Description of the main risk factors associated with the activities of EXIMBANK OF RUSSIA JSC
To effectively manage the risks arising during banking activities, EXIMBANK OF RUSSIA JSC formed and improved a comprehensive risk management system on a regular basis. This system is part of the overall management system of EXIMBANK OF RUSSIA JSC and is aimed at ensuring the effective performance, the sustainability of the Bank within the framework of the implementation of the Development Strategy.
The risk management system of EXIMBANK OF RUSSIA JSC is based on the following fundamental principles:
- consistency – all types of risks are managed in all areas of activities and processes on all management levels;
- integration – risk management processes are integrated into the Bank’s business processes; each Bank’s employee is involved in the risk management system within the framework of his competence and awareness to ensure «three lines of protection» - risk owners, risk management, internal audit;
- awareness – risk management is accompanied by the availability of the objective, reliable and relevant information; decision making on any operation is carried out only after a comprehensive analysis and risk assessment;
- timeliness – risk management system ensures the timeliness, completeness and accuracy of the information on material risks;
- continuity – risk management process is ongoing and includes operational and follow-up controls;
- independence – risk management service is independent of units performing operations/accepting risks;
- relevance – risk management process includes the continuous improvement of all elements of risk management, including standards and methods, information systems, taking into account strategic objectives, changes in the internal and external environment, innovations in international practices and risk management standards;
- technological effectiveness – risk management process is carried out with modern information technologies and information systems allowing to timely identify, analyze, evaluate, manage and control risks;
- cyclicality – risk management process is a constantly repeating cycle of implementation of its main components;
- separation of powers – risk management system is based on the organizational separation of structural units and employees responsible for operations, risk management and accounting;
- compliance of the decision level with the level of risk – level of decision making on the approval of operations/limits is set depending on the size of the transaction/limit and the level of risks;
- limitation of the level of accepted risks – all operations are carried out only if the mandatory limits or individual decisions of the Bank’s executive bodies or collective bodies
The comprehensive risk management system covers all categories of risks arising in the Bank’s activities and is aimed at continuous identification, assessment, control and prevention of the possible threats, reduction of potential consequences of risks. The current banking risk management system ensures the sustainability of the economic health of EXIMBANK OF RUSSIA JSC and its maintenance at the proper level. The functioning of the risk management system is regulated by the Risk and Capital Management Strategy approved by the Board of Directors of EXIMBANK OF RUSSIA JSC, as well as internal regulatory and methodological documents in the field of risk management approved by the Management Board of EXIMBANK OF RUSSIA JSC. The risk management policy is formed taking into account the Bank’s ambitious strategic goals and objectives formulated in its Development Strategy, as well as in the strategic documents, determining the development of the Russian Export Center.
In response to constant changes in the external market and the regulatory environment, as well as internal factors, nature and scope of operations, the level and combination of risks, EXIMBANK OF RUSSIA JSC is constantly improving its banking risk management system to improve its performance. In improving the risk management system, EXIMBANK OF RUSSIA JSC gives priority to the standards and tools recommended by the Basel Committee on Banking Regulations and Supervisory Practices, taking into account the requirements of international best practices
In the event of one or more types of risks, the Bank takes all possible measures to limit their negative impact.
To ensure that material risks are considered, the Bank uses risk metrics that take into account possible losses from the realization of risks both in standard and stressful conditions for financial markets.
The material risks involve those for which the Bank of Russia sets limits for credit institutions and which are considered when calculating the regulatory capital, but not limited to:
credit risk, market risks (interest rate, currency, stock, liquidity risks), concentration risk, operational, including legal, strategic risks. The assessment of the materiality of the risk type, for which the Bank of Russia does not establish limits, carried out by comparing the maximum losses with the regulatory capital of the Bank. The types of risks that can’t be quantified can be evaluated using expert methods.
The list of risks material for the Bank is approved by the Board of Directors of EXIMBANK OF RUSSIA JSC and is reviewed annually in accordance with the EXIMBANK OF RUSSIA JSC Risk and Capital Management Strategy. In relation to risks material for the Bank, the Board of Directors of the Bank sets the risk appetite (limits and signal values).
The ongoing measures are being taken to improve the culture of risk management, to build a risk-based approach for all activities of the Bank and the Group as a whole to improve the performance of the strategic objectives.
