Description of the Main Risk Factors Related to the Activities of EXIMBANK OF RUSSIA
- Credit Risk
- Market risks (interest rate, exchange, securities)
- Funding liquidity risk
- Operational risk
- Legal risk, compliance (regulatory) risk, risk of loss of business reputation
In order to effectively manage the risks related to the banking activities, EXIMBANK OF RUSSIA has developed and currently improves the integrated risk management system on a regular basis. This system is a part of the general management system of EXIMBANK OF RUSSIA and is aimed at ensuring the sustainability of the Bank's economic condition under the development strategy.
- Systematicity – Management of all types of risks is performed in all areas of the Bank’s activities and processes at all levels of management,
- Integratedness – Risk management processes are integrated into the Bank's business processes, and each employee of the Bank is involved in the risk management system according to his/her competence and awareness in order to ensure the “three lines of protection” – risk owners, risk management, and internal audit,
- Awareness – Risk management is accompanied by the availability of any objective, reliable and relevant information, and the decisions on any transactions may be made only after a comprehensive analysis and risk assessment,
- Promptness – Risk management system ensures the promptness, completeness and reliability of the information on any significant risks,
- Continuity – Risk management process is performed on an ongoing basis and includes operational and subsequent control,
- Independence – Risk management service is independent of the structural units, which make various transactions, and is involved in supporting the decision-making at the operational and strategic levels,
- Relevance – Risk management process includes the continuous improvement of all risk management elements, including standards and methodologies, information systems, while considering any strategic objectives, changes in the internal and external environment, innovations in international practices and risk management standards,
- Processability – Risk management process is performed using various modern information technologies and information systems making it possible to promptly identify, analyze, assess, manage and control all risks,
- Cyclicality – Risk management process is a constantly repeating and structured cycle of the implementation of its main components,
- Separation of powers – Risk management system is based on the organizational separation of the relevant structural units and the employees responsible for transactions, risk management and accounting,
- Compliance of the decision-making level with the level of assumed risk – Level of the decision-making process on the approval of transactions/limits is established depending on the amount of the transaction/limit and the relevant level of risks,
- Limitations of the level of assumed risks – All transactions shall be made only if there are mandatory limits or individual decisions of the Bank's management bodies or collegiate working bodies.
The integrated risk management system covers all categories of risks arising in the Bank’s activities and is aimed at the continuous identification, assessment, monitoring and prevention of any possible threats, as well as the reduction of any potential consequences of risks. The current banking risk management system ensures the stability of the economic status of EXIMBANK OF RUSSIA and its maintenance at the proper level.
The functioning of the risk management system is regulated by the Risk Management Policy approved by the Board of Directors of EXIMBANK OF RUSSIA, as well as various internal regulatory and methodological documents regarding the risk management approved by the Management Board of EXIMBANK OF RUSSIA.
The Risk Management Policy is prepared considering the Bank’s ambitious strategic goals and objectives formulated in its Development Strategy, as well as in the strategic documents that determine the development of the Russian Export Center.
In reply to any constant changes in the external market and regulatory conditions, as well as various internal factors, nature and scale of transactions, level and combination of risks, EXIMBANK OF RUSSIA is constantly improving its banking risk management system in order to increase own efficiency. In improving the risk management system, EXIMBANK OF RUSSIA gives priority to the standards and instruments recommended by the Basel Committee on Banking Supervision, while considering the requirements of international best practices.
In the case of one or more types of risks, the Bank takes all possible measures to limit their negative influence.
In order to consider any significant risks, the Bank uses different risk metrics that consider any possible losses from the sale of risks both in the standard conditions of functioning of the financial markets and various stressful conditions.
The Bank classifies all types of risks as all types of risks, which are considered by the Bank of Russia to establish the standards for the credit organizations, as well as in calculating the regulatory capital, but not limited to them: credit risks, market risks (interest rate, exchange, securities), funding liquidity risks, concentration risks, reputational risks, operational risks, including legal risks, fraud risks, and strategic risks. The assessment of the materiality of the types of risks that are not used by the Bank of Russia in the establishment of various standards by comparing the maximum losses with the Bank's regulatory capital. The types of risks that cannot be quantified can be assessed using different expert methods.
