Internal Control System Rules

Original Language Title: Iekšējās kontroles sistēmas izveides noteikumi

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now

Read the untranslated law here: https://www.vestnesis.lv/ta/id/157310

Financial and capital market Commission Regulation No. 63, Riga, 2 May 2007 (pr. No 19 5. p.)
Internal control system the rules Issued in accordance with the law of credit institutions article 50.8 sixth, eighth article 50.9 and financial instruments market law article 123.3 and 123.4 article sixth eighth 1. provisions are binding on the Republic of Latvia registered credit institutions registered in the Republic of Latvia, the investment brokerage firms, which are applicable to capital adequacy regulatory requirements in accordance with the financial instruments market law and article 121 119.1 and the Republic of Latvia registered investment management firms that are applicable capital adequacy regulatory requirements in accordance with the investment management company law article 8, eighth.
2. the rules referred to in paragraph 1, the authorities comply with these rules I, II, III, IV, VI, VII, VIII, IX, X and XI requirements individually and consolidation the consolidation group or subgroup level and the requirements of title V of the rules of consolidation consolidation of group or subgroup level in accordance with the law of credit institutions, and article 50.9 and 50.8 on the financial instruments market law 123.3 and 123.4 article.
3. explanation of terms used in the rules: 3.1 body – article 1 of the law of credit institutions (1) the definition of the relevant credit institution or financial instruments market law article 1, paragraph 3, for the definitions of investment brokerage company (investment firm), for which the applicable capital regulatory requirements in accordance with the financial instruments market law and article 121, 119.1 or investment management company, which has capital of applicable regulatory requirements in accordance with the investment management company law article 8, eighth;
3.2. compliance with laws, rules and standards (compliance laws, rules and standards), the activities of the authority in regulatory law and other legislation, with the activities of the authority related to the self-regulatory body, the professional standards and ethical codes of conduct and other activities of the authority related to best practice standards;
3.3. capital adequacy assessment process, the authority policies and procedures and measures taken by the authorities for the regular assessment of capital adequacy and the authorities for the operation and alleged inherent risk sufficient capital to cover maintenance;
3.4. the institutions – the Council, the Council of the bank or investment management company, or investment broker Council of society of the meeting or, if the Council formed;
3.5. General use of the term corresponds to the commercial law, the law of credit institutions, the law on the financial instruments market and financial and capital market Commission (hereinafter the Commission) Regulation No 60 02.05.2007. "calculation of minimum capital requirements rules" for the use of the term.
 
Title I General requirements for internal control system for creating 4. Internal control system shall arrange it so that the management should have reasonable assurance that the assets of the authority are secured against loss and unauthorized use, the reign and the Authority's operational risks are continuously identified and managed, the capital, and the amount of the share is sufficient authority for the operation and alleged risks inherent to cover transactions take place in accordance with the procedure laid down in , acting reasonably, prudently and effectively, in full respect of the law and other legal requirements.
5. the authority of the internal control system consists, in view of its size, the amount of the transactions, their diversity and complexity, the magnitude of the risk associated with each area of activity, the degree of centralization of management, information technology and other factors that are relevant to the specific objectives of the institution.
6. On the Authority's internal control system and the effective functioning of the Council of the authority and responsibility of the Board.
7. Internal control the key elements of the system are: 7.1 authority development strategy-setting, action planning for each year and the next future;
7.2. the Organization of the institution;
7.3. all the activities of the authority incurred substantial risk identification and management, t.sk. measurement, evaluation, monitoring and reporting of risks;
7.4. capital adequacy assessment process;
7.5. the accounting records;
7.6. the management information system;
7.7. the assets and the protection of information systems;
7.8. the internal control system of regular review, evaluation and improvement of efficiency in accordance with changes in the activities of the authority and the Authority's activities in affecting external circumstances.
 
