Financial and capital market Commission, the provisions of regulations no 233 Riga 2012 November 1 (financial and capital market Commission Council meeting Protocol No 40 5. p.) The internal control system, regulations Issued under the provisions of the credit institutions act article 50.8 sixth, eighth article 50.9 and financial instruments market law article 123.3 and 123.4 article sixth eighth 1. "internal control framework, regulations of regulations" (hereinafter-the rules) are binding on the Republic of Latvia registered credit institutions and those in the Republic of Latvia registered investment brokerage firms, which are applicable to capital adequacy regulatory requirements in accordance with the financial instruments market law and article 121 119.1. In the Republic of Latvia registered investment management companies are subject to the investment management community law article 8 the eighth part, the following provisions in paragraphs 8 and 9 and the requirements set out in section V. 2. the rules referred to in paragraph 1, the authorities comply with these rules I, II, III, IV, VI, VII, VIII, IX, X and XI requirements individually and consolidation the consolidation group or subgroup level and the requirements of title V of the rules of consolidation consolidation of group or subgroup level in accordance with the law of credit institutions, and article 50.9 and 50.8 on the financial instruments market law 123.3 and 123.4 article. 3. explanation of terms used in the rules: 3.1. Authority-article 1 of the law of credit institutions (1) the definition of the relevant credit institution or financial instruments market law article 1, paragraph 3, for the definitions of investment brokerage company (investment firm), for which the applicable capital regulatory requirements in accordance with the financial instruments market law and article 121, 119.1 or investment management company, which is subject to the investment management community law article 8 eighth part; 3.2. compliance with laws, rules and standards (compliance laws, rules and standards), the activities of the authority in regulatory law and other legislation, with the activities of the authority related to the self-regulatory body, the professional standards and ethical codes of conduct and other activities of the authority related to best practice standards; 3.3. capital adequacy assessment process, the authority policies and procedures and measures taken by the authorities for the regular assessment of capital adequacy and the authorities for the operation and alleged inherent risk sufficient capital to cover maintenance; 3.4. the institutions – the Council, the Council of the credit institution or investment management company Board, or investment brokerage company meeting or of the members of the Council, if one was created; 3.5. risk profile, the risk assessment of the authority, taking into account its size, the amount of the transactions, the diversity and complexity of the economic environment in which it operates, as well as the economic cycle; 3.6. risk Director, employee or officer of the authority, which is responsible for the comprehensive risk control function, monitor the risk management system and coordinate the activities of all departments of the Authority relating to risk management; 3.7. General use of the term corresponds to the commercial law, the law of credit institutions, the law on the financial instruments market and financial and capital market Commission (hereinafter the Commission) Regulation No 60 02.05.2007. "calculation of minimum capital requirements rules" and legislative rules No 20.03.2009.. 38 "capital adequacy assessment process the legislative provisions establishing the terms of use." Title I General requirements for internal control system for creating 4. Internal control system shall arrange it so that the management should have reasonable assurance that the assets of the authority are secured against loss and unauthorized use, the reign and the Authority's operational risks are continuously identified and managed, the capital, and the amount of the share is sufficient authority for the operation and alleged risks inherent to cover transactions take place in accordance with the procedure laid down in , acting reasonably, prudently and effectively, in full respect of the law and other legal requirements. 5. the authority of the internal control system consists, in view of its size, the amount of the transactions, their diversity and complexity, the magnitude of the risk associated with each area of activity, the degree of centralization of management, information technology and other factors that are relevant to the specific objectives of the institution. The principles referred to in this paragraph, the authority does not apply those provisions, ensuring compliance with the requirements of paragraph 17. 6. On the Authority's internal control system and the effective functioning of the Council of the authority and responsibility of the Board. 7. Internal control the key elements of the system are: 7.1 authority development strategy-setting, action planning for each year and the next future; 7.2. the Organization of the institution; 7.3. all the activities of the authority incurred substantial risk identification and management, t.sk. measurement, evaluation, monitoring and reporting of risks; 7.4. capital adequacy assessment process; 7.5. the accounting records; 7.6. the management information system; 7.7. the assets and the protection of information systems; 7.8. the internal control system of regular review, evaluation and improvement of efficiency in accordance with changes in the activities of the authority and the Authority's activities in external conditions affecting; 7.9. the remuneration system. Title II definition of the development strategy and planning activity 8. The Authority shall establish and document on its development strategy, which States: 8.1. operational objectives, t.sk. determine the projected financial position, activities, target market, target customers; 8.2. risk strategy, t.sk. determine the risks that the authority wants to take, the allowable level of risk acceptable risk level action compliance; 8.3. capital maintenance strategy, t.sk. down with the planned activities of the authority related to the risk capital required, the desired level of capital (capital adequacy targets) and its achievement plan, capital increase, the additional expenditure involved the raising of capital, capital adequacy regulatory compliance assurance plans, capital maintenance plan for emergency cases. 9. in determining capital adequacy maintenance strategy, the authority shall analyse, assess and document the possible development scenarios of the authority depending on different scenarios of external circumstances, taking account of the country in which the institution performs or intends to perform their activities, macro-economic indicators for different development scenarios, the activities of the authority in influencing sectoral developments possible, potential changes in eligibility rules, regulations and standards, activities of competitors and other factors that could significantly affect the achievement of the objectives of the authority. External conditions in the course of development scenario analysis body makes stress testing (stress testing) – identifies the possible events or potential changes in market conditions that can have a negative impact on the activities of the authority and that may impede the achievement of the objectives of the authority, as well as to assess these developments or changes in market conditions impact on the institution's capital. 