RISK MANAGEMENT SUPPORT SYSTEMS. Sistemi za upravljanje s tveganji

Transkripcija

1 UNIVERSITY OF MARIBOR FACULTY OF ECONOMICS AND BUSINESS, MARIBOR Master's Thesis RISK MANAGEMENT SUPPORT SYSTEMS Sistemi za upravljanje s tveganji Candidate: Valeriia Grigoreva Study program: Economic and Business Sciences Study field: Corporate governance and management Mentor: Samo Bobek, PhD, Full Professor Text editor: Sebastijan Frumen, prof. slov. Text editor: Stojan Primožič, prof. angl. Academic year:2016/2017 Maribor, April 2017

2 ABSTRACT The topic of this Master s Thesis is risk management support systems for banking industry. The research was focused on Russian Federation banking system. Risk management is an important part of bank management. The banking sector is one of the most sensitive ones for currency fluctuation, economical as well as political instability. And it is necessary to be able to forecast future risks and prepare the banks to meet them, as well as to create the most suitable way to treat these risks. Risk management in banks has changed substantially over the past ten years. In conditions of uncertainty and rapidly changing world banks have to introduce innovative approaches and mechanisms to risk management. Now banks use IT tools and automated systems for managing the risk. The case study was chosen for empirical part of research. As an example, the largest bank of Russian Federation banking industry PJSC Sberbank was taken. The empirical analysis was conducted with two research hypotheses. The purpose of H1 was to define the stage of use of automated risk management systems in Russia. It was accepted; the Russian banking sector is on early stage of use IT tools. However, the Russian software market is developing rapidly and can be called catching up. The purpose of H2 was to analyze the risk management support systems in the selected bank. The hypothesis was confirmed; the most important functionality of automated risk management system in Sberbank is credit risk management. Credit risk gives the bank "work". Credit operations of commercial banks are one of the most important types of banking activity. In the financial market, lending retains the position of the most lucrative asset line of credit institutions, although the most risky. The loan portfolio of banks averages 50 70% of assets. Consequently, the credit risk in the structure of banking risk has a decisive influence on the performance of banks. The effectiveness of credit risk management is very important in the management of banking risk. Key Words: bank, risk, risk management, support system, IT-tools, automated systems, Russia.

3 POVZETEK Tema diplomskega dela so sistemi za upravljanje s tveganji v bančnem sektorju. Raziskava je bila osredotočena na bančni sistem v Ruski federaciji. Danes obstaja tveganje na katerem koli področju. Vsak dan se soočamo s tveganji. V sodobnem gospodarskem okolju je tveganje postalo tudi del poslovanja in vsako posamezno podjetje je, ne glede na to, ali ponuja izdelek ali storitev, pod določenim tveganjem v skladu s svojim značajem in obsegom poslovanja. Na finančnem trgu torej vedno obstaja določeno tveganje. Obvladovanje tveganj je pomemben del upravljanja banke. Bančni sektor je eden izmed najbolj občutljivih za nihanja valutnih tečajev, pa tudi za ekonomične in politične nestabilnosti. Potrebno je znati napovedati prihodnja tveganja in pripraviti banke na soočenje z njimi, potrebno pa je tudi ustvariti primeren način za preprečitev tveganj. Bolj natančna, kot je ocena tveganja in izbira odločitve o tem, kako ga zmanjšati pri različnih scenarijih, bolj učinkovito je upravljanje v banki in manjše tveganje za plačilno nesposobnost. V današnjem času je ta tema še bolj aktualna zaradi negotovosti in volatilnosti ruskega gospodarstva. Zato je treba paziti na bančna tveganja in njihovo obvladovanje, paziti a je potrebno tudi na težave, s katerimi se soočajo "risk"- menedžerji poslovnih bank. Glavni namen raziskave je bil oceniti trenutno stanje uporabe informacijskih sistemov za obvladovanje bančnih tveganj v Ruski federaciji in raziskati podporne sisteme in orodja za njihovo obvladovanje. V teoretičnem delu smo opredelili pomen tveganja, ki je opisan kot koncept obvladovanja tveganj. Tveganje je pomemben koncept na številnih znanstvenih področjih; še vedno ni soglasja o tem, kako ga lahko opredelimo in razložimo. Obstaja veliko različnih pristopov k opredelitvi tveganja. Veliko definicij je povezanih z nevarnostjo ali priložnostjo, verjetnostjo izgube ali dobička itd. V finančnem sektorju na splošno, še posebej pa v bančnem sistemu, se tveganje nanaša samo na negativna odstopanja od pričakovanega ali želenega rezultata in je povezano z verjetnostjo izgube, medtem ko pozitivna odstopanja pomenijo priložnosti. Tveganje, ki je povezano z bančno dejavnostjo, se pojavlja v vseh operacijah, poslih ali odločitvah, kar pomeni določeno negotovost glede rezultata. V vsaki banki obstaja sistem za obvladovanje tveganj. Banke prejemajo dobiček, ko prevzamejo tveganja in tveganja obvladujejo. Sistem obvladovanja bančnih tveganj je skupek metod, ki zagotavljajo pozitivne finančne rezultate v pogojih negotovosti, napovedujejo dogodke tveganja in sprejemanje ukrepov za odpravo ali zmanjšanje njegovih negativnih posledic. Nato smo raziskali področja obvladovanja tveganj. Sistem obvladovanja tveganj v bankah lahko temelji na različnih področjih. Zaradi kompleksnosti sodobnega gospodarstva obstaja veliko število tveganj, s katerimi se lahko srečujejo finančne institucije, kot so banke, in težko je odgovoriti na vprašanje, kako ta tveganja razvrstiti. Različne študije razumejo in razvrščajo bančna tveganja na drugačen način. V naši raziskavi smo se fokusirali na glavno tveganje v bančništvu, po našem mnenju je to kreditno tveganje. Kreditno poslovanje poslovnih bank je eden izmed

4 najpomembnejših bančnih dejavnosti. Na finančnem trgu kreditiranje ohranja položaj najbolj donosnega posla kreditnih institucij, čeprav je najbolj tvegano. Kreditno tveganje je bilo in tudi ostaja glavna vrsta bančnih tveganj. Preučili smo tudi metodologijo ocenjevanja kreditnih tveganj in glavne kazalnike tveganja. Baselski odbor za bančni nadzor predlaga izračun koeficienta tveganja z uporabo zunanjih bonitetnih ocen, ali lastnega (notranjega) sistema ocene sredstev in zunaj bilančnih postavk (za izračun kapitalske zahteve). Zunanje bonitetne ocene objavljajo specializirane bonitetne agencije, kot so Moody, Standard & Poor, Fitch. Ocene se določajo v skladu s solventnostjo države posojilojemalca in z roki poravnave finančnih obveznosti ali enega samega kreditnega proizvoda (AAA, BB, D, itd.). Notranja bonitetna ocena je določena s strani banke s presojo nekaterih dejavnikov, ki kažejo na verjetnost odplačila dolga v celoti in pravočasno. Splošna merila za ocenjevanje so lahko plačilna sposobnost organizacije, značilnosti kreditnega proizvoda, ocena okolja, itd. Upravljanje s tveganji v bankah se je v zadnjih desetih letih bistveno spremenilo. Predpisi, ki so nastali po svetovni finančni krizi in globe, ki so bile na podlagi tega odmerjene, so sprožile val sprememb pri funkcijah tveganja. Vključevale so bolj podroben in zahteven kapital, finančni vzvod, likvidnost in potrebe po financiranju, pa tudi višje standarde za poročanje o tveganjih. Banke so prav tako krepile svojo kulturo tveganja in tesneje sodelovale s svojimi upravami pri sprejemanju ključnih odločitev v zvezi s tveganji. Prizadevale so si tudi podrobneje določiti in postaviti svoje linije obrambe. Glede na obseg teh in drugih premikov je večina funkcij tveganja v bankah še vedno v transformaciji, ki se odziva na to povečano povpraševanje. V pogojih negotovosti in hitrega spreminjanja sveta so banke morale uvesti inovativne pristope in mehanizme za obvladovanje tveganj. Razpoložljivost informacijske tehnologije je korenito spremenila tradicionalni način bančništva. IT se zdaj uporablja za avtomatizacijo zalednih sistemov, za pripravo obsežnega dela itd. Danes banke zagotavljajo obvladovanje tveganj s pomočjo informacijskih orodij. Mnoge od teh tehnoloških inovacij lahko zmanjšajo stroške tveganja ter pripomorejo k povečanju stopnje bančne konkurenčnosti. Tveganja v banki se lahko merijo in napovedujejo z različnimi modeli in tehnikami. Bančni sektor razvija in izvaja različne inovacije v svoji dejavnosti. To niso le bančni proizvodi, temveč tudi razni pristopi in mehanizmi. Zdaj banke uporabljajo računalniško opremo in avtomatizirane sisteme za obvladovanje tveganja. Empirična analiza je bila izvedena z dvema raziskovalnima hipotezama. Namen hipoteze H1 je bil opredeliti stopnjo uporabe avtomatskih sistemov za obvladovanje tveganja v Rusiji. Bila je potrjena; ruski bančni sektor je v zgodnji fazi uporabe informacijskih orodij. Raziskovali smo trende za obvladovanje tveganja bančnih sistemov v Ruski federaciji in pregledali trenutno stanje v ruski in svetovni praksi "risk"-menedžmenta. Banke v razvitih državah že dolgo vključujejo sisteme obvladovanja tveganj v svoje strukture, razvile so tudi kulturo obvladovanja tveganj. Nasprotno, v državah z nastajajočimi trgi, se novi sistemi za obvladovanje tveganj šele

5 pojavljajo na dnevnem redu bančnih direktorjev. Med informacijskimi rešitvami ruske banke za obvladovanje tveganj uporabljajo tako lastno programsko opremo kot tudi opremo po naročilu. Upravljanje s tveganji v Rusiji ni dovolj razvito v primerjavi z Evropo. Vloga avtomatiziranih sistemov za obvladovanje tveganja je v ruskih bankah pogosto podcenjena. Vendar pa se zanimanje za upravljanje s tveganji v ruskih bankah in med ruskimi razvijalci programske opreme postopno povečuje. Razlika med ruskim bančnim sektorjem in Zahodom je v dinamiki njegovega razvoja. Če je Zahod razvijal in oblikoval sistem za obvladovanje tveganj desetletja, je to področje za ruski finančni trg relativno novo. Ruski trg programske opreme se hitro razvija. Namen hipoteze H2 je bila analiza podpornih sistemov na področju obvladovanja tveganja v izbrani banki. Hipoteza je bila potrjena; najpomembnejša funkcija avtomatskega sistema za obvladovanje tveganj v banki "Sberbank" je upravljanje s kreditnim tveganjem. Študija primera je bila izbrana za empirični del raziskave. Kot primer je bila sprejeta največja banka bančnega sektorja v Ruski federaciji to je PJSC "Sberbank". Raziskovali smo zgodovino in profil PJSC "Sberbank Rusije". Zdaj je ta banka največja banka v srednji in vzhodni Evropi. To je ključni posojilodajalec v ruskem gospodarstvu ter največji prejemnik depozitov v Rusiji: 45 % depozitov na drobno, 38 % kreditov za prebivalstvo in 33 % kreditov za pravne osebe. Banki je uspelo ohraniti vodilni položaj več let kljub zadnjim trendom ruskega gospodarstva. Proučili smo sistem upravljanja s tveganji v banki "Sberbank", analizirali poslovni proces upravljanja s tveganji in programsko opremo, ki jo banka uporablja. Kreditno tveganje daje banki "delo". Kreditni portfelj bank znaša povprečju % sredstev. Zato ima kreditno tveganje v strukturi bančnega tveganja odločilen vpliv na poslovanje bank. Učinkovitost upravljanja s kreditnim tveganjem je zelo pomembna pri upravljanju bančnega tveganja. Izvedene raziskave so pokazale, da so sistemi za avtomatsko obvladovanje tveganj, ki jih je razvil eden glavnih ponudnikov informacijskih orodij za "Sberbank" Sberbank-tehnologija, v glavnem osredotočeni na obvladovanje kreditnega tveganja. Sberbank-tehnologija ima posebne oddelke, namenjene za razvoj rešitve za obvladovanje kreditnega tveganja. Ključne besede: banka, tveganje, upravljanje s tveganji, podporni sistemi, orodja, avtomatizirani sistemi, Rusija.

