Risk Criticality Assessment

Ongoing development of the risk management system is crucial for timely identification and assessment of risks, and for efficient operation of the instruments developed to manage them. The bank annually identifies and assesses risks inherent in its activities.

Criticality tests result in the bank’s risk map, serving as the basis for qualifying particular types of risk as critical to the bank. The risk map grades the bank’s risks. The aggregated value of any risks is calculated as the sum of points given by an expert.

Classification of identified risks by their criticality is based on a two-factor assessment:

  • potential damage;
  • probability (forecasted frequency of risk events).

Each factor is scored 1 to 3 points by surveying experts from subdivisions responsible for taking and managing the bank’s risks. Critical risks are those scoring 4 or higher on the two criticality factors taken together.

1. Concentration risk scored:
  • 5 points in case of considerable exposures to one counterparty or group of counterparties;
  • 4 points in case of:
    • credit exposures to counterparties from one sector of economy (involved in same business activity or selling same goods and services);
    • the Bank’s dependence on specific liquidity sources;
    • credit risk mitigation efforts (indirect concentration risk from taking identical types of collateral or independent guarantees issued by one counterparty).
  • 3 points in case of:
    • considerable investments in instruments belonging to same type or sensitive to same factors;
    • the Bank’s dependence on specific types of income.
  • 2 points in case of:
    • credit exposures nominated in same currency;
    • credit exposures to counterparties based in same geographical area.

Changes in the Risk Profile Compared to 2019:

Motivational and emergency support risks were added to the long list of the most common (characteristic) risk types and subtypes inherent in the bank’s operations; technological risk was qualified as a part of operational risk.

The annual identification procedure (whose results were approved by the Supervisory Board) did not lead to any changes to the list of critical risk types for 2020 compared to that for 2019. Other risks inherent in the bank’s business, including singular risks, are not critical for it because they did not receive, pursuant to its internal methodology, scores implying material impact on the bank.

The bank at least annually deploys an action plan to identify risks and test them for criticality.

According to its risk map, the bank qualifies as critical the following risk types:

Credit Risk (incl. Risk of Default and Counterparty Credit Risk)

Credit risk is the main risk to which the bank is exposed given the nature of its business and balance-sheet structure. The source of this type of risk is the bank’s exposure to losses due to non-performance, late or partial performance by a debtor of its obligations to the bank under existing agreements and to consequences of a deteriorated condition of its borrowers, counterparties or securities issuers. A deteriorated condition means a deterioration both in their financial condition and of other quantitative and qualitative indicators (business reputation, positions among competitors, sector indicators, state of the regional economy, etc.), i.e. all factors that can affect a borrower’s, counterparty’s or security issuer’s solvency.

The credit risk includes:

  1. Credit risk of default ​means the probability of the bank suffering any losses due to a debtor defaulting on its contractual obligations to the bank, or any impact from a deteriorated condition of a borrower, counterparty or securities issuer.
  2. Counterparty credit risk, i.e. the risk that a counterparty fails to perform its contractual obligations before the relevant transactions are finally settled. Such operations are not made without prior evaluation of counterparties’ financial condition and probability of counterparty credit risk events both before the settlement is over and while it is underway.

The Bank has in-house models to quantify the probability of default and other credit risk components used to estimate expected losses, required economic capital and risk-weighted assets. The Bank creates provisions for its lending operations in line with the risk it assumes, strictly as recommended or required by the Bank of Russia.

Credit risk is measured using an evaluation system involving analysis of counterparty-specific risk factors based on type and nature of business. Credit risk is limited (controlled) by means of a multi-level system of limits applicable to individual counterparties/exposures and to portfolios of exposures grouped by a certain attribute (sector limits, limits by activities and types of financing, limits on concentration of largest borrowers, etc.).

In order to reduce credit risk, the bank limits the total amount of credit risk per borrower (group of related borrowers). All lending limit requests trigger an independent risk measurement aimed at a comprehensive and thorough analysis of potential borrowers. Credit risks are managed based on limits set for various types of transactions and subject to the regular monitoring of borrowers’ creditworthiness. The bank also thoroughly and prudently analyses potential and existing borrowers for economic safety and values collateral taken to secure borrowers’ obligations to the bank, subject to the subsequent monitoring of their availability and changes in their actual value throughout the entire life cycle of the loan product. All loan-related documents are subject to thorough legal due diligence.

