate the “formalized approach” in the supervisory process, a risk-oriented supervision system for banks was introduced in 2019. The so-called “formalized approach” or “rules-based regulation and supervision” remained in Kazakhstan as a legacy from the Soviet Union. The main characteristic of this approach is that the regulator prepares a large number of detailed instructions and rules covering numerous aspects of banks' activities. These rules and instructions are the same for all banks, regardless of the model and size of the business, the profile and size of risks, or the types of operations that each individual bank engages in.
As a result of this “formalized approach,” banks were forced to comply with numerous requirements that often did not correspond to the activities and risk levels of the bank, and sometimes even made no sense for a particular business model. Such an approach to regulation and supervision of banks led to inflated financial, time, and human costs in banks. For example, due to this, banks employed an excessive number of staff, produced a lot of reports with low utility, and incurred excessive costs for operational activities, information technology, and fixed assets, etc.
Also, under the “formalized approach,” during supervisory inspections, banks were forced to allocate a large number of human resources to work with the banking regulator's inspection team. This is because all such inspections were aimed at detailed verification of almost every operation and action of the professional participant for compliance with the regulator's rules and instructions, regardless of the level of risk and materiality of such operations and actions. Such inspections, in addition to increasing the costs for banks, could also distract management and staff from business development. Now, after the transition of banking supervision to risk-oriented control, the situation with supervisory inspections has improved significantly; however, the lack of proportional banking regulation (which will be discussed further) makes such a transition incomplete.
In addition to increasing the costs for banks, the “formalized approach” to regulation and supervision led to a sharp decline in the flexibility and diversity of the introduction of new products in the banking market. The financial market is changing and becoming more complex very quickly, with new products and information technologies being constantly introduced. Universal regulation and supervision for all banks create a situation where the regulator simply cannot keep up with the rapidly changing market.
It should also be noted that the so-called “formalized approach,” where the regulator meticulously checked the activities of banks, was supposed to timely identify their problems. However, the history of our banking sector tells the opposite; despite numerous detailed inspections, fines, and orders from the regulator, problems in banks arose as if suddenly and unexpectedly.
In international practice, risk-oriented regulation established by the regulator primarily implies a transition from simple to complex, depending on the nature, scale, and complexity of the operations carried out by a particular bank. That is, regulation for each bank changes proportionally to the model and size of the business, the profile and size of risks, as well as the types of operations that the bank engages in. The transition to risk-oriented regulation means that the regulator stops preparing detailed instructions for all cases of their activities for professional participants. Instead, general recommendations and framework criteria are issued, according to which professional participants must assess all their risks themselves.
Risk-oriented regulation means that depending on the significance of the risks, the nature and scale of activities, banks independently build their business processes and internal controls, finding a balance between the cost of control and the level of risk. They prepare their own policies on corporate governance, risk management, internal control, information technology, etc., and then simply agree on them with the regulator. It is particularly important in this regard to have what is called “motivated judgment” from the regulator for banks.
This approach to risk-based regulation allows banks to significantly simplify internal management and reduce their costs. It also increases their flexibility in implementing new products and technologies. In addition, risk-oriented supervision means a different approach to the regulator's measures and sanctions. In this case, sanctions are mainly applied to banks by the regulator only in cases where the interests of clients or the financial market may be significantly harmed, rather than simply because the bank has violated possibly minor rules set by the regulator.
Although the Concept for the Development of the Financial Sector notes the transition of banking supervision to risk-oriented principles in 2019, it is still too early to talk about such a transition in practice – this is explicitly stated in the consultative document for the draft new banking law. In particular, the consultative document indicates that “the current norms of banking legislation do not take into account the principle of proportionality, which implies the establishment of differentiated requirements for the regulation of financial organizations depending on the complexity of the operations performed.”
The principle of proportionality is a fundamental principle of risk-oriented regulation and supervision. Therefore, it can be concluded that Kazakhstan has not transitioned from a formalized to a risk-oriented approach in