Regulations on the risk management service. Regulations on the risk management service Regulations on risks in the organization

Business plans 16.12.2023
Business plans

APPROVED by the decision of the Board of Directors of JSC Russian Railways (minutes dated December 7, 2015 No. 22)

Positionon the risk management system of JSC Russian Railways

1. General Provisions

1.1. These Regulations define the goals, objectives and principles of the risk management system, and also define the functions of participants in the risk management system of JSC Russian Railways and the main directions of their interaction.

1.2. These Regulations have been developed taking into account the requirements of federal laws and other regulatory legal documents of the Russian Federation, advanced international and domestic practices in the field of risk management, methodological instructions of the Federal Agency for State Property Management and regulatory documents of JSC Russian Railways, including those defining the management of individual risks of JSC Russian Railways:

Decree of the Government of the Russian Federation of September 23, 2002 No. 696 “On approval of federal rules (standards) of auditing activities”;

Corporate Governance Code (approved by the Board of Directors of the Bank of Russia on March 21, 2014);

Guidelines for preparing regulations on the risk management system, developed by the Federal Agency for State Property Management and approved by order of the Government of the Russian Federation dated June 24, 2015 No. ISH-P13-4148;

R 50.1.068-2009 “Recommendations for standardization. Risk management. Recommendations for implementation. Part 1. Determination of the scope" (order of the Federal Agency for Technical Regulation and Metrology dated December 15, 2009 No. 1259-st);

R 50.1.069-2009 “Risk management. Recommendations for implementation. Part 2. Definition of the risk management process" (Order of the Federal Agency for Technical Regulation and Metrology dated December 15, 2009 No. 1259-st);

R 50.1.070-2009 “Risk management. Recommendations for implementation. Part 3. Exchange of information and consultations” (order of the Federal Agency for Technical Regulation and Metrology dated December 15, 2009 No. 1259-st);

GOST R 51897-2011/ISO Guide 73:2009 “Risk management. Terms and definitions" (order of the Federal Agency for Technical Regulation and Metrology dated November 16, 2011 No. 548-st);

GOST R 51901.4-2005 (IEC 62198:2001) “Risk management. Guidelines for use in design" (order of the Federal Agency for Technical Regulation and Metrology dated September 6, 2005 No. 220-st);

GOST R 51901.1-2002 “Risk management. Reliability management. Risk analysis of technological systems" (Resolution of the State Committee of the Russian Federation for Standardization and Metrology dated June 7, 2002 No. 236-st);

GOST R 52806-2007 “Project Risk Management. General provisions" (order of the Federal Agency for Technical Regulation and Metrology dated December 27, 2007 No. 422-st);

GOST R ISO/IEC 31010-2011 “Risk management. Methods of risk assessment" (order of the Federal Agency for Technical Regulation and Metrology dated December 1, 2011 No. 680-st);

Standard “Risk Management of Organizations. Code of General Provisions (COSO ERM), adopted by the Committee of Sponsoring Organizations of the Treadway Commission;

Standard “Risk Management of Organizations. Application Methods (COSO ERM), adopted by the Committee of Sponsoring Organizations of the Treadway Commission;

Functional strategy for risk management in the Russian Railways holding company (Order of JSC Russian Railways dated July 26, 2012 No. 1494r);

STO Russian Railways 1.02.033-2010 “Procedure for identifying hazards and risks”;

STO Russian Railways 1.02.034-2010 “General rules for risk assessment and management”;

STO Russian Railways 1.02.035-2010 “Procedure for determining the acceptable level of risk”;

STO Russian Railways 02.045-2013 “Procedure for assessing the risk of injury to citizens at pedestrian crossings across railway tracks”;

STO Russian Railways 15.014-2013 “Occupational safety and health management system at JSC Russian Railways.” Professional risk management. General provisions";

Set of standards of JSC Russian Railways “Resource management at life cycle stages, risks and reliability analysis (URRAN)”;

Financial risk management policy of JSC Russian Railways;

Regulations on the commission for managing financial risks of JSC Russian Railways;

Corporate concept of insurance protection of subsidiaries and dependent companies of JSC Russian Railways;

Unified corporate standard of the Russian Railways holding company for debt financing transactions to provide financial resources for investment and current activities;

Unified corporate standard of the Russian Railways holding company for determining the conditions, procedure for obtaining, issuing and executing certain types of security documents;

Regulations for organizing a system for planning and analyzing receivables and payables of the Russian Railways holding company;

Regulations for the formation and control of the execution of plans (matrices) for internal corporate settlements;

Methodology for regulating traffic safety risks depending on the operational characteristics of control areas;

Standards and methods of JSC Russian Railways for the development of the traffic safety management system;

Methodology for identifying, identifying, assessing, ranking and developing measures to manage environmental risks of JSC Russian Railways;

Methodology for forming risk groups of locomotive crew workers based on medical and psychophysiological indicators.