Title II definition of the development strategy and planning activity 8. The Authority shall establish and document on its development strategy, which States: 8.1. operational objectives, t.sk. determine the projected financial position, activities, target market, target customers;
8.2. risk strategy, t.sk. determine the risks that the authority wants to take, the allowable level of risk acceptable risk level action compliance;
8.3. capital maintenance strategy, t.sk. down with the planned activities of the authority related to the risk capital required, the desired level of capital (capital adequacy targets) and its achievement plan, capital increase, the additional expenditure involved the raising of capital, capital adequacy regulatory compliance assurance plans, capital maintenance plan for emergency cases.
9. in determining capital adequacy maintenance strategy, the authority shall analyse, assess and document the possible development scenarios of the authority depending on different scenarios of external circumstances, taking account of the country in which the institution performs or intends to perform their activities, macro-economic indicators for different development scenarios, the activities of the authority in influencing sectoral developments possible, potential changes in eligibility rules, regulations and standards, activities of competitors and other factors that could significantly affect the achievement of the objectives of the authority. External conditions in the course of development scenario analysis body makes stress testing (stress testing) – identifies the possible events or potential changes in market conditions that can have a negative impact on the activities of the authority and that may impede the achievement of the objectives of the authority, as well as to assess these developments or changes in market conditions impact on the institution's capital.
10. The Authority shall establish an action plan for each year, which shall include at least the following year, the planned institution's financial position, market, operational objectives for the period, activities and common transactions, potential risks and acceptable risk levels, performance evaluation criteria.
 
Title III organization of the institution 11. the authority shall ensure the appropriate organization of its activities, URt.sk.: 11.1. create institutions and operational risks the appropriate and transparent organisational structure;
11.2. the authorities determine the corporate value and high professional and ethical standards of conduct;
11.3. ensure compliance with of the staff of the institution.  
12. the organizational structure of the authority shall document its organizational structure, establishing the Council, Executive Board, divisional and business unit manager responsibilities (functions), the powers and responsibilities of business and control, preparing job descriptions (service instructions) the staff responsible. Documenting organizational structure, the authority shall determine the departments responsible for risk control function, control of the conformity of the activities (compliance) function and the internal audit function (hereinafter referred to as the internal control functions), pursuant to the requirements of section XI.
13. Documenting organizational structure, establishes the reporting and information exchange procedures, URt.sk., what and when information that is required to provide and receive and what information is confidential and undisclosed.
14. employee responsibilities and giving them the power to comply with the principle of the Division of responsibilities in the form of the separation (feature), which, if combined, would allow any employee the power to do any business.
15. Documenting powers, specifies the powers conferred on it by the way the people (including the post) and departments, empowered, pārpilnvarojum rights, any restrictions on the use of the powers granted. The authority to assign staff the power to ensure that employees are introduced to the mandate assigned to them.
16. All transactions must be authorized by the Executive order or authority unit (such as a Committee) in accordance with the organisational structure of responsibility laid down in levels.