Lending activities are coordinated, and related decisions are taken, by the bank’s credit committee whose members represent all subdivisions concerned, including risk management. Some of the Credit Committee’s decision-making powers may be delegated to authorised officers. Credit risk management activities are coordinated by the Credit Risk Committee, a specialised management body reporting to the Management Board.

The principle of distribution of responsibility in credit risk management is reflected in the bank’s Risk Management Policy, Credit Policy and loan approval procedures.

Key credit risk management elements:

  • The Risk Management Policy approved by the Supervisory Board is the bank’s framework risk management document, defining the goals, principles and tools of risk management;
  • The bank’s Credit Policy which is regularly aligned with market conditions, the Bank’s lending strategy and existing risks;
  • Improvement of the formalised borrower appraisal principles and methods (rating models for corporate borrowers, scoring systems for retail business), risk- based application of the general principles of pricing, collateralisation and provisioning. In the reporting period, the bank validated and revised its internal rating and scoring models to enhance their quality and bring them into line with best practices of quantitative credit risk evaluation;
  • Control over limits for borrowers and groups of related borrowers, concentration limits, authority limits and other structured limits.

Measures Taken in 2019 to Minimise this Type of Risk

With respect to corporate credit risks, the following measures were taken in credit risk assessment methodology and improvement of the bank’s internal lending and loan monitoring processes:

  • New approaches to the corporate customer monitoring program in order to identify existing problems in the Customer business planning system and processes (as the Provisional Manual for Monitoring Corporate Customers Strategic Planning was approved and a relevant pilot project was launched);
  • The system of SME customer risk metrics was improved, as well as the accounting and monitoring systems.
  • Methodology was developed for assessing the creditworthiness of the special-purpose lending category “residential construction with the use of escrow accounts opened with the bank” was developed.
  • Methodology for credit risk assessment and limit calculations for transactions involving lending institutions, the internal credit rating of investment companies, and calculations of performance indicators for financial market transactions were all improved.

In retail risks, credit risk indicators and efficiency indicators for their evaluation were improved, namely:

  • Retail customers’ default probability scoring application models for general-purpose loans and credit cards were improved and commissioned for industrial operation.
  • New behavioural models for default probability assessments of all loan claims to retail borrowers were developed and calibrated by an external consultant.
  • Approaches to risk assessments of loan applications received from business owners/ sole proprietors were revised.
  • The performance monitoring system for retail business risk management and separate stages of the lending process was improved.

Activities Planned for 2020 to Minimise this Risk

  • Develop approaches to the model risk and emergency support risk assessment and management.
  • Develop business with SMEs, including SME scoring models, relevant updates of the lending processes, and SME lending requirements, terms and standards.
  • Develop approaches for sovereign risk assessment.
  • Improve procedures of control over conditions precedent in retail business and implement measures improve and develop of the erroneous retail solvency assessment identification process.
  • Implement a set of measures to reduce the bank’s losses caused by defaults, including finalisation of the bank’s collateral policy aimed at updating priority levels of some types of security, including those associated with recent legislative changes; improve overdue debt collection procedures and the system for monitoring retail business collection indicators.
  • Establish an ICAAP reporting competence centre at MKB Group’s new subsidiaries.
Market Risk

The source of this type of risk is the bank’s exposure to losses and negative consequences due to adverse changes in the market value of financial instruments in its trading book and derivatives, and in exchange rates of currencies and/or precious metals.

