RU

5.

CORPORATE GOVERNANCE


The corporate governance system of Eximbank of Russia JSC is consistent with the principles of the Corporate Governance Code recommended for use and takes into account the global best practices. The Corporate Governance Code of Eximbank of Russia JSC has been effective since 2012.

3

levels of risk management

5.1

Corporate governance system

The corporate governance system of Eximbank of Russia JSC is consistent with the principles of the Corporate Governance Code recommended for use and takes into account the global best practices. The Corporate Governance Code of Eximbank of Russia JSC has been effective since 2012.

CORPORATE GOVERNANCE ASSESSMENT

In 2016 the internal audit function conducted the annual assessment of the Bank’s corporate governance. In particular it assessed the observance of the Corporate Governance Code by the employees and senior officials of the Bank.

Corporate governance self-assessment includes the following checkpoints:

  • Exercise of rights by the Bank’s shareholders;
  • Activity of the Board of Directors;
  • Activity of the executive management;
  • Information disclosure;
  • Risk management, internal audit, internal controls and compliance controls;
  • Corporate social responsibility, business ethics;
  • Implementation of the Bank’s Development Strategy.

Basing on the results of the self-assessment, the quality of corporate governance has been deemed “satisfactory, commensurate to the nature and scale of the Bank’s operations”.

IMPROVING THE CORPORATE GOVERNANCE SYSTEM



1

Develop effective and transparent remuneration and incentives practices to be applied to the executive management and other senior officials of the Bank

2

Increase the effectiveness of the Board of Directors and the executive bodies of the Bank

3

Identify the criteria and develop the system of assessing the executive bodies of the bank, Revision Committee, Head of Internal Audit and other senior officials of the Bank

IMPROVING THE CORPORATE GOVERNANCE SYSTEM

Improving the corporate governance system is aimed at increasing the efficiency, accountability and transparency of the Bank’s operations. In the reporting period the transparency of the Bank was increased in terms of disclosure of annual reports and the list of persons eligible to participate in the AGM.

To ensure efficient remuneration system management, the Human Resources and Remuneration Committee reporting to the Board of Directors was created in 2016.

5.2

Internal control

The Banks has an effective system of internal controls of its financial and business activities that ensures the protection of shareholders’ rights and interests. The internal controls system includes the Internal Audit function, a financial monitoring function of a Professional Securities Market participant.

INTERNAL AUDIT OFFICE

The Internal Audit Office function is an independent structure of the Bank directly reporting to the Board of Directors.

INTERNAL CONTROL OFFICE

The main objective of the Internal Control Function is to ensure effective and independent compliance control with a view to minimize the risk of regulatory and controlling agencies taking enforcement action against the Bank, as well as the reputational risks related to noncompliance with laws and legal acts, standards of self-regulatory organizations or business practices in banking.

FINANCIAL MONITORING OFFICE

The Financial Monitoring Office implements the measures required to prevent money laundering and the financing of terrorism. The internal documents of the Bank that regulate the activities in this sphere are based on the ‘know your customer’ principle, national legislation and international best practices.

To increase the quality of program implementation and ensure the observance of internal control procedures, the Financial Monitoring Office is working on enhancing the coordination of the business units and increasing the control over the compliance with the requirements.

THE TASKS OF THE INTERNAL AUDIT OFFICE

1

Regular monitoring of internal controls systems

2

Limited-scope audit and full-scope audit of the Bank’s operations

3

Providing independent recommendations on improving banking activities and control procedures

5.3

Risk management system

A highly effective risk management system is the bedrock of continual and steadfast development of Eximbank of Russia JSC. The risk management policy was developed with due consideration for the strategic goals and objectives of the Bank and the REC Group. Risk management at the Bank is conducted at three levels.

The comprehensive risk management system addresses all categories of risk that the Bank may face and is aimed at constant identification, assessment, control and avoidance of potential threats, as well as mitigation of potential consequences of the risks. Before implementing the tactical and strategic plans of the Bank or making an important business decision, comprehensive assessment of all significant risks is performed. In case a risk or several types of risks occur, the Bank takes every possible measure to mitigate their negative impact.

For Eximbank of Russia, the list of significant risks includes all types of risks for which certain norms were specified by the Central Bank of Russia and which are relevant for the calculation of the regulatory capital, including, but not limited to:

  • Credit risk;
  • Market risks (interest rate, currency and equity risks);
  • Funding liquidity risk;
  • Concentration risk;
  • Operational risk;
  • Legal and regulatory (compliance) risk;
  • Reputational risk;
  • Fraud risk;
  • Strategic risk.

The significance of risks in relation to which the Central Bank of Russia has no specific requirements is assessed by comparing the expected maximal loss to the size of the Bank’s regulatory capital. The types of risks that cannot be assessed by quantitative methods should be assessed by expert judgement. To evaluate the significant risks, the Bank uses risk metrics that make it possible to calculate potential losses from risk occurrence both under normal and stressed financial market conditions.

STRUCTURE OF THE RISK MANAGEMENT SYSTEM OF EXIMBANK OF RUSSIA JSC

BOARD OF DIRECTORS, MANAGEMENT BOARD AND CHAIRMAN OF THE MANAGEMENT BOARD OF THE BANK Strategic level Operational level RISK DEPARTMENT Tactical level ASSET AND LIABILITIES MANAGEMENT COMMITTEE COMMITTEE ON BANKING AND INFORMATION TECHNOLOGIES LOAN COMMITTEE

UNDERLYING PRINCIPLES OF THE RISK MANAGEMENT SYSTEM AT EXIMBANK OF RUSSIA JSC

SYSTEMATIC APPROACH

Managing all kinds of risks is performed for all functions, at all management levels

INTEGRATION

Risk management processes are integrated in the business processes of the Bank; every single employee is engaged in the risk management system depending on their competencies and awareness to ensure ‘the three lines of protection’: risk owners, risk management, internal audit

AWARENESS

Risk management is based on the objective, reliable and relevant information. Any operation is decided upon after comprehensive analysis and assessment of risks

TIMELINESS

The risk management system ensures the timeliness, completeness and reliability of information on significant risks

CONTINUITY

Risk management should be a continuous process; it should include operational and follow-up control

INDEPENDENCE

The Risk Management Service is independent from the operational units and participates in decision-making support at the operational and strategic levels

RELEVANCE

Risk management includes constant improvement of all risk management elements, including the standards and methodologies, information systems; it takes into account the strategic objectives and the changes in the internal and external environment, as well as in the international practices and risk management standards

TECHNOLOGICAL EFFECTIVENESS

Risk management processes should be conducted with the use of state-of-the-art information technologies and systems that make it possible to timely identify, analyze, assess, manage and control the risks

REPEATABILITY

Risk management is a constantly repeating organized cycle of going through its key elements

AUTHORITY SEPARATION

The risk management system is based on organizational separation of the structural units and employees responsible for operations, risk management and accounting

ADEQUACY OF DECISION-MAKING LEVEL TO THE RISK-BEARING CAPACITY

The decision-making level for operations/ limits approval is defined depending on the size and the risk-bearing capacity

LIMITING THE RISK-BEARING CAPACITY

No operation will be processed without the mandatory limit or a separate decision of the governing bodies of the Bank or its collegiate working bodies

The risk management system is being developed in line with the recommendations of the Central Bank of Russia and the Basel Committee on Banking Supervision.

IMPROVING THE RISK MANAGEMENT SYSTEM

In response to the constantly changing external market and regulatory environment, Eximbank of Russia JSC has continuously improved the banking risk management system with a view to increase its efficiency. The development of the risk management system is effected with due consideration to the general approaches and principles recommended by the Central Bank of Russia and the Basel Committee on Banking Supervision, as well as to the international best practices.

In order to improve the efficiency of achieving the assigned strategic objectives, regular measures are taken to increase the risk management culture and ensure a risk-oriented approach in all lines of business of the Bank and the REC Group.

The results achieved in the process of improving the risk management system in 2016:

  • Improved system of informing the managing bodies and the senior officials on the status of risks taken by the members of the Group. The information provided through the system is essential for informed managerial decision-making.
  • Measures taken on the harmonization of methodologies used by the members of the REC group, in particular, of risk assessment methodologies.
  • Work groups including representatives of each of the REC Group members were created and now successfully operate. These groups are tasked with preparing new targeted products for launch, as well as develop informed decisions on risk limitation.