1.3. The following terms and concepts are used in these Regulations:

risk analysis – systematic use of information (data) available at JSC Russian Railways to determine the causes of risk, its identification and assessment;

anti-risk measures – a system of measures aimed at preventing the occurrence of a risk or reducing damage from the impact of a risk;

risk owner - the head of a division of JSC Russian Railways, whose area of ​​responsibility includes measures to prevent the causes of external or internal risk, and/or measures to reduce the likelihood of the risk occurring or the degree of impact of the consequences of the risk;

external risk – a risk arising in an environment external to JSC Russian Railways;

internal risk – a risk arising within JSC Russian Railways and directly related to the activities of its employees;

risk indicators – certain criteria with predetermined parameters, deviation from which allows the selection of an object of control;

risk map – a tool for displaying the totality of identified risks and the level of their influence on the activities of JSC Russian Railways;

qualitative risk assessment – ​​risk assessment on a point scale, taking into account both past and predicted trends;

quantitative risk assessment – ​​assessment of the degree of risk impact in absolute terms, taking into account both past and predicted trends;

the corporate risk management system of JSC Russian Railways is a set of interrelated procedures, methods and corresponding risk management tools of JSC Russian Railways, implemented on the basis of regulated interaction of structural divisions and divisions of the management apparatus of JSC Russian Railways;

risk matrix - a tool derived from the risk map for displaying the totality of identified risks and the level of their impact on the activities of JSC Russian Railways using more comprehensive characteristics of the amount of damage and the probability of risk occurrence compared to the risk map;

monitoring the risk management system - assessing the presence and functioning of the components of the risk management process over a certain time, monitoring the results of risk management for their further consideration in the process;

risk assessment – ​​identification and determination of quantitative and time parameters of risk;

risk passport – a set of information about the risk area, risk indicators, as well as instructions on the application of necessary measures to prevent or minimize risk;

consequences of the risk - a description of the negative impact of the risk on the activities of JSC Russian Railways if it occurs (damage or hidden costs and (or) lost profits). The result of exposure is one or more consequences that may be the causes of other risks;

preferred risk - the level of risk accepted by JSC Russian Railways as acceptable (maximum permissible) for it in the process of achieving strategic goals;

risk prevention – preventive elimination of the source of risk;

risk ranking – ordering of risks in accordance with the possible amount of damage, depending on the likelihood of risk events occurring and their consequences;

risk register – a set of information about risks, their factors and consequences, as well as all significant features. The risk register is formed based on the results of the risk identification stage based on information received from risk owners;

risk – the potentially existing probability of loss of resources or non-receipt of income;

risk management – ​​the process of identifying and assessing risk, as well as choosing methods and tools to minimize risk;

risk management system - a set of methods, procedures, norms of corporate culture and organizational measures taken by the management of JSC Russian Railways, divisions of the management apparatus of JSC Russian Railways, its branches, and other structural divisions to ensure the achievement of the company's goals;

risk situation (risk situation) – a set of various circumstances and conditions that create a threat to stable functioning;

risk reduction – reducing the likelihood of risk occurrence and (or) possible damage;

maintaining risk – deliberate non-use of counteracting management decisions in the case where the costs of prevention or risk reduction significantly exceed the damage when risk is assumed;

risk management – ​​an element of risk management, which is a decision-making process to manage an identified risk and the selection of specific actions from a number of potentially possible ones;

1.4. The organization of work to amend the Regulations is carried out by the Management System Development Department in the manner established by JSC Russian Railways.

Divisions of the management staff of JSC Russian Railways, branches and other structural divisions of JSC Russian Railways (hereinafter referred to as divisions of JSC Russian Railways) send proposals for finalizing these Regulations to the Management System Development Department.

1.5. These Regulations are the basis for the development of internal regulatory documents regulating the risk management system of JSC Russian Railways.

1.6. These Regulations come into force from the moment of its approval by the Board of Directors of JSC Russian Railways.

1.7. This Regulation applies to all participants in the risk management system of JSC Russian Railways.

In the subsidiaries of JSC Russian Railways, these Regulations are implemented through corporate procedures in accordance with the legislation of the Russian Federation and the regulatory documents of JSC Russian Railways.

The issue of organizing a risk management system in the subsidiaries of JSC Russian Railways is considered by the management bodies of the subsidiaries in accordance with the constituent documents and other documents defining the specific features of the work of a particular company.

The organization of the risk management system in the subsidiaries of JSC Russian Railways is entrusted to the divisions responsible for this area of ​​the respective subsidiaries.

2. Goals, objectives and principles of the risk management system of JSC Russian Railways

2.1.The objectives of the risk management system of JSC Russian Railways are:

ensuring the continuity and stability of the production activities of JSC Russian Railways by limiting the degree of influence of external and internal negative factors on it;

ensuring a reasonable level of confidence in achieving the control parameters of the target state provided for by the regulatory documents of JSC Russian Railways, under the influence of external and internal factors.

2.2. The main tasks solved within the framework of the risk management system of JSC Russian Railways are:

identifying potential areas of risk and assessing the possibility of preventing or minimizing the occurrence of risks;

balanced distribution and regulatory consolidation of powers and responsibilities of participants in the risk management system of JSC Russian Railways;

development and assessment of a set of measures to prevent risk situations and minimize damage in the event of their occurrence;

identification of resources necessary to carry out work to eliminate or minimize identified risks, and their optimal distribution in accordance with established regulations;

prevention of risks based on their systematic forecasting and assessment;

creation of management tools and mechanisms to ensure effective risk management;

determining the cost impact of all significant risks on the financial and economic indicators of JSC Russian Railways and building a system for responding to them at the stage of forming the financial plan of the Russian Railways holding company.

2.3. The principles of functioning of the risk management system of JSC Russian Railways are:

complexity – risk management based on a unified methodology and common principles, taking into account the systemic relationship of risks, the nature of their mutual influence and possible consequences;

integration – risk management, coordinated by risk owners, carried out by employees in the process of performing their job duties;

continuity – regular monitoring and updating of information used in the risk management system of JSC Russian Railways;

coverage of all types of activities - implementation of risk management procedures in all functional areas of activity of JSC Russian Railways, including within the framework of a process approach to management;

balance - an objective balance of criteria when deciding on a way to respond to risk: the choice between possible losses and opportunities, between the costs of risk management and possible damage to manage risks.

