Management of significant risks

Integrated risk management process

The integrated risk management process includes the following stages:

  • Risk Identification and assessment of their materiality – The goal of the stage is to identify all the material risks that affect the Group’s activities.
  • Planning of the level of exposure to the risks – The goal of the stage is to identify the target level of the risks by factoring in the risk metrics in the business plan.
  • Establishment of the Risk Appetite of the Group and Group members – The goal of the stage is the approval by the Supervisory Board of Sberbank of the maximum permissible level of risks and also to form a system of limits and restrictions that make it possible to comply with the established Risk Appetite of the Group.
  • Management of the aggregate risk level – The goal of the stage is to ensure the compliance of the level of risks with target levels.

A management system is formed in bank in respect of all material risks.

Credit risk

The Credit Risk Management Policy aims to increase the competitive advantages of the Group by expanding the range of counterparties and list of products, reduction in the level of implemented credit risks, and optimizing the industry, regional and product structure of credit portfolios.

The Group applies the following credit risk management policies:

  • preventing risk by identifying, analyzing and assessing potential risks at the stage preceding the performance of transactions;
  • planning the level risk by assessing the level of anticipated losses;
  • implementing unified risk assessment and identification processes;
  • limiting risks by establishing limits;
  • establishing provisions to cover potential losses on disbursed credits;
  • structuring transactions;
  • managing the security of transactions;
  • applying a system of authorities when adopting decisions;
  • monitoring and controlling the risk level;
  • auditing the functioning of the credit risk management system.

Credit risk is assessed for the Group as a whole and also for individual asset portfolios, counterparties, countries, geographical regions, types of economic activity.

In the case of corporate credit risks, a multi-tier system of limits has been developed and is used to limit the risk on lending and transactions on financial markets. The high-level limit for such operations is SNL (Single Name Limit) or “individual limit”, which makes it possible to monitor the anticipated losses resulting from the default of borrows of related borrowers. The level of the limit determined based on the assessment of the financial and non-financial position of the borrower.

The Bank identifies separately country limits that restrict the geographical concentration of risks of the Group (except for risks in the Russian Federation) and do not restrict the risks on transactions with individual counterparties.

Counterparty credit risks on transactions on financial markets are managed as part of the unified system of limits for the Group. The system of limits for credit counterparty risks has two tiers: overall limit for the counterparty and portfolio limits broken down by group transactions.

As part of retail credit risks established limits are grouped as follows:

  • structural limits (lending based on the scheme, product /group of approved products);
  • limits on the powers of the collegiate body and personal limits;
  • concentration limits based on the value of the credit products provided to a borrower);
  • limits on the lending division.

The Group pays close attention to monitoring the concentration of credit risks and compliance with the prudential requirements of the regulator.

To comply with the requirements established by the Bank of Russia on the statutory ratios R6, R21 (maximum risk per borrower or group of related borrowers) and R7, R22 (maximum amount of major credit risks), the Bank maintains and monitors a list of major and related borrowers.

Sberbank’s largest borrowers include representatives of different sectors of the economy. Consequently, the credit risk is diversified adequately. To improve the quality of the loan portfolio, Sberbank is developing credit sector strategies. In 2017, such strategies were approved by major industries.

The main tool used to reduce the credit risk rating is collateral. The need to accept collateral and the volume of assumed collateral depends on the risk of the borrower/transaction and is fixed against the backdrop of the credit products. The quality of the collateral is determined by the likelihood that funds will be obtained in the amount of the anticipated collateral value in the event of levy of execution on the collateral or its sale. Appraisal of the collateral value is made based on the internal expert assessment of the Group’s specialists or a valuation of independent appraisers, or based on the discounted cost of the collateral in the financial statements of the borrower. Use of the sureties and guarantees of solvent corporate and private clients and for the adjustment of credit risk indicators requires the same assessment of the risks of the surety/guarantor as the borrower. The Group monitors regularly the pledged assets to oversee the quantitative, qualitative and cost parameters of the pledged assets, their legal appurtenance, and storage and maintenance terms.