The credit risk management is one of the most important components of the Bank’s integrated risk management system. The main objective of the Bank’s credit risk management is timely identification and assessment of credit risks and taking measures to minimize them.
The key objective of the Bank’s credit risk management is to assess as accurately as possible the probability that a client will fulfil his obligations on the credit transaction and credit losses in case of client’s default to make an optimal credit decision.
The Bank sets the system of risk limits based on its Development Strategy, Risk and Capital Management Strategy and Credit Policy approved by the Board of Directors. Limitations are set for certain types of risk, for individual units and operations also on the aggregate level. Limitations mostly assume the presence of the limit, threshold/reference values and the target level with the definition of the action plan in case of the violation of established values and are consistent with the business planning and budgeting processes adopted in the Bank.
The system of credit limits includes:
- limits on aggregate credit exposure. These limits include a limit of decision-making on operations bearing a credit risk, a limit of the self-acceptance of credit risks that can be established for authorized persons, etc.
- credit risk concentration limits;
- limits restricting the level of risk for a certain counterparty (a group of interrelated counterparties). These limits include individual limits, limits on specific operations, etc.
The Bank seeks to develop a limit control system for individual borrowers (their groups), as well as a limit control system at the portfolio level. To make an informed decision on the appropriateness of conducting a credit transaction with a client, information on financial and non-financial nature of the counterparty’s activities, founders, business reputation in the market, credit history, etc. available to the Bank is used in the analysis process.
The main criteria for working with a client:
- legal capacity;
- compliance of the loan purpose with the conditions of the Bank’s products;
- compliance of the lending objectives with the main activity of the borrower;
- availability of the primary sources for the repayment of the requested financing;
- availability of liquid collateral (secondary source of repayment) and its sufficiency for the full or partial coverage of the requested loan, loan interest and fees for lending services (for credit products, which provide for such collateral). The incoming flows from financed and other current and planned projects implemented by the counterparty are estimated as possible sources of repayment of the requested loan (where applicable). In case the counterparty is part of the Group/Holding, the prospects of repayment of the loan can also be estimated based on the Group’s consolidated statements.
Monitoring the Bank’s loan portfolio, identification of the risk factors at an early stage that may lead to incomplete execution of the client’s obligations to the Bank, to take timely measures to minimize losses is an important part of credit risk management. Monitoring the loan portfolio is carried out for prompt identification and assessment of credit risks at the level of the loan portfolio, including the impact of the individual credit transactions thereon, as well as for the preparation of proposals for optimizing the structure and the volume of credit risks accepted by the Bank.
The Bank has an internal regulatory document that defines the basic principles and procedures for monitoring operations bearing the credit risk, areas of responsibility and the procedure for the interaction of units in this process.
To effectively manage credit risks arising in the course of banking activities, a comprehensive organizational and methodological platform for the analysis and assessment of credit risks has been created and is regularly improved by EXIMBANK OF RUSSIA JSC.
The platform includes:
- methodological support system;
- system of regulations and procedures for the interaction of units in the process of comprehensive analysis, assessment and monitoring of credit risks;
- system of executive bodies authorized to make decisions to optimize processes aimed at maintaining credit risks at a level not threatening the financial stability of the Bank.
To minimize/prevent the growth of the Bank’s credit risk level when achieving strategic priorities and business goals in accordance with the current Risk and Capital Management Strategy, as well as the Credit Policy of EXIMBANK OF RUSSIA JSC, in 2019, the Bank continued to develop the system for credit risks analysis and assessment.
As part of the process of minimizing/preventing the growth of external and internal credit risk factors, in 2019, the Bank took a few measures to improve the methodology and processes for assessing and controlling credit risks, namely it:
- improved credit risk monitoring procedure;
- updated credit risk assessment methodology;
- improved the methods for assessing the credit risks of legal entities (non-financial organizations) and financial institutions taking into account the export-oriented target segment of the Bank’s clients, the counterparty’s country risk, as well as the specifics of the Bank’s existing product line;
- updated internal regulatory documentation on reserves for possible losses when carrying out operations involving the credit risk. The Bank usually classifies loans under the planned operation, which bears the credit risk (if applicable) in terms of clarification of the possible settlement reserve.
The revision of approaches to assessing and monitoring credit risks in 2019 made it possible to ensure a sufficient degree of protection against a complex of risks amid the growing needs of Russian exporters for scaling their businesses in global markets, increasing their competitiveness, as well as increasing the volume of non-resource Russian exports through the formation of the integrated approaches by providing guarantee, credit and insurance support.