3. Participants in the risk management system of JSC Russian Railways,
their tasks and functions

3.1. The main participants in the risk management system of JSC Russian Railways are:

Board of Directors of JSC Russian Railways;

Audit and Risk Committee of the Board of Directors of JSC Russian Railways;

sole executive body of JSC Russian Railways;

project office for risk management of JSC Russian Railways;

Commission for Financial Risk Management of JSC Russian Railways;

managers of JSC Russian Railways;

employees of JSC Russian Railways.

3.2. The Board of Directors of JSC Russian Railways determines the general principles, policies and approaches to the risk management system in JSC Russian Railways, and also establishes the acceptable amount of risks (risk appetite).

3.3. The Audit and Risk Committee of the Board of Directors of JSC Russian Railways carries out:

monitoring the reliability and effectiveness of the risk management system and corporate governance system, including assessing the effectiveness of Russian Railways' risk management procedures, corporate governance practices and preparing proposals for their improvement;

preliminary and subsequent analysis of transactions of JSC Russian Railways that fall within the competence of the board of directors of JSC Russian Railways to identify risks of transactions involving interested parties, affiliates, etc.;

hearing of a person holding the position of the sole executive body of JSC Russian Railways and (or) members of the collegial executive body of JSC Russian Railways on issues of financial planning and budgeting for the purpose of preliminary analysis and identification of risks (financial, legal, tax, etc.) and factors that could negatively affect the content of the financial activities of JSC Russian Railways.

3.4. The sole executive body of JSC Russian Railways, the President of JSC Russian Railways, ensures the creation of an effective risk management system for JSC Russian Railways, and is also responsible for keeping it up to date.

3.5. The main objectives of the project office for risk management of JSC Russian Railways are:

determining the main goals and objectives of the risk management system of JSC Russian Railways and monitoring their achievement;

implementation of general coordination of processes in the risk management system of JSC Russian Railways;

development of methodological documents in the field of risk management of JSC Russian Railways;

organizing training for employees of JSC Russian Railways in the field of risk management of JSC Russian Railways;

analysis of the risk register and development of proposals for response strategies and redistribution of resources in relation to the management of relevant risks;

generation of consolidated reporting on the risks of JSC Russian Railways;

monitoring processes in the risk management system of JSC Russian Railways;

preparing and informing the management bodies of JSC Russian Railways about the effectiveness of the risk management system.

3.6. The main tasks of the Commission for Financial Risk Management of JSC Russian Railways are:

ensuring the unification of the principles and practices of Russian Railways JSC in financial markets, compliance of Russian Railways JSC with the legislation of the Russian Federation in the field of the securities market and financial markets;

coordination of decision-making on the policy of establishing credit limits of JSC Russian Railways;

approval in accordance with regulatory and other documents of JSC Russian Railways:

financial investment limits;

limits on financial transactions through professional financial market intermediaries;

other limits that help reduce financial risks;

3.7. The managers of JSC Russian Railways, in accordance with their functional responsibilities, are responsible for the improvement and functioning of risk management processes.

The tasks of the managers of JSC Russian Railways may include:

organizing and ensuring the effective functioning of risk management processes;

development and documentation of risk management processes and applied risk management procedures;

distribution of powers, duties and responsibilities among employees under their subordination for specific risk management processes;

organizing the execution and ensuring the effectiveness and sufficiency of risk management processes;

analysis of processes to ensure the functioning of the risk management system and the ability to achieve set goals;

promptly informing your immediate supervisor about identified deviations and shortcomings in the risk management system that have led (may lead) to negative consequences;

elimination of shortcomings in the risk management system identified by monitoring results.

4. Interaction within the framework of the risk management system of JSC Russian Railways

4.1. The project office for risk management of JSC Russian Railways, within the framework of its powers, interacts on issues related to risk management with the Audit and Risk Committee of the Board of Directors of JSC Russian Railways, divisions of JSC Russian Railways and other interested parties.

4.2. The project office for risk management of JSC Russian Railways carries out general coordination of work at JSC Russian Railways on the development and improvement of methodology, new forms, methods of analysis and risk assessment, and participates in:

tasks and principles of using information technologies in organizing risk management processes of JSC Russian Railways;

other areas of implementation of the risk management system of JSC Russian Railways.

Regulatory documents in the event of crisis situations ensure the unity of actions of participants in the risk management process of JSC Russian Railways.

5. Preferred risk of JSC Russian Railways

5.1. Preferred risks of JSC Russian Railways are determined by the managers of JSC Russian Railways on the basis of the development strategy of the Russian Railways holding company in the manner established by JSC Russian Railways and are approved by the board of directors of JSC Russian Railways.

5.2. The level of preferred risks of JSC Russian Railways is established by the board of directors of JSC Russian Railways.

5.3. The level of preferred risks of JSC Russian Railways is reviewed annually, as well as in the event of updating the development strategy of the Russian Railways holding, a sharp change in the situation (context), sources of risk and other parameters of the internal and external environment that have a significant impact on the preferred risks.

6. Stages of the risk management process of JSC Russian Railways

6.1. The main stages of functioning of the risk management system of JSC Russian Railways are determined by the functional risk management strategy of the Russian Railways holding company and include, among other things:

identification;

assessment;

management, including the choice of a method of influencing risk when comparing their effectiveness, as well as monitoring the effectiveness of the implementation of procedures for influencing external and internal risks.

6.2. The interaction of participants in the risk management system of JSC Russian Railways is defined in the industry standards of JSC Russian Railways and other regulatory documents of JSC Russian Railways.

7. Assessing the effectiveness of the risk management system of JSC Russian Railways

7.1. Internal assessment of the effectiveness of the risk management system of JSC Russian Railways is carried out on a regular basis within the framework of the recommendations of the Audit and Risk Committee of the Board of Directors of JSC Russian Railways at least once a year.