17. Relevant activities of the authority shall develop and document the business and control procedures (operational procedures). Operational procedures include at least notification of offender transactions (t.sk. indicate the documents that you need to design a decision-making process until the transaction is approved, officials acknowledge the decisions), restrictions to ensure compliance with the institution's business policy and compliance with laws, regulations, and standards, as well as transaction processing and control arrangements.
18. If the authority establishes the departments or subsidiaries, limiting the transparency of the institution (for example, create a subsidiary established in low tax countries or tax-free countries that have been identified as such by the Cabinet of Ministers Regulations No 276 26.06.2001. "rules for tax free and low taxation countries or territories" or replacement legislation (i.e., establishing the offshore-registered subsidiaries), or create subsidiaries registered in countries whose legislation essentially gives the right to perform subsidiary companies offshore subsidiary established in similar economic activity), the authority shall develop, document and implement appropriate policies and procedures to ensure that: 18.1 is determined and documented in this unit or subsidiary design goals;
18.2. There are clearly defined and documented this unit or subsidiary powers and responsibilities of the business;
18.3. all this unit or subsidiary companies associated risks (t.sk. reputation and legal risks) are identified and managed;
18.4. There are certain prudent transaction approval and risk control procedures, t.sk. provides for appropriate restrictions and limits, designed for hedging methods;
18.5. the Council and the Board of the Authority regularly receives information on this unit or subsidiary objectives of the operation, and about their activities, the risks and inherent risk, as well as other decisions required information;
18.6. the Department is carried out regularly or subsidiary performance evaluation, t.sk. analysis of the creation and operation of the need and usefulness of the activities evaluated compliance with operational objectives, compliance with laws, rules and standards, the authority approved the plans, policies and procedures;
11.6. the internal audit service on a regular basis, but not less frequently than once a year, take this unit or subsidiary companies.  
Corporate value and professional and ethical standards of conduct 19. Authority shall determine and document the institution's corporate value, t.sk. determines the high professional and ethical standards of conduct, to ensure that the members of the Council of the authority, the members of the Management Board, Department heads and other authority employees shall carry out their duties with the utmost good faith, your job duties and decision making are objective, compliance with the laws, regulations and standards, respect the information about the transaction and customer privacy and business secrets and their actions and behaviour conform to high ethical standards. Of particular importance to these standards against corruption, illegal insider trading and any other unlawful, unethical or questionable behavior.
20. The Authority shall establish and document the situation of conflict of interest management policy, develop and document the procedures that ensure the potential conflict of interest situation for the timely identification and management and determines the action the situation of conflicts of interest, URt.sk.: 20.1. avoided situations in which employees of the authority in the performance of their duties, arising or likely to arise a conflict of interest;
20.2. ensure that departments which perform actions, among which arise or may arise a conflict of interest, are mutually independent (for example, there are certain barriers, certain distinct organizational exposure);
20.3. ensure that the authority provides information to customers or potential customers are clear, accurate, truthful and not misleading;
20.4. ensure that institutions deal with shareholders (or participants), which the institution has a significant interest, Council and Board members, departments, which perform the functions of internal audit, managers and other employees of the authority who is authorized to perform the action planning authority, direction and control and be responsible for it, and that person's spouse, parents, children, and the companies in which these persons have significant interest, conditions are no different from similar institutions deal with unrelated persons the conditions and does not conflict with the authorities and the interests of its depositors.
21. the Authority's Council and Board member of his duties prevented the emergence of a conflict of interest and abstain from the decision-making authority for transactions in which this Council or the Executive Board arising or likely to arise a conflict of interest. The Authority's Council and member of the Board shall report to the Council on the authority of transactions in which this Council or the Executive Board directly or indirectly arising or likely to arise a conflict of interest.
22. the authority shall ensure that the staff of the body the opportunity to report on the internal control system deficiencies, make proposals on the prevention and reporting of illegal or unethical transactions. The authority shall establish and document the appropriate procedures with the authorities was presented to staff and ensure that the following principles apply: 22.1 an employee is assured the message privacy and the protection of employees against possible against those facing discriminatory or disciplinary measures;
22.2. the staff are provided with the opportunity to report on the internal control system deficiencies, illegal or unethical dealings, bypassing the Authority's organisational structure specified in the command (for example, reporting directly to the Department responsible for compliance control functions, the Manager or department carrying out the internal audit function, the driver);
22.3. the procedures are available in writing on paper or electronically to all staff of the authority;
22.4. the Council of the authority and the Board receives information about the institution reports for deficiencies in the internal control system, illegal or unethical transactions and ensure necessary corrective measures are taken. 
23. The staff compliance with authority to ensure that its employees are aware of their responsibilities, knowledge of information related to the execution of their duties, and they are appropriate for the performance of the duties of a position's qualifications and sufficient experience. To ensure employee compliance with authority: 23.1. establish and document the personnel policies and procedures that govern the Department Manager positions in existing employee selection procedures, fees, monitoring and succession planning, requirements for different positions for the required skills, potential employee conformity assessment criteria and procedures;
23.2. presents employees with information related to the performance of the duties of the position (the Authority's development strategy, the action plan for each year, corporate values, professional and ethical standards of conduct, operational procedures, risk management and control procedures, compliance with laws, regulations, and standards);
23.3. establish and document the employee's professional training program, the purpose of which is to prepare employees for the position's duties and continuously improve employee knowledge, as well as procedures for information about changes to policies, procedures, compliance with the laws, regulations and standards related to the performance of the duties of the position;
23.4. establish and document the system of compensation of employees, ensuring that it does not depend solely on short-term objectives (t.sk. short-term financial gain) and does not encourage risk-taking that authority could not effectively manage.
 