10. The Authority shall establish an action plan for each year, which shall include at least the following year, the planned institution's financial position, market, operational objectives for the period, activities and common transactions, potential risks and the levels of risk levels, performance evaluation criteria. Title III organization of the institution 11. the authority shall ensure the appropriate organization of its activities, URt.sk.: 11.1. create institutions and operational risks the appropriate and transparent organisational structure; 11.2. the authorities determine the corporate value and high professional and ethical standards of conduct; 11.3. the development of the system of compensation of employees, remuneration policy and personnel policy, as well as the staff of the authority. 12. the organizational structure of the authority shall document its organisational structure shall be determined by the Council (t.sk. Council Committee), Board, Department and unit manager responsibilities (functions), the powers and responsibilities of business and control, preparing job descriptions (service instructions) the staff responsible. Documenting organizational structure, the authority shall determine the departments responsible for risk control function, control of the conformity of the activities (compliance) function and the internal audit function (hereinafter referred to as the internal control functions), pursuant to the requirements of section XI. 13. Documenting organizational structure, establishes the reporting and information exchange procedures authority, t.sk. determine how and when information that is required to provide and receive and what information is confidential and undisclosed. 14. employee responsibilities and giving them the power to comply with the principle of the Division of responsibilities in the form of the separation (feature), which, if combined, would allow any employee the power to do any business. 15. Documenting powers, specifies the powers conferred on it by the way the people (including the post) and departments, which empowered, pārpilnvarojum rights, as well as any restrictions on the use of the powers granted. The authority to assign staff the power to ensure that employees are introduced to the mandate assigned to them. 16. All transactions must be authorized by the Executive order or authority unit (such as a Committee) in accordance with the organisational structure of responsibility laid down in levels. 17. the pledging of assets of the credit institution, if one or more of the following obvious trade total amount exceeding 10 percent of the equity of a credit institution, the review and approval of the Management Board of the credit institution, with the exception of the following transactions: 17.1. repo transactions; 17.2. deposits, to ensure the payment card settlements; 17.3. letters of credit; 17.4. the guarantees that the customer provided support and which are based on the loan between the credit institution and the customer; 17.5. in cases where the decision of the Board is not possible because the decision on the conclusion of the transaction is required for the adoption of operational activities (one working day), but which are closed the Board previously approved limit. 18. The essential activities of the authority shall develop and document the business and control procedures (operational procedures). Operational procedures include at least notification of offender transactions (t.sk. indicate the documents that you need to design a decision-making process until you confirm the transaction, and officials acknowledge the decisions), restrictions to ensure compliance with the institution's business policy and compliance with laws, regulations, and standards, as well as transaction processing and control arrangements. 19. If the authority establishes the departments or subsidiaries, limiting the transparency of the institution (for example, create a subsidiary established in low tax countries or tax-free countries that have been identified as such by the Cabinet of Ministers Regulations No 276 26.06.2001. "rules for tax free and low taxation countries or territories" or replacement legislation (i.e., establishing the offshore-registered subsidiaries), or create subsidiaries registered in countries whose legislation essentially gives the right to perform subsidiary companies offshore subsidiary established in similar economic activity), the authority shall develop, document and implement appropriate policies and procedures to ensure that: 19.1 is defined and documented in this unit or subsidiary design goals; 19.2. is clearly defined and documented this unit or subsidiary powers and responsibilities of the business; 19.3. all this unit or subsidiary companies associated risks (t.sk. reputation and legal risks) are identified and managed; 19.4. There are certain cautious approval of transactions and risk control procedures, t.sk. provides for appropriate restrictions and limits, designed for hedging methods; 19.5. the Council and the Board of the Authority regularly receives information on this unit or subsidiary companies and their activities, about the inherent risks and risk levels, as well as other decisions required information; 12.2. This unit is carried out regularly or subsidiary performance evaluation, t.sk. analysis of the creation and operation of the need and usefulness of the activities evaluated compliance with operational objectives, compliance with laws, rules and standards, the authority approved the plans, policies and procedures; 19.7. internal audit services on a regular basis, but not less frequently than once a year, take this unit or subsidiary companies. Corporate values and professional standards of behaviour and ethics 20. Authority shall determine and document the institution's corporate value, t.sk. determines the high professional and ethical standards of conduct, to ensure that the members of the Council of the authority, the members of the Management Board, Department heads and other authority employees shall carry out their duties with the utmost good faith, your job duties and decision making are objective, compliance with the laws, regulations and standards, respect the information about the transaction and customer privacy and business secrets and their actions and behaviour conform to high ethical standards. Of particular importance to these standards against corruption, illegal insider trading and any other unlawful, unethical or questionable behavior. 