In accordance with the Regulations on the organization of internal audit in the Russian Railways holding, the following are assessed:

sufficiency and maturity of the elements of the risk management system for its effective functioning: goals and objectives, infrastructure, including organizational structure, automation tools, etc., organization of processes, regulatory and methodological support, interaction of departments within the risk management system, reporting;

completeness of identification and correctness of risk assessment by managers and employees of divisions of JSC Russian Railways.

7.2. A report on the effectiveness of the risk management system of JSC Russian Railways is prepared in accordance with the Regulations on the organization of internal audit in the Russian Railways holding company.

7.3. External assessment of the effectiveness of the risk management system of JSC Russian Railways is carried out on a regular basis within the framework of the recommendations of the Audit and Risk Committee of the Board of Directors of JSC Russian Railways at least once every 5 years.

________________

1. General Provisions

1.2. The department is created and liquidated by [name of the supreme body of the Bank] in agreement with the head of the Bank.

1.3. The department is administratively subordinate to the head of the Bank's Internal Control Service.

1.4. The activities of the Department are managed by the head of the department, appointed to the position by order of the head of the Bank.

1.5. Decisions made by the Credit Committee and the Liability and Asset Management Committee of the Bank are binding on the head of the Department.

1.6. In its activities, the Department is guided by the legislative acts of the Russian Federation, regulations of the Central Bank of the Russian Federation, this Regulation, decisions of the Credit Committee, the Liability and Asset Management Committee, the Investment Committee and other local regulations.

2. Goals and objectives of the Department

2.1. The main goal of the Department is to maximize the value of investments by effectively managing the risks of banking activities within the established [name of the highest body of the Bank] limits and ensuring an appropriate level of reliability corresponding to the nature and scale of the Bank's operations.

2.2. The tasks of the Department include:

2.2.1. timely identification and assessment of market risks, credit risks, counterparty risks and liquidity risks for all types of Bank operations, optimal allocation of resources between all types of active Bank operations and their effective use;

2.2.2. preparation of proposals for establishing and changing credit and market limits, limits on counterparties;

2.2.3. establish and change, in consultation with the Credit Committee and the Asset and Liability Management Committee, credit and market limits, taking into account risk exposure factors.

2.2.4. monitoring compliance with limits approved by the Credit Committee and the asset and liability management committee.

2.2.5. providing the Bank's management and heads of departments with reports on current open positions and the amount of risk, reports on the status of limits and their violation;

2.2.6. identifying and bringing to the attention of management cases of exceeding limits;

2.2.7. coordinating the introduction of new financial instruments and ensuring the efficiency of their development process;

2.2.8. establishing and maintaining information flows within the Bank on issues related to the scope of the Department’s activities.

3. Department structure

3.1. The Department includes:

Counterparty Risk Management Group (hereinafter referred to as Group B);

3.2. The groups are headed by leading specialists who directly manage all activities of the respective groups.

3.3. Leading specialists report directly to the Head of the Department.

3.4. Leading specialists of the Department organize the work and ensure constant monitoring of the implementation of the tasks and functions assigned to the relevant groups, and bear personal responsibility for the activities of the groups subordinate to them.

3.5. Group A includes:

Leading specialist of the Market Risk Management Group;

Analyst of the Market Risk Management Group;

Specialist of the Market Risk Management Group;

- [enter as required];

- [enter as required];

- [fill in what you need].

3.6. Group B includes:

Leading specialist of the Counterparty Risk Management Group;

Analyst of the Counterparty Risk Management Group;

Specialist of the Counterparty Risk Management Group;

- [enter as required];

- [enter as required];

- [fill in what you need].

3.7. Group B includes:

Leading specialist of the Credit Risk Management Group;

Analyst of the Credit Risk Management Group;

Specialist of the Credit Risk Management Group;

- [enter as required];

- [enter as required];

- [fill in what you need].

4. Functions of department groups

4.1. Functions of Group A:

4.1.1. timely identification and assessment of market risks for all types of active operations that arise both during operations and when the value of trading positions changes due to changes in the situation on the financial and stock markets;

4.1.2. recalculation and monitoring of changes in market risk parameters (securities quotes, interest rates, exchange rates, stock indices and other parameters). Comparison of calculated parameters with actual results;

4.1.3. modeling and assessing the impact of changes in market risk parameters on the structure of the Bank’s balance sheet to control and manage critical situations that may have undesirable consequences for the Bank. Carrying out, together with the Bank's divisions, an assessment of the Bank's ability to compensate for the impact of such critical situations;

4.1.4. providing assistance to Bank divisions on issues of optimal allocation of resources, taking into account risk exposure;

4.1.5. assessment and monitoring of the profitability of active operations, taking into account exposure to market risks. Independent assessment of transactions for deviations of the purchase/sale price from the market price at the time of conclusion of transactions;

4.1.6. monitoring compliance with limits on market risk factors. Identify and bring to the attention of the Assets and Liabilities Management Committee, as well as the heads of relevant departments, all cases of exceeding limits;

4.1.7. providing operational information about the status of limits and the amount of risk;

4.1.8. review methodologies and models used to measure market risk parameters and risk exposure at least once a year. To develop and implement new methodologies and models for assessing market risks;

4.2. Functions of Group B:

4.2.1. assessment and monitoring of the creditworthiness of counterparties, clients and issuers of fixed income securities with banking licenses;

4.2.2. monitoring the timely fulfillment by counterparties (clients) of their obligations under transactions with the Bank;

4.2.3. interaction with counterparties (clients) to open and (or) increase limits;

4.2.4. providing operational information to departments about the status of limits on counterparties (clients) and the magnitude of risks;

4.2.5. monitoring compliance with limits on counterparties (clients). Identify and bring to the attention of the Credit Committee, as well as the heads of relevant departments, all cases of exceeding limits;

4.2.6. carry out modeling of the inability of counterparties (clients) to fulfill obligations towards the Bank in order to control and manage critical situations that may have undesirable consequences;

4.2.7. at least once a year, review the methodologies and models used to assess the creditworthiness of counterparties (clients). To develop and implement new methodologies and models for assessing the creditworthiness of counterparties (clients).