Title IV institutions risk identification and management 24. The Authority shall establish, document, and implement appropriate policies and procedures for the operation of all essential risks inherent on the identification and management of t.sk. measurement, evaluation, monitoring and reporting of risks.
25. the activities of the authority inherent risk identification of relevant authority regularly assess what risks may adversely affect the attainment of the objectives of the operation t.sk. the planned financial results. The authority shall ensure that the relevant risks are used to identify appropriate quantitative and qualitative criteria, assessment results and conclusions are justified and documented and the evaluation according to the specificities of the institution are at least the following risks: 25.1. credit risk;
25.2. market risk;
25.3. the operational risk;
25.4. interest rate risk in the trading book;
25.5. liquidity risk;
15.9. risks arising from the concentration of exposures;
25.7. the remaining (residual risk) risk-the risk that the authorities used credit risk mitigation techniques turns out to be less effective than originally intended;

25.8. risks arising from transactions of the vērtspapirizēšan, if the authority in these transactions as sponsor or sponsor;
25.9. other risks affecting the operation of the institution (for example, country risk, reputation risk, risk of the strategy).
26. the Risk that the body identified as essential to its activity, the authority shall develop, document and implement adequate risk management policies and procedures, which States: 26.1. risk measurement (the risks can be measured quantitatively, such as credit risk, market risk) and evaluation (non-identifiable risks, for example, reputation risk, risk of the strategy) method and regularity;
26.2. adequate risk control procedures, t.sk. determines the maximum amount of risk limits and thresholds, risk control methods control procedures to mitigate risks quantitatively determined;
26.3. the procedures for the authorities of Council, the Executive Board and divisional managers regularly receive information on the functioning of the institutions, their inherent risks and trends, the impact of the risk capital of the authority and sufficiency, as well as other decisions required information;
26.4. the risk management policy and procedure, t.sk. limit and limit, compliance control procedures;
26.5. duties, powers and responsibilities in the management of risk.
27. the Authority regularly but not less frequently than once each year, review and improve risk identification and management policies and procedures according to the changes in the activities of the authority and the Authority's activities in affecting external circumstances. The authority shall assess its compliance risk identification and management policies and procedures, the adequacy of policies and procedures and efficiency, as well as the suitability and effectiveness of the measures that the authority has taken to prevent these policies and procedures identified deficiencies.
 