21. The Authority shall establish and document the situation of conflict of interest management policy, develop and document the procedures that ensure the potential conflict of interest situation for the timely identification and management and determines the action the situation of conflicts of interest, URt.sk.: 21.1. avoided situations in which employees of the authority in the performance of their duties, arising or likely to arise a conflict of interest; 21.2. ensure that departments which perform actions, among which arise or may arise a conflict of interest, are mutually independent (for example, there are certain barriers, certain distinct organizational exposure); 21.3. ensure that the authority provides information to customers or potential customers are clear, accurate, true and complete (all being found substantial risks to the customer), as well as not misleading; 21.4. ensure that institutions deal with shareholders (or participants), which the institution has a significant interest, Council and Board members, departments, which perform the functions of internal audit, managers and other employees of the authority who is authorized to perform the action planning authority, direction and control and be responsible for it, and that person's spouse, parents, children, and the companies in which these persons have significant interest, conditions are not favourable for similar institutions deal with people not associated with body condition and does not conflict with the authorities and its depositors or investors ' interests. 22. the Authority's Council and Board member of his duties prevented the emergence of a conflict of interest and abstain from the decision-making authority for transactions in which this Council or the Executive Board arising or likely to arise a conflict of interest. The Council of the authority or a member of the Board shall report to the Council of the authority for transactions in which this Council or the Executive Board directly or indirectly arising or likely to arise a conflict of interest. 23. the authority shall ensure that the staff of the body the opportunity to report on the internal control system deficiencies, make proposals on the prevention and reporting of illegal or unethical transactions. The authority shall establish and document the appropriate procedures with the authorities was presented to staff and ensure that the following principles apply: the employee is ensured. 23.1 message privacy and the protection of employees against possible against those facing discriminatory or disciplinary measures; 23.2. the staff are provided with the opportunity to report on the internal control system deficiencies, illegal or unethical dealings, bypassing the Authority's organisational structure specified in the command (for example, reporting directly to the Department responsible for compliance control functions, the Manager or department carrying out the internal audit function, the driver); 23.3. the procedures are available in writing on paper or electronically to all staff of the authority; 23.4. the Council of the authority and the Board receives information about the institution reports for deficiencies in the internal control system, illegal or unethical transactions and ensure necessary corrective measures are taken. Staff compliance and remuneration system 24. the authority shall ensure that its employees are aware of their responsibilities (t.sk. for risk identification and management), knowledge of information related to the execution of their duties, and they are appropriate for the performance of the duties of a position's qualifications and sufficient experience. To ensure employee compliance with authority: 24.1. establish and document the personnel policies and procedures that govern the Department Manager positions in existing employee selection procedures, fees, monitoring and succession planning, requirements for different positions for the required skills, potential employee conformity assessment criteria and procedures; 24.2. presents employees with information related to the performance of the duties of the position (the Authority's development strategy, the action plan for each year, corporate values, professional and ethical standards of conduct, operational procedures, risk management and control procedures, compliance with laws, regulations, and standards); 24.3. develop and document employee training program, the purpose of which is to prepare employees for the position's duties and continuously improve employee knowledge, as well as procedures for information about changes to policies, procedures, compliance with the laws, regulations and standards related to the performance of the duties of the position; 15.2. establish and document the system of compensation of employees, ensuring that it does not depend solely on short-term objectives (t.sk. short-term financial gain) and does not contribute to the risk-taking that authority could not effectively manage. Authority in accordance with the Commission's rules, regulations No 21.01.2010.. 171 "the legislative provisions on the basic principles of remuneration policy" provides a remuneration policy staff whose professional activities have a material impact on the risk profile of the institution. 25. the authority shall ensure that both the Council and the Management Board is collectively sufficient experience and knowledge of all the relevant facility activities and risks. The Authority also ensures that both the Council and the Management Board is collectively sufficient experience and knowledge (or if necessary, the opportunity to receive counseling) in areas such as finance, accounting and audit, lending, payment systems, strategic planning, governance, risk management, internal control and compliance laws, rules and standards. 26. in order to ensure that each Council and the Executive Board shall have sufficient expertise and skills to carry out the responsibilities of both the Council and the Committee or Board (if one is created), the authority shall ensure that in case of need and for each Council Member shall have the opportunity to receive appropriate training (e.g., on the authorities, new or planned financial services activities and their risk profile or on the laws in the States that authority shall carry out its activities). 27. the Council and the members of the Board devote enough time for the fulfilment of its obligations (including committees), t.sk. members of the Board devotes sufficient time to ensure risk management authority, but Council members – to monitor them. Title IV institutions risk identification and management 28. The Authority shall establish, document, and implement appropriate policies and procedures for the operation of all essential risks inherent on the identification and management of t.sk. measurement, evaluation, monitoring and reporting of risks. The substantial risks inherent authority to identify, manage, and control 29. the functioning of the institutions essential for the identification of the risks inherent in the institution regularly evaluates the risks may adversely affect the achievement of the objectives of the operation, t.sk. the planned financial results. The authority shall ensure that the relevant risks are used to identify appropriate quantitative and qualitative criteria, t.sk. stress testing, assessment results and conclusions are justified and documented and the evaluation according to the specificities of the institution are at least the following risks: 29.1. credit risk; 29.2. market risk; 29.3. the operational risk; 29.4. interest rate risk in the trading book; 29.5. liquidity risk; 29.6. risks arising from the concentration of exposures; 18.5. the remaining (residual risk) is the risk – the risk that the authorities used credit risk mitigation techniques turns out to be less effective than anticipated; 29.8. risks arising from transactions of the vērtspapirizēšan, if the authority in these dealings as investors participate, sponsor or sponsor; 29.9. other risks affecting the operation of the institution (for example, country risk, reputation risk, risk of the strategy). 