The Group has a multidimensional system of authorities, which makes it possible to determine the decision-making level for each loan application. Each regional division – Group member is assigned a risk profile that determines the authorities of this division to adopt independent decisions, depending on the risk category of the application. In turn, the risk category of the application is contingent on the aggregate limit and risk category of the borrower/group of related borrowers and also the category of the credit product.

To cover anticipated losses from the realization of the credit risk the Group establishes provisions in accordance with the requirements of the Bank of Russia, banking regulators and IFRS.

The overdue debt and bad debt recovery processes in the Group are based on the principle of maximum automation and standardization, which eliminates the human factor at different levels of work with bad debt and makes it possible to apply a uniform approach to the debt recovery process. The Group constantly monitors processes for the recovery of bad debt at all collection stages. If it identifies triggers attesting a decline in the level of effectiveness of the collection or growth in the distressed portfolio in certain regions, client or product segments, the Group optimizes the recovery and lending process.

During the settlement of bad debts, the Group uses a set of tools that complies with global practices: remote communications, on-site visits, debt restructuring, work with debt collection agencies, judicial and enforcement proceedings, etc. The application of a certain tool is determined by a flexible strategy, depending on the risk level of the client and the loan.

Market risk of the trading book

The market risk management policy of the trading book is focused on the optimization of the market risk and its compliance with the established Risk Appetite.

The Group uses the VaR method as the main market risk assessment method. This metric assesses maximum portfolio losses with a predetermined time period and predetermined probability (confidence level) on the “normal” market. The “normal” market is characterized by the dynamics of market factors (quotations of currencies/shares/commodities, interest rates) in the absence of a systemic crisis or adverse events in the economy and banking sector.

VaR is calculated based on the following assumptions:

  • the range of historical data used for calculation is two years;
  • VaR is calculated for a period of 10 business days during which the positions exposed to market risk can on average be closed (or hedged);
  • A 99% unilateral confidence probability level is used, which means that losses exceeding VaR are expected for one out of 100 periods.

The VaR metric at the level of each portfolio is subject to regular back testing in accordance with the requirements of the Basel Committee on Banking Supervision. When assessing market risk, the Group also factors in shortcomings in the VaR method.

Taking into account these shortcomings in the VaR method, the Group supplements it with market risk estimates using scenario analysis and stress testing methodology.

Market risk management is performed on a portfolio basis. The main management tool is the establishment of the limits of market risks for separate portfolios. The limits are established on the four hierarchy levels, starting with the aggregate level and ending with the limits of the separate sub-portfolios or strategies. The upper limits represent the metrics of the Risk Appetite of the Group.

Interest rate risk for trading positions

Limits on the portfolio structure by maturity/expiration, limits of sensitivity to a change in interest rates, limits of maximum losses (stop-loss), limits of the value at risk (VaR), limits on the stress test results are established to limit the interest rate risk.

Market credit spread risk

The Group manages the risk by setting limits on the sensitivity to changes in the market credit spread broken down by the currency of the asset, the country of the issuer, and the maturity date. The maximum loss limits (stop-loss) and limits on the value at risk (VaR) are also established.

Currency risk

For the purpose of limiting the currency risk of transactions on financial markets, limits on the open currency position for all portfolios of transactions, stop-loss limits sensitive to currency risk, and also limits of the value at risk (VaR) and stress test results are established.

Commodity risk

For the purpose of restricting the commodity risk on the trade book, limitations are introduced on the list of commodity products for trading in the portfolio, and limits on the amount of investments in specific commodities, limits for maximum losses (stop-loss), and limits for the value at risk (VaR) are established.

Volatility risk

Stress test limits and limits on sensitivity indicators are established for options.

In the event of an abrupt change in the market conditions and capital adequacy, the procedure for a rapid decrease in credit risk limits is applied.