6

7 TABLE OF CONTENTS 1 INTRODUCTION Scope description and definition of the problem Purpose, objectives and hypotheses of the research Purpose Objectives Hypotheses Assumptions and limitations Research methods THEORETICAL ASPECT OF RISK MANAGEMENT The concept of risk management The definition of a risk Risk management Areas of risk management Area of credit risk management Credit risk assessment methodology RESERARCH OF RISK MANAGEMENT EXAMPLES FROM RUSSIAN BANKING Risks management trends in Russian Federation banking system Systems and tools for risk-management selected issues for banks CASE ANALYSIS (PJSC SBERBANK ) History and profile of the company History of Sberbank Financial position of Sberbank Risk management system in the bank Credit risk management Business process of risk management in the bank Analysis of used software CONCLUSION LITERATURE AND SOURCES i

8 LIST OF FIGURES Figure 1: Types of risks 9 Figure 2: The dynamics of cancellation of licenses of credit institutions...20 Figure 3: The logo of Sberbank.. 31 Figure 4: Assets of Sberbank Figure 5: Liabilities of Sberbank. 35 Figure 6: The dynamics of net profit of the bank..36 Figure 7: The dynamics of share of overdue loans 43 Figure 8: The process of risk management 44 Figure 9: The logo of Sberbank-Technology..49 Figure 10: The system of management of requests for credit limits 53 LIST OF TABLES Table 1: The dynamics of oil price Brent changes. 19 Table 2: The numbers of credit institutions in Russia over the past 10 years Table 3: The world risk management software 26 Table 4: The largest suppliers of IT for banks in Table 5: Assets and liabilities of Sberbank..34 Table 6: Net profit of the bank 35 Table 7: Distribution of authority and responsibility.. 39 Table 8: Overdue loans. 42 Table 9: Risk matrix of Sberbank...45 LIST OF ABBREVIATIONS ALM Asset & Liability Management ii

9 AMCLaR ASUR FR AS BCBS BIS CAR CCRMS CRM EL ES EC IFRS LGD FORTS MICEX ORMS OTC PD PJSC QCSU RAROC RTC RUB UL VaR Automatic Module for Calculating Limits and Ratings Automating of Risk Management System in Financial Markets Automated Systems Basel Committee on Banking Supervision Bank for International Settlements Capital Adequacy Ratio Corporate Credit Risk Management System Customer Relationship Management Expected loss Expected Shortfall Economic Capital International Financial Reporting Standards Loss Given Default Futures & Options of Russian Trading System Moscow Interbank Currency Exchange Operational Risk Management System Over the country Probability of Default Public Joint Stock Company Quality control system underwriting Risk-adjusted return on capital Russian Trading System Russian Ruble Unexpected loss Value at Risk iii

10

11 1 INTRODUCTION 1.1 Scope description and definition of the problem The decision-making process in the financial sector takes place in conditions of uncertainty, which comes from the fact that we have to choose from several alternatives. A risk is an indicator of uncertainty. Hence the definition of risk is followed. It is quantified probability of occurrence of definite events (Lavrushin and Valentseva, 2016). There is always some risk in the financial market (Doba, 2009). Risks have to be managed by an enterprise. Otherwise, those risks would manage the enterprise (Kirilov, 2016). In this Master s Thesis, the risk management is conceptualized as one of the key roles in the bank management. The more accurate the risk assessment and the choice of the decision on how to minimize it under different scenarios and the probability of risk realization, the more effective management in the bank and the lower the risk of its insolvency (Larionova, 2016). As the development of financial systems the range of risks constantly was expanding. The risk management is one of the main problems of banking management, because achieving a positive financial result in activity of financial institutions is impossible without a certain risk (Borisova and Maklakova, 2015). And now, in conditions of uncertainty and volatility of the Russian economy this topic is more relevant. Therefore it is necessary to pay attention to banking risks and risk management, as well as the problems, which are faced by risk-managers of commercial banks. Risk management in banking has been transformed over the past decade, largely in response to regulations that emerged from the global financial crisis and the fines levied in its wake. But important trends are afoot those suggest risk management will experience even more sweeping change in the next decade (Härle, Havas and Samandari, 2016). Risk may be measured and forecasted with different models and techniques (Madhavi and Malleswaramma, 2013). Banking sector develops and implements different innovations in its activities. It is not only the banking products, but also new management approaches and mechanisms (Lavrentev, 2012). The Master's Thesis examines the degree of use of automated risk management systems in commercial banks of the Russian Federation. Today banks provide risk management with IT-tools. Among the IT-solutions of risk management banks use both its own and custom software development, and solutions of such famous vendors as Misys, Advent, Calypso, etc. (Moiseev, 2014). Technological innovations continuously emerge; enabling new risk-management techniques and helping the risk function make better risk decisions at lower cost. Big data, machine learning, and crowdsourcing illustrate the potential impact. Many of these technological innovations can reduce risk costs and fines, and they will confer a 1

12 competitive advantage on banks that apply them early and boldly (Härle, Havas and Samandari, 2016). However, they may also expose institutions to unexpected risks, posing more challenges for the risk function. Data privacy and protection are also important concerns that must be addressed with due rigor. 1.2 Purpose, objectives and hypotheses of the research Purpose The main purpose of the research is to appraise the current status of using the banking risk management systems in Russian Federation and to explore support systems and tools for banking risk-management Objectives Aims of the theoretical part: To study definition and description of the risk; To define the concept and process of banking risk management; To define main types of banking risks; To consider the concept of credit risk; To explore credit risk assessment methodology. Aims of the empirical part: To study risk management trends in Russian Federation over the past decade; To define and explore systems and tools for risk management used in banks; To study history and profile of PJSC Sberbank ; To explore the modern practice of risk management in the bank; To consider the business process of risk management in the bank; To analyze used software in the bank Hypotheses In this thesis we are going to examine two hypotheses: H1: Risk management support systems in Russian banks are on early stage of use. H2: The most important functionality of risk management support systems for Russian banks is credit risk issues. 1.3 Assumptions and limitations To date there are many different kinds of banking risks in literature, in our paper we focus on credit risk. We consider Russian Federation banking risk management in case of PJSC Sberbank. Our research is also limited to last ten years. 2

13 We assume that we will find enough literature about banking risk management. We assume that the necessary information about PJSC Sberbank will be available. And we also assume that published information is objective and accurate. 1.4 Research methods In the theoretical part of the master thesis we use the following research methods: - Description - based on the available literature, scientific journals and internet resources. It has been used for definition and explanation. - Comparison - we have compared similar systems and tools and dissimilar points of view. - Compilation - we have summarized the findings of various authors. In the empirical part of this paper case analysis has been used. The gathered data from analysis has been presented with diagrams, charts and tables. Besides that inductive method has been used to make conclusions. The present study was collected by secondary data. Secondary data includes the literature review of books, journals, and online articles. It has also been collected through official website and IFRS financial statements of the Sberbank and data of Central Bank of Russian Federation. 3

14 2 THEORETICAL ASPECT OF RISK MANAGEMENT 2.1 The concept of risk management In the modern society, in conditions of increasing competition, the attention to banking risks increases from both scientists and practitioners. The decision of preventing problems and minimize banking risks are becoming more popular in the economic community. The concept of risk management is receiving increasing attention in publications relating to banking activities. This chapter deals with literature review and explains the concept of risk and risk management The definition of a risk The etymology of the word Risk can be traced to the Latin word Rescum meaning Risk at Sea, dangerous or that which cuts (Sinkey, 2002). Risk is inherent in every walk of life. Banks are, by definition, in the business of taking and managing risk. With growing competition and fast changes in the operating environment impacting the business potentials, banks are compelled to encounter various kinds of financial and non-financial risks. Risk is an important concept in a number of scientific fields, yet there is no consensus on how it is to be defined and interpreted (Aven, 2011). Some of the definitions are based on probabilities, others on expected values, some on uncertainty and others on objectives. Some authors regard risk as subjective and epistemic, depending on the knowledge available, some regard it as aleatoric, due to the probabilistic character of certain parameters, while yet others give risk the ontological status independent from the person assessing it (Šotić and Rajić, 2015). Currently, there are many definitions of the concept of banking as a risk. It is a word that has various meanings to various people (Adams, 2014). Cambridge Dictionary (Cambridge University Press) defines risk as "danger, or the possibility of danger defeat, or loss", and Merriam-Webster Dictionary (Merriam- Webster) defines it as "possibility of loss or injury". Some people considered risk as a negative event, while it is not always true. According to Business dictionary (WebFinance) risk is "a probability or threat of damage, injury, liability, loss, or any other negative occurrence that is caused by external or internal vulnerabilities, and that may be avoided through preemptive action". Risks may be two types: (1) threats (negative affect) and (2) opportunity (positive affect) (Mamis, 1991). Considering the conceptual approaches to essence definition of the concept of risk, J. Keynes (1936) defines the concept of "risk" through its exercise of a borrower activity, of a lender activity, as well as currency values change. Lawrence (1976) thought that risk is the measure of probability and the weight of undesired consequences. 4

15 According to the neoclassical theory of A. Marshall and A. Pigou (2007, p. 21) there is statement about the risk as the possibility of deviations from the target or as the amplitude of the potential profit oscillations. In the work Against the Gods: The Remarkable story of risk, deals with the role of risk, Peter Bernstein (2000, p. 26) concluded: The risk is more a choice than a lot. Actions that we must take, depending on our available freedom of choice that's what the risk really is. Risk can be defined as the combination of the probability of an event and its consequences (Chang et al., 2011; Lehar, 2005). According to John K. VanHorn (1996), a financial "risk" includes both the potential risk of insolvency and the possibility in changing of shareholders' benefits of ordinary shares. In Utkin s training manual (2003, p. 12) financial "risk" is defined as a risk, "appearing in the enterprise relations with banks and other financial institutions". Lavrushin (2016, p. 10) in his work conclude: Risk is an activity designed to succeed in the presence of uncertainty, requiring from the economic entity the ability and knowledge of how to cope with negative events. Thus, there is no consensus about the essence of the banking risk in the scientific literature. It can be explained by the versatility of this phenomenon. Current risks are tomorrow s potential losses. Still, they are not as visible as tangible revenues and costs are. From the banks point of view risk based practices are so important, because banks take risks, they transform them, and they embed them in banking products and services. Banks take risk-based decisions under an ex-ante perspective and they do risk monitoring under an ex-post perspective, once the decisions are made. There are powerful; motives to implement risk based practices to provide a balanced view of risk and return from a management point of view; to develop competitive advantages, to comply with increasingly stringent regulations. It is easy to lend and obtain attractive revenues from risky borrower. The price to pay is a risk that is higher than the prudent bank s risk. The prudent bank limits risk and therefore both future losses and expected revenues by restricting business volume and screening out risky borrowers. It might avoid losses but it might suffer from lower market share and lower revenues. However, after a while, the risk-taker might end with an ex-post performance lower than the prudent bank due to higher losses materializing. Risks remain intangible and invisible until they materialize into losses. Simple solutions simply do not really help to capture risks (Bessis, 2007). In the financial sector in general, but especially in banking system, the risk refers only to negative deviations from expected or desired outcome and is associated with the probability of a loss, while positive deviations are considered to be opportunities. The risk associated with banking activity occurs in any operations, transactions or decisions which implies a certain uncertainty about the result. Since all their banking operations 5

16 have a degree of uncertainty associated with, all banking operations contribute to the overall risk of a bank (Apătăchioae, 2013). The functioning of a modern commercial bank is impossible without risk. The risk exists in any operation. None of the types of banking risks can be eliminated completely. The higher the level of risk, which takes up a commercial bank, the higher should be its potential profit. In the modern conditions commercial banks seek to minimize the risks and maintain current profit. For this banks need an effective risk management Risk management There is a risk management system in each bank. Banks make profit by taking risk and managing risk. The traditional focus of risk management in banks has typically arisen out of their main business of intermediation the process of making loans and taking in deposits (Matthews & Thompson, 2008). Banking risk management system is a set of methods, which allow providing positive financial results in conditions of uncertainty, predicting the risk events and taking steps to eliminate or reduce its negative consequences (Lavrushin & Valentseva, 2012). Risk management in banking designates the entire set of risk management process and models allowing banks to implement risk-based policies and practices. They cover all techniques and management tools required for measuring, monitoring and controlling risks (Bessis, 2007). The spectrum of models and processes extends to all risks: credit risk, market risk, interest rate risk, liquidity risk and operational risk, to mention only major areas. According to Joseph F. Sinkey, Jr. (2002) risk management can be conducted on a bank s balance sheet through adjustments in portfolio composition, or off the balance sheet using a host of risk management weapons derived from the technology of financial engineering. As consistent with the approach of Froot, Scharfstein, and Stein (1993, 1994), a bank risk management strategy must be integrated with its overall corporate strategy. According to their work (1994, p. 92), a risk management framework rests on three pillars: 1. Making good investment decisions creates corporate value. For traditional banks, it means making good loans and investments; for nontraditional banks, it means good loans and investments, plus making good investment decisions regarding their nontraditional activities, such as investment banking, mutual funds, insurance, derivatives, and so on. 2. Generating enough cash flow internally is the key to making good investments. Companies that do not generate enough cash flow internally tend to cut investment more substantially than their competitors do. In banking, generating enough cash flow internally plays a critical role in maintaining a firm s capital adequacy. Adequate capital, in turn, is a prerequisite for expansion and making good investments. With respect to 6