4.3. Group B functions:

4.3.1. timely identification and assessment of risks when performing operations related to commercial lending (providing loans, guarantees, opening letters of credit, prolongation of loan agreements), factoring, corporate financing and direct investment projects;

4.3.2. conducting an independent analysis of the creditworthiness of borrowers;

4.3.3. development, together with the Bank’s divisions, of ways to minimize risks when performing operations related to commercial lending and factoring;

4.3.4. analysis of the activities of insurance organizations in order to develop recommendations for insuring collateral and property of the Bank;

4.3.5. assessing and monitoring the creditworthiness of issuers of fixed income securities that do not have banking licenses;

4.3.6. development and improvement, together with the Bank’s divisions, of assessment methodologies and methods for minimizing the Bank’s risks when carrying out operations related to commercial lending and factoring;

4.3.7. monitoring compliance with credit limits. Identify and bring to the attention of the Credit Committee, as well as the heads of relevant departments, all cases of exceeding limits;

4.3.8. providing operational information to departments about the status of credit limits and the magnitude of risks.

5. Powers of the Department

5.1. The department has all the rights within the framework of current legislation and documents regulating the activities of the Bank.

5.2. The department has the right, taking into account risk exposure factors, to set and change, in agreement with the Credit Committee and the Asset and Liability Management Committee, credit and market limits corresponding to the maximum risk limits established by [name of the Bank's supreme body].

5.3. The department has the right to give instructions to the relevant divisions of the Bank to bring positions into compliance with established limits if they are exceeded.

5.4. The Department has the right to issue temporary orders (pending a decision by the relevant Committee) to prevent actions that could result in the Bank taking on excessive risks.

5.5. The department has the right to promptly change the values ​​of limits on counterparties and market limits downward for transactions on the money and stock markets in the event of unfavorable circumstances with mandatory subsequent notification of the Credit Committee and the Asset and Liability Management Committee, respectively.

5.6. To carry out its tasks and functions, the Department has the right to use computer programs and databases, archival documents, and special periodicals necessary for its work.

5.7. The department has the right to receive from the Bank's divisions documents and information necessary to resolve issues within the competence of the department.

5.8. The department has the right to interact with counterparties (clients) to open and (or) increase limits.

6. Responsibility

6.1. The Head of the Department is responsible for the overall management and organization of the work of the Department to perform functions related to the timely identification, assessment and management of the Bank’s risks when performing various operations, including in all branches and other divisions of the Bank.

6.2. The Head of the Department is responsible for the development and implementation of the Department's policies.

6.3. The Head of the Department is responsible for exercising full control over the effectiveness of risk assessment and management, including in all branches and structural divisions of the Bank.

6.4. The Head of the Department is responsible for interaction with the structural divisions of the Bank to ensure the functioning of the Department.

6.5. The Head of the Department is responsible for the development, implementation and improvement of risk assessment methodologies and models.

6.6. The Head of the Department is responsible for the development and development of the limit system, as well as the control system for the established limits.

6.7. The Head of the Department is responsible for preparing proposals for establishing and changing credit and market limits for counterparties.

6.8. The Head of the Department is responsible for monitoring compliance with the limits established by the Credit Committee and the Asset and Liability Management Committee.

6.9. The Head of the Department is responsible for timely provision of reports to the Bank's management and department heads on the status of limits and their violation.

6.10. The Head of the Department is responsible for failure to fulfill or improper fulfillment of his duties assigned to him by the job description, instructions of the Head of the Internal Control Service, decisions of the Credit Committee, Asset and Liability Management Committee, Investment Committee and other organizational and administrative documents of the Bank in accordance with the current legislation of the Russian Federation.

6.11. Employees of the Department are obliged to prevent the disclosure of information constituting a commercial secret of the Bank, including maintaining secrecy regarding transactions, accounts and deposits of Bank clients, except for cases stipulated by the legislation of the Russian Federation.

7. Communications

7.1. The department provides [name of the Bank's supreme body] information on the amount of risk for the Bank's active operations, on all cases of exceeding limits and the persons who authorized them, on all identified cases of violations by employees of internal regulations, orders, and regulations.

7.2. The department provides the Credit Committee and the Asset and Liability Management Committee with information on exposure to credit and market risk factors, respectively, the size of the corresponding limits, current open positions, and exceeding limits.

7.3. The department provides the Bank's divisions with information on current open positions and the size of the corresponding limits.

7.4. Employees of the Bank's divisions must provide assistance to Department employees in the performance of their functions.

7.5. Bank employees are required to comply with the requirements regarding established credit and market risk limits.

7.6. Bank employees are obliged to stop carrying out operations (transactions) if the Department issues temporary orders until the relevant Committee makes a decision to prevent actions that may result in taking on excessive risks.

Regulations on the risk management service

1. General Provisions

1.1 Scope of application

1.1.1 This document is the main regulatory document establishing the goals, objectives, functions, rights and responsibilities of the Risk Management Service of XXX LLC, regulating the organization of its activities, the procedure for business interaction with other structural divisions and officials of XXX LLC and external companies.

1.1.2 The Risk Management Service is a structural unit within the Development and Risk Management Department, directly reporting to the Deputy General Director for Development and Risk Management of XXX LLC, which performs the Company's risk management functions in the Company.