Unified rules for distributing and demarcating authorities during market risk management are applied in all Group members.:

  • Separation of functions (performance of transactions on financial markets, accounting for these transactions, management of the risks of corresponding transactions) based on lines of independent subordination (both administrative and functional) in order to rule out conflicts of interest.
  • Delegation of liability for allocation of the Risk Appetite, broken down by business units, Group members and other units of concentration.
  • Joint adoption of decisions on the management of market risk with the participation of the divisions responsible for the performance of transactions on financial markets, and the divisions responsible for managing market risk (including the monitoring of market risk).

The market risk of transactions on financial markets is monitored by divisions that do not depend organizationally on the divisions concluding transactions on the financial markets. The risk monitoring process implies the uninterrupted control of trading transactions at all stages of the operational process.

Market risk on transactions on financial markets is managed at the Group through a system of management bodies adopting decisions, depending on the risk level and the hierarchy of portfolios. Such a system makes it possible to achieve operating efficiencies and ensure the flexibility of the adopted decisions.

Market risk of the banking book

Interest rate and currency risks of the banking book

The main goals of managing the interest rate and currency risks of the banking book are:

  • to limit possible financial losses and to ensure financial sustainability;
  • to comply with the regulatory requirements established by the Bank of Russia and local regulators;
  • to limit risk by determining the Risk Appetite;
  • to maintain the level of the risk within the framework of the established Risk Appetite.

The following metrics are used primarily at the Group to assess the interest rate and currency risks of the banking book:

  • change in net interest income in the event of a predetermined change in interest rates (paralleled or unparalleled shift in the interest rate curve) based on the preset time horizon. A change in net interest income is used to assess the impact of the interest rate risk on the financial performance of the Bank and the Group in the short term (up to a year) and medium term (as a rule, up to three years).
  • change in the fair value of the instruments of the banking book discounted at the current fair value, based on a predetermined change in the interest rates used to calculate the current fair value of such instruments.
  • the regulatory open currency position reflects the structure of open positions for the Group and Group members, which is calculated in accordance with the requirements of the Bank of Russia;
  • the economic open currency position reflects the sensitivity of the financial performance to a change in the exchange rates of foreign currencies and prices for precious metals.

The economic capital metric is used to assess capital requirements to cover the interest rate and currency risks (the amount of capital required to cover unforeseen losses arising in the event of the realization of the risk, based on a preset time horizon with the present confidence probability level).

Internal and external scenarios are used to calculate economic capital and perform stress testing based on the interest rate risk, including in accordance with the recommendations of the Basel Committee, and also modeling of losses using the Monte Carlo method. The forecasting of possible changes in interest rates is performed separately for significant currencies, accounting for more than 5% of the balance sheet structure in the form of assets or liabilities.

To improve the quality and accuracy of the interest rate risk and currency risk assessment models, the Group uses behavioral adjustment models in order to calculate the impact of customer behavior on cash flows, including depending on interest rate and exchange rate dynamics.

Within the framework of interest rate risk management, a target position on interest rate risk in rubles for the Bank and target values of the volumes and maturity structure of the main assets and liabilities have been established as part of the business plan of Sberbank Group, which ensure the attainment of the target interest rate position.

The table below shows the influence of shock changes in interest rates to the net interest income of the Group for one year as for December 31, 2017 and December 31, 2016Here “for” means as of close of business.:
Decrease in interest rates Increase in interest rates
for December 31, 2017 for December 31, 2016 for December 31, 2017 for December 31, 2016
Russian ruble
Change in interest rates, basis point (400) (400) 400 400
Change in net interest income, RUB million 116,595 100,345 (116,595) (100,345)
US dollar
Change in interest rates, basis point (200) (200) 200 200
Change in net interest income, RUB million (7,405) (8,858) 7,405 8,858
Turkish lira
Change in interest rates, basis point (400) (400) 400 400
Change in net interest income, RUB million 13,757 20,637 (13,757) (20,637)
Euro
Change in interest rates, basis point (200) (200) 200 200
Change in net interest income, RUB million (3,620) (4,095) 3,620 4,095

The Bank monitors continuously the current level of the interest rate risk of the banking book, control over compliance with limits and also analysis of the dynamics of interest rate risk indicators.