On an ongoing basis, the measures are being taken to enhance the culture of the risk management, build the risk-based approach in all types of the activities of the Bank and the group as a whole in order to increase the efficiency of performing the strategic objectives.
The Bank’s activities related to the credit risk management are one of the most important components of the integrated risk management system. The main objective of the Bank’s credit risk management is the prompt identification and assessment of credit risks, as well as taking the measures to minimize them.
The key objective of the Bank's credit risk management is to assess as accurately as possible the probability that the customer will perform the obligations under the credit transaction and the level of credit losses – in the case of the customer’s default – in order to make the best credit decision.
The Bank determines the system of risk level limitation based on its Development Strategy, Risk Management Policy and Credit Policy approved by the Board of Directors of the Bank. All limitations are established (in particular, at the aggregated level) for certain types of risks, individual structural units and transactions. The restrictions mostly imply any limit, threshold/control values and the target level with the preparation of the action plan in the case of any violation of the established values. and are consistent with the business planning and various budgeting processes in the Bank.
In 2018, the Bank continued to further develop the system for the analysis and assessment of credit risks, testing of the internal counterparty rating system, based on the international best practices, while considering the approaches used by various export-import banks, requirements of the Basel Committee on Banking Supervision and the Bank of Russia.
The system of credit limits includes:
- Limits restricting the universe of all assumed credit risks. Such limits include the limit on the decision-making on the transactions involving all credit risks, and the limit on self-acceptance of credit risks, which can be established for the authorized persons, etc.;
- Credit concentration limits;
- Limits restricting the level of risks for a specific counterparty (for the group of interrelated counterparties). Such limits include individual limits, limits for specific transactions, etc.
The Bank seeks to develop the limit control system for individual borrowers (their groups), as well as the limit control system at the portfolio level. To make the informed decision on the appropriateness of performing the credit transactions with the customer in the analysis process, the information available to the Bank on the financial and non-financial nature about the activities of the counterparty, its founders and business reputation in the market, credit history, etc. is used.
The main criteria for dealing with the customer are the following:
- Legal capacity,
- Compliance of the intended purpose of the loan with the conditions of the Bank's products,
- Compliance of the credit goals with the core business of the borrower,
- Availability of the primary sources of the repayment of the requested financing,
- Availability of the collateral pledge (secondary repayment source) and its sufficiency for the full or partial coverage of the requested credit, interest for its use and any fees for the credit services (for different credit products where such collateral is ensured). Also, if applicable, any incoming flows for all funded and other current and planned projects implemented by the counterparty are considered to be possible sources repayment of the requested credit. In the event of the counterparty joining the Group/Holding, the prospects for repaying the credit can also be estimated according to the consolidated financial statements of the Group.
The important area of the credit risk management is the monitoring of the Bank's credit portfolio, identification of all risk factors, which may entail the customer’s incomplete performance of the obligations against the Bank in order to take all prompt measures to minimize any losses, at an early stage.
The monitoring of the credit portfolio shall be performed to promptly identify and assess all credit risks at the level of the credit portfolio as a whole, including the influence of any individual credit transactions, as well as to prepare the proposals for optimizing the structure and amount of credit risks assumed by the Bank.
The Bank has the internal regulatory document that defines the basic principles and procedures for monitoring the transactions bearing any credit risk, areas of responsibility, as well as the procedure for the interaction of directions within this process.
For the efficient management of the credit risks arising in the performance of the banking activities, the comprehensive organizational and methodological platform for analyzing and assessing the credit risks is created and developed on a regular basis at EXIMBANK OF RUSSIA, and includes:
- Methodological support system;
- System of regulations and procedures for the interaction of the structural units in the process of a comprehensive analysis, assessment and monitoring of credit risks;
- System of the governing bodies authorized to make the decisions to optimize the processes aimed at maintaining any credit risks taken at the level that does not threaten the Bank's financial stability.
