levels of risk management
In 2016 the internal audit function conducted the annual assessment of the Bank’s corporate governance. In particular it assessed the observance of the Corporate Governance Code by the employees and senior officials of the Bank.
Corporate governance self-assessment includes the following checkpoints:
Basing on the results of the self-assessment, the quality of corporate governance has been deemed “satisfactory, commensurate to the nature and scale of the Bank’s operations”.
Develop effective and transparent remuneration and incentives practices to be applied to the executive management and other senior officials of the Bank
Increase the effectiveness of the Board of Directors and the executive bodies of the Bank
Identify the criteria and develop the system of assessing the executive bodies of the bank, Revision Committee, Head of Internal Audit and other senior officials of the Bank
Improving the corporate governance system is aimed at increasing the efficiency, accountability and transparency of the Bank’s operations. In the reporting period the transparency of the Bank was increased in terms of disclosure of annual reports and the list of persons eligible to participate in the AGM.
To ensure efficient remuneration system management, the Human Resources and Remuneration Committee reporting to the Board of Directors was created in 2016.
The Internal Audit Office function is an independent structure of the Bank directly reporting to the Board of Directors.
The main objective of the Internal Control Function is to ensure effective and independent compliance control with a view to minimize the risk of regulatory and controlling agencies taking enforcement action against the Bank, as well as the reputational risks related to noncompliance with laws and legal acts, standards of self-regulatory organizations or business practices in banking.
The Financial Monitoring Office implements the measures required to prevent money laundering and the financing of terrorism. The internal documents of the Bank that regulate the activities in this sphere are based on the ‘know your customer’ principle, national legislation and international best practices.
To increase the quality of program implementation and ensure the observance of internal control procedures, the Financial Monitoring Office is working on enhancing the coordination of the business units and increasing the control over the compliance with the requirements.
Regular monitoring of internal controls systems
Limited-scope audit and full-scope audit of the Bank’s operations
Providing independent recommendations on improving banking activities and control procedures
The comprehensive risk management system addresses all categories of risk that the Bank may face and is aimed at constant identification, assessment, control and avoidance of potential threats, as well as mitigation of potential consequences of the risks. Before implementing the tactical and strategic plans of the Bank or making an important business decision, comprehensive assessment of all significant risks is performed. In case a risk or several types of risks occur, the Bank takes every possible measure to mitigate their negative impact.
For Eximbank of Russia, the list of significant risks includes all types of risks for which certain norms were specified by the Central Bank of Russia and which are relevant for the calculation of the regulatory capital, including, but not limited to:
The significance of risks in relation to which the Central Bank of Russia has no specific requirements is assessed by comparing the expected maximal loss to the size of the Bank’s regulatory capital. The types of risks that cannot be assessed by quantitative methods should be assessed by expert judgement. To evaluate the significant risks, the Bank uses risk metrics that make it possible to calculate potential losses from risk occurrence both under normal and stressed financial market conditions.
Managing all kinds of risks is performed for all functions, at all management levels
Risk management processes are integrated in the business processes of the Bank; every single employee is engaged in the risk management system depending on their competencies and awareness to ensure ‘the three lines of protection’: risk owners, risk management, internal audit
Risk management is based on the objective, reliable and relevant information. Any operation is decided upon after comprehensive analysis and assessment of risks
The risk management system ensures the timeliness, completeness and reliability of information on significant risks
Risk management should be a continuous process; it should include operational and follow-up control
The Risk Management Service is independent from the operational units and participates in decision-making support at the operational and strategic levels
Risk management includes constant improvement of all risk management elements, including the standards and methodologies, information systems; it takes into account the strategic objectives and the changes in the internal and external environment, as well as in the international practices and risk management standards
Risk management processes should be conducted with the use of state-of-the-art information technologies and systems that make it possible to timely identify, analyze, assess, manage and control the risks
Risk management is a constantly repeating organized cycle of going through its key elements
The risk management system is based on organizational separation of the structural units and employees responsible for operations, risk management and accounting
The decision-making level for operations/ limits approval is defined depending on the size and the risk-bearing capacity
No operation will be processed without the mandatory limit or a separate decision of the governing bodies of the Bank or its collegiate working bodies
In response to the constantly changing external market and regulatory environment, Eximbank of Russia JSC has continuously improved the banking risk management system with a view to increase its efficiency. The development of the risk management system is effected with due consideration to the general approaches and principles recommended by the Central Bank of Russia and the Basel Committee on Banking Supervision, as well as to the international best practices.
In order to improve the efficiency of achieving the assigned strategic objectives, regular measures are taken to increase the risk management culture and ensure a risk-oriented approach in all lines of business of the Bank and the REC Group.
The results achieved in the process of improving the risk management system in 2016: