Risk management principles
The Group is constantly improving the risk management system, consistently implementing and improving risk management methods and processes both at an integrated level, and also at the level of management systems designed for individual risk types.
One of the key achievements of the Bank in 2017 was to obtain permission to assess credit risks on the basis of an Internal-Ratings Based Approach (hereinafter IRB). The permit was issued by the Banking Supervision Committee of the Bank of Russia on 16 November 2017 and entered into force on January 1, 2018 after the adoption of a decision by the Supervisory Board to apply the IRB approach.
The transition to IRB will enable Sberbank to assess credit risk more accurately for the purpose of calculating capital adequacy requirements, and also to deploy a strategic business management system, with due account of consumed capital in accordance with global best practices.
Below we provide an executive risk management summary of the Group. If you would like more detailed information on the Group’s risks, we suggest you take a look at the report “Information on Assumed Risks, Risk Assessment Procedures, Risk and Capital Management of the Banking Group” on the corporate website of Sberbank.
Risk management principles
The underlying principles are determined in the Risk and Capital Management Strategy of Sberbank Group. Second version of the strategy was approved by the Supervisory Board in April 2017 (you can study the Strategy by clicking here).
A decision to perform any transaction is only taken after a comprehensive analysis of the risks resulting from this transaction.
Priority lines of development and allocation of capital are determined based on the analysis of the risk-adjusted performance figures of individual indicators and lines of business.
The Supervisory Board, the CEO, the Chairman of the Executive Board, Executive Board and other collective bodies of Sberbank, and also the supervisory boards and executive boards of Group members, review reports on the level of assumed risks and instances of violations of established risk management procedures, limits, and limitations on a regular basis.
The Group has put in place a system of limits and restrictions, ensuring the maintenance of an acceptable risk level within the framework of the Risk Appetite of the Group.
The allocation of functions and responsibility between the divisions of Sberbank and Group members is in accordance with the “three lines of defense” principle.
The Group combines centralized and decentralized approaches towards risk management and capital adequacy to achieve maximum efficiencies.
Management of risks and capital adequacy is based on use of state-of-the-art information technologies that help improve the quality and promptness of decision making.
Risk and capital adequacy management methods are continuously being enhanced, while procedures, technologies, and information systems are being improved with due account of established strategic objectives, changes in the external environment, and innovations in international practice.
The Group is implementing a project to develop its risk culture and to encourage employees to openly discuss and respond to existing and potential risks and to be intolerant to any attempts to disregard or keep quiet about risks and the risky behavior of other people.
The risk culture supplements the formal existing mechanisms and constitutes an integral part of the integrated risk management system.
The risk culture development, is formed through three key channels: the personal example of management , general banking communications and training. At the end of 2017 89% of Sberbank employees had attended risk management training programs. Management delivered risk culture communications to the employees of respective divisions in most business units and covered over 80% of the employees of Sberbank Group. Similar activity started at subsidiary banks.
The remuneration system in place at the Group ensures that the amount of remuneration of employees is in line with the nature and scope of their operations and performance, and the level and combination of the assumed risks.
All the information required in compliance with the requirements of the regulators related to risk and capital adequacy management must be timely disclosed.