Operating risk

The Bank manages operating risk by implementing measures to regulate it without having to downsize operations. These include:

  • Detailed regulating procedures for conducting all basic operations;

  • Applying principles of separation and limitation of functions and responsibilities of employees;

  • Making collegiate decisions;

  • Establishing limits for certain operations;

  • Applying internal control procedures over business processes organization and complying with legislative requirements and internal documents;

  • Ensuring information security.

In 2012, an operating risk management division was established as part of improving operating risk management in the Bank. This division collects data on operating risk events and records information in analytical systems, identifies operating risk factor, investigates the causes of each significant event and develops measures to minimize the risk and prevent its recurrence.

The Bank is currently considering further automation of the process of collecting and recording information about operating risk events, as well as monitoring the implementation of measures to reduce operating risk. Among other things, this will enable to:

  • simplify and centralize the recording of incidents and identifying operating risk;

  • conduct a flexible assessment of direct (financial), indirect (qualitative) and potential losses;

  • analyze and rank risk factors and develop a risk map;

  • control the stream of tasks while managing operating risk;

  • automatically monitor and control measures to reduce operating risk.

All Bank Vozrozhdenie internal divisions monitor operating risk on a regular basis. Each month, a report on factors of operating risk is submitted based on the analysis of operating losses. Events of operating risk that do not lead to losses are identified, analyzed and documented as part of the monitoring.

The bank is currently collecting, analyzing, monitoring operating risk events and compiling an analytical database of these events on the basis of information provided by Bank internal divisions according to the following groups of risk factors:

  • external fraud: fraud involving bank cards, theft of cash from ATMs, POS terminals, etc;

  • factors related to the environment (damage to the Bank’s property);

  • systemic and technological factors: ATM downtime and automated systems malfunction;

  • factors related to the organization and control of business processes;

  • factors associated with staff.

The Bank has implemented the following measures to minimize operating risk:

  • A banking security system has been developed;

  • Cash offices have been equipped with alarms and meet all technical resistance requirements;

  • Work areas of cash and account managers have alarm buttons, equipment to check banknotes, and lists of authorized signatures;

  • Premises are equipped with security and fire systems and emergency alarms, including those that go through to the centralized security service or police call center;

  • All employees have been instructed about evacuation plans in case of an emergency;

  • Guards and 24-hour CCTV systems have been arranged at Bank premises;

  • All employees involved in the storage and movement of valuables have signed agreements accepting full material responsibility;

  • Access to IT, electronic payment and data centers is restricted;

  • Interchangeability for IT employees has been defined by distributing responsibilities;

  • A backup of the information data base is kept and maintained on a reserve server;

  • In case of disruption in the power supply, an independent source of electricity has been organized;

  • The software for the banking operating system is supported by vendors;

  • A plan has been developed to avoid disruption to the Bank’s financial and economic activities in case of emergencies.

Bank Vozrozhdenie has implemented a budgeting system that identifies the most costly and inefficient operations at an early planning stage and determines priority areas of client policy in order to minimize operating risk.

The Bank pays particular attention to establishing and observing procedures for monitoring its business, preparing fair financial reporting and providing all of the necessary information about its activities in a timely manner.

Regarding information security, the Bank focuses on meeting Russian legislation requirements regarding the protection of bank and commercial secrets as well as clients’ and employees’ personal details. The Bank has all of the necessary licenses for this, covering all branches.

The Bank uses a broad range of insurance instruments to hedge operating losses. It has a Bankers Blanket Bond, Directors and Officers Liability Insurance, and special insurance for transporting valuables. Its property (including real estate assets, IT, furniture and other property) is insured by the largest insurance companies in Russia.

In 2012, the Bank’s main operating risks were associated with third-party fraud. Its transaction monitoring system effectively coped with these risks. The losses actually incurred by the Bank’s operating risk were negligible.