Otkritie Broker Ltd RISK MANAGEMENT DISCLOSURES

Transcription

1 Otkritie Broker Ltd RISK MANAGEMENT DISCLOSURES YEAR ENDED 31 DECEMBER 2016 May 2017 Disclosures in accordance with the Cyprus Securities and Exchange Commission Directive DI and in accordance with Part Eight of Regulation (EU) No 575/2013 of the European Parliament and of the council of 26 June 2013 on prudential requirements for credit institutions and investment firms

2 CONTENTS 1 General information and scope of Requirements of the Legislation Governance Board and Committees The Board Board Recruitment Diversity Policy Risk Management Committee Investment Committee Number of directorships held by members of the Board Information flow on risk to the Management Body Risk Management Objectives and Policies Risk Management Framework Risk Manager Internal Audit Compliance Officer Money Laundering Compliance Officer Risk Statement Board Declaration Adequacy of the Risk Management arrangements Capital Management Capital Base Capital Requirements Credit Risk Market Risk Currency Risk Operational Risk Liquidity Risk Remuneration Annex I Risk Statement Annex II BALANCE SHEET RECONCILIATION Annex III OWN FUNDS DISCLOSURE TEMPLATE

3 1 General information and scope of Requirements of the Legislation This report pertains to the Disclosure and Market Discipline of Investment Firms regulatory obligation, in accordance with the provisions of Part Eight of Regulation (EU) No 575/2013 of the European Parliament and of the council of 26 June 2013 on prudential requirements for credit institutions and investment firms (hereinafter the CRR or Regulation ) and paragraph 32(1) of DI of the Cyprus Securities and Exchange Commission (the CySEC ) for the prudential supervision of investment firms (hereinafter the CRDIV or Directive ). Under this regulatory obligation Otkritie Broker Ltd (hereinafter the Company ) is obliged to provide information on its risk management, capital structure, capital adequacy, its risk exposures as well as the most important characteristics of the Company s corporate governance including its remuneration system. The scope of these disclosures is to promote market discipline and to improve transparency of market participants. The information that the Company discloses herein relates to the year ended 31 December Principal Activities The Company is licensed by CySEC as a financial services firm, under license number 294/16, which entitles the Company to operate locally. According to its CIF license, the Company is authorized to provide the following investment and ancillary services: Reception and transmission of orders in relation to one or more financial instruments Execution of orders on behalf of clients: Safekeeping and administration of financial instruments, including custodianship and related services Granting credits or loans to one or more financial instruments, where the firm granting the credit or loan is involved in the transaction Foreign exchange services where these are connected to the provision of investment services Scope of Disclosures The Company is controlled by Otkritie Broker Joint Stock Company, incorporated in Russia, which owns 100% of the Company's shares. The Pillar 3 Disclosures for the year ended 31 December 2016 are prepared on an individual (solo) basis. 3

4 Disclosure Policy In accordance with the Article 433 of the Regulation (EU) No.575/2013, financial institutions are required to publish the disclosures, required in by Part Eight of the Regulation (EU) No.575/2013 at least on an annual basis. The Company is required according to the Directive DI of CySEC (the Directive ) to provide a copy of the auditor s verification report to CySEC, five months after the end of each financial year, at the latest. The Company discloses information in relation to its capital requirements on an annual basis. The disclosures are published on the Company s website in conjunction with the date of publication of the financial statements. 2 Governance Board and Committees 2.1 The Board The Company s Board of Directors comprises of four members, two of which are non-executive directors and independent of the Company s executive management function. The Company appoints non-executive directors of individuals with reputation, experience and well known in the business community for their skills and abilities, who can assist the Company to achieve its goals. At least one executive director is physically located in the Cyprus Head Office of the Company. The major duties of the Board of Directors of the Company are: To evaluate the policies and procedures of the Company on a regular basis and ensure that these are in accordance with applicable legislation To meet on a frequent basis to ensure that operational and strategic issues are discussed and issue guidance to the executive officers and Senior Management To receive from the functions of internal audit, compliance and risk management written reports with regard to the matters covered in paragraphs 5, 6, and 8 of Directive DI To ensure that internal audit, compliance and risk management issues and functions are reviewed at least annually To address any issues raised by the regulators and define the action to be taken in case corrective measures are required The Board is responsible for the monitoring of the internal control mechanisms of the Company to enable prevention of activities outside the scope and strategy of the Company and the prevention of any unlawful transactions, the identification of risks, and the timely and adequately flow of information. The Board has also a number of duties and responsibilities in relation to the 4