17 costs and control, banks with inadequate capital are subject to higher deposit insurance premiums, greater regulatory scrutiny, and possible takeover by outsiders. 3. A company s ability to invest can be jeopardized if cash flow is disrupted by adverse movements in external factors, such as interest rates, exchange rates, and commodity prices. Banks are especially sensitive to adverse movements in the underlying commodity prices faces by their borrowers. Understanding these three points is doubly important to bankers because it not only permits them to better comprehend their own risk management problems but also those of their client borrowers. A risk management framework that highlights the cash flows and investment opportunities of borrowers and would-be borrowers provides the appropriate focus for making lending decisions, thereby dealing with the credit risk factor. Lavrushin and Valentseva (2016) allocate the following elements of risk management process: Entities of management; Risk identification; Risk assessment; Risk monitoring. 1. Entities of banking risk management depend on the size and the structure of the bank. At that, the total for all banks is that among them are: The bank's managers responsible for its strategy and tactics aimed to profitable growth at an acceptable risks level; Committees making decisions about the extent of certain fundamental risks, which the bank can take over; The unit of the bank, engaged in planning its activities; Functional units responsible for the commercial risks connected with activities of these units; Analytical units that provide information for decision-making about banking risks; The internal audit and control function, contributing to minimize operational risks and to identify critical indicators, that signalize the possibility of a risk situation; The legal department, which controls the legal risks. 2. Risk identification is to discover its areas (zones). Risk identification also suggests practical benefits and possible negative consequences for the bank associated with these areas. 3. Qualitative and quantitative analysis is used to assess the degree of risk (Buglag, 2011). 7

18 Qualitative analysis is the analysis of the sources and potential risk areas, which are defined by its factors. So it rests on a clear allocation of factors, the list of which is specific for each type of banking risk. Quantitative risk analysis aims to identify numerically, i.e. formalized the degree of risk. The quantitative analysis can be divided into several sections: A selection criteria for risk assessment; A definition of an acceptable level of certain types of risk; A definition of the actual degree of risk on the basis of certain methods; An assessment of the possibility of risk increasing or reducing further. 4. Risk monitoring is the process of regular analysis of risk indicators in relation to its kinds and decision-making aimed at its minimization while maintaining the necessary level of profitability. The risk monitoring includes: An allocation of responsibilities for risk monitoring; An definition of the system of key indicators (basic and additional); Methods of risk management. 2.2 Areas of risk management The risk management system in banks can be based on different areas. Due to the complexity of modern economy there are a large number of risks that could be faced by financial institutions such as banks and the question how to classify those risks is a tough one. Different studies understand and classify banking (financial) risks in different way. J. Bessis (2007) in his textbook single out the following areas: A credit risk; Country and performance risks; A market risk; An interest rate risk; A liquidity risk; A foreign exchange risk; A solvency risk; An operational risk; A model risk. His book focuses on three main risks: interest rate risk for the banking book; market risk for the trading book; credit risk. Credit risk is the first of all risks in terms of importance. Default risk, a major source of loss, is the risk that customers default, meaning that they fail to comply with their obligations to service debt. Default triggers a total or partial loss of any amount lent to the counterparty. Credit risk is also the risk of a decline in the credit standing of an 8

19 obligor of the issuer of a bond or stock. Such deterioration does not imply default, but it does imply that the profitability of default increases (Bessis, 2007). The interest rate risk is the risk of a decline in earnings due to the movements of interest rates. Most of the items of bank s balance sheets generate revenues and costs that are interest rate-driven. Since interest rates are unstable, so are earnings. Anyone who lends or borrows is subject to interest rate risk. The lender earning a variable rate has the risk of seeing revenues reduced by a decline in interest rates. The borrower paying a variable rate bears higher costs when interest rates increase. Both positions are risky since they generate revenues or costs indexed to market rates. The other side of the coin is that interest rate exposure generates chances of gains as well (Bessis, 2007). Market risk is the risk of adverse deviations of mark-to-market value of the trading portfolio, due to market movements, during the period required to liquidate the transactions. The period of liquidation is critical to access such adverse deviations. If it gets longer, so do the deviations from the current market value (Bessis, 2007). Kent Matthews and John Thompson (2008) propose the following typology of banking risks (Figure 1): Figure 1: Types of risks Source: Matthews and Thompson, 2008, 210 In their textbook they identify the interest rate risk management, risk and operational risk as major. market risk, credit Credit risk is the possibility of loss as a result of default, such as when a customer defaults on a loan, or generally any type of financial contract. The default can take the 9

20 form of failure to pay either the principal on maturity of the loan or contract or the interest payments when due (Matthews and Thompson, 2008). Operational risk is the possibility of loss resulting from errors in instructing payments or settling transactions. Banks tend to account for this on a cost basis, less provisions (Matthews and Thompson, 2008). Market risk is the possibility of loss over a given period of time related to uncertain movements in market risk factors, such as interest rates, currencies, equities and commodities. The market risk of a financial instrument can be caused by a number of factors, but the major one is interest rate risk. Net interest income is the difference between what the bank receives in interest receipts and what it pays in interest costs. The main sources of interest risk are volatility of interest rates and mismatch in the timing of interest on assets and liabilities (Matthews and Thompson, 2008). 2014): In theory of Russian Federation the prevalent list of financial risks are (Khutaev, A credit risk; A liquidity risk; An interest rate risk; A price risk; An exchange risk; A yield curve risk; An operational risk. The credit risk is the risk, that the client is unable to meet his debt service obligation. The default is the total or partial loss of the loan amount. Also the credit risk is the risk of weakening of financial standing of the client. This weakening is not default, but it is increasing its probability (Khutaev, 2014). The liquidity risk is one of the most important types of risks. There are three approaches to the definition of liquidity risk: 1. Full illiquidity, leading to the bankruptcy of the bank. An extreme conditions leading to the full illiquidity are often the result of other risks. 2. Safety cushion in the form of liquid assets that is insufficient amount of short-term liquid assets for fulfillment of planning or no-warning short-term obligations. From this perspective, the liquidity can be defined as a "safety cushion" to gain time in nowarning difficulties. 3. Fundability at market price. From this perspective, the liquidity risk is difficulty in loan funding on the financial markets. This may be exerted by market insufficient liquidity or insufficient liquidity of the bank. The liquidity cost may increase due to a temporary resource shortage in the market. In this case, the liquidity cost grows for all market participants (Khutaev, 2014). 10

21 The liquidity risk in the bank is determined by the schedule of current assets ratio by maturity (Polishuk, 2008). This ratio reveals time gaps by maturity of fundraising. The main objective of liquidity risk management is a containment these gaps within certain limits. The interest rate risk is the risk of changes in income and expenditure due to changes in interest rates. A significant portion of income and expenditure of the bank consists of the received and paid interest on the resources in place or borrowings (Lavrushin and Valentseva, 2016). As the interest rates on the market are unstable, income and expenses of the bank as unstable. The price risk is the risk of adverse changes in the value of the portfolio during the period, which is required for portfolio liquidation. The price risk exists at any time. Any decrease of value results to a loss equivalent to the difference between the cost of the portfolio and its market value at the time of implementation. The market value may change for a minimum period, which is required for the elimination of the portfolio, so the price risk is limited to the period of liquidation. Outside the period of liquidation the risk has a different nature. It is the risk of insufficient control over the condition of the market portfolio. If the system of risk control is not effective, the market value may deviate until the liquidation process or hedging portfolio. If the tool is low-liquid, then the process of elimination increases on terms and the probability of closing a position without a discount is extremely low (Khutaev, 2014). The currency risk is a probability of losses due to a negative change in the asset value or the liability value due to a new exchange rate (Khutaev, 2014). The currency risk is a component of the price risk, because the exchange rate is a market parameter and its change is included in the calculation of price risk. Also there is an additional currency risk, when banking operations are conducted in foreign currency. This is due to the fact that the incomes or expenses of a financial institution on the bank s balance sheet are recognized in the national currency. The yield curve risk is a probability of change of the bank s financial results under the influence of fundamental and commercial risks that arise from the activities of a credit organization (Lavrushin and Valentseva, 2016). At first this risk has a complex character, because it is associated with active and passive operations of banks. Secondly, it is a balancing result of the level of risks, which is taken on by the credit institution in accordance with the directions of activity for receiving of profit. It is about establishing and maintenance of acceptable level of other risks. The operational risk is a probability of direct and indirect losses in response to uncontrollable events, business organization deficiencies, inadequate controls, wrong decisions, system errors, which are related with human resources, technology, property, internal systems, relationships with internal and external environment, legislation and individual risk projects (Lavrushin and Valentseva, 2016) Area of credit risk management The active management of credit risk has been receiving increasing regulator attention and strategic focus at many financial institutions. Credit risk is insidious in all financial 11

22 markets. All participants of financial markets are facing this risk at varying levels (Berrada, Gibson, Mougeot, 2001). Credit operations of commercial banks are one of the most important banking activities. On the financial market lending keeps the position of the most profitable asset items of credit institutions, although most risky. Credit risk, therefore, was and remains the main type of banking risks (Lavrushin and Valentseva, 2016). Credit risk is the risk of loss arising from a borrower s or counterparty s inability to meet its obligations. The majority of a financial institution s credit risk arises from its lending activities outstanding loans and leases, trading account assets, derivative assets, and unfunded lending commitments that include loan commitments, letters of credit, and financial guarantees. It also exists in other activities such as acceptances, interbank transactions, trade finance, and retail and investment settlements. Credit risk is the most fundamental risk to which modern banks are largely exposed. The bank management is required to have vigil insight and policy debate for the mitigation and management of the credit risk. It is can be defined as the risk of loss resulting from failure of obligors or borrowers to honour their payments (Pesaran and Schuermann, 2003). The Basel Committee on Banking Supervision (2000a) defines credit risk as the potential that a bank borrower or counterparty will fail to meet its obligations in accordance with agreed terms. According to Joseph F Sinkey (2002) there are two approaches to managing of credit: The traditional approach, The modern approach. The credit risk is the oldest uncertainly associated with banking. The traditional lending function has the following components: Originating, Funding, Servicing, Monitoring. Securitized lending eliminates the need for funding and monitoring, and makes servicing optional. For loans that are kept on the balance sheet, funding must be coordinated with loan pricing to avoid interest rate risk. Servicing simply involves collecting interest and principal payments, and retaining them or passing them through in the case of securitized loans. Agency problems occur during the originating and monitoring processes. An important part of monitoring is to estimate a bank s expected loan losses and to establish a reasonable and adequate allowance for loan and lease losses. The originating and monitoring functions require practical knowledge about borrowers, as captured by the five Cs of creditworthiness: Character (honesty, ethical reputation); Capacity (cash flow); 12

23 Capital (real net worth); Collateral (security); Conditions (vulnerability to economic fluctuations). Five Cs is a model of credit risk that focuses on credit analysis, creditworthiness, and cash flow. The main difference of modern methods for analyzing and managing credit risk from the traditional approach is that the modern method enlists the aid of portfolio theory and employs more sophisticated quantitative methods and techniques. It concentrates on factors, such as present values, probabilities of default, loan recovery rates, and credit migrations or rating changes. Securitization and credit derivatives have been two of the important developments in the modern approach to managing credit risk (Sinkey, 2002). Securitization has been a widely used technique for the credit risk management in the banking system for the last three decades (Casu et al., 2011). Securitization motivates the banks to structure a portfolio with high risk and high return assets (Cebenoyan and Strahan, 2004). However, the recent financial crisis of revealed that securitizing creates a number of problems for the banks. The usefulness of this technique has become questionable by the researchers and practitioners. This technique failed to save the banking system from the credit losses. A good credit risk management system is a combination of various processes, including risk identification, risk measurement, risk evaluation, risk monitoring and risk control. The banks are required to identify emerging risk in terms of its severity in a prompt fashion and its consequences should be estimated with precision. The causes of the risks should be identified and evaluated. The identification of causes will help the bank to monitor the lending activities of the bank that are exposed to credit risk. Concomitantly, a vigilant and effective control mechanism can be easily developed on the basis of this evaluation. The bank should make all these processes implicit in its operation and strategic framework (Crouhy et al., 2000). The banks have been using various tools for risk management. There are some researchers that are of the view the inception of new technologies, like use of computers and internet in banks has facilitated the assessment, monitoring and control of credits. The track record of various borrowers is maintained in an easier, efficient and convenient way (Santomero, 1997). However, Marphatia and Tiwari (2004) argue that people are mainly responsible for risk management. The effectiveness of risk management is based on their understanding and perception of underlying facts. Technology can be used merely as a tool and it cannot use beneficial results if it is in wrong hands, but it may increase the catastrophe in such a situation (Marphatia and Tiwari, 2004) 13

24 2.3 Credit risk assessment methodology The value of credit risk is measured by the amount that can be lost in case of nonpayment or delay in payment of debts. Assessment of the credit risk may be carried out in two ways: qualitative and quantitative (Kostuchenko, 2010). The qualitative method of risk assessment is a verbal description of it level by revealing negative information, on the basis of which the borrower's credit rating or consolidated level of risk is determined. Russian banks have similar methods of qualitative assessment in some parameters. So, almost all banks consider indicators of financial stability, business activity, liquidity and profitability and collateral liquidity. The difference lies in the number of indicators corresponding to one measure, and in a specific gravity of indicators during the formation of the assessment. It should be emphasized that each bank has its own understanding of risk, based on knowledge about the customers, the volume and the price of credit resources and experience of risk management (Kostuchenko, 2010). From a quantitative point of view, the credit risk is a function of the parameters of the loan and the borrower. The degree of risk, associated with the borrower and the type of loan, is based on an assessment of the various types of risks that arise with a loan. The modern approach to quantitative assessment of credit risk is based on VaR (Value at Risk) concept, which has become the accepted standard for assessing market risks (Kostuchenko, 2010). The VaR concept is a foundation of risk-based capital or, equivalently, economic capital. The VaR methodology aims at valuing potential losses resulting from current risks and relies on simple facts and principles. VaR recognizes that the loss over a portfolio of transactions could extend to the entire portfolio, but this is an event that has a zero probability given the effective portfolio diversification of banks. Therefore, measuring potential losses requires some rule for defining their magnitude for a diversified portfolio. VaR is the upper bound of losses that should not be exceeded in more than a small fraction of all future outcomes. Management and regulators define benchmarks for this small preset fraction, called the confidence level, measuring the appetite for risk of banks. Economic capital is VaR-based and crystallizes the quantified present value of potential future losses for making sure that banks have enough capital to sustain worst-case losses. Such risk valuation potentially extends to all main risks (Bessis, 2002). VaR is defined as an estimate of the probability and size of the potential loss to be expected over a given period, and is now a standard tool in risk management. It has become especially important following the 1995 amendment to the Basel Accord, whereby banks and other Authorized Deposit-taking Institutions (ADIs) were permitted (and encouraged) to use internal models to forecast daily VaR (Jorion, 2000). The last decade has witnessed a growing academic and professional literature comparing alternative modeling approaches to determine how to measure VaR, especially for large portfolios of financial assets. 14

