Sound and Sustainable Macroeconomic and Financial Sector Policies

13. Russia’s institutional framework supporting the conduct of macroeconomic policy is led by CBR and the MoF. Monetary policy is conducted by CBR and budgetary policy is conducted within a fiscal framework managed by the MoF. In mid-November 2014, CBR switched to a floating exchange rate regime.

14. CBR is managing ongoing policy normalization. Since the end of January 2015, CBR started unwinding the emergency rate hike to 17 percent set in December 2014. The current policy rate is set at 11 percent and inflation is expected to continue to decrease. The current inflation target is set at 4 percent, to be achieved by end-2017. In 2015 alone, the Russian currency lost almost 20 percent of its value vis-à-vis the U.S. dollar.

15. The MoF announced the review of the Federal budget for 2016. The government is considering reduction of budget expenditures compared to figures set in the budget law for 2016. Also government is looking to sell some of its shares in state-owned companies. The 2015 budget deficit required the use of the Reserve Fund and GDP growth in 2016 is expected to be negative again.² Russia’s government debt remains low, around 20 percent of GDP.

The Framework for Financial Stability Policy Formulation

16. Authorities have strengthened the institutional framework for financial stability. The inter-agency National Council on Ensuring Financial Stability (FSC) was created as an advisory body for the different authorities to exchange views and coordinate on financial stability matters. The FSC has the authority to provide recommendations and request information. Member agencies have to comply or explain. The FSC’s composition is approved by the government. Currently, the FSC is headed by the First Deputy Chairman of the Government of the Russian Federation and comprises the Advisor to the President of the Russian Federation, the Governor and four First Deputy Governors of CBR (monetary policy, financial stability, banking regulation and supervision, financial market regulation and supervision), the Minister of Finance and Deputy Minister of Finance of the Russian Federation, the Minister and Deputy Minister of Economic Development of the Russian Federation, the Managing Director of the State Corporation Deposit Insurance Agency.

17. CBR has used different tools for macroprudential policy but does not have an ex-ante toolkit.³ In the past, CBR has used macroprudential instruments in an ad hoc manner with no formal triggers.

A Well-Developed Public Infrastructure

Framework for Crisis Management, Recovery and Resolution

34. CBR and the Deposit Insurance Agency (DIA) have been extensively and increasingly involved in bank resolution and rehabilitation in the past years. Apart from acting as deposit insurer, the DIA also is the corporate receiver/liquidator of failed banks and is entitled to resolve banks that participate on deposit insurance system. In 2014 and 2015, the DIA was assigned two additional functions: the insurance of funds in non-state pension funds and the injection of capital to banks. During 2015, CBR sent the DIA proposals for participation in bankruptcy preventions of 18 banks. As of February 25, 2016, 30 banks were under bankruptcy prevention measures. CBR revoked the licenses of 86 credit institutions in 2014 and 93 in 2015 and simultaneously provisional administrations were appointed. CBR revoked licenses of 61 Deposit Insurance System member banks in 2014 and 75 in 2015. As of January 2016, liquidation was pending in 288 credit institutions whose banking licenses had been revoked.

35. Before any determination on the possibility or desirability of rehabilitation is made, CBR and the DIA can perform a joint inspection of the bank. If there is evidence that the bankruptcy will create a threat to the depositors or to the stability of the banking system as a whole, CBR can ask the DIA to take part in the prevention of the bankruptcy of a bank. Should a bank’s unstable financial position create a threat to the interests of its depositors, CBR can request that the DIA settle the bank’s liabilities. In the case of rehabilitation or prevention of bankruptcy, the DIA may refuse participation based on the cost-effectiveness of the rehabilitation measures, and other criteria. At the time of the assessment, the DIA has not decided how to measure the feasibility of participating in measures aimed at preventing bank’s bankruptcy. The DIA can use the deposit insurance fund or, as has been done in the majority of cases, ask for a loan from the CBR for bank rehabilitation.

36. Federal Law 127-FZ on Insolvency was amended in 2014 to improve the legal regulation of financial rehabilitation and liquidation of credit institutions. The law reformed the insolvency regime for all credit institutions establishing the possibility of bankruptcy prevention at the expense of private investors, without the involvement of the federal budget, CBR and the DIA. Furthermore, the amendments to the Federal Law on Banks and Banking Activities and to the Federal Law on the Central Bank of the Russian Federation established the obligation for Domestic Systemically Important Banks (D-SIBs) to submit their Recovery Plans to CBR and the option for CBR to request Recovery Plans from any other credit institution. CBR is entitled to develop Resolution Plans for D-SIBs. The DIA is currently requesting the amendment of legislation in order to have powers to write down and convert unsecured liabilities (bail-in) and is looking into assuring deposits from legal entities. Currently, the system does not allow the creation of a bridge bank.

Responsibility, Objectives, Powers, Independence, Accountability (CPs 1–2)

40. The legal framework currently in place provides CBR with necessary powers and responsibilities. CBR has powers to authorize banks, conduct ongoing supervision, oversee compliance with laws and undertake corrective actions to address safety and soundness concerns. Major reforms have been introduced that increase CBR’s duties and powers in many respects, although implementation is not yet tested in all cases. Responsibilities and objectives of CBR are particularly broad and appear to be intertwined, while some functions seem to concur with the objectives related to safety and soundness of the banking system. While many governance, accountability, and transparency measures are in place, there are some issues of concern notably in respect of legal protection for staff and transparency of dismissal procedures. There is also scope for improvements in the arrangements for decision making in order to better support and communicate the objectivity and independence of CBR to external audiences.

Ownership, Licensing, and Structure (CPs 4–7)

41. The Russian licensing regime for banks appears exhaustive. The legal and regulatory framework provides CBR with a set of instruments and tools to ensure that the licensing process is sound. Banks’ management and board members must meet fit and proper qualifications, including the absence of a criminal record. In its licensing process, CBR also informed the mission that all efforts were made to ensure transparency in the ownership structure of applicants. It would be desirable, however, to establish formal procedures to subject the newly established bank to follow up attentive offsite supervision, and if necessary onsite inspection, to ascertain that the bank is performing according to the terms and conditions of the license.

42. CBR also has the power to review, reject, and impose prudential conditions on any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties. In that regard, to address a 2008 FSAP recommendation, CBR vetting threshold for signification transfer of ownership has been lowered from 20 to 10 percent. Further, the Federal Law on the Central Bank of the CBR (CBL) has been amended to empower the central bank to address changes of controls that were not vetted by CBR.

43. The legal regime for major acquisitions was found to be weak. While foreign investments by Russian banks require prior approval by CBR, when they lead to the establishment of a subsidiary abroad, the CBL does not establish requirements for banks to seek prior CBR approval when making domestic investments in nonbank financial institutions. Without such requirement CBR is not able to measure or consider in advance the possible impact of acquisitions on a bank’s condition or to determine whether the acquisition will affect the transparency of the bank’s organizational structure and affect the ability of CBR to supervise it.

Methods of Ongoing Supervision (CPs 8–10)

44. CBR has developed its risk based approaches since the last assessment and is in the early phases of introducing the next stage of risk based supervision. The introduction of the supervisory review and evaluation process (SREP) based on banks’ own internal assessments and the integration into the analytical approach of CBR is an important evolution. The first full implementation cycle will begin from 2017. Where CBR is less well advanced is in the field of resolution assessment and planning. It is necessary for CBR to have the legal power to require operational or institutional changes based on an assessment of the bank’s ability to recover. From a forward looking perspective, CBR needs to remain alert to the potential for banks to seek to manipulate the regulatory perimeter and CBR must remain assiduous in using all forms of information available to it so that the potential for regulatory arbitrage does not arise.

45. CBR has reconfigured its organization of on and offsite supervisory functions since the last assessment. The role of the Chief Inspectorate, supplemented by the authorized representative (AR) where one is appointed, is central to confirming the quality of banks’ actual practice. In terms of reinforcing priority messages with the banks, though, CBR could invest in greater direct contact with the boards as recommended by the Financial Stability Board (FSB). More systematic meetings and contact with firms in the context of delivering key findings of inspections should be introduced.

46. Structurally, CBR has been reorganized to support a risk-based focus and has established a separate division to supervise the systemically important banks. Institutions that are identified as systemically important banks, according to a methodology based on the Basel standard (Ordinance 3737-U) are supervised directly from Moscow, rather than through the CBR network. The methodology has been in force since July 2015 and the list of systemically important banks must be assessed and re-issued annually under the terms of the ordinance. Capital buffers, consistent with the Basel approach, are applied to the systemically important banks.

47. CBR has strong powers and rights of access to information and uses its inspection process to obtain assurance on the substance and quality of information it receives. Despite the ability to obtain information and data from institutions, there are some missing elements. There is no requirement for banks to notify CBR in advance of any substantive changes or of material adverse developments. Notification requirements are almost all retrospective. Nor does CBR have the right to require the prompt notification of any material issue that has come to the attention of an external expert in the course of that expert’s work for CBR on a supervisory matter unless it is specifically within the scope of work that CBR has commissioned, although it should be noted that CBR has not yet commissioned work from external experts at the date of the assessment.

Corrective and Sanctioning Powers of Supervisors (CP 11)

48. CBR has a good track record in enforcing the law. It has a wide range of tools and sanctions to choose from and has applied multiple measures over the past years, including revocation of licenses. Certain decisions on sanctions are made public, which is a good practice. There are a few areas for improvement, however. Lack of clarity and transparency in the way laws and regulations are enforced (especially for AML purposes) has been mentioned by market participants, which in turn creates the sentiment that banks are disciplined even for minor problems. CBR supervisory actions should therefore be in most cases predictable, consistent, and proportionate. The amount of fines for AML breaches is also excessively low and not deterrent enough.

Cooperation, Consolidated, and Cross-Border Banking Supervision (CPs 12–13)

49. The framework for collaboration and coordination with domestic and cross-border supervisors is satisfactory. CBR is satisfied with the quality and effectiveness of existing cooperation arrangements, especially with Rosfinmonitoring in the area of AML/CFT and also with the DIA for resolution purposes. Removal of legislative obstacles to the exchange of supervisory information has allowed progress in the field of home and host supervisory cooperation. The legislation governing the CBR (Article 73) contains a potential obstacle to effective home-host practices as a foreign supervisory authority requires written consent to access the premises of a subsidiary established in Russia (foreign-owned branch establishments are not permitted). In practice this has not been an issue, however. Initial moves have also been made in terms of cross-border crisis planning and involvement in recovery and resolution plans for cross-border groups, now that the legal provisions are in place.

50. The legal and regulatory framework in respect to consolidated supervision has been significantly developed and enhanced since the last assessment. Notably, the changes include powers to act in the event of violations by the parent of a banking group, an enhanced scope of information exchange, and expanded definitions based on IFRS. The regulatory and legal changes are, nevertheless, still relatively recent and the practical application and supervisory practice based on the new framework is yet to be substantively demonstrated. The cross-border dimension of consolidated supervision is still mostly undeveloped. Some legal gaps remain and are a hindrance to CBR and relate to the perimeter of the consolidation. First, the supervisor may not require the closure of a foreign branch of a Russian bank. Secondly, the supervisor may not prevent the acquisition of a nonbank financial entity by a banking group.

Corporate Governance (CP 14)

51. Russia has taken several initiatives over the past years to improve governance in banks. The introduction in 2013 of Articles 11.1 and 11-1-1 in the banking law is an important step forward as it provides a clear articulation of what the role of the BoD should entail especially with regard to the promotion of Corporate Governance (CG) principles within each credit institution. In 2014, the profound revision of the Corporate Governance Code was also an important step forward, even though it is still a non-binding instrument. New regulations and ordinances have provided more leverage to CBR to monitor and enforce CG related issues. The current regime for CG is governed by piecemeal regulations, which makes it difficult to understand. Moreover, the current norms are different in nature: some of them are binding, others are just optional (CG Code, CBR Letters) and as such not enforceable. Several important regulations pertinent to CG were issued in 2015, and some of them will not be enforceable before 2017. Thus, the current mission is not in a position to assess their effective implementation. Also, the deficiencies in governance policies are largely influenced by problems found in other areas, for example deficiencies in related party transactions and lending to affiliates on more preferable terms than those applied to non-affiliated parties.

Prudential Requirements, Regulatory Framework, Accounting and Disclosure (CPs 15–29)

52. Russia has made significant progress in improving the RM supervisory and operational framework. In the past, the RM regime was not deemed to be sufficiently robust. To address the situation, CBR initiated and completed several reforms aimed at improving the RM regulatory regime. The most significant changes were made by the Federal Law 146-FZ of July 2, 2013 that included new provisions in both the CBL and the law on banks and banking. The overarching objective was to increase CBR’s powers in relation to RM on the one hand and fostering RM processes in banks on the other. Also, Ordinance 3624-U on risk and capital management is a major step forward as it defines more clearly the responsibilities of the BoD for developing and overseeing management of banks’ entire risk profile and the policies supporting the participation of (independent) directors in overseeing RM decision-making. Equally important, this ordinance empowers the CBR to impose Pillar II measures, including capital add-on. Further, Ordinance 3223-U of April 1, 2014 obligates banks to notify CBR when the head of RM has been appointed and sets the qualification requirements for head of RM, internal control, and internal audit functions, in particular the conditions to be met by the applicants in terms of academic background and professional expertise in relevant fields. There is, however, a lack of perspective on the effective implementation of this new regime in banks owing to the fact that key aspects have not been implemented yet.

53. The capital adequacy regime is consistent with international standards. The Russian framework for capital adequacy has been periodically updated to include Basel 2.5 and Basel III standards and was further amended by a series of reforms introduced in December 2015, most of which became effective in January 2016. All Russian banks are subject to Basel capital regulation on both standalone and consolidated levels. Capital adequacy standards applied on a consolidated basis are broadly consistent with those established on a solo level. Also, the implementation of the capital buffers has been assessed by the Regulatory Consistency Assessment Program (RCAP) as compliant with the Basel standard. CBR has implemented the capital conservation buffer, countercyclical buffer, and a systemic risk buffer from January 1, 2016, in line with the Basel standard. The effectiveness of the new Internal Capital Adequacy Assessment Process (ICAAP)/SREP regime remains to be assessed however. Pillar 2 has not been yet fully and thoroughly implemented. The ICAAP process is under way and CBR is still in the process of completing the first SREP cycle which will take some time before being fully operational. According to the timetable set by CBR, systemically important banks (SIBs) will have to submit their ICAAP by the end of 2016 and CBR will start reviewing their quality in 2017.

54. RM standards around credit risk, as with the other risk areas, are still in the process of being fully implemented. However, work in the field of credit risk, based on the activities of the Chief Inspectorate, coupled with the analysis of the curators and the work carried out on stress testing, puts the supervision of credit risk in a more advanced and developed position than that of other risks. CBR performs its own stress tests on the portfolios, monitors regional and sectoral trends, and performs considerable cross checking of information on major exposures.

55. Loan classification and provisioning are under close scrutiny but the level of NPLs remains a concern. Asset quality has deteriorated over the past months. NPLs have grown at a fast pace (especially in the household sector) and the depreciation of the ruble led CBR to take forbearance measures though the issuance of three letters of a temporary nature. These measures were introduced in December 2014 to help banks weather problems stemming from the decline in global oil prices, the Western sanctions over the Ukraine conflict, and the depreciation of the ruble. Some of these measures aimed to allow banks to restructure loans without making provisions or not to re-qualify borrowers in a lower category, under certain conditions (for example, if the problem of servicing the debt arose from the deterioration of macroeconomic conditions). These regulatory concessions expired in December 2015. However, in 2016 credit institutions were given the opportunity not to reclassify the borrower until the borrower has paid back the entire amount of the loan. In that context, it seems realistic to assume that a certain portion of rescheduled loans currently sits in a lower loan category. Only an Asset Quality Review would permit a clear assessment of the current NPL situation. Poor practices have been detected and led to enforcement action. CBR inspections reveal an important number of violations during assessments of asset quality, including lending to shell companies, overvaluation of collateral, misreporting and unreliable financial statements. Collateral valuation is another challenge. According to the discussion with both CBR and market participants, the valuation of certain collateral in particular, real estate is a difficult task in Russia. Appraisals are not reliable and external appraisers have not been trustworthy for many years.

56. The regulatory regime for concentration risk and large exposure limits has been improved. CBR has a wide range of powers to address situations where banks are taking excessive concentration risk, including the power to instruct the bank to mitigate the risk exposure when the concentration is deemed excessive. However, much of the progress made will not be measurable before 2017. For RM purposes, for example, SIBs have begun to include the impact of significant risks—including risk concentrations—into their stress testing programs since January 1, 2016 only and for non-SIBs, this approach is set to start on January 1, 2017. The definition of economic linkages is not implemented yet, which undermines CBR’s ability to oversee the entire spectrum of concentration. The problem stems from the fact that the determination by CBR—and banks alike—of relatedness between customers connected economically will start to be implemented in 2017. In the same vein, the new regime concerning exposures arising from transactions of person(s) connected to the credit institutions itself will not be implemented before January 2017. It is noteworthy that according to discussions with market participants, the issue of large exposures is a matter of concern. Statistics from CBR on shareholder and insider credit risks confirm the general sentiment. In 2014, the large loan exposure of the banking sector grew by 34.9 percent to RUB 19.5 trillion. The share of large loans in the banking sector assets remained unchanged over the year and stood at 25.1 percent.

57. There are no specific requirements for management of country risk and transfer risk. The general RM and internal control regulations apply. Country risk is assessed on an ad hoc basis as there are no specific guidelines or regulations for country or transfer risk outside of the general BCBS principles. As a result, the minimum requirements for risk policies, processes, and limits are uncertain. Several improvements are desirable in order to bring Russia to a higher degree of conformity, especially in the current context of ruble depreciation.

58. The framework for transactions with RPs is still weak despite recent progress. Important amendments have been introduced since 2015 to the CBL that streamline the legal regime applicable to RPs, particularly through a clearer and broader definition of RP. The role allocated to the Banking Supervisory Committee of CBR in deciding about the relatedness of the persons or a group of persons to the credit institution is another hallmark of progress. There are, however, a series of issues that have not been addressed or are not yet implemented and enforced. The definition of RPs arises from a “patchwork” of different legal sources, as opposed to being founded on a single non-ambiguous one. Further, the new regime concerning exposures arising from transactions of person(s) connected to the credit institutions will not be implemented before January 2017. Lastly, the regulatory framework for related party transactions does not require that lending to RPs be on same terms and conditions as those generally offered to the public. CBR made recommendations in that regard but they are not binding and thus not enforceable. Additionally, CBR lacks authority to impose penalties on directors who personally benefited from these favorable conditions.

59. Bank activities giving rise to market risk are not highly developed, and CBR’s powers to enforce RM and control standards are very new. Historically, the volumes of tradable securities have been low and complex structured products do not feature. Although banks are not authorized to use models for Pillar 1 regulatory capital calculations, they may use economic capital models in the context of their internal capital adequacy assessment. Until 2014, CBR did not have the legal powers to enforce RM and control standards. Implementation of the new RM standards is at a very early stage, and a track record is not yet available.

60. The regulatory framework around Interest Rate Risk in the Banking Book—has been enhanced but many of the new provisions, including a greater emphasis on stress testing, are not yet fully in force. There are, at present, limited options available to banks in terms of instruments to hedge interest rate risk. In this context, it becomes even more important for banks to develop meaningful stress scenarios and build management strategies to allow the banks to withstand any future shocks that might manifest.

61. CBR liquidity metrics and RM standards are well developed for systemic banks. The criterion for the definition of systemic banks includes international activity. At the time of the assessment, quantitative and qualitative standards and CBR’s scrutiny of banks with respect to liquidity was transitioning to the new standards. At this early stage, it is hard to determine the extent to which the new framework is fully in force and actively monitored. The full LCR metrics and management standards will not apply to the non-systemic banks, and for this sector it is not clear that CBR will have clear grounds to act if the supervisor is concerned by the RM standards of the banks, notably in respect to funding risks.

62. Regarding supervision of OR, there are several aspects that would merit improvement. The corpus of norms that govern OR is detailed, but with the exception of Ordinance 3624-U and Regulation 242-P on internal controls, the rest of the relevant norms essentially consists of recommendations from CBR, which by their very nature are not binding. This is the case of Letter 76-T on the organization of OR at lending institutions and Letter 92-T on the organization of Legal Risk and Reputational Risk. CBR has also recommended that the industry adopt the BCBS Principles for sound management of OR, but these recommendations are not enforceable. It is advisable to convert CBR recommendations on OR into binding instruments with a view to establishing a general OR management framework that is comprehensive and mandatory.

63. There are significant differences between the supervisor’s powers in relation to internal and external control functions. The regulatory framework for the internal control environment has been refreshed within the past two years based on important new powers, which permit CBR to apply RM and internal control standards. By contrast, there are material deficiencies in the legal framework, restricting the CBR’s ability to act and be effective in relation to the external auditor function. Current weaknesses in the regulatory framework mean that the supervisor may not: reject or rescind the appointment of an external auditor who has inadequate independence or experience or who does not meet professional standards; ensure rotation of the external auditor; or meet with the audit firm to discuss matters pertaining to a supervised institution. Likewise, the auditor may not notify the supervisor of serious matters that come to the auditor’s attention. Furthermore, it is unclear whether CBR has powers to ensure or directly require that the board and management are held accountable for ensuring that financial statement are properly prepared and subject to an independent external auditor’s opinion according to international standards. In general, and reflecting the weaknesses of the legal framework, CBR’s relationship with the auditing community is restricted. It is not, currently, CBR’s practice to meet with the audit community, except on general matters.

64. CBR attaches importance to disclosure and transparency. CBR is entitled to and has exercised its powers to take measures in the event of non-disclosure of information, partial disclosure or unreliable information, a failure to conduct a required audit, or non-disclosure of the consolidated statements and the auditor’s report on them. CBR has exercised its powers under the law when assessing disclosure by banks and banking groups. Some of the disclosure standards are at early phases of implementation, but the Basel disclosure framework (Pillar 3, Market Discipline) is now in force.

65. With respect to combating money laundering/terrorism financing, CBR has made important progress but further improvements are needed. Banks are subject to close scrutiny, and CBR has been forceful against banks and their management which have committed grave violations of the AML regime. There are a few areas where improvements could be made; these include the promotion of a more risk based approach to ML/TF issues in both the industry and CBR; the use of more proportionality when enforcing the law; and the need to raise the level of compliance in banks regarding the verification of the ultimate beneficial owner and the inclusion of ML/TF risks into the scope of duties to be performed by external auditors.