5 Company s ICAAP, these shall be detailed in the ICAAP Manual of the Company. Furthermore, the Board shall pass a resolution for selecting a service provider or individual for outsourcing 2.2 Board Recruitment Responsible for the Human Resource Management shall be the Senior Management of the Company. The Senior Management shall exclusively deal with the recruitment and appointment of new members of the staff, the replacement of any departing members, and the introduction to the Board of Directors of members or entities that shall occupy positions with seniority level such as Directors, General Managers. The recruitment policy for the selection of members of the management body is based on their actual knowledge, skills and expertise by evaluating the balance of skills, knowledge, experience and diversity currently in place. The structure is subject to annual review. Specifically the persons who direct the business must comply with the following: Hold an academic and / or have professional qualifications relevant to the assigned responsibilities. Previous experience relevant to the assigned responsibilities Very good knowledge of Greek or/and English. Sufficiently good repute as to ensure the sound and prudent management of the CIF. 2.3 Diversity Policy The Senior Management recognizes that successful businesses flourish by embracing intellectual, experiential, geographical and skills diversity as well as other factors such as gender, marital status, race, age, sexual preference and orientation, color, creed, ethnic origin, religion or belief, disability and trade union affiliation. The Senior Management is committed to promoting an inclusive culture across all levels that is reflective of the communities in which the Company operates. 2.4 Risk Management Committee The Risk Management Committee s function assesses and identifies the risks undertaken by the Company and guarantees that the Company has a well-defined policy regarding the assumption, follow up and management of risks and communicates this policy accordingly to each of the Company s Departments as well as to external third parties where appropriate. The Committee is supported by the Company's Risk Management Function. The Risk Management Committee consists of three (3) members, the CEO (chairman), the COO and the Risk Manager. 5

6 The responsibilities of the Risk Committee are: a) Scrutinize, and decide on various risks associated with the operation of the Company with the view to increase the awareness of, formulate internal policies and measure the performance of the said policies in dealing with the risks associated with the operation of the Company b) Review the risk management procedures in place c) Review, discuss, elaborate and amend, if necessary, the policies of the Company, on a yearly basis, prior to the approval of the Board d) Monitor and control the Risk Manager in the performance of his/her duties and the effectiveness of the Risk Management Department e) Review and evaluate the functions of all Departments, and operations in respect of identification of all major risks to the Company s business and their relative weight f) Effect control in respect of the adequacy of the Risk Manager s assessment of risks, his plans for risk control or mitigation, and disclosure g) Where necessary, review and approve the Company s Risk Management Disclosure h) In cooperation with the Risk Manager of the Company review, assess and discuss with the Board of Directors, the Senior Management, the persons or entities responsible for the Compliance and Internal Audit Functions, the Chief Accountant and the Independent Auditor: (i) Any significant risks or exposures (ii) The steps Senior Management has taken to minimize such risks or exposures (iii) The Company s underlying policies with respect to risk assessment and risk management i) Recommend specific risk limits for each of the Company s recommended investments, Clients, markets and products j) Recommend specific risk limits for the Company s operational units k) Recommend specific stop loss control limits l) Review and monitor the Company s Capital Adequacy Returns and Statements of Large Exposures m) Review and monitor the Company s balance sheet and financial figures n) Monitor and review the Company s liquidity management. o) Maintain systematic supplier cooperation with the information services end- users in all phases of development, operation and evaluation of the information applications of the Company s system p) Supervise the Disaster Recovery Plan q) Monitor the policies in relation to the Brokerage Department The Risk Management Committee met nine (9) times during Investment Committee The Investment Committee has been established to assist the Board of Directors with all investment-related matters, with regard to the provision of the brokerage services. The 6

7 Investment Committee s main role is to establish investment guidelines and supervise the Company s investment activities. An Investment Committee is formed to ensure the practice of a proper investment policy and the monitoring of the provision of adequate investment services to Clients. The Investment Committee shall report to the Senior Management and shall be consisting of: CEO COO Head of Brokerage Department and Risk manager Responsibilities of the Investment Committee to supervise the proper choice of investments (framework for investment decisions) to analyze the investment potential and contribute to the elaboration of the investment policy, as applicable to oversee strategies, and programs of the Company; to determine the Company s pricing policy to decide upon the markets and types of Financial Instruments in which the Company shall be active to determine the mode, content and frequency of the Client s briefing. to brief the Compliance Officer and Internal Auditor regarding the financial instruments in which the transactions will be executed to analyze the economic conditions and the investment alternatives based on a thorough examination of third party reports to periodically review the established brokerage policy and to use the recommendations of the Head of the Brokerage Department. Such a review shall also be carried out whenever a material change occurs to monitor investment performance against agreed targets including a review of investment proposals and strategies to provide asset valuations, where necessary review of decisions taken by the Chief Operating Officer in relation to the granting of credits or the use of margins by clients The Investment Committee will prepare official reports at least twice a year to the Board of Directors and will propose any necessary actions with respect to the Investment Activities of the Company. The Investment Committee will review and reassess the adequacy of its present duties and responsibilities, as stated within the Company s Manual, at least annually and recommend any proposed changes to the Board of Directors for approval. Any decisions of the Investment Committee shall be committed in the form of written resolutions. Such resolutions of the Investment Committee as well as the Investment Policy Statements and 7