25 The Basel Committee on Banking Supervision (2015) proposes to calculate the risk coefficient using the external credit ratings or its own (internal) system of assets rating and off-balance sheet items (for the calculation of capital requirements). External credit ratings published by specialized rating agencies like Moody s, Standard & Poor s, Fitch. The ratings are set in accordance with the solvency of the borrower's country and the circulation term liabilities or a single loan product (AAA, BB, D, etc.) (BCBS, 2000b). Internal credit rating is determined by the Bank by evaluating certain factors, reflecting the probability of repayment of the debt completely and on time. The general evaluation criteria can be solvency of the organization, characteristics of the credit product, the assessment of the environment, etc. These rating assessments can be used for reporting on the quality of the loan portfolio, determining the required level of capital and reserves, determining the cost of credit products and other management decision-making (Kostuchenko, 2010). One main challenge of credit risk management is to make default risks assessable. For this purpose Eva Lütkebohmert (2009) presents several risk measures based on the portfolio loss distributions. These are typically statistical quantities describing the conditional or unconditional loss distribution of the portfolio over some predetermined time horizon. The expected loss and unexpected loss are defined as the expectation and standard deviation, respectively, of the portfolio loss variable. Further representatives are the Value-at-Risk (VaR) and the Expected Shortfall (ES). Based on the expected loss and Value-at-Risk, the concept of economic capital of a portfolio is introduced. Expected loss and unexpected loss Expected loss ( ) is the loss that can be incurred as a result of lending to a company that may default. It is the average loss in value over a specified period. EL for a single asset is calculated by using the following formula (Lütkebohmert, 2009): = (1) (Adjusted Exposure) is equal to outstanding loan amount (OS) plus the percentage of unused loan commitment (COM) drawn-down by the borrower; known as the usage given default (UGD). (Loss Given Default) is the credit loss incurred if an obligor of the bank defaults. (Probability of default) is the likelihood that a loan will not be repaid and will fall into default. It must be calculated for each borrower. The credit history of the borrower and the nature of the investment must be taken into consideration when calculating PD (Schuermann, 2004). To calculate for a portfolio we must add the expected losses of the individual assets; formula below (Lütkebohmert, 2009): 15

26 = (2) Unexpected loss (UL) for a single asset is calculated by using the following formula: = [( )+ ( )] (3) To calculate the UL for a portfolio, we need to use a more complex formula. Below is the formula for a 2 asset portfolio: = [ + + 2, ( ) (4) The UL of the portfolio will be less than the sum of the ULs for the individual assets due to diversification benefits (Jorion, 2009). Value at Risk Value-at-Risk describes the maximally possible loss which is not exceeded in a given time period with a given high probability, the so-called confidence level. A formal definition is the following. Given some confidence level (0;1). The Value-at-Risk (VaR) of a portfolio with loss variable L at the confidence level q is given by the smallest number x such that the probability that L exceeds x is not larger than (1 q). Formally, ( ) = inf{ : ( > ) 1 } = inf{ : ( ) } (5) Here ( ) = ( ) is the distribution function of the loss variable. Thus, VaR is simply a quantile of the loss distribution. In general, VaR can be derived for different holding periods and different confidence levels. In credit risk management, however, the holding period is typically one year and typical values for q are 95% or 99% (Lütkebohmert, 2009). Expected Shortfall Expected Shortfall ( ) is closely related to VaR. Instead of using a fixed confidence level, as in the concept of VaR, one averages VaR over all confidence levels u q for some (0;1). Thus, the tail behavior of the loss distribution is taken into account. Formally, we define as follows. For a loss with [ ]< and distribution function, at confidence level (0;1) is defined as: = ( ) (6) By this definition it is obvious that. If the loss variable is integrable with continuous distribution function, the following Lemma holds. Lemma: For integrable loss variable L with continuous distribution function (0;1), we have: 16 and any

27 = [ ; ( )] = ; ( ) (7) where we have used the notation [ ; ] [ 1 ] for a generic integrable random variable X and a generic set. In the discontinuous case, a more complicated formula holds: Economic Capital = ( ; ( ) + ( ) (1 ( ( )))) (8) Since there is a significant likelihood that losses will exceed the portfolio s EL by more than one standard deviation of the portfolio loss, holding the UL of a portfolio as a risk capital for cases of financial distress might not be appropriate. The concept of economic capital ( ) is a widely used approach for bank internal credit risk models. The economic capital for a given confidence level is defined as the Value-at-Risk ( ) at level of the portfolio loss minus the expected loss EL of the portfolio: = ( ) (9) For a confidence level q = 99.98%, the can be interpreted as the (onaverage) appropriate capital to cover unexpected losses in 9,998 out of 10,000 years, where a time horizon of one year is assumed. Hence it represents the capital, a bank should reserve to limit the probability of default to a given confidence level. The VaR is reduced by the EL due to the common decomposition of total risk capital, that is VaR, into a part covering expected losses and a part reserved for unexpected losses (Lütkebohmert, 2009). Rationing loans is one of the means by which banks minimize credit risk (Matthews and Thompson, 2008). A general loan formula is given by: is the funding rate, is the default rate is the repayment rate. = 1 (10) = 1 (11) The recognition of risk and the potential of unexpected losses give rise to the concept of risk-adjusted capital or CAR. In turn, the allocation of CAR to specific bank activity gives rise to the concept of risk-adjusted return on capital (RAROC). 17

28 The RAROC is an indicator adopted by banks worldwide, according to Buch and Dorfleitner (2011), being also recommended by the bank for international settlements (BIS). Its standard formula created by Bankers Trust is given below: = (12) The RAROC ratio depends on consistent definitions of the numerator and the denominator (Bessis, 2007). The RAROC is the ratio between a risk-adjusted return measurement and the measurement of capital allocated. Despite the Basel Accords guidelines, several studies and proposals emerged, addressing which would be the best return and capital measurements to be employed in the calculation of the RAROC (Lima et al., 2014). In particular it is a useful tool for the loan officer to decide to accept or reject a loan application if the expected RAROC is less than, equal to or greater than some benchmark rate. A common measure of RAROC is given by (Matthews and Thompson, 2008): is revenues generated from the loan; is costs; is expected loss; is the capital allocated to the activity is the risk-free rate of return. = + (13) Revenue could include expected fee income from the account as well as the expected loan interest payments. Costs could include operational and maintenance costs as well as the funding cost of the loan. The inclusion of the risk-free rate provides the return beyond which the loan transaction must reach, and represents the opportunity cost for shareholders (Matthews and Thompson, 2008). 18

29 3 RESERARCH OF RISK MANAGEMENT EXAMPLES FROM RUSSIAN BANKING 3.1 Risks management trends in Russian Federation banking system Risk management in banking has been transformed over the past decade, largely in response to regulations that emerged from the global financial crisis and the fines levied in its wake (Härle et al., 2016). At the present stage of development, Russian banks have faced with the necessity to elaborate a new risk management system, which is due to the increased risk of operations and changes in approaches to risk management in general. First of all, it is connected with the importance to maintain profitability and competitiveness (Korableva and Kalimullina, 2016). The banking risks are always high in the conditions of uncertainty and instability (Borisova and Maklakova, 2015). During the last couple of years the Russian economy was marked by severe problems, those could turn into a quite long-lasting recession. Could the companies, which received loans from the banks, keep the planned production volume, recoup the invested funds and pay for loans? The economic sanctions against Russia and low commodity prices caused significant damage and economic turmoil (Bikár et al., 2016). A closed access to foreign financial markets for big companies and banks with state participation influenced the whole economy: company's financial position has deteriorated, production rates have fallen, and consumption growth has slowed (Borisova and Maklakova, 2015). For a long time growth of Russian economy has been associated with the materials sector. Russian economy grew with the increase of oil prices. There are dynamics of oil price Brent for last decade in the Table 1. Table 1: The dynamics of oil price Brent changes Note: The data are in USD per barrel Source: Nasdaq, 2017 Starting from June 23, 2014, there was a steady downward trend of prices. These changes of trend impacted to condition of Russian companies. Loan arrears of resident legal entities and individual entrepreneurs have increased (Borisova and Maklakova, 2015). It means that credit risks in banks have also increased, because they are closely connected with the financial state of companies that they service. During 2016, the price per barrel of Urals oil fluctuated between $ per barrel, reaching a local minimum of $ 24.5 per barrel in January The dynamics of the 19

30 Russian ruble exchange rate during 2016 was determined by the dynamics of oil prices and the reduction of geopolitical risks. By the end of January 2016, the exchange rate had reached 82 rubles per US dollar, following the cheapening of oil. But the gradual rise in oil prices and the reduction of geopolitical tensions around Russia was followed by the strengthening of the ruble. By the end of December 2016, the ruble strengthened to 60.7 rubles per US dollar, that is, 16.8 % for 2016 as a whole. Significant activation of license revocation has become a central tendency in the development of Russia's banking system in recent years. The Table 2 shows the number of operating banks for last decade in Russia. Table 2: The numbers of credit institutions in Russia over the past 10 years Source: Central Bank of Russia, 2017 Thus, the Russian banking sector follows the European way of development: the reduction in the number of credit institutions and the increase in the share of banks with state participation. Banks are under the pressure from the government (license revocation, strengthening of control over the banking activities) and from the population, whose trust to the banking system is reduced due to the mass revocation of licenses. We present the number of credit institutions whose license was annulled in Figure 2. Figure 2: The dynamics of cancellation of licenses of credit institutions Credit institutions whose license was annulled Source: Central Bank of Russia, 2017 This Figure reflects the significant increase in the number of credit institutions, whose license was revoked in 2014 as compared to Statistics in the past two years 20

31 shows that the reduction of banks continues rapidly. Statistics on and shows that the reduction of banks accelerated massively (101 banks per 2015 and 110 per 2016). The number of banks was declined 89 units in In 2013 the reduction was only 33 units. Thus, banks have to adapt to the transformation of the Russian banking system. By 2025, risk functions in banks will likely need to be fundamentally different than they are today. As hard as it may be to believe, the next ten years in risk management may be subject to more transformation than the last decade. And unless banks start to act now and prepare for these longer-term changes, they may be overwhelmed by the new requirements and demands they will face (Härle, Havas and Samandari, 2016). IT and data will likely be much more sophisticated, often employing big data and complex algorithms. As a result, the risk function may be able to make better risk decisions at lower operating costs while creating superior customer experiences. While many other occurrences that will have a substantial impact on risk functions over the next decade are unpredictable, Härle, Havas and Samandari (2016) believe that at least six key trends are powerful and certain enough to help paint a picture of the future risk function. 1. Continued expansion of the breadth and depth of regulation. Public and state tolerance for bank failures has declined since the global financial crisis. After 2008, new regulations were focused on expanding the regulatory framework by tightening micro- and macroprudential regulation in all areas. Open positions continue to include the future of internal models for calculating regulatory capital and the potential use of a standardized approach as a minimum. It is expected that Basel IV will reduce the complexity of domestic models of banks to narrow the differences between internal modeling and a standardized approach. Such likely changes can have significant consequences, especially for low-risk portfolios such as mortgages or highquality corporate loans. As the rules become ever more complex and the consequences of noncompliance ever more severe, banks will likely have no choice but to eliminate human interventions as much as possible in risk s dealings with customers and to hardwire the right behaviors into their products, services, and processes. Where these interventions cannot be automated, robust surveillance and monitoring will be increasingly critical. This is the only way to ensure a very low error rate within the first line of defense and to allow proper oversight by the second line. 2. Changing customer expectations. Over the next decade, shifts in customer expectations and technology are expected to cause massive alterations in banking and give it an entirely different profile. By then, widespread technology use is likely to be the norm for customers. The current techsavvy younger generation will be the major revenue contributor to banks by 2025, because banks make most of their money with customers over 40. Simultaneously, older bank customers are expected to adopt technology at a much higher rate. 21