A. Supervisory Powers, Responsibilities and Functions

Principle 1	Responsibilities, objectives and powers. An effective system of banking supervision has clear responsibilities and objectives for each authority involved in the supervision of banks and banking groups.10 A suitable legal framework for banking supervision is in place to provide each responsible authority with the necessary legal powers to authorize banks, conduct ongoing supervision, address compliance with laws and undertake timely corrective actions to address safety and soundness concerns.11
Essential criteria
EC1	The responsibilities and objectives of each of the authorities involved in banking supervision12 are clearly defined in legislation and publicly disclosed. Where more than one authority is responsible for supervising the banking system, a credible and publicly available framework is in place to avoid regulatory and supervisory gaps.
Description and findings re EC1	The status, objectives, responsibilities and powers of the authority involved in banking supervision are spelled out in the Constitution of the Russian Federation, the Federal Law 86-FZ of July 10 2002 on the Central Bank of the Russian Federation (here after the CBL) and the Federal Law on “banks and banking activity” (hereafter the banking law) that governs the activity of financial institutions. Pursuant to Article 4 of the CBL, the CBR (CBR) exercises supervision over the activities of credit institutions and banking groups. Along the same line, Article 41 of the banking law stipulates that “the supervision of the activities of a credit institution shall be undertaken by the CBR in compliance with federal laws.” As a result, the CBR has sole responsibility for banking supervision in accordance with the laws mentioned above. Article 56 of the CBL also states that CBR is the “body of banking regulation and banking supervision.” It exercises ongoing supervision over the compliance by credit institutions and banking groups of Russian legislation and CBR regulations. The CBR competencies extend to the analysis of the activity of bank holding companies. In virtue of the same article, the regulatory and supervisory functions of the CBR are implemented through the Banking Supervision Committee, a permanent body uniting the heads of the CBR units responsible for supervision. Both the CBL and the banking law, through various articles, empower the CBR with the authority to carry out virtually all supervisory functions, such as regulating the industry, conducting onsite examinations, licensing banks, collecting information for supervisory purposes and enforcing the law and relevant regulations. It is also noteworthy that CBR’s supervisory role goes well beyond the oversight of the banking system. In effect, since the enactment of the Federal Law 251-FZ of July 23, 201313 that came into effect on September 1, 2013, the CBR took over the supervisory powers from the Federal Financial Market Services (FFMS). This extension of CBR’s remit has transformed CBR into a “mega-regulator” overseeing and supervising the Russian banking system, securities markets, private pension funds, insurance business as well as micro-finance institutions. For these purposes, all functions and authorities of the FFMS and certain regulatory powers of the Russian MoF and Russian Government were transferred to the CBR. Other authorities are involved in overseeing the financial system as part of their general functions, i.e., the Federal Service for Financial Monitoring (the Russian Financial Intelligence Unit—FIU) whose role is to prevent and combat money laundering and terrorist financing. This body exercises several competencies (see CP 29 for more details); however, the oversight of conformity with AML/CFT rules in the banking sector is the exclusive responsibilities of the CBR. There is also the state corporation, DIA, which is responsible for deposit insurance. This agency is also vested with certain powers in relation to banks but none of these has something to do with supervision. There are cases where CBR and DIA staff perform joint reviews of banks to ascertain the financial conditions of the institution that exhibit signs of possible bankruptcy. For that particular instance, the Federal Law 177-FZ establishes clearly the conditions of such cooperation (see CP 3 for details) and the distribution of responsibilities of each authority. To sum up, CBR is the sole supervisor for both banks and nonbanks financial institutions. The responsibilities and objectives of the CBR are also clearly disclosed on the CBR website; for example, it is indicated that the CBR supervises the activities of credit institutions and banking groups. In addition, most of the relevant legislation and regulations that set out the duties of the CBR are available on line. On the other hand, the normative acts of the CBR, which are binding for financial institutions (see Article 57 of the CBL) are published on the official website of the CBR or in the Official Bulletin of the CBR and come into force in 10 days after their publication, unless another date is specified by the regulation.
EC 2	The primary objective of banking supervision is to promote the safety and soundness of banks and the banking system. If the banking supervisor is assigned broader responsibilities, these are subordinate to the primary objective and do not conflict with it.
Description and findings re EC2	According to Article 3 of the CBL, the purpose of the CBR is to: - protect the Ruble and ensure its stability; - develop and strengthen the banking system of the Russian Federation; - ensure stability of and develop the national payment system; - develop the financial market of the Russian Federation (since 2013); and - ensure stability of the financial market of the Russian Federation (since 2013). Article 4 of the same law defines thirty three functions assigned to the CBR, including inter alia, the conduct of monetary policy in collaboration with the government, the management of budget account, the management of international reserves and the supervision over the activities of credit institutions and banking group (paragraph 9), in addition to the supervision of non-credit financial institutions. Article 56 of the same law stipulates that the principal objectives of banking regulation and banking supervision is to “maintain the stability of the Russian banking system and protect the interests of depositors and creditors.” Considering the broad mandate assigned to the CBR and the multiple functions deriving from it, the question as to whether the broader responsibilities of the CBR are subordinate to the primary objective of banking supervision is not clearly established. In fact, some of these objectives (in particular the development and strengthening of the banking system, the conduct of monetary policy) may not be compatible with the supervisory mandate. During the mission, the CBR representatives did not raise any concern in relation to possible overlapping objectives and to any risks of conflict of interest in that regard. On the other hand, CBR is not only a banking supervisor but an integrated supervisor that is also mandated to undertake insurance, securities, non-State pension funds, rating agencies, professional stock-market operators (brokers, dealers), clearing companies and micro-finance supervision. During the discussion with the CBR, the mission was told that the expansion of CBR functions has not been made to the detriment of banking supervision. In analyzing the structure of the CBR, its budget and resources allocation for both bank and non-bank entities, the assessors did not find any fact that would lead them to conclude otherwise (see CP2). In effect, the execution of banking supervision does not seem to be hindered by these additional new activities. First, within the CBR, these other tasks are organizationally separated from the banking supervision duties and are entrusted to separate departments responsible for each function, namely insurance companies (Insurance Market Department), pension funds, investment and management funds (Collective Investments and Trust Management Department), as well as securities market participants (Securities Market and Commodities Market Department). Second, a separate inspection planning and resourcing process exists for banking supervision which ensures a sufficient prioritizing towards banking supervision.
EC3	Laws and regulations provide a framework for the supervisor to set and enforce minimum prudential standards for banks and banking groups. The supervisor has the power to increase the prudential requirements for individual banks and banking groups based on their risk profile14 and systemic importance.15
Description and findings re EC3	In Russia, both the CBL and the banking law provide a framework for the CBR to set minimum prudential standards for banks and banking groups. For example, Articles 57, 62, and 64 of the CBL empower CBR to set norms for banks and banking groups relative to capital, assets, liquidity, large exposure limits, provisioning, disclosure obligations and other prudential standards. The law also provides a framework for the CBR to enforce the minimum prudential standards mentioned above. Articles 73 and 74 of the CBL grants enforcement powers to CBR, including remedial measures and sanctions. As stipulated in the law, “to fulfill its functions (…) the CBR shall conduct inspections of credit institutions, give them instructions (…) to eliminate violations (…) and use sanctions against violators as stipulated by this Federal Law” (for further details, please see CP 11). In the previous FSAPs in 2008 and 2011, it was observed that the legal framework did not explicitly grant the CBR power to increase the prudential requirements for individual banks based on their risk profile and systemic importance. This was an important limitation to the CBR powers. With the adoption on April 15, 2015 of the CBR Ordinance 3624-U on risk and capital management, the CBR is now entitled to use Pillar 2 instruments to require a bank to increase its CAR if the outcomes of the ICAAP reveal, for example, important flaws in the bank’s RM system. This new power however has not been used yet.
EC4	Banking laws, regulations and prudential standards are updated as necessary to ensure that they remain effective and relevant to changing industry and regulatory practices. These are subject to public consultation, as appropriate.
Description and findings re EC4	The legal and regulatory framework for banking supervision has been updated multiple times over the past years. Some of these reforms were introduced to address the 2011 FSAP’s recommendations. As mentioned by the authorities, the CBL has been amended more than 51 times since 2002, while the banking law from 1990 has been revised more than 83 times. For 2015 only, several key reforms and updates were introduced. The most salient laws or regulations establish: requirements to the risk and capital management systems of credit institutions and banking groups, including requirements to implement internal capital adequacy assessment process; new processes in the area of CG including fairness of compensation for bank’s top management; CBR vetting for acquisition of equity interest in banks reaching or exceeding the thresholds of 10 percent of the shares; new fit and proper requirements for shareholders, senior managers, members of executive and supervisory committees, chief accountants, and internal control officers; definition of possible signs of relatedness of legal entities and (or) individuals to the credit institution and (or) its affiliates and the role of the Banking Supervision Committee of the CBR in this determination. According to Article 104 of the Constitution of the Russian Federation, the CBR does not have the power to initiate legislation. However, draft laws and legal acts of federal bodies of executive power regulating the performance by the CBR of its functions must be submitted to the CBR for consideration and approval (Article 7 of the CBL). Further, Article 21 governing the relations between CBR and bodies of State Power stipulates that CBR chairman—or one of his deputies—may participate in State Duma and Government sessions discussing draft laws on issues relating to the economic, financial, credit, and banking policies. According to Article 5 of the CBL, the CBR has the right to issue binding acts in the form of regulations, instructions, and directions on matters related to its competencies. Such acts are compulsory for all entities licensed by the CBR. The CBR can also issue non-regulatory acts on administrative related issues in the form of orders. These acts are equally binding. Draft banking Laws and CBR’s draft regulations are subject to public consultation. In fact, the CBR is by law (Article 77 of the CBR Act) required to co-operate with credit institutions, non-credit financial institutions, their associations and unions and self-regulatory organizations, and should hold consultations with them before taking the most important decisions relating to legislation. While this process is essential to permit more transparency and predictability in banking regulations, the process can be lengthy. The draft is made public on the official websites of the government and the CBR for 14 days for discussion as part of the regulatory impact assessment. Comments are analyzed within 21 days after the end of public discussion. The report on public discussion and the revised version of the draft are prepared and sometimes another round of public consultation is needed. Draft regulations related to the banking regulation and supervision are approved by the Banking Supervisory Committee and those that affect third parties’ rights sent to the Ministry of Justice that will make sure that any new act is not creating pre-conditions for corruption. In Russia, the public is informed about the latest developments in the banking sector. The CBR publishes two annual reports, the Banking Supervision Report (BSR) and the CBR Annual Report. Both reports provide details on the most recent legal and regulatory changes. The 2014 BSR contains a chapter on banking activity regulation and supervision, including the latest amendments to the CBR and banking laws. These reports also provide a fair picture of problems identified by the supervisors and enforcement measures taken to correct the main deficiencies. The information is published on the official website of the CBR.
EC5	The supervisor has the power to: (a) have full access to banks’ and banking groups’ boards, management, staff and records in order to review compliance with internal rules and limits as well as external laws and regulations; (b) review the overall activities of a banking group, both domestic and cross-border; and (c) supervise the activities of foreign banks incorporated in its jurisdiction.
Description and findings re EC5	The ability of the CBR to have access to bank’s information is governed by a number of articles the CBL and CBR instructions and regulations. a) The CBR has the power to have full access to banks and banking group’s information for supervisory purposes. In effect, pursuant to the CBL (Articles 57, 73) and CBR Instruction 147-I of December 5, 2013, CBR staff is empowered to have access to information on banks’ and banking groups’ activities. In addition, in consonance with Regulation 310-P of September 7, 2007, CBR’s curators assigned to a particular bank or banking groups are empowered to enter any bank’s premises and receive all relevant information pertaining to the activity of such institution. The CBL also stipulates that CBR employees have the right to receive and examine accounting reports and other documents of credit institutions (or their branches) and, if necessary, make copies of the corresponding documents. It is also noteworthy that for its supervisory duties, the CBR also resorts to the so-called “ARs” who are assigned to a particular D-SIB (one for each entity). These resident examiners enjoy wide autonomy and can request any kind of information. For example, they are allowed to collect information and documents related to the bank’s lending activity, including volumes of loans granted and planned to be granted, the terms of their extension, the issuance of guarantees, the amount of remuneration paid to the board members or chief executive officer, and other information related to the assessment of financial stability of the credit institution, its corporate and RM quality. They can also attend, without voting power, meetings of the bank’s management bodies. The BCP assessors were told that in practice, ARs participate not only in board meetings but also in all relevant committees, including risk committees and audit committees. Also, according to Article 73 of the CBL, the CBR has the right to review activity of credit organizations located abroad if such organizations form part of a banking group or a bank holding company. Such inspections can be carried out on the basis of MOU, and in the case of the absence of a MOU, these questions are regulated in an individual order in coordination between Bank of Russia and the foreign supervision authority. b) The CBL also entitles the CBR to review overall activities of a banking group, both domestic and cross-border. CBR Instruction 147-I of December 5, 2013 provides this power. c) For foreign banks members of banking groups operating in Russia, the CBL stipulates that the supervisory authority of a foreign state (i.e., the home authority) may gain access to the premises of the said credit institutions and get access to the relevant information if the credit institutions has given a written consent (see comments below).
EC6	When, in a supervisor’s judgment, a bank is not complying with laws or regulations, or it is or is likely to be engaging in unsafe or unsound practices or actions that have the potential to jeopardize the bank or the banking system, the supervisor has the power to: (a) take (and/or require a bank to take) timely corrective action; (b) impose a range of sanctions; (c) revoke the bank’s license; and (d) cooperate and collaborate with relevant authorities to achieve an orderly resolution of the bank, including triggering resolution where appropriate.
Description and findings re EC6	Enforcement powers are governed by the CBL (for more details, see CP 11). According to Article 74, the CBR can take corrective actions, impose sanctions and revoke a bank’s license in the most extreme scenario. More specifically, the following actions can be taken: The CBR can instruct any credit institution to correct any violations of the law or CBR normative acts, impose a penalty (up to 0.1 percent of bank’s minimal capital), or restrict the credit institution from conducting certain operations (for up to six months), including with the parent company, in case of banking groups. In most serious instances, for example when a credit institution did not comply with a CBR order to address a particular violation or if the bank endangers the interests of depositors, the CBR can impose a range of sanctions, including, but not limited to, charging a fine of up to 1 percent of the bank’s paid-up capital, prohibiting certain operations for one year, instructing “financial rehabilitation measures,” including appointing a provisional administrator. Revocation of the license is also an important tool at the disposal of the authorities that has been used extensively over the past three years. Multiples licences have been revoked across Russia for various, and often multiple, infrigements of Russian law and CBR norms (see CP 11 and CP 29 for details). These range from unsatisfactiory financial standards (such as insufficient equity and unreliable reporting data) to violations of AML/CFT legislation. These actions have noticebly increased under the current Governor of the CBR, who was appointed in June 2013. In the first six months of her tenure, 35 licenses were revoked, in contrast to the three revoked in the first half on 2013 under her predecessor. CBR’s enforcement power also extends to banking groups. In case of violations of laws or prudential norms, several measures can be imposed on the parent company, including fines and restrictions of activities within the group (Article 74). The CBR also cooperates closely with the Deposit Insurance Agency to achieve orderly resolution of banks (see CP 11 for further details).
EC7	The supervisor has the power to review the activities of parent companies and of companies affiliated with parent companies to determine their impact on the safety and soundness of the bank and the banking group.
Description and findings re EC7	The CBR is empowered to carry out supervision on a consolidated basis over banks and banking groups (CBL Articles 4 and 56). The supervisor enjoys free access to all relevant information. When the parent company of the group is a non-bank institution, CBR is also empowered to request information from the Holding Company.
Assessment of Principle 1	Largely Compliant
Comments	The legal framework currently in place reasonably provides the necessary powers to authorize banks, conduct ongoing supervision, oversee compliance with laws and undertake corrective actions to address safety and soundness concerns. However, responsibilities and objectives of the CBR are particularly broad and appear to be intertwined, while some functions seem to concur with the objectives related to safety and soundness of the banking system. It is important to ensure clarity of purpose for the supervisory function. Although the decision making process of the CBR is well designed to ensure a good focus on prudential issues, it is not transparent to an external observer whether or not the CBR’s decisions might be influenced by its institutional objective for development of the financial sector and also its significant stake in the most systemic banking group of the Russian Federation. There are also a few issues that limit CBR powers. One first example is that the inspected period cannot be more than five years before a year of inspection (but the CBR can obtain data from banks older than five years to confirm whether laws were violated during that period). The CBR told the assessors that this has no practical implications because banks are subject to a two-year inspection cycle. Further, this limitation applies to certain accounting documents only (e.g., data on payment). In addition, according to Article 29 of the Federal law 402-FZ “About accounting,” primary registration documents, registers of accounting, accounting (financial) reports, audit reports on it are subject to storage for not less than five years after the financial year. Other limitations on CBR enforcement powers include the situation where a gross violation older than one year has been committed by a shareholder having qualifying interest in a bank. Also, the CBR cannot act if five years have passed since a violation has been committed (see CP 11 for more details). On the other hand, major reforms have been introduced that increase CBR duties and powers in many respects. The “mega-regulator” reform is seen as a major step forward, allowing the CBR to issue prudential and accounting standards for all entities and as a result to set a unified supervisory regime. It also provides the supervisor with a broader perspective on risks across the entire financial industry. These reforms have been introduced very recently and the present mission is not in a position to evaluate their effective implementation nor to assess the use of new enforcement powers granted to the supervisor. In effect, the capacity of the CBR to use its power to increase the prudential requirements for individual banks and banking groups based on their risk profile and systemic importance remains to be tested. As observed in 2011 during the last update FSAP, the CBR did not have the legal foundation to inquire additional capital based on the risk profile of an institution. With the adoption of Ordinance 3624-U on risk and capital management, the CBR can instruct a bank to increase its CAR if the outcomes of the ICAAP reveal, for example, important flaws in the RM systems of the institution. This new arsenal will not be enforced before 2017.16 Recommendations: Include language in the CBL that would clearly segregate CBR’s safety and soundness duties from other assigned objectives. Allow the CBR to get access to banking data older than five years.
Principle 2	Independence, accountability, resourcing, and legal protection for supervisors. The supervisor possesses operational independence, transparent processes, sound governance, budgetary processes that do not undermine autonomy and adequate resources, and is accountable for the discharge of its duties and use of its resources. The legal framework for banking supervision includes legal protection for the supervisor.
Essential criteria
EC1	The operational independence, accountability and governance of the supervisor are prescribed in legislation and publicly disclosed. There is no government or industry interference that compromises the operational independence of the supervisor. The supervisor has full discretion to take any supervisory actions or decisions on banks and banking groups under its supervision.
Description and findings re EC1	Independence The independence of the CBR is formally stipulated under Article 1 of the CBL. Article 1, states that “the status, purposes, functions and powers” of the Central Bank of the Russian Federation (CBR) are as set out in the Constitution of the Russian Federation. More particularly, the CBR is to fulfill its functions and exercise its powers “independently from other federal bodies of state power, the bodies of state power of the constituent entities of the Russian Federation and bodies of local government.” Accountability The CBR’s accountability is to the State Duma of the Federal Council of the Russian Federation (Article 5, CBL). Moreover, the State Duma has the power to appoint and dismiss the CBR Chairman, on the proposal of the President of the Russian Federation, as well as to appoint and dismiss the members of the Board of Directors—at the proposal of the CBR Chairman as agreed with the President. (Articles 5 and 15 CBL). The State Duma can also take decisions on audit inspections of the CBR, by the Audit Chamber of the Russian Federation, and can conduct parliamentary hearings on the CBR’s activities. The CBR must supply information to the State Duma and President of the Russian Federation according to the procedures established in the federal law. Governance The CBR has two governing bodies established by the CBL (Chapter III): The Board of Directors of the CBR (executive members) and the National Financial Board (NFB) of the CBR (non-executive members). The NFB was formerly titled the “National Bank Council” until the legislative amendments of 2013. The CBL (Chapter III) sets out the composition and powers of the governing bodies of the CBR. Please see EC2 for more detail on composition and appointment/dismissal of these bodies. The Role of NFB includes considering reports from the BoD on supervision and regulation, making decisions on issues relating to CBR participation in capital of credit institutions; and approving the budget proposals put forward by the BoD. The BoD has a wide ranging set of executive functions set out in the CBL (Article 18). As noted below, however in EC4, direct supervisory decisions are taken by the Banking Supervisory Committee and notified to the board. The competence of the BSC and the board do not overlap except insofar as the board has the responsibility for taking decisions on issuance of the regulations, instructions, and ordinances of the CBR (CBL, Article 18). As an over-arching point, the CBR is required (CBL, Article 4) to articulate and enact policies to avoid conflicts of interest when performing its legal functions. Relationship with government The Government cannot issue operational instructions to the CBR, but under the CBL (Article 21) the CBR and the Government of the Russian Federation must inform each other about their plans of action of national importance, coordinate their policy and hold regular consultations. Two government ministers, or their representatives—the MoF and the Ministry of Economic Development—have the right to attend the BoD in an advisory capacity and “shall participate in the BoD’ meetings with the right of a consultative vote” (CBL, Article 21). While the decisions of the board belong to the CBR, the ministers (or their representatives) have the ability to express a view on the matters under discussion. Supervisory independence and discretion As noted above, and also below in EC4, supervisory decisions are taken—at their highest level—at the Banking Supervision Committee. Also there is a delegation of powers within the CBR to enable supervisory decisions to be taken at an appropriate level and as efficiently as possible. There are no legal constraints in respect of the CBR in exercising supervisory discretion, provided that it is acting within its legal vires. The CBR has an equity participation in Sberbank (the Savings Bank of the Russian Federation). The CBR operates “Chinese walls” in respect of discharging its governance/ ownership rights and obligations and its supervisory responsibilities. Voting rights and dividend receipts from Sberbank are disclosed.
EC2	The process for the appointment and removal of the head(s) of the supervisory authority and members of its governing body is transparent. The head(s) of the supervisory authority is (are) appointed for a minimum term and is removed from office during his/her term only for reasons specified in law or if (s)he is not physically or mentally capable of carrying out the role or has been found guilty of misconduct. The reason(s) for removal is publicly disclosed.
Description and findings re EC2	The process for the appointment and dismissal of the Chairman of the CBR, members of the BoD and the NFB is reflected in Articles 14, 15, and 12 of the CBL. The Chairman of the CBR is appointed by the State Duma for a five-year term, with a maximum of three consecutive terms, and may be dismissed only for reasons laid out in the law (CBL, Article 15), including expiry of term, resignation, medical condition preventing exercise of duty, violation of the law, including failures in relation to managing conflicts of interest appropriately. The dismissal may only be carried out by the State Duma on the proposal of the President of the Russian Federation. The law does not state that the reasons for the dismissal must be made public. (Article 14, CBL). The decision of the Duma is public, but the published decision will not necessarily be detailed. There are no obligations to disclose the reason for removal. The BoD of the CBR is composed of the CBR Chairman and 14 executive members whose term of appointment is 5 years. Appointments are made to the BoD by the State Duma at the proposal of the chairman and with the agreement of the President of the Russian Federation. Dismissal of a member of the board, other than for expiry of term, is by the State Duma at the proposal of the Chairman of the CBR. The reasons for which a proposal for dismissal may be made are not specified with the exception of a failure in relation to managing conflicts of interest. (Article 15, CBL). As noted in EC1, two government ministers, or their representatives—the MoF and the Ministry of Economic Development—have the right to attend the BoD in an advisory capacity “with the right of a consultative vote” (Article 21, paragraph 2, CBL). The NFB is composed of 12 members. One is the CBR Chairman, two are delegated by the Federal Council of the Federal Assembly of the Russian Federation, three are delegated by the State Duma, three by the Russian Federation President, and three by the Russian Federation Government. The members of the NFB may only be dismissed or recalled by the body responsible for appointing them. Reasons for a recall are not specified in the law. The Chairman of the NFB is elected by the members of the NFB on a majority vote. The decisions of the NFB are made on the basis of a simple majority, with a quorum of seven members. Only the Chairman of the CBR may work for the CBR on a full-time basis and is the only member to be remunerated. (Article 12, CBL).
EC3	The supervisor publishes its objectives and is accountable through a transparent framework for the discharge of its duties in relation to those objectives.17
Description and findings re EC3	The CBR’s functions and objectives in respect to the supervision of credit institutions are clearly stated in the CBL (Articles 4 and 56). The annual report of the CBR contains, inter alia, information on supervisory and regulatory developments. Additionally, and separately, the CBR also publishes an annual report on the development of banking sector and banking supervision. As noted in EC1, the CBL (Article 5) sets out the manner in which the CBR is accountable to the State Duma. This includes appointment of the Chairman, BoD, delegates to the NFB, consideration of the CBR’s annual reports (and decisions made on the basis of such reports). The Duma can hold hearings and hear reports by the CBR Chairman on the CBR’s activities. Duma hearings are public, though of course only members of the Duma can ask questions. It is common for members of the Duma to ask questions and hearings are held annually at a minimum, with the Duma having the right to call more frequent hearings. Such hearings are sometimes broadcast and reports of the hearings are available afterwards.
EC4	The supervisor has effective internal governance and communication processes that enable supervisory decisions to be taken at a level appropriate to the significance of the issue and timely decisions to be taken in the case of an emergency. The governing body is structured to avoid any real or perceived conflicts of interest.
Description and findings re EC4	There are various internal regulations that stipulate internal procedures and decision-making process depending on seniority and significance of the issues to be resolved. The regulatory and supervisory functions of the CBR, as required by the CBL (Article 56), are implemented through the Banking Supervision Committee. The head of the Banking Supervision Committee is appointed by the CBR Chairman from among the members of the BoD. The CBR’s BoD also is required to approve the CBR regulation on the Banking Supervision Committee while the structure is approved by the CBR Chairman (item 4 of the Regulation on BSC). All key supervisory decisions (licensing, revocation, sanctioning, and restrictions) must be made by the Banking Supervision Committee of the CBR and equally all decisions are reported to the Board of the CBR and the NFB. The decisions of the Banking Supervision Committee cannot be amended or overturned by the board or the NFB. According to the regulation, the Committee meets, in any case, at least monthly and is composed of fifteen members—including heads of the supervisory, regulatory, licensing departments as well as of the Chief Inspectorate but not solely limited to the fields of banking supervision—and the regulation establishes the quorum (minimum 50 percent attendance) and rules for voting (decision made by majority, with the Chairman of the Committee having the casting vote). The Banking Supervision Committee is chaired, at present, by the First Deputy Governor for banking supervision. When taking a major decision, the dossiers are compiled using information gathered by curators, inspectors, and ARs (see CP9 for a discussion of these functions) and reviewed by the legal department before being submitted to the Committee. There are internal protocols governing how much time can be spent preparing the information, and this varies depending on the gravity of the issue. The assessors were able to review some submissions to and orders issued by the BSC and found them to be of high quality. There is also a cascade of delegated powers so that, for minor violations, the Territorial Office responsible for supervision of an institution may make a decision. For larger institutions (such as regionally systemic banks identified in the “second line” of supervision), decisions are made jointly between the Territorial Office of the CBR and the main office of the CBR. In any case, and as indicated above, major supervisory decisions are reserved to the Banking Supervision Committee. The requirements on avoidance of conflict of interest are discussed below in EC5. In addition, CBL Article 83.1 requires separation of responsibilities between deputy heads of the CBR, heads of separate structural subdivisions, including during implementation of monetary policy, foreign-exchange reserves management, banking regulation and supervision, financial markets control and supervision in order to prevent, detect or manage any conflict of interest during fulfillment of its functions.
EC5	The supervisor and its staff have credibility based on their professionalism and integrity. There are rules on how to avoid conflicts of interest and on the appropriate use of information obtained through work, with sanctions in place if these are not followed.
Description and findings re EC5	Issues related to conflict of interest are considered in a number of laws and directions. General rules around conflict of interest issues are established by the Federal Law 273-FZ. At an over-arching level, and as noted above, the CBL (Article 4.1) establishes that the CBR is obliged to prepare and implement policy on combating, identification and management of conflicts of interest when performing its functions. There are also a number of provisions in the CBL treating potential conflicts. Hence employees of the CBR (CBL Article 90) are subject to a range of restrictions, such as holding the securities of supervised institutions, being employed by such institutions, or accepting gifts. Cooling off periods are also stipulated, as certain restrictions apply for two years after employment at the CBR has ceased and restrictions on disclosure of information are perpetual. The CBR has issued an Ordinance (3414-U) containing rules on how to avoid conflicts of interests, and sanctions for their violation. Supervisors participating in onsite reviews must disclose relevant personal information to avoid conflicts of interest, or be disbarred from the review (see Instruction 149-I). There are numerous internal regulations on proper usage of information obtained through work, such as Regulation 235-P that, among other issues, sets a list of employees who after resignation are prohibited to disclose and use the information they received while serving at the CBR. Furthermore, employees are prohibited from disclosure of information obtained through work without approval of the CBR BoD (CBL Article 92). In practical terms, the CBR has not had experience of breaches of confidentiality. The assessors noted, in their contact with market participants and professionals, that the CBR was held in high regard for its professionalism and is perceived as an authoritative institution. The caliber and responsiveness of staff in the departments in the head office of the CBR was particularly commented upon. The increasing levels of transparency and efforts at communicating forward looking priorities in recent years were appreciated by a number of the contacts with whom the assessors met, although it was considered that there was scope for even further improvement.
EC6	The supervisor has adequate resources for the conduct of effective supervision and oversight. It is financed in a manner that does not undermine its autonomy or operational independence. This includes: (a) a budget that provides for staff in sufficient numbers and with skills commensurate with the risk profile and systemic importance of the banks and banking groups supervised; (b) salary scales that allow it to attract and retain qualified staff; (c) the ability to commission external experts with the necessary professional skills and independence, and subject to necessary confidentiality restrictions to conduct supervisory tasks; (d) a budget and program for the regular training of staff; (e) a technology budget sufficient to equip its staff with the tools needed to supervise the banking industry and assess individual banks and banking groups; and (f) a travel budget that allows appropriate onsite work, effective cross-border cooperation and participation in domestic and international meetings of significant relevance (e.g., supervisory colleges).
Description and findings re EC6	The CBR funds its expenses from its own revenues, as prescribed by law, but the law does not prescribe how budgeting and resource allocation should be decided within this parameter (CBL, Article 2). The CBR and the state are, on a reciprocal basis, not responsible for the liabilities of the other unless a specific agreement and obligation has been entered into. The purpose of the CBR is not to generate profit (Article3). The CBR must submit its budget to the board and to the NFB. The CBR does not, therefore have independent control over the allocation of its funds to its departments. The CBR has control over the disposition of its net revenues. Additionally, the compensation of the governor and deputy governors must be disclosed and this disclosure is made annually online. According to the CBL (Article 26), 75 percent of the CBR’s post tax profit shall be transferred to the federal budget and under an amendment to the CBL (Federal Law FZ-334) for the period of January 1, 2014 to January 1, 2015, (profit for 2015 to be paid in 2016) Article 26 shall be suspended and 90 percent of the CBR’s post-tax profit will be transferred to the federal budget. All the assets of the CBR belong to the state. The CBR’s internal budgeting process is managed by the Financial Department and is subject to approval by the CBR’s BoD and NFB. Hence if any department within the CBR, including the supervisory functions, required additional resources, the BoD would have to discuss and agree to this. Retention rates of staff for the CBR as a whole are very high (approximately 2–3 percent annual turnover). However, some areas, including supervision, can be subject to higher attrition. In common with other jurisdictions, the CBR has found it easier to attract specialist skills when the market is undergoing periods of stress. The CBR has the legal power (e.g., CBL Article 73) to hire audit firms to conduct bank reviews. Legal and accounting firms may also be hired but not to conduct reviews of banks. Of course, the external firms have no participation in any CBR decision. Restrictions on information, and hiring procedures which are performed on a tender basis, are set forth in Regulation 442-P and Ordinance 3463-U. The training budget and planning is conducted annually a year in advance. IT systems were last given a major upgrade upon the creation of the mega regulator in 2013, but there is continuous development. During 2016, the data analysis system in supervision (see CPs 8 and 9) will be further enhanced to support a “single view” of all aspects of a credit institution. No constraints on travel for international or domestic purposes were identified.
EC7	As part of their annual resource planning exercise, supervisors regularly take stock of existing skills and projected requirements over the short- and medium-term, taking into account relevant emerging supervisory practices. Supervisors review and implement measures to bridge any gaps in numbers and/or skill-sets identified.
Description and findings re EC7	The CBR prepares a rolling training plan for 3 years on the basis of proposals received from departments and sub-divisions with due account to strategic development plans for each types of activity. Departments and sub-divisions are expected to take into consideration best domestic and international practices when preparing their proposals. In terms of developing individual staff’s skills, the annual appraisal process is used to identify training and development needs that are fed into the various divisions’ training plans. At a more strategic level, the CBR also considers the nature and extent of specific skill sets available within its staff. For example, in the past few years there have been programs to train staff in IFRS and also specialist training made available for Basel 2 implementation. CBR staff noted that it was possible to self nominate for training, and indeed some training is mandatory. There are certification processes to meet in order to transfer to some of the supervisory divisions (such as the Inspectorate) and training is made available to support these needs.
EC8	In determining supervisory programs and allocating resources, supervisors take into account the risk profile and systemic importance of individual banks and banking groups, and the different mitigation approaches available.
Description and findings re EC8	Structurally, the CBR has been reorganized to support a risk based focus and has established a separate division to supervise the systemically important banks: the systemically important banking supervision division (SIBSD). Institutions are identified as systemically important banks under the terms of Ordinance 3737-U, whose methodology is based on the Basel standard. SIBSD operates its own budget. The methodology has been in force since July 2015, and the list of systemically important banks must be assessed and re-issued annually under the terms of the ordinance. See CP16 (EC4) for details on the capital buffer applied to systemically important banks. The appointment of curators and ARs, as well as the frequency and scope of inspections, also reflects risk based allocations. A major or more complex institution will be allocated a team of staff. Systemic institutions and institutions which are in the weaker grading categories are subject to more intensive attention, not least the appointment of an AR. The Chief Inspectorate is going through a process of merging some of its regional offices given declining numbers of institutions in the affected regions.
EC9	Laws provide protection to the supervisor and its staff against lawsuits for actions taken and/or omissions made while discharging their duties in good faith. The supervisor and its staff are adequately protected against the costs of defending their actions and/or omissions made while discharging their duties in good faith.
Description and findings re EC9	There are no special provisions in Russian law regarding protection of the CBR and its staff against lawsuits for actions taken and/or omissions made while discharging their duties in good faith. The CBR noted that, if a suit were brought, the institution itself would act as the defendant and further explained that in instances, for example, of revocation or restrictions, decisions are made collectively by the Banking Supervision Committee. It seemed, therefore, less likely that a lawsuit would be brought against a specific individual. In principle, however, an aggrieved party is able to bring a lawsuit for gross negligence against an individual employee of the CBR. The CBR explained that in such circumstances, it would enter the legal proceedings on the side of the employee and ask the court to exclude the employee from the defendants. The legal fees can be borne by the CBR based on approval by the board. No case of such a suit has ever arisen. In the case of criminal proceedings, an aggrieved party can bring a criminal lawsuit against an employee of the CBR in respect of a criminal act perpetrated against the bank (e.g., bribery, corruption, theft). The order and basis for filing such a claim are stated in the Criminal Procedure Code of the Russian Federation (Articles 140 and 141). There is neither obligation nor prohibition on the CBR to cover the legal fees of its employee in such circumstances, and it would be a board decision to bear the legal costs (if, for example, the CBR believed the case to be frivolous or an attempt to intimidate the CBR or a staff member).
Assessment of Principle 2	Largely Compliant
Comments	The CBR is a respected and authoritative institution. While many governance, accountability, and transparency measures are in place, there are some issues of concern notably in respect of legal protection for staff and transparency of dismissal procedures. There is also scope for improvements in the arrangements of decision making in order to better support and communicate the objectivity and independence of the CBR to external audiences. There is scope for two important enhancements in particular. The first issue is that legal protection for staff carrying out their functions in good faith is not fully in place. Although the assessors appreciate and understand the explanations of the CBR on this issue, it remains the case that there is a legal vulnerability that in future might possibly be exploited maliciously. There is no legal requirement for the reasons for the dismissal of the Governor of the CBR (or of the first deputy governor in charge of supervision) to be disclosed. While it is normal practice for the CBR to issue press releases on the occasion of their departure, it is not mandatory and there is no history of early dismissal. Transparency measures are part of a guard against abuses in any system, and it would be important and fitting for the CBR to benefit from such transparency requirements. There is a governmental and parliamentary role in the appointment of the Chairman and the BoD and two ministers or their representatives may attend the board. There appears to be no operational impact of the appointment process and composition of board and NFB in terms of the supervisory decision making processes, not least because of the delegation of powers to the Banking Supervisory Committee. However, the role of the governing bodies in budget approval and regulatory decision making opens the possibility for an impact on the CBR’s supervisory function even though, to date, there is no history of any restriction being placed on the CBR. It may be noted that the CBR has only one voice on the NFB as all other representatives come from other institutions or bodies. In terms of achieving an overall balance for the purposes of accountability and for the CBR to fulfill its mandate for developing the financial sector, the presence of the ministries on the CBR Board can be understood. However, with specific respect to regulation on supervisory issues, the authorities may wish to consider arrangements so that there is no ministry participation or observation on regulatory topics. The CBR’s stake in Sberbank presents a particular challenge for the CBR in its supervisory capacity as it is important that Sberbank, which in any case is the dominant financial institution in the jurisdiction, is supervised, and seen to be supervised, to the same standards as any other institution. To external observers, however, it is not necessarily easy, or even possible, to distinguish the CBR’s broad role in supporting the development of the financial sector, which might be thought to favor Sberbank particularly in the light of the ownership structure, and the CBR’s supervisory role. The assessors stress that they have no findings to suggest that there is any question mark over the CBR’s exercise of supervision or the governance of Sberbank and the internal separation of the two roles. Nevertheless, while the assessors have no evidence to suggest that the CBR would make or has made regulatory or supervisory decisions that would create preferential treatment for Sberbank, this objective treatment is, by its nature, very hard to demonstrate, particularly to outside observers. The authorities may wish to consider a separate form or structure of state ownership for Sberbank, rather than having the holding rest with the CBR, in order to remove the potential for reputational risk and to provide greater confidence that the supervisory function is not and cannot be inappropriately influenced. Please also see the discussion and recommendations in CP1 related to the objectives of the CBR as this would also assist in diluting any reputational risk to the CBR.
Principle 3	Cooperation and collaboration. Laws, regulations or other arrangements provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors. These arrangements reflect the need to protect confidential information.18
Essential criteria
EC1	Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with all domestic authorities with responsibility for the safety and soundness of banks, other financial institutions and/or the stability of the financial system. There is evidence that these arrangements work in practice, where necessary.
Description and findings re EC1	Federal laws, legislative acts and CBR regulations contain several provisions governing the cooperation and collaboration among supervisors and agencies with responsibilities for the stability of the financial system. In practice, cooperation arrangements are determined on the basis of bilateral agreements between the Central CBR and the Federal Service for Financial Monitoring (Rosfinmonitoring, the Russian FIU), Federal State Statistics Service, the Federal Service for Financial Markets, the Federal Tax Service, the Deposit Insurance Agency, the Federal Service for Financial and Budgetary Supervision (External auditors oversight), the Federal Customs Service, the Federal Antimonopoly Service, the Federal Registration Service, the Ministry of Internal Affairs, the Prosecutor General’s Office of the Russian Federation and the Federal Treasury. Some of the most useful exchanges of information done for supervisory purposes with domestic authorities are with the FIU and the Tax Authority for the purpose of exchanging information on AML/CFT. The CBR is, inter alia, an aggregator of data that are made available to the FIU. The cooperation among the two agencies takes different forms (see CP29). There is also multi-level cooperation among judicial, law enforcement, and financial regulatory authorities in AML/CFT. An example of this is the Interagency Working Group on Combating Illegal Financial Transactions, established by the president of the Russian Federation, and the Interagency Commission for Combating Money Laundering and Terrorist Financing, established by the Russian FIU. These coordinating bodies were created in order to promote effective cooperation and concerted action by all Russian anti-money laundering system participants, including through the involvement of the private sector. Close cooperation has also been established by law with the State Corporation Deposit Insurance Agency for issues relating to crisis prevention, bank resolution, and liquidation. The Federal Financial and Budget Supervision Service of the Minister of Finance provides the CBR with the information on external auditing companies, and the Minister of Internal Affairs assists the CBR in the domain of AML/CFT (data base of lost or fake IDs).
EC2	Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with relevant foreign supervisors of banks and banking groups. There is evidence that these arrangements work in practice, where necessary.