Market risks (interest rate, currency, stock)
Market risk is the risk of the Bank’s financial losses and / or negative changes in the Bank’s financial indicators due to adverse changes in the market value of financial instruments, interest rates, foreign exchange rates, prices of precious metals, basic commodities and raw.
The Bank is exposed to market risks in the liquidity management activities and in the placement of temporarily free funds in financial markets.
The Bank is mainly guided by the requirements of the Bank of Russia in managing market risks, as well as by internal regulations based on modern approaches to risk management and additionally uses tighter internal restrictions/limits.
The bank applies the following main procedures and methods to minimize the market risk:
- all types of financial transactions carried out by the Bank and exposed to market risks are subject to the mandatory limitation procedure, while both qualitative (in terms of the composition of the instruments used to complete transactions and transactions in financial instruments, business conditions, etc.) and quantitative limitations/activity limits are established;
- in determining the price conditions of operations to attract and allocate resources, the Bank is guided by the principles implemented in the Interest Policy of EXIMBANK OF RUSSIA JSC approved by the Board of Directors of the Bank. The interest risk is minimized in compliance with the methods of forming interest rates on loans issued and on the passive operations;
- risk associated with foreign exchange rate fluctuations is minimized by maintaining a minimum level of open currency position subject to the risk of revaluation within the framework of the regulatory restrictions of the foreign exchange position established by the Bank of Russia and of the more stringent internal restrictions;
- setting limits at the level of the Bank’s divisions related to operations and transactions common for financial markets;
- determination of authority and accountability for each of the structural division, and in cases when the functions intersect, and transactions subject to a higher market risk are conducted, using the tool of accepting the risk based on the resolution of collective bodies (the Assets and Liabilities Management Committee, the Management Board);
- The Bank assesses market risks daily based on probabilistic and statistical methods using generally accepted risk metrics, i.e. Value at Risk for the instruments exposed to this risk category at most;
- The Bank regularly and on an unscheduled basis performs a stress-testing procedure allowing to assess losses from the implementation of unlikely extraordinary events on the Bank’s portfolios of financial instruments and open currency positions.
All methods of risk assessment are regularly verified for the relevance to the real financial market situation. Identification and assessment of the level of the aggregate market risk are carried out on the regular basis.
Balance sheet liquidity risk
Balance sheet liquidity risk is the risk the Bank’s financial losses and/or negative changes in financial indicators of the Bank due to insufficient or excess liquidity. Balance sheet liquidity risk results from an imbalance in the Bank’s financial assets and liabilities (including due to untimely fulfillment of financial obligations by one or more Bank’s counterparties) and/or an unforeseen need for immediate and one-time fulfillment by the Bank of its financial obligations. Balance sheet liquidity risk is considered and managed by the Bank as part of market risk.
To analyze and assess the risk of liquidity loss, the Bank uses the method for analyzing mandatory liquidity ratios, the method for analyzing the gap in the maturity of claims and liabilities, the method for forecasting cash flows, and the quantitative and qualitative evaluation of the liquidity risk.
To manage liquidity, the Bank daily evaluates the state of instant, current and long-term liquidity, including in relation to the mandatory ratios of the Bank of Russia and the internal ratios.
Liquidity risk management is implemented simultaneously at several levels:
- The collegial body empowered by the Management Board with the authority to manage the long-term and medium-term liquidity of the Bank is the Asset and Liability Management Committee (ALMC);
- Treasury/Department of financial operations provides centralized management of short-term liquidity of the Bank, operational activities for execution of the ALMC decisions in terms of liquidity management;
- Financial and Economic Department carries out short-term and long-term planning of liquidity level;
- Risk Department provides regular support to the ALMC in the decision-making process in terms of liquidity risk management;
- Department of Reporting and Tax Accounting daily monitors the implementation of liquidity risk standards established by the Bank of Russia;
- Internal control service performs planned and unscheduled control functions to identify conflicts of interest in the management of liquidity risk, assesses the amount of risk compliance in the process of liquidity risk management;
- Internal audit service carries out periodic audits of the effectiveness of liquidity risk management in accordance with the audit plan.
Constantly calculated and maintained liquid assets allow the Bank to timely fulfill all its obligations to clients and counterparties in any scenario.