The main sources of the currency risk of the banking book are:

  • operations relating to the establishment and dissolution of provisions on outstanding loans in a foreign currency;
  • loan restructuring transactions regarding a change in the currency of the debt;
  • foreign currency income and expenses.

Limits on open currency positions have been established at the Group to limit the currency risk for the divisions of the Bank and individual subsidiaries.

The cumulative value of the opening currency position of Sberbank Group for the banking and trading booksThe table presents the three biggest open currency positions calculated in accordance with Instruction No. 509-P of the Bank of Russia in aggregate for the banking and trading books.
Currency for 31.12.2017 for 31.12.2016
US dollar Euro Swiss franc US dollar Euro Gold
Open currency position, RUB million 14,932 39,113 (27,076) 17,998 (21,958) (6,521)
Open FX position, % of capital 0.4 1.0 0.7 0.5 0.6 0.2

Risk of the market credit spread of the securities of the banking book

The risk of the market credit spread of the securities of the banking book – is the risk of losses or a decrease in the capital of the bank as a result of a fall in the market prices of the securities portfolio available for sale as a result of an adverse change in market credit spreads.

In 2017 bank established a risk management system for this type of risk and also implemented corresponding procedures for the monitoring. The risk is assessed by using VaR metric which is calculated using. the Monte Carlo method. A corresponding value of VaR is used as economic capital to such risk.

Real estate risk

The real estate risk may materialize in the event of the sale or revaluation of real estate property at a loss. The real estate risk management system includes the following components:

  • identification and assessment of the risk before the performance of operations (transactions);
  • application of the system of authorities during decision-making;
  • limitation on the risk through the establishment of the limits;
  • decrease in the risk by refraining from individual operations (transactions) and by reducing the Group’s own real estate portfolio;
  • coverage of anticipated losses by establishing loan loss provisions;
  • assessment of economic capital on the coverage of unexpected losses;
  • performance of an independent cost expert valuation as part of the procedure for approving transactions (audit of the arm’s length principle);
  • constant monitoring and control of the level of the real estate risk.

The key real estate risk indicators are:

  • the risk exposure – the current value of the Group’s real estate portfolio, net of accrued depreciation, loss and impairment provisions for the real estate for sale purposes obtained during the settlement of bad debt;
  • the economic capital or the real estate risk – the amount of the capital required to cover possible losses from the real estate risk for a horizon of one year. The weight of this risk type in the overall structure of Sberbank’s economic capital remains stable at a low level.

Liquidity risk

The Group is exposed to liquidity risk because it does not accumulate cash in instances of the one-time discharge of all existing liabilities. Instead, the Group assesses the adequate level of cash and liquidity provisions to discharge liabilities at different time horizons based on the current state of the market, assumptions on future dynamics of balance-sheet items, and accumulated historical data.

The following types of liquidity risk are singled out:

  • funding liquidity risk – the risk that the Bank or a Group participant will be unable to fulfil its obligations to clients and counterparties in a certain currency or in precious metal due to a shortage of cash or non-cash funds (inability to make payments, issue loans, etc.);
  • regulatory liquidity risk – the risk of a violation of the mandatory liquidity requirements of the Bank of Russia (for example, N2, N3, N4, N26, N28) and the mandatory liquidity requirements established by local regulators in the countries where Group participants and Bank branches have a presence;
  • structural liquidity risk (concentration risk) – the risk of a significant deterioration of funding or regulatory liquidity due to imbalances in the structure of assets and liabilities, including a high dependence of the liability base on one or several clients or sources of funding in a specific currency or for a specific term.