Description and findings re EC2	The legal basis for formal cooperation and for information sharing by the CBR with other supervisory authorities is found in Article 51 of the CBL. These provisions set the general conditions under which the CBR is authorized to exchange confidential information. The CBR has concluded 38 formal bilateral arrangements with supervisory authorities of foreign countries in the form of cooperation agreements, memoranda of understanding (MoUs), and statements of cooperation (SoCs) for information exchange. Most close cooperation links are established with supervisory authorities of the following countries: Austria, China, Cyprus, CIS countries (especially countries of the Eurasian Economic Union—Belarus, Kazakhstan, Kyrgyzstan), Germany, Hungary, Latvia. MoUs have also been signed with Italy, Sweden, Finland, and Norway. No MoU has been signed with France however while the country has an important presence through the Société Générale. Between 2012–15, there were around 1–2 visits a year from representatives of the main supervisors of banking groups and foreign banks with subsidiaries of credit institutions in the Russian Federation: Austria, Hungary, Germany, China, Kazakhstan, Latvia, and the Netherlands. There were also visits by representatives of banking supervisory authorities of Korea. These visits can be regular high-level meetings or meetings of experts. In addition, cooperation with the British supervisory agency and the U.S. Office of the Comptroller of the Currency (OCC) was arranged on the basis of the exchange of letters in 2007 and 2009 (these letters are not public). Also, cooperation with some European countries is carried out on an ad hoc basis given previous concerns of some European countries regarding the legal ability of CBR to protect confidential information. The CBL was amended in 2013 to address these concerns and the CBR informed about these amendments the Basel Committee on Banking Supervision and the European Banking Authority in due time. Furthermore, during 2014 the CBR continued its cooperation in staff training with foreign partners including the Deutsche Bundesbank, the Bank of France, the Bank of Finland, the Bank of Spain, the Central Bank of Brazil, the Financial Technology Transfer Agency (Luxembourg), the Financial Stability Institute of the Bank for International Settlements (Basel), and others. CBR inspections abroad have been extremely limited so far. In 2014 the CBR carried out an inspection of the Cyprian branch of a Russian credit institution. The representatives of the mission were informed in 2016 on the positive experience of the organization and the inspection itself.
EC3	The supervisor may provide confidential information to another domestic authority or foreign supervisor but must take reasonable steps to determine that any confidential information so released will be used only for bank-specific or system-wide supervisory purposes and will be treated as confidential by the receiving party.
Description and findings re EC3	Conditions for exchanging confidential information with domestic authorities Article 26 of the banking law sets the general principle on Bank secrecy. The CBR has no right to disclose or provide to third parties data obtained while performing functions defined by federal laws unless stated in federal laws. Article 57 of the CR law stipulates states that information on specific operations received from legal entities shall not be disclosed without the consent of the corresponding legal entity except for those cases stipulated by federal laws. According to these laws, the CBR is allowed to provide information, including confidential information, to courts and arbitration courts, to the Accounting Chamber of the Russian Federation, to tax and customs authorities, to law enforcement agencies, preliminary investigation bodies, FX control authorities, the Pension Fund, the Social Insurance Fund of the Russian Federation, and other institutions in cases specified by the legislation. Article 57 of the CBL also includes a reciprocal obligation of the CBR to keep confidential any information it receives in the context of these information exchange arrangements. Conditions for exchanging confidential information with foreign authorities The conditions for sharing confidential information with banking supervisors of foreign states are laid out in Article 51 of the CBL and Article 26 of the Law on Banks. The CBR has the right to provide to the central bank and (or) other supervisory authority of a foreign state in charge of banking supervision information and (or) documents that they need to exercise supervision, including those that contain bank secrecy data,19 received from credit institutions, banking groups, bank holdings, and other associations with participation of credit institutions. This covers information collected both during both offsite and onsite supervision. This general principle, however, does not apply for any information or data protected by State secrecy. Similar information exchange is also permitted by Article 26 of the banking law in the context of cross-border mechanisms for bank resolution. For example, the CBR can provide to home supervisors information contained in financial stability restoration plans for credit institutions that are part of a banking groups. The CBR provides such information and (or) documents to foreign authorities on the condition of reciprocity whereby the recipient country’s legal regime should provide equal protection to the information received from Russia and that the transmission to third parties cannot be permitted without the preliminary consent in writing of the CBR, except for cases when such information is provided to a court in a criminal case. The mission received a copy of a cooperation agreement signed with a foreign authority. It was observed that the arrangements include information in connection with the authorization and licensing process, cooperation on ownership control structure, cooperation on offsite supervision of parent institutions and cross-border establishments, information exchange for cross-border resolution, onsite inspections including mutual ones, AML/CFT, etc.
EC4	The supervisor receiving confidential information from other supervisors uses the confidential information for bank-specific or system-wide supervisory purposes only. The supervisor does not disclose confidential information received to third parties without the permission of the supervisor providing the information and is able to deny any demand (other than a court order or mandate from a legislative body) for confidential information in its possession. In the event that the supervisor is legally compelled to disclose confidential information it has received from another supervisor, the supervisor promptly notifies the originating supervisor, indicating what information it is compelled to release and the circumstances surrounding the release. Where consent to passing on confidential information is not given, the supervisor uses all reasonable means to resist such a demand or protect the confidentiality of the information.
Description and findings re EC4	CBR staff is bound by professional secrecy (CBL) and is not allowed to disclose confidential information received from domestic or foreign supervisory bodies, except in the condition stipulated by law. Further, the information received either by domestic or foreign entities should only be used for the performance of the CBR supervisory responsibilities. The information and/or documents received by the CBR from the foreign supervisory authorities may be provided to third persons, for instance law-enforcement bodies, only with the consent of the authority which provided this information, except for providing such information by court order for the proceedings of criminal cases. Requirements to confidentiality protection of information and documents set in cooperation agreements and MoUs also provide for non-disclosure of the received information to third parties without the prior written consent of the originating supervisor. It is also set that confidential information and documents should not be used without the prior written consent of the supervisory authority that provided it for purposes other than those for which it was requested and provided.
EC5	Processes are in place for the supervisor to support resolution authorities (e.g., central banks and finance ministries as appropriate) to undertake recovery and resolution planning and actions.
Description and findings re EC5	Cooperation with domestic resolution authorities The fundamentals of interaction between the State Corporation DIA and the CBR are established by Article 27 of Federal Law 177-FZ of December 23, 2003, “On Insurance of Household Deposits in Russian Banks.” This article also states that for the purposes of informational support of the deposit insurance system’s operation, the CBR shall send to the DIA banks’ reports and other necessary information. The framework within CBR and the Agency for information exchange and coordination of actions is defined by an agreement signed in 2014 that covers, inter alia, the insolvency (bankruptcy) of credit institutions. In addition, the Agency is entitled to propose that the CBR inspects a bank or takes measures against a bank. The CBR must reply to the DIA within 15 days on the decision to inspect a bank. Joint inspections by the CBR and DIA are allowed under direction 1542-U of the CBR of January 13, 2005 and Articles 27 and 32 of Law 177-FZ.20 These inspections are done in respect of matters concerning the extent and structure of these banks’ commitments with regard to depositors, insurance premiums’ payment, as well as these banks’ discharging of other duties established by this Federal Law and are conducted on a regular basis (scheduled) and unscheduled. When a bank exhibits serious sign of distress or constitutes a threat to the stability of the system or to the interest of depositors and creditors the CBR and DIA are authorized to implement rehabilitation measures to prevent the bank’s failure. The CBR can either submit a proposal calling for DIA’s participation in the bank or a proposal for the DIA’s participation in the settlement of a bank’s liabilities.21 The Plan has to be approved by the BSC. Moreover, during the implementation of the plan, the DIA sends to the CBR monthly reports. In 2014–15 27 banks underwent a resolution process. 45 were subject to a joint DIA—CBR review. Cooperation with foreign resolution authorities Pursuant to Article 51 of the Federal Law of the Central CBR and Article 26 of the banking law, CBR can provide the central bank and (or) another authority of a foreign state information contained in the financial stability recovery plans of parent banks or associations, except for the data constituting state secrecy. This process is done on the condition that the legislation of the foreign state stipulates the level of confidentiality for CBR’s documents at least matching the level envisaged by the Russian Federation or in compliance with the international treaties that may regulate these exchanges. This information cannot be shared with third parties without CBR’s consent, except for providing such information to court for criminal case proceedings. Supervisory colleges are also a conduit for cooperation with foreign supervisors. The CBR’s SIBS Department participated in the supervisory college organized by the home supervisor in 2014. The frequency of supervisory college meetings where CBR takes part as a host-member is defined by the home supervisory authority. The usual frequency is once a year or two.
Assessment of Principle 3	Compliant
Comments	The CBR is in a position to exchange information and to cooperate with home supervisors over Russian-based subsidiaries of foreign banks through a number of bilateral MOUs. Adequate information sharing arrangements are also in place with all relevant domestic authorities. As indicated above, the CBR has concluded 38 formal bilateral arrangements with supervisory authorities of foreign countries in the form of cooperation agreements, memoranda of understanding (MoUs), and SoCs for information exchange. It is noteworthy however that no MoU has been signed with France while in fact the country has an important presence through the Société Générale. During interviews, assessors were told that the authorities are satisfied with the quality and effectiveness of existing cooperation arrangements. One example of successful inter-agency cooperation is in the area of AML/CFT. As indicated under CP29, the cooperation between the CBR and the FIU led to the closure of Siberia’s largest illegal encashment center, carried out by the local law enforcement agencies, the main department of the CBR in the Kemerovo region and Rosfinmonitoring’s SFD Directorate. In 2014, the CBR revoked the licenses of two credit institutions of the Kemerovo region. The criminal investigation resulted in criminal charges being brought against one of these credit institution directors and the seizure of approximately RUB 3 billion worth of assets.22 Cooperation between the CBR and the DIA is also very good. On the international front, the previous 2008 FSAP observed that the text on information exchange with foreign supervisors as contained in the then Article 51 of the CBL prohibited provision of information on individual client transactions to foreign financial sector supervisor. This inability under Article 51 to exchange institution specific and client information left a large gap to be closed. A change in legislation has been made to achieve this. The Federal law 146-FZ of July 2, 2013 has introduced new language in Article 51 that lifted these restrictions. According to the new provision, the CBR is entitled to provide to foreign counterparts information or documents “including those that contain data constituting bank secrecy” provided that the authority receiving such information treats it with the same level of confidentiality as the Russian authorities and that the information does not constitute a state secret. Another legislative reform was made to explicitly empower the CBR to exchange information contained in financial recovery plans (except state secrets) with foreign resolution authorities. Considering the progress made by the Russian authorities in addressing previous flaws in the legal regime for cooperation and collaboration, the rating assigned in 2008 to this CP has been improved from “Largely Compliant” to “Compliant.” Recommendation: Establish a formal mechanism of cooperation with the French Supervisory and Resolution Prudential Authority.
Principle 4	Permissible activities. The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined and the use of the word “bank” in names is controlled.
Essential criteria
EC1	The term “bank” is clearly defined in laws or regulations.
Description and findings re EC1	The Russian regime as spelled out in the banking law defines a credit institution as a legal entity authorized to carry out banking operations to generate profit as the main goal of its activities, on the basis of a special permit (license) granted by the Central Bank of the Russian Federation. Under this law, all credit institutions fall into the following categories: (i) banks; (ii) nonbanking credit institutions; (iii) nonbanking credit institutions for money transferring without opening of account and (iv) nonbanking credit institutions—central counterparty. A bank is a lending institution that has the exclusive right to perform all of following banking operations: the drawing of deposits from individuals and legal entities the granting of loans; and the opening and operation of bank accounts for individuals and legal entities. Pursuant to Articles 5 and 13 of the banking law, attraction of deposits is permitted only for lending institutions with a bank status. A nonbank lending institution is a lending institution that has the right to perform certain operations only (stipulated by law), e.g., maintenance of bank accounts, money transfers services, cash services). They may also make loans to, and invest in natural persons and their activities. These institutions are licensed and supervised by the CBR.
EC2	The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined either by supervisors, or in laws or regulations.
Description and findings re EC2	Permissible activities of institutions that are licensed and subject to supervision as banks are defined under the banking law, Article 5 and include the following: attraction of funds for deposit from individuals and legal entities; placement of the attracted funds referred to under item 1; opening and maintenance of bank accounts for individuals and legal entities; performance of money transfers services, including correspondent banking; cash servicing for individuals and legal entities; purchase and sale of FX in cash and noncash forms; attraction of precious metals for deposit and the placement of precious metals; issuance of bank guarantees; and performance of money transfers services without the opening of bank accounts, including electronic funds (with the exception of postal money orders). In addition to banking operations, a lending institution has the right to perform the following transactions: (a) the issuing of sureties for third parties; (b) fiduciary management of funds and other property under a contractual arrangement with individuals and legal entities; (c) operations with precious metals and precious stones in accordance with the legislation of the Russian Federation; (d) leasing operations; and (e) provision of consulting and information services. A bank has also the right to engage in operations involving the issue, purchase, sale, discounting, and safekeeping of securities. Credit institutions are prohibited from engaging in production, trade and insurance activities, although these activities can be conducted by a sister-corporation under a common holding. Banking operations are performed solely on the basis of a license issued by the CBR following the procedure established by the banking law (see CP 5 for details).
EC3	The use of the word “bank” and any derivations such as “banking” in a name, including domain names, is limited to licensed and supervised institutions in all circumstances where the general public might otherwise be misled.
Description and findings re EC3	Article 7 of the banking law stipulates that “no legal entity in the Russian Federation, except for those who received a banking license from the CBR may use the word ‘bank’ or ‘credit organization’ in its name or indicate in any other way that the legal entity may carry out banking operations. Exceptions are the CBR and the Bank for Development and Foreign Economic Activity. As observed in the 2008 BCP report, there is no established system to monitor the illegitimate use of the word ‘bank.’ The CBR relies on external sources for media, and other sources. The CBR also regularly receives information about registered credit institutions and other legal entities from the Unified State Register of Legal Entities maintained by the Federal Tax Service.
EC4	The taking of deposits from the public is reserved for institutions that are licensed and subject to supervision as banks.23
Description and findings re EC4	In accordance with Articles 1 and 36 of the banking law, the Law on Deposit Insurance, and Chapters 8 and 14 of CBR Instruction 135-I of April 2, 2010,24 (referred to hereinafter as Instruction 135-I), a bank is granted the exclusive right to accept deposits from the public. A nonbank lending institution is not qualified to attract funds for deposit from individuals.
EC5	The supervisor or licensing authority publishes or otherwise makes available a current list of licensed banks, including branches of foreign banks, operating within its jurisdiction in a way that is easily accessible to the public.
Description and findings re EC5	In accordance with Article 13 of the banking Law and Instruction 135-I, licenses issued by the CBR are recorded in a register. Licenses granted by the CBR are made public by the CBR in an official publication (Bulletin of the CBR) at least once a year. Changes and additions to said register are published by the CBR within one month of the date they are made and are posted on a daily basis on the CBR’s website. An announcement of a lending institution’s state registration is also published in the Bulletin above mentioned.
Assessment of Principle 4	Compliant
Comments	There have been several cases of Ponzi schemes in Russia in recent years. According to the data from the Ministry of Internal Affairs of the Russian Federation, there were in 2014 more than 160 organizations that contained certain features of financial pyramids that caused harm to more than nine thousand people. The amount of loss suffered was estimated at RUB 1.7 billion. According the CBR, in none of these cases the perpetrators have used in one way or another, the word “bank,” “banking” to attract and defraud the customers.
Principle 5	Licensing criteria. The licensing authority has the power to set criteria and reject applications for establishments that do not meet the criteria. At a minimum, the licensing process consists of an assessment of the ownership structure and governance (including the fitness and propriety of board members and senior management)25 of the bank and its wider group, and its strategic and operating plan, internal controls, RM, and projected financial condition-(including capital base). Where the proposed owner or parent organization is a foreign bank, the prior consent of its home supervisor is obtained.
Essential criteria
EC1	The law identifies the authority responsible for granting and withdrawing a banking license. The licensing authority could be the banking supervisor or another competent authority. If the licensing authority and the supervisor are not the same, the supervisor has the right to have its views on each application considered, and its concerns addressed. In addition, the licensing authority provides the supervisor with any information that may be material to the supervision of the licensed bank. The supervisor imposes prudential conditions or limitations on the newly licensed bank, where appropriate.
Description and findings re EC1	Articles 56 and 59 of the law on the CBR establish that the CBR is the authority responsible for both licensing banks, and for regulating and supervising them. Article 59 provides the statutory requirements for the licensing of a bank. The CBR has the exclusive right for the issuance of bank licenses and no person shall engage in financial activities without a license issued by the CBR. Foreign banks wishing to establish a subsidiary on the territory of Federation of Russia need also to receive a license from the central bank. The same Article 59 grants to the CBR the power to suspend or reject an application. Article 74 of the same law that complements Article 59 stipulates that “the CBR shall be entitled to revoke the banking license of a credit institution on the grounds established by the Federal Law on “banks and banking activities.” The procedure for revoking a banking license shall be established by CBR normative acts.” It is noteworthy that according to the CBL, the Banking Supervisory Committee of the CBR is exclusively authorized to make decisions on banking license revocation. Under its supervisory capacity, the CBR has the power to impose limitations or additional requirements. The licensing process is under the responsibility of the licensing department, which focuses on two areas, licensing delivery as well as the authorization of major acquisitions and significant transfers of ownership on the one hand, and financial rehabilitation on the other. The department is also responsible for the maintenance of the State Registry of Legal entities. About 70 people—out of 135—are assigned to licensing activities. In practice, the licensing process is organized as follows. A prospective owner will submit a petition to the CBR territorial branch where the bank will be registered. The local CBR office does the primary vetting, including due diligence in relation to the business qualification, financial soundness, and integrity of the applicants. If the findings are positive, the petition will be forwarded to the CBR head office accompanied by a formal opinion from the head of the territorial branch. The final decision to grant a license rest with the BSC, and the Committee relies on the opinion issued by both the head of the local branch and the head of the licensing department; other departments can also voice their opinion. Once the final decision is made by the BCS, the file is submitted to the tax registration that will confirm the registration of the entity in the State Registration of Legal Entities and Individual Entrepreneurs (Article 12 of the banking law). The applicant has one month to pay the charter capital after which the formal licensing process will begin. The license is signed by one of the Heads of the CBR and forwarded to the head of the competent territorial branch who will formally hand over the license to the bank, which then will acquire the right to operate. Licenses issued to credit institutions are published by the CBR in its official publication (CBR Bulletin) at least once a year. It is directly prohibited for banks to exercise any other kind of activity besides the banking business. However, this prohibition does not apply to operations with financial derivatives – for example, clearing and factoring.
EC2	Laws or regulations give the licensing authority the power to set criteria for licensing banks. If the criteria are not fulfilled, or if the information provided is inadequate, the licensing authority has the power to reject an application. If the licensing authority or-supervisor determines that the license was based on false information, the license can be revoked.
Description and findings re EC2	Criteria for licensing banks are prescribed by the banking law (Articles 10, 11, 11.1, 14, 15, 16, 17, 18, and 23), in the CBL (Articles 4 and 56) and in the CBR Instruction 135-I (Chapters 2–8, 13, 14, 22, 23–28). They set the requirements to be met in order to obtain authorization for banking business. The most relevant information to be provided by the applicants are: article of association; appropriate information about fitness and propriety of the founders; documents containing information on the paid in capital of the bank; documents confirming the sources of funds contributed by individual founders; a business plan with exhaustive description of the activities to be performed, objectives, policy and strategy of the bank, financial forecast of development over a two-year period; a questionnaire of candidates to key positions (e.g., chief executive officer and chief accountant) to be filled personally by the candidates providing details about their professional backgrounds, education, lack of criminal records; description of the managing and organizational structure; auditor’s conclusions on the authenticity of the financial reports of the founders; and details on the lay-out of the premises of the future bank, etc. Based on the information mentioned above (the list is not exhaustive), CBR staff will do its due diligence prior to delivering a license. It will conduct a review of the validity and accuracy of the materials provided by the applicant. Attention will be paid to the professional qualification and reputation of the prospective founders. Their financial position will be reviewed carefully.26 The conditions for refusing (or revoking) a license are clearly stipulated in the law, for example if the applicants submitted false information (Article 16 of the banking law), or if the nominees proposed for senior management positions do not meet the professional requirements set in the law or fail to meet the fit-and-proper requirements (e.g., conviction for intentional crimes). There are other situations where a banking license can be refused. For example, if a nominee has committed more than three times within the year preceding the day of submitting the application27 an administrative offence in the area of finances, taxes and duties, insurance, securities market, or business activity. Another example is the case where the nominee has been found guilty of bankruptcy of a legal entity in the five years preceding the day of the submission of the applications. During the interview, the assessors asked whether an unrealistic business plan could lead the CBR to reject an application since such a circumstance is not explicitly contemplated in Article 16 of the banking law. It was indicated that the CBR could base its decision on paragraph 3 of Article 16 according to which a license should be denied in case of “non-compliance of the documents filed with the CBR” for obtaining a license. The founders of a lending institution are notified in writing of a decision to refuse to proceed with the state registration of the lending institution and to issue a banking license to the lending institution. The reasons for the decision must be provided. In practice, the due diligence process is performed as follows. The CBR will review fit and proper requirements as well as the professional qualifications that have to be met on an ongoing basis (Article 16 of the banking law). These checks will apply to both individuals as well as to the beneficial owners of a legal entity owning more than 10 percent of the capital. If the applicants/founders are found not to be fit anymore, the CBR can require their replacement. To verify that the applicants do not have any criminal records or have no previous disqualification, the CBR has the power to consult the Tax administration, the Ministry of Interior affairs, and request any specific information to external parties including foreign counterparts (e.g., bank supervisors, Interpol). While it is usual practice to meet the applicants at the branch office, such meetings are rarer at the Head office. Over the past five years, 49 applications for commercial banking licenses have been received by the CBR from domestic entities. The CBR refused state registration to 25 credit institutions (four of them twice), because of the founders’ unsatisfactory financial standing and the non-compliance of documents. Also, eight applications for commercial banking licenses have been received from foreign entities and all have been processed. There have been, however, multiple revocations of licenses (see CP 11 for details).
EC3	The criteria for issuing licenses are consistent with those applied in ongoing supervision.
Description and findings re EC3	Licensing criteria are consistent with ongoing supervision and need to be met throughout the life of the bank. Criteria include complying with executives to meet fit and proper criteria, the entity to meet prudential standards, have adequate internal control and RM systems in place, adequate human resources, etc. It is also noteworthy that pursuant to Article 44 of the law on deposit insurance, a bank petitioning for a permit of the CBR, shall be deemed to satisfy the requirements with regard to the participation in the deposit insurance system. Permission will be given if (i) the bank’s recording and reporting is deemed reliable by the CBR; (ii) the bank adheres to the obligatory normative standards established by the CBR; and (iii) if the bank’s financial stability is deemed sufficient by the CBR.
EC4	The licensing authority determines that the proposed legal, managerial, operational and ownership structures of the bank and its wider group will not hinder effective supervision on both a solo and a consolidated basis.28 The licensing authority also determines, where appropriate, that these structures will not hinder effective implementation of corrective measures in the future.
Description and findings re EC4	Pursuant to the banking law and the CBR Instruction 135-I, a candidate for a license has to submit a set of materials, including but not limited to, the charter and/or founding agreement of the aspiring lending institution, its business plan, and documents concerning candidates for the lending institution’s senior management positions. The bank’s charter must contain, among others, (i) the company name; (ii) an indication of its organizational-legal form; (iii) information about the address (location) of the management bodies and separate subdivisions; (iv) a list of banking operations and transactions to be performed; (v) a business plan; and (vi) information about the system of management. In light of the information provided by the applicant, the organizational structure of the bank is vetted both in terms of the management structure of the organization and the capacity of the structure to facilitate sound RM and internal control systems. The CBR reviews all relevant data comprising, inter alia, a description of the managing and organizational structure including the activities of individual organizational units, distribution of responsibilities among managing directors and other administrators, organization and management of the bank’s information system, etc. The CBR process also entails the analysis of the business plan with a focus on the activities to be performed, customer and product structure, objectives, policy and strategy of the bank, and financial forecast. During this process, attention will also be given to information about the bank’s participation in banking groups and bank holding companies, as well as information about the founders (partners) and their groups, with the view to identify persons who are not founders (partners) of the lending institution but who have the ability, directly or indirectly, to exert a significant influence on the decision-making process of the institution’s management bodies (see CBR Directive 1176-U). In conclusion, the CBR has the power to determine whether the ownership structure of the bank can hinder effective supervision or hinder effective implementation of corrective measures in the future. Both the banking law and other regulations provide sound legal basis for the CBR to exercise judgment of whether proposed structures will inhibit effective supervision.
EC5	The licensing authority identifies and determines the suitability of the bank’s major shareholders, including the ultimate beneficial owners, and others that may exert significant influence. It also assesses the transparency of the ownership structure, the sources of initial capital and the ability of shareholders to provide additional financial support, where needed.
Description and findings re EC5	The requirement for assessing the suitability of banks’ major shareholders and others that may exert significant influence can be found in different norms, the banking law (Articles 11, 16), the Ordinance 2005-U, the CBR Regulation 354-P and CRB Regulation 408-P. Based on the current regulation, only shareholders with stakes higher than 10 percent should be vetted. This threshold has been lowered from 20 to 10 since the last BCP update in 2011. Shareholders with interests of more than 1 percent are required to inform the CBR of their acquisition. Holders of 10 percent or more of stock in a credit institution need to obtain permission from the CBR to obtain these shares. Criteria include a stable financial situation and business activity for at least three years. In accordance with the regulation, a founder or shareholder with more than 10 percent of the shares of a credit institution shall also have sufficient own resources to contribute to the charter capital of the credit organization and have a stable financial position. Grounds on which permission can be refused by the CBR include an unsatisfactory financial position, violation of anti-monopoly rules, conviction of fraudulent bankruptcy, or having caused damage to a credit institution where the acquirer of the shares had been employed earlier. Financial suitability (financial condition) of shareholders is assessed also on the basis of the Regulation 415-P of February 18, 201429 that sets the condition of banks to join the Deposit Insurance System. In accordance with Article 44 of this law, banks that are participating in the safety net mechanism must meet the requirements imposed by the CBR for transparency of the ownership structure and also comply with the procedure established by the CBR on disclosure of persons having control or exercising a significant influence over the bank. Moreover, a recent directive issued in 2014 by the CBR 3277-U30 provides further guidance on the evaluation to be made by CBR staff of a set of indicators or indices of transparency in ownership structure. These indicators relate to the following: (i) sufficiency of the information disclosed about the bank’s ownership structure in accordance with federal laws and regulatory acts of the CBR (indicator PU1); (ii) availability of information about persons controlling the bank or with a significant influence (PU2); and (iii) significance of the influence of residents of offshore zones on the bank’s management (PU3). The evaluation of these indices is performed on the basis of the method presented in Annex 9 to CBR Ordinance 2005-U. While these indicators among others are used for determining bank’s financial position, there are also relevant for licensing purposes, according to the CBR. The mission was informed that sources of funds to be used as capital is verified by the CBR. As stipulated in the banking law (Article14, Section 7), in order to obtain a state registration and a banking license, the applicant must submit to the CBR a document (according to a list established in CBR regulatory acts) confirming the origin of funds contributed by its founders to its authorized capital. Besides, onsite inspection can be carried for control of legitimacy of payment by acquirers of shares of credit institution as stipulated in Item 17.6 of Instruction 135-I. It is required by law that banks should disclose on their website information about the persons which exercise control or exercise significantly influence on the bank.
EC6	A minimum initial capital amount is stipulated for all banks.
Description and findings re EC6	The law stipulates that banks must have a minimum initial capital of at least RUB 300 million. To obtain the right to attract individuals’ funds on deposit, a newly registered bank (bank for which less than two years have passed since its date of state registration) must have authorized capital (equity/capital) of at least RUB 3.6 billion.
EC7	The licensing authority, at authorization, evaluates the bank’s proposed board members and senior management as to expertise and integrity (fit and proper test), and any potential for conflicts of interest. The fit and proper criteria include: (i) skills and experience in relevant financial operations commensurate with the intended activities of the bank; and (ii) no record of criminal activities or adverse regulatory judgments that make a person unfit to uphold important positions in a bank.31 The licensing authority determines whether the bank’s board has collective sound knowledge of the material activities the bank intends to pursue, and the associated risks.
Description and findings re EC7	The persons performing administrative, managerial or control functions (which include board members, senior managers, chief accountants and their deputies) according to Article 60 of the CBL must satisfy the experience and integrity requirements established by Article 60 of the CBL, Article 16 of the banking law (that was introduced in 2013) and CBR Regulation 408-P.32 These requirements are also applied to the managers and chief accountant of branches. It is also important to note that, in accordance with the requirements established under the new Article 111-2 of the Banking law (introduced in 2013), persons holding the position of manager of the RM function, manager of the internal audit function, or manager of the internal control function must meet the business reputation requirements established by the banking law as well as the qualifications requirements established by CBR Directive 3223-U of April 1, 201433 (e.g., a higher education in law, economics or in relevant fields, and qualifications in the area of RM/internal control, and/or auditing, as well as professional experience). The banking law stipulates in its Article 14 (8) the different steps to be followed to assess conformity with fit and proper requisites. A questionnaire needs to be filled out by candidates for the positions mentioned above. The questionnaire requires information about education and experience in relevant fields, as well the absence of a criminal record. For CBR’s review, supporting documents will be submitted, including the original of a statement of the existence (absence) of a conviction issued by the Russian Federation Ministry of Internal Affair and any other supporting documents proving the level of education of the applicants (university degree, advanced training certificate). According to Article 16 of the banking law, the license can be denied if the nominees lack a university educational level in law, economics, or finance, or does not have senior banking experience, or have been convicted of an economic crime or administrative offence, has been dismissed from a previous position within two years prior to the nomination from a position in bank management, and lacks sufficient business reputation. The CBR evaluates the applications and may conduct its own investigation. The assessment of expertise and integrity obligations is performed according to the requirements of the Chapter 2 of the Regulation 408-P. If the requirements are not satisfied by the applicants, the CBR should deny the license. The quality of members of the executive bodies and other key corporate officers (e.g., chief accountant and its deputies) is evaluated by the CBR not only on the basis of the information provided by aspiring banks but also in light of other sources of information available, including external sources. Article 60 of the CBL empowers the CBR to contact and solicit information to the “federal bodies of executive powers” (see EC 2). In accordance with Article 75 of CBL and Regulation 408-P (Chapter 5) CBR (regional CBR offices) keep a database on the persons who occupy the positions specified in Article 60 of CBL (nominees for said positions), the other employees of credit institution, and the other persons whose activities are conducive to the deterioration of the financial state of a credit institution or to the breach of the legislation of the Russian Federation and normative acts of the CBR. For the purposes of keeping the database, the Bank of Russia is entitled to request information from federal executive governmental bodies, the territorial bodies thereof, and from legal entities. The CBR keeps track of the identities of senior managers and board members that have been proven unsuitable. Ordinance 3624-U of April 15, 2015 setting the requirements for risk and capital management defines the expectations in terms of a board member’s duties. The latter should understand the material activities that the bank intends to pursue, and the associated risks and set appropriate limits and policies commensurate of the bank’s business (see CP 15 more details).
EC8	The licensing authority reviews the proposed strategic and operating plans of the bank. This includes determining that an appropriate system of CG, RM, and internal controls, including those related to the detection and prevention of criminal activities, as well as the oversight of proposed outsourced functions, will be in place. The operational structure is required to reflect the scope and degree of sophistication of the proposed activities of the bank.34
Description and findings re EC8	In the banking law, Article 14, prospective banks should submit to the CBR a set of documents to support their request for a license. The procedure for the preparation of a business plan and the criteria for its evaluation are established by regulatory acts of the CBR (Directive 1176-U). This includes (i) a business plan with exhaustive description of the activities to be performed, customer and product structure, objectives, policy, and strategy of the bank, financial forecast of development over a three-year period; (ii) the organizational structure; and (iii) information on the internal audit function and risk management functions. A business plan is the document to be approved by a general meeting of a lending institution’s founders (partners) for the next two years, at a minimum, and should contain the proposed program of action for the prospective bank, including the parameters (indicators) and expected results that will enable the CBR to evaluate bank’s ability to ensure financial stability and profitability, among other things. To this end, the applicants are required to submit the following information: estimated balance sheet; structure of assets and liabilities; expected financial forecast; estimated profitability; and projection of compliance with required ratios and reserve requirements. At its own discretion, a bank may also present projected indicators for a longer period than two calendar years. On the basis of these estimated indicators, an analysis is performed by CBR staff about the business operations, the sectors of activity, operations, and services in which the bank intends to engage in. Particular attention is given to the volume and structure of projected income, expenses, and profit. In addition to financial information, the process requires submission of policies and procedures for CG, RM, and internal controls. The CBR seeks to ensure that the CG, RM, and internal controls are commensurate with the planned scale and complexity of the proposed banking activities.
EC9	The licensing authority reviews pro forma financial statements and projections of the proposed bank. This includes an assessment of the adequacy of the financial strength to support the proposed strategic plan as well as financial information on the principal shareholders of the bank.
Description and findings re EC9	As indicated above, the CBR requires applicants to provide financial forecasts and calculations of capital adequacy. Part of this involves assessing the bank’s ability to reach and maintain profitability and to comply with the prudential rules during the start-up of operations. The CBR assesses the viability and sustainability of the proposed business plan, having regard to the strategy, organizational structure and volumes of business that the bank proposes to achieve and the expected outturn.
EC10	In the case of foreign banks establishing a branch or subsidiary, before issuing a license, the host supervisor establishes that no objection (or a statement of no objection) from the home supervisor has been received. For cross-border banking operations in its country, the host supervisor determines whether the home supervisor practices global consolidated supervision.
Description and findings re EC10	The procedure for the registration of lending institutions with foreign investments is established by CBR Regulation 437 of April 23, 1997.35 In accordance with the provisions of Chapter 2 of this regulation, the set of documents submitted to the CBR by prospective applicants includes written consent from the relevant home supervisor of the foreign legal entity for the participation in the initial capital of a lending institution located in the Russian Federation. It is worthwhile noting that credit institutions with a general license may set up branches or subsidiaries in a foreign state after obtaining permission from the CBR, and representative offices after notifying the CBR. The CBR shall inform the applicant in writing, no later than within three months from the moment of receiving the respective request, of its consent or refusal. The refusal shall be well-grounded. If the CBR fails to inform of the decision within the specified term, the respective permission of the CBR shall be considered obtained. (Article 35 of the banking law). The mission could not confirm whether, in the course of the licensing process, the CBR determines if the home supervisor practices global consolidated supervision.
EC11	The licensing authority or supervisor has policies and processes to monitor the progress of new entrants in meeting their business and strategic goals, and to determine that supervisory requirements outlined in the license approval are being met.
Description and findings re EC11	Based on the discussion with the CBR, it was not clear whether the CBR has established policies and processes to monitor the progress of new entrants in meeting their business and strategic goals, and to determine that supervisory requirements outlined in the license approval are being met.
Assessment of Principle 5	Largely Compliant
Comments	The Russian licensing regime for banks appears to be exhaustive. The legal and regulatory framework provides the CBR a set of instruments and tools to ensure that the licensing process is sound. The CBR retains adequate powers to require applicants and potential shareholders to submit all information required. In particular, the CBR makes sure that applicants submit, among other things, financial and business reputation information on the founders of the bank, the ownership structure of the bank, including information on the group, as appropriate. Further, the mechanisms for evaluating the business reputation of persons serving in the management bodies of lending institutions, including major owners of lending institutions is done at the licensing stage but also during the life cycle of the bank. Applicants must be fully current in any tax payments. Management and board members must meet fit and proper qualifications, including the absence of a criminal record. In that regard, in past FATF mutual evaluations, the Russian Federation was criticized for being vulnerable to criminal ownership of financial institutions.36 In 2013, amendments to the law were made to tighten the requirements for the senior managers, board members, and the founders (shareholders) of credit institutions. The threshold for approval of shareholders has therefore been lowered from 20 percent to 10 percent, improving the conditions to verify transparency in ownership structure. In its licensing process, the CBR also informed the mission that all efforts were made to ensure transparency in ownership structure of applicants. Over the past 5 years, the CBR registered 31 newly established credit institutions, of which 7 with the participation of foreign capital. In all cases, the CBR did not encounter problems in identifying the UBO. Nevertheless, there are a few aspects described below that would merit attention or further consideration from the authorities. The persons performing administrative and managerial functions (which include board members and senior managers) must satisfy the experience and integrity requirements established by Article 16 of the banking law. However, the mission observed the following aspects: The professional qualifications required for applicants could be strengthened. According to the banking law, Article 16, a prospective candidate for a banking license must have proper education background (e.g., a university degree in relevant fields) as well as at least one-year working experience in managing a credit institution and, in the absence of a “special education,” at least two-year working experience. It is a fact that there is no particular standard when it comes to the minimum qualification required for such positions and there are countries where the law does not require anything. But there are also instances where the minimum years of previous experience is higher than one year.37 Even though longer professional exposure does not necessarily guarantee the true suitability of a candidate, a threshold of one year may send a wrong signal that fit-and-proper requirements are not so important. Assessors are of the view that the high number of licenses revoked in Russia for mismanagement over the past years militates in favor of stricter requirements in that regard. The authorities are encouraged to reconsider the minimum legal requirement. In the same vein, according to the banking law, a nominee who has been found guilty of mismanagement (e.g., for causing the bankruptcy of a legal entity) in the five years preceding the day of submitting a petition for a license does not meet the criteria for business reputation. This seems to suggest that conversely, a person who mismanaged a company six years before petitioning is eligible for a bank license. The same holds true for nominees having committed no less than three times within the year preceding the day of submission an administrative offense in the area of finances, taxes, insurance, and securities market. In that regard, the mission welcomes the proposed revision of Federal Law 779566–6 to expand the term of prohibition to take a position of senior managers specified in Article 60 of CBL for persons found guilty of misconduct causing bankruptcy of legal entity, revocation of license of the credit institution, appointment of temporary administration, and other law violations from five to ten years. While the licensing procedures are thorough, in the case of incoming branches or subsidiaries of cross-border banking groups, the mission was not able to determine that the CBR routinely establishes whether the home supervisor practices global consolidated supervision (please see also CP12). The mission recognizes, however, that, at present, there are restrictions on foreign establishments in the Russian Federation. Once the license has been issued, there is no specific mechanism to monitor the progress of new entrants in meeting their business and strategic goals, and to determine that supervisory requirements outlined in the license approval are being met. Recommendations: The Russian authorities may wish to consider the following: amend the banking law to establish a life ban from the banking industry of people who have committed gross and recurrent violations;38 establish formal procedures to subject the newly established bank to follow up close offsite supervision and if necessary onsite inspection to ascertain that the bank is performing according to the terms and conditions of the license; establish formal mechanism at the CBR head office level for interviewing applicants. The content and objective of these interviews should also be specified; when a new bank belongs to a group, ensure that controlling/parent entity closely follow the performance of the new entrant.
Principle 6	Transfer of significant ownership. The supervisor39 has the power to review, reject and impose prudential conditions on any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties.
Essential criteria
EC1	Laws or regulations contain clear definitions of “significant ownership” and “controlling interest.”
Description and findings re EC1	The regime regarding transfer of significant ownership is governed by several provisions of the CBL, the banking law and CBR instruction 146-I of October 25, 2013 on “the procedure for receiving the CBR’s consent to acquisition of credit institutions’ shares”. Other relevant norms include CBR Regulation 2005-U and Regulation 345-P. These provisions empower CBR to (i) approve such transactions; (ii) lay out the criteria for approval of the transfer; (iii) stipulate the grounds for rejection of the transaction; and (iv) describe the possible sanction of an ownership interest gained without going through the regulatory process (Article 11 of the banking law). There is no specific definition of “qualifying interest” in the Russian law but it is understood that any acquisition of voting rights above 10 percent provides such qualification. A controlling interest is not defined either but it is also understood as a relationship in which a shareholder owns directly or indirectly the majority of voting rights (more than 50 percent), and de facto determines the policies or practices of the institution, or exercises control over it. CBR Instruction 146-I and other relevant norms40 refer in fact to the notions of control and significant influence as defined by the International Financial Reporting Standard (IFRS) 10 on Consolidated Financial Statements and IAS 28 on Investments in Associates and Joint Ventures. As indicated by the CBR, these criteria are dominant in deciding whether an investor is exercising control and/ or material influence. However, other evidence may also be taken into consideration to demonstrate the materiality of significant ownership. The concept of a group of persons/ entities is established in Article 9 of the Federal Law On Protection of Competition.