In order to minimize/prevent an increase in the level of the Bank's credit risks, while achieving the strategic priorities and business goals in accordance with the current Risk Management Policy, as well as with the Credit Policy of EXIMBANK OF RUSSIA in 2018, the Bank continued to further develop the system for the analysis and assessment of credit risks, testing of the internal counterparty rating system, based on the international best practices, while considering the approaches used by various export-import banks, requirements of the Basel Committee on Banking Supervision and the Bank of Russia.
As a part of the process of minimizing/preventing the growth of the external and internal factors of credit risks in 2018, the Bank took the measures to improve the methodology and processes for assessing and controlling any credit risks:
- Procedure for the establishment and control of limits are improved;
- Methods for assessing the credit risks are updated;
- Considering the export-oriented target segment of the Bank’s customers, the methods for assessing the credit risks of the legal entities (non-financial organizations) and financial institutions are improved, while considering the counterparty’s country risk, as well as the specifics of the Bank’s existing product range;
- Updated internal regulatory documentation on the reserves for any possible losses during the transactions involving credit risks. The bank, as a rule, preliminarily classifies loans and planned transactions with credit risks (if applicable), while specifying a possible settlement reserve.
Together, the above-mentioned measures were taken by the Bank in order to reduce the level of credit risk and allowed to improve the efficiency of the credit risk management system to protect the interests of all investors and creditors.
Market risks (interest rate, exchange, securities)
The market risk is the risk of losses due to the fact that the fair value of any future cash flows regarding the financial instruments will be variable due to any changes in the market factors, such as interest rates, foreign exchange rates and equity prices.
The Bank is exposed to the market risks when performing its liquidity management activities and the placement of temporarily available funds in the financial markets.
When managing the market risks, the Bank is mainly guided by the requirements of the Bank of Russia, as well as the internal regulatory documents based on the modern approaches to the risk management, and additionally uses all internal and more severe restrictions/limits.
In order to minimize any market risk, the Bank uses the following basic procedures and methods:
- All types of the financial transactions, which are made by the Bank and subject to various market risks, are subject to a mandatory limitation procedure, while the qualitative (in terms of the composition of the instruments used to make the transactions in the financial instruments, commercial conditions, etc.) and quantitative restrictions/activity limits are established;
- When determining the price conditions for the transactions to attract and allocate resources, the Bank is guided by the principles specified, in particular, in the Interest Policy of EXIMBANK OF RUSSIA approved by the Board of Directors of the Bank. Interest rate risk is minimized by observing compliance with the methods for setting interest rates on issued credits and passive operations;
- the risk associated with fluctuations in foreign exchange rates is minimized by maintaining at a minimum level an open foreign exchange position exposed to the risk of revaluation within the regulatory restrictions of the foreign exchange position established by the Bank of Russia and more stringent internal restrictions;
- determination of restrictions at the level of the Bank's structural divisions with respect to standard operations and transactions for financial markets;
- determination of authority and reporting for each structural subdivision, and in cases where functions overlap and in cases of transactions subject to increased market risk, use of the risk-taking mechanism by decision of collegial bodies (Asset and Liability Committee, Management Board);
- The Bank on a daily basis assesses market risks based on probabilistic and statistical methods, using generally accepted risk metrics - Value at Risk, for instruments that are most exposed to this risk category;
- The Bank conducts a stress testing procedure on a regular basis and in an unscheduled manner, which allows assessing losses from the implementation of unlikely extraordinary events on the portfolios of financial instruments and open foreign exchange positions of the Bank.
All risk score methods are regularly verified for adequacy of the real situation in the financial markets. Identification and score of the level of aggregate market risk is carried out on an ongoing basis.
Funding liquidity risk
Funding liquidity risk is the risk of losses resulting from the Bank's inability to ensure timely fulfillment of its obligations in full. Liquidity risk arises as a result of an imbalance in the Bank’s financial assets and financial obligations (including due to untimely fulfillment of financial obligations by one or more of the Bank’s counterparties) and/or the unforeseen need for immediate and one-time fulfillment by the Bank of its financial obligations.
Maintaining liquidity is one of the central tasks of managing the Bank.
In order to analyze and score the risk of liquidity loss, the Bank uses the following methods: a method for analyzing mandatory liquidity ratios, a method for analyzing the gap in the maturities of claims and obligations, a method for forecasting cash flows, and a quantitative and qualitative assessment of the risk of liquidity loss.