1.1.3 In its activities, the Risk Management Service is guided by:

Legislation of the Russian Federation,

Charter of LLC "XXX",

Regulations on the personnel nomenclature of XXX LLC (P. HR-445.04 dated June 22, 2004),

By these Regulations.

1.1.4 These Regulations are a document of direct effect and are binding from the date of its approval.

1.1.5 Changes to the Regulations are approved by the General Director of XXX LLC.

This Regulation uses regulatory references to the following documents:

1. Regulations on strategic planning of XXX LLC (P-509 dated 04/21/07);

2. Regulations on planning the activities of departments (P-283 dated 06/05/01);

3. Regulations on reports to XXX LLC (P-250 dated 09/08/00);

4. Principles of managing the “Distribution” segment;

5. Regulations on the involvement of external consultants to provide consulting and information services (P. DS-517.07 dated January 10, 2007).

1.3 Terms, definitions and abbreviations

The following terms, definitions and abbreviations are used in these Regulations:

XXX – LLC "XXX";

ZGDRUR – Deputy General Director for Development and Risk Management;

UVK – Internal Control Department;

RMS – Risk Management Service;

GP – Headquarters

SDCs – Subsidiaries and dependent companies

DRU – Regional Director

DD - Deputy General Director

2 Creation and liquidation

2.1 The RMS is created and liquidated based on the order of the General Director of XXX LLC.

2.2 The organizational structure of the RMS is agreed upon with the State Directorate of Regional Development, the First Deputy General Director, the Deputy General Director for Personnel and is approved by order of the General Director of XXX LLC. Proposals to change the organizational structure are made by the Head of the RMS or ZGDRUR.

2.3 The staffing table of the RMS is coordinated with the State Department of State Development and Management of the Russian Federation, the State Revenue Office for Personnel of XXX LLC and is approved by order of the General Director of XXX LLC. Proposals to change the staffing table are made by the Head of the RMS or ZGDRUR.

2.4 The number and name of divisions included in the RMS, the number of employees working in them may change depending on the organizational, functional and structural changes of the Company, changes in the specifics of its activities. Changes to the Goals and Organizational and functional structure of the RMS are coordinated with the State Budgetary Inspectorate of the Russian Federation, the State Register of Personnel and are approved by order of the General Director of XXX LLC. Proposals are made by the Head of the RMS.

3 Organizational structure

3.1 The organizational structure of the RMS is built on a linear principle.

3.2 The organizational and functional structure of the department’s RMS is given in Appendix A “Organizational and functional structure of the Risk Management Service”.

3.3 The activities of structural divisions within the RMS are regulated by the relevant Regulations: Regulations “On the Risk Management Service of XXX LLC”, other regulatory documents.

3.4 The RMS is headed by the Head of the Service, whose activities are regulated by the “Regulations on the Head of the Risk Management Service of LLC XXX”.

3.5 Risk managers are directly subordinate to the Head of the RMS.

3.6 The procedure for appointment to a position and dismissal from a position, the distribution of responsibilities within the RMS is determined by the job descriptions of the department’s employees, approved by the State Duma for Personnel of XXX LLC.

4.1 The main goal of the RMS is to organize measures to prevent or minimize the company’s losses and build an effective risk management system.

4.2 The sub-goals of the RMS are:

4.2.1 Improvement of risk management assessment methodologies;

4.2.2 Identification, assessment and treatment of risks;

4.2.3 Monitoring the adequacy and effectiveness of applied risk treatment methods (policies);

4.2.4 Monitoring compliance with decisions made to manage key risks.

5 Functions

5.1 Carrying out targeted work to identify threats of losses and determine the sources of risks within the framework of aggregate risks assigned to the risk manager (analysis of reporting, organization of audits and control checks, analysis of management decisions, analysis of the causes of deviations, etc.).

5.2 Regular risk assessment, assessment of the quality and effectiveness of the current risk management system.

5.3 Creation and maintenance of up-to-date Risk Maps for each of the aggregated risks. Formation of priority tasks (key success factors) to achieve risk management goals.

5.4 Development of a methodology for managing each of the aggregated risks (concepts, risk management policies, risk specifications, etc.), organizing approval of the developed methodology, developing and maintaining up-to-date goals in the field of risk management.

5.5 Direct organization of all necessary activities to achieve risk management goals in the area of ​​responsibility, including:

5.5.1 planning activities to build a management system for assigned risks and achieve established risk management goals;

5.5.2 development, coordination and organization of setting goals for detailed risks that are in the area of ​​responsibility of line managers, managers and risk owners;

5.5.3 organizing the launch of the necessary organizational and managerial forms of work to achieve risk management goals in the area of ​​responsibility (committees, ad hoc groups, meetings, etc.), active participation in their work;

5.5.4 organizing interaction and initiating the necessary control actions to solve the problems of managing assigned risks with Managers and Owners of detailed risks, with managers and officials of the company at all levels of management;

5.5.5 other necessary measures.

5.6 Monitoring the achievement of goals to keep assigned risks within specified limits.

5.7 Preparation of reports at established intervals on the effectiveness of risk management in the area of ​​one’s responsibility for the Head of the Risk Management Service and the Enterprise Management.

5.8 Maintaining an archive of data on realized, emerging and potential risks in the area of ​​their responsibility.

6 Interactions

6.1 Interaction with structural divisions of XXX LLC

6.1.1 Interaction is based on the principles enshrined in documents regulating relationships with functional units on all issues of activity.