EC2	There are requirements to obtain supervisory approval or provide immediate notification of proposed changes that would result in a change in ownership, including beneficial ownership, or the exercise of voting rights over a particular threshold or change in controlling interest.
Description and findings re EC2	The regime contains provisions whereby changes in ownership or the exercise of voting rights over a certain threshold require CBR intervention. Such changes are made upon the written approval of the CBR issued in accordance with the Instruction 146-I, which gives the CBR to power to enforce the “fit and proper” requirement in case significant transfer of ownership has not been vetted by the CBR (Chapter 3 of the Instruction). As set forth in CBR Instruction 146-I and Article 11 of the banking law, a preliminary consent of the CBR is needed when the holdings of a natural or legal person are reaching or exceeding the thresholds of 10 percent of the shares. The same approval is required when holdings of the same persons mentioned above are becoming “qualifying.” In effect, as detailed below, the CBR’s preliminary consent is required when a buyer (legal entity or an individual) or a group of persons41 intend to acquire: more than 10 percent but not more than 25 percent of the stock of a lending institution; more than 10 percent but not more than one-third of the shares of a lending institution; more than 25 percent but not more than 50 percent of the stock of a lending institution; more than one-third but not more than 50 percent of the shares of a lending institution; more than 50 percent but not more than 75 percent of the stock of a lending institution; more than 50 percent but not more than two-thirds of the shares of a lending institution; more than 75 percent of the stock of a lending institution; more than two-thirds of the shares of a lending institution. For changes not exceeding 10 percent of holdings, a simple notification to the CBR is required. Instruction 146-I also defines circumstances for which a prior consent of the CBR will be needed. This includes entry of the credit institution’s shares into the authorized capital of legal entities which are not credit institutions (Section 1.1.7—see CP 7) or the acquisition of ownership by way of legal succession, as a result of reorganization of the credit institutions’ shareholders (partners) in the form of affiliation, branching off, division or merger. There are also cases for which subsequent consent from the CBR are necessary. It is the case for example where the establishment of control over the credit institution’s shareholders is effected in case of the public placement of shares. The petition for obtaining CBR prior consent should be submitted to the competent department at the CBR’s territorial institution that will perform the primary diligences and vetting process. A petition for CBR’s preliminary or subsequent consent for acquisition of shares by a non-resident legal or natural person shall be filed directly to the Licensing department of the CBR.
EC3	The supervisor has the power to reject any proposal for a change in significant ownership, including beneficial ownership, or controlling interest, or prevent the exercise of voting rights in respect of such investments to ensure that any change in significant ownership meets criteria comparable to those used for licensing banks. If the supervisor determines that the change in significant ownership was based on false information, the supervisor has the power to reject, modify or reverse the change in significant ownership.
Description and findings re EC3	As a result of the quality assessment of the proposed acquirer, the CBR will issue or refuse to issue the permission. Clearance will be given only if the CBR is assured of the suitability and adequacy of the quality of the proposed acquirer, including its financial strength and qualified experience. In that respect, CBR due diligence will be comparable to those applied for licensing. Pursuant to Regulation 146-I, the CBR assesses the petition and makes a determination based on a set of materials to be produced by the petitioner. The CBR staff pays due consideration to the financial position of the acquirer and to its business reputation (Chapter 3; also Article 11 of the banking law). The CBR will complete its evaluation of the project within ten calendar days from the day of obtaining the above enquiry. According to Article 11 of the banking law, as well as item 8.1 of Instruction 146-I, the CBR has the right to reject any proposal for a change in significant ownership or controlling interest in cases stipulated in the regulation: for example, if the financial standing of the acquirer is found to be unsatisfactory or if he has an unsatisfactory business reputation. The refusal can also be made in case of violation of antimonopoly rules and if the petitioner has been found guilty of causing losses to any lending institution in the performance of his duties as a member of the BoD, as the chief executive officer or a deputy chief executive officer, and/or as a member of a collegial executive body (executive board, senior management). The regulation also states that there are other grounds provided for by federal laws and regulatory acts of the CBR on which a rejection can be made. It can be inferred from this that the CBR can exercise its prudential judgment for assessing the project and rejecting a petition that may weaken bank’s depositors’ interest. This point was confirmed to the assessors during the mission. No later than 30 days after the receipt of a petition, the CBR is obliged to notify the applicant in writing of its consent or refusal. Should the CBR fail to make its decision known within the period indicated above, the corresponding transaction is deemed to be approved. As stipulated in the banking law (Article 11), the CBR is empowered to reverse a change that was based on false information. There are two ways to go about it (see EC 4 below). In 2015, territorial branches of the CBR issued 337 decisions in relation to transfers of ownership, of which 141 were rejected. The decisions (authorization or refusal) are captured in a registry along with the reasons for rejecting the petition. There is also a weekly reporting of all major transfers to CBR senior management.
EC4	The supervisor obtains from banks, through periodic reporting or onsite examinations, the names and holdings of all significant shareholders or those that exert controlling influence, including the identities of beneficial owners of shares being held by nominees, custodians and through vehicles that might be used to disguise ownership.
Description and findings re EC4	The reporting mechanism to the CBR is spelled out in Instruction 135-I that establishes the procedure for submitting information on shareholders to a regional office of the CBR. For a credit organization having the form of a joint-stock company, the reporting should include a list of participants in the bank. Any change that has occurred in the composition of the shareholders accounting for over 1 percent of the credit organization’s charter capital has to be reported within ten calendar days after the end of the quarter. All shareholders with a stake of more than 1 percent must be included, as well as beneficial owners. For a lending institution operating as a limited liability company, the report to the regional office of the CBR should include a list of participants. If a change has occurred in the composition of participants in the credit organization and/or the amounts of their stakes has changed, the information has to be reported within 10 calendar days after the time of the change, together with properly attested copies of documents confirming the acquisition of shares in the charter capital of the credit organization. In addition, the Law on Deposit Insurance,42 which regulates the transparency of ownership of insured institutions, is an important step forward in promoting greater transparency in banks’ ownership. CBR is entitled to obtain from banks that are participants in the deposit insurance system information about their ownership structure, including the ultimate beneficiaries, and to monitor on an ongoing basis the transparency of the ownership structure of these banks. Also, through the Directive 3277-U, the CBR has developed indicators for assessing transparency of the ownership structure and the methodology for their evaluation.
EC5	The supervisor has the power to take appropriate action to modify, reverse or otherwise address a change of control that has taken place without the necessary notification to or approval from the supervisor.
Description and findings re EC5	The banking law (Article 11–3 introduced in 2013) contains some enforcement provisions that allow the CBR to address changes of control above 10 percent that were not vetted by the CBR. In that case, the CBR can issue an order requesting the acquirer to submit a formal request to the CBR. This order will be sent to the interested parties no later than 30 days from the date on which the violation is discovered. The acquirer is required to correct the situation within 90 days of the date such a document is received. In the meantime, the acquirer has the right to vote only on the credit institution’s shares that do not exceed 10 percent. The remaining shares that have been wrongly acquired are not voting shares and are not taken into account in determining a quorum at the general assembly’s meeting. If the CBR order is ignored or not observed within the established deadline, the supervisor is entitled to turn to the court to nullify or rescind the voting rights in question. In that regard, it is important to note that Article 168 Civil Code (CC) provides that a transaction that does not meet the requirements of the law or other legal acts is null and void. During the discussion with the authorities, the mission was told that all CBR’s orders were followed in one way or another.
EC6	Laws or regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest.
Description and findings re EC6	There is no such requirement in the Russian law. However, as indicated by the authorities, within the context of the disclosure of information by lending institutions about the ownership structure, the CBR monitors changes in the composition of the stockholders of lending institutions and their ultimate owners.
Assessment of principle 6	Compliant
Comments	As described above, Regulation 146-I sets the procedure for preliminary approval by the CBR for the purchase of qualified holdings of credit institutions (over 10 percent) and establishment of direct or indirect control in respect to shareholders. On the basis of this law amended in 2013, if more than 1 percent of the shares of a credit institution is acquired, the CBR will need to be notified. If more than 10 percent is acquired, the CBR needs to give prior consent (Article 1). Prior consent is again required when 25 percent, 33 percent, 50 percent, 66 percent, and 75 percent are acquired. The Law also lays out the grounds for refusal, which are very broad and contain references to business reputation, previous convictions, lack of relevant education or experience. These same grounds can also be used to refuse a managerial or board position, or other controlling positions. Another important norm is provision 415 of February 2014 that establishes the procedure and criteria of financial standing of legal entities, individual shareholders, and individuals who enter into transactions aimed at acquiring qualifying interest and/or control. The possibility to reverse changes that were not approved by the CBR has also been introduced in the law. According to the CBR, in evaluating the project leading to the transfer of significant ownership or controlling interests, the competent CBR department applies the same requirements as required for licensing. In particular, the mission was told that attention is paid to the financial condition of the petitioner. The latter is required to demonstrate that his financial position is strong and that he has enough funds to acquire the intended qualifying interests. In the 2008 BCP report, several recommendations were made to streamline the vetting regime for transfer of significant ownership. It particular, it was suggested that, although the system for vetting of shareholders was reasonably effective, the rules could be made more clear, and the threshold of 20 percent should be lowered to at least 10 percent. As discussed under EC1, this threshold has been lowered to 10 percent. It was also observed at that time that the power to take appropriate action to modify, reverse, or otherwise address a change of control that had taken place without the necessary notification of the supervisor was based on some general provisions in the Civil code that did not provide a strong legal basis.43 This deficiency has also been addressed. A new provision has been included in Article 11 of the banking law in 2013 that empowers the supervisor to address changes of controls that were not vetted by the CBR. In light of the above improvements, this CP is rated “compliant.” Recommendation: Include an explicit requirement obliging banks to notify the supervisor as soon as they become aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest.
Principle 7	Major acquisitions. The supervisor has the power to approve or reject (or recommend to the responsible authority the approval or rejection of), and impose prudential conditions on, major acquisitions or investments by a bank, against prescribed criteria, including the establishment of cross-border operations, and to determine that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision.
Essential criteria
EC1	Laws or regulations clearly define: (a) what types and amounts (absolute and/or in relation to a bank’s capital) of acquisitions and investments need prior supervisory approval; and (b) cases for which notification after the acquisition or investment is sufficient. Such cases are primarily activities closely related to banking and where the investment is small relative to the bank’s capital.
Description and findings re EC1	The rules governing the conditions to approve or reject major acquisitions or investments by a bank can be found in the banking law (Article 11) as well as in CBR Regulation 290-P. According to Article 11 mentioned above, a prospective investor (e.g., a bank) should obtain prior consent of the CBR before acquiring more than 10 percent of shares in a credit institution and (or) establishing control over the shareholders. A notification of the CBR is required if the acquisition is between more than 1 percent and less than 10 percent of shares. CBR’s consent to a transaction aimed at acquiring more than 10 percent of capital in a credit institution may be obtained after the transaction if the acquisition of shares or controlling stakes are made through a public offering. However, there is no requirement that banks seek approval for significant acquisitions of nonbank financial institutions44 and the CBR is therefore unable to analyze impact of nonbank investments on the bank’s financial position. The conditions for investing in foreign banks and for establishing subsidiaries within foreign states are stipulated in detail in Article 35 of the banking law and the Regulation 290-P. A bank is required to report to the CBR on acquisition of shares in a foreign subsidiary within two months from the date of the acquisition. A bank is required to notify the CBR within 15 business days of any subsequent change in the size of its stake in the statutory capital of a nonresident subsidiary (indicating the absolute amount and the amount expressed as a percentage). If through disposal of shares or in another way a bank loses the status of parent company, the bank must also notify the CBR within 15 business days. Regulation 290-P also requires that the economic justification for the establishment of a subsidiary abroad must contain information on the system of RM on a consolidated basis, with consideration for the activity of the foreign subsidiary organization. If the RM system does not satisfy the goals of consolidated supervision, the CBR may refuse a permit. In addition, to acquire a permit to create a subsidiary organization in a foreign state a bank must provide its written consent to an examination of the subsidiary organization by ARs of the CBR. In the case the CBR detects that a buyer of shares in a credit institution has acquired controlling stakes without the vetting of the CBR, the CBR is empowered to instruct the bank to correct the violation either by obtaining CBR subsequent consent for the acquisition or to dispose shares. In case the buyer failed to timely fulfill CBR’s instruction, the CBR is entitled to file a claim for invalidation of the acquisition aimed at acquiring over 10 percent of shares in the bank.
EC2	Laws or regulations provide criteria by which to judge individual proposals
Description and findings re EC2	The conditions for judging individual proposals for major acquisitions are laid out in banking law Article 11. The CBR shall carry out an assessment based on the documents and information provided by the proposed acquirer, as well as on the basis of other information and documents. CBR will issue the approval having regard to the potential influence of the proposed acquirer on the credit institution in order to ensure its sound and prudent management. Due consideration will be paid to the suitability and financial soundness of the proposed acquirer. The authorization can be refused based on each of the following criteria: the reputation of the proposed acquirer; the financial soundness of the proposed acquirer; and the reputation and experience of the members of the management boards. Full list of documents required for major acquisitions proceeding is stipulated in several norms: (i) CBR Instructions 146-I; (ii) Regulations 415-P and 416-P (18.02.2014); and (iii) Regulations 408-P (25.10.2013). Major acquisitions file generally contains: petition of the acquirer for acquisition of more than 10 percent of share capital of credit institution; constituting documents and general info on acquirer (by-laws, certificate of incorporation, etc.) and shareholders list; information on ownership structure, including UBO; documents for financial standing assessment (i.e., annual and management reports, tax certificate, adjusted net assets calculation, etc.); antimonopoly conclusion on proposed acquisition; documents for business reputation assessment (profile and correspondent certificates) for legal entities and individuals (e.g., senior management of the acquirer). During the period from 2014 to the present the CBR has taken a total of 724 such decisions, including 437 in which approval was granted and 287 in which petition for approval was rejected.
EC3	Consistent with the licensing requirements, among the objective criteria that the supervisor uses is that any new acquisitions and investments do not expose the bank to undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.45 The supervisor can prohibit banks from making major acquisitions/investments (including the establishment of cross-border banking operations) in countries with laws or regulations prohibiting information flows deemed necessary for adequate consolidated supervision. The supervisor takes into consideration the effectiveness of supervision in the host country and its own ability to exercise supervision on a consolidated basis.
Description and findings re EC3	In accordance with the requirements of Regulation 290-P, a bank projecting an acquisition must meet certain intrinsic pre-conditions. It must have been licensed and in operation for at least three years; it must meet the requirements (of financial soundness in particular) for participating in the deposit insurance system, and it must be in compliance with the reserve requirements of the CBR. The bank should not have any past-due financial obligations vis-à-vis the CBR and not to have debts with respect to the federal budget and the budget of the appropriate constituent entity of the Russian Federation among others. When reviewing the application for an approval, the CBR also takes into consideration external parameters like the economic feasibility of a bank’s plan to establish a subsidiary within a foreign state or to acquire the status of a parent company with respect to an existing nonresident financial institution. Such a plan is found to be economically sound if there are prospects for the long-term viability of the subsidiary as a financially stable institution. The CBR does not grant permission for the establishment of a subsidiary in states (territories) that have been classified as uncooperative jurisdictions from an AML/CFT perspective. The CBR can prohibit banks from making major acquisitions/investments (including the establishment of foreign branches or subsidiaries) in countries with secrecy laws or other regulations prohibiting information flows deemed necessary for adequate consolidated supervision. Nevertheless, a question still remains as to whether the CBR, before making its determination, takes into consideration the effectiveness of supervision in the host country and its own ability to exercise supervision on a consolidated basis. Lastly, the mission could not find any specific provision according to which the CBR also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.
EC4	The supervisor determines that the bank has, from the outset, adequate financial, managerial, and organizational resources to handle the acquisition/investment.
Description and findings re EC4	The notification to the CBR (by submitting an application) is the trigger for initializing the procedure for granting an approval for major acquisition in banks. According to the regulation, the CBR determines that the bank has adequate financial, managerial and organizational resources to handle the acquisition (see EC 1 above).
EC5	The supervisor is aware of the risks that non-banking activities can pose to a banking group and has the means to take action to mitigate those risks. The supervisor considers the ability of the bank to manage these risks prior to permitting investment in non-banking activities.
Description and findings re EC5	As indicated under EC1, acquisitions of banks in a non-financial company are not subject to supervisory approval. It is understood that CBR is now considering proposing to amendment the Banking Law whereby credit institutions would be required to obtain CBR approval for major acquisitions in domestic non-banks legal entities.
Assessment of Principle 7	Materially Non Compliant
	Foreign investments by Russian banks require prior approval by the CBR, when they lead to the establishment of a subsidiary abroad, or acquisition of the status of parent company of a nonresident entity. A domestic acquisition of shares in a bank above a 10 percent ownership requires prior CBR approval. Acquisitions of over one-percent share require ex-post notification to the CBR. However, the CBL does not establish requirements for banks to seek prior CBR approval when making domestic investments in nonbank financial institutions. As indicated in previous FSAPs, without such requirement the CBR is not able to measure the possible impact of acquisitions on a bank’s condition or to determine whether the acquisition will affect the transparency of the bank’s organizational structure and affect the ability of the CBR to supervise it. As a result, the previous rating assigned in 2011 to this CP cannot be upgraded. Recommendations: Require ex-ante CBR approval of acquisitions of domestic nonbank financial institutions. Subject major acquisitions in non-financial companies to enhanced CBR scrutiny, in particular with respect to the compliance with limits. Explore the possibility to set restrictions for major acquisitions in non-financial sectors deem to pose particular concern. Establish an explicit provision by which the supervisor determines, where appropriate, that new acquisitions and investments will not hinder effective implementation of corrective measures in the future, nor information flows deemed necessary for adequate consolidated supervision or the supervisor’s ability to exercise supervision on a consolidated basis. Subject any major acquisition to a formal follow up mechanism to ascertain that the new activities acquired do not expose the bank to undue risks.
Principle 8	Supervisory approach. An effective system of banking supervision requires the supervisor to develop and maintain a forward-looking assessment of the risk profile of individual banks and banking groups, proportionate to their systemic importance; identify, assess and address risks emanating from banks and the banking system as a whole; have a framework in place for early intervention; and have plans in place, in partnership with other relevant authorities, to take action to resolve banks in an orderly manner if they become non-viable.
Essential criteria
EC1	The supervisor uses a methodology for determining and assessing on an ongoing basis the nature, impact and scope of the risks: (a) which banks or banking groups are exposed to, including risks posed by entities in the wider group; and (b) which banks or banking groups present to the safety and soundness of the banking system The methodology addresses, among other things, the business focus, group structure, risk profile, internal control environment, and the resolvability of banks, and permits relevant comparisons between banks. The frequency and intensity of supervision of banks and banking groups reflect the outcome of this analysis.
Description and findings re EC1	The methodology for the supervisory assessment of banks’ activities is established by Ordinance 2005-U, which addresses the assessment of banks’ economic position (capital, asset quality, profitability, liquidity) as well as RM and internal audit systems by the CBR both for supervisory purposes and for assessing whether banks meet the deposit insurance system participation requirements (Ordinance 3277-U). According to Ordinance 2005-U, banks’ economic position is assessed using quantitative indicators on capital, assets, profitability, liquidity, interest rate risk, and concentration risk, and qualitative indicators with respect to RM and internal controls systems, strategic RM (“controlling strategic risk,” which includes business focus and development) and transparency of ownership structure. Banks’ compliance with prudential ratios, established by Instruction 139-I and whether any supervisory measures have been applied to the bank are also assessed. The AFSB system (see below) examines a bank’s condition based on a system of indicators in relation to volumes of business, asset quality, quality of capital, liquidity, earnings, and an identification of relationships between indicators, factors that influence the indicators and comparison with peer group and the banking system as a whole. Capital and profitability indicators are projected for the coming 12 months using trend analysis based on the previous two years of data with the aim of supporting a forward looking approach in order to identify problems at an early stage. Assessment and analysis of the banks using the methodology is performed quarterly and the indicators are monitored on a monthly basis – using monthly prudential data and the indicators are adjusted as necessary. This assessment generates a classification of the bank. The CBR uses an IT system software program—Analysis of Financial Condition of Banks (AFSB)—to perform the classification but the system permits supervisors to make adjustments to the inputs in order to reflect supervisory judgment. While the bank’s grading is refreshed on a quarterly basis it can be updated in the light of new information or data received within the period, including monthly reporting. The AFSB is available to all CBR territorial offices, facilitating peer group review and analysis. The assessors were able to view examples of the analysis based on the methodology and using the system. The methodology set out in Ordinance 2005-U creates a structured approach to scrutinizing the quality of internal controls, RM, strategy, ownership transparency and compensation practices. The extent to which the banks internal policies and procedures meet the standards and regulations set by the CBR is reflected in the methodology assessment, as are any inspection findings that reveal that a bank is not in compliance with its own policies or laws and regulations. For example, CG is monitored through review of documents and reports from the bank, including reports on steps taken to remedy any deficiencies notified to the bank in any previous onsite review. The classification, and any deficiencies identified by the supervisors, is reported to the bank’s CEO, who in turn is required to report the information to the bank’s Supervisory Board. The classifications used by the CBR in order to better differentiate its supervisory focus are as follows: Group 1–banks where no current difficulties have been identified; Group 2–banks where shortcomings, if not rectified, may lead to difficulties in the next 12 months. Group 2 banks are sub-divided into two subgroups; Group 3–banks where shortcomings, if not rectified, may lead to a situation threatening the interests of depositors and creditors over a 12-month period; Group 4–banks whose existing violations create an active threat to the interests of their depositors and creditors, and the elimination of which requires implementation of measures by the bank’s management bodies and shareholders); Group 5–banks whose present condition, if no measures are taken by the bank’s management bodies and (or) shareholders (partners), will lead grounds for the revocation of the bank’s license or bankruptcy prevention measures. More intensive oversight is exercised with respect to banks in classification groups 3–5, whose operations are more exposed to risks arising from defects in management systems and/or in internal bank systems. As part of an approach to differentiate the supervision of systemically important banks, the CBR has undertaken a number of initiatives: supervision of systemically important banks, identified based on their systemic importance in Russia-wide and also regional markets, has been transferred from the territorial offices to a central division at the CBR’s head office (SIBSD); and identifying banks of regional and federal significance (banks falling within the “second line” of supervision; CBR Order OD-819dsp), and ensuring that significant supervisory decisions are made with the participation of the CBR head office and management (Ordinance 3017-V of June 18, 2013, and Order OD-2043 of August 7, 2015). As of December 1, 2015, there were 740 banks in the Russian Federation, 10 of which are recognized as systemically important banks, and 140 of which are recognized as banks falling within the “second line” of supervision. SIBSD has been operational since October 2013 and currently supervises 15 banks, representing about two thirds of the assets and capital of the Russian banking sector. Ten of these banks are identified as systemically important banks under the CBR Ordinance 3737, which is based on the methodology published by the BCBS.
EC2	The supervisor has processes to understand the risk profile of banks and banking groups and employs a well-defined methodology to establish a forward-looking view of the profile. The nature of the supervisory work on each bank is based on the results of this analysis.
Description and findings re EC2	Supervisory functions are set out in Ordinance 3089-U. The objective of the offsite analytical work is to determine banks’ risk profile as well as the driving factors in the changes to risks and possible future trends over a one year projected horizon. Analysis is conducted in accordance with a set methodology which is executed by the Bank Financial Condition Analysis System (AFSB System) and as described in EC1. As also noted in EC1, analysis comprises a quarterly assessment of a bank’s compliance with required prudential ratios and an analysis of any change in the activity of the bank or its banking group. On a semi-annual basis there is a comprehensive analysis of the bank/banking group and the quality of the bank’s management. The analysis will, if appropriate, suggest changes to the supervisory plan taking a group wide perspective into account. As noted above, the analysis of the risk profile and risk drivers is “point in time” but it also has a forward looking aspect as 12-month projected values for capital and profitability are estimated (based on trend analysis and the previous two years’ data) and compared with current values. Where the actual and forecast value diverges beyond a specified threshold, this is a trigger for the CBR to undertake a closer analysis and examine the underlying factors at play. The CBR also operates an early warning system (EWS), based on indicator analysis, and which is described in its 2013 Letter 69-T on “Urgent measures of prompt supervision response.” The EWS approach examines a range of indicators, such as deposit growth, change in balance sheet structure using the AFSB system to calculate the indicators and flag cases where thresholds have been triggered, and prompt supervisory intervention is required. If the indicators set out in Letter 69-T are triggered the CBR is required to investigate the cause, obtain further explanation from the bank and initiate supervisory action as necessary. The AFSB system acts as a platform to generate, store, analyze and compare a range of data, information and reports on banks, facilitating peer group analysis, as well as analysis of an individual bank. For example, in addition to the analysis based on the methodology of 2005-U, the AFSB allows the supervisor to store all information on various aspects of the bank, whether internal administrative reporting, correspondence, external auditor reports (etc.). The AFSB also provides a database of information submitted by the bank in accordance with Ordinance 2181-U (February 9, 2009). The database also includes information on supervisory actions and responses. The frequency and target focus of inspections, consistent with Instruction 147-I, are determined through consideration of the risk profile, including sufficiency of capital adequacy, liquidity, volume of business and information on the banking group, as well as quality of management and controls of the bank. While every bank must be subject to an inspection at least every 24 months (Section 1.4), off-schedule inspections of banks are possible (Chapter 4) and can be triggered by violations of legislation and regulations or changes in the risk profile or condition of the bank as well as to check on the progress or completion of remedial actions required by the supervisor.
EC3	The supervisor assesses banks’ and banking groups’ compliance with prudential regulations and other legal requirements.
Description and findings re EC3	Under the CBL (Article 57.2) the CBR is required to assess a range of prudential standards including the quality of the RM, capital management and internal control systems of a bank, and its banking group, as well as the capital adequacy and liquidity of a bank. Should a bank fail to meet these standards, the CBR shall issue a direction to the bank. Ultimately, where prudential regulations have not been met, the CBR has the right to apply the corrective measures and sanctions set out in the CBL (Article 74), which are discussed more fully in CP11. The CBR uses both on and offsite approaches to assess the degree of compliance by banks with prudential regulations and legal requirements that are established in accordance with the CBL and the Federal Law on Banks and Banking Activity (BBAL). Banks’ reporting to the CBR and the findings from inspections are used in the supervisory assessments. One of the core purposes of a CBR inspection, as stated in Instruction 147-I, is for the supervisory authority to assess banks’ compliance with legal and regulatory requirements.
EC4	The supervisor takes the macroeconomic environment into account in its risk assessment of banks and banking groups. The supervisor also takes into account cross-sectoral developments, for example in non-bank financial institutions, through frequent contact with their regulators.
Description and findings re EC4	The macroeconomic context is taken into account through two main approaches. One is monitoring of risk indicators, including deeper analysis of and follow-up supervisory action with banks that contribute significantly to any negative trends. The CBR also undertakes banking sector stress testing on a quarterly basis for all operating banks. The results are published in the Report on the Development of the Banking Sector and Banking Supervision. Insights into the impact on banking and key trends in the banking sector are also examined in the CBR’s Financial Stability Report. The stress testing is further complemented by analytical work performed in respect of banks in which stress testing plays an important role in the RM system. Coordination with the non-bank financial regulators is achieved through internal procedures as, since September 2013, the CBR has been a unified single regulator for the financial markets. There is a practice of coordinated, simultaneous onsite inspections for the regulated financial entities in the banking groups, which facilitates the cross-sectoral dimension.
EC5	The supervisor, in conjunction with other relevant authorities, identifies, monitors, and assesses the build-up of risks, trends and concentrations within and across the banking system as a whole. This includes, among other things, banks’ problem assets and sources of liquidity (such as domestic and foreign currency funding conditions, and costs). The supervisor incorporates this analysis into its assessment of banks and banking groups and addresses proactively any serious threat to the stability of the banking system. The supervisor communicates any significant trends or emerging risks identified to banks and to other relevant authorities with responsibilities for financial system stability.
Description and findings re EC5	A system wide risk monitoring system based on banks’ reporting as well as wider sources of information has been created. The following risks are analyzed: corporate and retail credit risk, market risks, and liquidity risk. Analysis of the dynamics of banks’ capital adequacy is also performed. On the basis of the systematic analysis, banks with particular vulnerabilities are identified and additional supervisory work is done with these banks. With respect to credit risk, for example, trend analysis and scenario stress testing in the mortgage market are conducted. The sample of banks used for stress testing includes the largest banks, which account for approximately 79 percent of the loan debt in the mortgage lending segment. Analysis of systemic risks in the consumer lending segment is performed using a range of data, including reporting forms, survey data from retail banks, and materials provided by credit bureaus (National Bureau of Credit Histories (NBKI), Equifax). In 2016, there are plans to expand the model to incorporate the borrower’s income and regional location. Risk assessment in the corporate lending segment (not including nonfinancial corporations) uses banks’ reporting data, corporate sector reporting, and data obtained from direct company surveys. In 2016, a reporting form for individual operations will be introduced, which will allow for a more detailed assessment and forecasting of credit risks in the corporate sector. The CBR is represented on the National Council for Financial Stability, which also includes representatives of the Russian Federation MoF, the Russian Federation Ministry of Economic Development, the Deposit Insurance Agency State Corporation, the Executive Office of the President and members of the Russian Federation Government. The CBR provides the National Council for Financial Stability with consolidated data on systemic risks. Descriptions of the main direction of strategic policy (actions) of the CBR are provided to the Council. General information on the National Council to Maintain Financial Stability is publicly available and posted at: http://government.ru/department/271/.
EC6	Drawing on information provided by the bank and other national supervisors, the supervisor, in conjunction with the resolution authority, assesses the bank’s resolvability where appropriate, having regard to the bank’s risk profile and systemic importance. When bank-specific barriers to orderly resolution are identified, the supervisor requires, where necessary, banks to adopt appropriate measures, such as changes to business strategies, managerial, operational and ownership structures, and internal procedures. Any such measures take into account their effect on the soundness and stability of ongoing business.
Description and findings re EC6	At the present time all systematically important banks must develop and submit to the CBR financial stability recovery plans. The CBR has been receiving financial stability recovery plans from the systemic banks since 2013. However, the law does not yet require non-systemic banks to prepare and submit financial stability recovery plans. Non-systemic banks, at the demand of the CBR, must develop and submit recovery plans. Under the new legal regime for recovery and resolution, the CBR must issue regulations to address the design of recovery plans (form, content, deadlines for submission), a regulation setting out the methodology for the assessment of recovery plans by the CBR, and a regulation on the action plan of the CBR on resolution of the systemically important credit institutions (content, measures). Nevertheless, banks can develop and submit recovery plans to the CBR based on CBR Letter 193-T, even though the letter is not legally binding. As of January 1, 2016, 38 plans, including five prepared by the SIFIs, had already been submitted to the CBR. The CBR has already evaluated a number of these plans and issued recommendations for additional work on most plans. If a bank’s continuing viability is in doubt, the CBR has the right to demand a financial stability recovery plan (Article 189.10 of the Federal Law 127-FZ). Moreover, the CBR has the right to require a bank’s reorganization (Article 189.26 of the Federal Law 127-FZ). Furthermore, in the event of a threat to depositors or financial stability, the CBR is entitled to send to the DIA a proposal on its participation in taking measures aimed at preventing a bank’s bankruptcy (Article 189.47 of the Federal Law 127-FZ). However, the CBR’s powers to compel reorganization and restructure are predicated on the bank or banking group’s condition being a threat to its depositors or to financial stability. In other words, while a bank or banking group is in a stable and sound condition, and not, for example, being rated “doubtful” or “unsatisfactory” for the business plan, RM, and internal controls, or transparency of the ownership structure under the methodology of Ordinance 2005-U, or—in future when the provisions are fully in effect—failed to remedy deficiencies identified under Ordinance 3624-U, and is compliant with its supervisory and other legal norms, the CBR is limited to making only recommendations in relation to business strategies, managerial, operational and ownership structures, and internal procedures.
EC7	The supervisor has a clear framework or process for handling banks in times of stress, such that any decisions to require or undertake recovery or resolution actions are made in a timely manner.
Description and findings re EC7	Resolution and recovery matters are primarily governed by Federal Law 127-FZ. In particular, the law stipulates the grounds for the application of resolution (bankruptcy prevention) measures. Law 127-FZ establishes the sequence of actions for all the parties concerned—including both the authorities and the bank—should circumstances for resolution or rehabilitation arise. Under the law, the CBR has the authority to take a decision to send ARs of the CBR and DIA to examine a bank’s financial condition and prepare a joint report in order to support the decision making process on whether a proposal should be sent to the DIA regarding resolution measures. CBR Ordinance 3707-U establishes the procedures for the assessment of a Bank’s financial condition for the purpose of making a joint decision with the Deposit Insurance Agency on bank resolution. The CBR and DIA also share information on the existence of grounds indicating that a plan involving the DIA participation in resolution would be unsuccessful (Article 189.49, Clause 7, of Federal Law 127-FZ). In terms of the CBR’s own internal framework for dealing with banks at times of stress, any decision to examine a bank jointly with the DIA or to send the DIA a proposal for the DIA’s participation in resolution (implementing bankruptcy prevention measures or measures for settling a bank’s obligations) is taken by the CBR’s Banking Supervision Committee. Internal rules of procedure apply to the work of the BSC.
EC8	Where the supervisor becomes aware of bank-like activities being performed fully or partially outside the regulatory perimeter, the supervisor takes appropriate steps to draw the matter to the attention of the responsible authority. Where the supervisor becomes aware of banks restructuring their activities to avoid the regulatory perimeter, the supervisor takes appropriate steps to address this.
Description and findings re EC8	The CBR is a unified “mega regulator.” As such, in the view of the CBR, the potential for regulatory arbitrage opportunities to develop is limited and the CBR indicated that it had not had the occasion to intervene with banks that were restructuring their activities to avoid the regulatory perimeter. In terms of shadow banking, the CBR estimates that at the end of 2014, the shadow banking system represented less than 7 percent of financial system assets (approximately 10 percent GDP). More recent estimates are pending the adaptation of FSB monitoring techniques to the current Russian business environment. However, the CBR has clear powers to act. Under the BBAL (Article 4), should the CBR, in the course of its supervision, identify a potential entity that should be part of the banking group or bank holding company, it shall require the parent of the banking group or of the bank holding company and require compliance with the law (i.e., re-set the regulatory perimeter). In November 2015, the CBR, together with the Alliance for Financial Inclusion, hosted a conference on inclusion and shadow banking, noting that the CBR supported efforts of regulators and supervisors (following the FSB recommendation) to identify and monitor trends in shadow banking and advance proportionate regulations to address the risks to financial stability emerging outside the regular banking system while not inhibiting sustainable nonbank financing models that do not pose systemic risk.
Assessment of Principle 8	Largely Compliant
Comments	The CBR has developed its risk based approaches since the last assessment. An analytical methodology is applied to differentiate between banks with differing risk profiles and a dedicated department for systemic banks has been set up. The use of supervisory discretion has not, historically, been straightforward in the context of the Russian legal and regulatory system, but the approach articulated through Ordinance 2005-U creates a structured consideration of qualitative issues and appears to allow for the exercise of informed supervisory judgment based on documents the assessors were able to consider. The introduction of the supervisory review process (SREP) based on banks’ ICAAPs and integration with the risk assessment approach under Ordinance 2005-U is a further welcome evolution of a risk based supervisory approach. (Please see CP15 and 16 for more discussion of ICAAP and SREP). Where the CBR is less well advanced is in the field of resolution assessment and planning, although the CBR and indeed the banks themselves have by no means been inactive based on the early submission and evaluation of recovery plans prior to regulations being issued. Compliance with this principle is partly a matter of the remaining time needed to issue and implement outstanding regulations. However, the principle can only be met provided that the CBR ensures it assesses the resolvability and is able to require, where necessary, banks to adopt appropriate measures, such as changes to business strategies, managerial, operational, and ownership structures, and internal procedures. It is the assessors’ understanding that the CBR lacks the requisite power to require operational or institutional changes based on an assessment of the bank’s ability to recover. A legal amendment to ensure this power in place is important if the CBR is to be assessed as compliant with this CP in any future assessment. Shadow banking activities in the Russian financial sector appear to be low but not fully insignificant. A dependence on solo reporting using Russian rather than IFRS standards may encourage banks to move assets outside the prudential regulatory perimeter. It is therefore essential for the CBR to remain assiduous in using all forms of information available to it so that the potential for regulatory arbitrage does not arise. The CBR should not hesitate to use its powers under the BBAL (Article 4) if the need should arise. It would be important to ensure, when the CBR assesses the resolvability of a bank, that the CBR has the powers to require, where necessary, banks to adopt appropriate measures, such as changes to business strategies, managerial, operational, and ownership structures, and internal procedures.
Principle 9	Supervisory techniques and tools. The supervisor uses an appropriate range of techniques and tools to implement the supervisory approach and deploys supervisory resources on a proportionate basis, taking into account the risk profile and systemic importance of banks.
Essential criteria
EC1	The supervisor employs an appropriate mix of onsite46 and offsite47 supervision to evaluate the condition of banks and banking groups, their risk profile, internal control environment and the corrective measures necessary to address supervisory concerns. The specific mix between onsite and offsite supervision may be determined by the particular conditions and circumstances of the country and the bank. The supervisor regularly assesses the quality, effectiveness and integration of its onsite and offsite functions, and amends its approach, as needed.
Description and findings re EC1	The CBR supervises banks through a system of on and offsite supervisory techniques. Curator—offsite function The supervisory process is founded on the use of curators, a position established in 2007 (Regulation 310-P). The curators enable a single point of contact in the supervisory relationship and are appointed to perform the CBR’s oversight functions. All banks have an appointed curator and while a curator may have responsibility for more than one bank, it is recommended that an individual curator have the responsibility for all the banks within a single banking group to support the overall quality of oversight of the group. The curator’s main role is to exercise professional judgment, in a forward looking manner, on the condition of the bank he or she is responsible for, using all information obtained through the supervisory process. Deficiencies in the bank and potential supervisory solutions and remedies are proposed by the curator with the aim of achieving early intervention, though it should be noted that the curator does not possess delegated powers of decision making. The curator is also responsible for proposing the scope of onsite inspections and for drawing up any supervisory action plan. A Methodological Guide (a so-called curator’s handbook) has been prepared and covers issues relating to the collection and systematization of information on banks as well as analysis and assessment of quantitative aspects of financial soundness as well as qualitative issues around management and internal controls. Authorized representatives The CBR has the power to appoint an “authorised representative” to major institutions—defined as having assets equal to or greater than 50 billion rubles or retail (public) deposits equal to or greater than 10 billion rubles—or to banks that have received financial support. The purpose of authorised representatives is to allow the CBR access to real time information to facilitate timely supervsiory action. The CBR authorised representatives have wide ranging rights of access to the banks, including the right to obesrve (no voting power) the meetings of banks’ management bodies, as well as meetings of the credit risk committee and asset liability committes (ALCO), and all documents and records relating to the activity of the bank, including compensation packages for the executive management and boards. At the time of the assessment mission, the CBR has appointed authorised representatives to 158 banks, including to all banks of national or regional significance. The role of “authorized representative” is set out in Article 76 of the CBL and the procedures for appointment, performance of functions, and termination of role is further articulated through a number of ordinances, namely: Ordinance 2182-U; Ordinance 2181-U, and Ordinance 3057-U. The ordinances do not require the rotation of individuals who serve as an “AR.” It should be noted that the inspectors of the CBR are also termed “ARs” in the CBL, in Article 73, but the two functions are not the same. The assessors were able to review some examples of instruction mandates given to ARs, as well as reports submitted to the CBR by the representatives, which were informative, analytical and timely. Inspections The offsite analysis is complemented and informed by the work of the Chief Inspectorate. Following reforms, all inspectors of the CBR have been consolidated within the Chief Inspectorate rather than being part of the CBR territorial branch network. The CBR can carry out three kinds of inspections: comprehensive, thematic, and specialized (Section 1.4); however, coordination processes are set out (Section 3.1). Inspections can be either scheduled or unscheduled but frequency of inspections must be at least every 24 months (Instruction 147-I, Section 1.4). The ratio of unscheduled to total inspections is approximately one-third, which is consistent with the ratio at the time of the last full BCP assessment in 2008. For example, in 2014 there were 817 inspections, of which 266 were unscheduled. In terms of intensity, the range between the more targeted inspections and the full scope examinations is from two weeks to six months. The periodicity and scope of inspections are determined by taking into account: the financial condition and future outlook of the institution; the institution’s exposure to risks, and quality of management, which may include an evaluation of the RM system and the status of internal control; the reliability of accounting (reporting); and the results of previous inspections. The main objective of the CBR inspection is to determine the level of risks and evaluate the quality of management, including an evaluation of RM and internal controls as well as to evaluate the financial stability, economic position, and financial condition of the institution and its future outlook. (See Section 1.3 of Instruction 147-I.) The assessors were not able, owing to time constraints, to view many inspection reports. However, the reports that were viewed supported the description given by the CBR. In the reports seen by the assessors, careful attention had been paid to the institution’s adherence to its control environment, its adherence to regulations and laws, and the inspection focused thoroughly on the issues contained in the specific inspection mandate. Supervisory themes that have informed the scoping of inspections in the past couple of years include concentration risk and AML/CFT. Recent trends have also included the move to a greater use of coordinated inspections across an institution (and its branches) and financial groups. Concerns with asset quality and the need for banks to adhere to regulations are a constant theme.