In order to manage liquidity, the Bank daily scores the status of instant, current and long-term liquidity, including in relation to the mandatory ratios of the Central Bank of the Russian Federation and the internal banking system of ratios.
Liquidity risk management is carried out simultaneously at several levels:
- the collegial body vested with the Management Board with the authority to manage the Bank's long and medium-term liquidity is the Asset and Liability Committee (ALC);
- the treasury/Department of operations in financial markets - carries out centralized management of short-term liquidity of the bank, operational activities to implement the decisions of the ALC regarding liquidity management;
- The Finance and Economics Department carries out short-term and long-term liquidity level planning;
- The Risk Department periodically provides support to the decision of the ALC regarding liquidity risk management;
- the Accounting, Taxation and Reporting Department on a daily basis monitors the implementation of liquidity risk standards established by the Bank of Russia;
- The Internal Control Service carries out planned and unscheduled control functions to identify conflicts of interest in managing liquidity risk, evaluates the amount of risk compliance in the process of managing liquidity risk;
- The Internal Audit Service in accordance with the Inspection Plan carries out periodic inspections of the effectiveness of liquidity risk management.
The constantly calculated and maintained share of liquid assets allows timely fulfillment of all the Bank's obligations to customers and counterparties under any scenario.
Operational risk is the risk of the Bank incurring losses as a result of deficiencies in internal processes, the functioning of information systems, unauthorized/illegal actions or employee errors, as well as due to external events.
The Bank seeks to maximally prevent the occurrence of these types of risks and to minimize the threat of potential losses (direct or indirect) by creating a multi-level control system with the division of responsibilities.
The process of managing operational and other non-financial risks is based on the principle of implementing the “three lines of defense”.
In order to manage operational risk, the Bank carries out the following activities:
- monitoring, scoring and controlling the level of operational risk and providing relevant reports to the Management Board and Board of Directors of the Bank;
- control of the conformity of actions and operations carried out by the management and employees of the Bank with the requirements of the legislation of the Russian Federation, regulatory acts, internal regulatory documents of the Bank that determine the policy pursued by the Bank, procedures for making and implementing decisions, organizing accounting and reporting, including internal information about decisions being made operations (transactions), the results of the analysis of the financial situation and the risks of banking activities;
- modernization of operating procedures, increasing the level of security and fault tolerance of information systems and the reliability of the functioning of infrastructure systems;
- using a conservative approach to the selection of personnel on the basis of a comprehensive audit, taking into account personal qualities, professional training, and the level of competencies.
Score of operational risk according to the requirements of the Bank of Russia is carried out on the basis of the basic indicative approach (BIA, Basic Indicator Approach). The Bank seeks to accumulate data in order to further use advanced models (AMA, Advanced Measurement Approach).
Legal risk, compliance (regulatory) risk, reputational risk
The priority is to ensure maximum safety of assets and capital on the basis of reduction (exclusion) of possible losses
Legal risk is understood as the risk of the Bank incurring losses due to the influence of factors both internal (non-compliance by the Bank with the laws of the Russian Federation, non-compliance of internal documents of the Bank with the laws of the Russian Federation, inefficient organization of legal work, violation by the Bank of the terms of contracts, etc.) and external (imperfection of the legal system , the impossibility of resolving certain issues through negotiations, violation by customers and counterparties of the Bank of the terms of contracts, etc.). A distinctive feature of legal risk from other banking risks is the ability to avoid the risk level that is dangerous for the Bank when the parties to the banking process fully comply with legislative and regulatory acts, internal documents and procedures of the Bank.
The objective of legal risk management is to maintain the risk assumed by the Bank at a level determined by the Bank in accordance with its own strategic objectives. The priority is to ensure maximum safety of assets and capital on the basis of reduction (exclusion) of possible losses,, including in the form of cash payments on the basis of court orders (decisions), which can lead to unexpected losses.
