INSIGHT

SBV Circular 83/2025: What It Means for Operational Governance in Banks

20 June 202610 min readGovernance, Compliance, Vietnam

By Blitz Financial Crime & Compliance Team — Regulatory Insights, Blitz

Executive summary

Circular 83/2025/TT-NHNN, issued by the State Bank of Vietnam on 31 December 2025, sets detailed requirements for the internal control system of commercial banks and foreign bank branches in Vietnam. It takes effect on 1 July 2026, with certain requirements phased in by 1 January 2028.

The emphasis has shifted from documenting policies to demonstrating that controls work in practice — with clear accountability across three independent lines of defense, and traceability of decisions across people, systems, and AI-assisted processes.

This Insight explains the key themes of the Circular, the operational challenges banks may face, and how institutions can translate these expectations into consistent, auditable practice.

What is SBV Circular 83/2025?

Issued by the State Bank of Vietnam on 31 December 2025, Circular 83/2025/TT-NHNN provides detailed guidance on internal control systems for banks. It applies to commercial banks and branches of foreign banks operating in Vietnam.

The Circular builds on international standards and local regulatory requirements, emphasising sound governance, clear accountability, and effective risk management. It is organised into five chapters — general provisions, control activities, risk management, internal audit, and implementation — covering credit, market, operational, liquidity, concentration, interest-rate, and model risk, alongside internal capital adequacy assessment.

It takes effect on 1 July 2026. A small number of requirements — including risk data management (Article 24), stress testing (Article 23), and model risk management (Articles 56–58) — are phased in, with full compliance required by 1 January 2028.

Why it matters now

Stronger regulatory expectations

The Circular raises the bar for governance quality, operational controls, and accountability — proportionate to each bank’s scale and complexity.

Focus on execution over documentation

Banks are expected to demonstrate that controls work in practice, not just on paper.

Board and senior management accountability

Clear responsibilities, independent oversight, and escalation pathways are central.

Auditability and traceability

Decisions, actions, and approvals must be traceable, reviewable, and well-documented.

Key governance expectations under Circular 83/2025

The Circular covers a broad set of requirements. The table below highlights the key themes most relevant to day-to-day operations.

Key requirement themesWhat the Circular expects
Three lines of defenseClear roles, responsibilities, and independence across the first line (business), second line (risk & compliance), and third line (internal audit).
Segregation of duties & authority delegationAppropriate segregation of duties and well-defined authority matrices, with regular review and documentation.
Independent review and oversightIndependent reviews by control functions and internal audit, with findings reported to senior management and the Board.
Conflict-of-interest preventionPolicies and processes to identify, manage, and prevent conflicts of interest in decision-making.
Risk management & internal control systemProactive identification, measurement, monitoring, and mitigation of risks through an effective internal control system.
Auditability & record retentionComplete, accurate, and timely records of decisions, approvals, and actions, retained for audit and regulatory review.
Human accountability in technology and AI-assisted processesHumans remain accountable for decisions; automation and models are used with clear controls, monitoring, and explainability.

The Circular emphasises that banks, not systems, are responsible for compliance. Technology is an enabler, but governance, people, and processes remain at the core.

Operational challenges for banks

Siloed systems and data

Fragmented data and tools make it difficult to get a complete view and maintain consistent controls.

Manual and inconsistent processes

High reliance on manual hand-offs increases the risk of error and inconsistent outcomes.

Limited end-to-end visibility

Lack of real-time visibility into cases, decisions, and control performance.

Evidence and audit gaps

Incomplete logs and documentation make it hard to demonstrate compliance and accountability.

From expectation to practice

The hardest part of Circular 83/2025 is not understanding the requirements. It is operationalising them consistently, day after day, across many people and systems.

Detection and policy are necessary but not sufficient. What supervisors increasingly examine is how a decision was reached, who was responsible, and whether similar cases were handled the same way.

Translating the Circular into practice means embedding governance into the flow of work — how investigations and approvals are assigned, reviewed, escalated, and recorded — so that consistency and traceability are produced as a by-product of normal operations, not reconstructed after the fact.

Questions banks should ask

A useful way to test readiness is to ask whether the institution could clearly answer the following, for any case, on any day.

  1. Can we demonstrate who made a decision, under what authority, and on what evidence?
  2. Are similar cases handled consistently across teams, locations, and time?
  3. When a model or automated tool informs a decision, can we show how its output was reviewed and, where overridden, why?
  4. Are findings from the second and third lines of defense tracked through to resolution?
  5. Could we reconstruct the full history of a decision if a supervisor asked tomorrow?

How technology can help

Technology cannot take responsibility for compliance — but it can make consistent, accountable execution far easier to achieve and to evidence.

The opportunity is to apply governance to the flow of work: consistent case assignment, clear authority, structured review and escalation, and a complete and auditable record of governed decisions and actions.

For model-driven and AI-assisted processes, Circular 83/2025 expects human accountability and explainability — including managing how model outputs are used, reviewed, and, where overridden, documented (Article 56). The goal is not to replace human judgement, but to govern it.

Blitz works alongside a bank’s existing systems. StewardX governs how investigations are assigned, reviewed, escalated, and documented — preserving institutional policies, authority, and human judgement.

Next steps

  • Map current internal-control practices against the Circular’s three-lines-of-defense and accountability expectations.
  • Identify where consistency and traceability today depend on manual effort or individual judgement.
  • Prioritise the gaps that would be hardest to evidence under supervisory review.
  • Plan ahead for the phased requirements — risk data management and model risk management — that apply by 1 January 2028.
Contact an expertAll insights