Title v capital adequacy assessment process 28. Capital adequacy assessment process is designed to ensure that the authorities in the capital, and the amount of the share is sufficient authority to the current and planned activities and possible risks inherent. Capital adequacy assessment process includes authorities planned the operation current and significant risk inherent to cover necessary capital, capital planning and risk capital sufficient to cover about constant maintenance.
29. the authority shall develop, document and implement effective and appropriate capital adequacy assessment process, policies and procedures that set: 29.1. definition of capital t.sk. capital structure and the elements of the calculation of the size of the order;
29.2. the methods used by the authority to determine the risk of each essential to cover the necessary capital and total capital required to cover all relevant risks of the institution as a whole (hereinafter referred to as the total required capital);
29.3. methods used by the authority to maintain a permanent cover sufficient risk capital and meet its capital maintenance strategy in certain capital adequacy;
29.4. scenario analysis and stress testing procedures, regularity and assumptions used;
29.5. the responsibilities, powers and responsibilities of capital adequacy assessment process;
18.4. the review of capital adequacy assessment process results in a procedure for the provision, which provides that the Council of the authority and the Board regularly receives information that allows you to assess the institution's capital adequacy, capital adequacy assessment process the main assumptions used in the sensitivity of (the impact on capital adequacy assessment process), current and planned activities to cover the risk inherent in the required capital levels, as well as other decisions required information;
18.5. capital adequacy assessment process regularity.
30. the Authority regularly but not less frequently than once each year, review and improve capital adequacy assessment process policies and procedures according to the changes in the activities of the authority and the Authority's activities in affecting external circumstances.
31. Capital adequacy assessment process objectives of the institution uses the definition of capital, which it used for performance evaluation, risk management and other decisions about its current and planned activities. The authority may use different definitions of capital and capital calculation procedures than the activities of the authority in regulatory law and other statutory capital definition and calculation of the amount of equity. At the same time, the authority must be able to justify that the capital adequacy assessment process objectives apply capital definition provides that the authorities of the capital element and it is appropriate in terms of the proportion of the risks which this capital to cover expected.
32. the Authority's regularly scheduled activities for the current and the substantial risks inherent to cover necessary capital, assessing the risks associated with the possible extent of damage. The authority shall ensure that the necessary capital assessment results and conclusions are justified and documented.
33. the risk capital required to cover the amount, the authority shall evaluate all its activity right essential risks, t.sk. risks, regulatory minimum capital requirements (credit risk, market risk and operational risk), risks that are not specific to the regulatory minimum capital requirements (such as interest rate risk non-trading portfolio), and assess the possible impact of external conditions on the activities of the authority.
34. The Risk that certain regulatory minimum capital requirements to cover the necessary capital for the establishment of the authority shall consider whether the regulatory minimum capital requirements shall ensure that the institution's capital is sufficient for all the risks associated with these potential losses. For this purpose, the authority according to the specificities of its activities assessed: 34.1. credit risk t.sk. analyzing how to affect the size of the credit risk: 34.1.1. exposure concentration (the authority for that purpose, for example, analyzes the following possible exposure concentration-requirements to one customer, claims against one of related customer group, customer requirements with respect to one sector or are carried out in one region, claims secured by collateral, etc. possible uniform concentration);
34.1.2. the remaining risk credit risk mitigation techniques use (the authority for that purpose, such as analyze this situation, authorities could take over or in a timely manner to realize the pledged collateral; when the counterparty credit risk mitigation arising from third-party commitment to pay off the debt the borrower defaults in the event, the third party's refusal or failure to perform its obligations, other contingencies which result in the authorities used credit risk mitigation techniques may prove to be less effective than originally expected);
34.1.3. with vērtspapirizēšan business risks, where the body of vērtspapirizēšan transactions as sponsor or sponsor (the authority for that purpose, for example, analyzes the risks arising from deficient in the case of the transfer of credit risk, risks arising from exposure to restore worth papirizēšan that includes early amortisation provision);
21.3. market risks, t.sk. analyzing how the market affects the size of the risk concentration of exposures and how institutions market risk can be affected by changes to financial instruments market liquidity emergency market situations;
3. operational risk, t.sk. in assessing whether the authorities calculate the regulatory capital requirements for operational risk shall reflect the objective of the institution's operational risk (for this purpose, can be useful, for example, in comparison with the other in size and activities of similar bodies);
21.4. other possible risk factors, such as if the institution capital requirements using internal models, it analyzes the stress test results, this model's constraints and assumptions used in patterns (for example, the correlation assumptions, assumptions about the effects of diversification, duration (duration) assumption) impact on capital requirement calculation results.
35. The Risk that the regulatory minimum capital requirements to cover the necessary capital for the establishment of the authority determines its potential losses that may arise following the substantial risk of its activity, t.sk. assess the potential losses from non-quantifiable risks. For this purpose, the authority according to the specificities of its activities are analysed: 21.8. interest rate risk in the trading book, not t.sk. in accordance with article 101.3 of the law of credit institutions of the Fifth Commission of stress testing results;
35.2. other institutions activity significant risks (such as country risk, liquidity risk, reputation risk, risk of the strategy).

36. in order to determine the amount of capital that is needed to cover probable losses, the authority which may arise, the external conditions affect the body according to the specificities of its operation analyzes the potential changes in eligibility rules, regulations and standards, in the political, economic and other conditions in the countries where the authority performs or intends to perform their activities, the institutions affecting sectors of activities, technological advances, the actions of competitors and other external factors that can lead to institution.
37. in order to determine the amount of capital required for the operation of the authority and the alleged inherent risk, in addition to the regulatory minimum capital requirements, the authority may use a scenario analysis, t.sk. stress testing, which allows you to identify any possible events or potential changes in market conditions that can have a negative impact on the institution's capital.
38. in order to determine the total required capital, the authority collects the individual risk to cover necessary capital discovery results. If the authority to cover the various risk capital required calculate use different assumptions (such as different confidence intervals, different holding period), the authority shall, in calculating the total capital needed, ensure the comparability of the results obtained. The authority shall ensure the total required capital discovery results documentation.
39. the authority determines the total capital needed, assessing its current and planned activities and the possible risk inherent to cover the necessary capital and capital adequacy maintenance plan, and ensures that the capital is always equal to or greater than the prescribed total required capital.
 
Section VI accounting organization 40. the authority represents the accountancy system, accountancy bodies subject to the authorities of the control laws and other legislation, designing and documenting the accounting policy (as reflected in the various accounting transactions) and accounting, control, evaluation and reporting procedures.
41. the authority shall ensure that every day all the transactions are processed and at the end of each working day is up for balance.
 