EC2	The supervisor has a coherent process for planning and executing onsite and offsite activities. There are policies and processes to ensure that such activities are conducted on a thorough and consistent basis with clear responsibilities, objectives and outputs, and that there is effective coordination and information sharing between the onsite and offsite functions.
Description and findings re EC2	The Chief Inspectorate coordinates with other departments (e.g., SIBSD) in the CBR and the territorial offices in designing the overall inspection program for the year. Inspections are planned on an annual basis and managed through a “Summary Plan,” and a monitoring system is in place to ensure the relevance and timeliness of inspections. Instruction 149-I sets out the rubric for inspections, including the scoping and coordination processes. Planning procedures, for example, including for unscheduled inspections, are found in Chapters 2–4, and cooperation procedures for the “interregional” inspectorates are in Chapters 6–7. The scoping of the inspection is determined based on proposals made by the territorial offices but the final decision rests with the Chief Inspectorate (usually on a mutual consent basis). Scoping proposals and inspection decisions take into account the priority themes that have been set for the year by the Chief Inspectorate. In turn, these themes take into account inputs from the divisions responsible for supervision of systemic banks, licensing, and financial markets so that the inspection plan is responsive to current and emerging risks and vulnerabilities. Responsibility for monitoring the continuing need for an inspection and the relevance of the terms of reference lies with the territorial offices and SIBSD (i.e., offsite function), and this is complemented by a dedicated monitoring section within the Chief Inspectorate Division to ensure that the Summary Plan is progressing. Amendments to the CBR inspection plan are made as necessary (Instruction 149-I, Section 3.1). Monitoring of inspections is governed by procedures set out in Ordinance 3017-U and other internal documents. The monitoring of inspections entails the timely sharing of information between the onsite and offsite functions including the interim findings of an inspection, for the purpose of: guiding the inspection subdivisions in identifying the most problematic areas; and informing offsite supervisory subdivisions about violations and deficiencies to allow for the possibility of the timely adoption of supervisory decisions (if needed) before the completion of an inspection (e.g., arranging a meeting of onsite and offsite with or without inspected bank). At the close of an inspection, the findings are submitted to the offsite teams, who make decisions on whether supervisory measures are needed or whether further inspections may be needed.
EC3	The supervisor uses a variety of information to regularly review and assess the safety and soundness of banks, the evaluation of material risks, and the identification of necessary corrective actions and supervisory actions. This includes information, such as prudential reports, statistical returns, information on a bank’s related entities, and publicly available information. The supervisor determines that information provided by banks is reliable48 and obtains, as necessary, additional information on the banks and their related entities.
Description and findings re EC3	The principal task of the curators/offsite based supervision is to identify possible problems at the earliest stage, using all sources of information, and initiate supervisory action as appropriate. Offsite supervision constitutes the regular analysis and evaluation of reporting data, findings of inspections, and other relevant information. For banks where an AR has been appointed, there is a direct conduit of up to date information flowing to the curator and the assessors (as noted in EC1) were able to review some samples of this. Analysis seeks to identify any areas of elevated risk and deficiencies (violations). In the event of negative findings, the CBR will issue either an advisory letter or a formal order containing requirements for amendments by the institution. The principal sources of information used by the CBR are the reporting forms and financial statements from the supervised institution. Wider sources are also used, including open databases, official information resources of federal government authorities, including the Russian Federation Federal Tax Service, data from arbitration courts, the press, data from the CBR settlement network on payments, as well as information from supervisory authorities of foreign states. In a number of cases, reliability is ensured through cooperation with various institutions and control and supervisory bodies. The assessors noted that analytical documents prepared by the offsite supervisors routinely note the information sources used to support the descriptions, comments, and judgment. The CBR conducts regular analysis and assessment of the supervised institutions, taking into account the following information: composition of the banking group, information about the stockholders (partners) of group and banking entities within the group as well as affiliates, including data on their state registration and banking licenses; corporate and governance structures of the banking group and its entities (notably including information on the entities that provide risk and capital management systems, and internal controls); business plans and strategies; information on business models used in the group, and information on related business plans of banks within the banking group; internal documents such as the rules, regulations, ordinances, decisions, orders, methodologies, job descriptions from the banking group; consolidated financial statements and other information as specified by the CBR BoD; risk exposures; procedures for risk assessment and management; the results of internal procedures for evaluating capital adequacy, as well as reporting by major participants in the banking group and other information about the activities of major participants in the banking group; recovery and resolution plans of the banking group and the banking entities within it (where these exist); and other documents (information) concerning the banking group’s activities may be obtained through the supervisory process, such as auditor’s opinions regarding the accounting (financial) statements; press; rating agencies and other external sources. The CBR obtains its assurance of the reliability of information submitted by banks through its onsite inspections. Indeed, one of the principal objectives of bank inspections, as laid out in the general provisions of Instruction 147-I (Section 1.3) is to evaluate the reliability of the accounting (reporting) by a bank. Conclusions on the reliability of a bank’s accounting (reporting) are included in the final inspection report (Instruction 147-I, Section 7.5.2 and Section 1.12). Inspection procedures in respect of examining the reliability of reporting are covered in CBR Letter 77-T. The inspection team has extensive rights to request and obtain information in order to confirm and verify documents of the bank under inspection. This includes the right to request information from a range of individuals and entities that have contractual relationships with the bank. These include, the shareholders (partners), the customers and correspondents of the bank; banking payment agents and operators of payment infrastructure services (other than banks) used by the bank. (See Instruction 147-I, Section 2.7 and Annex 5) Also, information can be obtained from the following (See Instruction 147-I, Section 2.8 and Annex 5): other banks that are not customers and correspondents of the bank under inspection, at which accounts of customers and correspondents of the inspected bank are or were held; from banks participating in a payment system operated by the bank under inspection and/or which have been contracted by the bank as operators of payment infrastructure services; and from federal executive government bodies of the Russian Federation and law enforcement authorities. The inspection reports reviewed by the assessors illustrated a systematic and thorough approach capable of identifying, among other things and when relevant, issues of misreporting, misclassification, and miscalculations that would allow the offsite teams to determine whether a bank’s reporting could be relied upon or whether supervisory measures might be called for.
EC4	The supervisor uses a variety of tools to regularly review and assess the safety and soundness of banks and the banking system, such as: (a) analysis of financial statements and accounts; (b) business model analysis; (c) horizontal peer reviews; (d) review of the outcome of stress tests undertaken by the bank; and (e) analysis of CG, including RM and internal control systems. The supervisor communicates its findings to the bank as appropriate and requires the bank to take action to mitigate any particular vulnerabilities that have the potential to affect its safety and soundness. The supervisor uses its analysis to determine follow-up work required, if any.
Description and findings re EC4	Analysis of financial statements and accounts For the purposes of evaluating a bank’s financial condition, the CBR has developed a formal Methodology for Analysis of a Bank’s Financial Condition. This is discussed in more detail in CP8. However, the approach is based on an assessment of risks regulated by the CBR, and aimed at the performance of a comprehensive analysis of a bank’s financial condition on the basis of reporting, as well as other sources of official information about its activities. Summary analyses, as viewed by the assessors, can thus be prepared based on the use of this methodology, permitting a concise overview of an institution. As noted below, this methodology is not limited only to financial and quantitative elements. Also it is required for Curators to assess and analyze the annual reports and accounts (Regulation 310-P, Section 2.5). Business model analysis The methodology set out in 2005-U includes an assessment of the management of strategy within an institution (Annex 5). The curator’s handbook provides further guidance on how to evaluate strategy and business model, but this aspect of supervision is expected to be enhanced once the CBR starts to undertake the supervisory review process of the ICAAPs (i.e., the SREP). Nevertheless, SIBSD routinely requests the business plans and strategies for the purposes of assessing strategic risk using the 2005-U methodology. Also, the quality of the business plan (and the state of RM and internal control) is assessed within the Ordinance 3277-U for compliance with the terms of the credit institution’s participation in the deposit insurance system. Horizontal peer reviews The ASFB system provides all curators with the ability to interrogate the data base in order to undertake peer group analysis. It is standard practice of analysis for curators to assess banks against peer groups (regional, business type, etc.) and to identify outliers who may require more intensive scrutiny. Review of the outcome of stress tests undertaken by the bank Again, the methodology in Ordinance 2005-U assists a structured examination of a bank’s stress testing processes (Annex 6). The methodology seeks to ascertain that banks have put stress testing procedures in place and in evaluating this question, the CBR considers whether the stress tests are comprehensive, that is, whether they cover the principal risks inherent in the bank’s activities (credit, market, and interest rate risk; the risk of loss of liquidity; and operational and other risks associated with a bank’s activities). Furthermore, Ordinance 3624-U, which is not yet in force for all institutions, sets requirements for stress testing for significant risks and capital adequacy. Greater focus on the effectiveness of the banks’ stress testing will be introduced through the SREP process, which has not yet—formally—taken place for any bank (i.e., the first formal ICAAP submission is not until January 2017). Informally, however, ICAAPs have been submitted and the CBR has been able to consider and provide feedback on them. Analysis of CG, including RM and internal control systems Evaluation of CG is chiefly carried out through the prism of analysis of RM and internal control systems, which are also covered by the methodology, set out in Ordinance 2005-U, (Annexes 6 and 7). The CBR is concerned to ensure that the board is performing an active oversight function and places heavy emphasis on a bank drawing up an adequate quality of internal governance documents and abiding by them. In the view of the CBR, such internal documents carry almost as much significance as the bank’s Charter. Changes to such documents and any indirect evidence that controls and RM have weakened are taken as indications that CG has flaws. At a minimum on an annual basis, changes to control and governance procedures are documented so that inspectors can perform checks, but a review of RM, control, and governance is carried out on a quarterly basis in any case. Further information in the inspection and evaluation of the organization of internal control and RM is included in CBR Letters 47-T and 26-T. The results of an assessment performed by the CBR are communicated to the bank, and this includes information provided for the purpose of eliminating deficiencies and violations that have been identified. The findings of the offsite analysis in any case inform the scoping and terms of reference of the onsite inspections. Major deficiencies would result in an unscheduled inspection being organized. The assessors saw instances where such unscheduled inspections had been requested for this reason.
EC5	The supervisor, in conjunction with other relevant authorities, seeks to identify, assess and mitigate any emerging risks across banks and to the banking system as a whole, potentially including conducting supervisory stress tests (on individual banks or system-wide). The supervisor communicates its findings as appropriate to either banks or the industry and requires banks to take action to mitigate any particular vulnerabilities that have the potential to affect the stability of the banking system, where appropriate. The supervisor uses its analysis to determine follow-up work required, if any.
Description and findings re EC5	The CBR conducts a top-down, quarterly stress test for the banking sector with the objective of assessing systemic stability as well as assessing individual bank’s vulnerabilities to stress. The stress test results are used in the supervisor work of the CBR as an additional input. Thematic meetings are held with banks to discuss results and to provide recommendation. In 2014, for example, there was a series of meetings in respect of credit exposures to individuals.
EC6	The supervisor evaluates the work of the bank’s internal audit function, and determines whether, and to what extent, it may rely on the internal auditors’ work to identify areas of potential risk.
Description and findings re EC6	A bank’s internal control function is assessed as part of the framework of an evaluation of a bank’s economic position in accordance with CBR Ordinance 2005-U (PU5). The assessment takes place on a quarterly basis. The methodology for assessing the PU5 indicator is based on prevailing laws and regulations including Regulation 242-P and the relevant BCBS guidelines. Please see also CP26. The evaluation of internal control (PU5) is based on an assessment of the responses to questions in Annex 7 Ordinance 2005-U. These questions permit, inter alia, an evaluation of a bank’s internal documents governing the rules for the organization of an internal control system, including AML/CFT measures; a bank’s compliance with these rules; the effectiveness of the functioning of a bank’s internal control system (complete oversight of all of the areas of a bank’s activities); the role of a bank’s BoD (supervisory board) in overseeing the activities of the internal control function; organization of a bank’s AML/CFT efforts and the level of their effectiveness; a bank’s compliance with the legislation and regulatory acts of the CBR; as well as efforts to eliminate violations that are identified. As with the other indicators assessed under Ordinance 2005-U, responses to the questions are evaluated according to a four-point scale, and the PU5 score is the weighted-average value of the individual question scores. To illustrate the scale, a bank’s accounting and/or reporting are found to be unreliable (scoring 4) if it fails to comply with federal laws, standards, and rules established by the CBR, and the bank’s own accounting policy. A bank is also deemed unsatisfactory if deficiencies or errors have a significant impact on an assessment of its economic position, namely an impact on any one of the key quantitative indicators of the assessment of capital, assets, profitability, and liquidity, which would result in the assignment of an “unsatisfactory” rating to the overall result for the group as a whole, and/or to noncompliance with even one of the required ratios. Questions related to the effectiveness of the functioning of the internal control system are also examined in the course of the CBR’s inspections. The purpose of an inspection on the organization of internal control at a bank is to evaluate: the bank’s compliance with Regulation 242-P of December 16, 2003, on the Organization of Internal Control at Banks and in Banking Groups (this includes, for example, coverage, independence, and use of appropriate methodologies); the accuracy of reporting and other information submitted to the CBR regarding internal control at the bank; and the consistency of the organization of internal control with the nature, scale, and conditions of the bank’s operations. The CBR uses the Methodological Recommendations for the Review and Evaluation of the Organization of Internal Control at Banks (CBR Letter 47-T of March 24, 2005) when conducting its inspections.
EC7	The supervisor maintains sufficiently frequent contacts as appropriate with the bank’s board, non-executive board members and senior and middle management (including heads of individual business units and control functions) to develop an understanding of and assess matters such as strategy, group structure, CG, performance, capital adequacy, liquidity, asset quality, RM systems, and internal controls. Where necessary, the supervisor challenges the bank’s board and senior management on the assumptions made in setting strategies and business models.
Description and findings re EC7	The CBR holds meetings, typically annually, with the board, executive management, and also shareholders to evaluate CG and business strategy, as well as to discuss weaknesses and vulnerabilities in the bank. Meetings can also be held with the executive management or board during the course of an inspection if the head of the inspection team deems it to be necessary. This is in addition to any meetings that are held to communicate the preliminary findings of the inspection (See EC8 and Instruction 147-I Chapter 5, Section 5.4). Effective cooperation with a bank’s management is supported by the introduction of the curators, and for the banks that are systemic or weak, the presence of the ARs of the CBR. The curators operate in accordance with CBR Regulation 310-P, and ARs of the CBR are appointed to work with banks in accordance with CBR Ordinance 2182-U and CBR Ordinance 3057-U. The CBR maintains contact with the supervised banks (following Ordinance 3089-U of October 25, 2013, on the Procedure for the Supervision of Banking Groups, Section 2.7) at multiple levels including the management bodies of the consolidated banking group (including chairman, chief executive, members of the board) and key responsible managers within the bank, such as chief risk officer (CRO). The chief objective of such contact is to communicate the CBR’s assessment of any deficiencies identified in the bank, including any breaches of levels of risk that have been set by the CBR within the group or individual group entities. The frequency and extent of contact is determined by the responsible supervisory unit within the CBR and reflects the CBR’s assessment of the bank’s risk profile and potential impact of the bank on the financial system. However, in practice the CBR aims, both in its regional offices and SIBSD, to maintain continuous contact with the supervised institutions’ management bodies. Daily contact is normal practice for institutions in SIBSD.
EC8	The supervisor communicates to the bank the findings of its on- and offsite supervisory analyses in a timely manner by means of written reports or through discussions or meetings with the bank’s management. The supervisor meets with the bank’s senior management and the board to discuss the results of supervisory examinations and the external audits, as appropriate. The supervisor also meets separately with the bank’s independent board members, as necessary.
Description and findings re EC8	It is required for the CBR to inform the bank of the category to which the bank has been assigned using the methodology from Ordinance 2005-U. In future, when ICAAPs are assessed, the findings and outcome of the evaluation will also be communicated to the bank on a mandatory basis. The information is sent to the CEO, who is required to share this information with the board. Further, as a result of the ongoing assessment and analysis of the bank by the curator, any deficiencies and weaknesses and failures to meet the CBR regulations and standards that have been identified are notified to the bank (also with the requirement that the information must be shared with the board). Other information that is notified to the bank includes whether the CBR has established a supervisory team to focus on the banking group of which the bank is a member. In particular, representatives of the banking group (the manager, chairman, and/or members of the BoD (supervisory board) of the principal bank of the banking group, and key individuals from the wider banking group) may be invited to attend an annual meeting of the CBR supervisory group for the banking group. This meeting is to discuss the activities of the banking group, its risk profile, as well as a supervisory action plan. The findings of an inspection must be communicated to a bank in writing. However, it is not obligatory for an inspection to convene a closing meeting to deliver the conclusions of the inspection. Communication of the findings of an inspection to a bank must be done in writing and the bank must, in writing, acknowledge receipt of the report. The bank has 5 business days to make the acknowledgement (or 10 if it is a larger institution). The bank is not asked to confirm agreement with the substance of the findings, only acknowledgement of receipt, but is given a formal period (which is the same 5–10 business days) in which it can dispute the findings or provide evidence that errors have been made (i.e., objections to inspection results). These objections are taken into account when CBR makes decisions on supervisory measures. If necessary, a meeting can be arranged with the bank to discuss its objections (Instruction 147-I, Sections 9.2–9.3). However, the bank may provide objections to the inspection results later. For its part, the CBR is subject to a formal deadline to make decisions on supervisory measures. If, therefore, the bank chooses to submit further information or evidence of changes that it has made, then the CBR may tailor its measures and sanctions accordingly.
EC9	The supervisor undertakes appropriate and timely follow-up to check that banks have addressed supervisory concerns or implemented requirements communicated to them. This includes early escalation to the appropriate level of the supervisory authority and to the bank’s board if action points are not addressed in an adequate or timely manner.
Description and findings re EC9	The CBR communicates clear deadlines for the elimination of any deficiencies when it issues orders to banks. The assessment team was able to examine a number of examples of letters issued to banks with the deficiencies and follow up requirements clearly delineated. In face of persistent violations, the CBR escalates its supervisory procedures, including fines or, in more severe cases, may include restrictions and prohibitions are put into place. As also discussed in CP11, management failure to cooperate, or significant errors and risks in the bank’s operation, may lead to the CBR using its power to replace officials in the bank or restrict compensation packages (CBL, Article 60). As noted above, it is part of the protocol of the CBR to organize unscheduled inspections of banks (see Instruction 149-I, Sections 4.1 and 4.3) when there is information indicating that banks have not complied with orders issued by the CBR, or where there is a need to verify the successful compliance by banks with obligations they have assumed including, any obligations to implement action plans for the financial recovery of the banks, or to review a bank’s implementation of measures to prevent insolvency (bankruptcy) based on the issues established under item 4.2 of CBR Ordinance 1650-U.
EC10	The supervisor requires banks to notify it in advance of any substantive changes in their activities, structure and overall condition, or as soon as they become aware of any material adverse developments, including breach of legal or prudential requirements.
Description and findings re EC10	The CBR does not have a specific requirement that creates a general obligation on banks to provide advance notification of changes and material adverse developments. There is a specific requirement in relation to liquidity risk (LCR) if a bank is likely to fall below the required threshold. It may be noted that the regulatory system places an onus on timely ex post notification to the supervisor. The CBR noted that it was, in practical terms, in a bank’s interest to provide an early notification of difficulties to the supervisor, and broadly this was their experience. The CBR has a number of regulatory requirements concerning information on certain types of substantive changes in the activities, structure, and overall condition of a bank, particularly those related to reorganization and expansion of the range of banking operations performed, by virtue of the need to obtain a permit (license) from the CBR for said changes. In particular, the CBR requires immediate notification of a change in the composition of a banking group. Banks also provide monthly information on whether they have any violations of prudential standards (Form 0409135—information on required ratios and other indicators of a bank’s activities, which is submitted in accordance with CBR Ordinance 2332-U, indicating the numerical values of the standards that have been violated and the dates of the month on which they were violated). The CBR notes that in order to avoid the application of supervisory measures, banks provide timely notification of violations and the reasons for them frequently as part of a request not to apply enforcement measures. In addition, the CBR has the ability to identify substantive changes through a number of methods. For example, banks’ activities are monitored through reporting, and many banks are subject to daily reporting requirements. Information is also provided, for example, by the AR of the CBR, who has access to meetings of the bank’s board.
EC11	The supervisor may make use of independent third parties, such as auditors, provided there is a clear and detailed mandate for the work. However, the supervisor cannot outsource its prudential responsibilities to third parties. When using third parties, the supervisor assesses whether the output can be relied upon to the degree intended and takes into consideration the biases that may influence third parties.
Description and findings re EC11	Inspections (audits both scheduled and unscheduled) may also be performed by auditing firms on instructions from the CBR BoD (CBL, Article 73) and Regulation 442-P sets the procedure for selecting the audit firms (Regulation 442-P of November 30, 2014, on the Procedure for the Selection of Auditing Firms of the Performance of Audits of Banks (their Branches) on Instructions from the BoD of the CBR). Regulation 442-P sets out the criteria an audit firm must meet in order to be hired, and as a condition of hiring, the audit firm must meet these criteria throughout the duration of the inspection and review process (Regulation 442-P, Section 2.1 (or 2.2), 3.2, and 6.2). Inspections conducted by audit firms follow Instruction 147-I and take into account Ordinance 3463-U which establishes, among other things, the rights, responsibilities, and liability of the head and members of a group of auditors. As noted in CP10 EC 11, the power to use such experts has not yet been exercised.
EC12	The supervisor has an adequate information system which facilitates the processing, monitoring and analysis of prudential information. The system aids the identification of areas requiring follow-up action.
Description and findings re EC12	The CBR’s key information system is the “reporting automated workstation,” which is used by specialists in supervisory subdivisions of the CBR to access banks’ reporting data. The offsite supervisory function of the regional offices of the CBR perform a monthly analysis of the current financial condition of banks. The analysis is performed in accordance with the recommendations (methodology) for the analysis of the financial condition of a bank, which are (is) carried out using the AFSB System software. (Please see EC4 above.). The AFSB System is used for the processing of prudential reporting data and for the monitoring of changes in a bank’s financial condition through an analysis of trends in indicators describing the financial condition of banks, and also through the forecasting of their condition up to one year in advance. The main purpose of analyzing the financial condition of banks is to determine a bank’s exposure to various risks at the time that the analysis is performed, and to determine factors affecting a change in the nature of the risks assumed. Based on the results of an analysis, areas of elevated risk are identified, along with deficiencies and problems in the activities of banks that require the adoption of corrective measures on the part of the CBR. The CBR has developed and is continuing to improve the system for the Analysis of the Effectiveness of Supervisory Activities (AEND), which provides for the monitoring of the timeliness and adequacy of the principal supervisory actions taken by the dedicated supervisor for a bank.
Assessment of Principle 9	Largely Compliant
Comments	The CBR has developed a careful and scrupulous system of supervisory techniques, integrating on-and offsite approaches. Many of the risk principles of the BCP rely on whether the supervisor actively determines the quality of the banks’ practices. The Chief Inspectorate, supplemented by the AR where one is appointed, fulfils this function, and the assessors consider this to be the case. Existing practices largely meet the terms of the principle but, as the CBR matures and develops its experience with risk based supervision, there are some areas, in relation to the nature of communication and flexibility in the system as discussed in the paragraphs below, which merit attention to ensure that future practices remain as effective as necessary. There is no general obligation upon for banks to notify the CBR in advance of any substantive changes or of material adverse developments (EC10). Notification requirements, with some specific exceptions (e.g., LCR), are retrospective. By introducing this notification requirement, the CBR will be able to signal to banks that the responsibility for information exchange should be pro-active and not only focused on a backwards looking reporting regime, or investigations that the Chief Inspectorate conduct. The burden should not be solely upon the CBR to “find out” but also there should be some responsibility for the bank to “volunteer” and actively provide information. In terms of obtaining information from banks the CBR is, indeed, well placed owing to the work and insights of its offsite curators, its Inspectorate, and the role of ARs. This view is supported by the assessors’ consideration of documents the CBR made available. Roles, responsibilities, and processes are very clearly articulated through a number of CBR instructions and also made very transparent to the banks. The CBR should, though, consider rotation practices for the individuals serving as ARs. There are also two aspects of communication to banks that could be given more consideration. The CBR has multiple levels of contacts with firms and seeks, in general terms, to be transparent in communicating its expectations. Nevertheless, at a senior level, the CBR may wish to build on the recommendations of the FSB and reinforce the priority messages of supervisory concern, particularly with the systemic institutions, with the board (supervisory board). Numerous jurisdictions have found the contact between the most senior supervisors and the board to be one of the most effective modes of delivering a message and achieving the desired response and remedy from the bank. Greater contact with the boards may also foster the understanding that both the CBR and the banking sector should have a common interest in improved risk identification and RM. At a more operational level, meetings between inspection teams and the management or board of a bank are possible but not necessarily routine. A bank will receive a written report and requirement to remedy deficiencies and may provide objections to the written report, but requirements may already have been issued to the bank at this time, as the CBR has a deadline to issue its requirements to the bank based on the inspection. Meetings to discuss the findings with the institution are not, however, mandatory. This process emphasizes the importance of conforming with requirements but has less scope for dialogue and communication with the bank. In an increasingly risk based environment, it is therefore possible that the banks will comply with direct requirements but the banks’ understanding of the deeper risks and issues that are leading to deficiencies and violations may be weaker or may not be achieved. It is advisable for meetings with banks, for example, to be seen as routine even by the inspectorate, rather than a more exceptional “as necessary” event. In relation to flexibility, the assessors appreciate that it is important in the Russian system for there to be clear and formalized processes. For example, the overall inspection system is orderly and very well planned, supported by very explicit instructions in 149-I (and as noted in EC2, for example). As a general point, highly formalized systems can sometimes find it more difficult to respond to fast moving situations. The practical challenge, therefore, is to ensure that when critical issues are identified, they must be communicated and then escalated quickly and, if necessary, changes to supervisory actions are rapid. It is not clear to the assessors that present arrangements maximize the CBR’s ability to respond swiftly and nimbly to deficiencies or vulnerabilities that could deteriorate into violations or major future deficiencies. In the context of a supervisory system that is evolving further into the risk based approach and seeking to be more forward looking, it is worth, as a standard practice, reviewing existing protocols and regulations with a view to ensuring they not only permit but actively support sufficient flexibility and, in particular, timeliness for the CBR to act.
Principle 10	Supervisory reporting. The supervisor collects, reviews, and analyzes prudential reports and statistical returns49 from banks on both a solo and a consolidated basis, and independently verifies these reports through either onsite examinations or use of external experts.
Essential criteria
EC1	The supervisor has the power50 to require banks to submit information, on both a solo and a consolidated basis, on their financial condition, performance, and risks, on demand and at regular intervals. These reports provide information such as on- and off-balance sheet assets and liabilities, profit and loss, capital adequacy, liquidity, large exposures, risk concentrations (including by economic sector, geography, and currency), asset quality, loan loss provisioning, related party transactions, interest rate risk, and market risk.
Description and findings re EC1	The CBR has the power under the CBL (Articles 4 and 57) to perform banking supervision of the activities of banks on both a solo and a consolidated basis, namely: to establish rules for the performance of banking operations by banks and banking groups, for accounting, for the organization of internal control, for the compilation and submission of reporting, and for the calculation of equity (capital) and required ratios; and also to monitor compliance with the established rules and to take enforcement action as needed for violations that are identified. On the basis of Article 57, Ordinance 2332-U governs all reporting issues—including templates and instructions. A wide range of reporting forms for the purposes of supervision on a solo and a consolidated basis: the accounting balance sheet: full working register of accounts in a bank’s accounting system, which contains information about on- and off-balance-sheet assets and liabilities and sources of equity; financial performance, which contains detailed information about a bank’s income and expenditures; quality of assets, including, information about reserves that have been created for possible losses on loans and claims for interest income receivable; securities held, including the structure of a bank’s securities portfolios, the currency of their issue, the state registration numbers of issues, the volume of securities, the value, and the size of reserves created for possible losses; large exposures, including the 30 largest loans to non-bank legal entities and also including information about the borrower, and details on the loan such as purpose, interest rate, the date of issue, the maturity, the existence of any restructuring, the volume and duration of arrears, and the value of collateral; concentration of credit risk, including concentration of credit risk assumed by banks with respect to borrowers (groups of related borrowers), as well as parties related to the bank. This information is submitted on both h a solo and a consolidated basis for the purpose of the assessment of risks assumed by a group’s participants); liquidity coverage ratio (LCR, Basel III), including the LCR and other liquidity risk monitoring instruments; calculation of equity (Basel III), including information about the sources of base, supplementary, and additional capital, as well as sources excluded from this group; information on required ratios and other indicators of a bank’s performance, including information on compliance with banks’ required ratios and about indicators for calculating the amount of interest rate, stock, market, and FX risks; information on assets and liabilities by the time remaining to the demand date and maturity and including information about a bank’s liquidity position; interest rate risk, based on a gap analysis and containing, among other things, information about on- and off-balance-sheet instruments that are sensitive to a change in interest rates; information on contingent liabilities and derivatives; information on major depositors, includes concentration of a bank’s liabilities to depositors, the aggregate amount of liabilities to whom represents 10 percent or more of the bank’s total liabilities; information on funds placed and attracted, including sectoral, geographical and currency breakdown. report on open FX positions, including information on the FX risk assumed by a bank and a banking group with regard to the same set of participants for which a consolidated balance sheet is compiled; information on internal controls, including documents governing the functions of a bank’s internal control system and information about the internal control function; report on the entities in the banking group, including information on all of the legal entities (engaged in financial and nonfinancial activities, including nonresidents) that are controlled by the bank or over whose activities the bank has a significant influence, regardless of the inclusion of their reporting data in other consolidated prudential reporting, including information about the control methods, the size of investments in the statutory capital of other legal entities and the types of activities of the investees; information about securities issued by participants in a banking group and held by a bank and/or participants in a banking group; as well as information about investments by participants in a banking group in the statutory capital of the principal bank of the banking group and investments by the principal bank of the banking group and/or participants in the banking group in the shares of investment funds; On a consolidated basis: consolidated balance sheet, which includes information with a breakdown by group participants (residents and nonresidents) engaged in financial and insurance activities, financial intermediation, and ancillary activities, as well as those that are structured enterprises established for the purpose of performing certain financial operations (for example, the securitization of assets of the principal bank of a banking group and/or participants in a banking group) and/or nonfinancial operations (for example, real estate), grouped by types of business of the banking group participants; consolidated statement of financial performance, which includes information about a group’s financial performance for the same set of participants for which a consolidated balance sheet is compiled; calculation of equity (capital) and values of required ratios for a banking group, which contains information on the amount of a group’s capital, its compliance with the prudential standards established by the CBR, including compliance by the principal banks of banking groups that are systemically important banks, the liquidity coverage ratio, and capital adequacy ratios for the same set of participants for which a consolidated balance sheet is compiled; risks assumed, procedures for their assessment, and risk (including liquidity) and capital management procedures on a solo and consolidated basis. Prudential reports are checked to verify that they have been properly compiled, including internal checks for logical consistency. Reporting statements are checked, and their accuracy is also evaluated in the process of their analysis within the context of ongoing supervision, and in the course of inspections as discussed elsewhere.
EC2	The supervisor provides reporting instructions that clearly describe the accounting standards to be used in preparing supervisory reports. Such standards are based on accounting principles and rules that are widely accepted internationally.
Description and findings re EC2	Prudential reporting is based on Russian accounting standards, which are based on the International Financial Reporting Standards (IFRS) but not yet fully reconciled. All reporting data submitted by banks to the CBR must be compiled on the basis set out in Regulation 385-P, which sets out mandatory accounting rules for bank. When issuing accounting standards, the CBR is governed by the requirements of Federal Law 402-FZ on Accounting, with regard to the application of the IFRS as the basis for the development of federal and sectoral national accounting standards (see Section 4.4 of Ordinance 2851-U). The CBR is continuing its process of implementing IFRS standards. For example, IRFS based rules for hedge accounting by banks will be introduced in the first quarter of 2016. The CBR will issue regulations to implement IFRS9 as of January 1, 2018. At the present time, banking groups may, but are not obliged, to use IFRS for prudential indicators although the option does not support the comparability of indicators.
EC3	The supervisor requires banks to have sound governance structures and control processes for methodologies that produce valuations. The measurement of fair values maximizes the use of relevant and reliable inputs and is consistently applied for RM and reporting purposes. The valuation framework and control procedures are subject to adequate independent validation and verification, either internally or by an external expert. The supervisor assesses whether the valuation used for regulatory purposes is reliable and prudent. Where the supervisor determines that valuations are not sufficiently prudent, the supervisor requires the bank to make adjustments to its reporting for capital adequacy or regulatory reporting purposes.
Description and findings re EC3	The CBR has regard to the quality of valuation based on the CBL (in particular Article 72 but also 72,1 and 73). The CBR has issued Letter 37-T, on Measures to Monitor the Correct Reflection of Assets at Fair Value by Banks to provide guidance to the banks. It should, however, be noted that the CBR letter has the force of recommendation and is not a binding requirement. Nonetheless, 37-T (item 1.2) provides that the approved internal documents of a bank ought to contain: procedure and periodicity for evaluating the methodology for determination of the fair value of assets of each type, with a detailed description of the methods (models) employed for the measurement of assets at fair value, the source data, and assumptions used; quantitative threshold values (criteria), deviation from which may indicate inadequacy of the results of the measurement of assets at fair value in accordance with the approved methodology; and the procedure for the disclosure of information regarding methods for the measurement of assets at fair value. A bank is expected to take into consideration the degree of consistency between the source data used by the bank for the purpose of measuring the fair value of assets and the nature of the assets, the current status of the market, and source data and assumptions used by market participants for determining prices for similar assets, in accordance with the methodologies accepted for setting prices for financial instruments (regarding the level of risks associated with an asset, the status of and level of activity in the market, and the economic situation). The results of an assessment of the consistency of the source data should serve as the basis for a decision to make corrections in the source data (Section 1.3 of Letter 37-T). Active market prices are recommended as the most reliable source data, when assessing the consistency. Also absence of corrections in source data, when there are grounds to find that the source data are not consistent, serves as grounds for concluding that the fair value measurement of assets is not reliable. Banks are expected also to create databases to store information for at least five years on source data (market prices, the value of transactions with respect to a similar asset) and other information used in fair value calculations (Section 1.4 of CBR Letter 37-T). Banks’ management must ensure regular monitoring of the correct fair value measurement of assets and the methodology used for its application (verification, testing, monitoring) (Section 1.5 of CBR Letter 37-T). The accounting rules provide for the valuation of assets at their initial value at the time of their initial recognition. Subsequently, a bank’s assets are measured at fair value in accordance with the requirements of IFRS 13—Fair Value Measurement, which is officially recognized within the Russian Federation. Segregation of duties is considered as the methodology for determining the fair value of assets, and must be developed without the involvement of staff engaged in operations (transactions) related to the assumption of market risk and measurement of the value of trading book instruments (Section 3.4—Market risk Annex to Ordinance 3624-U). The methodology for determining the fair value of trading book instruments must provide that if a market for the financial instruments is no longer active, its prices no longer serve as a reliable input, and the bank must change the measurement method and uses several measurement methods, such as the market and income approaches, for example. The methodology for measuring the value of trading book instruments used by a subsidiary must be approved in writing by the principal bank of the banking group, and must be subject to periodic monitoring to ensure its suitability. Information about trading book instruments measured using quantitative measurement models must be communicated to the management bodies of a bank (principal bank of a banking group). A bank (principal bank of a banking group) develops a methodology for estimating the degree of uncertainty of measurements obtained using these models, and when necessary makes corrections to the value of instruments measured using the models. The internal audit function of a bank that uses quantitative market risk measurement models performs a quarterly assessment of the quality (accuracy) of these models based on historical data, and also based on current data in the course of ongoing activities. This check can also be performed by another division of a bank provided it is independent of the sections of the bank that actively assume market risk for the bank and of the section of the bank that develops quantitative market risk measurement models.
EC4	The supervisor collects and analyses information from banks at a frequency commensurate with the nature of the information requested, and the risk profile and systemic importance of the bank.
Description and findings re EC4	The range of information banks must submit is discussed in EC1. In accordance with Ordinance 2332-U, the CBR receives prudential reporting with varying periodicity. Broadly speaking, the systemic banks are required to maintain a more frequent reporting schedule than other banks, with weekly and daily reporting being included if the CBR considers the need. The CBR has the right to require that bank submit reporting statements more frequently (Procedures for the Compilation and Submission of Reporting Forms). In the event of the rapid deterioration of a bank, particularly a member of the deposit insurance system, the CBR can require daily reporting. (Please also see CP8.) (Letter 69-T on Urgent Measures for a Prompt Supervisory Response.) As an example of differentiation in reporting, for banks defined as systemically important, reporting on the LCR on a consolidated basis was increased to monthly as of January 1, 2016. The largest Russian banks (including systemically important credit institutions) with total assets of RUB 50 billion or more and (or) retail deposits of RUB 10 billion or more have reported the LCR monthly on a solo basis since July 2014 (first reports as of August 1, 2014). Some reports are required only when there is a change in circumstances. For example, the report on the composition of participants in a banking group is submitted to the CBR when changes occur (i.e., within 10 days of the date of the change). In addition, and on the request of the CBR, banks submit reports on the composition of the banking group and open FX positions within 10 days of the receipt of a written request from the CBR, as well as duly certified copies of documents and other information from participants in a banking group that are not banks (residents and nonresidents), which were used in the compilation of the report. In terms of timely analysis and evaluation, prudential returns and reports are processed by the System for the Analysis of a Bank’s Financial Condition (the AFSB System). The AFSB System uses the methodology for analyzing the financial position of a bank that is consistent with the approach used by the curators (offsite function) for the analysis of the financial condition of a bank (Letter 15-5-3/1393). The AFSB System also uses the methodology for the evaluation of the economic condition of a bank in accordance with Ordinance 2005-U.
EC5	In order to make meaningful comparisons between banks and banking groups, the supervisor collects data from all banks and all relevant entities covered by consolidated supervision on a comparable basis and related to the same dates (stock data) and periods (flow data).
Description and findings re EC5	Banks that are the parent banks of banking groups submit reporting statements to the CBR on a solo and a consolidated basis. Consolidated reporting by banking groups includes: monthly—LCR and individual indicators used in its calculation, which is part of a report on capital adequacy and other required prudential ratios of the banking group (see also EC4); quarterly—asset quality, data on large loans, data on the concentration of credit risk, a consolidated balance sheet, a consolidated statement of financial performance, a report on the amount of equity (capital) and the values of the required ratios of the banking group, a report on open FX positions of the banking group, and explanatory notes regarding the consolidated reporting; semi-annual and annually—information about risks assumed, procedures for their assessment and for the management of risks and capital, consolidated financial reporting as part of a report on the financial condition of the bank, a report on aggregate income of the bank, a cash flow statement of the bank, a statement of changes in equity of the bank, interim consolidated financial statements, and in the event that an audit has been performed, the auditor’s opinion based on the results of a review audit of the reliability of the reporting. Annually, as part of the information on risks assumed, procedures for their assessment and for the management of risks and capital, a report on the financial condition of the bank, a report on aggregate income of the bank, a cash flow statement of the bank, a statement of changes in equity of the bank, annual consolidated financial reporting, and an auditor’s opinion regarding its reliability. The consolidated reporting forms have been developed on the basis of the forms for solo accounting (financial) statements of banks taking into consideration the specific aspects of consolidation and they consequently have the same format as the published reporting statements, they are compiled on the same date and for the same reporting period, and in connection with this, they provide comparable information for analysis.