30. the Risk that the body identified as essential to its activity, the authority shall develop, document and implement adequate risk management policies and procedures that determine: 30.1. risk measurement (the risks can be measured quantitatively, such as credit risk, market risk) and evaluation (non-identifiable risks, for example, reputation risk, risk of the strategy) method and regularity; 30.2. adequate risk control procedures, t.sk. in accordance with the Authority's risk strategy sets the maximum amount of risk limits and thresholds, risk control methods control procedures to mitigate risks quantitatively determined; 30.3. the procedures for the authorities of Council, the Executive Board, Director of risk and BU managers regularly receive information on the functioning of the institutions, their inherent risks and trends, the impact of the risk capital of the authority and sufficiency, as well as other decisions required information; 18.9. the risk management policy and procedure, t.sk. limit and limit, compliance control procedures; 5. the responsibilities, powers and responsibilities in the management of risk. 31. the authority for the relevant risks inherent in measuring, evaluation and oversight authority to its specificity and complexity of the activities of appropriate analytical methods, t.sk. stress testing, which the authority uses both essential risk and risk evaluation of our interaction. The authority shall document and report regularly to the analytical methods used and the nature of, as well as assumptions and estimates used. Authority, assessing the risks, should not unduly rely on quantitative methods and quantitative risk measurement always supplemented by qualitative assessment. 32. the authority periodically, but not less frequently than once a year, review and improve risk identification and management policies and procedures according to the changes in the activities of the authority and the Authority's activities in affecting external circumstances. The authority shall assess its compliance risk identification and management policies and procedures, the adequacy of policies and procedures and efficiency, as well as the suitability and effectiveness of the measures that the authority has taken to prevent these policies and procedures identified deficiencies. The introduction of new financial services policy 33. Authority shall develop, document and implement a new financial services policy, which States: 33.1. procedure and requirements to be met through the introduction of new financial products, starting to offer existing services new markets or making significant changes to the procedure for the provision of it; 33.2. the institutions give a new definition of financial services; 33.3. risk control functions and the role of the Director of the risk assessment of new financial products, compliance risk strategy and the impact on the institution's overall risk profile; 20.8. risk control functions and the role of the Director, a risk assessment of the Authority's policies, procedures, limits and limit risk containment methods, organization of training and the resources available to the authority and knowledge of and compliance with the new financial services; 33.5. activities the role of the compliance function by assessing whether the introduction of the new financial services authority will respect the eligibility rules, regulations and standards. Risk Director 34. Authority launches a working relationship with the Director or designate their risks, ensuring direct contacts with the Council. The responsibilities of the Director of the risk must not be included in the responsibilities associated with the operation of the control. Director of risk must have sufficient expertise, knowledge and skills your job duties. 35. the authority shall develop and document the procedures for initiating working relations with risk Director or his or her appointment and termination of the risk of the Director or his withdrawal from the post. The authority shall ensure that information concerning the launch of the risk Director or his or her appointment and for the termination of risk Director or his posts are public authorities of leaving home page on the internet (if any), and provide the Commission with information concerning the launch of the Director or his or her appointment, the grounds and on the termination of the risk of the Director or his reasons for his withdrawal no later than five working days from the commencement of the employment relationship with risk Director or his appointment and termination of Directors risk or she ceased to hold office. 36. the responsibilities of the Director of risks include: 36.1. comprehensive risk control functions; 36.2. the Authority's risk management system, monitoring and optimization; 36.3. the institutions strategy (t.sk.), a separate service (t.sk. development of new services or changes in the services offered by the authorities), the structure, the overall risk profile, as well as limit and limit the compliance risk for regular evaluation of the strategy and, in the case of non-compliance reporting on them to the Council of the authority, the Management Board and the relevant heads of Department; 36.4. the comprehensive and clear information on the institution's overall risk profile, all the relevant authorities of the risks and their compliance with the risk strategy for the provision of regular Council, the Management Board and the relevant heads of Department; 22.7. the Council of the authority, as well as the risk Committee of the Board (if any) and Board counselling and support institutions strategy (t.sk. risk strategy), as well as other risks associated with decision making. 37. the authority shall ensure that the Director is effectively the tasks necessary independence and authority, the appropriate place in the organisational structure of the authority and the opportunity to participate and express their views within their competence the institutions essential for the operation of the decision making. The risk Committee of the Board 38. the authority, given its scope, types, complexity and specificity, as well as the organisational structure, assess the risk of the establishment of the Committee of the Council's effectiveness. The risk Committee of the Council shall be responsible for the Council consultation with authorities risks of existing and future strategy and to assist the Council in monitoring its implementation. Regardless of whether or not the institution has established a risk Committee of the Council on the monitoring of the risk management authority in response to the full Council. 39. The Board risk Committee members may be appointed only members of the Council of the authority. The authority shall ensure that the risk of the Council members is a risk management strategy and the monitoring of the implementation of sufficient experience and knowledge. 40. the Council of a set of messages that it receives, the content, scope, format, and frequency. Title v capital adequacy assessment process 41. Capital adequacy assessment process is designed to ensure that the authorities in the capital, and the amount of the share is sufficient authority to the current and planned activities and possible risks inherent. Capital adequacy assessment process includes authorities planned the operation current and significant risk inherent to cover necessary capital, capital planning and risk capital sufficient to cover about constant maintenance. 