Financial Institutions (Internal Control Systems) Regulations 2000

Number of SL: 
Date of promulgation: 
28 December 2000


LEGAL NOTICE NO. 198 of 2000

Financial Institutions (Internal Control Systems) Regulations 2000

In excercise of the powers conferred upon the Commissioner of Financial Institutions by section 71 of the Financial Institutions Act 19991, The Commissioner hereby makes the following regulations —


Citation and Commencement

1.                  These Regulations may be cited as the Financial Institutions (Internal Control Systems) Regulations 2000 and shall come into operation on the date of publications in the Gazette.


2.                  In these Regulations, unless the contex otherwise requires —

(a)                            “Board of Directors” means the Board of Directors of a financial


(b)                           “Senior Management” means the principal officers of a financial

institution; and

(c)                          other words used have the same meanings assigned to them in the principal law.

(d)                         to require financial institutions to establish and maintain a system of strong internal controls which shall serve as a foundation for their safe and sound operation; and


3.                  These Regulations are meant to:-

(a)                          require financial institutions to establish and maintain a system of strong internal controls which shall serve as a foundation for their safe and sound operation; and

(b)                         provide a useful framework for evaluating a financial institution’s internal control systems.


4.                   These Regulations shall apply to all financial institutions in Lesotho.



Internal control framework

5.                  The Board of Directors shall ensure that an adequate and effective system of

internal conrtols is established and maintained.

Essential elements of a sound internal control system

6.                  A licensed financial institution’s internal controls system shall include as a

minimum —

(a)                         risk recognition and assessment;

(b)                        controls activities such as top reviews, activity controls, physical controls, exposure limits, approvals and authorisation and verifications and reconciliations;

(c)                         appropriate segregation of conflicting duties and responsibilities;

(d)                        adequate and comprehensive internal financial, operational and compliance data, as well as external market information;

(e)                         reliable management information systems which shall be secure, monitored independently and supported by adequate contingency arrangements;

(f)                           effective channels of communication — upward, downward and across the organisation; and

(g)                        continuous monitoring and evaluation of the effectiveness of the internal control system.

Board of Directors’ responsibilities

7.                  The Board of Directors shall include in its activities—

(a)                         periodic discussions with management concerning the effectiveness of the internal control system;

(b)                        a timely review of evaluations of internal controls made by management, internal auditors and external auditors;

(c)                         periodic efforts to ensure that management has promptly followed up on recommendations and concerns expressed by auditors or the Central Bank on internal control weaknesses; and

(d)                 a periodic review of the appropriateness of the financial institution’s

strategy and risk limits.

Audit Committee

8.                 The Audit Committee which is required to be established under section 38 of the Financial Institutions Act 1999 and whose functions are defined under section 39 of the same Act shall comprise of members who have knowledge of financial reporting and internal control.

Senior Management

9.                  Senior Management shall have responsibility for—

(a)                           implementing strategies and policies approved by the Board;

(b)                       developing processes that identify, measure, monitor and control risk incurred by the financial institution;

(c)                        maintaining an organisational structure that clearly assigns responsibility, authority and reporting relationships;

(d)                         ensuring that delegated responsibilities are effectively carried out;

(e)                           setting appropriate internal control policies; and

(f)                            monitoring the adequacy and effectiveness of the internal control system.

Control culture

10.                 The Board of Directors and Senior Management are responsible for promoting high ethical and integrity standards, and for establishing a culture within the organisation that emphasises and demonstrates to all levels of personnel the importance of internal controls.

Internal Audit

11.                  (1) A licensed financial institution shall establish an effective and comprehensive internal audit of the internal control system carried out by operationally independent, appropriately trained and competent staff.

(2)                   The internal audit function, as part of the monitoring of the system of internal controls, shall report directly to the Board of Directors or its Audit Committee, and to Senior Management.

(3)                   An annual audit programme shall be prepared indicating audit scope and procedures and the timetable for conducting the audit.

Internal control deficiencies

12.           (1) Internal control deficiencies, whether identified by business line, internal audit, or other control personnel, shall be reported in a timely manner to the appropriate management level and addressed promptly.

(2) Material internal control deficiencies shall be reported to Senior Management and the Board of directors.

Frauds and losses

13.                  (1) Financial institutions shall report to the Central Bank, within 30 days from quarter-end, a list of actual and attempted frauds and losses using the form set out in the Schedule.

(2) The Central Bank may convene a meeting to discuss rampant cases of fraud and losses for purposes of sharing experiences and taking preventive measures.



Failure to comply

14.                 If a financial institution fails to comply with these Regulations in a flagrant manner which results or threatens to result in an unsafe and unsound operation, the Central Bank may pursue any remedial measures at its disposal, including requiring the financial institution to take any or all of the following measures —

(a)                         the infusion of additional capital to absorb potential losses;

(b)                        suspend lending, investment or deposit-taking operations;

(c)                          restrict declaration or payment of dividends or remittance of profits; and

(d)                        prohibit payment of bonuses, salary incentives, management fees or other discretionary compensation to directors or officers.


15.                 The Financial Institutions (Internal Control Systems) Regulations 2000[i]are repealed.

S.  M. Swaray Government, Central Bank of Lesotho


(Name of Financial Institution)

For quarter ending ................

(Amounts to the nearest thousand)





Persons involved




Brief Description of Fraud/Loss



I.              Actual

II. Attempted

Certified Correct:

Text Box: PositionText Box: DateName                          Signature

i        Act  No. 6 of 1999

[i]         L.N. No. 132 of 2000