EC6	The supervisor has the power to request and receive any relevant information from banks, as well as any entities in the wider group, irrespective of their activities, where the supervisor believes that it is material to the condition of the bank or banking group, or to the assessment of the risks of the bank or banking group or is needed to support resolution planning. This includes internal management information.
Description and findings re EC6	The CBR, in accordance with Article 57 of the CBL, has the right to request and receive from banks, parent banks of banking groups, and principal institutions of bank holding companies, the necessary information about their activities, including information about participants in banking groups and bank holding companies that are not banks, and to request explanations regarding this information. The CBR also has the right to receive information about the activities of a bank (the activities of a banking group) directly from its management (the management of the principal bank of a banking group). The CBR receives this information from ARs of the CBR, as well as, for example, in the context of meetings with the banks’ management of the banks, and written responses to inquiries by the CBR. A draft federal law has now been prepared that provides for amendments to Federal Law 127-FZ with regard to granting the power to representatives of the CBR and the DIA to also perform an analysis of the financial condition of legal entities that are financial institutions participating in the same banking group (holding company) as the bank whose financial condition is being analyzed, when performing an analysis of a bank’s financial condition within the framework of Article 189.47. In discussion with the CBR and also some market participants, it was indicated that the CBR did make use of the power to obtain management information.
EC7	The supervisor has the power to access51 all bank records for the furtherance of supervisory work. The supervisor also has similar access to the bank’s Board, management and staff, when required.
Description and findings re EC7	According to the CBL (Article 73) and Instruction 147-I, in the course of an inspection the CBR may request and receive from a bank all of the documents (information) for the period being inspected necessary to achieve the objectives of the inspection. This scope of information includes, for example, documents related to the state registration of the bank and obtaining a banking license; organizational and administrative documentation; instructions, regulations, orders, rules, and other internal documents; materials of the internal control function; analytical and summary accounting documents; accounting, statistical, and financial statements; explanatory notes; statements and written and oral explanations provided by the manager and employees of a bank; auditor’s opinions regarding financial (accounting) statements; reports and materials from inspections performed by the CBR and/or federal authorities; contracts; documents confirming that FX operations being performed are in compliance with the legislation of the Russian Federation and that the Law on AML/CFT is being observed; and other documents (information). A bank may be requested to provide documents (information) in hard copy or in electronic form. The CBL does not explicitly describe the CBR’s right of access to the board or senior management. However, a number of articles of the CBL establish the principle of the CBR’s right to access information and persons in a bank. Article 76, which establishes the position of AR (discussed in CP9) notes that the AR has the right to participate, on a non-voting basis, in the executive management meetings and decision making committees of the institution. Similarly, Instruction 147-I (Section 2.3) confirms that the head of an inspection team should have access to the persons with whom the inspection is coordinated: the chief executive officer, his deputies, and members of the executive board of a bank; the manager of a branch of a bank and his deputies; the head of a representative office and his deputies (referred to hereinafter as the manager of a bank); the chief accountant of a bank and his deputies. Further, the inspection team (Section 7.9) “shall be entitled if necessary to acquaint the head of the credit organization (its branch), the BoD (supervisory council) of the credit organization with the motivated judgments reflected in the report about the results of the inspection.” Although the assessors encountered different views on the matter in the course of their meetings and discussions in the mission it was not, though, the assessors’ overall impression that it was common for the inspection team to take this opportunity. (Please see comments CP9).
EC8	The supervisor has a means of enforcing compliance with the requirement that the information be submitted on a timely and accurate basis. The supervisor determines that the appropriate level of the bank’s senior management is responsible for the accuracy of supervisory returns, imposes sanctions for misreporting and persistent errors, and requires that inaccurate information be amended.
Description and findings re EC8	Reporting submitted by banks to the CBR in accordance with Ordinance 2851-U on the Rules for the Compilation and Submission of Reporting by Banks to the CBR must be signed by the CEO and the chief accountant, who are responsible in accordance with said ordinance for the timely, complete, and accurate submission of information to the CBR. If a bank is found to have submitted inaccurate reporting statements that contain incorrect data as a result of a violation of the established procedure for the maintenance of accounting records and/or for the compilation of reporting statements, including inaccurate information about financial condition and property status, the bank responsible for the misrepresentation of reporting data is required to correct the data (Section 5 of Ordinance 2851-U). Corrected reporting statements and indicators must be submitted (unless otherwise provided for by the procedure for the compilation and submission of reporting statements). The CBR has the right to apply enforcement measures against a bank in accordance with the CBL (Article 74) for a failure to submit reporting statements, for the submission of incomplete and inaccurate reporting statements, and for the submission of reporting statements in violation of the deadlines established by regulatory acts of the CBR. In the event that material inaccuracies are identified in the reporting data in accordance with the BBAL (Article 20), the CBR may revoke a bank’s banking license. Please see comments section in CP11 for greater detail. Further, the CBR has the right to apply measures against the parent bank of a banking group in the event that the parent bank of a banking group violates the requirements of federal laws in connection with its participation in the banking group, including a failure to submit information, the submission of incomplete or inaccurate information, a failure to perform a mandatory audit, and a failure to comply with orders by the CBR to eliminate violations related to its participation in the banking group, or if these violations threaten the lawful interests of creditors (depositors) of the given bank or of banks that are participants in the banking group (CBL, Article 74).
EC9	The supervisor utilizes policies and procedures to determine the validity and integrity of supervisory information. This includes a program for the periodic verification of supervisory returns by means either of the supervisor’s own staff or of external experts.52
Description and findings re EC9	As stated in Instruction 147-I (Section 1.3), one of the principal objectives of the CBR’s inspections is to evaluate the accuracy of the accounting (reporting) by a bank. This issue may be verified in the context of a thematic or a full-scope inspection of a bank. Information on the accuracy of accounting (reporting) by a bank is reflected in the analytical part of an audit report (Sections 7.5.2 and 1.12 of Instruction 147-I). The procedure for the organization and performance of an inspection of the accuracy of accounting (reporting) by a bank and for the reflection of the results of such an inspection is outlined in the Methodological Recommendations for the Organization and Performance of an Audit of the Accuracy of Accounting (Reporting) by a Bank (Branch) (CBR Letter 77-T). Inspections (including those for the purpose of evaluating the accuracy of accounting (reporting)) may also be performed by auditing firms on instructions from the CBR BoD. In connection with this, the CBR has published (CBL, Article 73, Part 2): CBR Regulation 442-P, on the Procedure for the Selection of Auditing Firms of the Performance of Audits of Banks (their Branches) on Instructions from the BoD of the CBR; Ordinance 3463-U. Verification of the correct compilation of reporting statements is also performed as part of offsite supervision: when receiving reporting statements, using internal arithmetic and logical control checks; and in the process of their analysis by dedicated supervisors using the AFSB System.
EC10	The supervisor clearly defines and documents the roles and responsibilities of external experts,53 including the scope of the work, when they are appointed to conduct supervisory tasks. The supervisor assesses the suitability of experts for the designated task(s) and the quality of the work and takes into consideration conflicts of interest that could influence the output/recommendations by external experts. External experts may be utilized for routine validation or to examine specific aspects of banks’ operations.
Description and findings re EC10	Inspections (both scheduled and unscheduled) may also be performed by auditing firms on instructions from the CBR’s BoD (CBL, Article 73, Part 2). The procedure for the selection of auditing firms for the performance of inspections of banks is established by CBR Regulation 442-P, which establishes the criteria that must be met by an auditing firm in order to be appointed. The CBR has been using this procedure in order to identify suitable audit firms but has not yet made any appointments to carry out tasks for the CBR. A draft contract for the performance of an inspection includes a requirement that an auditing firm must meet said criteria throughout the entire duration of its inspection of a bank and the review by the auditing firm of written objections or comments regarding the auditing firm’s report on the inspection of the bank (if applicable), (Section 6.2 of Regulation 442-P). When the CBR employs its powers to instruct auditors to carry out inspections, the inspections of banks must be carried out by auditing firms in accordance with Instruction 147-I, auditing standards, and the code of professional ethics of auditors, taking into account the specific considerations referred to in Ordinance 3463-U. Ordinance 3463-U establishes, among other things, the rights, responsibilities, and liability of the head and members of the team of auditors. Issues to be reviewed by an auditing firm when auditing a bank are specified in the inspection mandate (an addendum to the audit mandate) (Section 2.1 of Ordinance 3463-U).
EC11	The supervisor requires that external experts bring to its attention promptly any material shortcomings identified during the course of any work undertaken by them for supervisory purposes.
Description and findings re EC11	It is clear from Ordinance 3463-U (Section 3.5) that any expert who performs an inspection at the request of the CBR is required to provide information to the CBR regarding all of the issues related to the performance of the inspection. If material information falls outside of the scope of the inspection then it is not covered. Also there is no explicit requirement for the external expert to bring any matter promptly to the attention of the CBR. The CBR has not yet instructed any external experts to undertake any work for supervisory purposes, but at the time of the assessment it was planning to do so in the near future. As a matter of good practice the auditor may well raise any matter within the scope of its mandate as expeditiously as possible. Once the CBR has had the experience of working with appointed audit firms to carry out certain reports for it, it is to be expected that the relationship and mutual understanding of information flows between the audit community and the CBR will be more strongly established. It may be noted that the external expert is not without any ability to communicate with the CBR even though the EC is not met. Under Ordinance 3463-U (Section 3.5), the head of group of auditors has the right to send written appeals to CBR on all questions of carrying out the inspection, and also, as noted above, is obliged to provide to CBR information on all questions of carrying out the inspection at the request of the official of the CBR. According to Ordinance 3463-U (Section 6.8), a group of auditors can include in their concluding findings the professional judgments of the team (regarding going concern assumption), and also other data received during the audit work within the defined scope of the work. Other information can be reflected by the auditing organization in the modified audit opinion prepared (including statutory audit).
EC12	The supervisor has a process in place to periodically review the information collected to determine that it satisfies a supervisory need.
Description and findings re EC12	The CBR seeks to deliver a continuous process of streamlining its data requests and requirements from banks. Work is carried out with the participation of all relevant sections of the CBR, and aims to ensure that submissions to the CBR are relevant and meaningful—reflecting the complexity of and changes to banks and banking groups—as well as to eliminate duplication of information. In addition, based on the results of the ongoing analysis of the activities of banks, regional offices of the CBR prepare proposals for the revision of reporting forms to bring them up to date and into line with the supervisory needs, the risk profile, and the types of operations performed by banks. Issues related to the optimization of reporting are considered within the framework of a working group created within the CBR to address the development of statistical work and the optimization of reporting, with the participation of specialists from supervisory subdivisions of the CBR, as well as representatives of banks. The assessor’s discussions with industry participants suggested that at the present time there was scope to identify and eliminate some areas of overlapping and duplicative information requirements.
Assessment re Principle 10	Largely Compliant
Comments	The CBR has strong powers and rights of access to information and uses its inspection process to obtain assurance that it can depend on the substance and quality of information submitted by the banks. The CBR is in the course of introducing a number of important and valuable developments. These include the establishment of a dedicated department to the issue of valuation (covering all aspects); a move to an XBRL taxonomy for supervisory reporting; and the completion of scrutiny of audit firms who would be eligible to be instructed by the CBR to undertake specific inspections for supervisory purposes (i.e., firms who meet the criteria set out in Regulation 442-P). Not all of these developments can be finalized and implemented quickly—the XBRL project, for example, is expected to take two to three years. However, the changes are indicative of the CBR’s continuing progress. Equally, and where possible, the CBR adopts a professional approach to the introduction of new reporting requirements and the streamlining of existing requirements. It is, for example, the CBR’s practice when possible to test run new reporting requirements. It is also welcome that the CBR has an inter-departmental project to focus on the relevance and business need of the CBR’s existing reporting requirements. A continuing concern, and which persists since the last assessment, is that the CBR does not have the right to require the prompt notification of a material issue that has come to the attention of an external expert in the course of that expert’s work for the CBR on a supervisory matter. It may be stressed that an external expert has the right to contact the CBR and may of course exercise this option, but no obligation is placed on the external expert (except in cases of an official request from the CBR). At present the onus is, therefore, very much upon the CBR to request information, rather than imposing a notification obligation on either the supervised institution or a professional expert who has knowledge of the institution, to pro-actively inform the CBR of matters of material significance. It is strongly recommended that legislative amendments are made such that the CBR is able to impose this requirement. It is an issue of good practice that supervised institutions and professional service providers fully understand that they have a responsibility to ensure that the supervisor is in the position to exercise its own function as effectively as possible and in as timely a manner as possible. The CBR’s ability to intervene, for example, in a deteriorating situation is more likely to result in a successful outcome that protects the interest of depositors and the banking system, if the CBR is made aware of a material issue as soon as possible. This recommendation echoes the concerns and recommendations noted under CPs 9 and CP27.
Principle 11	Corrective and sanctioning powers of supervisors. The supervisor acts at an early stage to address unsafe and unsound practices or activities that could pose risks to banks or to the banking system. The supervisor has at its disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability to revoke the banking license or to recommend its revocation.
Essential criteria
EC1	The supervisor raises supervisory concerns with the bank’s management or, where appropriate, the bank’s board, at an early stage, and requires that these concerns be addressed in a timely manner. Where the supervisor requires the bank to take significant corrective actions, these are addressed in a written document to the bank’s board. The supervisor requires the bank to submit regular written progress reports and checks that corrective actions are completed satisfactorily. The supervisor follows through conclusively and in a timely manner on matters that are identified.
Description and findings re EC1	The legal foundation for corrective and sanctioning powers of the CBR is enshrined in Article 73 of the CBL according to which to fulfill its functions, the CBR “shall conduct inspection of credit institutions, give them instructions, which the credit institution must obey, to eliminated violations discovered in their work and involving the breach of federal laws and CBR’s regulations.” Article 74 of the same law determines the different types of measures at the disposal of the supervisors; some of them are preventive, others are coercive. However, whenever the CBR identifies a breach in prudential regulations or if the banks operate in a manner that jeopardize the interest of the depositors, the CBR by all means will resort to enforcement action. There is a constant dialogue between the relevant staff of the CBR (Credit Institutions Supervision Directorate) and representatives of the different hierarchy levels of every bank, which includes the supervisory board (BoD) and senior management. The intensity of this dialogue depends on the risk profile, size, and systematic importance of the different credit institutions. For systemic banks and banks that have received government funding support, the cooperation with the senior management of the banks is also carried out through the institution of dedicated supervisors and ARs of the CBR54 who constitute a permanent channel of communication (see below for more details). The CBR raises its supervisory concerns with the Bank’s management at different stages. This can take place during or at the end of the onsite visit (see CP8), as well as in an official letter in the cases when the deficiency is ascertained during the offsite analysis. Intensity of CBR’s intervention will depend on the seriousness of each case. If the deficiency identified by the CBR does not directly threaten the interests of the lending institution’s creditors and depositors and the further operation of the bank itself, the CBR will apply preventive measures in accordance with CBR Instruction 59 of March 31, 1997.55 These measures require full cooperation and commitment of the bank’s management bodies. The CBR’s concerns can be raised either during a meeting arranged with the bank’s management or in the form of a letter. The CBR will notify in writing to the Bank’s senior management the deficiencies identified and the action plan to be taken by the institution to redress the situation as well as a timetable for its implementation. This arrangement can also subject the bank to enhanced scrutiny until the final implementation of the action plan. In that regard, the monitoring of the fulfillment of remedial measures is ensured through regular written progress reports from the bank (item 1.12 of Instruction 59). In addition, the CBR can issue recommendations in certain particular circumstances, for example when the CBR has been tipped off by a third party. The bank will be recommended to take some corrective measures and in case of inaction, the CBR will resort to more prescriptive instruments. If the application of preventive measures described above does not attain the expected results, or in situations where the bank has committed serious breaches (e.g., violation of federal laws, regulatory acts or orders of the CBR, failure to submit compulsory information, submission of incomplete or inaccurate data, failure to disclose reporting statements or perform mandatory audits, etc.), the CBR will turn to enforcement measures as contemplated in the CBL, Article 74, Part 1. To that end, the CBR will issue an order containing detailed reference to specific provisions of federal laws and regulatory acts of the CBR that have been breached, the types of violations identified, the deadlines for their elimination, the specific compulsory measures being applied with respect to the breaches and a clear timetable for reporting to the CBR on progress made to restore the situation. More forceful sanctions, including revocation of the banking license (see EC 2 below) can be taken in case a bank does not comply with CBR’s orders or in cases where the bank operates in a way that poses a real threat to the interests of the depositors or to the stability of the system. In determining the type of sanctions to be applied, the CBR takes into account the nature and materiality of the violations and the factors contributing to their occurrence, the systematic nature of their commission, the overall financial condition of the lending institution, as well as its position in the regional and federal banking services market. The CBR Instruction 59 of March 31, 1997 spells out both preventive and coercive measures and stipulates the main conditions of their use. These enforcement measures are applied by the central administration and regional offices of the CBR. In accordance with the procedure established by CBR Directive 2387-U of January 26, 2010,56 enforcement measures are applied with respect to a lending institution as a whole, including those applied for violations committed by branches taken in aggregate. The CBR has also established mechanisms to monitor compliance with CBR’s orders or protocols. Its regional offices will follow up on the implantation by banks of their commitments. Said monitoring is performed on the basis of an analysis of the reporting statements submitted by lending institutions, sometimes on a daily basis. Further monitoring can also include onsite audits. The CBR is also able to regularly monitor remedial actions taken through its on-line “Remedial Measures Database.” This custom-developed software enables the CBR to determine progress on correcting enforcement actions at any bank through sorting information by institution, territorial office, or type of regulatory violation. As indicated at the beginning of this section, consultations are held regularly with the management, members of the BoD, and stockholders for the purpose of evaluating existing deficiencies and violations, discuss trends in risks and any strategy related issues. Effective cooperation with bank’s senior management is also carried out through the institution of dedicated supervisors57 and ARs of the CBR appointed for systemic banks and lending institutions that have received government funding support. These ARs of the CBR participate without voting rights in meetings of management bodies of lending institutions and also bodies of lending institutions that make decisions regarding lending issues and the management of its assets and liabilities. They play a role of interface between the CBR and the bank and can convey important messages to the credit institution, especially when there are matters of concerns (for more detail see the description of Criterion 1 of Principle 8). It is also noteworthy that, in accordance with CBR Directive 2005-U, the CBR performs at least once per quarter an evaluation of the economic condition of banks and a classification of banks. Information about the assignment of a bank to a classification group and about deficiencies in its activities that motivated its classification is sent by the CBR to the bank’s chief executive officer, with the recommendation that he communicates said information to members of the bank’s BoD (supervisory board) and to its collegial executive body.
EC2	The supervisor has available58 an appropriate range of supervisory tools for use when, in the supervisor’s judgment, a bank is not complying with laws, regulations or supervisory actions, is engaged in unsafe or unsound practices or in activities that could pose risks to the bank or the banking system, or when the interests of depositors are otherwise threatened.
Description and findings re EC2	The Russian enforcement regime for banks is governed by the CBL (Article 74), the banking law (Article 19) and by other regulations (e.g., the AML law59). The CBR is empowered to impose measures (discussed right below) when a bank or any of its administrators or shareholders have committed certain offenses detailed in the law, consisting of, inter alia, violation of the banking law and other acts including AML law, the CBR regulations, by-laws, and orders. The same regime will apply wherever a bank is threatening depositor’s interest, providing or disclosing incomplete or inaccurate information, ignoring CBR orders, engaging in money laundering operations, and carrying out transactions outside the ambit of its license. The CBR has available a wide range of supervisory tools to address situations where banks do not comply with laws and regulations or where banks engage in unsound practices. The CBR may, depending on its view of the seriousness and nature of detected shortcomings, take one or more of a broad selection of supervisory measures, if deemed necessary. These measures are of different nature and include administrative compulsory measures and administrative penalties. For example, in the cases when the shortcomings in the work of a bank do not pose an immediate threat to the interests of creditors and depositors, the CBR can instruct the bank to address the situation by adopting a series of measures. The remedial measures can take various forms, including asking the bank to cease a particular conduct, to eliminate a specific violation or to take certain actions to bring the situation back to normal. In more serious scenarios, in particular if a bank is considered financially unstable or represents a material threat to the interests of its depositors, the CBR can: restrict or suspend the performance of certain bank’s operations,60 including lending activities for a period of up to six months; impose a ban on certain transactions for a period of up to one year; request additional capital under certain conditions; prohibit payment of dividends and request a reduction in variable remuneration; force the bank to change its internal organization; instruct the bank to replace bank’s officials; impose a limit on the interest rates, limit certain operations like opening accounts with correspondent banks and non-banking credit organizations; restrict branch expansion; impose a ban for a period of up to one year, on operations with the parent credit institution of the banking group; restrict any transactions and dividend flows between the bank and the parent entity; place the bank under provisional administration. The CBR has the power to force a bank or a banking group to change their organizational structure only in specific circumstances, for example if a bank fails to fulfill CBR orders, or when violations, banking operations, or transactions carried out by the bank pose a real threat to the interests of its depositors. Under the new ICAAP regime (Ordinance 3883-U of December 7, 2015) to be implemented from 2016, in the event that the risk and capital management and internal control systems are found to be unsatisfactory, the CBR is empowered to issue an order requesting the bank to make the necessary adjustments in light of the nature and scale of the risks. This can include an increase of CAR, even if it is above the minimum threshold. Since 2014, the CBR can also prohibit a bank that is a member of the deposit insurance system from attracting deposits from individuals if certain conditions are no longer met. It is worthwhile noting that the CBR can combine administrative compulsory measures and administrative penalties where needed. Under certain circumstances, for example when a bank displays signs of possible insolvency, the CBR can also appoint a temporary administration for the management of the lending institution for a period of up to six months. In 2016, for example, a bank (ranking 63) was placed under temporary administration after it stopped making payments due to a cash shortage. The CBR is also empowered to use other types of sanctions consisting of “administrative penalties.” In effect, the CBL contains several provisions according to which financial institutions can be subjected to fines up to 0.1 percent of the minimum amount of statutory capital. The Russian Federation Code on Administrative Offenses (RF CAO) also permits the CBR to apply administrative penalties against lending institutions and their officials in cases specified in the Code. Fines can also be imposed on banks and their officials for violations with AML/CFT requirements (see CP 29 for more details). Compulsory measures can be imposed on shareholders as well. Article 74 of the CBL allows the CBR to send orders to the shareholders asking them to take measures to address CBR concerns. In the event that a stockholder does not comply with an order by the CBR, the voting rights at a general meeting can be suspended until the order is complied with or rescinded. The shares of the given stockholder will not be treated as voting shares and not considered for the determination of the quorum. Finally, in the most extreme scenarios stipulated in the law, the CBR can revoke the license, via a decision to be made by the Bank Supervision Committee of the CBR. The banking law, in Article 20, defines several circumstances under which a bank license can be revoked: for example, if the capital adequacy ratio of the credit institution falls below 2 percent; the amount of the bank’s own capital is lower than the minimal level of capital set by the CBR in accordance with BBL; the information used when issuing the license has been found unreliable; reported data have not been accurate; the bank has performed activities outside the ambit of its authorization; a credit institution is unable to meet creditors’ claims on money obligations. Since the issuance of the Federal Law 484-FZ of December 29, 2014, repeated violations of the AML/CFT provisions also constitute a ground for the mandatory revocation of a banking license. A license cannot be revoked on grounds other than those specified by this Federal Law. There have been multiple examples over the past few months of licenses being revoked by the CBR for serious breaches with prudential regulations and/or for suspicious activities (see below, comments section). In practice, the process for taking corrective measures and imposing sanctions follows a bottom-up approach. Territorial units of the CBR have full autonomy to make certain decisions in their area of competence (banks with capital under 5 billion rubles); however, the decision is taken in a collegial manner. In the regions, there are committees to discuss the relevance of certain sanctions and Territorial offices will consult with the supervisory department at headquarters. More severe measures however will have to be agreed upon by the BSC. Other critical decisions fall under the exclusive responsibility of the BCS, such as revoking a license or imposing a ban on retail deposit taking. For systemic banks, preventive and enforcement measures are to be made by the deputy-governor of the CBR in charge of SIFIs and further-reaching measures rest with the first-deputy governor or the Governor of CBR. In any case, the nearest physical CBR branch office will apply the measures and conduct follow up. Measures taken by local offices, regardless of their nature (preventive or prescriptive), has to be reported to the central level. All measures are uploaded and kept in a central database. Further, it is worthwhile noting that the CBR is maintaining a database on persons holding positions in banks (CEO, senior managers, board members, members of collegiate bodies, chief accountants) whose activities contributing to damaging the financial position of a credit institution or violated Russian Federation law and CBR normative acts.
EC3	The supervisor has the power to act where a bank falls below established regulatory threshold requirements, including prescribed regulatory ratios or measurements. The supervisor also has the power to intervene at an early stage to require a bank to take action to prevent it from reaching its regulatory threshold requirements. The supervisor has a range of options to address such scenarios.
Description and findings re EC3	The CBR has a wide range of options to intervene at an early stage to require a bank to take actions if it falls below established regulatory threshold requirements. For the purpose of preventing the violation of prudential ratios by lending institutions, the CBR has the right to apply preventive measures with respect to lending institutions as stipulated in the CBR Instruction 59. Preventive measures are applied at the early stages of the appearance of deficiencies in the activities of a lending institution. The CBR can issue a written order instructing the bank to hold additional capital or to improve banks’ financial position. Under the new ICAAP regime, the CBR can also act even though a bank may fulfill minimum regulatory requirements. As indicated to the team, it is common practice for CBR to raise its supervisory concerns at an early stage with management—via ongoing dialogue—and to require that these concerns be addressed in a timely manner. In that respect, the presence of designated representatives in systemic banks allows permanent communication channels so that the CBR can act preventively. As mentioned under EC 2, Article 20 of the banking law also defines conditions for revoking a license if, for example, the value of all equity capital adequacy ratios of a credit institution falls below two percent or if a credit institution fails to comply within the term set by paragraph 41, Chapter IX of the Federal Law on the Insolvency (Bankruptcy) of Credit Institutions with the CBR’s demand for bringing in line its authorized capital with the law.61 Written orders do not emanate solely from the results of onsite examinations. The supervisor may deem them necessary as a result of the offsite analysis or the results of bottom-up stress tests of the institution, which would suggest that, for example, a capital inadequacy issue is looming. Over the past years, the CBR has requested banks to increase their capital in several instances. As of January 1, 2015, the number of banks with equity capital less than RUB 300 million was 13, of which, in 2015, 2 banks were reorganized through mergers, two banks raised their equity capital above 300 million rubles, three banks had their banking licenses revoked, and five banks changed their bank status to that of a non-bank credit institution.62
EC4	The supervisor has available a broad range of possible measures to address, at an early stage, such scenarios as described in essential criterion 2 above. These measures include the ability to require a bank to take timely corrective action or to impose sanctions expeditiously. In practice, the range of measures is applied in accordance with the gravity of a situation. The supervisor provides clear prudential objectives or sets out the actions to be taken, which may include restricting the current activities of the bank, imposing more stringent prudential limits and requirements, withholding approval of new activities or acquisitions, restricting or suspending payments to shareholders or share repurchases, restricting asset transfers, barring individuals from the banking sector, replacing or restricting the powers of managers, board members or controlling owners, facilitating a takeover by or merger with a healthier institution, providing for the interim management of the bank, and revoking or recommending the revocation of the banking license.
Description and findings re EC4	As discussed under EC2, the banking law, Article 19, defines the general principle that govern CBR enforcement powers; it reads: “in case a credit institution violates federal laws, CBR regulations or instructions, required ratios, or fails to provide information or presents incomplete or inaccurate information, fails to perform a mandatory audit, and to disclose statements and an auditor’s report, fails to provide information to a credit history bureau, or commits any actions creating a real threat to the interests of depositors and creditors, the CBR shall be entitled to take supervisory measures against the credit institution as stipulated by the Federal Law on the Central Bank of the Russian Federation.” These measures can be imposed also on the parent company in case of banking groups. Article 74 of the CBL also contains several provisions that empower the CBR to act quickly. For example, if a credit institution violates federal laws or CBR normative acts or orders, the CBR has the right to require the credit institution to eliminate the violations, charge a penalty of up to 0.1 percent of the minimum amount of authorized capital, or prohibit the credit institution from conducting some banking operations for up to six months, including operations with the parent credit institution of the banking group. Additional and more forceful measures (described in detail under EC2) are also available to the supervisor if the bank fails to fulfill CBR’s orders or if the bank pose a serious threat to the interests of its creditors. Under the law on bankruptcy, Article 189.30 offers the possibility to restrict powers of the executive body of the bank by subjecting decisions of senior management to the previous authorization of a temporary administrator. This includes decisions on the transfer of bank’s real property under a leasing arrangement or as collateral. It also covers transactions with affiliated and RPs. Recent measures have also been passed to increase CBR’s enforcement powers, for example in the area of AML/CFT. Also, for the banks that are participants in the deposit insurance system and in accordance with the recent CBR Directive 3229-U of April 5, 2014,63 the CBR can terminate the bank’s right to attract funds for deposit from individuals and to open and maintain bank accounts for individuals if certain conditions are not being met or in case of serious deficiencies that persist beyond a certain period of time established in the law (Article 48, Part 1 of the federal law on the Deposit Insurance System). It is worthwhile noting that before visiting a bank for onsite examination purposes, CBR inspectors will collect information on any previous sanctions issued against the bank by using a software elaborated on the basis of reporting forms # 0409637 on “Information on Imposed Sanctions….” (CBR Inspection methodology 26-T of March 23, 2007). In light of the above, the CBR enjoys a broad range of possible measures to address at an early stage the scenarios described in EC 2, above. These measures are graduated to the gravity of the situation.
EC5	The supervisor applies sanctions not only to the bank but, when and if necessary, also to management and/or the board, or individuals therein.
Description and findings re EC5	In accordance with Article 74, Part 2 of the CBR law, the CBR can impose sanctions on bank’s management if the credit institution did not observe supervisor’s orders to eliminate violations identified in bank’s activities or if its operations have created a real threat to the interests of the depositors. In those cases, the CBR has the right to require the replacement of bank’s officials (identified as such in Article 60 of the CBL). The list includes the following individuals: chief executive officer and his deputies; members of the collegial executive board; members of the BoD (supervisory board); chief accountant and his deputy; chief accountant of a branch. In addition, the CBR can set limits on the amount of compensation and/or incentive payments to the persons above for a period of up to three years. Moreover, in accordance with the CAO, the CBR has the right to apply administrative penalties against officials in the form of warnings and administrative fines (see EC 2). Sanctions are also possible against persons holding controlling interest in the bank, directly or indirectly. In accordance with Article 72, Part 7, of the Law on the Central Bank, the CBR has the right to impose a ban on the adoption of decisions by a lending institution to distribute earnings among its founders (partners) and to pay (declare) dividends, and also to impose a ban on the distribution of earnings among its founders (partners), on the payment of dividends to them, on the fulfillment of requests by founders for the allocation of their stake (or part of their stake) or the payment of its actual value, or on the repurchase of the lending institution’s stocks. Such a measure is introduced by the CBR at the same time as the suspension of payment of principal and/or interest on a debt owed under an agreement on a subordinated credit (deposit, loan) or on bonds In certain situations, the CBR can appoint a temporary administration for management of the lending institution for a period of up to six months. This can be the case, for example, if the lending institution does not comply with CBR’s requests to replace the bank’s manager. There have been a few cases recently where the CBR applied sanctions against managers.
EC6	The supervisor has the power to take corrective actions, including ring-fencing of the bank from the actions of parent companies, subsidiaries, parallel-owned banking structures and other related entities in matters that could impair the safety and soundness of the bank or the banking system.
Description and findings re EC6	In accordance with Article 74 of the CBL, the CBR has the right to limit the performance of certain operations between the bank and its parent company or affiliated companies for a period of up to six months or to prohibit the performance of certain banking operations for a period of up to one year. The CBR can also take all the measures necessary to protect banks and banking groups from risks arising from entities with which they have structural links. In particular, to ensure safety and soundness, the CBR has the right to take against the parent company measures concerning the group as a whole or its individual components
EC7	The supervisor cooperates and collaborates with relevant authorities in deciding when and how to affect the orderly resolution of a problem bank situation (which could include closure, or assisting in restructuring, or merger with a stronger institution).
Description and findings re EC7	According to Article 189.20, the CBR is entitled to send a credit organization a demand for taking measures aimed at its financial rehabilitation and according to Article 189.45 the CBR is allowed to demand a reorganization of a credit institution in the form of merger or affiliation. Not later than the day following the date of the relevant decision, the CBR shall inform the DIA about: the issuance of the CBR’s permit for the bank; the decision taken on carrying out an inspection of the bank on the DIA’s proposal; the appointment of temporary administration; the revocation (annulment) of a license; the imposition of a moratorium on a meeting creditor’s claims; the replacement of a license; and the imposition of a ban on attracting deposits. According to Article 189.47 of Federal Law 127-FZ, the CBR has the right to submit a proposal for the DIA’s participation in measures aimed at preventing a bank’s bankruptcy if there is evidence that it is in an unstable financial position. The CBR can also submit a proposal for the DIA’s participation in the settlement of a bank’s liabilities if there is evidence that bank’s conditions create a threat to the interests of its depositors. The Laws of the Russian Federation do not contemplate the creation of a bridge bank but there are conversations with the Minister of Finance to introduce bail-in procedures to be able to write down or convert unsecured liabilities, which could result in legislation changes in 12 to 18 months. When a bank exhibits signs of instability that can endanger the interests of its creditors (depositors) and/or the stability of the banking system as a whole, both CBR and DIA examiners team up to analyze the bank’s financial position. The outcomes of this joint evaluation will permit a decision on the type of actions required, preventing bankruptcy, or settling liabilities. In addition, according to Article 27 of Federal Law 177-FZ, the DIA is entitled to propose that the CBR inspects a bank or takes measures against a bank. According to Article 189.47, the decision by the CBR of the proposal to prevent the bankruptcy of a bank should be taken by the Banking Supervision Committee of the CBR. No later than ten days after receiving CBR’s proposal, the DIA should inform the CBR on its decision to participate or refuse to participate in preventing the bankruptcy of the bank or in the settlement of the bank’s liabilities.64 In the case of refusal, the reasons need to be substantiated. For the prevention of a bankruptcy and according to 189.49 of Federal Law 127-FZ, once the proposal is accepted, the DIA needs to propose an implementation plan to CBR within 20 days of the DIA’s decision to participate. Subsequently, CBR is required to express its adoption/approval or refusal of the plan within 10 days. The cooperation between DIA and CBR is very close. As of today, the DIA has not taken a decision on inexpediency of participation in taking measures aimed at preventing bank’s bankruptcy. Refusal to rehabilitate a bank by the DIA has only taken place five or six times, and some of the reasons were the impossibility of selling the assets of the bank. In this case, the CBR revoked the license and the DIA proceed with the pay-out of insured deposits. Decision on bankruptcy prevention measures between 2011 and 2014 were taken in connection with 15 banks (in only one of which a purchase-and-assumption transaction was used), and several of them are still undergoing rehabilitation. In the majority of cases, these banks were acquired by other banks with financing provided by the DIA.
Assessment re principle 11	Largely Compliant