8 Strategies, approved by the Board of Directors, shall be duly filed and kept within the records and internal documents of the Company. 2.6 Number of directorships held by members of the Board The table below provides the number of directorships a member of the management body of the Company holds at the same time in other entities. Directorships in organizations which do not pursue predominantly commercial objectives, such as non-profit-making or charitable organizations, are not taken into account for the purposes of the below. Directorships within the same group are treated as single directorship, as specified in the CySEC Circular CI and in the Investment Services and Activities and Regulated Markets Law of 2007 (Law 144(I)/2007) ( the Law ), as amended from time to time. Name of Director Position within Otkritie Broker Directorships Executive Irina Nesterova Chief Executive Officer - - Valeriia Avksenteva Chief Operating Officer - - Adonis Yiangou Independent Non-Exe. Director - 3 Xenia Neophytou Independent Non-Exe. Director 1 1 Note: The information in this table is based only on representations made by the Company. Directorships Non- Executive 2.7 Information flow on risk to the Management Body The Board is updated regarding any risk issues by the Risk Manager and is informed of the Risk Management Committee resolutions. In addition, it receives reports on internal audit, compliance and money-laundering issues at least annually. The following table presents the main pieces of information provided to the Board on risk-related issues: Information Report prepared by: Report received by: Frequency Risk Management Report Risk Manager Board, CySEC Annually Internal Audit Report Internal Auditor Board, CySEC Annually Compliance Report Compliance Officer Board, CySEC Annually AML Compliance Money Laundering Report Compliance Officer Board, CySEC Annually Suitability Report External Auditor Board, CySEC Annually Audited Financial Statements External Auditor Board, CySEC Annually 8

9 3 Risk Management Objectives and Policies 3.1 Risk Management Framework The Company aims to embed explicit and robust risk management practices in all areas of the business, from the initial design of its business strategy to the sale of services and products to its customers, so as to ensure that the level of risk it faces is consistent with the Board of Director s approved risk appetite levels and corporate objectives. This is achieved by implementing a sound, coherent and comprehensive risk management framework for the identification, assessment, monitoring and control of risks within the Company. The Company s risk management framework improves the service provided to customers, enhances the productivity and cost effectiveness, and protects and maximizes shareholder value. It also allows the Company to adapt and meet challenges in a structured way, so that it can continuously align its strategy and business objectives against a background of changing risk. The Company s risk management framework is based on the following key elements: Corporate governance and risk governance and following of good practices in setting up corporate governance arrangements; Risk culture and building of environment of risk awareness within the Company; Development of formal policies and procedures to monitor, identify, assess, report, and manage various risks and regular review by the senior management and the board of directors of appropriateness of policies and procedures; Determination of risk tolerance and risk appetite levels The Company s risk management framework has been developed to: ensure that the Company maintains an appropriate level of capital adequacy and insures that the total risk taken across the Company is not greater than the Company s ability to absorb losses allow the Company to proactively manage its risks in a systematic and structured way and to continuously refine its processes in order to reduce its exposures to risks to appropriate level and ultimately its capital requirements ensure appropriate strategies are in place to mitigate or transfer risks ensure that risk management is an integral part of the Company s process of strategic decision making and capital planning help to create a culture of risk awareness at all levels within the Company engage the Company s management in monitoring, reviewing, reporting and managing of identified risks, as well as consider new and emerging risks on a continuous basis 9

10 3.2 Risk Manager The Risk Manager is appointed by the Board and ensures that all the different types of risks taken by the Company are in compliance with the Law and the obligations of the Company under the Law, and that all the necessary procedures, relating to risk management are in place. The Risk Manager shall report to the Senior Management of the Company. The Risk Manager is responsible for: Complying and implementing the relevant provisions of the Law, relating to risk management issues Requiring sufficient information from all the relevant departments of the Company, as applicable Educating and training the personnel of the Company on risk-related issues Examining the financial results of the Company Engage into and fulfil his/her ICAAP related duties and responsibilities as these shall be detailed in the ICAAP Manual of the Company Regulatory Compliance Regarding Financial Information - to prepare and submit the following reports necessary for complying with the Company s regulatory compliance obligations: Capital Adequacy Report Tables at the frequency requested by CySEC, as applicable Large Exposure Tables at the frequency requested by CySEC, as applicable Any other reports required, as applicable. The Risk Manager shall always exercise his duties with due diligence. 3.3 Internal Audit The Company, taking into account the nature, scale and complexity of its business activities, as well as the nature and the range of its investment services and activities, shall establish and maintain an internal audit function through the appointment of a qualified and experienced Internal Auditor. The Internal Auditor is outsourced to an external provider and reports to the Senior Management of the Company. The Internal Auditor is responsible for applying the Internal Control System (hereinafter, the ICS ), which confirms the accuracy of the reported data and information. Furthermore, the role of the Internal Auditor shall be the programming, on an at least annual basis (as applicable), of checks on the degree of application of the required ICS. The Internal Auditor has clear access to the Company s personnel and books. Likewise, the Company s employees have access to the Internal Auditor for the reporting of any significant deviations from the guidelines provided. The Board ensures that internal audit issues are considered when presented to it by the Internal Auditor and appropriate actions are be taken. The Board ensures all issues are dealt with and prioritized according to the Board s assessment. 10