The goal of risk liquidity management is to ensure the ability of the Bank and other Group members to perform all its obligations to clients and counterparties unconditionally and on time, while complying with regulatory requirements both in normal business conditions and also in crises.

Liquidity risk management is assessed primarily through:

  • calculation of the risk metrics that correspond with the requirements of local regulators, and also internal metrics are calculated;
  • forecasting of the balance sheet (top down approach), which makes it possible to calculate the required funding and liquidity buffer taking into account the conjuncture in the debt capital markets and the availability of specific sources of funding. This approach is used during business planning and development of the Funding Plan;
  • forecasting of the balance sheet (bottom up approach), which makes it possible to calculate the liquidity profile for future periods on the basis of a cash flow forecast, taking into account the expected customer behavior and business development forecasts from business units. This approach is used during operational management of liquidity risk in the short and medium term;
  • scenario analysis for the purpose of determining potential liquidity requirements against the impact of different risk factors;
  • stress testing for the purpose of determining the amount of the liquidity buffer required to ensure the operations of Group members in the event of the materialization of each of the following scenarios: market crisis, reputation crisis or both crises simultaneously.

To improve the quality of the risk assessment , the Group develops and implements behavioral adjustment models which accounts the impact of client behavior on cash flows.

To limit the liquidity risk, the Group uses a system of indicators:

  • Loan to Deposit Ratio (LDR)
  • R26 – Ratio of the current liquidity of a banking group determined by Regulations No. 509-P of the Bank of Russia dated March 12, 2015
  • Survival horizon – it indicates the maximum time in days during which the bank will be able to discharge its liabilities in the event of the materialization of the stress scenario, using the available liquidity buffer.

The Group manages the current liquidity ratio factoring in a change in the structure of claims and liabilities broken down by currencies, inter alia the funding requirements of major members of the Group. The Group maintains reserves of highly liquid assets adequate for compliance with the ratio not only for currencies taken in aggregate, but also broken down by each significant foreign currency. The Bank establishes a multi-tier system of limits, which ensures unconditional compliance with the minimum permissible level of the ratio established by the Bank of Russia in different scenarios.

The system of liquidity risk management includes the following elements:

  • accounting of liquidity risk during the pricing of products;
  • accounting of liquidity risk in the internal transfer pricing system;
  • use of an incentive mechanism for divisions that depends on the level of liquidity risk management;
  • liquidity risk assessment when introducing new banking products;
  • assessment of the impact of major transactions on liquidity risk and statutory requirements;
  • management of the liquidity buffer;
  • development of an action plan on restoring financial sustainability against the backdrop of a liquidity crisis.

To mitigate the liquidity risk, the Bank and Group members:

  • maintains a stable and differentiated structure of liabilities;
  • invests in liquid financial assets diversified by types of currencies and maturity to quickly and effectively fill in unexpected liquidity gaps;
  • controls the use of existing liquidity reserves;
  • maintains relations with counterparties on financial markets in order to raise funds within the shortest possible timeframes in the event that a liquidity demand arises.

Management of liquidity risk in the Bank and the Group as a whole is carried out by the Assets & Liabilities Management Committee. The Group’s liquidity risk assessment, management and control are performed in accordance with unified standards, taking into account the diversification of requirements for different categories of Group participants. Unified rules for attracting and allocating resources have been defined, to coordinate the activities of the Group’s participants in the debt capital markets, and unified principles for attracting funds from the capital markets The management bodies of Group member are responsible for the effective management of the liquidity of respective entities, and also for compliance with the limits and limitations established by the bank and the requirements of local regulators.

Operational risk

Operational risk management system is aimed at preventing this risk and minimizing the potential losses related to the organization of internal processes and external events.

The operational risk management process in the Group includes the following main stages:

  • identifying operational risk;
  • assessing operational risk;
  • analyzing the problem areas of processes, drafting and adoption of a decision on optimizing the procedures to reduce the level of the operational risk;
  • monitoring operational risk;
  • controlling and decreasing operational risk.

