Financial stability, the development of a risk culture in banks, and personalized supervision are the key goals of the Central Bank of Uzbekistan in transforming its regulatory system. This was stated by Nigora Begmatova, Head of the Risk Management Department of the Central Bank, during the conference «Current State and Prospects of Risk Management, Compliance Control, and Internal Audit in Companies and Banks of the Republic of Uzbekistan» held on June 25, 2025. The event was organized by Orient Finans Bank. According to the regulator, the Central Bank will assess the risk profiles of all banks in 2025, and banks must begin preparing for this.
Evolution of Supervision
The supervisory approach of the Central Bank of Uzbekistan has undergone several significant stages. Since 2018, the country has been transitioning to a risk-based approach. This shift followed a deep self-assessment of the Central Bank’s supervisory practices in line with Basel principles, the identification of deficiencies, and the development of a long-term action plan.
«Today, we tell banks: lend, offer banking services — but assess your risks and build the right strategy,» the CBU representative emphasised.
A major confirmation of the success of this work was Uzbekistan’s financial system assessment in 2024. According to preliminary data, the country performed very well for its first assessment, Begmatova noted. In her view, this achievement reflects the joint efforts of the regulator and the banking community.
An Individual Approach to Each Bank
The primary goal of risk-based supervision is to ensure financial stability. While uniform requirements previously applied to all banks regardless of size, the CBU now uses a differentiated approach. Systemically important banks are subject to tighter control, while smaller, newer banks are given more freedom and require fewer supervisory resources.
The inspection format has also changed significantly. Instead of large, complex reviews every three years, the Central Bank now uses a targeted supervisory approach. In 2022, risk profile assessments were piloted in four banks; last year, the 16 largest banks were reviewed. This year, all banks will undergo a risk profile assessment. Based on the results, the regulator sends a letter to the bank’s board outlining a supervisory action plan, including whether a full or partial inspection will take place.
Risk Appetite Must Align With Bank Strategy
«We must develop risk appetite in a way that aligns with our strategic goals,» the speaker emphasised. «Sometimes I see that a bank sets a goal to grow its loan portfolio by 40%, even though its current capital adequacy ratio is only 13.5% (the minimum requirement is 13%). I ask: how are you going to achieve such growth without enough capital?»
She added that in some cases, banks with liquidity problems still indicate in their risk appetite statements a planned 25% growth in loan portfolios.
«We want a bank’s risk appetite and risk management system to genuinely take such parameters into account and manage capital, including during crisis situations. A well-structured risk management system must already have a clear crisis response plan in place,» she stressed.
«Many colleagues ask why the current regulatory requirements don’t yet include ICAP or ILAAP components. We’re working on it now — including climate risk requirements. We’ll present the new draft regulations very soon. Some banks have already started preparing, and we want others to begin evaluating their risks with future rules in mind,» she explained.
Risk Appetite Breaches Often Ignored
«As my colleague shared, when a risk appetite indicator enters the ‘red zone,’ he immediately informs the bank’s board: ‘We have a capital issue, we must stop lending.’ But he hears in response: ‘We can’t stop disbursing loans.”
Such situations are not uncommon. Even though bank boards receive risk-related warnings, they often fail to respond appropriately.
“We ask banks: ‘You’re in the red zone — what did you do?’ They answer: ‘We informed the kengash (board of directors).’ But no actual reaction from the kengash follows,» the CBU representative noted.
«That’s why we emphasize corporate governance and risk management culture. It’s one of our key supervisory priorities. When assessing a bank’s risk profile, we will thoroughly analyze this aspect.»
Risk Management: If You Can Measure It, You Can Manage It
«Identification, assessment, and monitoring of risks form the core of effective risk management. As the management classic says: ‘If you can measure it, you can manage it.’ Bank operations are risk management by nature — risks are unavoidable. They must be managed. We must anticipate them and stay one step ahead,» the speaker stressed.
«The regulator expects risk management systems to be one step ahead of the risk. Moreover, a clear organisational structure based on the ‘three lines of defence model is vital. We want to see:
- Clearly defined responsibilities,
An effective second line (risk management and compliance),
An independent internal audit function as the third line.
Conflicts of interest must also be avoided. Without complete reporting and systemic information sharing, risk management is impossible,» the representative said.
Reporting and Stress Testing Requirements
According to her, today’s risk reports submitted by banks to the regulator and management are often limited to listing metrics, without analysis of risk management actions.
«In the quarterly reports we receive, there’s usually info on loan growth and liquidity — but no details on what actions are taken to manage risks. Meaningful stress testing is also almost entirely absent,» she emphasized.
«We don’t require all banks to conduct full-scale stress tests — that’s resource-intensive. But at least scenario-based analysis using current economic models is essential. It’s also important to report violations promptly and inform the regulator,» she added.
Risk Management Policy Must Be Tailored
The regulator insists that a bank’s risk management policy and strategy must be tailored to its individual business model and risk profile.
«Banks often ask: ‘Can you share a sample strategy from another bank?’ But strategy is not a universal template. It must be developed individually. The strategy of a large state-owned bank won’t fit a private one, because they may have completely different goals.»
Kursiv Uzbekistan also reports that Ravshan Kadirov, CFO of InfinBank, emphasised that the more seriously banks treat risk management, the faster the Central Bank will fully transition to a risk-based regulatory approach, one that reflects each bank’s unique risk profile.
Such a system will rely on asset quality assessments, non-performing loan (NPL) ratios, reserves, and the overall financial condition, which, according to Kadirov, will lead to a fair regulatory model.
