The Bank also manages legal, reputational, country and other risks.
Legal Risk
Legal risks concern possible damages to the Bank arising from internal and external legal factors.
Internal risk factors include:
• Non-adherence to the applicable legislation;
• Internal documentation inconsistent with the applicable legislation, as well as the Group’s inability to bring its activity and internal documents in line with changes in legislation in a timely manner;
• Insufficiently accurate analysis of the legal risks of new products, operations and technology.
External risk factors include: • An imperfect legal system;
• Breach of contract conditions by the Bank’s clients or counter parties;
• The Bank’s and/or its clients’ subsidiaries being located in jurisdictions of various governments.
Legal risks are managed with the goal of reducing or eliminating possible losses, specifically in terms of court- awarded monetary funds.
The Legal Department monitors legal risks, while the Tax Department monitors tax risks.
Legal risks are managed according to the following principles:
• Standard contract forms provisionally agreed upon by all respective parties of the Bank, specifically by the units responsible for risk management that the transaction contains;
• Most transactions are made based on standard contract forms;
• Only in exceptional instances are transactions made based on non-standard contracts that the Legal Department approves;
• Contracts are signed only after the counter party’s credentials have been verified;
• Utmost attention is paid to the legal risk assessment of the property put up for collateral. The pledgor has to show a full list of documents that confirm his legal property rights to the object used as collateral.
Reputational Risk
Reputational risks occur when people form a negative opinion of the Bank. These risks are managed according to the following main principles:
• The Bank fulfills all its obligations in a timely manner to clients and counterparties, and adheres to all applicable legislation and norms of business etiquette;
• Obligatory due diligence is conducted on counterparties and clients in accordance with the on Anti-Money- Laundering, Illegal Funds and Anti-Terrorism Acts;
• A system is used to prevent price manipulation on the securities market;
• The MDM Bank Public Relations Department monitors external information on the Bank and sets in motion steps and previously developed regulations to counter negative information and news flow.
In 2008, MDM Bank’s Board of Directors developed and approved the “Policy on Managing Compliance Risks for MDM Bank and its Subsidiaries.” The document describes the structure of the compliance system as well as the main regulatory, reputational and financial risks. As per the document, the main principles of the compliance risks were developed, particularly recommendations to identify and prevent them.
The main compliance principles are as follows:
• Adherence to legislation and internal rules and standards is an absolute requirement for all Bank units and employees, as well as key to the decision-making system;
• When fulfilling the Bank’s duties, it is not only necessary to adhere to the legislation and requirements of the regulatory bodies, but also to assess how the Bank’s decisions and actions correspond to its values, and to take into consideration the interests of all its shareholders;
• MDM Bank is continuously improving its approach to identifying, analyzing and managing compliance risks and provides the necessary qualification level for its employees in managing these risks.
To fulfill these tasks, the Compliance Control Department was formed, combining two units: the Financial Monitoring Department, the main functions of which are to develop and fulfill the internal control rules and other internal organization measures to identify and prevent money laundering and the financing of terrorism; and the Financial Market Operations Compliance Control Department, which oversees the Bank’s adherence to required legislation, financial markets legal norms acts, internal rules and professional participant securities market procedures.
The department’s main tasks are to manage compliance risks efficiently, and to counsel the Bank’s executive bodies on the laws, rules and standards in relation to compliance risk management. The department also counsels the Bank’s executive bodies on training personnel on compliance risk issues, develops policies, procedures and other documents on compliance control, as well as identifies and analyzes compliance risks.
The Compliance Control Department answers directly to the Chairman of MDM Bank’s Management Board and presents on a regular basis the Management Board and the Board of Directors consolidated reports which identify risks and detail measures to reduce them.
The Compliance Control Department’s operation in accordance to the “Policy on Managing Compliance Risks to MDM Bank and its Subsidiaries” has enabled the Bank to minimize its risks and maintain its strong reputation.
The Internal Audit Department’s main goal is to provide for the efficient operation of the Bank’s units by internally auditing activities and presenting independent and objective recommendations on improving the quality of the internal control system, risk management and corporate governance.
The department’s employees are on the staff of the Bank’s Head Office, although the department is an independent structure answering functionally to the Board of Directors’ Audit and Risk Committee, which independently assesses the operations of the internal auditors. Additionally, for administrative purposes the department reports to the Chairman of the Management Board to ensure efficient reporting on the internal control system to the Bank’s senior management.