11 3.4 Compliance Officer The Board ensures regulatory compliance through a comprehensive and pro- active compliance strategy. To this end, the Board, taking into account the nature, scale and complexity of its business activities, as well as the nature and the range of its investment services and activities, established and maintains a Compliance function through the appointment of a qualified and experienced Compliance Officer. The Compliance Officer is of permanent and independent nature in order to establish, implement and maintain adequate and effective policies and procedures as well as appropriate systems and controls designed to detect any risk of failure by the Company to comply with its obligations. Further to this, the Compliance Officer is responsible to, put in place such adequate measures and procedures designed to minimize such risk and to enable the competent authorities to exercise their powers effectively. The Compliance Officer reports to the Senior Management of the Company. The Compliance Officer is independent and permanent, and it has the necessary authority, resources, expertise and access to all relevant information and exercise his duties with due diligence. 3.5 Money Laundering Compliance Officer The Board retains a person to the position of the Company s Money Laundering Compliance Officer (hereinafter the MLCO ) to whom the Company's employees should report their knowledge or suspicion of transactions involving money laundering and terrorist financing. The Company s MLCO and Compliance Officer are the same person. The MLCO belongs to the higher hierarchical levels/layers of the Company so as to command the necessary authority. The MLCO leads the Company s Money Laundering Compliance procedures and processes and reports to the Senior Management of the Company. Once a Company employee reports his/her suspicion to the MLCO he/she shall be considered to have fully satisfied his/her statutory requirements, according to the Law 188(I)/2007 and the CySEC Directive DI of 2012 & 08(Α) of 2016 regarding the prevention of money laundering and terrorist financing, as amended. At all times, the MLCO shall also approve the Client File before accepting a Client. The MLCO shall always exercise his duties with due diligence. 11

12 4 Risk Statement The Company s risk statement, which describes the Company s overall risk profile associated with the business strategy, is provided in Appendix 1. 5 Board Declaration Adequacy of the Risk Management arrangements The Board is responsible for reviewing the effectiveness of the Company s risk management arrangements and systems of financial and internal controls. The Board considers that the Company is properly resourced and skilled and has in place adequate systems and controls with regard to the Company s profile and strategy and an appropriate array of assurance mechanisms to avoid or minimize loss. 6 Capital Management The adequacy of the Company s capital is monitored by reference to the provisions of the Capital Requirements Regulation (the Regulation or Regulation (EU) 575/2012 ) and the Capital Requirements Directive as this is transposed by the CySEC (the Directive or DI ). Together the Regulation and Directive, referred to as CRDIV package, is an EU legislative package covering prudential rules for banks and investment firms and through a transitional period starting from 2014, will bring into force the regulatory provisions of Basel III. The capital requirements regulatory framework is based on three pillars: Pillar I covers Minimum Regulatory Requirements - eligible funds should be sufficient to cover capital requirements for credit risk, market risk and operational risk Pillar II covers the Supervisory Review Process, which assesses the internal capital adequacy processes (ICAAP). ICAAP addresses a wide range of risks, not only those risks covered by Pillar I, but also, for example, such risks as liquidity risk, concentration, reputation and other Pillar III Market discipline, covers transparency and the obligation of investment firms to disclose the regulatory capital requirements and to provide meaningful information related to their risks, capital, risk management and internal control processes. 12