32 Over the last two years, the amount of innovation has increased across the sector, and investment in financial-technology start-ups has grown rapidly. Innovation affects every part of the value chain, but the most important disruption will probably occur in banks origination and sales processes. Financial-technology and technology-firm attackers do not want to become banks; instead, they want to take over the direct customer relationship and tap into the most lucrative parts of the value chain: origination, sales, and distribution. Technology will enable banks and their competitors to offer increasingly customized services. Technology also enables banks and their competitors to offer increasingly customized services. Banks have to offer rapid real-time answers to customer requests (e.g., applications for loans, opening accounts) with highly customized processes. To achieve this, risk functions will likely need to find ways to help banks assess risks and make decisions without human intervention. Some banks are now designing accountopening processes where most of the requested data are prepopulated from public sources to make the onboarding experience as simple, seamless, and short as possible. In such cases, the risk function s challenge is to enable a secure yet customer-friendly approach for identification and verification. As banks become more sophisticated in their customer segmentation and offerings, they may eventually be able to create the segment of one where they can tailor prices and products to each individual. However, this customization costs banks dearly because of the much more complex supporting processes. Also, regulators are likely to constrain banks in an attempt to protect consumers from inappropriate pricing and approval decisions. Risk functions will be expected to work with operations and other functions to find ways to manage these emerging concerns while still providing highly customized solutions. 3. Technology and analytics as a risk muscle. Technology will enable new risk management techniques, often coupled with advanced analytics. The proliferation of new technologies provides cheaper, faster computing power and data storage, which enable better risk decision support and process integration. Big data, machine learning, and crowdsourcing illustrate the potential impact: Big data. Faster, cheaper computing power enables risk functions to use reams of structured and unstructured customer information to help them make better credit risk decisions, monitor portfolios for early evidence of problems, detect financial crime, and predict operational losses. Machine learning. This method improves the accuracy of risk models by identifying complex, nonlinear patterns in large data sets. Every bit of new information is used to increase the predictive power of the model. Crowdsourcing. The Internet enables the crowdsourcing of ideas, which many incumbent companies use to improve their effectiveness. 4. Additional (nonfinancial) risk types are emerging. Although management of financial risks has advanced significantly over the last 20 years, this is not the case for other risk types, particularly nonfinancial ones. The 22

33 tremendous increase in fines, damages, and legal costs related to operational and compliance risk over the past five years has forced banks to pay much more attention to these risks. This will probably increase even further, due to the regulatory trends and given the expected rise in capital requirements for operational risk. Risk function will have to detect and manage new and unfamiliar risks over the next decade. For example: Model risk. Banks increasing dependence on business modeling requires that risk managers understand and manage model risk better. Risk of cyber attacks. Most banks have already made protection against cyber attacks a top strategic priority, but cyber security will only increase in importance and require ever greater resources. As banks store an increasing amount of data about their customers, the exposure to cyber attacks is likely to further grow. Contangion risk. Banks are more vulnerable to financial contagion in a global market. Negative market developments can quickly spread to other parts of a bank, other markets, and other involved parties. Banks need to measure and track their exposure to contagion and its potential impact on performance. 5. Better risk decisions through the elimination of biases. Biases are highly relevant for bank risk-management functions, as banks are in the business of taking risk, and every risk decision is subject to biases. Leading academics and practitioners have developed techniques for overcoming such biases, and various industries are beginning to apply them. Banks are also likely to deploy techniques to remove bias from decision making, including analytical measures that provide decision makers with more fact-based inputs, debate techniques that help remove biases from conversations and decisions, and organizational measures that embed new ways of decision making. 6. Need for strong cost savings. Banks will possibly need to rethink their operating costs so they can deliver more value at lower cost, because of emergence of low-cost digital attackers. At the same time, they will need to invest substantially to address many of the structural trends described earlier. Banks in developed countries have included risk-management systems in their structures for quite a long time and have developed a culture of risk management. By contrast, in countries with emerging-market newly created risk management systems are now appearing on the agenda of bank CEOs and their boards (Korableva and Kalimullina, 2016). Risk teams that once focused only on measurement, compliance, and control must now shift toward mitigating challenges on credit, capital allocation, and liquidity or funding (Costa et al., 2014). In 2014, the consulting firm McKinsey carried out research into practices in enterprise risk management with the support of the Risk Management Association. This identified 23

34 four main issues for banks in transition economies, as they seek to address big picture challenges (Costa et al., 2014): 1. Create a risk culture. Risk culture encompasses the mechanisms and approaches an institution deploys to strengthen mind-sets and behaviors, such as fostering an open and respectful atmosphere in which employees feel encouraged to speak up when observing new risks. Traditionally, banks in emerging markets have not properly managed the diffusion of risk culture across the organization. One explanation is that fostering such an atmosphere not only requires the involvement of a multitude of stakeholders but also takes time. But in the current banking environment, in which banks are acting more decisively to respond to existing and emerging risks, it is increasingly important to act on risk culture. Many banks have recently begun initiatives to enhance risk culture for example, by setting up dedicated sessions with business, risk, and control functions to think through a set of potential risk-response scenarios ahead of time; by explicitly defining the expected actions for all stakeholders; and by engaging in and publishing test runs that will strengthen and reinforce a strong risk culture in the risk function and the overall business. Additionally, many emergingmarket banks intend to introduce or upgrade institutional frameworks on risk to promote prudent decision making. This has been strongly recommended by regulators, who are concerned about banks strengthening risk management and governance. 2. Improve the collections process. Collections have not been a priority area for emerging-market banks, and there is significant room for performance improvement. For example, loan-loss impairments for emerging-market banks nearly tripled to 34 billion between 2007 and Addressing this issue requires two steps: identifying actions on nonperforming loans that can have an immediate positive impact on bank performance, and supporting improvements to credit management related to a defined recovery strategy, organizational structures and processes, and systems. Programs of this sort can have a huge impact: in Eastern Europe, for instance, banks have been able to reduce their stock of nonperforming loans by as much as 20 percent. 3. Develop innovative risk models. Emerging-market banks need to make betterinformed credit decisions. There is a scarcity of information on creditworthiness, whether in the form of reliable financial data about customers (especially for small and midsize enterprises), credit-bureau information, or historical performance data. Given these gaps, banks have strong incentives to invest in developing risk models that incorporate both qualitative and quantitative factors. Where credit bureaus are active, they are having an impact. Bank leaders should understand that having access to better information in an environment where information is not readily available offers a significant competitive edge. It is time that informed bank leaders move to take advantage of this, seeking not just to acquire these capabilities but also to use them. 4. Rethink capital allocation. Bank capital will be increasingly scarce in most markets. Yet banks can support business growth and unlock profit potential by understanding where current capital is consumed and optimizing its absorption. We have seen some banks establish a capital-based threshold at which they retain a client s business. Others seek more collateral or push for more favorable collateral from a risk-weightedasset standpoint and add covenants to mitigate rating drift. Emerging-market banks 24

35 can also optimize their product portfolio for capital consumption, steering customers toward receivables-based financing rather than working-capital financing. Among these areas particularly worth mentioning are the creations of innovative models for risk management. The researchers Chornous and Ursulenko (2013) also stress that the main direction of banking risk management improvement is the methodological framework development for risk assessment and banking information systems. The role of a systematic approach to risk assessment is often underestimated in Russian banks. The task of constructing automated risk management system is far from the first place among the priorities of development. In many ways it can be explained by lack of methodological and practical experience in this area, which began to develop in the country only since the beginning of the 1990s (Kostuchenko, 2010). However, the attention to risk management is enhanced in Russian financial institutions. The implementation of the Basel standards contributes to this development. They imply a fairly high level of risk management in financial institutions. The difference between the Russian banking sector and the West is the dynamics of its development. If the West has developed and formed risk management over decades, this area is relatively new for the Russian financial market. In the beginning of the 2000s a concept, such as VAR was abstract, without any association to their application for many bankers. But now there is a qualitative leap in risk management, as the best Western practices is adapted to Russian conditions (Moiseev, 2014). Thus, unfortunately, everything that was invented and exist in the West cannot be transferred to Russian Federation in the same form. This is due to the fundamental difference between the approaches to the conduct of banking business. But now Russian banking business in general might be termed catching-up. 3.2 Systems and tools for risk-management selected issues for banks Modern bank is an IT-company with a license to provide financial services, since information technology is a necessary means of implementation of modern banking services. Digitization has become deeply embedded in banking strategy, as nearly all businesses and activities have been slated for digital transformations. The significant advantages of digitization, with respect to customer experience, revenue, and cost, have become increasingly compelling. The momentum to adopt the new technologies and operating models needed to capture these benefits continues to build. The risk function, which has seen significant growth in costs over the past decade, should be no exception. Indeed, we are starting to see digital transformations in risk create real business value by improving efficiency and the quality of risk decisions. A digitized risk function also provides better monitoring and control and more effective regulatory compliance (Ganguly et al., 2017). The most popular risk management software in the world are (Capterra, 2017a): 25

36 Active Risk Manager (by Sword Active Risk), ibalance (by softtarget), Xcellerator (by Incisive Software), Protecht.ERM (by Protecht). Table 3: The world risk management software Active Risk Manager ibalance Xcellerator Protecht.ERM Users Risk Management, Project Management, Incident Management, Business Continuity, Internal Audit and Information Security professionals. Those that embrace the management of risk to deliver business objectives. For private and institutional wealth managers, family offices, advisors, etc. Financial Services, Energy, Government, High Tech, Manufacturing, Health Care, Life Sciences Scalable and accessible from wherever you are, it is suitable for all organization types and sizes, which are looking to embed risk management throughout the business. Custom er Size Platform Cloud, Windows Cloud Windows Cloud Features Operational Risk Management Compliance Management, Portfolio Management, Portfolio Modeling Compliance Management, Operational Risk Management, Portfolio Modeling, Risk Analytics Benchmarks, Stress Tests, Value At Risk Calculation Compliance Management, Liquidity Analysis, Loan Portfolio Management, Market Risk Management, Operational Risk Management, Portfolio Management, Stress Tests, Value At Risk Calculation Support 24/7 (Live Rep) Business Hours Online 24/7 (Live Rep) Business Hours Business Hours Online Source: Capterras,

37 The functions of risk management are used by many Russian banks and are included in almost all modern Russian banking systems such as RSBank 5, Diasoft 5NT, etc. (Badrtdinova, 2016). The Russian banks use their own and custom IT-solutions. It can be both domestic and foreign developers. Research Company Meridien Research shared all companies-developers of software for risk management into two groups: the "leaders" and followers. Leaders offer fully integrated, comprehensive tools for strategic planning and analysis of market, credit and other types of risks. Followers offer risk identification systems adapted for a specific business task (Shironina and Nosova, 2012). The largest companies pertaining to the "leaders" are Algorithmics, SunGard Trading and Risk and SAS Risk Management. These companies offer comprehensive solutions for risk management at the level of the whole bank; the main users are risk-managers (Shironina and Nosova, 2012). Algorithmics programs are used by the largest banks in the world. Also, its products are used by the largest insurers and stockbrokers such as Allianz Group, Bluecrest, HSBC, Nedbank, Nomura, Societe Generale, and Scotia Capital (Shironina and Nosova, 2012). Followers include: BARRA, IQ Financial, IRIS, Kamakura, MKI Risk, RiskMetrics Group (Shironina and Nosova, 2012). Among the specialized tools of financial risk management used in Russian banks there were three main products, which were developed by Western companies (Avdoshin, 2011): SAS Risk Management (by SAS Institute), EGAR Focus (by EGAR Technology), Kondor+ ( by Reuters). They were the most commonly used software packages, found on the Russian market. 1. SAS Risk Management is widely recognized as the world solution for risk management at the level of the whole bank. It is unified, quantitative risk management software that includes: integrated, comprehensive data management, predictive analytics, reporting (Capterra, 2016). SAS Risk Management has a flexible, open and extensible environment of risk management that allows to fully reflect the Russian specifics and relevant for Russian financial institutions problems. SAS Risk Management for Banking is a complete, integrated solution for risk management in banking. It is based on SAS software s core functionality and covers the entire spectrum of risk types including market, credit and liquidity risk (SAS Institute, 2013). SAS Risk Management for Banking supports a bank s risk management activities by delivering functionality for all major risk types, as well as data management and reporting. The solution allows business units to calculate risk measures e.g., market, 27

38 credit and ALM independently and separately, using models and correlated aggregation techniques. The solution s integrated risk applications can be used together, individually or in any combination, enabling you to start in one area (e.g., market risk) and then expand usage to other areas (e.g., credit risk or ALM) as needed (SAS Institute, 2013). The main used components are RTDM, Miner, Enterprise Guide, DI Studio and SAS DB (Moiseev, 2014). 2. EGAR Focus provides straight through processing systems to meet the needs of multiple operational units from different front office trading desks, to complete support of middle and back office operations across multiple business units (Egar Technology, 2016). EGAR Focus is a modular, fully integrated position keeping system with pricing, reporting, asset and risk management features supporting trading of over-the-counter and exchange-traded derivatives (Avdoshin, 2011). FOCUS supports virtually all existing trade types and instruments on Russian OTC- and exchange markets, including stock market, foreign exchange margin trading, bonds, promissory notes, money market, and derivatives. Integration adapters to Moscow Interbank Currency Exchange (MICEX) and Russian Trading System (RTS) platforms/trading floors of Moscow exchange, MICEX market maker tools are available. The system supports baskets futures on Futures & Options of Russian Trading System (FORTS) (Egar Technology, 2016). 3. Kondor + most fully covers the functional area of dealing departments of investment banks, also is used for the evaluation and monitoring of liquidity risk and interest rate risk. Kondor + is a system of conducting positions in real time, with a wide range of intelligent and flexible means of transaction management and a wide range of financial instruments (Systematica, 2012). The system allows to analyze profits and losses, as well as to calculate the level of risk on any part of the bank trade structure and any combination of financial instruments online. The operational and strategic decisions in area of ALM of bank are made on the basis of the data and reporting. Additional module KVaR + can be useful for calculating and controlling the level of market risk and allows to control in an operative mode the risk on trading and investment positions of the bank in the context of individual instruments, portfolio tools, departments and individual traders (Avdoshin, 2011). These solutions, as mentioned, are presented by Western companies and they are comprehensive solutions for managing different types of financial risks. Unfortunately, not all banks can afford to use such expensive systems. Therefore many Russian banks common practice to create their own development in the field of risk management, providing assessment and management of key banking risks: credit, market and operational. The largest suppliers of IT for Russian banks are presented In the Table 3. 28