Operational risk is the risk of the Bank’s losses due to unreliability and deficiency in internal management procedures, failure of information and other systems, or due to the impact of external events on the Bank’s activities. Legal risk is part of operational risk.
The Bank seeks to prevent the occurrence of these types of risks as much as possible and to minimize the threat of potential losses (direct or indirect) by creating a multi-level control system with the division of responsibilities. The process of managing operational and other non-financial risks is based on the «three lines of protection» principle.
The bank carries out the following activities to manage operational risk:
- monitoring, assessment and control of the level of operational risk and reporting to the Management Board and the Board of Directors of the Bank;
- control of compliance of actions and operations carried out by the Bank’s management and employees with the requirements of the current legislation, regulations, internal regulatory documents of the Bank determining the Bank’s policy, procedures for decision-making and implementation, accounting and reporting, including internal information on decisions made, operations (concluded transactions), results of the analysis of the financial situation and risks of banking activities;
- modernization of operating procedures, improvement of security and fault tolerance of information systems and reliability of infrastructure systems;
- application of a conservative approach to the selection of personnel based on the comprehensive test, taking into account personal qualities, professional training, level of competence.
According to the requirements of the Bank of Russia, operational risk assessment is based on the Basic Indicator Approach (BIA). The Bank is committed to data accumulation for the further use of advanced models (AMA, Advanced Measurement Approach).
Legal risk, compliance (regulatory) risk, reputation risk
Legal risk is the risk of the Bank’s losses due to violation of the terms of concluded contracts and agreements by the Bank and(or) its counterparties, legal errors made by the Bank in carrying out its activities, imperfections in the legal system, violation of regulatory legal acts by counterparties, registration of legal entities, in respect of which the Bank carries out control or has significant influence, as well as counterparties of the Bank in the jurisdiction of various states. The difference between legal risk and other types of banking risks is the potential financial loss due to violations arising in the legal framework. Legal costs are a specific feature of losses arising from legal violations.
The goal of legal risk management is to maintain the risk assumed by the Bank at a level determined by the Bank under its strategic objectives.
It is of top priority for the Bank to ensure the legitimacy of activities in all areas, to comply with the legitimate interests of the Bank when concluding transactions and fulfilling the terms of contracts, and to establish legal grounds for relations between the Bank and its employees, compliance with labor laws, business etiquette and corporate ethics of the Bank by its employees.
The bank uses the following main instruments to minimize legal risk:
- development, coordination, approval of model agreements that meet the requirements of the legal protection of the Bank’s interests;
- establishment of an internal procedure for approval (signing) of agreements concluded by the Bank and banking operations, as well as other transactions other than standardized ones;
- development and introduction of new technologies, financial innovations, conditions for banking operations and other transactions, taking into account the requirements of the legislation of the Russian Federation and other regulations;
- continuous monitoring of changes in the legislation of the Russian Federation;
- engagement of independent experts to obtain qualified opinions on issues of foreign law if a foreign participant is present in a transaction concluded by the Bank or the transaction is governed by foreign law;
- regular training of Bank employees in specialized training centers, etc.
The reputation risk (goodwill risk) is the risk of the Bank’s losses due to negative perception of the Bank by its members, counterparties, supervisory authorities and other interested parties that could adversely affect the ability of a credit institution to maintain existing and(or) establish new business connections and maintain ongoing access to financing sources.
To minimize reputation risk, the Bank applies the following basic approaches:
- continuous monitoring of compliance with the legislation of the Russian Federation, including bank secrecy legislation and organization of internal control to combat legalization (laundering) of proceeds from crime and financing of terrorism;
- ensuring timely settlements on behalf of clients and counterparties, as well as settlements on other transactions;
- monitoring of business reputation of shareholders and affiliates;
- control of the accuracy of financial statements and other disclosed information submitted to the Bank’s shareholders, clients and counterparties, regulatory and supervisory authorities and other interested parties, including for advertising purposes;
- availability of an information support system, prohibiting unauthorized access to the Bank’s databases;
- improving the protection of confidential information;
- providing the Bank’s executive bodies with information on negative and positive reviews and messages about the Bank from mass media, Internet and other sources; analysis of the completeness, accuracy and fairness of the specified information; timely response to available information;
- determination of a procedure for applying disciplinary measures to employees guilty in increasing the Bank’s reputation risk;
- ongoing internal control.