13 7 Capital Base The Capital Base of the Company is consisted solely of Common Equity Tier 1 capital. Common Equity Tier 1 capital is comprised of share capital, share premium, retained earnings and the audited loss from current year. From Common Equity Tier 1 capital, intangible assets and investors compensation fund (ICF) are deducted. As at the 31/12/2016, the level of own funds was USD thousands. As at 31/12/2016 the Capital Adequacy Ratio was 97,52%. The Regulation stipulates at least a minimum capital ratio of 8% during Table 1 below shows a breakdown of the own funds as at 31/12/2016. Table 1: Capital Base Common Equity Tier 1 Capital 31 December 2016 ($000) Share Capital 501 Share Premium Retained earnings (59) Audited income / (loss) for the year (439) Intangibles Additional deductions due to the CRR (11) (45) Total Common Equity Tier 1 Capital (CET1) Additional Tier 1 (AT1) - Total Tier 1 (T1 = CET1+AT1) Tier 2 - Total Eligible Capital (=T1+T2) Share capital Authorized capital On 08 April 2016, the authorized share capital of the Company was increased from ordinary shares to ordinary shares and on 16 September 2016 was increased from ordinary shares to ordinary shares of nominal value of 1 each. Issued capital On 08 April 2016, the Company issued additional shares of 1 at a premium of 0,61 per share and on 16 September 2016 issued 1 additional share of 1 at a premium of

14 8 Capital Requirements Minimum regulatory capital requirements The total capital requirements of the Company as at 31 December 2016 amounted to $536 thousand and are analyzed in Table 2 below: Table 2: Minimum Capital Requirements Risk Category Minimum Capital Requirements ($000) Credit Risk 506 Market Risk 30 Additional risk exposure amount due to Fixed Overheads Total 536 During 2016, the Market risk was only comprised by FX risk Credit Risk General In the ordinary course of business, the Company is exposed to credit risk, which is monitored through various control mechanisms. Credit risk is the risk that counterparty or a client may potentially fail to meet its obligations when they become due. Credit risk arises when a failure by counterparties to discharge their obligations could reduce the amount of future cash inflows from financial assets on hand at the reporting date. The Company has no significant concentration of credit risk. Therefore credit quality of counterparties involved in different business activities with the Company is a crucial point in the Company s management of credit risks. The Company has implemented procedures and processes for the credit risk analysis of its potential and existing counterparties and clients based on the range of the factors. The Company has implemented procedures for the identification, assessment and mitigation of Credit risk components which include placing of limits on the amount of risk to each counterparty and/or a particular group of counterparties. Limit is based on assessment of counterparty credit quality. Credit risk limits can only be set up on companies which passed OBL compliance procedure. 14

15 For the purposes of daily credit risk monitoring the Company shall apply an unsettled transactions daily report. The Company s Back office department daily shall monitor the settlement reports so that it always has actual information on the status of settlement including the list of unsettled transactions. Any unsettled deals shall be closely monitored and their occurrence reported to the senior management of the Company accompanied with the reasons of occurrence of the unsettled transaction. These monitoring enables the Company to identify in a timely manner and to control on a daily basis any open (unsettled) transactions. The Company shall hold funds in accounts with large reputable Russian, Cyprus and other international banks and other financial institutions. Only banks and financial institutions of a high credit quality are qualified to hold the Company s funds. The quality rating admissibility threshold for all credit and financial institutions to be acceptable to hold the Company s funds is not less than B1 to B3 according to Moody s rating agency or respective levels according to other recognized rating agencies The Company shall also control its exposure to credit risk by maintaining compliance with concentration limits set on the basis of regulatory requirements (large exposures limits) which are set at a level of 100% of eligible own funds to each particular person or a group of connected persons. Capital Requirements The Company follows the Standardized Approach for the calculation of the minimum capital requirements for credit risk. Table 3 below presents the allocation of credit risk in accordance with the Standardized Approach exposure classes. Table 3: Exposure Classes and Minimum Capital Requirements Risk-weighted Exposures at 31 December 2016 amounts ($000) Exposure Class Central Governments and Central Banks Minimum Capital Requirements ($000) Institutions 81 6 Corporates Other Items 29 2 Total

16 Nominated External Credit Assessment Institutions ( ECAIs ) for the application of the Standardised Approach The Company uses credit rating of the following rating agencies, all of which are recognised as eligible ECAIs: Fitch Ratings, Standard & Poors Rating Services and Moody s Investors Service. It applies the following general requirements as laid down in the Article 138 CRR when uses ECAI for determining the risk weights: Where only one credit assessment is available from a nominated ECAI for a rated item, that credit assessment shall be used to determine the risk weight for that item Where two credit assessments are available from nominated ECAIs and the two correspond to different risk weights for a rated item, the higher risk weight shall be assigned Where more than two credit assessments are available from nominated ECAIs for a rated item, the two assessments generating the two lowest risk weights shall be referred to. If the two lowest risk weights are different, the higher risk weight shall be assigned. If the two lowest risk weights are the same, that risk weight shall be assigned In case a financial institution is not rated, management assesses the information available in relation to the creditworthiness and financial strength of the institution (based on the requested and publicly available information), as well as whether the institution is regulated in the country of incorporation. Assignment of risk weights is based on the provisions of Chapter 2 Title II of CRR and in certain cases when credit ratings are not available for the particular expose, sovereign ratings or rating of central government of the relevant country to which the exposure relates to are used instead (based on the provisions of CRR). The Company has used the credit quality step mapping table below to map the credit assessment to credit quality steps. Table 4: Credit Quality Step Mapping table Credit Quality Step Fitch Moody s S&Ps 1 AAA to AA- Aaa to Aa3 AAA to AA- 2 A+ to A- A1 to A3 A+ to A- 3 BBB+ to BBB- Baa1 to Baa3 BBB+ to BBB- 4 BB+ to BB- Ba1 to Ba3 BB+ to BB- 5 B+ to B- B1 to B3 B+ to B- 6 CCC+ and below Caa1 and below CCC+ and below A breakdown of the Company s exposures by Credit Quality Step (CQS) is given in the following table: 16