The Internal Audit Department interacts with the Bank’s external auditor, and, when necessary, informs it on all current events for the Bank’s activity.
The department’s director reports on a monthly basis to the Audit and Risk Committee and prepares a report for the Board of Directors twice yearly. The department’s director also participates in weekly management meetings and is part of the Bank’s Main Management Council.
Key Developments in 2008
In 2008, thirty-six people worked in the Internal Audit Department, including four IT audit specialists. All of the department’s employees are highly qualified specialists with significant experience working in large global auditing firms or similar departments in other large banks. Three of the employees are qualified as Certified Information Systems Auditors (CISA). Four of the department’s employees are part of the Bank’s Revisiory Commission.
One of the department’s most important activities in 2008 was auditing the Bank’s regional branch offices. Consequently, the Network Audit Department and the Local Regional Auditors Department were set up as part of the department’s structure to ensure timely and regular audits, and to monitor implementation of the auditors’ recommendations. Every regional bank has at least one employee in the Internal Audit Department, whose specialists in the regions operate in accordance to the approved annual plan, assess the efficiency of the internal control system at the branches, and participate in unscheduled reviews. They answer to the Department’s director and provide independent and objective spot-audits.
In 2008, the department developed, introduced and began using use the E-DVA automated report and control system. This system offers a combined database that, from the audits, contains all the department’s recommendations and comments to the responsible party in the Bank, which can be ranked according to importance, as well as their completion status. All relevant departments in the Bank’s have access to the E-DVA system and report online on completing the audit recommendations.
The E-DVA system allows for the following: • Saving all audit recommendations;
• Constant control over their completion by the responsible employees of the Bank; • Drawing up analytical reports to assess risks according to the type of the Bank’s activities; • Operations planning and assessment of work efficiency of the Internal Audit Department;
The Department also updated a previously developed risk assessment method which is used to assess risks yearly and to plan the Department’s activities. The allocation of audited units was revised and supplemented and the list of factors was updated and is used to assess inherent risk. The Compliance Control Department’s director and those responsible for corresponding business processes were included in the main expert group to assess control risk.
The Internal Audit Department’s review plan for 2009 was developed taking a risk-informed approach. The Bank’s main risk areas are reviewed on a yearly basis. The annual plan incorporates the possibility to conduct spot audits if the Bank’s management is requested to do so.
At the end of 2008, the Internal Audit Department reviewed the strategy and action plan for the fourth quarter of 2008. The changes will allow for the following:
• Maximum rational use of the department’s resources; • Maximum relevance of the audit remarks;
• Timely assessment of risks that arise during a period of financial crisis; • Reduction in expenses for audits.
Plans for 2009
The department plans to regularly review in 2009 the audit recommendation fulfillment and to follow their enactment continuously via the E-DVA system. The department plans to initiate a new automated audit format.
Under 18–25 25–30 30–40 40–50 50–60 Above 18 60 Male Female MDM Bank Employees 1,400 1,200 1,000 800 600 400 200 0 2007 2008 Head Office Regional Network 4,500 4,000 3,500 3,000 2,500 2,000 1,500 1, 000 500 0
A concerted effort was made in 2008 to implement the plans that fell under the Bank’s comprehensive employee strategy, approved at the end of 2007.
Systematic integration of professional operations in the Bank’s business strategy became the main focus in conducting a number of planned events, which transformed the Bank’s Human Resources Department from its original role as an administrative service unit to a full HR partner for all of the Bank’s business units.
The HR Department’s main task is creating an environment for the Bank’s employees that engenders real participation from each employee in the business.
In 2008, the following tasks were prioritized: introducing an incentive system; ensuring efficiency in personal and team operations; improving professional qualifications; and developing personnel.
A new regulatory framework was approved in MDM Bank in 2008, which incorporated the best global HR practices and took into account business strategy priorities, as well as the specifics of the Bank’s operating model. An instrument that allowed for the analysis of the Bank’s employees’ functional responsibilities was developed, thereby enabling systemization of information on the activities of units and individual employees, and by extension the use of the organization’s professional potential most efficiently.
The personnel records were fully automated during the past year, with all of MDM Bank’s affiliates switching to a new IT platform that optimizes documentation management and significantly saves work time for HR specialists.