The market risk includes:

  1. instrument interest rate risk, ​i.e. the exposure to adverse effects from unfavourable changes in interest rates of the trading portfolio instruments (in particular, the risk of negative revaluation of the trading portfolio as a result of changes in fixed income interest rates);
  2. instrument currency risk, ​i.e. the exposure to adverse effects from changes in FX rates and/or precious metal prices through devaluation of FX-nominated financial instruments and/or precious metals in the trading portfolio; Trading portfolio currency risk is calculated based on interest rate and securities portfolio risks of FX-nominated instruments;
  3. securities portfolio risk, ​i.e. the exposure to adverse changes in market prices of securities in the trading portfolio or derivative financial instruments due to factors related to both specific issuers and general fluctuations in market prices of financial instruments.
  4. commodity risk, i.e. the exposure to losses due to adverse changes in market prices of commodities, save for precious metals (including commodity derivatives)

Operating in the financial market, the bank assumes risks of instruments in its trading portfolio (risks of adverse changes in the prices of equity instruments, changes in interest rates of fixed income debt instruments, as well as changes in currency exchange rates and the resulting negative revaluation of its trading portfolio).

The bank manages market risks as required by the Bank of Russia’s regulations and also uses internal methods compliant with guidelines of the Basel Committee on Banking Supervision.

The bank manages its market risk by setting limits on open positions in financial instruments, interest rates, maturities and currency, and also stop-loss limits. Limits and positions are monitored on a regular basis and are reviewed and approved by the Asset and Liability Committee / Management Board. In addition, the bank uses stress tests to model the impact of different market scenarios.

The bank applies conservative approaches to building its securities portfolio so as to avoid significant losses that could affect its financial stability. The bank mostly deals in bonds of Russian issuers included in the Bank of Russia’s Lombard List and having short durations.

The bank’s exposure to market risks may be evaluated by calculating maximum possible loss per each security and Value-at-Risk / Stressed Value-at-Risk for the entire portfolio.

Measures Taken in 2019 to Minimise this Type of Risk

  • Methodology was improved for determining Current Fair Value (CFV) of financial instruments including for new financial instruments.
  • New financial instruments fair value calculation and accounting processes were automated.

Activities planned for 2020 to minimise this risk

  • Test market risk measurement algorithms using the IRC (Incremental Risk Capital) component. Improve the market risk management system (introduce the IRC and Expected Shortfall approaches).
Operational Risk (incl. Legal Risk and Compliance Risk)

The source of this type of risk is the exposure to adverse effects from the credit institution’s internal operating processes and procedures being inconsistent with the nature and scale of its activities and/or statutory requirements or being violated by its staff and/or other persons (by any unintentional or deliberate actions or omission), from its information, technological or other systems being functionally or otherwise inadequate and/or failing (malfunctioning), or from any external events.

Operational risks have the peculiarity of being inherent in all of the bank’s activities, rather than in individual products/processes.

To limit the operational risk, the bank details in its bylaws a complex of the following measures intended to minimise the probability of operational risk events resulting in losses and/or to minimise (limit) such losses:

  • Procedures for execution of transactions, distribution of responsibilities, related reporting and follow-up control designed to prevent (limit) operational risk, and control over those procedures;
  • Requirements pertaining to banking automation and InfoSec systems, and prospects of their development;
  • Insurance procedures, including property insurance (insurance of buildings, other assets, including money and securities, from loss (destruction), shortage or damage, in particular inflicted by third parties or staff, and business risk insurance covering losses resulting from banking risk events) and personal insurance (H&S insurance);
  • Bylaw approval procedures requiring validation by subdivisions responsible for assessing operational risks.

The bank’s operational risk management procedures set forth methods to identify and assess operational risks assumed in various areas of its activities.

Operational risk includes:

  1. staff risk, i.e. the risk of losses caused by errors or malfeasance of the bank’s staff, their insufficient qualification, work overload, unpractical working processes, etc.;
  2. process risk, i.e. the risk of losses caused by errors in transaction execution, settlement, booking, reporting, pricing and other processes;
  3. system risk, i.e. the risk of losses caused by deficiencies of the bank’s technologies such as insufficient capacity of its systems, their inadequacy for operations being made, rough data processing methods, or low quality or inadequacy of data used, etc.;
  4. external risks, i.e. the risks of losses caused by changes in the bank’s operating environment, such as changes in laws, politics, economy, etc., and risks of physical interference from outside;
  5. legal risk, i.e. the exposure to adverse effects of the bank’s failure to perform its contractual obligations to customers/counterparties, their failure to perform essential terms of supply and other agreements signed by them with the bank concerning provision of goods, works and services (except for credit-related agreements), unsatisfactory level of legal work in the bank, imperfection and instability of the Russian legal system, variability of laws and regulations governing the bank’s operations.
  6. compliance (regulatory) risk, i.e. the exposure to adverse effects from non-compliance with requirements of international and Russian laws, the bank’s commitments to its shareholders and third parties, its bylaws, standards of self-regulatory organisations (if mandatory for it) as well as due to sanctions and/or other enforcement actions imposed by supervisory bodies.
  7. technological risk, i.e. the exposure to losses from using outdated technologies or sunk costs of new technologies.