In order to minimize legal risk, the Bank uses the following basic tools:
- complies with the procedure established by the Bank for the distribution of powers in decision-making and transactions;
- ensures the availability and implementation of appropriate management procedures to ensure the correctness of operations and their reflection in accounting;
- develops internal procedures and ensures that the Bank has internal documents regulating the procedure for conducting operations and interaction of divisions;
- ensures that the Bank has internal documents regulating the risk management procedure;
- ensures the legitimacy of banking and transactions (the procedure for agreeing on the terms of contracts before their conclusion), the implementation of all necessary procedures for confirming the legitimacy of transactions, the availability of necessary powers, etc .;
- develops standard forms of documents governing operations;
- applies mandatory coordination of drafts of all internal regulatory and administrative documents, as well as draft decisions of the Bank's management bodies;
- conducts regular professional development of employees, etc.
The risk of loss of goodwill (reputational risk) is understood as the risk of losses incurred by the bank as a result of a decrease in the number of customers (counterparties) due to external influences (publication of negative information about the bank in the media, application of measures of influence by the regulatory authorities to the bank, including on the basis of applications from bank customers to regulatory authorities, loss of confidence in the bank’s activities on the part of customers and counterparties, shareholders, financial market participants, public and local authorities, banking unions (associations), the presence of claims and appeals of a negative nature received by the bank from the bank’s customers), as well as internal factors (violation by the bank of the terms of the concluded agreements, non-compliance of internal documents with the legislation of the Russian Federation, inefficient organization of legal work insufficient staff qualifications, insufficient organizational work to complete banking operations, involving the bank and the participation of its employees in the implementation of illegal activities, including the legalization (laundering) of proceeds from crime, and the financing of terrorism, involving bank employees in corrupt practices that affect its reputation).
The reputational risk management of loss of good will is carried out through:
- disclosure of information about the Bank, reflecting its financial performance, risk management system and other aspects that contribute to the formation of a positive goodwill;
- using mechanisms for the effective settlement of conflict situations and minimizing possible negative consequences, including of a reputational nature;
- pursuing a consistent personnel policy;
- compliance with the principles of “Know Your Employee”, “Know Your Customer”, etc.
The basic principles of risk management are formed taking into account Russian and international banking practices. In the process of risk management, the Bank is guided by the following principles:
- adequacy of operations to the nature and size of the Bank;
- preparation and adoption of appropriate management decisions;
- prompt introduction of changes to internal documents of the Bank in case of changes in external and internal risk factors;
- ensuring the completeness of application of risk management system procedures.
The main tasks of the system of regular legislative monitoring:
- ensuring correspondences of the documentation for banking operations and other transactions with the legislation of the Russian Federation;
- timeliness of accounting of changes in normative acts and legislation of the Russian Federation and their reflection in internal documents of the Bank and obligatory observance of them by all employees of the Bank.
Management of legal risk and reputational risk is carried out in the Bank on an ongoing basis. The Bank has developed and implemented internal regulatory documents governing the decision-making process by governing bodies, the procedure for performing operations and interaction of divisions, and the procedure for signing and endorsing documents. The main objective of the legislative monitoring system, which is carried out on an ongoing basis,is to ensure that the documentation used to, process banking operations and other transactions, is in accordance with the laws of the Russian Federation, regulatory acts, the timeliness of accounting for changes and the reflection of these changes in the Bank’s internal documents and their mandatory observance by all Bank employees. All procedures and rules established by the Bank are documented and contain the basic conditions for conducting operations. The Bank has established a clear procedure for informing employees about internal regulatory documents and amendments to them adopted by the Bank.
In order to reduce the risk of violation by the counterparties of the Bank of normative legal acts, as well as the terms of the concluded agreements, the Bank carries out a comprehensive analysis of information about the counterparties, and also uses mechanisms such as a requirement for third party liability insurance, provision of security for the fulfillment of obligations under contracts, and methods to determine transactions showing signs of fraud.
