Ukraine's National Bank updates internal audit requirements for insurance, payment, credit union markets

The National Bank of Ukraine (NBU) has updated requirements for internal audit in the insurance, payment, and credit union markets in order to implement the Global Internal Audit Standards.

According to the NBU's website, the changes provide, in particular, that the annual internal audit plan may be revised in the event of significant changes in the activities of a non-bank financial services provider, as defined in its internal documents.

In addition, participants in these markets are required to ensure the effective performance of the internal audit function in compliance with the Global Internal Audit Standards, and the annual budget of the relevant unit may be included in the company's overall budget.

According to the information provided, the responsibilities of the internal audit unit have been expanded. In particular, it must develop and submit proposals for its annual budget, assess the availability of sufficient resources to implement the annual audit plan, and evaluate the effectiveness of internal audit activities in compliance with the Global Internal Audit Standards. Its responsibilities also include ensuring continuity and ongoing professional development of the chief internal auditor and internal auditors, as well as their training to improve the effectiveness of internal audit. A non-bank financial services provider is required to create conditions for the continuous professional development of these employees and to introduce a system for mandatory documentation of the results of their training.

Participants in the relevant markets are also required to develop, in accordance with the Global Internal Audit Standards, an internal audit strategy, procedures and processes for organizing and conducting internal audit activities, as well as criteria for determining significant changes in the operations of a non-bank financial services provider.

In addition, for responsible actuaries of insurers, the deadline for preparing interim (quarterly) actuarial reports has been extended to 45 days after the reporting date. The regulation on the procedure for insurers' accounting of contracts related to insurance activities and on information security requirements has also been updated to clarify the requirements for recording technical reserves under life insurance contracts in insurers' information systems.

Furthermore, with regard to payment service providers, the amendments additionally introduce a prohibition on the chief compliance officer holding any other positions or performing any other duties (except for combining the role with that of the person responsible for financial monitoring at a financial payment service provider).

To comply with the updated requirements, a transition period is предусмотрен for organizing internal audit at non-bank financial services providers until September 30, 2026, and for organizing the compliance function at payment service providers until May 31, 2026.

The information specifies that the amendments will enter into force on December 27, 2025.