39 Table 4: The largest suppliers of IT for banks in 2015 Company Revenue from financial sector projects, thousands RUB Revenue growth 2015/2014, % Share of financial sector projects in total revenues Сustomers 1 Sberbanktechnology 15,200, Sberbank 2 CFT 14,597, Nordea Bank, Expobank, Russian Standard Bank, OTP Bank, the Moscow-Paris Bank, Devon Credit Bank 3 ITG 11,727, Sberbank, VTB 24, Gazprombank, Alfa-Bank, Zenith Bank, Raiffeisen Bank, Russian Standard Bank, Confidence Bank 4 Technoserv 10,719, Not available 5 I-Teco 7,972, Not available 6 Croc 7,037, Rusfinance Bank, Uralsib, MDM Bank, Home Credit and Finance Bank 7 Infosystems Jet 6,833, UniCredit Bank, Rosbank, Bank of Moscow, VTB24 and others 8 Asteros 4,703, Sberbank, Tinkoff Bank, VTB, Rosselkhozbank 9 Lanit 4,619, Central Bank of Russia, Sberbank, Gazprombank, Russian Standard Bank, Renaissance Credit, Rosbank, Moscow Credit Bank, Rosselkhozbank, Finprombank 10 Cognitive Technologies 2,142, Not available Source: CNews Analytics, 2016 Russian developers take the average niche of the domestic market over the past years. The most famous among them are CFT, ITG, Intersoftlab, etc. 29

40 The market of Russian financial risk management systems is much weaker than the Western one. Typically, the systems present tools for assessing market risks and portfolio analysis and are developed as applications to banking systems, offered by development companies. The first hypothesis was that risk management support systems in Russian banks are on early stage of use. The study in Chapter 3 showed that risk management in emerging markets, including Russia, is not sufficiently developed compared to Europe. This applies not only to the culture of risk management, but also to the risk management support systems. The role of automated risk management systems was often underestimated in Russian banks. However, attention to risk management is enhanced in Russian banks and Russian developers of software. Thus, we can conclude that Hypothesis 1 was confirmed. Now, the market of banking risk management system can be called catching up. Nevertheless, it seems premature to talk about a comparable level of risk management in Russian and international banks. 30

41 4 CASE ANALYSIS (PJSC SBERBANK ) 4.1 History and profile of the company Sberbank of Russia is a state-owned public joint-stock company headquartered in Moscow. It has operations in several European and post-soviet countries. The main shareholder and founder of the Sberbank is the Central Bank of the Russian Federation, which owns 50 % of the authorized capital plus one voting share. Other shareholders of the Bank are international and Russian investors (Sberbank, 2017). Sberbank today is one third of Russian banking system. It is the leader of Russian banking industry accounts for almost 30 % of aggregate banking assets. Figure 3: The logo of Sberbank History of Sberbank Source: Sberbank, 2017 Sberbank's history goes back to Cancrin's financial reform of 1841, when a network of the first state-owned savings banks was created in Russia. By the end of the 19th century, the network reached almost 4 thousand outlets with over 2 million depositors. Since 1905, savings banks have received permission to sell insurance. After 1910, savings banks began to provide loans and loans to small creditors. In 1915, savings banks began accepting government securities for depositing. After the October Revolution of 1917, the state savings banks system continued its activity and growth under the management of the Finance Ministry of the USSR as the State Labour Savings Banks System. From 1926, the saving bank outlets were used to pay wages to blue- and white-collar workers. The savings banks were used to distribute state lottery tickets and for the placement of state bonds with the population. The savings banks introduced wider services, such as money transfers. By late 1980s, the Soviet savings bank system had almost 80 thousand branches. As part of Perestroika reforms, in 1987 the savings bank outlets are reorganised into the Savings Bank of the USSR. Within the Savings bank of the USSR, separate savings banks were created in the Soviet Republics. Following the dissolution of the USSR, the former republican savings banks became state savings banks of the newly independent post- Soviet states. 31

42 In 1991, the Savings bank of the RSFSR has been reorganised into the Joint-Stock Commercial Savings Bank of the Russian Federation (Sberbank of Russia). The current Sberbank has almost nothing left to remind us of the savings offices, in the form of which the Bank functioned for such a long period of time. The possibility of changing and moving forward means, that Sberbank is currently in excellent condition. As the oldest and largest Russian bank, Sberbank does not stop to compete openly and conscientiously with other players in the banking market, without detaching itself from the pulse of financial and technological changes. Sberbank not only keeps pace with modern market trends, but even ahead of them, confidently knowing its way around the radically changing technologies and customer preferences. The bank today is the largest bank in Central and Eastern Europe and the key lender to the Russian economy and the biggest receiver of deposits in Russia: 45 % of retail deposits, 38 % of retail loans and 33 % of loans to corporate customers. Sberbank has 14 territorial banks and over 16.5 thousand branches in all 83 constituent entities of the Russian Federation. Sberbank Group covers 22 countries and the number of its customers outside of Russia has reached 10 million. The share of international business is 14 % of total assets. Its international operations include Commonwealth of Independent States, Central and Eastern Europe, Turkey, UK, USA and other countries. Sberbank services over 137 million retail clients and over 1.1 million corporate clients in 22 countries. The spectrum of services of the bank is as wide as possible. The main directions of activity: 1. Operations with corporate clients: servicing settlement and current accounts, opening of deposits, provision of financing, issue of guarantees, servicing of export-import operations, encashment, conversion services, money transfers, etc. 2. Operations with retail clients: acceptance of funds in deposits and securities of the bank, crediting, bank cards, current exchange, operations with precious metals, 32

43 payments, money transfers, storage of valuables, etc. 3. Operations in the financial markets: with securities, derivatives, foreign currency, placement and attraction of funds in the interbank market and capital markets, etc. The bank has established a system of remote service channels, which includes: Оnline banking Sberbank Online (more than 24 million active users); Smartphone application Sberbank Online (more than 1 million active users); SMS service Mobile Bank (more than 24 million active users); Large network of ATMs and self-service terminals (more than 90 thousand units). So, in its pursuit of even more convenient, modern and processable service, Sberbank is continually improving the opportunities of customers to control their accounts remotely. Sberbank is the largest issuer of debit and credit cards. Through a joint bank with BNP Paribas, Sberbank operates as a POS-lender under the Cetelem brand using the 'responsible lending' concept. The Bank services all groups of corporate customers, small and medium businesses accounting for 33 % of the Bank's corporate credit portfolio. The remaining portion is attributed to crediting large and largest corporate customers Financial position of Sberbank Despite complex macroeconomic conditions Sberbank s was able to remain stable and to recover profitability without decelerating the pace of transformation. Table 4 presents assets and liabilities of the bank for the last 10 years. 33

44 Table 5: Assets and liabilities of Sberbank Year Assets 4928, Liabilities Own funds Liabilities and own funds Note: The data are in bln. RUB Source: IFRS financial statements of Sberbank, ( ) Figure 4: Assets of Sberbank Source: IFRS financial statements of Sberbank, ( ) Figure 4 shows that the assets from year to year were constantly increasing. Their decline in 2016 was mainly due to a decrease in the loan portfolio of customers. The growth of balance sheet items was also affected by the negative revaluation of their currency component due to the appreciation of the ruble against major foreign currencies. 34

45 Figure 5: Liabilities of Sberbank Source: IFRS financial statements of Sberbank, ( ) The dynamics of liabilities is shown in Figure 5. The main source of funding for active operations is customer funds. The changes in net profit of Sberbank in the last 10 years are presented in table 5. Table 6: Net profit of the bank Year Net profit Note: The data are in bln. RUB Source: IFRS financial statements of Sberbank, ( ) 35

46 Figure 6: The dynamics of net profit of the bank Source: IFRS financial statements of Sberbank, ( ) After the consequences of the 2008 crisis, the net profit of Sberbank gradually increased. However, in 2014 and 2015 the profit decreased by and percent, respectively. This was due to the trends of 2014 and 2015: 1. To maintain active operations, Sberbank used instruments to raise funds from the Bank of Russia and the Federal Treasury, whose value increased particularly strongly in December 2014 after the Bank of Russia raised the key rate to 17 %. 2. In conditions of insufficient inflow of funds into deposits, Sberbank increased the volume of attracted funds of legal entities. Their cost in the market is also increased significantly in December The Bank diversified liabilities by issuing Eurobonds and subordinated bonds, as well as raising funds in the framework of the program for the issuance of Eurocommercial securities. In June a subordinated loan from the Bank of Russia for a total of 200 billion rubles was received. 4. There was depreciation of the ruble, which required the creation of reserves for foreign currency loans without deteriorating their quality. 5. The bank had to increase impairments due to the deterioration in the quality of the loan portfolio of both corporate and retail customers against the backdrop of the macroeconomic situation. In accordance with IFRS financial statements 2016: Sberbank has the following Financial Highlights: 1. The bank s net profit reached bln. RUB. 2. The bank s earnings per compared to share (EPS) came at RUB25.00, up by % 36

47 3. The bank s return on equity (ROE) reached 20.8 % p.a., compared to 10.2 % a year ago. 4. The bank s capital position improved during the year, with core capital adequacy ratio up by 340 basis points to 12.3 %, while total capital adequacy ratio reached 15.7 %, up by 310 basis points during the year. 5. The annual cost of risk (CoR) came at 177 bp, down by 77 basis points compared to CoR of the retail portfolio was 130 bp, down by 85 basis points compared to 2015, while CoR of the corporate portfolio was 194 bp, down by 74 basis points compared to Cost-to-income ratio improved to 39.7 % in 2016 compared to 43.7 % a year ago. 7. Net income from insurance and pension fund businesses increased by 63.0 % during the year. In 2016, record net income and 140 % increase in earnings per share have been achieved due to the significant growth in efficiency and radical changes in all the bank's business processes. 4.2 Risk management system in the bank The risk management system is part of the overall management system of the Group and is aimed at ensuring the sustainable development of the Bank and the Group's participants in the implementation of the development strategy approved by the Bank's Supervisory Board (Sberbank, 2015). The risk management system is based on the standards and instruments recommended by the Basel Committee on Banking Supervision and meets the requirements of the best world practices. The basic principles under which the Bank and the Group members form a risk and capital management system are defined in the Risk Management Strategy of the PJSC Sberbank Group, approved by the Bank's Supervisory Board on September 15, The main objectives and objectives of the risk management system are: ensuring / maintaining an acceptable level of risk; ensuring capital adequacy to cover significant risks; identification, assessment, aggregation of significant risks of the Group and control over their level; ensuring efficient allocation of resources to optimize the risk / profit ratio of the Group; ensuring a common understanding of the risks at the Group level and strategic planning, taking into account the level of risk accepted. 37

48 Sberbank considers risk management an important competitive advantage and a strategic area of its business operations. Sberbank s risk management system consists of following elements (Sberbank, ): 1. Risk awareness. The decision to perform any transaction is made only after comprehensive analysis of risks arising in the course of such transaction. 2. Management of activities with regard to accepted risk. The bank assesses the adequacy of available capital by applying internal capital adequacy assessment procedures. 3. Top management involvement in risk and capital management. The Supervisory Board, President, Chairman of the Board, Executive Board, and other executive bodies of the bank as well as the supervisory councils and executive bodies of Group members receive information regularly on assumed risks and violations of any risk management procedures, limits, or restrictions. 4. Risk Limitations. The Group has an effective multilevel system of limits and restrictions ensuring maintenance of an acceptable risk level or bank risk appetite. 5. Division of functions, powers and responsibilities related to risk acceptance and management. The organizational structure of the bank and the Group members is formed with due regard for requirements prohibiting conflicts of interest and provides for the division of functions and powers of the collegiate bodies, business units, and authorized employees with regard to risk acceptance and management. The bank manages risks based on the principle of three lines of defense : risk acceptance (the first line of defense), risk management (the second line of defense), and auditing of the risk management system (the third line of defense). 6. Centralized and decentralized approaches. Bank combines centralized and decentralized approaches to the management of risks and capital adequacy to ensure maximum effectiveness. 7. Use of information technologies. Management of risks and capital adequacy is based on advanced information technologies that improve the quality and promptness of decision making. 8. Improvement of methods. Risk and capital adequacy management methods are continuously being improved, and procedures, technologies, and information systems are being refined in light of existing strategic objectives, environment changes, and innovations in international practice. 9. Risk culture. The bank is implementing a project to develop the risk culture to ensure the sustainable and effective operation of the risk management system. This project is aimed at shaping employee behavior so that they could openly discuss and respond to any existing and potential risks and also at fostering an internal mental intolerance toward ignoring or hushing up risks and risky behavior of other people. Risk culture supplements the formal existing mechanisms and makes up an essential part of the 38