17 Table 5: Breakdown by CQS by counterparty Exposures at 31 December 2016 Credit Quality Step Exposure Value before Credit risk mitigation ($000) Exposure Value after Credit risk mitigation ($000) Unrated/Not applicable Total Average Exposure The average exposure of the Company in 2016, broken down by asset class, is shown in Table 6 below: Table 6: Average Exposure in 2016 Exposure Class Central Governments and Central Banks Original exposure amount, net of specific provisions Average Exposure Institutions Corporates Other Items Total

18 Residual Maturity of Credit Risk Exposures Table 7: Exposure Classes and Residual Maturity Maturity 3 Exposures at 31 December 2016 months Exposure Class Central Governments and Central Banks Maturity > 3 months Total Institutions Corporates Other Items Total Geographic Distribution of Credit Risk Exposures Table 8: Exposure Classes by Country Exposure Class Central Government and Central Banks Cyprus Germany Russia United Kingdom Total Institutions Corporates Other Items Total

19 Industry of Credit Risk Exposures Table 9: Exposure Classes by Industry Exposures at 31 December 2016 Financial Non-Financial Total Exposure Class Central Government and Central Banks Institutions Corporates Other Items Total Impairment of assets Assets that have an indefinite useful life are not subject to amortization and are tested annually for impairment. Assets that are subject to depreciation or amortization are reviewed for impairment whenever events or changes in circumstances indicate that the carrying amount may not be recoverable. An impairment loss is recognized for the amount by which the asset's carrying amount exceeds its recoverable amount. The recoverable amount is the higher of an asset's fair value less costs to sell and value in use. As at the end of December 2016, the Company didn t have any past due exposures. 8.2 Market Risk Market risk is the risk that movements in market prices, including foreign exchange (FX) rates, interest rates and equity prices will have an adverse effect on current or prospective income or value of financial assets and liabilities arising from adverse movements in the prices of interest rate instruments, foreign exchange rates, correlations between different financial instruments and their levels of volatility. Market risk arises from open positions in interest rate, fixed income, currency, equity financial instruments etc., which are subject to general and specific market movements and changes in the level of volatility of market prices. Adverse market risk realization may have a negative effect on earnings and capital. The objective of market risk management is to manage and control market risk exposures within acceptable parameters, while optimizing the return. For market risk monitoring the Company uses an internally developed report produced by the Company's Back office system as well as 19

20 information from the accounting system (if needed). The risk manager reviews on a daily basis the compliance of own portfolio with the limits set by the risk management function and approved by the management. The Company uses the Standardized Method to measure capital requirements for market risk. 8.3 Currency Risk Currency risk arises when future commercial transactions and recognized assets and liabilities are denominated in a currency that is not the Company's functional currency. The Company is exposed to foreign exchange risk arising from various currency exposures primarily with respect to the Russian Ruble and Euro. The Company's management monitors the exchange rate fluctuations on a continuous basis and acts accordingly. The Company uses the Standardized Method to measure capital requirements for currency risk. Currency risk is considered low as current investments are done in the same currency as coupons are paid. 8.4 Operational Risk Operational risk is defined as the risk of loss and the material adverse impact resulting from inadequate or failed internal processes, systems and personnel or from events external to the Company. Operational Risk Management (ORM) is a continual cyclic process which includes risk assessment, risk decision making, and implementation of risk controls, which results in acceptance, mitigation, or avoidance of risk. ORM is the oversight of operational risk, including the risk of loss resulting from inadequate or failed internal processes and systems; human factors; or external events. Four main principles of ORM are summarized below: Accept risk when benefits outweigh the cost. Accept no unnecessary risk. Anticipate and manage risk by planning. Make risk decisions at the right level. The Company manages its operational risks through a control framework and by monitoring and responding to potential risks. Controls in place include effective segregation of duties, IT security, office security, restrictions of physical access to unauthorized personnel, authorization and reconciliation procedures, staff continuous education, professional development and trainings (both external and in-house) and assessment processes. 20