42. The Authority shall establish, document, and implement effective and appropriate capital adequacy assessment process, policies and procedures that set: 42.1. the definition of capital, t.sk. capital structure and the elements of the calculation of the size of the order; 26.2. the methods used by the authority to determine the risk of each essential to cover the necessary capital and total capital required to cover all relevant risks of the institution as a whole, (hereinafter – the total required capital); 26.3. the methods used by the authority to maintain a permanent cover sufficient risk capital and meet its capital maintenance strategy in certain capital adequacy; 26.3. scenario analysis and stress testing procedures, regularity and assumptions used; 26.4. the responsibilities, powers and responsibilities of capital adequacy assessment process; 26.5. report on capital adequacy assessment process results in a procedure for the provision, which provides that the Council of the authority and the Board regularly receives information that allows you to assess the institution's capital adequacy, capital adequacy assessment process the main assumptions used in the sensitivity of (the impact on capital adequacy assessment process), current and planned activities to cover the risk inherent in the required capital levels, as well as other decisions required information; 26.5. capital adequacy assessment process regularity. 43. the body shall periodically, but not less frequently than once a year, review and improve capital adequacy assessment process policies and procedures according to the changes in the activities of the authority and the Authority's activities in affecting external circumstances. 44. Capital adequacy assessment process objectives of the institution uses the definition of capital, which it used for performance evaluation, risk management and other decisions about its current and planned activities. The authority may use different definitions of capital and capital calculation procedures than the activities of the authority in regulatory law and other statutory capital definition and calculation of the amount of equity. At the same time, the authority must be able to justify that the capital adequacy assessment process objectives apply capital definition provides that the authorities of the capital element and it is appropriate in terms of the proportion of the risks which this capital to cover expected. 45. the authority to determine its current regular and planned activities cover the essential inherent risk capital required for assessing the risks associated with the possible extent of damage. The authority shall ensure that the necessary capital assessment results and conclusions are justified and documented. 46. the risk capital required to cover the amount, the authority shall evaluate all its activity right essential risks, t.sk. risks, regulatory minimum capital requirements (credit risk, market risk and operational risk) and the risks that are not specific to the regulatory minimum capital requirements (such as interest rate risk non-trading portfolio), and assess the possible impact of external conditions on the activities of the authority. 47. The Risk that certain regulatory minimum capital requirements to cover the necessary capital for the establishment of the authority shall consider whether the regulatory minimum capital requirements shall ensure that the institution's capital is sufficient for all the risks associated with these potential losses. For this purpose, the authority according to the specificities of its activities assessed: 29.3. credit risk t.sk. analysing how the size of the credit risk affects: 47.1.1. exposure concentration (the authority for that purpose, for example, analyzes the following possible exposure concentration-requirements to one customer, claims against one of related customer group, customer requirements with respect to one sector or are carried out in one region, claims secured by collateral, etc. possible uniform concentration);
47.1.2. residual risk credit risk mitigation techniques use (for this purpose, the authority, for example, analyzes the situation, authorities could take over or in a timely manner to realize the pledged collateral; when the counterparty credit risk mitigation arising from third-party commitment to pay off the debt the borrower defaults in the event, the third party's waiver, or failure to perform its obligations, other contingencies which result in the authorities used credit risk mitigation techniques may prove less effective than originally expected); 47.1.3. with vērtspapirizēšan business risks if the authority vērtspapirizēšan transactions are participating as an investor, originator or sponsor (the authority for that purpose, for example, analyzes the risks arising from deficient in the case of the transfer of credit risk, risks arising from exposure to renewable vērtspapirizēšan, which includes early amortisation provision); 47.2. market risks, t.sk. analyse how the market affects the size of the risk concentration of exposures and how institutions market risk can be affected by changes to financial instruments market liquidity emergency market situations; 47.3. the operational risk, t.sk. assess whether the authorities calculate the regulatory capital requirements for operational risk shall reflect the objective of the institution's operational risk (for this purpose, can be useful, for example, in comparison with the other in size and activities of similar bodies); 29.5. other possible risk factors, such as if the institution capital requirements using internal models, it analyzes the stress test results, this model's constraints and assumptions used in patterns (for example, the correlation assumptions, assumptions about the effects of diversification, duration (duration) assumption) impact on capital requirement calculation results. 48. The risks that are not specific to the regulatory minimum capital requirements to cover the necessary capital for the establishment of the authority determines its potential losses that may arise following the substantial risk of its activity, t.sk. assess the potential losses from non-quantifiable risks. For this purpose, the authority according to the specificities of its activities are analysed: 29.9. interest rate risk in the trading book, not t.sk. in accordance with article 101.3 of the law of credit institutions of the Fifth Commission of stress testing results; 48.2. other institutions activity significant risks (such as country risk, liquidity risk, reputation risk, risk of the strategy). 49. in order to determine the amount of capital that is needed to cover probable losses, the authority which may arise, the external conditions affect the body according to the specificities of its operation analyzes the potential changes in eligibility rules, regulations and standards, in the political, economic and other conditions in the countries where the authority performs or intends to perform their activities, the institutions affecting sectors of activities, technological advances, the actions of competitors and other external factors that can lead to institution. 