Legal and reputation risk management is carried out by the Bank on an ongoing basis. The Bank has developed and enacted the internal documents, regulating the decision-making process, the procedure for carrying out transactions and interaction between the units, and the procedure for approving and signing documents. The main objective of the legislation monitoring, which is carried out on an ongoing basis, is to ensure that the documentation used to perform banking operations and other transactions complies with the laws of the Russian Federation and regulatory documents, the timeliness of accounting for changes and the presentation of these changes in the Bank’s internal documents, their mandatory observance by all Bank employees. All procedures and rules established by the Bank are documented and provide for the basic conditions for conducting operations. The Bank has established a clear procedure for informing employees about internal regulatory documents adopted by the Bank and amendments thereto.
To minimize the risk of violation of regulatory acts, as well as the terms of concluded agreements by the Bank’s counterparties, the Bank conducts a due diligence procedure concerning its counterparties and also requires for third-party liability insurance, provision of collaterals under contracts, methods to detect the transactions, showing signs of fraud.
Regulatory risk (compliance risk) is the risk of the Bank’s losses due to non-compliance with the legislation of the Russian Federation, internal regulatory documents of the Bank, standards of self-regulatory organizations (if such standards or rules are mandatory for the Bank), as well as a result of applying sanctions and(or) other measures of influence on the part of supervisory authorities (compliance risk).
To implement a set of measures aimed at improving the efficiency of the Bank’s activities and considering the basic principles of risk management, as well as zero tolerance for violation of legislation and internal regulations in terms of regulatory risk management, the ICS carried out the following activities in 2019:
- identification and accounting of regulatory risk events, determination of the probability of their occurrence and quantification of possible consequences;
- control of the compliance with the basic principles of regulatory risk management;
- monitoring of the regulatory risk and risk management effectiveness;
- providing (if necessary) recommendations on regulatory risk management to the executive bodies and Heads of the Bank’s divisions;
- identifying conflicts of interest in the activities of the Bank and its employees;
- analysis of the dynamics of the clients’ complaints and the observance of the rights of the Bank’s clients;
- analysis of the economic feasibility of the Bank’s conclusion of contracts with legal entities and individual entrepreneurs for the provision of services and (or) execution of works ensuring its banking operations (outsourcing);
- monitoring of the timeliness and completeness of amendments to internal documents in connection with changes in the legislation of the Russian Federation, and the standards of self-regulatory organizations;
- control of compliance with the requirements of the legislation of the Russian Federation on combating the illegal use of insider information and market manipulation;
- improvement of the internal regulatory framework by developing and monitoring the implementation of the annual plan for the development and updating of the Bank’s regulatory documents;
- participation in the development of the internal documents on risk management, on combating commercial bribery and corruption, on insider information, as well as the documents aimed at compliance with the rules of corporate conduct and professional ethics;
- participation within its competence in the interaction of the Bank with supervisory bodies, self-regulatory organizations, associations and participants of the financial markets;
- analysis of the new implemented banking products, services and planned methods of their implementation for the presence of regulatory risk.
Strategic risk is the risk of financial losses due to errors (failures) occurring when making decisions that determine the Bank’s Operating and Development Strategy (strategic management) and expressed in the absence of accounting and/or insufficient accounting of possible risks that may threaten the activities of the Bank, incorrect or insufficiently justified determination of the perspective areas of activity where the Bank can achieve an advantage over competitors, the absence or provision of incomplete necessary resources (financial, material and technical, human) and organizational measures (managerial decisions) to create the conditions to achieve the Bank’s strategic objectives.
The Bank plans the financial and quality performance indicators and monitors the achievement of the said indicators with a given frequency.
As part of updating the goals of the REC Group and the Bank, as the REC’s component, an updated Development Strategy until 2024 of EXIMBANK OF RUSSIA JSC has been developed and approved in February 2020.
The following methods are used to reduce strategic risk:
- high-quality disclosure of information about the Bank’s activities (comprehensive reporting system including reports for different levels of management with sufficient frequency set out in internal regulations);
- adequate and well-regulated distribution of rights and powers between executive bodies, effective control of the Bank’s management over the activities of the executive/collegial bodies;
- approval and control of clear and understandable rules for transactions with the Bank’s assets;
- approval and consistent implementation of the Bank’s credit policy;
- organization and control of decision-making and delegation of authority;
- optimization of the internal management rules and procedures, personnel policy, business processes, organizational structures, and the management system in general.