Section VII management information system 42. The Authority shall establish management information system, which enables you to understand and evaluate the Authority's financial position, effective decision-making and to assess their effects, as well as timely disclosure control procedures. The Council of the authority, the Management Board, Department managers and executive staff must be available for timely accurate and appropriate information that is necessary for the performance of the duties of the positions and decisions.
43. the management information covers at least: 43.1. the Authority's current state and performance compared to previous periods and figures in the action plan;
43.2. assets, liabilities and off-balance-sheet items in the analysis, showing how they are evaluated;
43.3. the income and expenditure analysis, t.sk. the dependence of various assets, liabilities and off-balance sheet items;
43.4. actual size of quantitative risk comparison with restrictions and limits;
43.5. policies and procedures adopted by the failure and analysis.
44. The information system provides the timely provision of information to external users (annual report, report to the Commission, the Bank of Latvia, etc.) according to the laws in force and other legal requirements.
 
Section VIII of the assets and the protection of information systems 45. The Authority shall establish and document the procedures of protection: 45.1. provides material and financial institutions active in conservation;
45.2. ensure tangible and financial assets, which are held on behalf of customers;
45.3. prevent unauthorised third parties directly and indirectly (through document between the vanity) access authority assets, accounting, electronic communications systems and other data;
28.2. the information system provides a safe and stable functioning and preservation of information (t.sk. information in emergency situations).
 
Title IX institution Council functions internal control systems in field 46. Authority the Council monitors, as the Management Board of the authority provide the internal control system and effective functioning. Performing internal control system monitoring, the Council of the authority: 46.1. determine the Division of responsibilities among the members of the Council and of the procedure for the exchange of information between the Council and the Executive Board;
46.2. determines the obligations of the members of the Management Board remuneration and performance evaluation of the Board;
46.3. the authorities determined the development strategy, t.sk. operational objectives, strategy and risk capital adequacy maintenance strategy;
46.4. the authorities determine the corporate value and professional and ethical standards of conduct, approved by the conflict of interest situation management policy;
28.9. monitor the risk management authority, t.sk. confirm the risk identification and management policy, requires (acquired) information on risk management and, at least annually, assess the effectiveness of risk management;
46.6. fixed capital adequacy assessment process guidelines, t.sk. the definition of capital used methods and objectives, approve the capital adequacy assessment process;
monitor compliance 29.0. risk management authority, t.sk. approve the operational compliance risk management policy, at least once a year to assess compliance risk management effectiveness;
29.1. monitor the effective functioning of the management information system;
46.9. monitor, or risk control function, control of the conformity of the activities of the internal audit function and the function is well-defined, or these features is a good place in the organisational structure of the authority and a role in the process of managing the institution, they are provided with qualified staff and work effectively;
46.10. monitors the internal control system periodically according to the change in the development of the activities of the authority and the Authority's activities in external conditions affecting;
46.11. review the internal audit, external auditor, as well as the Commission and the other institutions and the recommendations of the opinion to improve the operation of the authority and control of the open gap.
 
Title x of the function of the Board of the Authority's internal control system in the field of 47. The Management Board of the authority is responsible for the comprehensive internal control system, its implementation, management and development. Internal control system in the field of the Management Board of the authority: 29.3. determine the qualitative and quantitative targets for each area of activity of the authority in accordance with the Council of the authority for development strategy;
47.2. the organisational structure of the authority;
47.3. the institution provides appropriate qualifications and experience, ensure the professional conduct laid down by the Council's standards and ethics, provides the Council managing the situation of a conflict of interest policy and approve appropriate procedures;
47.4. the authorities ensure operational risk identification and management, t.sk. measurement, evaluation, monitoring and reporting of risks, implementing the Council risk identification and management policies, and approve appropriate procedures;
29.5. ensure regular assessment of capital adequacy and adequate capital maintenance under the Council capital adequacy assessment process policy and approve appropriate procedures;
29.6. the compliance activities ensure risk management by implementing the activities established by the Council in compliance with the risk management policy and approve appropriate procedures;
29.6. fixed assets, liabilities, off-balance-sheet requirements and liability, revenue, and expense accounting and valuation principles;
47.8. introducing and managing management information system covering all the activities of the authority;
29.8. provides institutions and information systems active protection;
47.10. ensure measures are taken to prevent internal control system deficiencies, which discovered the internal audit, external auditor, the Commission or the other institutions;
47.11. at least once a year the Council of the Authority gives an overview of the internal control system, the evaluation of its effectiveness and, if necessary, to propose changes to improve its efficiency, taking into account the changes in the activities of the authority and its action in affecting external circumstances.
 