To implement the aforementioned stages, the Group has implemented such operational risk management tools as the collection of internal data on losses resulting from the materialization of operational risk incidents, the self-appraisal of departments, and scenario analysis for operational risks.

Risk coordinators are appointed in all the structural divisions of Sberbank and Group members who are responsible for the interaction with operational risk divisions on issues of the identification, assessment, monitoring, and control of operational risk. In particular, risk coordinators report incidents of operational risks that have materialized and also assess potential risks during the self-appraisal.

To monitor operational risk, the Group uses a system of reports for management and collective bodies involved in risk management processes. Operational risk reporting is generated on a daily, monthly, and quarterly basis.

Data on risk assessments and incurred losses make it possible to identify risk concentration zones for the subsequent development of a range of measures to mitigate the risk level of the Group.

To prevent and decrease losses arising from the operational risk, the Group has developed and applies appropriate mechanisms and procedures:

  • comprehensive regulation of business processes and procedures;
  • delimitation of powers;
  • internal control over compliance with the established procedure for performing operations and concluding transactions and discipline on limits;
  • a range of measures to ensure information security and business continuity;
  • improvements to audit procedures and control over the quality of automated systems and the hardware suite;
  • insurance of property and assets;
  • employee skills upgrades at all organizational levels etc.

Legal risk

The goal of managing legal risks is to ensure that the activities of Sberbank and Group members comply with the requirements of the law and law enforcement practice.

The following are the key factors capable of reinforcing the impact and scale of the manifestation of a legal risk:

  • Amendments to legislation, the requirements of the regulatory authorities, judicial and law enforcement practice;
  • Inconsistency in judicial and law enforcement practice, regulatory collisions;
  • Complication of financial instruments and strategies, the assimilation of new products and technologies.

To respond promptly to changes in the level of legal risk, the Group prepares reporting on instances of the risk realization and losses on the current level of the risk, and on the current status of measures aimed at minimizing the risk.

The level of legal risk is compared with the data for previous reporting periods; in the event of material deviations, the reasons are analyzed, and, where necessary, proposals are prepared on how to change bank processes.

Cybersecurity risk

The goal of cybersecurity risk management is to ensure the sustainable development of the Group and also to ensure compliance with the regulatory requirements of regulators.

A working body is constantly active in the Bank – the Cybersecurity Risk Management Committee, which makes decisions on managing this risk. Losses from the materialization of cybersecurity risk events are considered when assessing the aggregate amount of operational risk.

Detailed information on measures to ensure cybersecurity is given in the sections:

  • Security of banking operations
  • Creation of the ecosystem
  • Leadership in cybersecurity

Other risks

Compliance risk

The main areas of the activity of the Bbank and Group members in compliance risk management are:

  • to prevent official misuse and corruption offenses by the employees;
  • to prevent and settle conflicts of interest;
  • to counteract money laundering and the financing of terrorism;
  • to comply with licensing and other regulatory requirements in financial markets;
  • to ensure market conduct and fair competition during the conclusion of transactions on financial markets and prevent bad faith practices (use of inside information, price manipulation, etc.);
  • to comply with economic sanctions and restrictions established by the Russian Federation, and also international organizations and individual countries;
  • the implementation of the requirements of US legislation on the taxation of foreign accounts - the Foreign Account Tax Compliance Act, the FATCA and the requirements of the OECD standard for the exchange of tax information between partner countries in automatic mode (Standard for Automatic Exchange of Financial Account Information or Common Reporting Standard, CRS);
  • to protect the rights of clients, including investments.

The Bank has developed and approved internal regulations and implemented control procedures by way of development of the indicated areas.

The Compliance Risk Management System of the Bank has been distinguished with the certificates of the International Compliance Association on compliance with quality standards ISO 19600:2014 and ISO 37001:2016.

The compliance risk management system is regularly subjected to analysis and audits conducted by both internal and external experts. The compliance division prepares an annual audit plan and also for the subsidiary banks and associates.