6.1.2 Interaction is carried out with all divisions of XXX within the framework of risk management of XXX activities.

6.2 Interaction with companies in the Distribution segment

6.2.1 Interaction is based on the principles of managing the “Distribution” segment, enshrined in the following documents:

6.2.1.1 Principles of management of the “Distribution” segment (project);

6.2.1.2 Interaction with companies in the Distribution segment within the framework of information exchange in order to effectively support the operational activities of ESD.

6.3 Interaction with structural divisions of LLC XXX

6.3.1 Interaction is based on the principles enshrined in the following documents:

6.3.1.1 “Initial principles of information interaction between LLC XXX and CJSC Firm LLC XXX dated October 29, 2003, No. PRN-01/01;

6.3.1.2 Interaction with structural divisions of LLC XXX within the framework of information exchange in order to effectively support the operational activities of ESD.

6.4 Interaction with external companies

6.4.1 Interaction is based on the principles enshrined in the following documents:

6.4.1.1 “Concept of work of XXX LLC with the external environment in the regions” dated August 27, 2001 No. K-5;

6.4.1.2 “Procedure for information exchange with counterparties” dated July 24, 2002 No. PR-502;

6.4.1.3 “The procedure for the participation of company employees in external audits” dated April 17, 2003 No. PR-606;

6.4.1.4 “Procedure for handling personal requests from employees of XXX LLC and external contractors” dated December 31, 2003 No. PR-636.

6.4.2 Interaction with external companies on obtaining information, documentation and consulting services in order to effectively support the operational activities of ERM.

6.4.3 When performing tasks and functions related to matters of the following nature:

1. Strategic issues.

2. Methodological issues;

3. Issues of an intercompany nature (i.e. affecting the interests of different companies of the group);

4. Significant questions regarding the amount;

5. Issues of long-term impact on the company’s activities;

6. Issues that the department’s employees encounter for the first time in their practice;

7. Other issues that the department’s employees cannot resolve due to a lack of working and time resources, or these issues cannot be effectively resolved by the RMS, the Head of the RMS has the right to initiate before the General Director of XXX LLC the involvement of specialists - external consultants for consultations on the data issues, in accordance with the Regulations of XXX LLC “On attracting external consultants to provide consulting and information services.”

The competence of the Head of the RMS includes making management decisions based on recommendations presented by external consultants, as well as introducing them into the practice of the unit.

7 Planning the activities of the Division

7.1 Planning of the activities of the RMS is carried out on the basis of the “Regulations on the strategic planning of LLC XXX” (P-509 dated 04/21/07), “Regulations on planning the activities of departments” (P-283 dated 06/05/01), and the Action Plan to achieve the strategic goals of the company for the year, monthly operational plans and budgets, Orders and Directives of the General Director of XXX LLC.

7.2 The strategic goals of the RMS for the year are established by the Head of the RMS, agreed upon with the State Department of Regional Development, the First Deputy General Director and approved by the General Director of XXX LLC;

8 Reporting on the work of the Division

8.1 RMS reporting is carried out in accordance with the “Regulations on reports in LLC XXX” (P-250 dated 09/08/00).

8.2 Based on the results of the implementation of the Strategic Plan for the year, the Head of the RMS presents the First Deputy General Director and the General Director of XXX LLC with an Annual Report on the activities of the RMS and the achievement of strategic goals.

8.3 Based on the results of the implementation of the operational (monthly) work plan of the RMS, the Head of the RMS provides a report to the Deputy General Director for Development and Risk Management.

8.4 Reporting and analytical materials of the RMS may be provided to other divisions and employees of the Company in agreement with the Head of the RMS, the Deputy General Director for Development and Risk Management or the General Director of XXX LLC.

9 Key performance indicators

9.1 The indicators given in Appendix B “Key performance indicators of the Risk Management Service” are accepted as key performance indicators of the RMS, on the basis of which the results of its activities are assessed.

9.2 Absolute and relative values ​​of key performance indicators are planned for the RMS as part of strategic planning for the year ahead and are recorded in the Company’s strategic plans. The actual values ​​of indicators are recorded as part of reports on the execution of strategic plans.

10 Rights and powers

The RMS is endowed with all the rights and powers necessary to perform its functions. The rights and powers of the RMS are exercised by the Head of the RMS:

1. Submits proposals for improving the activities of the Company and its structural divisions for consideration by the General Director and the Management Board of XXX LLC.

2. Participates in the preparation of long-term development plans for the Company and drawing up the budget.

3. Gets acquainted with draft decisions of the Company’s management regarding the activities of the RMS, as well as an assessment of the effectiveness of the RMS.

4. Receives from the management of XXX LLC information regarding the activities of the RMS, and any other information necessary for the full operation of the RMS.

5. Spends the Company’s funds within the budget of the FO LLC “XXX”

6. Involves consultants, individuals and legal entities, to work within the approved budget, with the conclusion of appropriate agreements.

7. Sends methodological recommendations to the structural divisions of XXX LLC, gives instructions and expert advice on issues within the competence of ESD.

8. Gives opinions, within its competence, on draft regulatory documents submitted for approval.

9. Sends documents prepared in violation of existing requirements to the structural divisions of XXX LLC for revision.

10. Requests and receives from the structural divisions of XXX LLC the necessary information to the extent necessary to solve the problems of the RMS.

11. Controls the activities of the department.

12. Submits for consideration by the General Director and the Management Board proposals on rewarding distinguished employees and applying, in the prescribed manner, disciplinary measures provided for by law and internal regulatory documents to employees guilty of violations of the law, internal regulations and other regulatory documents of the Company.

13. Endorses all documents related to the activities of the Company regarding the activities of the department.

11 Responsibility

11.1 The Head of the RMS is responsible to the General Director of the CJSC Firm "LLC XXX" for achieving the set goals and implementing the Strategic Development Plan in terms of risk management of the Company in accordance with the Labor Code and the legislation of the Russian Federation.