Section XI internal control functions 48. To promote effective and comprehensive internal control systems in all areas of activity of the authority, the authority according to the specifics of its operations provides at least the following three internal control functions of the institution – risk control functions, operations, compliance and control functions of the internal audit function.
49. the authority shall ensure that the internal control function is independent of the institution that they control (hereinafter referred to as the controllable actions). Internal control function is considered independent of the controlled transactions, subject to the following conditions:

30.5. employees, performing internal control functions, responsibilities does not include responsibilities related to controlled activities;
30.6. the internal control functions are separated from the controlled organisational activities and units that carry out internal control functions, the driver is institutional subject person, which is not at the unit that carried out the controlled activity;
30.6. the departments carrying out internal control functions, shall report to the Council of the Authority (or Board);
49. employees, performing internal control functions, the remuneration shall not depend on the results of controlled activities.
50. the authority shall ensure that the internal control functions are institutional separate from one another.
51. in derogation from paragraph 49 and 50 of the principles listed in the Authority develop and implement control procedures that ensure the interests of existing or potential conflict situation, and if it matches the size of the authority and the nature of the transaction.
52. the internal control functions To work effectively, the authority: 52.1. clearly define and document the business unit performing internal control functions, powers;
52.2. the distinction between the internal control functions of the daily transactions and control functions;
52.3. ensure the units carrying out internal control functions, free access to all documents, information, and employees;
52.4. departments which carry out internal control functions, the power to control the activities of the authority, which are used to provide outsourcing services;
52.5. ensure the units carrying out internal control functions, effective functions sufficient resources, t.sk. employee sufficient education and professional experience to have a reason to believe that they are capable of carrying out their duties;
52.6. ensure the units carrying out internal control functions, direct contacts with the Council and the Executive Board. 
Risk control function 53. Risk control functions is the Mission of the institution's risk management system, t.sk. appropriate risk management policy and procedures development and implementation.
54. the authority for the control of the risk function is organized according to the size and nature of its activities, putting the risk control function for one or more organizational units (hereinafter individually or all together – risk control unit) and ensuring that the risk-control unit responsibilities and role is documented and is designated as the authority responsible for the control of risks.
55. the Risk-Control Department responsibilities include: 55.1. the institutions essential to the transaction risk identification and risk management policy and procedure development;
55.2. risk management policy and procedure t.sk. limit and limit, compliance control;
55.3. risk management policy and procedures review and development of a regular basis to ensure their relevance and consistency with the changes in the activities of the authority and the Authority's activities in affecting external circumstances.
56. Risk Control Unit regularly provide reports to the Council of the authority, the Management Board and the relevant department heads, which contain information on the activities of the authority inherent risks that Council, the Management Board of the authority and the relevant heads of Department allows you to constantly assess the risks that affect the body's ability to achieve its objectives, and, if necessary, to decide on appropriate corrective measures are taken. 
Compliance control function 57. control of the conformity of the activities of the Mission's operational function the compliance risk identification, assessment and management. By complying with these rules of risk is the risk that losses may occur to the authority or it may be legal obligations imposed on, or it may be subject to sanctions or may degrade its reputation as an institution fails to comply with or violate the compliance rules, regulations and standards.
58. the authority complying with control function organized according to its size and the nature of the activities, entrusting the operation of the compliance control function for one or more organizational units (hereinafter individually or all together-the transaction compliance control unit) and ensuring that the control of the conformity of the activities of the responsibilities and role of the unit is documented and the institution is designated as responsible for the operational control of compliance officers.
59. The Management Board of the authority, in cooperation with the control of the conformity of the activities of the Department: 59.1. at least once a year and evaluate the most important identified compliance issues and develop plans to avoid them;
59.2. at least once a year a statement of the Council on the activities of the authority with the compliance risks, including information to enable the Council to assess the performance of the Authority's compliance risk management effectiveness;
59.3. immediately notify the Authority Council on significant compliance problems, which may occur to the authority or it may be legal obligations imposed on, or it may be subject to sanctions or may degrade its reputation.
60. the control of the conformity of the duties of the Department include: 60.1. operating compliance risk identification, evaluation, documentation and t.sk. provided that before a new operation (t.sk. before new products, services, procedures in place before the new client or partner approval) is identified with the transaction related activities compliance risks and assess whether, by doing this, the authority will respect the eligibility rules, regulations and standards;
60.2. the compliance risk management policy and procedure development and documentation, t.sk. the development of appropriate procedures to ensure that compliance with the laws, regulations and standards are observed by all staff of the institution;
60.3. the compliance risk management policies and procedures;
60.4. the compliance risk management policies and procedures for the regular review and improvement to ensure the topicality and relevance of changes in the activities of the authority and the Authority's activities in external conditions affecting;
37.6. the authorities informing the Governing Board of the institution, the risk of compliance activities compliance issues, desired and the measures taken to prevent these problems, compliance with laws, regulations, and standards and changes;
60.6. possible changes to the laws, the rules of conformity and standards impact on the activities of the authority;
60.7. providing advice and support to institutions to ensure that they do their job duties in compliance with the laws, regulations and standards.
61. the activities of the compliance control unit operating under the authority of the Council or the Executive Board approved the work plan, which reflects the current period operations. 
Internal audit function the internal audit function 62. mission is to carry out the internal control system of independent monitoring, as well as the adequacy and effectiveness of the assessment to help authorities Council, Board and department managers to carry out its functions more effectively.
63. The unit carrying out the internal audit function (hereinafter internal audit), responsibilities include: 39.2. efficiency of the Authority's operation and evaluation of results;
39.3. conformity of the institution's strategy, plans, policies and procedures;
63.3. institution's capital adequacy assessment process inspection, t.sk. its efficiency, completeness and conformity assessment for the operation of the authority;
63.4. risk control functions and operational control of the conformity evaluation of the effectiveness of the function;
63.5. accounting system;
63.6. evaluation of information systems;
63.7. internal control operating procedures;
63.8. financial information reliability and full check, as well as the means test, by which this information is identified, measured, classified and provided;
39.7. specific inspections and investigations.
64. The internal audit manager's appointment and removal from Office of the order ensures that the internal audit manager in decision-making and action is independent of the institution's Board and is clearly the responsibilities, authority and reporting procedures.
65. the internal audit activities carried out in accordance with the action plan laid down by the Council, which represents: 65.1. during the period under scope, inspection checks the regularity and necessary resources;
65.2. risk identification and assessment methods the test areas of activity, as well as risk control procedures evaluation criteria;
65.3. the test results documentation requirements;
65.4. the order in which results are to be provided to the Council and the Executive Board, the implementation of the recommendations of the inspection procedure.