Comments	Overview of corrective measures and sanction practices In practice, the CBR has used a wide variety of measures and sanctions over the past years as shown in the tables below, including—albeit rarely—against individuals. In 2014, preventive measures were actively applied to credit institutions: written notices were sent to the management of 873 supervised banks; and 444 meetings with banks were held. Compulsory measures in the form of orders to eliminate violations were applied to 546 banks, fines were imposed on 133 banks, restrictions on certain transactions were imposed on 209 credit institutions, some transactions were banned in 64 banks and 53 banks were prohibited from opening branches. In 2015, preventive actions were applied to 822 banks and 673 Credit institutions were subject to enforcement actions (see table below). The CBR has also imposed multiples fines on banks over the past five years, including on state-owned banks. 212 banks were fined in 2015, 133 in 2014, 171 in 2013, and 192 in 2012. While the relevant laws and codes define the ceiling for administrative fines, it is not clear whether the CBR uses some guidance to determine the quantum of a fine. It is up to the CBR to decide based on the frequency of the infringement. The mission was told that discussions are currently taking place at the CBR to define processes for determining fines in connection with AML/CFT breaches. Issues related to AML/CTF laws were also considered in 48 percent of all completed scheduled and unscheduled inspections of credit institutions. As a result, during 2014, the consideration of 1,120 administrative offense cases was completed, with 319 adjudications on imposing fines (including 62 rulings with regards to executives of credit institutions), 539 adjudications on issuing warnings (including 290 rulings with regards to executives of credit institutions), and 262 adjudications to close administrative cases (including 75 rulings with regards to executives of credit institutions). Table 1. Number of Credit Institutions that Committed Violations and thus Subjected to Enforcement Actions in 2015 on the Basis of Article 74 of the Federal Law “On the Central CBR Federation”65 # Violation Number of credit institutions subjected to enforcement actions Total Preventive actions Enforcement actions Total including Fines Restrictions on specific activities Prohibition of specific activities Requirements Total number of CI subjected to enforcement actions *) 832 822 673 212 243 73 623 including for 1 Violation of the requirements for registration, licensing and of expansion activities of the CI 69 61 11 4 3 1 8 2 Failure to comply with regulatory standards for CI activities (one or more) 41 28 20 7 8 5 9 3 Failure to comply with the procedure for calculating the regulatory standard (one or more) 21 15 14 1 3 1 14 4 Failure to comply with the reserve requirements 60 14 51 50 0 0 6 5 Violation of the procedure for formation of the reserves for possible losses 551 397 452 46 176 62 445 6 Providing false statements 178 144 63 12 11 5 57 7 Violation of the order and timing of statements, as well as of its publication in the open domain 411 399 41 20 6 1 26 8 Failure to comply with the requirements within the prescribed timeframe 44 18 38 6 14 13 32 9 Violation of the provisions of Article 189.10 of the Federal Law “On Insolvency (Bankruptcy)” 20 12 14 0 9 5 8 10 Violation of the provisions of Article 189.19 of the Federal Law “On Insolvency (Bankruptcy)” in terms of the implementation of bankruptcy prevention measures 18 15 6 0 2 0 4 11 Reduction of equity (capital) 18 7 16 0 4 1 15 12 Violation of the currency legislation of the Russian Federation and the currency regulation and currency control instruments 64 45 26 15 5 0 13 13 Violation of legal provisions in the field of counteraction to legalization (laundering) of proceeds from crime and financing of terrorism, as well as violation of the requirements stipulated by Articles 6 and 7 of the Federal Law “On counteraction to legalization (laundering) of proceeds from crime and financing of terrorism” with the exception of article 7, paragraph 3 of the Law 467 319 360 103 115 10 296 14 Inadequate quality of the internal control system 27 23 10 3 3 1 9 15 Violation of the requirements for the development of internal bank regulations 81 64 38 2 8 2 34 16 Formation of the equity (capital) (parts thereof) sources with investors using inappropriate assets 42 31 13 0 3 0 13 17 Violation of accounting and reporting rules 252 216 119 22 45 9 112 18 Violation of the requirements of the Federal Law of 27.06.11 161-FZ “On the National Payment System” or related bylaws 40 32 18 3 5 1 16 Revocation of licenses has been quite significant over the past years, with an acceleration during 2015. In 2014 and 2015, the CBR revoked multiple banking licenses (86 and 93 respectively), citing the unsatisfactory quality of banks’ assets, the loss of capital, risky lending practices, and involvement in money laundering activities. There seem to be different objective factors that can explain this massive revocation of banking licenses and banks’ closures. First, the supervisory role and powers of the CBR have been reinforced; second, the tightening control in general over the banking sector; and third, stricter requirements, particularly in terms of professional qualifications for banks’ senior management. This also reflects a much more rigorous approach to eradicating cases of misconduct, bad management, and fraudulent practices in banks. The CBR has definitely made a large-scale effort to reinforce the banking sector, especially since the appointment of the current CBR Governor. It is also noteworthy that the Central Bank and executive authorities initiated actions and legislation aimed at minimizing the consequences of international economic sanctions against Russia and creating favorable conditions for business development in the country. In that context, in his Address to the Federal Assembly on December 4, 2014, the President of the Russian Federation advanced several major initiatives aimed at improving the business climate, including the so-called “supervisory holidays.” This initiative allows a company that has acquired a reliable reputation and for three years had no significant complaints, to be free for the next three years of routine checks by the State, and there will also be no municipal control. The mission was told that the “supervisory holidays” do not apply to financial institutions. Decisions on sanctions are made public, which is a good practice in assessors’ opinion. They are disclosed on the CBR website, clearly stipulating the name of the bank, the type of sanction and the ground that led to the decision. CBR internal processes and enforcement powers All measures described under EC 2 are taken by the CBR at its own discretion, on a case by case basis, and in a collegial fashion. Article 74 of the CBL stipulates in that regard that the CBR “shall have the right to” or the CBR “shall be entitled to”. As a result, if a bank does not pose a threat to the system or if the violation is minor, the CBR can discuss options to address the problem. In more serious circumstances, the CBR will send an order to instruct the bank to take certain measures or to stop certain operations. If case of glaring deficiencies, the CBR adopts more forceful decisions. In making its determination, the CBR takes into consideration several factors or circumstances such as (i) the gravity of the violations and their occurrence; (ii) the general financial state of the bank; and (iii) its position in the market, either at federal or regional level. The authorities also look at issues from a bankruptcy perspective. In case of systemic banks, the potential impact of a sanction will be analyzed to avoid spill-over effects on the rest of the system. Instruction 59 of March 31, 1997 on “Penalizing Credit Organizations for Violating Prudential Standards” stipulates the cases in which preventive measures are preferable to coercive ones and vice versa, while leaving the CBR enough room to maneuver. It recommends using preventive measures as a first step in making the credit organization change its ways, provided that its management and, if necessary, participants (shareholders) act in a constructive and responsible manner. Coercive measures are recommended when the violations committed by a credit organization make such measures inevitable and when it is clear that preventive measures alone would not be enough to make the bank change its behavior. However, Instruction 59 has not been made public and up to now it has been an internal document only. The instruction is now being revised since a reform introduced in 2014 with the view to make the enforcement process more transparent. The new instruction is expected to be finalized sometime in the first half of 2016. The establishment of transparent procedures is highly desirable to establish stronger confidence among the industry in CBR’s processes in relation to sanctions. There is a sentiment among market participants that equal treatment by the CBR might not always be achieved. In that respect, a recent case was mentioned in which the Ninth Court of Appeals of the City of Moscow ruled in favor of a bank and overturned the decision of the first-instance court on the grounds that the CBR could have levied a lighter penalty. In 2014, 14 cases of revocation where challenged in justice, one was ruled against the CBR; in 2015, 22 cases took place with no overturn. As for orders against credit institutions (regional branches), 23 were challenged in 2014, 2 of which were overturned. In 2015, 3 cases were ruled against CBR out of 46. The BCP assessors also noted in the law the following limitations. Article 74 of the CBL stipulates that when a violation has been committed by a shareholder (e.g., failure to disclose information on controlling interest, failure to take prompt action to prevent bank’s bankruptcy or any misdeed causing the bank to violate prudential ratios), the CBR shall no later than 30 calendar days from the day of discovering the violation send an order to the shareholder to redress the violation; besides, the CBR’s order is possible if no more than one year has passed since the violation was committed. This provision suggests that any gross violation older than one year cannot be subject to any CBR action. Further, if the CBR misses the 30 calendar day’s window to act, it is considered to have violated the law and any interested party could sue the CBR for “inaction”. The CBR told the mission that this window of 30 days is large enough as it starts when the facts (justifying the issuance of an order) have been established; which give one month to process the order. The CBR also indicated that the window of 30 days has never been missed. In assessors’ opinion, this provision provides some form of impunity to negligent shareholders and creates a reputational risk—yet theoretical—for the CBR if the bank goes bankrupt. The mission was told that the legislator’s intention was to protect shareholders. Another limitation can be found in Article 74, last two paragraphs that limits the possibility of CBR to take any enforcement measures (contemplated in the same article) if five years have passed since the violation were committed. The same paragraph stipulates that the CBR “may appeal to court to recover a fine from a credit institution or apply some other sanctions against it, stipulated by federal laws, no later than six months after any of the violations (listed in parts one to four of Article 74) was recorded. The CBR told the mission that this limitation has no practical impact on CBR’s operations; since supervision is exercised on an ongoing basis and banks are subjected to an onsite visit every two years, the probability to discover violations older than five years is very low. Against this background, the five-year statute of limitation appears adequate. Recommendation: Explore possible amendments to the CBL to: - permit the CBR to take enforcement measures against shareholders who violated the law or CBR’s regulations, even if the violation is older than one year; - augment the 30-day timeframe during which the CBR has to send on order to a party who committed a violation; and - provide the CBR the possibility to impose changes in banks’ internal organization and structure. Complete the revision of Instruction 59 on “Penalizing Credit Organizations for Violating Prudential Standards” so that criteria for sanctions used by CBR become more transparent. Establish formalized guidelines for determining the quantum of an administrative fine. Increase number of sanctions against individuals (namely bank’s senior executives, board members and shareholders).
Principle 12	Consolidated supervision. An essential element of banking supervision is that the supervisor supervises the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential standards to all aspects of the business conducted by the banking group worldwide.66
Essential criteria
EC1	The supervisor understands the overall structure of the banking group and is familiar with all the material activities (including non-banking activities) conducted by entities in the wider group, both domestic and cross-border. The supervisor understands and assesses how group-wide risks are managed and takes action when risks arising from the banking group and other entities in the wider group, in particular contagion and reputation risks, may jeopardize the safety and soundness of the bank and the banking system.
Description and findings re EC1	Banks, banking groups and bank holding companies To preface the discussion on consolidated supervision, it may be helpful to note the specific powers granted to the CBR in respect of consolidated supervision under the CBL and certain specific definitions that are used in the BBAL. The CBR’s obligation to conduct consolidated and solo supervision flows from the CBL (Articles 4, 56, and 57). The CBL requires the CBR to exercise supervision over individual banks and banking groups. It further establishes the CBR’s right to obtain information and analyze the activities of “bank holding companies” for the purposes of banking supervision over credit institutions and banking groups integrated into bank holding companies. In other words, the CBR has direct powers of supervision in respect of individual banks and banking groups but has information gathering powers over bank holding companies (BHC). The BBAL provides the definition of a banking group and the definition of a BHC. Under the BBAL (Article 4), a banking group is defined as an association of legal entities in which one or more of the entities are under the control or significant influence of a bank. The definitions of control and influence are taken from IFRS. In terms of powers, the CBR has information gathering powers under the CBL (Article 57) in respect of banks and banking group, including the right to demand further elaboration and explanation of any information received. Thus, under Article 57, the CBR “shall have the right to request and receive from credit institutions, the parent credit institutions of banking groups and the parent organizations of bank holding companies’ information on the activities of credit institutions, banking groups and bank holding companies, respectively, including data on the members of banking groups and bank holding companies other than credit institutions, and demand elucidation of the information received.” Further, Article 57 clarifies that the CBR may set regulations that are “binding for bank holding companies, for compiling and presenting data required for assessing the risks of a bank holding company and conducting supervision of credit institutions participating in a bank holding company.” However, the term bank holding company, as defined by the BBAL (Article 4), does not denote an entity that is a holding company for a banking group. In practice the BBAL definition for a BHC describes what may be more readily understood as a “bank holding company group” rather than a parent entity of a bank holding group. The BBAL definition is noted below, for completeness, but in practice a “BHC group” contains at least one bank, which is not the parent entity, and which is under the control of a parent entity of a BHC group, and the overall balance of business in the BHC group must be no less than 40 percent banking activities, measured according to a CBR methodology that assesses the ratio of assets and/or revenues of the credit institutions to the BHC group as a whole. As in the case of banking groups, members of a BHC are identified by using definitions of control and significant influence in accordance with IFRS. The definition of BHC (BBAL, Article 4, as amended in 2013) is as follows: “the association of legal entities, with such an association not being a legal entity (afterwards referred to as the members of a BHC), including at least one credit institution controlled by a legal entity other than a credit institution (afterwards referred to as the parent organization of a BHC), as well as other (if any) legal entities (other than credit institutions) that are under control or significant influence of the parent organization of the BHC or participate in the banking groups of credit institutions that are members of the BHC, provided that the share of banking operations assessed on the basis of the CBR’ methodology, accounts for no less than 40 percent of the activities of the BHC.” Understanding the structure of banking groups Supervisory process: The CBR establishes supervisory groups responsible for consolidated supervision of banking groups that include representatives from different CBR’ Departments (Section 1.3, the CBR’ Regulation 3089-U). At the time of the assessment there were over 120 banking groups in Russia. There are a range of CBR regulations setting out the CBR’s supervisory and reporting requirements for banking groups, including prudential requirements. Reporting submissions are made by the parent entity of the banking group. The key regulations are: Regulation 3089-U re the procedure for supervising banking groups; Regulation 3876-U re disclosure of information for parent banks of banking groups; Regulation 2923-U re disclosure and submission of consolidated financial statements by the parent banks of banking groups; Regulation 509-P on capital, prudential ratios and limits of open FX positions of banking group; Regulation 510-P on the Liquidity Coverage Ratio on a consolidated basis for systemically important banks; Regulation 462-P on consolidated statement and other information on the activity of the banking group; Regulation 2332-U on reporting forms and submissions of banking groups. Reports made to the CBR by the parent of the banking group include: annually, or in the event of changes or at the CBR’s request: Statement on the composition of the members of the banking group; quarterly: Consolidated balance sheet; Statement on financial results, capital calculation, statutory requirements of BG and open currency positions; monthly: or in the event of non-compliance with the minimum requirements (actual or expected) or at the CBR’s request: Liquidity Coverage Ratio on a consolidated basis for systemically important banks. The CBR uses the reported information to identify the core activities of the banking group and of the major entities within the banking group. Asset size, concentration and location are included in the CBR assessment. RPs are also assessed (please see also CP 21) on the basis of information supplied in reporting submissions on lists of RPs and list of RPs of credit institution’s owners. Group wide risk management Under the CBL, notably Articles 571 and 572, the CBR sets the risk, capital management, internal controls, capital adequacy and liquidity standards for banking groups as well as for individual credit institutions. The CBR has articulated its standards in the following regulations: Regulation 3624-U and Regulation 3883-U On requirements for risk and capital management and ICAAP assessment; Regulation 242-P on internal controls; Regulations 509-P on calculation of required capital ratios and net open positions; Regulation 510-P with Annex 1 on the sound principles of liquidity RM in systemically important banks; and Regulation 3223-U On qualification requirements for significant individuals in the institution, including Head of Risk, Head of Internal Audit Division and Head of Internal Control. The supervisory process for banking groups is consistent with the supervisory approach described in CP8. There is quarterly monitoring of the banking group’s reporting, and on a semi-annual basis there is an assessment of the banking group. The assessment is based on Regulation 3089-U and includes, for example: an overview of BG’ structure; main activities (including foreign operations) and market position; an analysis of BG’ consolidated balance sheet (including dynamics and composition); consolidated financial results (including dynamics and composition); equity (capital) structure (including dynamics and composition); required ratios (for example, regarding credit risk, liquidity risk, FX risk); and main risks (in particular, credit risk, liquidity risk, market and FX risk, OR, contagion risk, reputation risk). As noted in CP9, the CBR aims to confirm its understanding through an onsite inspection program. The inspections are coordinated (by timing and scope) of the members of the banking group (banks and non-bank financial institutions) with the intention of obtaining a fuller picture that is not possible from stand-alone inspections of a banking entity. The Systemically Important Banks Supervision Department has already participated in and plans to continue to coordinate and develop bank and non-bank offsite supervision and inspections (banking groups’ members) with the responsible departments in the CBR. The main criteria in scoping the inspections was the significance of the influence of respective members of the financial group, though SIBSD’s view is that there are no non-bank members of the banking groups supervised by SIBSD that exert significant influence on the banking group activity. The Chief Inspectorate organizes the coordination based on proposals submitted by the relevant departments (as also discussed in CP9). To assist in the coordination of the joint inspections, the CBR creates an analytical group which organizes information exchange between the working groups which are conducting the coordinated inspections. Information exchange is performed at all stages of carrying out inspections (prior to, during and after the end of the inspections. The Chief Inspectorate of the CBR carried out the coordinated inspections of: 14 non-credit financial institutions and 12 credit institutions—in 2014; 18 non-credit financial institutions and 10 credit institutions—in 2015; and further coordinated inspections are planned in 2016. Coordinated inspections in support of consolidated supervision of banking groups are also performed. In 2014, there were coordinated inspections of 3 banks that were members of the same banking group, and in 2015, there were 4 such inspections, with 11 further inspections planned for 2016. Bank holding group The definition of a BHC is discussed above. The CBL (Article 57) empowers the CBR to set the standards for BHCs to submit information necessary for the CBR to conduct effective supervision of credit institutions who are members of BHC groups. The parent of a BHC is obliged to notify the CBR if a BHC is formed, and if a management company of the BHC is formed, including the authority assigned to such a management company (Regulation 3780-U). The parent of a BHC, pursuant to the BBAL (Article 43) and the CBR regulations (Regulation 3777- U) must submit semi-annual reports to the CBR on the risks. This comprises: information on the BHC’s risks (also at the request of the CBR); statement on the structure of the BHC and on the shares in investment funds (also at the request of the CBR); information on the parent organization of a BHC including its responsibilities. On an annual basis, the parent of the BHC submits financial statements, the independent auditor’s conclusion, (3087-U—on disclosure and presentation of consolidated financial statements by the parent entities of BHC groups) and information on the BHC’s risks, necessary for the supervision of the banks that are members of the BHC group. The CBR may also require information from the parent organizations of the BHC’s groups regarding the activity of these groups, including the information about the non-bank members of the group and any further necessary explanations. The CBR exercises these powers but does not meet with and may not conduct inspections of the parent organization of the BHC groups. In the event of any legal violations, the CBR has powers to restrict the operations between the bank and the members of the wider BHC group, including the parent entity, for up to one year should there be legal violations. For context, as of July 2015 there were 42 BHCs in Russia. The parent entities of these groups (that is 29 companies or about 70 percent of the total number) are active in a range of nonfinancial sectors (such as construction, commerce, advertising, food industry, agriculture, and broadcasting).
EC2	The supervisor imposes prudential standards and collects and analyses financial and other information on a consolidated basis for the banking group, covering areas such as capital adequacy, liquidity, large exposures, exposures to RPs, and lending limits and group structure.
Description and findings re EC2	As noted in EC1, the CBR’s powers to exercise supervision of banks and banking groups is established in the CBL (Article 56) and the reporting and information requirements are also discussed in EC1, above. The CBL (Article 62) grants the CBR the power to impose a range of required ratios at banking group as well as solo level. These include, maximum non-monetary contributions to the authorized capital of a bank; maximum risk per borrower or a group of related borrowers; the maximum amount of high credit risks; the liquidity ratios; the own funds (capital) adequacy ratios; the amount of FX, interest rate, and other financial risks; the minimum amount of provisions created for risks; the ratios for a credit institution to use its own funds (capital) to acquire shares (stakes) of other legal entities; the maximum amount of loans, bank guarantees, and sureties provided by a credit institution (a banking group) to its shareholders (members); and the maximum risk per counterparty related to the credit institution (group of parties related to the credit institution). Reporting is on a consolidated and standalone basis. The CBR analyses the information on liquidity on a consolidated basis for the banking groups. Additionally, BGs’ parent companies are required to submit, quarterly, information on risks, risks assessment, RM, and capital management (Regulation 3876-U). Group structure is reported and monitored for banking groups as noted in EC1 above.
EC3	The supervisor reviews whether the oversight of a bank’s foreign operations by management (of the parent bank or head office and, where relevant, the holding company) is adequate having regard to their risk profile and systemic importance and there is no hindrance in host countries for the parent bank to have access to all the material information from their foreign branches and subsidiaries. The supervisor also determines that banks’ policies and processes require the local management of any cross-border operations to have the necessary expertise to manage those operations in a safe and sound manner, and in compliance with supervisory and regulatory requirements. The home supervisor takes into account the effectiveness of supervision conducted in the host countries in which its banks have material operations.
Description and findings re EC3	The supervision over most foreign operations carried out by Russian banks is conducted by SIBSD, as volume of cross-border operations is a qualifying criterion for a bank to be recognized as a D-SIB and as a consequence to be supervised directly by the CBR head office. This also implies that the banks with significant volumes of foreign operations have an AR of the CBR (see CP1 EC5) able to provide additional information and insight into the operation and management of the banking group. In terms of powers and information gathering, CBL grants the CBR powers of group wide supervision covering, inter alia, RM and controls (Articles 571 and 572), and the BBAL imposes an obligation on banking groups to ensure adequate risk and control management, which is further elaborated in Regulation 242-P. The CBR obtains a range of information, such as: foreign operations of banks and banking groups—Regulation 2332-U); consolidated supervision reporting—Regulation 462-P; loan loss reserves in respect of residents in offshore zones—Regulation 1584-U; liquidity, where with the advent of the CBR’s implementation of the LCR on a consolidated basis for systemically important banks from January 1, 2016—Regulation 510-P—banking groups are required to manage their liquidity risk taking into account the availability of assets for transfer between the banking group member and the parent credit institution; and the CBR’ regulation also sets a treatment of the operations of the bank’s foreign branches and subsidiaries conduct for short-term liquidity purposes. Direct information on banks’ management of and oversight of risks in non-domestic subsidiaries is obtained through meetings and onsite inspections, the latter of which are used to examine the quality of banks’ documentation for internal risk governance (credit, market, exchange rate, liquidity risk, etc.), whether those documents conform to established standards, and whether the documents are adhered to in practice. The CBR has not been informed of any hindrance experienced by parent banks in obtaining information on their foreign branches and subsidiaries. With respect to the assessment of the quality of local management of cross border operations, the CBR’s policies and practices appear to be more limited. The CBR noted that it has regard to the qualifications for the heads of RM and internal audit and internal controls in banks—these qualifications are established by Regulation 3223-U—and assesses whether these standards are met in the course of its internal control assessments. The comments from the CBR indicated that the process is largely reliant on evaluation of RM and control systems, particularly through internal compliance documents. If the CBR notices risks or deficiencies that might affect the control of foreign operations, it may ask questions, point out failings, and of course if necessary adopt formal measures. Information could also be obtained through the ARs, and the CBR indicated that in case of concern the management would be called in for a meeting. The CBR’s approach to assessing the effectiveness of supervision conducted in the host countries in which its banks have material operations is primarily based on analysis of reports submitted by the banks and banking groups. These reports contain information on foreign operations and branches (Regulation 2332-U). The CBR also has right of access to internal documents of the banks and banking groups.
EC4	The home supervisor visits the foreign offices periodically, the location and frequency being determined by the risk profile and systemic importance of the foreign operation. The supervisor meets the host supervisors during these visits. The supervisor has a policy for assessing whether it needs to conduct onsite examinations of a bank’s foreign operations, or require additional reporting, and has the power and resources to take those steps as and when appropriate.
Description and findings re EC4	The CBR has the authority (CBL Article 73) to inspect the non-domestic activities of banks and their banking groups. Additionally, the CBR (CBL Article 51) may request supervisory information from the supervisory authority in the relevant jurisdiction concerning the non-domestic entities, including inspection reports. Such information is subject to professional secrecy constraints. Information exchange extends to non-domestic financial market regulators and is based on IOSCO multilateral MoUs; international treaties’ and bilateral treaties as relevant, providing that professional secrecy is observed. The CBR has limited experience of visiting the foreign operations of domestic banks. The assessors were informed of one example when, in 2014, an onsite inspection of the branch of a Russian bank located in Cyprus was carried out. The inspection was coordinated to take place simultaneously with an inspection of the parent bank. The Russian and Cypriot authorities cooperated, and exchanged information and inspection findings. In practical terms, the same regulations that govern inspections in the Russian Federation also govern the CBR in any inspection it would wish to undertake in another jurisdiction. (Regulation 147-I on inspection rubric and also Regulation 3463-U.) Any such inspections would also take place in the context of agreed MOUs. In identifying such inspections, the CBR would take into account the significance of the subsidiary or branch to the parent bank, financial condition of the bank, the reliability of its reporting, and results of previous onsite inspections when determining the frequency of its inspections. The CBR noted its practice would be to share and discuss the findings of such onsite inspections with the host supervisors.
EC5	The supervisor reviews the main activities of parent companies, and of companies affiliated with the parent companies, that have a material impact on the safety and soundness of the bank and the banking group, and takes appropriate supervisory action.
Description and findings re EC5	While Regulation 415-P is primarily aimed at assessing the suitability of a prospective shareholder taking a stake over 10 percent, it also includes criteria for assessing the financial position of corporate entities holding—directly or indirectly—over 10 percent of equities (shares) of the bank and measures aimed at improving the unsatisfactory financial position of the specified entities. Under the terms of Regulation 3089-U, the CBR (semi-annually) undertakes a supervisory assessment of banking groups, which contains, in particular, an overview of parent companies’ activity (see EC1). As noted above, the CBR coordinates onsite inspections for the members of a banking group or BHC group. There were a number of such onsite inspections during 2015, organized in different formats (duration, focus, etc.). However, intra-group transactions are a key focus of the onsite inspections, where the inspectors wish to determine that there is a valid economic rationale for transactions. On a related point, coordinated inspections of credit institutions facilitated the identification of signs of “circular” transactions within the banking group where the economic justification appeared insufficient; and also sought to identify where transactions between the bank and its clients might have a significant impact on the stability of the group. In other words, the general objective of the CBR inspections is to uncover the general risks of the banks in the group, whether banks are concealing the true levels of risk and the degree of banks’ involvement in related party lending.
EC6	The supervisor limits the range of activities the consolidated group may conduct and the locations in which activities can be conducted (including the closing of foreign offices) if it determines that: (a) the safety and soundness of the bank and banking group is compromised because the activities expose the bank or banking group to excessive risk and/or are not properly managed; (b) the supervision by other supervisors is not adequate relative to the risks the activities present; and/or (c) the exercise of effective supervision on a consolidated basis is hindered.
Description and findings re EC6	The CBR has ex ante powers to restrict the geographic reach of a bank but not of a non-bank member of a banking group or BHC group (please see CP7). The CBR must grant explicit permission for a bank to establish a non-domestic branch (BBAL Article 35). A bank must meet minimum criteria—Regulation 290-P—in order to obtain permission to create or acquire a subsidiary in a foreign jurisdiction (e.g., meeting the CBR reserve requirements). In such cases, the CBR must also consider the economic feasibility of the proposal. Should the proposal not meet these requirements or if the proposed subsidiary is in a country or territory classified by Russian Federation statues as non-cooperative for the purposes of AML/CFT, the CBR will deny permission. The quality of host-state supervision or the influence on the effectiveness of consolidated supervision are not factors that are explicitly considered. Should the CBR determine that the activities of a bank, a banking group, or a BHC group could endanger the interests of depositors or the banking system (CBL Article 75), its powers under CBL Article 74 are triggered. These powers provide that the CBR may restrict the activities of a bank in a number of respects, including the structure of its assets or its organization. However, although the activities and location of a bank and its branches can be addressed by CBL and, as noted above, the opening new branches may be explicitly prevented, the CBR lacks the powers to oblige the closure of a foreign branch or subsidiary. The powers under CBL Article 74 fall short of providing the CBR with the ability to limit the type or location of an activity by a non-bank member of the banking group or BHC group.
EC7	In addition to supervising on a consolidated basis, the responsible supervisor supervises individual banks in the group. The responsible supervisor supervises each bank on a stand-alone basis and understands its relationship with other members of the group.67
Description and findings re EC7	The CBL (e.g., Articles 57, and 57,1 and 572) establishes that the CBR exercises supervision in respect of individual banks and also banking groups. Pursuant to the CBL, the CBR conducts its supervisory activities on both a stand-alone and consolidated basis. Also, in accordance with the CBL (Article 67), the CBR applies a principle of capital conservation to ensure that a bank does not distribute profits to its parent entity until it has met the minimum level of capital adequacy. The CBR noted that its chief tool for intra-group transactions monitoring is through the supervision of a bank on a solo basis. The CBR monitors distribution of capital and liquidity through the group, not least through the monitoring and assessment of required ratios, and taking all risks into consideration, adjustments to the supervisory plan for a banking group are discussed at the relevant supervisory group meeting.
Assessment of Principle 12	Largely Compliant
Comments	The assessors agree that subsequent to the last assessment, the legal and regulatory framework in respect to consolidated supervision has been significantly developed and enhanced. A number of material deficiencies were noted in the targeted assessment of 2011 which have been resolved by the passage of legislation that was anticipated at the last assessment. Enhancements include: powers to act in the event of violations committed by the parent entity of a banking group, such as to impose restrictions on transactions between the bank and its the parent or group entities (CBL, Article 74); enhanced scope of information exchange with non-domestic regulatory agencies (CBL Articles 51 and 511); information exchange with domestic regulatory agencies facilitated by the merger of the sectoral regulators into the CBR; expanded definition of direct and indirect influence, based on IFRS (BBAL, Article 4); introduction of regime for Bank Holding Groups. The regulatory and legal changes are, nevertheless, still relatively recent and the practical application and supervisory practice based on the new framework is yet to be substantively demonstrated. The assessors believe that the CBR will build up its track record if it continues on its current path, but has not yet had the opportunity to do so. The assessors appreciate that the CBR has already instituted the practice of coordinated inspections of banking and nonbanking entities within consolidated groups. The assessors are also aware that much focus of inspection work is to uncover the nature and extent of intra-group exposures, including to wider group entities that fall outside of the banking consolidation. In considering this principle, the assessors noted that the cross-border dimension of consolidated supervision is still mostly undeveloped (for illustration, assets due to foreign individuals and entities, on a consolidated basis represent approximately 10 percent of the banking sector’s assets). The CBR does not conduct onsite inspections of foreign establishments of Russian banking groups and has not yet clearly scrutinized the Russian banking groups’ management abilities and oversight in managing their non-domestic interests and activities. The CBR has not explicitly considered whether the supervision and oversight by host supervisory authorities is effective or sufficient to the complexity and activities of the foreign establishments. Similarly, as noted in CP5, the mission could not determine whether the CBR routinely confirmed whether a home supervisory authority practiced consolidated supervision at the time a new branch or subsidiary wished to establish in the Russian Federation. In terms of whether cross border establishments are significant for the Russian banking group (or indeed for the host jurisdiction), these supervisory tasks may not be the most urgent priority in a risk based context, but such assessments are still necessary. Greater priority should be placed on establishing whether banking groups with foreign interests have the requisite skills and are exercising effective management and oversight of these subsidiaries and branches. Some legal gaps remain and are a hindrance to the CBR and relate to the perimeter of the consolidation. First, the supervisor may not require the closure of a foreign branch of a Russian bank. Secondly, the supervisor may not prevent the acquisition of a non-bank financial entity by a banking group. This second issue is discussed and graded in the context of CP7, but the issue is important in relation to the effectiveness of consolidated supervision as a banking group might expand in size or in its activities in directions that the group is not able to manage prudently. An ex-post power to restrict or close activities is a second best option in these situations because the damage to the stability of the banking group may already have been sustained.
Principle 13	Home-host relationships. Home and host supervisors of cross-border banking groups share information and cooperate for effective supervision of the group and group entities, and effective handling of crisis situations. Supervisors require the local operations of foreign banks to be conducted to the same standards as those required of domestic banks.
Essential criteria
EC1	The home supervisor establishes bank-specific supervisory colleges for banking groups with material cross-border operations to enhance its effective oversight, taking into account the risk profile and systemic importance of the banking group and the corresponding needs of its supervisors. In its broadest sense, the host supervisor who has a relevant subsidiary or a significant branch in its jurisdiction and who, therefore, has a shared interest in the effective supervisory oversight of the banking group, is included in the college. The structure of the college reflects the nature of the banking group and the needs of its supervisors.
Description and findings re EC1	The CBR, as home supervisor, has established supervisory colleges for two international banking groups (Sberbank and VTB) and participates in the college arrangements for a further ten international groups (domiciled in Austria, China, Cyprus, Germany, Hungary, India, Italy, Netherlands, and the U.K.). In order to enhance the supervision of banking groups, the CBR forms a supervisory team (described by the CBR as a form of domestic college arrangement) for a banking group when certain conditions are met. One of these conditions is whether the bank has a subsidiary on the territory of a foreign state which is supervised by a central bank or another supervisory authority of a foreign state authorized for banking supervision (point 1.3 of Regulation 3089-U). Representatives of a foreign state banking supervisory authority are included in its members subject to the consent of this authority (point 1.4 of the CBR Regulation 3089-U). With respect to domestic organization, the number and composition of the supervisory team for the banking group, including changes in its structure, and distribution of powers between its members, is defined taking into consideration the character and the scale of operations that are carried out in the banking group, and the level and the combination of risks accepted by the banking group. In passing, it may be noted that the other two conditions for a supervisory team to be formed are (a) when the parent bank is a systemically important credit institution as defined and (b) when the parent bank is formally identified by the CBR as exhibiting significantly negative signs. The scope of information that is provided to host supervisory authorities customarily covers the following issues: current situation and main risks of the Russian banking sector, an overview of banking supervision in Russia, regulatory framework, overall profile of the banking group, the role and position of the banking group in the Russian banking system, performance highlights of the banking group, and results of recent onsite inspections.
EC2	Home and host supervisors share appropriate information on a timely basis in line with their respective roles and responsibilities, both bilaterally and through colleges. This includes information both on the material risks and RM practices of the banking group68 and on the supervisors’ assessments of the safety and soundness of the relevant entity under their jurisdiction. Informal or formal arrangements (such as memoranda of understanding) are in place to enable the exchange of confidential information.
Description and findings re EC2	Cooperation, information exchange and interaction between the supervisory team responsible for a banking group with a non-domestic bank and the relevant foreign supervisory authority in the supervision of the banking group is set out in Regulation 3089-U (see, for example, Sections 4.1, 5.3, and 5.4). Based on recent legislative amendments (please see CP3, EC 5), the updated version of a draft MoU in banking supervision with a foreign supervisory authority includes provisions aimed at enhancing cooperation with foreign supervisory authorities specifically in relation to resolution and crisis management, including notification of resolution measures, measures to protect deposits in a parent institution, measures for cross border liquidity support, or other support measures. All information exchange must comply with national legislation, including professional secrecy and confidentiality. The updated version of the MoU, including the procedures for cooperation in resolution, was signed with the Financial and Capital Market Commission of the Republic of Latvia on October 2, 2015. As noted in EC 2 of CP 3, the practical implementation of cooperation agreements (MoUs) covers: the regular exchange of information on arising supervisory issues, with the closest cooperation links established with supervisory authorities of the following countries: Austria, China, Cyprus, CIS countries (especially countries of the Eurasian Economic Union—Belarus, Kazakhstan, Kyrgyzstan), Germany, Hungary, Latvia; regular high-level meetings and meetings of experts from supervisory authorities of Austria, China, Germany, Hungary, Kazakhstan; cooperation, meetings, and information sharing in the framework of supervisory visits and onsite inspections carried out by home country supervisors in Russian members of international banking groups; and regular update of lists of contacts. In practical terms, most exchange of information has been on the basis of bilateral contacts within the past five years. However, colleges of supervisors are held for the two internationally active Russian banking groups on a regular basis. Other, broader, college meetings for cross border banking groups have also been held recently, for example with the Kazakhstan National Bank in 2015 for banking groups that were active in both countries. Bilateral meetings are held with the Chinese Banking Regulatory Commission (CBRC) on a regular basis. The frequency of supervisory college meetings where CBR takes part as a host-member is defined by the home supervisory authority. The usual frequency is once or twice a year. In terms of general issues, it would be normal for the following to be discussed: evaluation of the financial situation of banks—members of the group; assessment of the financial position of the group on a consolidated basis; risk assessment—for some colleges the home supervisor asks all college members to complete questionnaires on risk assessment; plans for oversight activities; and recovery plans. The CBR is also in the process of seeking to establish a MoU with the ECB. Please see CP3 for a discussion of cooperation agreements.
EC3	Home and host supervisors coordinate and plan supervisory activities or undertake collaborative work if common areas of interest are identified in order to improve the effectiveness and efficiency of supervision of cross-border banking groups.
Description and findings re EC3	The CBR engages with foreign supervisors at both high level and expert level, and for jurisdictions where there are more significant home/host relationships, there is more consistent and regular contact, though it is more common to exchange information and discuss issues than plan supervisory activity. Collaborative work arrangements have not been pursued at this time. However, the MoUs signed by the CBR (available on the website) indicate the recognition of the value of such work and set out arrangements for how such collaborative activity would be managed. In some cases, the CBR has cooperated with foreign supervisors to develop more effective practices of consolidated supervision (covering a number of banks and thus covering situations both where the CBR is home and host supervisor).
EC4	The home supervisor develops an agreed communication strategy with the relevant host supervisors. The scope and nature of the strategy reflects the risk profile and systemic importance of the cross-border operations of the bank or banking group. Home and host supervisors also agree on the communication of views and outcomes of joint activities and college meetings to banks, where appropriate, to ensure consistency of messages on group-wide issues.
Description and findings re EC4	The framework of cooperation agreements and MoUs (now signed 38 such agreements and memoranda) determine the conditions of exchange of information between the CBR and the banking supervisory authority of the relevant foreign state. The MoUs are based on a standardized template and, broadly, they indicate that information exchange is upon request although certain information, such as in respect of concerns relating to the parent entity of a group would be notified to the other supervisory authority. The MoUs provide that in the event of concerns can be directed request to the appropriate supervisory authority which forwards the request to the bank. If necessary meetings with the banks and the supervisory authorities can be arranged. MoUs are typically annexed with lists of contact persons including direct contact details which are updated as needed. Communication strategies in respect of delivering supervisory messages to banks are not addressed by the agreement documents but the CBR was able to confirm that questions raised by supervised banks had been discussed in the context of college meetings.
EC5	Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities, develops a framework for cross-border crisis cooperation and coordination among the relevant home and host authorities. The relevant authorities share information on crisis preparations from an early stage in a way that does not materially compromise the prospect of a successful resolution and subject to the application of rules on confidentiality.
Description and findings re EC5	The CBR has a framework agreement in place with one host authority in relation to effective management of cross-border crisis. The CBR has thus, so far, signed an annex to the MoU with the CBRC on crisis management. Provisions on cooperation in the rehabilitation and restructuring of credit institutions are also included in the new version of the MoU with the Commission on the financial and capital markets of Latvia, signed in 2015.
EC6	Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities and relevant host authorities, develops a group resolution plan. The relevant authorities share any information necessary for the development and maintenance of a credible resolution plan. Supervisors also alert and consult relevant authorities and supervisors (both home and host) promptly when taking any recovery and resolution measures.
Description and findings re EC6	According to the CBL (Article 57) and the BBAL (Article 24), the CBR is entitled to demand that a credit organization develop and present to the CBR their Recovery Plans. At the present time all systematically important banks must develop and submit to the CBR financial stability recovery plans. As noted in CP8, currently the CBR is developing regulations to establish the methodology for developing resolution plans (including the content of such plans, and the procedure and timeframe for submission) but active work has not yet taken place on resolution planning. Hence, although there have been discussions on recovery and resolution in the context of the CBR’s cross border relationships, no resolution plans have yet been agreed. At present, institutions are expected to develop their recovery plans with reference to the CBR recommendations (Letter 193-T) in the field of recovery and resolution, and these are addressed to banks with respect to recovery plans. (“On the Methodical Recommendations for the Development of Plans for the Financial Stability Restoration of Credit Institutions,” September 29, 2012). As noted in EC5 above, the CBR has signed an MoU annex with the CBRC on crisis management, covering also recovery and resolution. The MoU with Latvia has also been updated in this regard in 2015. Other MoUs are to be updated. At the present time, the CBR does not participate in resolution colleges of banking groups which contain Russian credit institutions.
EC7	The host supervisor’s national laws or regulations require that the cross-border operations of foreign banks are subject to prudential, inspection and regulatory reporting requirements similar to those for domestic banks.
Description and findings re EC7	In Russia, a banking subsidiary of a foreign banking group is regarded as a domestic bank and therefore treated as a locally owned bank. This treatment is based on the CBL (Article 56), which establishes CBR supervision over banking activities on a stand-alone basis as well as of groups. The supervisory standards, practices, and processes are the same for foreign owned and for domestically owned banks. The supervisory process is based on Regulation 2005-U of April 30, 2008. Similarly, domestic standards (e.g., reporting, inspections) apply to a foreign owned branch located in the Russian Federation. Further details are available, for example, in Instruction147-I regarding onsite inspections of credit institutions (their branches). Russian law does not permit the presence of a foreign owned branch in the territory of the Russian Federation. All foreign owned banks are subsidiaries, which are incorporated locally and thus subject to national treatment.
EC8	The home supervisor is given onsite access to local offices and subsidiaries of a banking group in order to facilitate their assessment of the group’s safety and soundness and compliance with customer due diligence requirements. The home supervisor informs host supervisors of intended visits to local offices and subsidiaries of banking groups.
Description and findings re EC8	Under the CBL (Article 73), access to the premises of credit institutions located on the territory of the Russian Federation is granted to the foreign home state supervisory authorities, provided that the written consent of the bank that is established in the Russian Federation is obtained. The foreign supervisor is obliged to inform the CBR of the results of any such visit. The relevant arrangements are described in the standard MoU between the CBR and the supervisory authority from the country of origin of the bank. Thus the foreign supervisor has the right to check the activity of, and has access to premises of, the cross-border institutions (providing written consent is obtained), as well as other members of the relevant banking group. The foreign supervisor shall notify the CBR of its intention to conduct an inspection and will inform the CBR of the results of such an inspection. These provisions are reciprocal. In practical terms, the CBR has supported the work of foreign supervisory authorities in the context of performing asset quality reviews and has also met with supervisors who were making supervisory visits to representatives of Russian subsidiaries (Netherlands, Turkey). At least one further inspection by a home jurisdiction to the Russian subsidiary is already planned in 2016. For those cases where the CBR is the home supervisor, the CBR has informed the host authorities of a visit to local offices/subsidiaries. Please see CP12 EC4.
EC9	The host supervisor supervises booking offices in a manner consistent with internationally agreed standards. The supervisor does not permit shell banks or the continued operation of shell banks.
Description and findings re EC9	This criterion is not applicable to Russia (no existing shell banks).
EC10	A supervisor that takes consequential action on the basis of information received from another supervisor consults with that supervisor, to the extent possible, before taking such action.
Description and findings re EC10	A standardized MoU provides that supervisory authorities (home/host) shall inform each other, in good time and to the extent reasonable, about any event which has the potential to endanger the stability of credit institutions having cross-border establishments in the other country. According to the standardized MoU, CBR shall also notify a foreign supervisory authority of administrative penalties which it has imposed or other action which it has taken on such a cross-border establishment as host supervisor, or on the (parent) credit institution as home supervisor if the information is important to other authority. There is no recent (post 2014) experience of such information having been received.
Assessment of Principle 13	Largely Compliant
Comments	Removal of legislative obstacles to the exchange of supervisory information have allowed progress in the field of home and host supervisory cooperation. Supervisory expectations and practices have been improving globally over the past five years, as reflected in the 2014 publication of the BCBS principles for effective supervisory colleges (replacing the 2010 document on good practices of supervisory colleges). The CBR’s participation in a number of colleges, as the host supervisor, means that the CBR is informed of and involved with some of the latest developments and practices in respect of home and host cooperation and collaboration. In future it is hoped that greater opportunities for cross border collaboration and cooperation (joint inspections, inspections of non-domestic subsidiaries, and branches) will be pursued actively. While accepting that the CBR has approached the ECB in respect of signing an MoU and has notified the EBA of the 2013 legislative changes protecting the confidentiality of information (as discussed in CP3), and while it is to be hoped that future agreements will support home/host relationships with the EU, it is important for bilateral and college arrangements to be prioritized and college meetings to be re-instituted as soon as practicable for domestic banks with cross border activity and establishments, whether or not all relevant host authorities are able to participate. Initial moves have been made in terms of cross border crisis planning and involvement in recovery and resolution plans for cross border groups, now that the legal provisions are in place, but although the CBR has participated, as a host supervisor, in discussions on recovery and resolution, and has adjusted some MoUs, it has not been possible to achieve much progress at this stage. The CBL (Article 73) contains a potential obstacle to effective home host practices, as a foreign supervisory authority requires written consent to access the premises of a subsidiary established in Russia (foreign owned branch establishments are not permitted). In practice, it does not appear that credit institutions have withheld consent, as cross border supervisory visits have taken place. While it is understood that an institution that is incorporated in the Russian Federation is a Russian institution subject to Russian law, and should therefore be subject to Russian law consistently with other entities, it is recommended that the removal of this provision from the CBL be explored.