21 Due to the limited authorization of the Company, the Company falls under Article 95(1) of CRR and therefore the calculation of the capital requirements for operational risk is based on the fixed overheads of the preceding financial year. Under this method, the Company calculates its total Risk Weighted Assets as the higher of the following: The sum of Risk Weighted Assets for Credit and Market risk Operational Risk Weighted Assets based on the preceding year s fixed overheads 8.5 Liquidity Risk Liquidity risk is the risk that arises when the maturity of assets and liabilities does not match. An unmatched position potentially enhances profitability, but can also increase the risk of losses. The Company has procedures with the object of minimizing such losses such as maintaining sufficient cash and other highly liquid current assets and by having available an adequate amount of committed credit facilities. During 2016 the Company monitored activities closely and due to scale and complexity of the business maintained sufficient cash and had other highly liquid current assets. 9 Remuneration The senior management must ensure that the Board of Directors in its supervisory function adopts and periodically reviews the general principles of the Remuneration Policy and is responsible for its implementation and it must ensure that the implementation of the Remuneration Policy is at least annually, subject to central and independent internal review for compliance with policies and procedures for remuneration adopted by the Board of Directors in its supervisory function. Principles applying to the Company Remuneration can be either: a) Financial- fixed remuneration (stated in the employment contracts), which reflect to the relevant professional experience, relevant qualification and organizational responsibility as set out in an employee's job description written in the Internal Manual Procedures as part of the terms of employment. b) Non-financial, such as career progression, health insurance, seminars in various destinations, in some cases can be applicable - special allowances for car, mobile phone, etc.). Remuneration Structures: Assessment of Performance The Company ensures that where remuneration is performance related: 21

22 a) The total amount of remuneration is based on a combination of the assessment of the performance of: The individual; The business unit concerned; and The overall results of the Company; and b) When assessing individual performance, financial as well as non-financial criteria are taken into account. Non-financial performance metrics should form a significant part of the performance assessment process and should include adherence to effective risk management and compliance with the regulatory system and with relevant overseas regulatory requirements. Poor performance as assessed by non-financial metrics such as poor risk management or other behaviors contrary to Company values can pose significant risks for OBL and should as appropriate, override metrics of financial performance. The performance assessment process and the importance of non-financial assessment factors in the process should be clearly explained to relevant employees and implemented. The Senior Management must ensure that the assessment of performance is set in a multi-year framework in order to ensure that the assessment process is based on longer-term performance and that the actual payment of performance based components of remuneration is spread over a period which takes account of the underlying business cycle of the Company and its business risks. Remuneration and Capital The Senior Management must ensure that total variable remuneration does not limit the Company s ability to strengthen its capital base. This remuneration requirement underlines the link between the Company s variable remuneration costs and the need to manage its capital base including forward-looking capital planning measures. Where the Company needs to strengthen its capital base, its variable remuneration arrangements should be sufficiently flexible to allow it to direct the necessary resources towards capital building. Table 10 below presents a breakdown of the annual remuneration for those categories of staff whose professional activities have a material impact on the risk profile of the Company, by business area: Table 10: Aggregate Remuneration by Business Area Business Area Fixed Salary Variable Salary Aggregate Remuneration Control Functions Brokerage Operations Accounting Total

23 Control functions include the persons employed in the Legal, Risk Management, AML & Compliance Department and Senior Management. The aggregate remuneration for 2016, broken down by Senior Management& Executive Directors and members of staff whose actions have a material impact on the risk profile of the Company, is as follows. Personnel No. of people Fixed (Cash) Variable (Cash) Total Senior Management & Executive Directors Other risk Staff Total

24 Annex I Risk Statement This Risk statement is prepared to describe the risk appetite of Otkritie Broker Ltd (hereinafter the Company). Risk appetite is essential part of business operation and it is taken into consideration when designing and implementing procedures and services. Risk Appetite Tolerance Financial Legal and regulatory compliance Human resources Operational Strategic Financial viability over the short, medium and long term must be highly certain. There is no appetite for non-compliance with legal, professional and regulatory requirements. There is no appetite for compromising staff safety and welfare. There is no appetite for running the organization in a manner that does not meet the service expectations of customers or does not lead to increase of a customer service. a. There is no appetite for damage to the reputation of the Company and customer service. Taking additional market/credit and liquidity risk is also unacceptable. b. The environment within which the Company operates is constantly changing and there will be significant threats to its future. In order to remain relevant and be sustainable, the Company must respond to this changing environment and seize opportunities where necessary. c. There may be an outflow of Refer to the tolerances outlined in the risk level ratings. Some breaches may occur in the course of normal operations but only minor breaches will be tolerated and every effort will be made that these do not compromise the public reputation of the Company. Some breaches may occur in the course of normal operations but they should be minor. Whilst our aim is to provide good customer service at all times, given the lean level of constant market changing environment be made to minimize the number and impact of such incidences. a. Some reputational damage may occur which is outside the Company s control. The Company will act to minimize such damage where possible, and will endeavor not to contribute to such damage. b. The environment within which the Company operates is constantly changing and there will be significant threats to its future. In order to remain relevant and be sustainable, the Company must respond to this changing environment and seize opportunities where necessary. 24