66. the internal audit shall prepare a report on the results of each inspection reveals facts and internal control system deficiencies, policy and procedure violations, does not sufficiently identify or manage risks and provide recommendations to address the public. Internal audit provides the results of each inspection carried out in fact, opinion and recommendations of the consultation on the appropriate management level, as well as following the recommendation of the internal audit. Internal audit, at least once a year, prepare a report on the checks carried out, the main problems facing, expressing views on the effectiveness of the internal control system.
 
Title XII final questions 67. these provisions are not binding authority in the period in which it uses the law of credit institutions of the transitional provisions referred to in paragraph 24, or financial instruments market law transitional provisions referred to in paragraph 31 of the opportunity.
68. it is recommended to apply those provisions in the Republic of Latvia registered investment brokerage firms that do not apply to capital adequacy regulatory requirements in accordance with the financial instruments market law and article 121, 119.1 them in the Republic of Latvia registered investment management firms that are not applicable capital adequacy regulatory requirements in accordance with the investment management company law article 8, eighth, the Republic of Latvia established credit unions, insurers, insurance brokerage firms , private pension funds, the organizers of the regulated market and the Latvian Central Depositary, in so far as the rules apply to them.
69. With 01.01.2008. Commission shall lapse 21.12.2001. recommendations no. 24/7 "recommendations for the establishment of internal control systems".
 
Informative reference to European Union directives and other international documents the rules included provisions resulting from: 1) European Parliament and Council Directive 2006/48/EC relating to the taking up and pursuit of the business of credit institutions;
2) European Parliament and Council Directive 2006/49/EC on the capital adequacy of investment firms and credit institutions;
3) European Parliament and Council Directive 2004/39/EC on markets in financial instruments;
4) European Commission Directive 2006/73/EC of the European Parliament and of the Council Directive 2004/39/EC as regards organisational requirements and operating conditions for investment firms and defined terms for the purposes of that directive.
Financial and capital market Commission President When the U.