Measures Taken in 2019 to Minimise this Type of Risk

  • The subsidiaries’ operational risk management methodology was updated.
  • Steps were taken to develop an internal operational risk management culture at the bank, including preparation of training materials, delivery of special training programmes on Operational Risk Management to employees followed by relevant testing.
  • Steps were taken to improve manageability of the BC/DR system under development (BC/DR Plan testing).
  • An annual operational risk self-appraisal test was performed using the Automated Operational Risk Management System.

Activities Planned for 2020 to Minimise this Risk

  • Design and introduce new operational risk control tools and draft new appropriate bylaws.
  • Continue the risk management culture development efforts with respect to the Group’s operational risks.
  • Update the operational risk incident classifier to reflect the changes in external regulations.
Concentration Risk

The risk of significant losses that can pose a threat to the bank’s solvency and ability to continue its business due to its exposure to large counterparty risks, risks in specific sectors, regions, markets, currencies, etc.

Concentration risk management procedures include the following:

  • Concentration risk identification and measurement procedure;
  • List of concentration limits on the existing structure of the bank’s risk-bearing assets grouped into portfolios by various attributes, and aggregate indicators of its operations. The aim is to limit losses resulting from overconcentration on certain counterparties, groups of counterparties or groups of assets of the bank;
  • Developing ways to control compliance with such limits, in particular control the bank’s portfolios of instruments with the aim to identify risk concentrations that are new for it and are not captured by the concentration limit system, and ways to report limit violations to its management bodies, and corrective procedures.

Measures Taken in 2019 to Minimise this Type of Risk

  • Actions to introduce a new type of structure limit, namely a limit on the largest counterparties (related parties), and its calculation and monitoring algorithms were approved, and indicative values for the new limits of the bank’s loan claims concentration were set.

Activities Planned for 2020 to Minimise this Risk

  • Validate and calibrate concentration risk quantification models, update the levels of concentration risk appetite indicators (KRIs) and adjust the risk quantification guidance if necessary;
  • Perform annual macroeconomic and sectoral stress testing for the bank’s top ten borrowers and report findings to the bank’s Supervisory Board.
Liquidity Risk

The source of this type of risk is the possibility of the bank running short of cash to perform its obligations in full. Liquidity risk can arise as a result of a mismatch in the bank’s financial assets and financial liabilities (in particular caused by a failure of one or more of its counterparties to perform their financial obligations in due time) and/or an unforeseen abrupt acceleration of its financial liabilities.

The bank exercises strict control on a daily basis over compliance with statutory liquidity ratios set by CBR (instant (N2) and current (N3) liquidity ratios). The bank also controls compliance with the long-term liquidity ratio (N4); and, starting from 2018, as CREDIT BANK OF MOSCOW was included in the list of systemically important credit institutions, the short-term liquidity ratio (N26) (the “STL”; calculated in line with Regulation on Calculating the Short-Term Liquidity Ratio (Basel III) by Systemically Important Credit Institutions No. 510-P dated 03.12.2015) has been calculated and monitored on a daily basis.

The bank distinguishes the following liquidity risk types:

  1. risk of mismatch between incoming and outgoing cash flows;
  2. risk of unforeseen liquidity requirements, i.e. the risk of consequences of unexpected events in future that may require more resources than projected;
  3. market liquidity risk, i.e. the risk of selling assets at a loss or inability to close an existing position due to insufficient market liquidity or insufficient amount of trades. The effects of this form of risk may be factored into the market risk evaluation;
  4. funding risk, i.e. the risk associated with potential changes in cost of funding (individual and market credit spread) affecting the bank’s future income.