For the purposes of developing and improving the compliance risk management system, the following initiatives were implemented in 2017:

  • training courses were delivered on areas of compliance over 90% of employees have been trained;
  • a special course was developed “Introduction into compliance for senior management” and also for newly hired employees of the Bank – “An introductory course for new employees on compliance risk management”;
  • a large-scale internal communications campaign was conducted aimed at increasing the employee awareness on the operating principles of the “Compliance Hotline” and information disclosure methods and channels regarding intentions or instances of the commission of corruption offenses, and also an increase in the level of engagement of employees and their responsibility for preventing corruption offenses;
  • compliance risk assessment matrices were developed and implemented in all compliance areas;
  • new processes aimed at identifying dubious transactions concluded through the Bank’s system are implemented;
  • actions were implemented to bring activity on financial markets into line with the requirements of the European Directive MIFID;
  • actions were implemented to bring activity on the financial markets of the CIB Unit into line with the requirements of the Fourth4 European Anti-Money Laundering Directive (4 EU AML Directive);
  • procedures have been implemented to ensure the compliance of the Bank with the requirements of Regulations No. 596/2014 of the European Union dated April 16, 2014 “On Countering Bad Faith Practices on Financial Markets”;
  • minimum compliance requirements have been developed and implemented for members of the Group and have been communicated to the controlling members of the Group. Information obtained from members of the Group is collected, processed and analyzed;
  • Sberbank’s Policy on Implementing US Legislation on the Taxation of Foreign Accounts (Foreign Account Tax Compliance Act, FATCA) has been developed and approved, together with a number of other internal regulations in this area.

To further improve the compliance risk management system, the Bank is determining the following development areas for 2018:

  • proactive work with clients in order the reduce the number of suspicious transactions concluded through the Bank’s system;
  • improvements were introduced to the model for assessing the risks of the involvement of clients in suspicious transactions;
  • a number of IT projects were implemented for the transition to target compliance control systems (identification of suspicious transactions, online approval of transactions, monitoring of sanctions, implementation of requirements under FATCA/CRS, management of conflicts of interest);
  • implementation of machine learning technologies to increase the effective identification of the suspicious transactions of clients and also transactions subject to sanctions controls;
  • establishment of a compliance culture through the development of an employee learning system and promotion of a hotline on compliance issues;
  • improvements to the internal compliance regulatory framework;
  • implementation of measures to bring activity on financial markets into line with the requirements of European directives (SFTR , EU Regulation on securities financing transactions, reporting of ОТС repo).

Regulatory risk

For the purpose of managing regulatory risk, Sberbank regulates the activity of its officials and divisions aimed at preventing and reducing the likelihood of the materialization of a risk. The Bank has organized a process of internal interaction to minimize the consequences of the identified risk.

A collegiate advisory body operates at bank – a working group on improving legislative regulation and establishing a favorable business environment for the implementation of the Development Strategy of Sberbank 2020. At its meetings the Working Group elaborates the consolidated position of Sberbank on regulatory initiatives and draft laws that contain regulatory risks

Tax risk

A multi-tier tax risk management system has been established at the Group, including:

  • business tax support from a preliminary expert tax assessment of proposed transaction terms and conditions to defense of the Bank’s interest before the tax authorities and in court;
  • internal procedures for the purpose of promptly identifying and eliminating instances of the incorrect application of the rules of the requirements of legislation on taxes and fees;
  • identification and elimination of internal sources of tax inefficiency;
  • monitoring of legislative initiatives and interaction with the supervisory, regulatory, and legislative authorities on issues of the development and application of legislation on taxes and fees.

General group tax risk management processes have been implemented in all subsidiary banks and other consolidated members of Sberbank. At the same time, tax risk management is carried out by each Group member independently within the framework of the functions and authority assigned to such member based on uniform requirements and procedures, while due account is taken of the specific characteristics of its activities and the requirements of local regulators. Information on tax risks assumed at the level of each member is transferred to Sberbank through the reporting system.