25 customers assets which does not decently means customers dissatisfaction and may be a common investors behavior. c. The Company will tolerate some outflow and decrease in customers trading activity however it will try to increase the quality and variety of services and products whenever possible. 25

26 Statement of Risk Level Ratings Rat ing Consequence Operational Impact 1 Minor - Usual scheduled interruptions - Unscheduled interruptions for less than 4 hours 2 Significant - Key activities disrupted for up to 1 day 3 Serious - Key activities disrupted for between 2 and 4 days - One off complaints regarding service delivery 4 Critical - Key activities disrupted for between 5 and 7 days - Numerous complaints about ongoing service delivery 5 Disastrous - Key activities disrupted for over 7 days - Sustained complaints about significant deficiencies in service delivery Human Resource Impact - Staff turnover is absent - No injuries - Junior staff turnover is relatively low - Minor injuries treated by first aid - Senior staff is low - Injuries require minor medical treatment - Staff turnover is medium - Unforeseen loss of key staff member - Prolonged vacancy in key role - Injuries require major medical treatment - Loss of multiple senior or other staff at one time - Prolonged vacancies in multiple key roles - Loss of life Strategic Impact - Little to no impact on reputation - No decline in customers assets - Minor issues addressed by management - Decline in customers assets<10% - Negative image as a result of minor failures by Institute or within profession - Decline in customers assets is between 10% to 20% - One off significant negative publicity regarding the Company - Decline in customers assets is between 25%- 50% - Significant and prolonged negative publicity regarding the Company - Decline in customers assets is greater than 50% Legal and Regulatory Impact Minor technical regulatory breaches or deviations from professional standards Regulatory or professional breaches managed through normal processes Regulatory or professional breaches requiring substantial diversion of internal resources to resolve Significant regulatory breach or failure to comply with professional standards resulting in negative publicity Major regulatory breach or failure to comply with professional standards resulting in investigation by external agency and prolonged negative publicity Financial Impact Loss is less USD Loss is between USD to USD Loss is between USD to USD Loss is between USD to USD Loss more than USD 26

27 Annex II BALANCE SHEET RECONCILIATION Balance Sheet Description Amount ($'000) Share Premium, as per published financial statements Share Capital, as per published financial statements 501 Retained Earnings, as per published financial statements (59) Profit & Loss, as per published financial statements (439) Non reciprocal shareholder contribution 0 Intangible assets/goodwill, as per published financial statements (11) Additional deductions due to the CRR (45) Deferred Tax assets, as per published financial statements 0 Adjustments to Own Funds for the purposes of Own Funds 0 Total Own Funds

28 Annex III OWN FUNDS DISCLOSURE TEMPLATE At 31 December 2016 Common Equity Tier 1 capital: instruments and reserves Full - Transitional phased in Definition Definition $ 000 $ 000 Capital instruments and the related share premium accounts Retained earnings (498) (498) Accumulated other comprehensive income (and other reserves, to include unrealised gains and losses under the applicable - - accounting standards) Funds for general banking risk - - Common Equity Tier 1 (CET1) capital before regulatory adjustments Common Equity Tier 1 (CET1) capital: regulatory adjustments - - Intangible assets (net of related tax liability) (11) (11) Additional deductions of CET1 Capital due to Article 3 CRR (45) (45) Total regulatory adjustments to Common Equity Tier 1 (CET1) (56) (56) Common Equity Tier 1 (CET1) capital Additional Tier 1 (AT1) capital - - Tier 1 capital (T1 = CET1 + AT1) Total regulatory adjustments to Tier 2 (T2) capital - - Tier 2 (T2) capital - - Total capital (TC = T1 + T2) Total risk weighted assets Capital ratios and buffers Common Equity Tier 1 97,52% 97,52% Tier 1 97,52% 97,52% Total capital 97,52% 97,52% Definitions: The Common Equity Tier 1 (CET1) ratio is the CET1 capital of the Company expressed as a percentage of the total risk weighted assets for covering pillar 1 risks. 28

29 The Tier 1 (T1) ratio is the T1 capital of the Company expressed as a percentage of the total risk weighted assets for covering pillar 1 risks. The Total Capital ratio is the own funds of the Company expressed as a percentage of the total risk weighted assets for covering pillar 1 risks. 29