50. in order to determine the amount of capital required for the operation of the authority and the alleged inherent risk, in addition to the regulatory minimum capital requirements, the authority may use a scenario analysis, t.sk. stress testing, which allows you to identify any possible events or potential changes in market conditions that can have a negative impact on the institution's capital. 51. in order to determine the total required capital, the authority collects the individual risk to cover necessary capital discovery results. If the authority to cover the various risk capital required calculate use different assumptions (such as different confidence intervals, different holding period), the authority shall, in calculating the total capital needed, ensure the comparability of the results obtained. The authority shall ensure the total required capital discovery results documentation. 52. the authority determines the total capital needed, assessing its current and planned activities of the quintessential and the alleged risk to cover the necessary capital and capital adequacy maintenance plan, and ensures that the capital is always equal to or greater than the prescribed total required capital. (VI) section 53 of the accounting organization. the authority represents the accountancy system, accountancy bodies subject to the authorities of the control laws and other legislation, designing and documenting the accounting policy (as reflected in the various accounting transactions) and accounting, control, evaluation and reporting procedures. 54. the authority shall ensure that every day all the transactions are processed and at the end of each working day is up for balance. Section VII management information system 55. The Authority shall establish management information system, which enables you to understand and evaluate the Authority's financial position, effective decision-making and to assess their effects, as well as timely disclosure control procedures. The Council of the authority, Board, Committee, Department managers and executive staff must be available for timely accurate and appropriate information that is necessary for the performance of the duties of the positions and decisions. 56. the management information covers at least: 56.1. the Authority's current state and performance compared to previous periods and figures in the action plan; 56.2. assets, liabilities and off-balance-sheet items in the analysis, showing how they are evaluated; 56.3. income and expense analysis, t.sk. the dependence of various assets, liabilities and off-balance sheet items; 56.4. actual size of quantitative risk compliance risk strategy and comparison with restrictions and limits; 56.5. policies and procedures adopted by the failure and analysis. 57. The information system provides the timely provision of information to external users (annual report, report to the Commission, the Bank of Latvia, etc.) according to the laws in force and other legal requirements. Section VIII information system assets and protection 58. the authority shall develop and document the procedures of protection: 58.1. provides material and financial institutions active in conservation; 58.2. ensure tangible and financial assets, which are held on behalf of customers; 58.3. prevent unauthorised third parties directly and indirectly (through the document) access authority assets, accounting, electronic communications systems and other data; 58.4. ensure information systems safe and stable functioning and preservation of information (t.sk. information in emergency situations). Title IX institution Council functions internal control system 59. Authorities in the area, the Council monitors the Management Board of the authority provide the internal control system and effective functioning. Performing internal control system monitoring, the Council of the authority: 59.1. determines the Division of responsibilities among the members of the Council and of the procedure for the exchange of information between the Council and the Executive Board; 59.2. determines the obligations of the members of the Management Board remuneration and performance evaluation of the Board; 59.3. determine the institution's development strategy, t.sk. operational objectives, strategy and risk capital adequacy maintenance strategy, as well as monitor the implementation of the strategy; 59.4. determine the institution's corporate value and professional and ethical standards of conduct, approved by the conflict of interest situation management policy; 59.5. monitor the risk management authority, t.sk. confirm the risk identification and management policy, requires (acquired) information on the Authority's activities to the relevant size and risk management (t.sk. risks related to macroeconomic factors and the economic cycle), ensure that the authority be granted sufficient resources for managing the risk at least annually assess the effectiveness of risk management; 59.6. monitor the functioning of the authority inherent risks related to the essential asset valuation, credit rating agency assigned ratings to the application and the use of internal models; 59.7. fixed capital adequacy assessment process guidelines, t.sk. the definition of capital, the method used and the objectives approved by the capital adequacy assessment process; 59.8. compliance supervised the operation risk management authority, t.sk. approve the operational compliance risk management policy, at least once a year to assess compliance risk management effectiveness; 59.9. monitor the effective functioning of the management information system; 59.10. monitor, or risk control function, control of the conformity of the activities of the internal audit function and the function is well-defined, or these features is a good place in the organisational structure of the authority and a role in the process of managing the institution, they are provided with qualified staff and work effectively; 59.11. monitors the internal control system periodically according to the change in the development of the activities of the authority and the Authority's activities in external conditions affecting; 59.12. examine the internal audit, external auditor, as well as the Commission and the other institutions and the recommendations of the opinion to improve the operation of the authority and control of the open gap; 59.13. Approves the implementation of new financial services policy; 59.14. determine the message that it receives, the content, scope, format, and frequency; 79. ensure that regularly is performed (using internal or external resources) activities assessment are assessed collectively and members of the Council of individual performance, Committee activities, as well as the Council and the Board's internal rules and procedures; 59.16. ensure that, based on the actions of the Council of the results of the assessment, identify gaps in the work of the Council and appropriate measures taken to prevent it. Title x of the function of the Board of the Authority's internal control systems in field 60. The Management Board of the authority is responsible for the comprehensive internal control system, its implementation, management and development. Internal control system in the field of the Management Board of the authority: 60.1. determine the qualitative and quantitative objectives for each area of activity of the authority