Risk Management Stages and Structure

The bank manages risks in accordance with the following stages, each involving responsible subdivisions/employees.

Risk identification (definition)

The bank’s bylaws give a wide list of risk types to which it can be exposed in its activities, specifying rules to qualify them as critical, describing the nature of their origin, and listing affected products, processes and operations.

Risk appetite determination

The bank determines tolerances for critical risk types. Risk appetite indicator determination process and algorithms (for calculable indicators) are set out in the bank’s bylaws.

Risk identification

The bank takes steps to identify any risks posed by operations made and products offered. Risk identification procedures are set out in the bank’s bylaws.

Risk assessment

The bank performs qualitative and/or quantitative risk assessment. Assessment algorithms are set out in the bank’s bylaws and undergo testing for their relevance and effectiveness.

Selecting responses to risks and risk events

Based on risk assessment, the bank takes, limits, shares or excludes a risk using risk management tools. Responses to risk events are selected based on their efficiency.

Risk monitoring

The bank monitors risks taken and adds further responses in the case of a material increase in the level of a risk or a change in its profile. Monitoring procedures are set out in the bank’s bylaws. Monitoring results are reflected in the bank’s internal reporting.

Control of risk level and compliance with risk management procedures

The bank controls compliance with established limits, risk appetite indicators (key risk indicators) and other limitations. Three types of control are in place: prior, current and follow-up control. The bank also controls compliance with risk management procedures. Control (including remote control) procedures are set out in the bank’s bylaws.

Risk Management Structure

Qualitative performance indicators of risk management subdivisions

Closing each reporting period with COR below the ceiling is a key qualitative performance indicator of the Bank’s risk management function.

Asset quality

  • Keeping overdue loans (90+) below the ceiling
  • Observing vintage indicators of risk in new issues of retail and express products

Keeping key risk indicators (KRIs) of critical risk types below their ceilings

  • Credit risk (incl. credit risk of default and counterparty credit risk)
  • Concentration risk
  • Market risk
  • Interest rate risk in the banking book
  • FX risk in the banking book
  • Operational (incl. legal and compliance) risk
  • Liquidity risk
  • Reputational risk
  • Strategic risk

Monitoring indicators

  • Compliance with:
    • Counterparty limits;
    • Structural limits;
    • Authority limits;
    • Market instrument limits;
  • Loan portfolio duration