The bank’s liquidity risk management procedures include the following:

  • Specific risk factors;
  • Procedures to determine the bank’s funding needs, including identification of liquidity surplus/shortage and limits of liquidity surplus/shortage (liquidity limits);
  • Procedures for liquidity forecasting and time analysis of liquidity (short-term, current and long-term liquidity);
  • Procedures for setting liquidity limits and developing ways to control compliance with such limits, to report limit violations to the bank’s management bodies and suggest corrective actions;
  • Procedures for daily liquidity management and longer-term liquidity management;
  • Methods for analysing liquidity of assets and stability of liabilities;
  • Liquidity recovery procedures, including procedures for making decisions on mobilisation (sale) of liquid assets and other possible (and most easily accessible) ways of additional funding in case of liquidity shortage.

Final decisions as to liquidity risk are taken by a collective body, the ALCO/Management Board, thus ensuring comprehensive and effective control over that risk.

The current and forecast liquidity risks are managed separately at the bank.

Current liquidity management is the main task of the bank’s operative management of assets and liabilities, involving short-term forecasting and management of cash flows in terms of currencies and maturities to ensure performance of the bank’s obligations, execution of customer payments and funding of assets-related transactions. Current liquidity is managed through prompt (intraday) estimation of the bank’s current payment position and forecasting changes therein based on the payment schedule and different scenarios.

The main purpose of forecast (medium- and long-term) liquidity management is to develop and implement a system of ALM measures to maintain the bank’s solvency and ensure the planned growth of the assets portfolio at an optimum balance between liquidity and profitability. This is done at the bank by making long-term liquidity forecasts and setting internal liquidity requirements (required liquid and highly liquid cushion, required amount of the liquid securities portfolio). Long-term liquidity forecasts go to the bank’s ALCO/Management Board.

In addition, stress tests are run based on risk factors relevant to liquidity forecasts and the bank’s capability to mobilise liquid assets in the event of a liquidity shortfall.

This prevents material liquidity gaps, ensures uninterrupted performance of obligations, saves costs of urgent fund raising in the case of emergency situations and makes assets-related transactions more profitable thanks to the right choice of instruments.

Measures Taken in 2019 to Minimise this Type of Risk

  • The automation level has been enhanced in the bank’s dynamic balance sheet modelling and mandatory liquidity ratios forecasting, including the STL, which improved the timeliness and accuracy of the forecasts. The regulation for management of the bank’s highly liquid asset portfoliohas been approved, which governs issues associated with retention of the STL at its target level, as determined by the bank’s Assets & Liabilities Committee in line with the risk appetite indicator, prescribed by the Risk and Capital Management Strategy. Target volume indicators and limits for were set the highly liquid securities portfolio.
  • New limits and restrictions were imposed for some of the bank’s transactions in order to mitigate the liquidity risk and regulate mandatory liquidity ratios.
  • A system of compensations for liquidity risks was introduced related to pricing of the bank’s assets- and liabilities-side products, and the Methodology for allocation of incidental costs to support the N26 ratio for different business lines was approved.
  • The liquidity risk reporting system was improved: the scope of regular managerial reports to the Assets & Liabilities Committee was amended as regards the status and forecast of liquidity and mandatory ratios.

Activities Planned for 2020 to Minimise this Risk

  • Improve the liquidity risk limit system;
  • Improve further the methodology for modelling the bank’s dynamic balance sheet and stress testing the bank’s liquidity;
  • Automate further processes of modelling the bank’s dynamic balance sheet and forecasting liquidity indicators and mandatory ratios.
Interest Rate Risk in the Banking Book (IRRBB)

The risk of deterioration of the bank’s financial condition through a decrease of its capital, income or assets value resulting from a change in market interest rates affecting its assets and liabilities other than its trading portfolio. Interest rate risk in the banking book stems from mismatches between maturities of, or between changes in interest rates on, assets and liabilities.