in accordance with the Council of the authority for development strategy; 60.2. determines the organisational structure of the authority; 60.3. ensure appropriate qualification authority employees and sufficient experience, provides professional conduct laid down by the Council and ethics standards, ensure the Council managing the situation of a conflict of interest policy and approve appropriate procedures; 60.4. ensure risk identification of the Authority's operation and management, t.sk. measurement, evaluation, monitoring and reporting of risks, implementing the Council risk identification and management policies, and approve appropriate procedures; 60.5. ensure regular assessment of capital adequacy and adequate capital maintenance under the Council capital adequacy assessment process policy and approve appropriate procedures; 60.6. ensure operational compliance risk management, the implementation of the Council's actions set a compliance risk management policy, and confirm the appropriate procedures; 60.7. fixed assets, liabilities, off-balance-sheet requirements and liability, revenue, and expense accounting and valuation principles; 60.8. the introduction and administration of the management information system covering all the activities of the authority; 60.9. provides institutions and information systems active protection; 60.10. ensure measures are taken to prevent internal control system deficiencies, which discovered the internal audit, external auditor, the Commission or the other institutions; 60.11. at least once a year the Council of the Authority gives an overview of the internal control system, the evaluation of its effectiveness and, if necessary, to propose changes to improve its efficiency, taking into account the changes in the activities of the authority and its action in affecting external circumstances; 60.12. the Council established a new financial services policy and approve appropriate procedures; 60.13. determine the message that it receives, the content, scope, format, and frequency. Section XI internal control function 61. To promote effective and comprehensive internal control systems in all areas of activity of the authority, the authority according to the specifics of its operations provides at least the following three internal control functions of the institution – risk control functions, operations, compliance and control functions of the internal audit function. 62. the authority shall ensure that the internal control function is independent of the institution, which they control, (hereinafter referred to as the controllable actions). Internal control function is considered independent of the controlled transactions, subject to the following conditions: 62.1. employees, performing internal control functions, responsibilities does not include responsibilities related to controlled activities; 62.2. internal control functions are separated from the controlled organisational activities and units that carry out internal control functions, the driver is institutional subject person, which is not at the unit that carried out the controlled activity; 38.7. departments, which carry out internal control functions, shall report to the Council of the Authority (or Board); 38.8. employees, performing internal control functions, the remuneration shall not depend on the results of controlled activities. 63. the authority shall ensure that the internal control functions are institutional separate from one another. 64. Derogations from this rule 62 and 63. principles listed in paragraph permissible, if the Authority develop and implement control procedures that ensure the interests of existing or potential conflict situation, and if it matches the size of the authority and the nature of the transaction. 65. the internal control functions To work effectively, the authority: 65.1. clearly define and document the business unit performing internal control functions, powers; 65.2. the distinction between the internal control functions of the daily transactions and control functions; 65.3. ensure the units carrying out internal control functions, free access to all documents, information, and employees; 65.4. the departments carrying out internal control functions, the power to control the activities of the authority, which are used to provide outsourcing services; 65.5. ensure the units carrying out internal control functions, effective functions sufficient resources, t.sk. appropriate staff with adequate training and professional experience to have reason to believe that they are capable of carrying out their duties, as well as ensuring ongoing training; 65.6. ensure the units carrying out internal control functions, direct contacts with the Council and the Executive Board. Risk control function 66. Risk control functions is the Mission of the institution's risk management system, t.sk. appropriate risk management policy and procedures development and implementation. 67. the authority for the control of the risk function is organized according to the size and nature of its activities, putting the risk control function for one or more organizational units (hereinafter individually or all together – risk control unit) and ensuring that the risk-control unit responsibilities and role is documented and is designated as the authority responsible for the control of risks. 68. Risk Control Department responsibilities include: 68.1. all institutions essential for the functioning and interaction between risk identification, measurement and the risk management policy and procedure development, as well as the active participation of the authorities risk strategy and essential to the management of risk decision making; 68.2. the risk management policy and procedure t.sk. limit and limit, compliance control; 68.3. risk management policy and procedures review and development of a regular basis to ensure their relevance and consistency with the changes in the activities of the authority and the Authority's activities in affecting external circumstances. 69. Risk Control Unit regularly provide reports to the Council, the Management Board of the authority, the risk Committee and the Council of the appropriate department heads, which contain information on the activities of the authority inherent risks that Council, the Management Board of the authority and the relevant heads of Department allows you to constantly assess the risks that affect the body's ability to achieve its objectives, and, if necessary, to decide on appropriate corrective measures are taken. Control of the conformity of the activities of the compliance function 70. control functions primarily for compliance risk identification, assessment and management. By complying with these rules of risk is the risk that losses may occur to the authority or it may be legal obligations imposed on, or it may be subject to sanctions or may degrade its reputation as an institution fails to comply with or violate the compliance rules, regulations and standards. 71. the institution is complying with the control function is organized according to the size and nature of its activities, putting control of the conformity of the activities function for one or more organizational units (hereinafter individually or all together-the transaction compliance control unit) and ensuring that the control of the conformity of the activities of the responsibilities and role of the unit is documented and the institution is designated as responsible for the operational control of compliance officers. 