Reputation risk

To assess reputation risk, bank uses the following indicators:

  • a material change in the financial position of Sberbank;
  • dynamics of the results of opinion polls conducted among target groups of clients, employees, public organizations, shareholders and investors, the government bodies, etc.;
  • increase or decrease of the number of complaints and claims against Sberbank;
  • frequency of the malfunctioning of Sberbank’s IT systems resulting in the protracted unavailability of Sberbank’s services for a large number of clients;
  • negative and positive feedback and reports on Sberbank and its affiliates in the mass media;
  • identification of instances of illegal actions in respect of Sberbank and its clients;
  • changes in the business reputation of affiliates and counterparties of Sberbank;
  • external economic, political, industry-specific, social events and trends capable of exerting a negative effect on Sberbank’s activity;
  • refusal of regular or major clients and counterparties to cooperate with Sberbank.

All the employees of Sberbank and members of the Group:

  • comply with the requirements of the applicable laws of the Russian Federation, instructions, rules, standards of self-regulatory organizations, established codes of conduct, and ethical standards of business adopted by Sberbank and members of the Group. The foreign members of the Group comply with the above in the part that does contravene local legislation;
  • implement reputation risk management procedures in accordance with the competence of the division;
  • interact with the Public Relations and Media Communications Office of the Marketing and Communications Department and the Investor Relations Department on reputation risk management.

An Information Space On-Line Monitoring Service was established at Sberbank and is operational for the purpose of the early identification of possible information risks, whose materialization might result to the loss of good will. In the case of the employees of press centers, training courses are delivered to identify the potential information risk and minimize it at early stages.

Strategic risk

Strategic risk is the risk that the Group might incur losses over a timeframe longer than a year, as a result of errors committed when making decisions determining the development strategy. The errors may consist of the inadequate consideration of possible hazards for the Group’s activity, incorrect identification of promising lines of business where the Group could attain competitive advantages or the incomplete provision of resources and management decisions that should have facilitated the attainment of strategic goals.

Strategic risk management is based on the following principles:

  • Link with strategic planning: the results of the assessment, control and monitoring of the strategic risk are used during the determination of the strategic and business goals.
  • The proportionality principle: The bank develops requirements on strategic risk management, which comply with the nature and scale of the transactions being performed by the Group, the level and combination of risks.
  • Use of information technologies: the bank uses information systems that make it possible to promptly identify, assess, monitor, control and take measures to reduce the strategic risk.
  • Monitoring of the effectiveness of risk management: the bank assesses the extent to which the management of these risks is performed professionally in the Group as components of the management system function over time and in light of material amendments.
  • Principle of three lines of defense.

In December 2017 the Sberbank Supervisory Board approved the new Sberbank Development Strategy for 2020. During its drafting possible macroeconomic development scenarios in the world and in Russia were analyzed, and the conditions for a transition between them were determined. The benchmarks of the Strategy were based on an in-depth investigation into socioeconomic and technological trends, an analysis of the appeal of individual lines of business, and an assessment of the compliance of the Bank’s internal processes and systems with global best practice.

The key risks associated with the implementation of the Strategy for 2020 and the measures to prevent these risks are given in section 2.5 of this Report “Realization of risks of the New Strategy”.

Model risk

The goal of the model risk management of the is to ensure that all the risk assessment quantitative models being used at the Group comply with approved requirements on quality, forecast accuracy, and stability.

As part of the management of such risk, the Group has organized a model validation procedure, which is aimed to assess the correctness and accuracy of the functioning of the models, and alsothe extent of their use during the decision-making process. If the result of the validation is unsatisfactory, the model is revised entirely.

In August 2017 a new version of the Model Risk Management Policy was adopted, where, the model risk management perimeter was expanded materially.

Other types of risks

For the risks recognized as significant based on the identification of the Group’s risks in 2017 (social and environmental risk, technology risk, participation risk, venture risk), the Bank is developing a management system.