Interest rate risk in the banking book management procedures include the following:

  • Gap analysis using interest rate stress tests;
  • Identification of major sources of IRRBB inherent to operations (transactions) sensitive to interest rate changes;
  • Modelling of maturities and cost of assets (liabilities), in particular setting target product maturities at the business subdivisions’ level in the course of the business planning process;
  • IRRBB limits and ways to control compliance with them, a system to report limit violations to the bank’s management bodies, and a correction process.

Final decisions as to interest rate risk in the banking book are taken by a collective body, the ALCO/Management Board, thus ensuring comprehensive and effective control over that risk.

The bank sets and regularly controls relevant limits linked to loan utilisation effectiveness, profitability and maximum interest rate gaps on various time horizons. To limit the impact of interest rate risk in the banking book on the bank’s financial results, the bank analyses maturities of loans issued and funding raised to reveal any mismatches between its assets and liabilities exposed to interest rate changes. This analysis helps decide what structure of assets and liabilities is optimal and ensures maximum resilience to financial losses caused by interest rate risk in the banking book. On an ongoing basis, the bank optimises interest rates on the assets side and liabilities side in line with the current market situation and tariff policies of its main competitors.

Measures Taken in 2019 to Minimise this Type of Risk

  • A new assessment methodology for interest rate risk in the banking book in line with the Bank of Russia’s recommendations and Basel Committee standards concerning assessment of interest rate risk in the banking book and including application of behavioural models for the bank’s assets- and liabilities-side products was approved.
  • A methodology to calculate compensations for the interest rate risk related to embedded optionalities in assets- and liabilities-side products was fully implemented; and new standard form loan agreements was enacted to accommodate compensations for the interest rate risk related to embedded optionalities in credit products.
  • The scope of regular managerial reports provided to the Assets & Liabilities Committee was updated as regards the dynamics of the bank’s assets and liabilities structure and interest margin

Activities Planned for 2020 to Minimise this Risk

  • Improve behavioural models of the bank’s assets- and liabilities-side products designed for assessment of the interest rate risk in the banking book, and risk-based pricing.
  • Improve the system of limits of interest rate risk in the banking book.
  • Improve regular managerial reports provided to the Assets & Liabilities Committee as regards interest rate risk in the banking book.
FX Risk in the Banking Book (FXRBB)

The exposure to potential losses due to changes in exchange rates/prices of foreign currencies/precious metals in which the bank has open currency positions (OCP) at the bank book level.

FX risk in the banking book represents potentially adverse effects from changes in FX rates and/or precious metal prices at the bank book level by measuring the aggregate long or short open currency position against the bank’s capital.

FXRBB management requires limits to be set on the bank’s OCP.

FXRBB management procedures include the following:

  • The bank’s compliance with Bank of Russia Instruction No. 178-I “On Setting Open Currency Position Limits, the Methodology for Calculating them, and Modalities of Supervision of Credit Institutions’ Compliance therewith” dated 28.12.2016 is monitored on a daily basis: its designated subdivisions ensure that the open foreign currency position in any single foreign currency or precious metal does not exceed 10% of its equity (capital). The bank goes beyond the Bank of Russia’s regulatory restrictions by setting more conservative management limits on the size of its open foreign currency position in each currency;
  • The bank monitors and forecasts on a daily basis its open foreign currency position in each currency and as a whole;
  • The key currency risk factors, such as governmental, macroeconomic and financial ones are monitored on a daily basis.

Measures Taken in 2019 to Minimise this Type of Risk

  • For better management of FX risk in the banking book, a Regulation for the bank’s Open Currency Positions was approved, detailing the split of the open currency position (OCP) into the trading OCP (OCP of the trading portfolio of financial instruments) and structural OCP and documenting a strategy for structural OCP management.
  • Limits for the trading OCP were established.

Activities Planned for 2020 to Minimise this Risk

  • Improve the FXRBB limits system.
  • Improve the automation level of the trading and structural OCP management processes.
Reputational Risk

The source of this type of risk is the bank’s exposure to losses as a result of an outflow of the bank’s customers (counterparties) due to a negative public perception of the bank’s financial stability, quality of its services or the nature of its activity as a whole. The probability and amount of losses that can be caused by this risk depends on the level of this risk in the Russian banking sector as a whole.