49 integrated risk management system. We pay special attention to employees behavior as a practical manifestation of risk culture. 10. Labor remuneration system. The bank s Labor remuneration system ensures that the amount of employees remuneration is in line with the nature and scope of their operations, performance, and the level and combination of accepted risks. 11. Information Disclosure. All information required in compliance with regulators requirements related to risk and capital adequacy management is subject to disclosure. The content and frequency of such information are determined in accordance with regulatory requirements. The bank s risk appetite is established by the bank s Supervisory Board with due regard for the requirements of Bank of Russia and the regulators of the countries where the Group is present. Risk metrics for the bank s and Group s risk appetite include statutory capital adequacy requirements, restrictions on economic capital value, and indicators reflecting the key risk types (credit, market, liquidity, and operational risks). To ensure compliance with risk appetite, the bank and Group members have a hierarchic system of limits by business areas, material risk types, business units, and other aspects. Risk management is carried out at four levels presented at table below. Table 7: Distribution of authority and responsibility Management level 1. Supervisory Board of the Bank Authority and responsibility Approves the Group's risk and capital management strategy; Establishes risk appetite and target risk levels for the Group and the Bank; Controls compliance with risk appetite limits and achievement of target risk levels; Assesses the effectiveness of the risk management system and capital adequacy. 2. The Management Board of the Bank, the Risk Committee of the Group Manage the Group's total risk; Organize risk management processes and capital adequacy; Determine the composition of the allocated risk groups, appoint management committees for the allocated risk groups and units that provide management of the allocated risk groups. 3. Bank's risk management committees 4. Collective bodies and structural divisions of the Bank and Group members Manage certain types of risks within the limits and requirements established at the 1st and 2nd level of management Manage certain types of risks in the Bank and members of the Group within the requirements and restrictions established at the 1st, 2nd and 3rd levels of management Source: Sberbank,

50 Starting in 2013, the Group is implementing a project to develop a risk culture (Sberbank, 2015). Objectives of the project: Form employees' behavior in which they openly discuss and react to existing and potential risks; Form an internal mental attitude of intolerance to ignoring, ignoring the risks and risky behavior of others. The risk culture complements the formal mechanisms existing in the Bank and is an integral part of the risk management system. Particular attention is paid to the behavior of employees, as a practical manifestation of risk culture. The most significant risk for Sberbank is the credit risk, namely the risk that the counterparty will not be able to repay the debt in full or in part within the prescribed period. In addition, there are liquidity risks (problems associated with the insufficiency of any currency to cover the bank's liabilities), market risks (for example, adverse changes in foreign exchange rates, prices for precious metals or stock prices) and operational risks (losses caused by imperfect internal Processes, malfunctions and errors in the functioning of information systems, personnel actions, etc.) (Tadviser, 2012). In recent years, the bank has consistently implemented and improved risk management methods and processes both at the integrated level and at the level of certain types of risk (Sberbank, ). The following work was carried out on the main areas of risk management. Based on modern methods and tools for managing credit risks, the group builds unified retail lending processes that take into account the risk profile of customers and minimize the number of participants in the process through its centralization and automation. One of such processes is implemented in the "Credit Factory" technology, by which the bank provides the main types of retail loan products: consumer and housing loans, car loans, credit cards. This technology is constantly being improved: An automated verification of the property valuation report on the processing of the loan application was implemented; Automatic recognition of the passport was implemented to exclude manual verification of the correctness of entering the client's passport data; An automated system has been introduced that ensures the detection of fraud or forgery of identity documents from photographs. The group has opened a project on automation of technology "Credit conveyor". The purpose of the development is to build a transparent and managed small business credit process, reduce the bank's operating costs and the time spent working for the loan process, including processing the loan application, reducing the bank's loss due to better processing of the application. 40

51 In 2013, the main methods of collecting overdue indebtedness of individuals changed. If in previous years, Sberbank mainly used only its own units to collect the debts of the population, last year, a subsidiary company, ActiveBusinessCollection, was established, whose task is to pay back overdue debts under an agency scheme on competitive terms with other recruited collection agencies This work allowed to fix the financial result on the potential losses received in previous years and to free up resources to improve the efficiency of collection of other overdue payments by individuals. Since 2013, an automated operational risk management system has been introduced in all territorial banks. The system implements modules for self-assessment of the bank's divisions and monitoring of key risk indicators. The staff of all the units is connected to the self-assessment module. Step-by-step connection of users to the module of monitoring of key risk indicators is conducted. To improve the quality of operational risk management, risk coordinators have been appointed in all structural divisions of the bank and subsidiaries. They are constantly being held with explanatory work on the issues of identification and management of operational risks Credit risk management Sberbank views the risk as a risk of losses occurring due to the failure to perform, delay in performance, or incomplete performance by a debtor of financial liabilities under the contract (Sberbank, ). Credit risk management methods: managing risk through assessment of potential risks prior to operations; planning the level of credit risk by assessing expected losses; minimising credit risk by setting limits; structuring transactions; ensuring transaction security; applying the decision-making system; monitoring and controlling the level of credit risk. The bank has set up an Internal Ratings-based System. The foundation of the system is economic and mathematical models estimating the probability of default relating to contractors and transactions. Models are reviewed periodically using historical statistics. The risk factors assessed include those associated with the contractor s financial position and its potential changes, ownership structure, business reputation, credit record, cash flow and financial risk management system, information transparency, the client s position in the industry and the region, and the support of public authorities, parent companies, and the group to which the borrower belongs. Credit risk assessment models were validated in Risk is limited and expected losses due to the borrower s default are controlled through a system of limits available for each business line. The limit amount depends on the 41

52 borrower s risk level, which is calculated based on the borrower s financial position and other factors: external influences, management quality, business reputation rating, etc. Country limits are classified as a separate group aimed at limiting the bank s countryrelated risks. These limits restrict the geographic concentration of risks. In 2014, the bank introduced an automated control system for credit exposure limits. The main tool for reducing credit risk is risk coverage. The amount of risk coverage depends on the risk of the borrower/transaction and is fixed under the terms of loan products. The bank applies collateral policy as one of the approaches to credit risk hedging in order to improve collateral quality of loan portfolio. The collateral quality is based on the probability of obtaining funds in the amount of the estimated collateral value when selling the collateral. The Bank pays great attention to controlling the level of concentration of large credit risks. In accordance with the internal regulatory documents, the Bank implemented a procedure for daily monitoring of major credit risks and the forecast of compliance with the requirements set by the Bank of Russia for H6 standards (maximum risk per borrower or group of related borrowers) and H7 (maximum size of large credit risks). Table 8: Overdue loans Credit portfolio Overdue loans Share of overdue loans 7,658,871 9,772,750 11,978,007 15,889,379 16,869,803 17,361, , , , , , ,093, Note: The data are in mln. RUB Source: Annual reports of Sberbank, ( ) 42

53 Figure 7: The dynamics of share of overdue loans Source: Annual reports of Sberbank, ( ) The table 7 and figure 7 show that the current situation in the Russian financial sector negatively affected the activities of the Savings Bank: the share of overdue loans almost doubled for the last 6 years. In this regard, the risks of the bank have increased, and, consequently, the issue of effective management of them becomes very important. In general, for the financial and credit system of the country and for commercial banks in particular, it is necessary to take measures to reduce credit risk: to estimate the expected losses for planning the level of risk, to review the established policy of limits, and to consider the possibility of restructuring loans of certain groups of borrowers in order to improve conditions Repayment of overdue debt. 4.3 Business process of risk management in the bank Each year, the bank identifies risks and assesses their materiality. A management system is formed for each recognized material risk. The management functions for all significant risks are spread among the bank s various committees. On an integrated level, risk management is performed by the Risk Committee, the Executive Board, and the Supervisory Board of the bank. The process of risk management consists of the following steps (Figure7). 43

54 Figure 8: The process of risk management Identification of risks Formation of management systems for selected groups of risks Planning of the level of exposure to risks Managing the overall level of risk Establishing an appetite for risk Identification of risks Source: Sberbank, 2015 The Group annually conducts a procedure for identifying and assessing the materiality of risks. In the event that there have been significant changes in the external environment and within the Group that may affect the Group's risk profile, unplanned identification and assessment of the materiality of risks can be conducted. The types of risks for which the Bank of Russia establishes standards for credit institutions, banking groups and, or that are taken into account when calculating the regulatory capital of credit institutions, banking groups are always recognized as significant for the Group. The assessment of materiality of other types of risk is carried out on the basis of comparison of the maximum losses from risk and economic or regulatory capital of the Group, the Bank, and the member of the Group. A risk that cannot be quantified can be considered significant on the basis of expert judgment. Sberbank deems the following risk types to be material: credit risks of corporate and retail customers, country risk, financial institution credit risks, market risks of financial market transactions, ALM risks, loss risks due to changes in real estate value, operating risk, liquidity risk, compliance risk, tax risk, strategic risk, regulatory risk, model risk, and reputation risk. 44

55 Table 9: Risk matrix of Sberbank Risk Credit risk Liquidity risk Country risk Management The following is applied for effective risk management: Risk appetite and limit system; Internal ratings system (Sberbank is the first bank in the Russian Federation that petitioned for the use of internal ratings to assess capital adequacy); Multilevel system of decision-making powers; Sectoral strategies; Security is used to mitigate risks. The approach to liquidity management is largely dictated by the existing macroeconomic situation and the state of the Russian financial sector. With its flexible interest-rate policy and effective management of the assets and liabilities base, the bank has managed to reduce the amount of the funds borrowed from Bank of Russia by attracting customer deposits. Sberbank is more than complying with the limits of mandatory liquidity ratios established by Bank of Russia. The Bank has developed a system of country risk limits to restrict the total concentration of transactions with counterparties from any given country, including sovereign borrowers/issuers and public authorities. Financial risks market The increase in market risk in 2015 resulted from an increase in volatility caused by a shift of the historical volatility window used in modeling possible scenarios of how the value of the instruments in a portfolio may change. The stock position in the trading portfolio on Sberbank s balance sheet was liquidated. Interest rate and currency risks of the banking book Operational risk Risk of losses due to a change of the property value Compliance risk In 2015, Sberbank mitigated ruble interest rate risk by implementing a set of anticrisis measures adopted by the Bank. In , the Bank closed the currency positions of the banking book, and, consequently, the Bank did not suffer any losses due to the considerable weakening of the exchange rate of the Russian ruble compared to foreign currencies. The Bank has introduced processes for collecting internal data on operational risk incidents, self-assessment, and scenario analysis. The Bank regularly monitors its operational risk level. The users of various functional units are being gradually connected to the automated operational risk management system. The decline in real estate prices has led to the growth of economic capital to cover risk. The weight of this type of risk in the general structure of the Bank s economic capital remains consistently low. Efforts were made to improve and automate review procedures for compliance activities and adaptation of the best international practices of compliance control. The bank s Code of Corporate Ethics, 45

56 which establishes unified principles for business ethics and conduct, was approved. Legal risk Regulatory risk Tax risk Strategic risk Model risk Risk of loss of goodwill The Bank prepares reports on instances of losses (damages) incurred in connection with the realization of legal risk, the current level of legal risk, the level of legal risk management, and the current status of measures for minimizing legal risk. In 2015, after the approval of legal risk management policies in the Group members, the Group members generate and submit legal risk reports to the Bank. The Bank has a Working Group for the improvement of legislative control and creation of a favourable legal environment. A multilevel system has been created for tax risk management: Tax support for the business Implementation of internal control procedures Identifying and remedying internal sources of tax inefficiency Ongoing monitoring of tax initiatives. Despite changes in the economic and geopolitical landscape, the key focus areas of development outlined in the Development Strategy as a priority require no changes. Implementation of the Strategy is supported by the established processes of strategic and business planning and project activities management, as well as the system for managing the performance of executives. In 2015, 174 models were validated, of which 23 models needed to be reworked. The bank approved the Code of Corporate Ethics to avoid conflicts of interest between bank employees and clients and counterparties, and between credit institution employees and the bank itself. The bank developed Reputational Risk Management Policy. The Bank ensures prompt settlements upon customers and counterparties instructions, payments of deposits and interest on accounts (deposits) and settlements on other transactions. The Bank controls the accuracy of financial statements and other published information made available to shareholders, clients, and counterparties, regulatory and supervisory bodies, and other stakeholders, including for advertising purposes. The Bank is making efforts to improve the training of employees and the level of service provided. Source: Annual reports of Sberbank, Formation of management systems for selected groups of risks Recognized as essential risks, having similar risk factors, similar methods of risk management, common risk entities (counteragents, clients, transactions, etc.) are 46