In order to minimize these risks in accordance with the nature and range of of the Bank's activities, the following main approaches are used:
- continuous monitoring of compliance with the legislation of the Russian Federation, including legislation on bank secrecy and the organization of internal control, in order to counter the legitimization (laundering) of proceeds of crime and the terrorism financing;
- ensuring timely settlements on behalf of customers and counterparties, as well as settlements on other transactions;
- monitoring the goodwill of the founders (participants), affiliates, subsidiaries and related organizations;
- control over the accuracy of financial statements and other published information provided to the founders (participants), customers and contractors, regulatory and supervisory authorities and other interested parties, including for advertising purposes;
- development of an information support system that does not allow the use of the information available in the Bank by persons who have access to such information for personal interests and provides management and employees with information about negative and positive reviews and messages about the Bank from the media (periodicals, radio , television, other forms of periodic distribution of mass media, including the Internet), other sources; timely consideration, analysis of the completeness, reliability and objectivity of this information; timely response to available information;
- application of disciplinary measures to employees guilty of increasing the level of risk of loss of the Bank’s business reputation.
Regulatory risk (compliance risk) is the risk of a bank incurring losses due to non-compliance with the laws of the Russian Federation, internal regulatory documents of the Bank, standards of self-regulatory organizations (if such standards or rules are mandatory for the bank), as well as a result of applying sanctions and (or ) other measures of influence on the part of supervisory authorities (compliance risk).
In order to implement a set of measures aimed at improving the efficiency of the Bank's activities and taking into account the basic principles of risk management, as well as zero tolerance for violation of the laws of the Russian Federation and internal regulatory documents in 2018 in terms of regulatory risk management, ICS carried out the following activities:
- identification and accounting of events associated with regulatory risk, determining the likelihood of their occurrence and quantitative score of possible consequences;
- monitoring compliance with the basic principles of regulatory risk management;
- monitoring regulatory risk and risk management effectiveness;
- sending, if necessary, recommendations on regulatory risk management to executive bodies and heads of structural divisions of the Bank;
- identification of conflicts of interest in the activities of the Bank and its employees;
- analysis of indicators of dynamics of customer complaints and analysis of compliance by the Bank with the rights of customers;
- analysis of the economic feasibility of the Bank concluding agreements with legal entities and individual entrepreneurs on the provision of services and/or performance of work ensuring the Bank's implementation of banking operations (outsourcing);
- monitoring the timeliness and completeness of amendments to internal documents in connection with changes in the legislation of the Russian Federation, standards of self-regulatory organizations;
- monitoring compliance with the requirements of the legislation of the Russian Federation on countering the unlawful use of insider information and market manipulation;
- improvement of the internal regulatory framework by developing and monitoring the implementation of the annual Plan for the development and updating of regulatory documents of the Bank;
- participation in the development of internal documents on risk management, combating commercial bribery and corruption, insider information, as well as documents aimed at complying with corporate conduct rules and professional ethics;
- participation within its competence in the Bank’s interaction with supervisory authorities, self-regulatory organizations, associations and participants in financial markets;
- analysis of the banking products, services introduced by the Bank and planned methods of their implementation for the presence of regulatory risk;
- other control measures.
Strategic risk is the risk of financial losses resulting from errors (deficiencies) made in making decisions that determine the Bank’s activity and development strategy (strategic management) and expressed in the absence of accounting and/or insufficient consideration of possible dangers that may threaten the Bank’s activities, incorrect or insufficiently substantiated determination of promising areas of activity in which the Bank can achieve an advantage over competitors, the absence or provision of incomplete necessary resources (financial, logistical, human) and organizational measures (managerial decisions), which should create the conditions for achieving the strategic goals of the Bank.
The Bank carries out planning of financial and quality performance indicators and regularly, with a given frequency, monitors the achievement of planned indicators.
The following methods are used to reduce strategic risk:
- high-quality disclosure of information about the activities of the Bank (a comprehensive reporting system that includes reports for various levels of management with a sufficient frequency fixed by internal regulatory documents);
- adequate and clearly regulated distribution of rights and powers between management bodies, effective control of the Bank's Management Board over the activities of executive/collegial bodies;
- approval and control of clear and understandable rules for transactions with Bank assets;
- approval and consistent implementation of weighted interest, credit policies of the Bank;
- organization and control of decision-making and delegation of authority system;
- optimization of internal management rules and procedures, personnel policies, business processes, organizational structures, the management system as a whole.