Reputational risk management procedures include the following:

  • procedures/tools/mechanisms for dealing effectively with all categories of stakeholders;
  • ethical conduct in provision of services;
  • ongoing monitoring of internal and external threats to the bank’s reputation;
  • understanding shareholders’ and investors’ expectations as to disclosure;
  • maintaining an advanced corporate governance system and developing it in line with the bank’s strategic goals and interests of all stakeholders;
  • ensuring a high level of corporate culture;
  • adherence to the code of professional ethics and culture;
  • transparent and advanced staff remuneration, incentive, training and qualification upgrade system.

The bank meets all of its obligations on time and in full. The bank’s credit history includes large loans from leading credit institutions of the world, syndicated loans and bond issues. The bank is also well-reputed in the national and international financial communities.

The bank makes considerable efforts to promote its image in the eyes of its customers and the public by increasing its information transparency. Reputational risk management is an integral part of the risk management system and is practiced with the direct involvement of the bank’s management.

Measures Taken in 2019 to Minimise this Type of Risk

  • In line with the BC/DR system development road map, the most promising methods and principles for securing business continuity were identified and are to be implemented, processes of business continuity and mitigation of discontinuity factors most important for the bank were introduced, and relevant methodology was designed to regulate the processes. BC/DR procedures incorporated processes of qualitative assessment of the Reputational Risks and inclusion of relevant indicators in the decision-making process. These actions ensured compliance of the bank’s BC/DR system with the Bank of Russia’s requirements and international standards, created a material safety margin for the business processes and systems, and ensured a due level of reputational risk to match the bank’s scale of operations.
  • Development of a reputational risk management system, in particular by further integration of reputational risk assessment and management processes at various levels of the internal control and risk management system was secured by establishing the bank’s regulations for internal controls. The control processes ensured greater transparency and business openness of the bank for its stakeholders within the corporate governance system.

Activities Planned for 2020 to Minimise this Risk

  • BC/DR system development resulted in elaboration of a road map for updating and improvement of the BC/DR system in 2020 (BC/DR RM 2020). The road map incorporates plans for regular monitoring, risk assessment, and evaluation of business discontinuity factors. The bank shall implement BC/DR RM 2020 in line with the most advanced methods and business continuity principles, which will both ensure compliance with the Bank of Russia’s requirements and international standards and create a material safety margin for the business processes and systems.
  • Develop a reputational risk management system, in particular by integrating further reputational risk assessment and management processes at various levels of the internal control and risk management system, ensuring greater transparency and openness of the bank for all stakeholders. Among other things, the bank plans to update existing regulations and its subsidiary financial institutions in reputational risk management, including monitoring and assessment processes.
Strategic Risk

This risk means the exposure to adverse consequences of mistakes (flaws) in strategic decisions such as oversight or underestimation of potential threats, wrong or inadequate choice of prospective business areas where it can gain an edge over its competitors, lack/insufficiency of resources (financial, material, technical, human) and organisational measures (managerial decisions) required to attain its strategic goals.

The main goal of the strategic risk management is to establish an interdisciplinary system allowing for appropriate managing decisions in respect of the bank’s activities, aimed at reducing the impact of strategic risks on the bank in general.

Strategic risk management procedures include the following:

  • Periodic revaluation of the bank’s development strategy;
  • Planning the development of new lines of business, new products, technologies and services, expansion of existing technologies and services and strengthening of the bank’s infrastructure;
  • Analysing competition so as to identify strategic risks such as the threat of new competitors entering the market, the threat of product substitution or the threat of continuous evolution of strategic risk factors during the lifetime of services provided.

The capital charge estimation stage was embedded into the product/service development procedure.

Key strategic risk indicators are limited in accordance with the bank’s procedures. Limit control results, breaches and correction proposals are regularly reported to the bank’s management bodies to ensure prompt control over achievement of the bank’s strategic goals.

Activities Planned for 2020 to Minimise this Risk

  • Optimise business planning procedures to make the major business segments more profitable, curb growth of general and administrative expenses and salary costs.