57 grouped into separate groups of risks for which a unified management system is formed, consisting of: The Bank's Committee on Management of Allocated Risk Groups; Division of the Bank, which manages the allocated risk groups; Units or responsible employees of the Group's participants that provide risk management at the level of the Group's members. Planning of the level of exposure to risks The Group is planning the level of exposure to risks by setting target risk levels - a set of indicators (risk metrics) that are appropriate for the purposes of the Group, the Bank and the Group's participants. To plan activities in the Group, risk metrics are used that characterize (or take into account) the level of losses from the implementation of risks both under stressful conditions and under stressful conditions. Establishing an appetite for risk Risk appetite is a system of indicators that characterize the maximum level of risk. The maximum level of risk is considered to be the Group's level of risk, in which the norms and regulatory requirements established by the Group's internal documents are met, and there is no need to take measures aimed at reducing the level of risk. Risk appetite is set taking into account the requirements of the Bank of Russia and the regulators of the countries of the Group's presence. Risk appetite indicators for the Group, the Bank and members of the Group may include: Mandatory capital adequacy ratios, liquidity and other limits established by the Bank of Russia for credit institutions and banking groups in terms of risk management and capital adequacy; For participants of the Group outside the jurisdiction of the Russian Federation, mandatory capital adequacy ratios, liquidity and other limits established by local regulators for credit institutions and banking groups in relation to risk management and capital adequacy; The ratio of economic capital, required to cover all significant risks and available capital; Concentration limits for significant risks; Risk indicators, recommended by the BCBS for lending institutions and banking groups. Risk appetite is set on the horizon of strategic planning and at least once a year. The Bank's Supervisory Board is considering the need to change the appetite for risk. 47

58 Individual risk appetite limits can be updated during the fiscal year when the economic situation changes or the Bank of Russia changes the requirements for credit institutions and banking groups (changing the values of existing regulations or introducing new ones). Managing the overall level of risk Management of the Group's overall risk level includes: Calculation of indicators, characterizing the consolidated level of the Group's overall risk based on risk assessments included in the WGR, taking into account the relationship of risks among themselves; Assessment of the Group's risk level deviation from the values established by the Group's consolidated business plan; Assessment of the degree of compliance of the risk level with the approved risk appetite of the Group; Making decisions on setting or changing limits, or other decisions, aimed at optimizing the Group's risk level. The assessment of the Group's overall risk level is carried out at least once a quarter. To determine the exposure to possible effects of external and internal shocks, a periodic procedure for stress testing of the Group and the Bank is carried out. Stress testing is carried out both in the context of individual risks, and aggregated. From the organization's point of view, stress testing is divided into "top-down" and "bottom-up": "Top-down" an assessment of the impact of scenarios on the financial and economic performance of the Group through analysis of the sensitivity of the aggregated characteristics of the portfolio of assets and liabilities to changes in macroeconomic indicators; "Bottom-up" assessment of the influence of scenarios on the main characteristics of the level of risk at a detailed level in the context of the identified risk groups and an assessment based on the results and models of the Group's potential losses, the Group's economic capital, stress risk indicators. Stress testing is performed on the basis of own scenarios, as well as regulator scenarios in the countries where the Group is present, using historical or hypothetical scenarios. Development of new and updating of current scenarios is carried out in cases when significant changes occur in the economy or in the activity of the Bank, the member of the Group or the Group as a whole, as a result of which the use of current scenarios ceases to provide the proper level of risk control. 48

59 4.4 Analysis of used software The main supplier of Sberbank s IT decisions is Sberbank-Technology or SberTech. It is subsidiary company, which 100 % owned by Sberbank. It performs 70 % of bank design decisions. Figure 9: The logo of Sberbank-Technology Source: Sberbank-Technology, 2017a Sberbank created its own outsourcing IT-company in The emergence of "Sberbank-Technologies" is caused by a large number of simultaneously running IT projects. The bank at that time had more than 200 strategic projects at the same time CRM, data warehouse, ERP, Internet bank and many others. They demanded large human resources (Tadviser, 2016). At the moment, the bank has the following automated systems for risk management (Tadviser, 2017): 1. Automatic Module for Calculating Limits and Ratings (AMCLaR) is a rating model for assessing the default probability of counterparty. It calculates the probability of default and the borrower's rating, the expected losses due to default of the borrower, credit capacity, internal rating. 2. AS ORMS (Operational Risk Management System) is responsible for accounting, analysis, management of operational risks, timely identification of potential threats, reduction of losses in the implementation of operational risks. 3. CCRMS (Corporate Credit Risk Management System). It is designed to manage the risks of the corporate loan portfolio for solving such business problems as forecasting the level of credit riskss with the formation and maintenance of a database on the implemented credit risks, assessing the risks of the bank's total loan portfolio, monitoring the quality of the loan portfolio of the bank, conducting stress testing of the bank's loan portfolioo and others. 49

60 4. Automated system of behavioral scoring for work with overdue debts. It provides a reduction in the cost of activities related to debt collection by analyzing the behavioral, static and socio-demographic characteristics of customers and taking into account the results of this analysis when determining the recovery strategy. 5. Quality control system of underwriting (QCSU) provides collection and analysis of information on the work of the bank's underwriters, internal audit of the quality of the credit departments. 6. Providing a flexible mechanism for managing the structure of risk limits, incl. Subject to further complicating the methodology automatic calculation of the amounts of limits of various types, depending on factors determined by the bank's methodology. 7. Bank Analyzer Limit Manager. It provides a flexible mechanism for managing the structure of risk limits, the calculation of the amounts of limits of various types, etc. 8. AS Treasury is integrated automated treasury system on a single platform. SberTech has the Competence Center for Risk Systems Development, which works with a wide range of automated systems aimed at identifying and assessing the various risks associated with products and with the activities of Sberbank's divisions (Sberbank- Technology, 2017c). The Competence Center for Risk Systems Development consists of three departments: 1. Department for Development of Credit and Operational Risk Management Systems. The department specialists are responsible for several key systems. AMCLaR (Automatic Modules for Calculation of Limits and Ratings) is AS, which allows uninterrupted operation of credit and many other divisions of the Bank. It is about issuing loans, monitoring contracts, calculating reserves and limits. AS "AMCLaR" is 60 thousand users, 250 different calculation models, one million calculations per year in 24 7 mode, 7,000 IS QRIC (client application for modules PD, LGD) users in Russia and 3,000 abroad. Another important system is the "Quality Control system of underwriting", which is fully developed by the employees of the Competence Center. They built a production process in which all the involved units worked as one team. And this gave positive results the system was put into commercial operation in December 2015 and shows good results. The product is designed to increase the efficiency of a very large business (both in terms of volume and number of participants). In 2017, Sberbank Technology plans to commission RAROС system for the calculation of the profitability of the new deal, the actual and forecast at multiple time points in the future. 2. Department of Risk Management Systems. 50

61 An important task of the Competence Center for Risk Systems Development is the creation of a fully functional expertise for the development of platforms of world leaders in the field of business intelligence solutions, such as the SAS Institute, and the management of the Bank's assets and liabilities, such as OneSumX ALM, Wolters Kluwer. Projects for the development of the AS on the SAS platform are fully implemented by the resources of the Competence Center. In December 2015, a partnership agreement was signed between Sberbank-Technology and SAS, which allows to develop systematically the expertise of employees, to explore the latest innovative technologies and to apply them to improve the functionality and productivity of SAS solutions used in the Bank. In 2016, there was a realization of the modules for managing the securities portfolio and a single data warehouse for the Treasury. In accordance with the agreed scheme for the development of the ALM platform "Insourcing + Joint Development" this year, the Competence Center for Risk Systems Development is going to qualitatively expand the expertise on the platform to provide the business with a full range of development and support services for the ALM platform. 3. Department of Risk Management Systems in Financial Markets This is the largest department of the Competence Center for Development Risk Systems. In 2016, the successfully completed program for the Automating of Risk Management Systems in Financial Markets (ASUR FR) is completed, within which more than 10 Automated Systems were created from scratch, giving the Bank the opportunity to control risks from operations in financial markets. This is the management of credit and market risks, the calculation of VaR (Value-at-Risk), due to which the Bank can significantly reduce the size of reserves and the verification of the marketability of transactions, which allows identifying non-market transactions and reacting quickly to them (Sberbank-Technology, 2017c). The platform "Risk Management Systems in Financial Markets" is a conglomeration of several applications (about fifteen), which are built on the same technology. This is the reason why they are called the platform. At the same time, all applications of this platform are developed in the Competence Center for Risk Systems Development of Sberbank-Technology (Sberbank-Technology, 2017b). In 2012, the bank acquired Troika Dialog. The adopted business plan for the combined corporate and investment business implied significant growth in terms of volumes and product line, which required the development of a fundamentally new approach to risk management. "The most important component of the approach was automation, as it was about tools with complex models for calculating prices and risk metrics, as well as for business that goes on-line," Sberbank said. This kind of risk-infrastructure at that time was not either from Sberbank or from Troika Dialog. So the strategic IT-program "Automating of Risk Management System in Financial Markets" (ASUR FR) was opened in The program included more than a dozen projects, which resulted in the creation of 9 IT-systems for risk management in financial 51

62 markets. Systems of this class are available only in the world's largest banks, in Russia no one has decided such a task or even set it. As part of the program, IT-platform was created that includes IT-systems and modules that manage various types of risks, primarily credit and market risks. The platform is built using distributed computing technologies (GridGain), non-relational databases (Mongo DB, Cassandra, etc.) and other modern technologies, which allowed achieving high performance (Baziyan, 2016). 90 % of the platform components are developed by Sberbank-Technologies. IT-systems of the platform are used by the entire Sberbank Group: 15 subsidiaries and 14 territorial banks, as well as employees of business and risk departments, finance services and others. They allow developing the most complex business of global markets, keeping under control the level of accepted risks. In total, more than 1000 users use the system. The micro-service architecture of the platform allows the operative introduction of new products of global markets the term of completion of risk systems for the introduction of new products on average does not exceed 1 month. Specificity of ASUR FR lies in the complexity of the subject area. She expects almost a dozen indicators for more than 30 types of financial instruments. From simple spot transactions with stocks and bonds, to exotic derivatives: barrier options, futures and quantum swaps. The task is complicated by the fact that algorithms and technologies for calculating indicators for different financial instruments can radically differ from each other. In some systems, it is very important to process individual transactions as quickly as possible, for example, when checking the marketability of transactions. To implement such systems, non-relational databases, caching and preliminary calculations are used. In other systems, massive calculations need to be efficiently parallelized to several servers using the Monte Carlo method, with hundreds of thousands of simulations on a portfolio of several hundred bonds. Various grid solutions are used here (Sberbank-Technology, 2017c). Since the creation of the department, namely since 2012, the development is conducted using the Scrum approach. Every one or two weeks, a new release is delivered to the Bank's industrial stands. Most of the systems were created by our employees "from scratch" using Java, Oracle, MS SQL and C # technologies. The department actively uses advanced engineering practices: continuous integration, automated code inspections (Sonar), automated deployment and configuration management of stands. Dmitry Shaykhatarov, Director of the Department of Technology for Financial Markets and Risk Management in Sberbank-Technology, in his interview (Sberbank-Technology, 2012b) to the question of the main function of this software responded that the most traditional risk and, in fact, what gives the bank "work" is the ratio of raising funds (short-term perspective) and placement of funds (medium- and long-term outlook). At the same time, there are no 100 % guarantees of refunds. Here the business of the bank takes place: it is necessary to be able to well consider the risks associated with 52

63 borrowers, portfolios and assets. After that, it is to create a business strategy for attracting and placing funds, so that the balance would bring some income. Within the framework of the program "Automating of Risk Management System in Financial Markets (ASUR FR)" the stage of an open pre-project for the development of a prototype for the management of requests for limits on the Pega BPM platform was successfully completed in May It is the first cross-border project of the "New Credit Process" in the group of Sberbank companies, of which the subsidiary banks are also participants abroad. The developed system provides automation of a new credit process for setting credit limits when working with counterparty banks at the level of the Sberbank s group, allowing all participants in the process to work in a single informationon space. Figure 10: The system of management of requests for credit limits 53

64 Source: Fan Club of Sberbank customers, 2017 The process of establishing and agreeing credit limits consists of several stages that are performed by employees of different divisions. Before it was automated, it happened in a manual mode by from one participant to another. Thus, it was impossible to track the status of the current request. With the introduction of the system, users begin to work in a single automated system and have the opportunity at any time to find out at what stage their application is located, and the statistical reports provided by the system will help to identify bottlenecks in the business process and optimize it in the future. Sberbank-Technology also has a Competence Center for the Development of a Credit Factory. It is engaged in the development of decision automation systems at various stages of the credit process on the basis of an analysis of factors affecting credit risk. In its charge are the following systems (Sberbank-Technology, 2017d): 1. AS TransactSM It is designed to process loan applications and make decisions on them for individuals and clients of the Micro Business segment. It is the core of the technology "Credit Factory". With its help, 25,,000 employees daily review up to 125,000 customer applications for all products from the credit line of Sberbank of Russia. 2. AS "Credit risk assessment" It automates the receipt of numerical credit ratings using statistical and probabilistic methods (scoring). It allows to perform both online and batch processing of evaluation requests. It is used not only by end users, but also provides services for related systems of the "Credit Factory" and credit conveyors of corporate business. 54