11.2 The head of the RMS is responsible for risks arising in the area of ​​competence of the RMS.

Since January 2018, microfinance companies (hereinafter referred to as MFCs) are required to create a risk management system in accordance with the requirements of the basic standard for risk management of microfinance organizations approved by the Bank of Russia on July 27, 2017. Specialists from U-Piter Consulting have compiled a practical guide for microfinance companies and document templates for meeting the requirements of the basic standard:

A. Basic documents on risk management of a microfinance company:

  1. Risk Management Regulations.
  2. Order on approval of the risk management regulations.
  3. Credit Risk Regulations.
  4. Liquidity Risk Statement
  5. Regulations on operational risk, with an attached form for reporting the implementation of operational risk and a database of operational risk events.
  6. Legal risk provision.
  7. Regulations on the risk of loss of reputation (reputational risk).
  8. Regulations on regulatory risk.

B. Register and risk map of a microfinance company:

  1. Risk register.
  2. Risk map.
  3. Credit risk passport (filling example).
  4. Operational risk passport (filling example).
  5. Passport for the risk of loss of business reputation (filling example).
  6. Strategic risk passport (filling example).
  7. Market risk passport (filling example).
  8. Legal risk passport (filling example).
  9. Liquidity risk passport (filling example).
  10. Interest risk passport (filling example).
  11. Regulatory risk passport (filling example).

Each passport discloses external and internal sources of risk (risk factors), the consequences of each risk (scenarios for the development of events) and an assessment of their impact on microfinance activities.

B. Training of microfinance company employees under the risk management program:

  1. Risk management training program for microfinance company employees.
  2. Annual plan for the implementation of a training program for microfinance company employees in risk management methods and tools
  3. Order approving the list of employees required to undergo risk management training.
  4. Certificate of completion of risk management training by an employee of a microfinance company.
  5. Attestation sheet on the results of testing the knowledge of employees of a microfinance company in risk management.
  6. Tests to test the knowledge of microfinance company employees in the field of risk management
  7. Annual plan for testing the knowledge of microfinance company employees in the field of risk management (risk management methods and tools).
  8. Educational and methodological material on risk management for employees of a microfinance company.

D. Additional documents

  1. Order on the appointment of a risk manager for a microfinance company.
  2. Regulations on the risk management division.
  3. Job description of the head of the risk management department.
  4. Job description of a risk management specialist.

D. Internal reporting of the risk manager on the risk management system.

  1. Regulations on the internal reporting system for risk management of a microfinance company.
  2. Plan for conducting inspections of the risk management system for the calendar year.
  3. Risk manager's report on risk management for the calendar year.

E. Additional documents on risk management:

  1. Additional agreement to the employment contract with employees of a microfinance company.
  2. Changes and additions to the job descriptions of microfinance company employees.
  3. Changes and additions to the regulations of the structural divisions of a microfinance company.

Cost of practical aid 34500 rub.

Would you like to purchase individual documents from the practical guide? Follow the link. Select the document you need and pay in one click. Documents are provided on the day of payment to the email you provide.

Sample regulations on the risk management department of a microfinance company

Sample provision on credit risk of a microfinance company

All documents have been prepared taking into account the specifics of microfinance activities and are not standard templates downloaded from the Internet or from legal reference systems. The documents were developed by our specialists who have many years of experience in legal support of microfinance organizations. Each document is compiled:

  1. taking into account the legal status of a microfinance company with a principal amount outstanding on issued microloans and other loans of less than one billion rubles as of December 31 of the previous year, which implies the appointment of a single risk manager and the absence of a risk management unit;
  2. The listed documents were developed for a microfinance company that has created a risk management division with at least two employees.
  3. based on the requirements of the Bank of Russia and self-regulatory organizations in the field of microfinance activities;
  4. based on Russian and foreign risk management standards:
  • Basic standard for risk management of microfinance organizations (approved by the Bank of Russia (Minutes No. KFNP-26 dated July 27, 2017)) (approved by the Committee on Standards of Microfinance Organizations at the Bank of Russia (Minutes No. 3 dated July 19, 2017));
  • International Financial Reporting Standard (IFRS) 9 Financial Instruments;
  • A Guide to the Project Management Body of Knowledge (PMBoK);
  • National standard of the Russian Federation GOST R 51897-2011 / ISO Guide 73:2009 "Risk management. Terms and definitions" (approved by order of the Federal Agency for Technical Regulation and Metrology dated November 16, 2011 N 548-st);
  • National standard of the Russian Federation GOST R MSO 31000-2010 "Risk management. Principles and guidance" (approved by order of the Federal Agency for Technical Regulation and Metrology dated December 21, 2010 N 883-st);
  • National standard of the Russian Federation GOST R ISO/IEC 31010-2011 "Risk management. Risk assessment methods" (approved by order of the Federal Agency for Technical Regulation and Metrology dated December 1, 2011 N 680-st);
  • National standard of the Russian Federation GOST R 51901.21-2012 "Risk management. Risk register. General provisions" (approved by order of the Federal Agency for Technical Regulation and Metrology dated November 29, 2012 N 1285-st);
  • National standard of the Russian Federation GOST R 51901.22-2012 "Risk management. Risk register. Construction rules" (approved by order of the Federal Agency for Technical Regulation and Metrology dated November 29, 2012 N 1285-st)";
  • National standard of the Russian Federation GOST R 51901.23-2012 "Risk management. Risk register. Guidelines for assessing the risk of hazardous events for inclusion in the risk register" (approved by order of the Federal Agency for Technical Regulation and Metrology dated November 29, 2012 N 1285-st)" .

We recommend reading