72. The Management Board of the authority, in cooperation with the control of the conformity of the activities of the Department: 72.1. at least once a year and evaluate the most important identified compliance issues and develop plans to avoid them; 72.2. at least once a year a statement of the Council on the activities of the authority with the compliance risks, including information to enable the Council to assess the performance of the Authority's compliance risk management effectiveness; 72.3. immediately notify the Authority Council on significant compliance problems, which may occur to the authority or it may be legal obligations imposed on, or it may be subject to sanctions or may degrade its reputation. 73. the control of the conformity of the duties of the Department include the following: 73.1. operating compliance risk identification, evaluation, documentation and t.sk. provided that before a new operation (t.sk. before new financial services, procedures in place before the new client or partner approval) is identified with the transaction related activities compliance risks and assess whether, by doing this, the authority will respect the eligibility rules, regulations and standards; 73.2. operating compliance risk management policy and procedure development and documentation, t.sk. the development of appropriate procedures to ensure that compliance with the laws, regulations and standards are observed by all staff of the institution; 73.3. the compliance risk management policies and procedures; 45.6. the compliance risk management policies and procedures for the regular review and improvement to ensure the topicality and relevance of changes in the activities of the authority and the Authority's activities in external conditions affecting; 73.5. authorities informing the Governing Board of the institution, the risk of compliance activities compliance issues, desired and the measures taken to prevent these problems, compliance with laws, regulations, and standards and changes; 73.6. conformity of possible changes to the laws, regulations and standards in effect on the activities of the authority; 45.8. providing advice and support to institutions to ensure that they do their job duties in compliance with the laws, regulations and standards. 74. the conformity control unit operating under the authority of the Council or the Executive Board approved the work plan, which reflects the current period operations. Internal audit function the internal audit function 75. 's mission is to make the internal control system of independent monitoring, as well as the adequacy and effectiveness of the assessment to help authorities Council, Board and department managers to carry out its functions more effectively. 76. The Department carrying out the internal audit function (hereinafter internal audit) responsibilities include: 76.1. efficiency of the Authority's operation and evaluation of results; 76.2. all activities of the authority and relevance of the activities of the Department of strategy, plans, policies and procedures; 76.3. institution's capital adequacy assessment process inspection, t.sk. its efficiency, completeness and conformity assessment for the operation of the authority; 76.4. risk control functions and operational control of the conformity evaluation of the effectiveness of the function; 76.5. accounting system; 47.6. evaluation of information systems; 47.7. internal control operating procedures; 76.8. financial information reliability and full check, as well as the means test, by which this information is identified, measured, classified and provided; 76.9. special inspections and investigations. 77. The internal audit manager's appointment and removal from Office of the order ensures that the internal audit manager in decision-making and action is independent of the institution's Board and is clearly the responsibilities, authority and reporting procedures. 78. the internal audit activities carried out in accordance with the action plan laid down by the Council, which represents: 78.1. during the period under scope, inspection checks the regularity and necessary resources; 78.2. risk identification and assessment methods the test areas of activity, as well as risk control procedures evaluation criteria; 78.3. test results documentation requirements; 78.4. the order in which results are to be provided to the Council and the Executive Board, the implementation of the recommendations of the inspection procedure. 79. the internal audit shall prepare a report on the results of each inspection reveals facts and internal control system deficiencies, policy and procedure violations, does not sufficiently identify or manage risks and provide recommendations to address the public. Internal audit provides the results of each inspection carried out in fact, opinion and recommendations of the consultation on the appropriate management level, as well as following the recommendation of the internal audit. Internal audit, at least once a year, prepare a report on the checks carried out and the major problems facing, expressing views on the effectiveness of the internal control system. Title XII final issues 80. Rules recommended to apply them in the Republic of Latvia registered investment brokerage firms that do not apply to capital adequacy regulatory requirements in accordance with the financial instruments market law and article 121, 119.1 in Latvia registered credit unions, insurers, insurance brokerage firms, private pension funds, payment institutions, electronic money institutions, regulated market organizers and Latvian Central Depositary, in so far as the rules apply to them. 81. With the entry into force of these regulations shall lapse, Commission Regulation No 63 02.05.2007. "internal control system". 82. the authority shall ensure that this rule 11.3., 12.,.,., 21.4 21.3 24, 25, 26, 27, 29, 30.2, 30.3, 31, 33, 34, 35, 36, 37, 38, 39, 40, 55, 56.4, 59.3 59.5, 59.6.,.,.,., 59.13 59.14 59.15.,.,., 59.16 60.12 60.13.,.,., 69 68.1 65.5 and 76.2 in requirements are enforced not later than 01.01.2013.01.01.2015.83. Commission to review this rule 25 and decide on the need to impose additional requirements. Informative reference to European Union directives and other international documents the rules included provisions resulting from: 1) European Parliament and Council Directive 2006/48/EC relating to the taking up and pursuit of the business of credit institutions; 2) European Parliament and Council Directive 2006/49/EC on the capital adequacy of investment firms and credit institutions; 3) European Parliament and Council Directive 2004/39/EC on markets in financial instruments; 4) European Commission Directive 2006/73/EC of the European Parliament and of the Council Directive 2004/39/EC as regards organisational requirements and operating conditions for investment firms and defined terms for the purposes of that directive; 5) Basel Committee document "principles for improving corporate governance" ("principles for enhancing corporate governance", October 2010); 6) the European banking authority document ' European banking authority internal management guidelines "(" EBA guidelines on Internal governance (GL44) ", the September 2011). Financial and capital market Commission President k. Zakuli States