What tasks does the Sectoral Information Security Center implement?

To combat dropper schemes, a centralized system for recording suspicious clients has been established. The system is operated by the Anti-Fraud Center of the National Bank, which receives information from banks, payment organizations, telecommunications operators, and law enforcement agencies. The system maintains two categories of records: the gray list and the black list of droppers. The gray list includes clients whose transactions have been identified as suspicious. Inclusion in this list does not constitute a confirmed violation but serves as a signal to financial institutions and regulators that a client’s account or payment card may have been used in a dropper scheme. The black list includes clients whose involvement in illegal transactions has been confirmed by law enforcement authorities. In such cases, the unlawful activity has been established. When signs of dropper activity are detected, a bank must immediately suspend remote banking services, block debit transactions on the account, and report the case to the Anti-Fraud Center. The information is then made available to other banks and microfinance organizations. The gray and black lists of droppers are not publicly disclosed because they contain personal data and are used solely for official purposes. This approach ensures the protection of personal data and citizens’ rig

For the remote issuance and reissuance of bank cards, financial institutions are required to use two-factor authentication, including biometric identification. Bank cards may only be linked to Kazakhstan-registered mobile phone numbers, which reduces the risk of using foreign SIM cards in fraudulent schemes. In addition, limits have been introduced on the number of bank cards that may be issued to a single client: no more than five cards per client per bank; no more than ten cards per client across all banks; for high-risk non-resident clients — no more than one card for a period of up to 12 months. These measures are intended to prevent the mass issuance of bank cards to a single individual for use in illegal financial schemes. The relevant amendments were introduced by Resolution No. 56 of the Management Board of the Agency of the Republic of Kazakhstan for Regulation and Development of the Financial Market dated 16 August 2024, approving the Rules for Biometric Identification by Banks, Organizations Providing Certain Types of Banking Services, and Microfinance Organizations.

“Dropping” refers to the illegal provision, transfer, or use of access to a bank account, payment instrument, or identification tool, as well as the execution of unauthorized payments or money transfers, including on behalf of third parties, in exchange for financial compensation. This practice is a key component of online fraud schemes and is commonly used to cash out or transfer stolen funds. Effective 16 July 2025, Article 232-1 of the Criminal Code of the Republic of Kazakhstan was introduced. Under this article, the illegal transfer of a bank card or bank account is punishable by a fine of up to 160 monthly calculation indices (MCI) or restriction of liberty or imprisonment for a term of up to three years. At the same time, transferring a bank card to close relatives (for example, a spouse or children) is not prohibited. However, in response to the growing number of dropping cases, additional regulatory measures have been introduced to strengthen requirements for the use of bank cards.

Since 2017, the Agency has pursued a regulatory policy aimed at strengthening oversight of collection activities, improving the functioning of the debt collection market, and reducing unfair collection practices. Since 2017, the following regulatory measures have been introduced: stricter requirements for interactions between collection agencies and debtors; the introduction of minimum capital requirements, with subsequent increases, as well as qualification requirements for senior management; restrictions on the provision of services to affiliated creditors; a prohibition on affiliation between collection agencies and private bailiffs involved in debt collection. In 2024, legislation introduced a ban on the assignment of microloans issued to individuals for non-business purposes to collection agencies. Starting from July 2025 , to increase the accountability of collection agencies and prevent violations, fines for violations of the rules governing collection activities and for unfair practices will be doubled.

Yes. Under subparagraph 7) of paragraph 1 of Article 16 of the Law on Collection Activities, a debtor and/or their representative has the right to independently record interactions with employees of a collection agency using audio and/or video recording equipment.

Under Article 5 of the Law on Collection Activities, employees of collection agencies are prohibited from engaging in unfair practices when interacting with debtors or third parties. Such practices include threats, insults, blackmail, misrepresentation, and the disclosure of commercial or other legally protected confidential information. To prevent unfair practices in debt collection, the Agency conducts ongoing supervision of collection agencies and takes appropriate supervisory measures when violations are identified.

Starting 1 October 2024, collection agencies are required to review requests from debtors for changes to debt repayment terms, including restructuring, reduction or waiver of fines and penalties, as well as full or partial debt forgiveness. Requests for debt settlement are considered by collection agencies on a case-by-case basis. Priority is generally given to individual borrowers experiencing financial hardship who can demonstrate a decline in income.

A payment deferment may be granted to borrowers belonging to socially vulnerable groups or those affected by emergency situations for a period of at least three months. To apply for a deferment, a borrower must submit a request to amend the terms of the microloan agreement, together with documents confirming the circumstances that caused the borrower’s inability to meet repayment obligations, as well as information on income (for example, illness, loss of employment, or an emergency situation). The following documents may be required: 1) a certificate confirming registration as unemployed and/or a certificate of the borrower’s income for the last six months issued by the employer, or a statement showing the borrower’s income and cash flows; 2) an employer’s order terminating the employment contract, granting unpaid leave, or a certificate of temporary disability; 3) a certificate of employment indicating the amount of salary and an extract from the Unified Accumulative Pension Fund; 4) a document confirming that the borrower is on pregnancy and maternity leave, leave related to the adoption of a newborn child, or unpaid parental leave until the child reaches three years of age; 5) a certificate of temporary disability confirming the illness of the borrower’s close relatives or spouse, or a death certificate of the borrower’s close relatives or spouse; 6) a notarized lease agreement specifying the rental payment terms and deadlines; 7) documents confirming material damage suffered by the borrower as a result of an accident or unlawful actions of third parties (for example, theft of goods in circulation or other property used for business activities); 8) official documents confirming the occurrence of force majeure events; 9) a disability certificate; 10) a decision of an authorized state body to seize the borrower’s accounts; 11) a collection order; 12) court decisions; 13) other documents confirming the deterioration of the borrower’s financial situation. If the borrower submits incomplete documentation or information, the microcredit organization may request additional documents confirming the reasons for the payment delay.