View Table

Principle 1	Responsibilities, objectives and powers. An effective system of banking supervision has clear responsibilities and objectives for each authority involved in the supervision of banks and banking groups.10 A suitable legal framework for banking supervision is in place to provide each responsible authority with the necessary legal powers to authorize banks, conduct ongoing supervision, address compliance with laws and undertake timely corrective actions to address safety and soundness concerns.11
Essential criteria
EC1	The responsibilities and objectives of each of the authorities involved in banking supervision12 are clearly defined in legislation and publicly disclosed. Where more than one authority is responsible for supervising the banking system, a credible and publicly available framework is in place to avoid regulatory and supervisory gaps.
Description and findings re EC1	The status, objectives, responsibilities and powers of the authority involved in banking supervision are spelled out in the Constitution of the Russian Federation, the Federal Law 86-FZ of July 10 2002 on the Central Bank of the Russian Federation (here after the CBL) and the Federal Law on “banks and banking activity” (hereafter the banking law) that governs the activity of financial institutions. Pursuant to Article 4 of the CBL, the CBR (CBR) exercises supervision over the activities of credit institutions and banking groups. Along the same line, Article 41 of the banking law stipulates that “the supervision of the activities of a credit institution shall be undertaken by the CBR in compliance with federal laws.” As a result, the CBR has sole responsibility for banking supervision in accordance with the laws mentioned above. Article 56 of the CBL also states that CBR is the “body of banking regulation and banking supervision.” It exercises ongoing supervision over the compliance by credit institutions and banking groups of Russian legislation and CBR regulations. The CBR competencies extend to the analysis of the activity of bank holding companies. In virtue of the same article, the regulatory and supervisory functions of the CBR are implemented through the Banking Supervision Committee, a permanent body uniting the heads of the CBR units responsible for supervision. Both the CBL and the banking law, through various articles, empower the CBR with the authority to carry out virtually all supervisory functions, such as regulating the industry, conducting onsite examinations, licensing banks, collecting information for supervisory purposes and enforcing the law and relevant regulations. It is also noteworthy that CBR’s supervisory role goes well beyond the oversight of the banking system. In effect, since the enactment of the Federal Law 251-FZ of July 23, 201313 that came into effect on September 1, 2013, the CBR took over the supervisory powers from the Federal Financial Market Services (FFMS). This extension of CBR’s remit has transformed CBR into a “mega-regulator” overseeing and supervising the Russian banking system, securities markets, private pension funds, insurance business as well as micro-finance institutions. For these purposes, all functions and authorities of the FFMS and certain regulatory powers of the Russian MoF and Russian Government were transferred to the CBR. Other authorities are involved in overseeing the financial system as part of their general functions, i.e., the Federal Service for Financial Monitoring (the Russian Financial Intelligence Unit—FIU) whose role is to prevent and combat money laundering and terrorist financing. This body exercises several competencies (see CP 29 for more details); however, the oversight of conformity with AML/CFT rules in the banking sector is the exclusive responsibilities of the CBR. There is also the state corporation, DIA, which is responsible for deposit insurance. This agency is also vested with certain powers in relation to banks but none of these has something to do with supervision. There are cases where CBR and DIA staff perform joint reviews of banks to ascertain the financial conditions of the institution that exhibit signs of possible bankruptcy. For that particular instance, the Federal Law 177-FZ establishes clearly the conditions of such cooperation (see CP 3 for details) and the distribution of responsibilities of each authority. To sum up, CBR is the sole supervisor for both banks and nonbanks financial institutions. The responsibilities and objectives of the CBR are also clearly disclosed on the CBR website; for example, it is indicated that the CBR supervises the activities of credit institutions and banking groups. In addition, most of the relevant legislation and regulations that set out the duties of the CBR are available on line. On the other hand, the normative acts of the CBR, which are binding for financial institutions (see Article 57 of the CBL) are published on the official website of the CBR or in the Official Bulletin of the CBR and come into force in 10 days after their publication, unless another date is specified by the regulation.
EC 2	The primary objective of banking supervision is to promote the safety and soundness of banks and the banking system. If the banking supervisor is assigned broader responsibilities, these are subordinate to the primary objective and do not conflict with it.
Description and findings re EC2	According to Article 3 of the CBL, the purpose of the CBR is to: - protect the Ruble and ensure its stability; - develop and strengthen the banking system of the Russian Federation; - ensure stability of and develop the national payment system; - develop the financial market of the Russian Federation (since 2013); and - ensure stability of the financial market of the Russian Federation (since 2013). Article 4 of the same law defines thirty three functions assigned to the CBR, including inter alia, the conduct of monetary policy in collaboration with the government, the management of budget account, the management of international reserves and the supervision over the activities of credit institutions and banking group (paragraph 9), in addition to the supervision of non-credit financial institutions. Article 56 of the same law stipulates that the principal objectives of banking regulation and banking supervision is to “maintain the stability of the Russian banking system and protect the interests of depositors and creditors.” Considering the broad mandate assigned to the CBR and the multiple functions deriving from it, the question as to whether the broader responsibilities of the CBR are subordinate to the primary objective of banking supervision is not clearly established. In fact, some of these objectives (in particular the development and strengthening of the banking system, the conduct of monetary policy) may not be compatible with the supervisory mandate. During the mission, the CBR representatives did not raise any concern in relation to possible overlapping objectives and to any risks of conflict of interest in that regard. On the other hand, CBR is not only a banking supervisor but an integrated supervisor that is also mandated to undertake insurance, securities, non-State pension funds, rating agencies, professional stock-market operators (brokers, dealers), clearing companies and micro-finance supervision. During the discussion with the CBR, the mission was told that the expansion of CBR functions has not been made to the detriment of banking supervision. In analyzing the structure of the CBR, its budget and resources allocation for both bank and non-bank entities, the assessors did not find any fact that would lead them to conclude otherwise (see CP2). In effect, the execution of banking supervision does not seem to be hindered by these additional new activities. First, within the CBR, these other tasks are organizationally separated from the banking supervision duties and are entrusted to separate departments responsible for each function, namely insurance companies (Insurance Market Department), pension funds, investment and management funds (Collective Investments and Trust Management Department), as well as securities market participants (Securities Market and Commodities Market Department). Second, a separate inspection planning and resourcing process exists for banking supervision which ensures a sufficient prioritizing towards banking supervision.
EC3	Laws and regulations provide a framework for the supervisor to set and enforce minimum prudential standards for banks and banking groups. The supervisor has the power to increase the prudential requirements for individual banks and banking groups based on their risk profile14 and systemic importance.15
Description and findings re EC3	In Russia, both the CBL and the banking law provide a framework for the CBR to set minimum prudential standards for banks and banking groups. For example, Articles 57, 62, and 64 of the CBL empower CBR to set norms for banks and banking groups relative to capital, assets, liquidity, large exposure limits, provisioning, disclosure obligations and other prudential standards. The law also provides a framework for the CBR to enforce the minimum prudential standards mentioned above. Articles 73 and 74 of the CBL grants enforcement powers to CBR, including remedial measures and sanctions. As stipulated in the law, “to fulfill its functions (…) the CBR shall conduct inspections of credit institutions, give them instructions (…) to eliminate violations (…) and use sanctions against violators as stipulated by this Federal Law” (for further details, please see CP 11). In the previous FSAPs in 2008 and 2011, it was observed that the legal framework did not explicitly grant the CBR power to increase the prudential requirements for individual banks based on their risk profile and systemic importance. This was an important limitation to the CBR powers. With the adoption on April 15, 2015 of the CBR Ordinance 3624-U on risk and capital management, the CBR is now entitled to use Pillar 2 instruments to require a bank to increase its CAR if the outcomes of the ICAAP reveal, for example, important flaws in the bank’s RM system. This new power however has not been used yet.
EC4	Banking laws, regulations and prudential standards are updated as necessary to ensure that they remain effective and relevant to changing industry and regulatory practices. These are subject to public consultation, as appropriate.
Description and findings re EC4	The legal and regulatory framework for banking supervision has been updated multiple times over the past years. Some of these reforms were introduced to address the 2011 FSAP’s recommendations. As mentioned by the authorities, the CBL has been amended more than 51 times since 2002, while the banking law from 1990 has been revised more than 83 times. For 2015 only, several key reforms and updates were introduced. The most salient laws or regulations establish: requirements to the risk and capital management systems of credit institutions and banking groups, including requirements to implement internal capital adequacy assessment process; new processes in the area of CG including fairness of compensation for bank’s top management; CBR vetting for acquisition of equity interest in banks reaching or exceeding the thresholds of 10 percent of the shares; new fit and proper requirements for shareholders, senior managers, members of executive and supervisory committees, chief accountants, and internal control officers; definition of possible signs of relatedness of legal entities and (or) individuals to the credit institution and (or) its affiliates and the role of the Banking Supervision Committee of the CBR in this determination. According to Article 104 of the Constitution of the Russian Federation, the CBR does not have the power to initiate legislation. However, draft laws and legal acts of federal bodies of executive power regulating the performance by the CBR of its functions must be submitted to the CBR for consideration and approval (Article 7 of the CBL). Further, Article 21 governing the relations between CBR and bodies of State Power stipulates that CBR chairman—or one of his deputies—may participate in State Duma and Government sessions discussing draft laws on issues relating to the economic, financial, credit, and banking policies. According to Article 5 of the CBL, the CBR has the right to issue binding acts in the form of regulations, instructions, and directions on matters related to its competencies. Such acts are compulsory for all entities licensed by the CBR. The CBR can also issue non-regulatory acts on administrative related issues in the form of orders. These acts are equally binding. Draft banking Laws and CBR’s draft regulations are subject to public consultation. In fact, the CBR is by law (Article 77 of the CBR Act) required to co-operate with credit institutions, non-credit financial institutions, their associations and unions and self-regulatory organizations, and should hold consultations with them before taking the most important decisions relating to legislation. While this process is essential to permit more transparency and predictability in banking regulations, the process can be lengthy. The draft is made public on the official websites of the government and the CBR for 14 days for discussion as part of the regulatory impact assessment. Comments are analyzed within 21 days after the end of public discussion. The report on public discussion and the revised version of the draft are prepared and sometimes another round of public consultation is needed. Draft regulations related to the banking regulation and supervision are approved by the Banking Supervisory Committee and those that affect third parties’ rights sent to the Ministry of Justice that will make sure that any new act is not creating pre-conditions for corruption. In Russia, the public is informed about the latest developments in the banking sector. The CBR publishes two annual reports, the Banking Supervision Report (BSR) and the CBR Annual Report. Both reports provide details on the most recent legal and regulatory changes. The 2014 BSR contains a chapter on banking activity regulation and supervision, including the latest amendments to the CBR and banking laws. These reports also provide a fair picture of problems identified by the supervisors and enforcement measures taken to correct the main deficiencies. The information is published on the official website of the CBR.
EC5	The supervisor has the power to: (a) have full access to banks’ and banking groups’ boards, management, staff and records in order to review compliance with internal rules and limits as well as external laws and regulations; (b) review the overall activities of a banking group, both domestic and cross-border; and (c) supervise the activities of foreign banks incorporated in its jurisdiction.
Description and findings re EC5	The ability of the CBR to have access to bank’s information is governed by a number of articles the CBL and CBR instructions and regulations. a) The CBR has the power to have full access to banks and banking group’s information for supervisory purposes. In effect, pursuant to the CBL (Articles 57, 73) and CBR Instruction 147-I of December 5, 2013, CBR staff is empowered to have access to information on banks’ and banking groups’ activities. In addition, in consonance with Regulation 310-P of September 7, 2007, CBR’s curators assigned to a particular bank or banking groups are empowered to enter any bank’s premises and receive all relevant information pertaining to the activity of such institution. The CBL also stipulates that CBR employees have the right to receive and examine accounting reports and other documents of credit institutions (or their branches) and, if necessary, make copies of the corresponding documents. It is also noteworthy that for its supervisory duties, the CBR also resorts to the so-called “ARs” who are assigned to a particular D-SIB (one for each entity). These resident examiners enjoy wide autonomy and can request any kind of information. For example, they are allowed to collect information and documents related to the bank’s lending activity, including volumes of loans granted and planned to be granted, the terms of their extension, the issuance of guarantees, the amount of remuneration paid to the board members or chief executive officer, and other information related to the assessment of financial stability of the credit institution, its corporate and RM quality. They can also attend, without voting power, meetings of the bank’s management bodies. The BCP assessors were told that in practice, ARs participate not only in board meetings but also in all relevant committees, including risk committees and audit committees. Also, according to Article 73 of the CBL, the CBR has the right to review activity of credit organizations located abroad if such organizations form part of a banking group or a bank holding company. Such inspections can be carried out on the basis of MOU, and in the case of the absence of a MOU, these questions are regulated in an individual order in coordination between Bank of Russia and the foreign supervision authority. b) The CBL also entitles the CBR to review overall activities of a banking group, both domestic and cross-border. CBR Instruction 147-I of December 5, 2013 provides this power. c) For foreign banks members of banking groups operating in Russia, the CBL stipulates that the supervisory authority of a foreign state (i.e., the home authority) may gain access to the premises of the said credit institutions and get access to the relevant information if the credit institutions has given a written consent (see comments below).
EC6	When, in a supervisor’s judgment, a bank is not complying with laws or regulations, or it is or is likely to be engaging in unsafe or unsound practices or actions that have the potential to jeopardize the bank or the banking system, the supervisor has the power to: (a) take (and/or require a bank to take) timely corrective action; (b) impose a range of sanctions; (c) revoke the bank’s license; and (d) cooperate and collaborate with relevant authorities to achieve an orderly resolution of the bank, including triggering resolution where appropriate.
Description and findings re EC6	Enforcement powers are governed by the CBL (for more details, see CP 11). According to Article 74, the CBR can take corrective actions, impose sanctions and revoke a bank’s license in the most extreme scenario. More specifically, the following actions can be taken: The CBR can instruct any credit institution to correct any violations of the law or CBR normative acts, impose a penalty (up to 0.1 percent of bank’s minimal capital), or restrict the credit institution from conducting certain operations (for up to six months), including with the parent company, in case of banking groups. In most serious instances, for example when a credit institution did not comply with a CBR order to address a particular violation or if the bank endangers the interests of depositors, the CBR can impose a range of sanctions, including, but not limited to, charging a fine of up to 1 percent of the bank’s paid-up capital, prohibiting certain operations for one year, instructing “financial rehabilitation measures,” including appointing a provisional administrator. Revocation of the license is also an important tool at the disposal of the authorities that has been used extensively over the past three years. Multiples licences have been revoked across Russia for various, and often multiple, infrigements of Russian law and CBR norms (see CP 11 and CP 29 for details). These range from unsatisfactiory financial standards (such as insufficient equity and unreliable reporting data) to violations of AML/CFT legislation. These actions have noticebly increased under the current Governor of the CBR, who was appointed in June 2013. In the first six months of her tenure, 35 licenses were revoked, in contrast to the three revoked in the first half on 2013 under her predecessor. CBR’s enforcement power also extends to banking groups. In case of violations of laws or prudential norms, several measures can be imposed on the parent company, including fines and restrictions of activities within the group (Article 74). The CBR also cooperates closely with the Deposit Insurance Agency to achieve orderly resolution of banks (see CP 11 for further details).
EC7	The supervisor has the power to review the activities of parent companies and of companies affiliated with parent companies to determine their impact on the safety and soundness of the bank and the banking group.
Description and findings re EC7	The CBR is empowered to carry out supervision on a consolidated basis over banks and banking groups (CBL Articles 4 and 56). The supervisor enjoys free access to all relevant information. When the parent company of the group is a non-bank institution, CBR is also empowered to request information from the Holding Company.
Assessment of Principle 1	Largely Compliant
Comments	The legal framework currently in place reasonably provides the necessary powers to authorize banks, conduct ongoing supervision, oversee compliance with laws and undertake corrective actions to address safety and soundness concerns. However, responsibilities and objectives of the CBR are particularly broad and appear to be intertwined, while some functions seem to concur with the objectives related to safety and soundness of the banking system. It is important to ensure clarity of purpose for the supervisory function. Although the decision making process of the CBR is well designed to ensure a good focus on prudential issues, it is not transparent to an external observer whether or not the CBR’s decisions might be influenced by its institutional objective for development of the financial sector and also its significant stake in the most systemic banking group of the Russian Federation. There are also a few issues that limit CBR powers. One first example is that the inspected period cannot be more than five years before a year of inspection (but the CBR can obtain data from banks older than five years to confirm whether laws were violated during that period). The CBR told the assessors that this has no practical implications because banks are subject to a two-year inspection cycle. Further, this limitation applies to certain accounting documents only (e.g., data on payment). In addition, according to Article 29 of the Federal law 402-FZ “About accounting,” primary registration documents, registers of accounting, accounting (financial) reports, audit reports on it are subject to storage for not less than five years after the financial year. Other limitations on CBR enforcement powers include the situation where a gross violation older than one year has been committed by a shareholder having qualifying interest in a bank. Also, the CBR cannot act if five years have passed since a violation has been committed (see CP 11 for more details). On the other hand, major reforms have been introduced that increase CBR duties and powers in many respects. The “mega-regulator” reform is seen as a major step forward, allowing the CBR to issue prudential and accounting standards for all entities and as a result to set a unified supervisory regime. It also provides the supervisor with a broader perspective on risks across the entire financial industry. These reforms have been introduced very recently and the present mission is not in a position to evaluate their effective implementation nor to assess the use of new enforcement powers granted to the supervisor. In effect, the capacity of the CBR to use its power to increase the prudential requirements for individual banks and banking groups based on their risk profile and systemic importance remains to be tested. As observed in 2011 during the last update FSAP, the CBR did not have the legal foundation to inquire additional capital based on the risk profile of an institution. With the adoption of Ordinance 3624-U on risk and capital management, the CBR can instruct a bank to increase its CAR if the outcomes of the ICAAP reveal, for example, important flaws in the RM systems of the institution. This new arsenal will not be enforced before 2017.16 Recommendations: Include language in the CBL that would clearly segregate CBR’s safety and soundness duties from other assigned objectives. Allow the CBR to get access to banking data older than five years.
Principle 2	Independence, accountability, resourcing, and legal protection for supervisors. The supervisor possesses operational independence, transparent processes, sound governance, budgetary processes that do not undermine autonomy and adequate resources, and is accountable for the discharge of its duties and use of its resources. The legal framework for banking supervision includes legal protection for the supervisor.
Essential criteria
EC1	The operational independence, accountability and governance of the supervisor are prescribed in legislation and publicly disclosed. There is no government or industry interference that compromises the operational independence of the supervisor. The supervisor has full discretion to take any supervisory actions or decisions on banks and banking groups under its supervision.
Description and findings re EC1	Independence The independence of the CBR is formally stipulated under Article 1 of the CBL. Article 1, states that “the status, purposes, functions and powers” of the Central Bank of the Russian Federation (CBR) are as set out in the Constitution of the Russian Federation. More particularly, the CBR is to fulfill its functions and exercise its powers “independently from other federal bodies of state power, the bodies of state power of the constituent entities of the Russian Federation and bodies of local government.” Accountability The CBR’s accountability is to the State Duma of the Federal Council of the Russian Federation (Article 5, CBL). Moreover, the State Duma has the power to appoint and dismiss the CBR Chairman, on the proposal of the President of the Russian Federation, as well as to appoint and dismiss the members of the Board of Directors—at the proposal of the CBR Chairman as agreed with the President. (Articles 5 and 15 CBL). The State Duma can also take decisions on audit inspections of the CBR, by the Audit Chamber of the Russian Federation, and can conduct parliamentary hearings on the CBR’s activities. The CBR must supply information to the State Duma and President of the Russian Federation according to the procedures established in the federal law. Governance The CBR has two governing bodies established by the CBL (Chapter III): The Board of Directors of the CBR (executive members) and the National Financial Board (NFB) of the CBR (non-executive members). The NFB was formerly titled the “National Bank Council” until the legislative amendments of 2013. The CBL (Chapter III) sets out the composition and powers of the governing bodies of the CBR. Please see EC2 for more detail on composition and appointment/dismissal of these bodies. The Role of NFB includes considering reports from the BoD on supervision and regulation, making decisions on issues relating to CBR participation in capital of credit institutions; and approving the budget proposals put forward by the BoD. The BoD has a wide ranging set of executive functions set out in the CBL (Article 18). As noted below, however in EC4, direct supervisory decisions are taken by the Banking Supervisory Committee and notified to the board. The competence of the BSC and the board do not overlap except insofar as the board has the responsibility for taking decisions on issuance of the regulations, instructions, and ordinances of the CBR (CBL, Article 18). As an over-arching point, the CBR is required (CBL, Article 4) to articulate and enact policies to avoid conflicts of interest when performing its legal functions. Relationship with government The Government cannot issue operational instructions to the CBR, but under the CBL (Article 21) the CBR and the Government of the Russian Federation must inform each other about their plans of action of national importance, coordinate their policy and hold regular consultations. Two government ministers, or their representatives—the MoF and the Ministry of Economic Development—have the right to attend the BoD in an advisory capacity and “shall participate in the BoD’ meetings with the right of a consultative vote” (CBL, Article 21). While the decisions of the board belong to the CBR, the ministers (or their representatives) have the ability to express a view on the matters under discussion. Supervisory independence and discretion As noted above, and also below in EC4, supervisory decisions are taken—at their highest level—at the Banking Supervision Committee. Also there is a delegation of powers within the CBR to enable supervisory decisions to be taken at an appropriate level and as efficiently as possible. There are no legal constraints in respect of the CBR in exercising supervisory discretion, provided that it is acting within its legal vires. The CBR has an equity participation in Sberbank (the Savings Bank of the Russian Federation). The CBR operates “Chinese walls” in respect of discharging its governance/ ownership rights and obligations and its supervisory responsibilities. Voting rights and dividend receipts from Sberbank are disclosed.
EC2	The process for the appointment and removal of the head(s) of the supervisory authority and members of its governing body is transparent. The head(s) of the supervisory authority is (are) appointed for a minimum term and is removed from office during his/her term only for reasons specified in law or if (s)he is not physically or mentally capable of carrying out the role or has been found guilty of misconduct. The reason(s) for removal is publicly disclosed.
Description and findings re EC2	The process for the appointment and dismissal of the Chairman of the CBR, members of the BoD and the NFB is reflected in Articles 14, 15, and 12 of the CBL. The Chairman of the CBR is appointed by the State Duma for a five-year term, with a maximum of three consecutive terms, and may be dismissed only for reasons laid out in the law (CBL, Article 15), including expiry of term, resignation, medical condition preventing exercise of duty, violation of the law, including failures in relation to managing conflicts of interest appropriately. The dismissal may only be carried out by the State Duma on the proposal of the President of the Russian Federation. The law does not state that the reasons for the dismissal must be made public. (Article 14, CBL). The decision of the Duma is public, but the published decision will not necessarily be detailed. There are no obligations to disclose the reason for removal. The BoD of the CBR is composed of the CBR Chairman and 14 executive members whose term of appointment is 5 years. Appointments are made to the BoD by the State Duma at the proposal of the chairman and with the agreement of the President of the Russian Federation. Dismissal of a member of the board, other than for expiry of term, is by the State Duma at the proposal of the Chairman of the CBR. The reasons for which a proposal for dismissal may be made are not specified with the exception of a failure in relation to managing conflicts of interest. (Article 15, CBL). As noted in EC1, two government ministers, or their representatives—the MoF and the Ministry of Economic Development—have the right to attend the BoD in an advisory capacity “with the right of a consultative vote” (Article 21, paragraph 2, CBL). The NFB is composed of 12 members. One is the CBR Chairman, two are delegated by the Federal Council of the Federal Assembly of the Russian Federation, three are delegated by the State Duma, three by the Russian Federation President, and three by the Russian Federation Government. The members of the NFB may only be dismissed or recalled by the body responsible for appointing them. Reasons for a recall are not specified in the law. The Chairman of the NFB is elected by the members of the NFB on a majority vote. The decisions of the NFB are made on the basis of a simple majority, with a quorum of seven members. Only the Chairman of the CBR may work for the CBR on a full-time basis and is the only member to be remunerated. (Article 12, CBL).
EC3	The supervisor publishes its objectives and is accountable through a transparent framework for the discharge of its duties in relation to those objectives.17
Description and findings re EC3	The CBR’s functions and objectives in respect to the supervision of credit institutions are clearly stated in the CBL (Articles 4 and 56). The annual report of the CBR contains, inter alia, information on supervisory and regulatory developments. Additionally, and separately, the CBR also publishes an annual report on the development of banking sector and banking supervision. As noted in EC1, the CBL (Article 5) sets out the manner in which the CBR is accountable to the State Duma. This includes appointment of the Chairman, BoD, delegates to the NFB, consideration of the CBR’s annual reports (and decisions made on the basis of such reports). The Duma can hold hearings and hear reports by the CBR Chairman on the CBR’s activities. Duma hearings are public, though of course only members of the Duma can ask questions. It is common for members of the Duma to ask questions and hearings are held annually at a minimum, with the Duma having the right to call more frequent hearings. Such hearings are sometimes broadcast and reports of the hearings are available afterwards.
EC4	The supervisor has effective internal governance and communication processes that enable supervisory decisions to be taken at a level appropriate to the significance of the issue and timely decisions to be taken in the case of an emergency. The governing body is structured to avoid any real or perceived conflicts of interest.
Description and findings re EC4	There are various internal regulations that stipulate internal procedures and decision-making process depending on seniority and significance of the issues to be resolved. The regulatory and supervisory functions of the CBR, as required by the CBL (Article 56), are implemented through the Banking Supervision Committee. The head of the Banking Supervision Committee is appointed by the CBR Chairman from among the members of the BoD. The CBR’s BoD also is required to approve the CBR regulation on the Banking Supervision Committee while the structure is approved by the CBR Chairman (item 4 of the Regulation on BSC). All key supervisory decisions (licensing, revocation, sanctioning, and restrictions) must be made by the Banking Supervision Committee of the CBR and equally all decisions are reported to the Board of the CBR and the NFB. The decisions of the Banking Supervision Committee cannot be amended or overturned by the board or the NFB. According to the regulation, the Committee meets, in any case, at least monthly and is composed of fifteen members—including heads of the supervisory, regulatory, licensing departments as well as of the Chief Inspectorate but not solely limited to the fields of banking supervision—and the regulation establishes the quorum (minimum 50 percent attendance) and rules for voting (decision made by majority, with the Chairman of the Committee having the casting vote). The Banking Supervision Committee is chaired, at present, by the First Deputy Governor for banking supervision. When taking a major decision, the dossiers are compiled using information gathered by curators, inspectors, and ARs (see CP9 for a discussion of these functions) and reviewed by the legal department before being submitted to the Committee. There are internal protocols governing how much time can be spent preparing the information, and this varies depending on the gravity of the issue. The assessors were able to review some submissions to and orders issued by the BSC and found them to be of high quality. There is also a cascade of delegated powers so that, for minor violations, the Territorial Office responsible for supervision of an institution may make a decision. For larger institutions (such as regionally systemic banks identified in the “second line” of supervision), decisions are made jointly between the Territorial Office of the CBR and the main office of the CBR. In any case, and as indicated above, major supervisory decisions are reserved to the Banking Supervision Committee. The requirements on avoidance of conflict of interest are discussed below in EC5. In addition, CBL Article 83.1 requires separation of responsibilities between deputy heads of the CBR, heads of separate structural subdivisions, including during implementation of monetary policy, foreign-exchange reserves management, banking regulation and supervision, financial markets control and supervision in order to prevent, detect or manage any conflict of interest during fulfillment of its functions.
EC5	The supervisor and its staff have credibility based on their professionalism and integrity. There are rules on how to avoid conflicts of interest and on the appropriate use of information obtained through work, with sanctions in place if these are not followed.
Description and findings re EC5	Issues related to conflict of interest are considered in a number of laws and directions. General rules around conflict of interest issues are established by the Federal Law 273-FZ. At an over-arching level, and as noted above, the CBL (Article 4.1) establishes that the CBR is obliged to prepare and implement policy on combating, identification and management of conflicts of interest when performing its functions. There are also a number of provisions in the CBL treating potential conflicts. Hence employees of the CBR (CBL Article 90) are subject to a range of restrictions, such as holding the securities of supervised institutions, being employed by such institutions, or accepting gifts. Cooling off periods are also stipulated, as certain restrictions apply for two years after employment at the CBR has ceased and restrictions on disclosure of information are perpetual. The CBR has issued an Ordinance (3414-U) containing rules on how to avoid conflicts of interests, and sanctions for their violation. Supervisors participating in onsite reviews must disclose relevant personal information to avoid conflicts of interest, or be disbarred from the review (see Instruction 149-I). There are numerous internal regulations on proper usage of information obtained through work, such as Regulation 235-P that, among other issues, sets a list of employees who after resignation are prohibited to disclose and use the information they received while serving at the CBR. Furthermore, employees are prohibited from disclosure of information obtained through work without approval of the CBR BoD (CBL Article 92). In practical terms, the CBR has not had experience of breaches of confidentiality. The assessors noted, in their contact with market participants and professionals, that the CBR was held in high regard for its professionalism and is perceived as an authoritative institution. The caliber and responsiveness of staff in the departments in the head office of the CBR was particularly commented upon. The increasing levels of transparency and efforts at communicating forward looking priorities in recent years were appreciated by a number of the contacts with whom the assessors met, although it was considered that there was scope for even further improvement.
EC6	The supervisor has adequate resources for the conduct of effective supervision and oversight. It is financed in a manner that does not undermine its autonomy or operational independence. This includes: (a) a budget that provides for staff in sufficient numbers and with skills commensurate with the risk profile and systemic importance of the banks and banking groups supervised; (b) salary scales that allow it to attract and retain qualified staff; (c) the ability to commission external experts with the necessary professional skills and independence, and subject to necessary confidentiality restrictions to conduct supervisory tasks; (d) a budget and program for the regular training of staff; (e) a technology budget sufficient to equip its staff with the tools needed to supervise the banking industry and assess individual banks and banking groups; and (f) a travel budget that allows appropriate onsite work, effective cross-border cooperation and participation in domestic and international meetings of significant relevance (e.g., supervisory colleges).
Description and findings re EC6	The CBR funds its expenses from its own revenues, as prescribed by law, but the law does not prescribe how budgeting and resource allocation should be decided within this parameter (CBL, Article 2). The CBR and the state are, on a reciprocal basis, not responsible for the liabilities of the other unless a specific agreement and obligation has been entered into. The purpose of the CBR is not to generate profit (Article3). The CBR must submit its budget to the board and to the NFB. The CBR does not, therefore have independent control over the allocation of its funds to its departments. The CBR has control over the disposition of its net revenues. Additionally, the compensation of the governor and deputy governors must be disclosed and this disclosure is made annually online. According to the CBL (Article 26), 75 percent of the CBR’s post tax profit shall be transferred to the federal budget and under an amendment to the CBL (Federal Law FZ-334) for the period of January 1, 2014 to January 1, 2015, (profit for 2015 to be paid in 2016) Article 26 shall be suspended and 90 percent of the CBR’s post-tax profit will be transferred to the federal budget. All the assets of the CBR belong to the state. The CBR’s internal budgeting process is managed by the Financial Department and is subject to approval by the CBR’s BoD and NFB. Hence if any department within the CBR, including the supervisory functions, required additional resources, the BoD would have to discuss and agree to this. Retention rates of staff for the CBR as a whole are very high (approximately 2–3 percent annual turnover). However, some areas, including supervision, can be subject to higher attrition. In common with other jurisdictions, the CBR has found it easier to attract specialist skills when the market is undergoing periods of stress. The CBR has the legal power (e.g., CBL Article 73) to hire audit firms to conduct bank reviews. Legal and accounting firms may also be hired but not to conduct reviews of banks. Of course, the external firms have no participation in any CBR decision. Restrictions on information, and hiring procedures which are performed on a tender basis, are set forth in Regulation 442-P and Ordinance 3463-U. The training budget and planning is conducted annually a year in advance. IT systems were last given a major upgrade upon the creation of the mega regulator in 2013, but there is continuous development. During 2016, the data analysis system in supervision (see CPs 8 and 9) will be further enhanced to support a “single view” of all aspects of a credit institution. No constraints on travel for international or domestic purposes were identified.
EC7	As part of their annual resource planning exercise, supervisors regularly take stock of existing skills and projected requirements over the short- and medium-term, taking into account relevant emerging supervisory practices. Supervisors review and implement measures to bridge any gaps in numbers and/or skill-sets identified.
Description and findings re EC7	The CBR prepares a rolling training plan for 3 years on the basis of proposals received from departments and sub-divisions with due account to strategic development plans for each types of activity. Departments and sub-divisions are expected to take into consideration best domestic and international practices when preparing their proposals. In terms of developing individual staff’s skills, the annual appraisal process is used to identify training and development needs that are fed into the various divisions’ training plans. At a more strategic level, the CBR also considers the nature and extent of specific skill sets available within its staff. For example, in the past few years there have been programs to train staff in IFRS and also specialist training made available for Basel 2 implementation. CBR staff noted that it was possible to self nominate for training, and indeed some training is mandatory. There are certification processes to meet in order to transfer to some of the supervisory divisions (such as the Inspectorate) and training is made available to support these needs.
EC8	In determining supervisory programs and allocating resources, supervisors take into account the risk profile and systemic importance of individual banks and banking groups, and the different mitigation approaches available.
Description and findings re EC8	Structurally, the CBR has been reorganized to support a risk based focus and has established a separate division to supervise the systemically important banks: the systemically important banking supervision division (SIBSD). Institutions are identified as systemically important banks under the terms of Ordinance 3737-U, whose methodology is based on the Basel standard. SIBSD operates its own budget. The methodology has been in force since July 2015, and the list of systemically important banks must be assessed and re-issued annually under the terms of the ordinance. See CP16 (EC4) for details on the capital buffer applied to systemically important banks. The appointment of curators and ARs, as well as the frequency and scope of inspections, also reflects risk based allocations. A major or more complex institution will be allocated a team of staff. Systemic institutions and institutions which are in the weaker grading categories are subject to more intensive attention, not least the appointment of an AR. The Chief Inspectorate is going through a process of merging some of its regional offices given declining numbers of institutions in the affected regions.
EC9	Laws provide protection to the supervisor and its staff against lawsuits for actions taken and/or omissions made while discharging their duties in good faith. The supervisor and its staff are adequately protected against the costs of defending their actions and/or omissions made while discharging their duties in good faith.
Description and findings re EC9	There are no special provisions in Russian law regarding protection of the CBR and its staff against lawsuits for actions taken and/or omissions made while discharging their duties in good faith. The CBR noted that, if a suit were brought, the institution itself would act as the defendant and further explained that in instances, for example, of revocation or restrictions, decisions are made collectively by the Banking Supervision Committee. It seemed, therefore, less likely that a lawsuit would be brought against a specific individual. In principle, however, an aggrieved party is able to bring a lawsuit for gross negligence against an individual employee of the CBR. The CBR explained that in such circumstances, it would enter the legal proceedings on the side of the employee and ask the court to exclude the employee from the defendants. The legal fees can be borne by the CBR based on approval by the board. No case of such a suit has ever arisen. In the case of criminal proceedings, an aggrieved party can bring a criminal lawsuit against an employee of the CBR in respect of a criminal act perpetrated against the bank (e.g., bribery, corruption, theft). The order and basis for filing such a claim are stated in the Criminal Procedure Code of the Russian Federation (Articles 140 and 141). There is neither obligation nor prohibition on the CBR to cover the legal fees of its employee in such circumstances, and it would be a board decision to bear the legal costs (if, for example, the CBR believed the case to be frivolous or an attempt to intimidate the CBR or a staff member).
Assessment of Principle 2	Largely Compliant
Comments	The CBR is a respected and authoritative institution. While many governance, accountability, and transparency measures are in place, there are some issues of concern notably in respect of legal protection for staff and transparency of dismissal procedures. There is also scope for improvements in the arrangements of decision making in order to better support and communicate the objectivity and independence of the CBR to external audiences. There is scope for two important enhancements in particular. The first issue is that legal protection for staff carrying out their functions in good faith is not fully in place. Although the assessors appreciate and understand the explanations of the CBR on this issue, it remains the case that there is a legal vulnerability that in future might possibly be exploited maliciously. There is no legal requirement for the reasons for the dismissal of the Governor of the CBR (or of the first deputy governor in charge of supervision) to be disclosed. While it is normal practice for the CBR to issue press releases on the occasion of their departure, it is not mandatory and there is no history of early dismissal. Transparency measures are part of a guard against abuses in any system, and it would be important and fitting for the CBR to benefit from such transparency requirements. There is a governmental and parliamentary role in the appointment of the Chairman and the BoD and two ministers or their representatives may attend the board. There appears to be no operational impact of the appointment process and composition of board and NFB in terms of the supervisory decision making processes, not least because of the delegation of powers to the Banking Supervisory Committee. However, the role of the governing bodies in budget approval and regulatory decision making opens the possibility for an impact on the CBR’s supervisory function even though, to date, there is no history of any restriction being placed on the CBR. It may be noted that the CBR has only one voice on the NFB as all other representatives come from other institutions or bodies. In terms of achieving an overall balance for the purposes of accountability and for the CBR to fulfill its mandate for developing the financial sector, the presence of the ministries on the CBR Board can be understood. However, with specific respect to regulation on supervisory issues, the authorities may wish to consider arrangements so that there is no ministry participation or observation on regulatory topics. The CBR’s stake in Sberbank presents a particular challenge for the CBR in its supervisory capacity as it is important that Sberbank, which in any case is the dominant financial institution in the jurisdiction, is supervised, and seen to be supervised, to the same standards as any other institution. To external observers, however, it is not necessarily easy, or even possible, to distinguish the CBR’s broad role in supporting the development of the financial sector, which might be thought to favor Sberbank particularly in the light of the ownership structure, and the CBR’s supervisory role. The assessors stress that they have no findings to suggest that there is any question mark over the CBR’s exercise of supervision or the governance of Sberbank and the internal separation of the two roles. Nevertheless, while the assessors have no evidence to suggest that the CBR would make or has made regulatory or supervisory decisions that would create preferential treatment for Sberbank, this objective treatment is, by its nature, very hard to demonstrate, particularly to outside observers. The authorities may wish to consider a separate form or structure of state ownership for Sberbank, rather than having the holding rest with the CBR, in order to remove the potential for reputational risk and to provide greater confidence that the supervisory function is not and cannot be inappropriately influenced. Please also see the discussion and recommendations in CP1 related to the objectives of the CBR as this would also assist in diluting any reputational risk to the CBR.
Principle 3	Cooperation and collaboration. Laws, regulations or other arrangements provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors. These arrangements reflect the need to protect confidential information.18
Essential criteria
EC1	Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with all domestic authorities with responsibility for the safety and soundness of banks, other financial institutions and/or the stability of the financial system. There is evidence that these arrangements work in practice, where necessary.
Description and findings re EC1	Federal laws, legislative acts and CBR regulations contain several provisions governing the cooperation and collaboration among supervisors and agencies with responsibilities for the stability of the financial system. In practice, cooperation arrangements are determined on the basis of bilateral agreements between the Central CBR and the Federal Service for Financial Monitoring (Rosfinmonitoring, the Russian FIU), Federal State Statistics Service, the Federal Service for Financial Markets, the Federal Tax Service, the Deposit Insurance Agency, the Federal Service for Financial and Budgetary Supervision (External auditors oversight), the Federal Customs Service, the Federal Antimonopoly Service, the Federal Registration Service, the Ministry of Internal Affairs, the Prosecutor General’s Office of the Russian Federation and the Federal Treasury. Some of the most useful exchanges of information done for supervisory purposes with domestic authorities are with the FIU and the Tax Authority for the purpose of exchanging information on AML/CFT. The CBR is, inter alia, an aggregator of data that are made available to the FIU. The cooperation among the two agencies takes different forms (see CP29). There is also multi-level cooperation among judicial, law enforcement, and financial regulatory authorities in AML/CFT. An example of this is the Interagency Working Group on Combating Illegal Financial Transactions, established by the president of the Russian Federation, and the Interagency Commission for Combating Money Laundering and Terrorist Financing, established by the Russian FIU. These coordinating bodies were created in order to promote effective cooperation and concerted action by all Russian anti-money laundering system participants, including through the involvement of the private sector. Close cooperation has also been established by law with the State Corporation Deposit Insurance Agency for issues relating to crisis prevention, bank resolution, and liquidation. The Federal Financial and Budget Supervision Service of the Minister of Finance provides the CBR with the information on external auditing companies, and the Minister of Internal Affairs assists the CBR in the domain of AML/CFT (data base of lost or fake IDs).
EC2	Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with relevant foreign supervisors of banks and banking groups. There is evidence that these arrangements work in practice, where necessary.
Description and findings re EC2	The legal basis for formal cooperation and for information sharing by the CBR with other supervisory authorities is found in Article 51 of the CBL. These provisions set the general conditions under which the CBR is authorized to exchange confidential information. The CBR has concluded 38 formal bilateral arrangements with supervisory authorities of foreign countries in the form of cooperation agreements, memoranda of understanding (MoUs), and statements of cooperation (SoCs) for information exchange. Most close cooperation links are established with supervisory authorities of the following countries: Austria, China, Cyprus, CIS countries (especially countries of the Eurasian Economic Union—Belarus, Kazakhstan, Kyrgyzstan), Germany, Hungary, Latvia. MoUs have also been signed with Italy, Sweden, Finland, and Norway. No MoU has been signed with France however while the country has an important presence through the Société Générale. Between 2012–15, there were around 1–2 visits a year from representatives of the main supervisors of banking groups and foreign banks with subsidiaries of credit institutions in the Russian Federation: Austria, Hungary, Germany, China, Kazakhstan, Latvia, and the Netherlands. There were also visits by representatives of banking supervisory authorities of Korea. These visits can be regular high-level meetings or meetings of experts. In addition, cooperation with the British supervisory agency and the U.S. Office of the Comptroller of the Currency (OCC) was arranged on the basis of the exchange of letters in 2007 and 2009 (these letters are not public). Also, cooperation with some European countries is carried out on an ad hoc basis given previous concerns of some European countries regarding the legal ability of CBR to protect confidential information. The CBL was amended in 2013 to address these concerns and the CBR informed about these amendments the Basel Committee on Banking Supervision and the European Banking Authority in due time. Furthermore, during 2014 the CBR continued its cooperation in staff training with foreign partners including the Deutsche Bundesbank, the Bank of France, the Bank of Finland, the Bank of Spain, the Central Bank of Brazil, the Financial Technology Transfer Agency (Luxembourg), the Financial Stability Institute of the Bank for International Settlements (Basel), and others. CBR inspections abroad have been extremely limited so far. In 2014 the CBR carried out an inspection of the Cyprian branch of a Russian credit institution. The representatives of the mission were informed in 2016 on the positive experience of the organization and the inspection itself.
EC3	The supervisor may provide confidential information to another domestic authority or foreign supervisor but must take reasonable steps to determine that any confidential information so released will be used only for bank-specific or system-wide supervisory purposes and will be treated as confidential by the receiving party.
Description and findings re EC3	Conditions for exchanging confidential information with domestic authorities Article 26 of the banking law sets the general principle on Bank secrecy. The CBR has no right to disclose or provide to third parties data obtained while performing functions defined by federal laws unless stated in federal laws. Article 57 of the CR law stipulates states that information on specific operations received from legal entities shall not be disclosed without the consent of the corresponding legal entity except for those cases stipulated by federal laws. According to these laws, the CBR is allowed to provide information, including confidential information, to courts and arbitration courts, to the Accounting Chamber of the Russian Federation, to tax and customs authorities, to law enforcement agencies, preliminary investigation bodies, FX control authorities, the Pension Fund, the Social Insurance Fund of the Russian Federation, and other institutions in cases specified by the legislation. Article 57 of the CBL also includes a reciprocal obligation of the CBR to keep confidential any information it receives in the context of these information exchange arrangements. Conditions for exchanging confidential information with foreign authorities The conditions for sharing confidential information with banking supervisors of foreign states are laid out in Article 51 of the CBL and Article 26 of the Law on Banks. The CBR has the right to provide to the central bank and (or) other supervisory authority of a foreign state in charge of banking supervision information and (or) documents that they need to exercise supervision, including those that contain bank secrecy data,19 received from credit institutions, banking groups, bank holdings, and other associations with participation of credit institutions. This covers information collected both during both offsite and onsite supervision. This general principle, however, does not apply for any information or data protected by State secrecy. Similar information exchange is also permitted by Article 26 of the banking law in the context of cross-border mechanisms for bank resolution. For example, the CBR can provide to home supervisors information contained in financial stability restoration plans for credit institutions that are part of a banking groups. The CBR provides such information and (or) documents to foreign authorities on the condition of reciprocity whereby the recipient country’s legal regime should provide equal protection to the information received from Russia and that the transmission to third parties cannot be permitted without the preliminary consent in writing of the CBR, except for cases when such information is provided to a court in a criminal case. The mission received a copy of a cooperation agreement signed with a foreign authority. It was observed that the arrangements include information in connection with the authorization and licensing process, cooperation on ownership control structure, cooperation on offsite supervision of parent institutions and cross-border establishments, information exchange for cross-border resolution, onsite inspections including mutual ones, AML/CFT, etc.
EC4	The supervisor receiving confidential information from other supervisors uses the confidential information for bank-specific or system-wide supervisory purposes only. The supervisor does not disclose confidential information received to third parties without the permission of the supervisor providing the information and is able to deny any demand (other than a court order or mandate from a legislative body) for confidential information in its possession. In the event that the supervisor is legally compelled to disclose confidential information it has received from another supervisor, the supervisor promptly notifies the originating supervisor, indicating what information it is compelled to release and the circumstances surrounding the release. Where consent to passing on confidential information is not given, the supervisor uses all reasonable means to resist such a demand or protect the confidentiality of the information.
Description and findings re EC4	CBR staff is bound by professional secrecy (CBL) and is not allowed to disclose confidential information received from domestic or foreign supervisory bodies, except in the condition stipulated by law. Further, the information received either by domestic or foreign entities should only be used for the performance of the CBR supervisory responsibilities. The information and/or documents received by the CBR from the foreign supervisory authorities may be provided to third persons, for instance law-enforcement bodies, only with the consent of the authority which provided this information, except for providing such information by court order for the proceedings of criminal cases. Requirements to confidentiality protection of information and documents set in cooperation agreements and MoUs also provide for non-disclosure of the received information to third parties without the prior written consent of the originating supervisor. It is also set that confidential information and documents should not be used without the prior written consent of the supervisory authority that provided it for purposes other than those for which it was requested and provided.
EC5	Processes are in place for the supervisor to support resolution authorities (e.g., central banks and finance ministries as appropriate) to undertake recovery and resolution planning and actions.
Description and findings re EC5	Cooperation with domestic resolution authorities The fundamentals of interaction between the State Corporation DIA and the CBR are established by Article 27 of Federal Law 177-FZ of December 23, 2003, “On Insurance of Household Deposits in Russian Banks.” This article also states that for the purposes of informational support of the deposit insurance system’s operation, the CBR shall send to the DIA banks’ reports and other necessary information. The framework within CBR and the Agency for information exchange and coordination of actions is defined by an agreement signed in 2014 that covers, inter alia, the insolvency (bankruptcy) of credit institutions. In addition, the Agency is entitled to propose that the CBR inspects a bank or takes measures against a bank. The CBR must reply to the DIA within 15 days on the decision to inspect a bank. Joint inspections by the CBR and DIA are allowed under direction 1542-U of the CBR of January 13, 2005 and Articles 27 and 32 of Law 177-FZ.20 These inspections are done in respect of matters concerning the extent and structure of these banks’ commitments with regard to depositors, insurance premiums’ payment, as well as these banks’ discharging of other duties established by this Federal Law and are conducted on a regular basis (scheduled) and unscheduled. When a bank exhibits serious sign of distress or constitutes a threat to the stability of the system or to the interest of depositors and creditors the CBR and DIA are authorized to implement rehabilitation measures to prevent the bank’s failure. The CBR can either submit a proposal calling for DIA’s participation in the bank or a proposal for the DIA’s participation in the settlement of a bank’s liabilities.21 The Plan has to be approved by the BSC. Moreover, during the implementation of the plan, the DIA sends to the CBR monthly reports. In 2014–15 27 banks underwent a resolution process. 45 were subject to a joint DIA—CBR review. Cooperation with foreign resolution authorities Pursuant to Article 51 of the Federal Law of the Central CBR and Article 26 of the banking law, CBR can provide the central bank and (or) another authority of a foreign state information contained in the financial stability recovery plans of parent banks or associations, except for the data constituting state secrecy. This process is done on the condition that the legislation of the foreign state stipulates the level of confidentiality for CBR’s documents at least matching the level envisaged by the Russian Federation or in compliance with the international treaties that may regulate these exchanges. This information cannot be shared with third parties without CBR’s consent, except for providing such information to court for criminal case proceedings. Supervisory colleges are also a conduit for cooperation with foreign supervisors. The CBR’s SIBS Department participated in the supervisory college organized by the home supervisor in 2014. The frequency of supervisory college meetings where CBR takes part as a host-member is defined by the home supervisory authority. The usual frequency is once a year or two.
Assessment of Principle 3	Compliant
Comments	The CBR is in a position to exchange information and to cooperate with home supervisors over Russian-based subsidiaries of foreign banks through a number of bilateral MOUs. Adequate information sharing arrangements are also in place with all relevant domestic authorities. As indicated above, the CBR has concluded 38 formal bilateral arrangements with supervisory authorities of foreign countries in the form of cooperation agreements, memoranda of understanding (MoUs), and SoCs for information exchange. It is noteworthy however that no MoU has been signed with France while in fact the country has an important presence through the Société Générale. During interviews, assessors were told that the authorities are satisfied with the quality and effectiveness of existing cooperation arrangements. One example of successful inter-agency cooperation is in the area of AML/CFT. As indicated under CP29, the cooperation between the CBR and the FIU led to the closure of Siberia’s largest illegal encashment center, carried out by the local law enforcement agencies, the main department of the CBR in the Kemerovo region and Rosfinmonitoring’s SFD Directorate. In 2014, the CBR revoked the licenses of two credit institutions of the Kemerovo region. The criminal investigation resulted in criminal charges being brought against one of these credit institution directors and the seizure of approximately RUB 3 billion worth of assets.22 Cooperation between the CBR and the DIA is also very good. On the international front, the previous 2008 FSAP observed that the text on information exchange with foreign supervisors as contained in the then Article 51 of the CBL prohibited provision of information on individual client transactions to foreign financial sector supervisor. This inability under Article 51 to exchange institution specific and client information left a large gap to be closed. A change in legislation has been made to achieve this. The Federal law 146-FZ of July 2, 2013 has introduced new language in Article 51 that lifted these restrictions. According to the new provision, the CBR is entitled to provide to foreign counterparts information or documents “including those that contain data constituting bank secrecy” provided that the authority receiving such information treats it with the same level of confidentiality as the Russian authorities and that the information does not constitute a state secret. Another legislative reform was made to explicitly empower the CBR to exchange information contained in financial recovery plans (except state secrets) with foreign resolution authorities. Considering the progress made by the Russian authorities in addressing previous flaws in the legal regime for cooperation and collaboration, the rating assigned in 2008 to this CP has been improved from “Largely Compliant” to “Compliant.” Recommendation: Establish a formal mechanism of cooperation with the French Supervisory and Resolution Prudential Authority.
Principle 4	Permissible activities. The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined and the use of the word “bank” in names is controlled.
Essential criteria
EC1	The term “bank” is clearly defined in laws or regulations.
Description and findings re EC1	The Russian regime as spelled out in the banking law defines a credit institution as a legal entity authorized to carry out banking operations to generate profit as the main goal of its activities, on the basis of a special permit (license) granted by the Central Bank of the Russian Federation. Under this law, all credit institutions fall into the following categories: (i) banks; (ii) nonbanking credit institutions; (iii) nonbanking credit institutions for money transferring without opening of account and (iv) nonbanking credit institutions—central counterparty. A bank is a lending institution that has the exclusive right to perform all of following banking operations: the drawing of deposits from individuals and legal entities the granting of loans; and the opening and operation of bank accounts for individuals and legal entities. Pursuant to Articles 5 and 13 of the banking law, attraction of deposits is permitted only for lending institutions with a bank status. A nonbank lending institution is a lending institution that has the right to perform certain operations only (stipulated by law), e.g., maintenance of bank accounts, money transfers services, cash services). They may also make loans to, and invest in natural persons and their activities. These institutions are licensed and supervised by the CBR.
EC2	The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined either by supervisors, or in laws or regulations.
Description and findings re EC2	Permissible activities of institutions that are licensed and subject to supervision as banks are defined under the banking law, Article 5 and include the following: attraction of funds for deposit from individuals and legal entities; placement of the attracted funds referred to under item 1; opening and maintenance of bank accounts for individuals and legal entities; performance of money transfers services, including correspondent banking; cash servicing for individuals and legal entities; purchase and sale of FX in cash and noncash forms; attraction of precious metals for deposit and the placement of precious metals; issuance of bank guarantees; and performance of money transfers services without the opening of bank accounts, including electronic funds (with the exception of postal money orders). In addition to banking operations, a lending institution has the right to perform the following transactions: (a) the issuing of sureties for third parties; (b) fiduciary management of funds and other property under a contractual arrangement with individuals and legal entities; (c) operations with precious metals and precious stones in accordance with the legislation of the Russian Federation; (d) leasing operations; and (e) provision of consulting and information services. A bank has also the right to engage in operations involving the issue, purchase, sale, discounting, and safekeeping of securities. Credit institutions are prohibited from engaging in production, trade and insurance activities, although these activities can be conducted by a sister-corporation under a common holding. Banking operations are performed solely on the basis of a license issued by the CBR following the procedure established by the banking law (see CP 5 for details).
EC3	The use of the word “bank” and any derivations such as “banking” in a name, including domain names, is limited to licensed and supervised institutions in all circumstances where the general public might otherwise be misled.
Description and findings re EC3	Article 7 of the banking law stipulates that “no legal entity in the Russian Federation, except for those who received a banking license from the CBR may use the word ‘bank’ or ‘credit organization’ in its name or indicate in any other way that the legal entity may carry out banking operations. Exceptions are the CBR and the Bank for Development and Foreign Economic Activity. As observed in the 2008 BCP report, there is no established system to monitor the illegitimate use of the word ‘bank.’ The CBR relies on external sources for media, and other sources. The CBR also regularly receives information about registered credit institutions and other legal entities from the Unified State Register of Legal Entities maintained by the Federal Tax Service.
EC4	The taking of deposits from the public is reserved for institutions that are licensed and subject to supervision as banks.23
Description and findings re EC4	In accordance with Articles 1 and 36 of the banking law, the Law on Deposit Insurance, and Chapters 8 and 14 of CBR Instruction 135-I of April 2, 2010,24 (referred to hereinafter as Instruction 135-I), a bank is granted the exclusive right to accept deposits from the public. A nonbank lending institution is not qualified to attract funds for deposit from individuals.
EC5	The supervisor or licensing authority publishes or otherwise makes available a current list of licensed banks, including branches of foreign banks, operating within its jurisdiction in a way that is easily accessible to the public.
Description and findings re EC5	In accordance with Article 13 of the banking Law and Instruction 135-I, licenses issued by the CBR are recorded in a register. Licenses granted by the CBR are made public by the CBR in an official publication (Bulletin of the CBR) at least once a year. Changes and additions to said register are published by the CBR within one month of the date they are made and are posted on a daily basis on the CBR’s website. An announcement of a lending institution’s state registration is also published in the Bulletin above mentioned.
Assessment of Principle 4	Compliant
Comments	There have been several cases of Ponzi schemes in Russia in recent years. According to the data from the Ministry of Internal Affairs of the Russian Federation, there were in 2014 more than 160 organizations that contained certain features of financial pyramids that caused harm to more than nine thousand people. The amount of loss suffered was estimated at RUB 1.7 billion. According the CBR, in none of these cases the perpetrators have used in one way or another, the word “bank,” “banking” to attract and defraud the customers.
Principle 5	Licensing criteria. The licensing authority has the power to set criteria and reject applications for establishments that do not meet the criteria. At a minimum, the licensing process consists of an assessment of the ownership structure and governance (including the fitness and propriety of board members and senior management)25 of the bank and its wider group, and its strategic and operating plan, internal controls, RM, and projected financial condition-(including capital base). Where the proposed owner or parent organization is a foreign bank, the prior consent of its home supervisor is obtained.
Essential criteria
EC1	The law identifies the authority responsible for granting and withdrawing a banking license. The licensing authority could be the banking supervisor or another competent authority. If the licensing authority and the supervisor are not the same, the supervisor has the right to have its views on each application considered, and its concerns addressed. In addition, the licensing authority provides the supervisor with any information that may be material to the supervision of the licensed bank. The supervisor imposes prudential conditions or limitations on the newly licensed bank, where appropriate.
Description and findings re EC1	Articles 56 and 59 of the law on the CBR establish that the CBR is the authority responsible for both licensing banks, and for regulating and supervising them. Article 59 provides the statutory requirements for the licensing of a bank. The CBR has the exclusive right for the issuance of bank licenses and no person shall engage in financial activities without a license issued by the CBR. Foreign banks wishing to establish a subsidiary on the territory of Federation of Russia need also to receive a license from the central bank. The same Article 59 grants to the CBR the power to suspend or reject an application. Article 74 of the same law that complements Article 59 stipulates that “the CBR shall be entitled to revoke the banking license of a credit institution on the grounds established by the Federal Law on “banks and banking activities.” The procedure for revoking a banking license shall be established by CBR normative acts.” It is noteworthy that according to the CBL, the Banking Supervisory Committee of the CBR is exclusively authorized to make decisions on banking license revocation. Under its supervisory capacity, the CBR has the power to impose limitations or additional requirements. The licensing process is under the responsibility of the licensing department, which focuses on two areas, licensing delivery as well as the authorization of major acquisitions and significant transfers of ownership on the one hand, and financial rehabilitation on the other. The department is also responsible for the maintenance of the State Registry of Legal entities. About 70 people—out of 135—are assigned to licensing activities. In practice, the licensing process is organized as follows. A prospective owner will submit a petition to the CBR territorial branch where the bank will be registered. The local CBR office does the primary vetting, including due diligence in relation to the business qualification, financial soundness, and integrity of the applicants. If the findings are positive, the petition will be forwarded to the CBR head office accompanied by a formal opinion from the head of the territorial branch. The final decision to grant a license rest with the BSC, and the Committee relies on the opinion issued by both the head of the local branch and the head of the licensing department; other departments can also voice their opinion. Once the final decision is made by the BCS, the file is submitted to the tax registration that will confirm the registration of the entity in the State Registration of Legal Entities and Individual Entrepreneurs (Article 12 of the banking law). The applicant has one month to pay the charter capital after which the formal licensing process will begin. The license is signed by one of the Heads of the CBR and forwarded to the head of the competent territorial branch who will formally hand over the license to the bank, which then will acquire the right to operate. Licenses issued to credit institutions are published by the CBR in its official publication (CBR Bulletin) at least once a year. It is directly prohibited for banks to exercise any other kind of activity besides the banking business. However, this prohibition does not apply to operations with financial derivatives – for example, clearing and factoring.
EC2	Laws or regulations give the licensing authority the power to set criteria for licensing banks. If the criteria are not fulfilled, or if the information provided is inadequate, the licensing authority has the power to reject an application. If the licensing authority or-supervisor determines that the license was based on false information, the license can be revoked.
Description and findings re EC2	Criteria for licensing banks are prescribed by the banking law (Articles 10, 11, 11.1, 14, 15, 16, 17, 18, and 23), in the CBL (Articles 4 and 56) and in the CBR Instruction 135-I (Chapters 2–8, 13, 14, 22, 23–28). They set the requirements to be met in order to obtain authorization for banking business. The most relevant information to be provided by the applicants are: article of association; appropriate information about fitness and propriety of the founders; documents containing information on the paid in capital of the bank; documents confirming the sources of funds contributed by individual founders; a business plan with exhaustive description of the activities to be performed, objectives, policy and strategy of the bank, financial forecast of development over a two-year period; a questionnaire of candidates to key positions (e.g., chief executive officer and chief accountant) to be filled personally by the candidates providing details about their professional backgrounds, education, lack of criminal records; description of the managing and organizational structure; auditor’s conclusions on the authenticity of the financial reports of the founders; and details on the lay-out of the premises of the future bank, etc. Based on the information mentioned above (the list is not exhaustive), CBR staff will do its due diligence prior to delivering a license. It will conduct a review of the validity and accuracy of the materials provided by the applicant. Attention will be paid to the professional qualification and reputation of the prospective founders. Their financial position will be reviewed carefully.26 The conditions for refusing (or revoking) a license are clearly stipulated in the law, for example if the applicants submitted false information (Article 16 of the banking law), or if the nominees proposed for senior management positions do not meet the professional requirements set in the law or fail to meet the fit-and-proper requirements (e.g., conviction for intentional crimes). There are other situations where a banking license can be refused. For example, if a nominee has committed more than three times within the year preceding the day of submitting the application27 an administrative offence in the area of finances, taxes and duties, insurance, securities market, or business activity. Another example is the case where the nominee has been found guilty of bankruptcy of a legal entity in the five years preceding the day of the submission of the applications. During the interview, the assessors asked whether an unrealistic business plan could lead the CBR to reject an application since such a circumstance is not explicitly contemplated in Article 16 of the banking law. It was indicated that the CBR could base its decision on paragraph 3 of Article 16 according to which a license should be denied in case of “non-compliance of the documents filed with the CBR” for obtaining a license. The founders of a lending institution are notified in writing of a decision to refuse to proceed with the state registration of the lending institution and to issue a banking license to the lending institution. The reasons for the decision must be provided. In practice, the due diligence process is performed as follows. The CBR will review fit and proper requirements as well as the professional qualifications that have to be met on an ongoing basis (Article 16 of the banking law). These checks will apply to both individuals as well as to the beneficial owners of a legal entity owning more than 10 percent of the capital. If the applicants/founders are found not to be fit anymore, the CBR can require their replacement. To verify that the applicants do not have any criminal records or have no previous disqualification, the CBR has the power to consult the Tax administration, the Ministry of Interior affairs, and request any specific information to external parties including foreign counterparts (e.g., bank supervisors, Interpol). While it is usual practice to meet the applicants at the branch office, such meetings are rarer at the Head office. Over the past five years, 49 applications for commercial banking licenses have been received by the CBR from domestic entities. The CBR refused state registration to 25 credit institutions (four of them twice), because of the founders’ unsatisfactory financial standing and the non-compliance of documents. Also, eight applications for commercial banking licenses have been received from foreign entities and all have been processed. There have been, however, multiple revocations of licenses (see CP 11 for details).
EC3	The criteria for issuing licenses are consistent with those applied in ongoing supervision.
Description and findings re EC3	Licensing criteria are consistent with ongoing supervision and need to be met throughout the life of the bank. Criteria include complying with executives to meet fit and proper criteria, the entity to meet prudential standards, have adequate internal control and RM systems in place, adequate human resources, etc. It is also noteworthy that pursuant to Article 44 of the law on deposit insurance, a bank petitioning for a permit of the CBR, shall be deemed to satisfy the requirements with regard to the participation in the deposit insurance system. Permission will be given if (i) the bank’s recording and reporting is deemed reliable by the CBR; (ii) the bank adheres to the obligatory normative standards established by the CBR; and (iii) if the bank’s financial stability is deemed sufficient by the CBR.
EC4	The licensing authority determines that the proposed legal, managerial, operational and ownership structures of the bank and its wider group will not hinder effective supervision on both a solo and a consolidated basis.28 The licensing authority also determines, where appropriate, that these structures will not hinder effective implementation of corrective measures in the future.
Description and findings re EC4	Pursuant to the banking law and the CBR Instruction 135-I, a candidate for a license has to submit a set of materials, including but not limited to, the charter and/or founding agreement of the aspiring lending institution, its business plan, and documents concerning candidates for the lending institution’s senior management positions. The bank’s charter must contain, among others, (i) the company name; (ii) an indication of its organizational-legal form; (iii) information about the address (location) of the management bodies and separate subdivisions; (iv) a list of banking operations and transactions to be performed; (v) a business plan; and (vi) information about the system of management. In light of the information provided by the applicant, the organizational structure of the bank is vetted both in terms of the management structure of the organization and the capacity of the structure to facilitate sound RM and internal control systems. The CBR reviews all relevant data comprising, inter alia, a description of the managing and organizational structure including the activities of individual organizational units, distribution of responsibilities among managing directors and other administrators, organization and management of the bank’s information system, etc. The CBR process also entails the analysis of the business plan with a focus on the activities to be performed, customer and product structure, objectives, policy and strategy of the bank, and financial forecast. During this process, attention will also be given to information about the bank’s participation in banking groups and bank holding companies, as well as information about the founders (partners) and their groups, with the view to identify persons who are not founders (partners) of the lending institution but who have the ability, directly or indirectly, to exert a significant influence on the decision-making process of the institution’s management bodies (see CBR Directive 1176-U). In conclusion, the CBR has the power to determine whether the ownership structure of the bank can hinder effective supervision or hinder effective implementation of corrective measures in the future. Both the banking law and other regulations provide sound legal basis for the CBR to exercise judgment of whether proposed structures will inhibit effective supervision.
EC5	The licensing authority identifies and determines the suitability of the bank’s major shareholders, including the ultimate beneficial owners, and others that may exert significant influence. It also assesses the transparency of the ownership structure, the sources of initial capital and the ability of shareholders to provide additional financial support, where needed.
Description and findings re EC5	The requirement for assessing the suitability of banks’ major shareholders and others that may exert significant influence can be found in different norms, the banking law (Articles 11, 16), the Ordinance 2005-U, the CBR Regulation 354-P and CRB Regulation 408-P. Based on the current regulation, only shareholders with stakes higher than 10 percent should be vetted. This threshold has been lowered from 20 to 10 since the last BCP update in 2011. Shareholders with interests of more than 1 percent are required to inform the CBR of their acquisition. Holders of 10 percent or more of stock in a credit institution need to obtain permission from the CBR to obtain these shares. Criteria include a stable financial situation and business activity for at least three years. In accordance with the regulation, a founder or shareholder with more than 10 percent of the shares of a credit institution shall also have sufficient own resources to contribute to the charter capital of the credit organization and have a stable financial position. Grounds on which permission can be refused by the CBR include an unsatisfactory financial position, violation of anti-monopoly rules, conviction of fraudulent bankruptcy, or having caused damage to a credit institution where the acquirer of the shares had been employed earlier. Financial suitability (financial condition) of shareholders is assessed also on the basis of the Regulation 415-P of February 18, 201429 that sets the condition of banks to join the Deposit Insurance System. In accordance with Article 44 of this law, banks that are participating in the safety net mechanism must meet the requirements imposed by the CBR for transparency of the ownership structure and also comply with the procedure established by the CBR on disclosure of persons having control or exercising a significant influence over the bank. Moreover, a recent directive issued in 2014 by the CBR 3277-U30 provides further guidance on the evaluation to be made by CBR staff of a set of indicators or indices of transparency in ownership structure. These indicators relate to the following: (i) sufficiency of the information disclosed about the bank’s ownership structure in accordance with federal laws and regulatory acts of the CBR (indicator PU1); (ii) availability of information about persons controlling the bank or with a significant influence (PU2); and (iii) significance of the influence of residents of offshore zones on the bank’s management (PU3). The evaluation of these indices is performed on the basis of the method presented in Annex 9 to CBR Ordinance 2005-U. While these indicators among others are used for determining bank’s financial position, there are also relevant for licensing purposes, according to the CBR. The mission was informed that sources of funds to be used as capital is verified by the CBR. As stipulated in the banking law (Article14, Section 7), in order to obtain a state registration and a banking license, the applicant must submit to the CBR a document (according to a list established in CBR regulatory acts) confirming the origin of funds contributed by its founders to its authorized capital. Besides, onsite inspection can be carried for control of legitimacy of payment by acquirers of shares of credit institution as stipulated in Item 17.6 of Instruction 135-I. It is required by law that banks should disclose on their website information about the persons which exercise control or exercise significantly influence on the bank.
EC6	A minimum initial capital amount is stipulated for all banks.
Description and findings re EC6	The law stipulates that banks must have a minimum initial capital of at least RUB 300 million. To obtain the right to attract individuals’ funds on deposit, a newly registered bank (bank for which less than two years have passed since its date of state registration) must have authorized capital (equity/capital) of at least RUB 3.6 billion.
EC7	The licensing authority, at authorization, evaluates the bank’s proposed board members and senior management as to expertise and integrity (fit and proper test), and any potential for conflicts of interest. The fit and proper criteria include: (i) skills and experience in relevant financial operations commensurate with the intended activities of the bank; and (ii) no record of criminal activities or adverse regulatory judgments that make a person unfit to uphold important positions in a bank.31 The licensing authority determines whether the bank’s board has collective sound knowledge of the material activities the bank intends to pursue, and the associated risks.
Description and findings re EC7	The persons performing administrative, managerial or control functions (which include board members, senior managers, chief accountants and their deputies) according to Article 60 of the CBL must satisfy the experience and integrity requirements established by Article 60 of the CBL, Article 16 of the banking law (that was introduced in 2013) and CBR Regulation 408-P.32 These requirements are also applied to the managers and chief accountant of branches. It is also important to note that, in accordance with the requirements established under the new Article 111-2 of the Banking law (introduced in 2013), persons holding the position of manager of the RM function, manager of the internal audit function, or manager of the internal control function must meet the business reputation requirements established by the banking law as well as the qualifications requirements established by CBR Directive 3223-U of April 1, 201433 (e.g., a higher education in law, economics or in relevant fields, and qualifications in the area of RM/internal control, and/or auditing, as well as professional experience). The banking law stipulates in its Article 14 (8) the different steps to be followed to assess conformity with fit and proper requisites. A questionnaire needs to be filled out by candidates for the positions mentioned above. The questionnaire requires information about education and experience in relevant fields, as well the absence of a criminal record. For CBR’s review, supporting documents will be submitted, including the original of a statement of the existence (absence) of a conviction issued by the Russian Federation Ministry of Internal Affair and any other supporting documents proving the level of education of the applicants (university degree, advanced training certificate). According to Article 16 of the banking law, the license can be denied if the nominees lack a university educational level in law, economics, or finance, or does not have senior banking experience, or have been convicted of an economic crime or administrative offence, has been dismissed from a previous position within two years prior to the nomination from a position in bank management, and lacks sufficient business reputation. The CBR evaluates the applications and may conduct its own investigation. The assessment of expertise and integrity obligations is performed according to the requirements of the Chapter 2 of the Regulation 408-P. If the requirements are not satisfied by the applicants, the CBR should deny the license. The quality of members of the executive bodies and other key corporate officers (e.g., chief accountant and its deputies) is evaluated by the CBR not only on the basis of the information provided by aspiring banks but also in light of other sources of information available, including external sources. Article 60 of the CBL empowers the CBR to contact and solicit information to the “federal bodies of executive powers” (see EC 2). In accordance with Article 75 of CBL and Regulation 408-P (Chapter 5) CBR (regional CBR offices) keep a database on the persons who occupy the positions specified in Article 60 of CBL (nominees for said positions), the other employees of credit institution, and the other persons whose activities are conducive to the deterioration of the financial state of a credit institution or to the breach of the legislation of the Russian Federation and normative acts of the CBR. For the purposes of keeping the database, the Bank of Russia is entitled to request information from federal executive governmental bodies, the territorial bodies thereof, and from legal entities. The CBR keeps track of the identities of senior managers and board members that have been proven unsuitable. Ordinance 3624-U of April 15, 2015 setting the requirements for risk and capital management defines the expectations in terms of a board member’s duties. The latter should understand the material activities that the bank intends to pursue, and the associated risks and set appropriate limits and policies commensurate of the bank’s business (see CP 15 more details).
EC8	The licensing authority reviews the proposed strategic and operating plans of the bank. This includes determining that an appropriate system of CG, RM, and internal controls, including those related to the detection and prevention of criminal activities, as well as the oversight of proposed outsourced functions, will be in place. The operational structure is required to reflect the scope and degree of sophistication of the proposed activities of the bank.34
Description and findings re EC8	In the banking law, Article 14, prospective banks should submit to the CBR a set of documents to support their request for a license. The procedure for the preparation of a business plan and the criteria for its evaluation are established by regulatory acts of the CBR (Directive 1176-U). This includes (i) a business plan with exhaustive description of the activities to be performed, customer and product structure, objectives, policy, and strategy of the bank, financial forecast of development over a three-year period; (ii) the organizational structure; and (iii) information on the internal audit function and risk management functions. A business plan is the document to be approved by a general meeting of a lending institution’s founders (partners) for the next two years, at a minimum, and should contain the proposed program of action for the prospective bank, including the parameters (indicators) and expected results that will enable the CBR to evaluate bank’s ability to ensure financial stability and profitability, among other things. To this end, the applicants are required to submit the following information: estimated balance sheet; structure of assets and liabilities; expected financial forecast; estimated profitability; and projection of compliance with required ratios and reserve requirements. At its own discretion, a bank may also present projected indicators for a longer period than two calendar years. On the basis of these estimated indicators, an analysis is performed by CBR staff about the business operations, the sectors of activity, operations, and services in which the bank intends to engage in. Particular attention is given to the volume and structure of projected income, expenses, and profit. In addition to financial information, the process requires submission of policies and procedures for CG, RM, and internal controls. The CBR seeks to ensure that the CG, RM, and internal controls are commensurate with the planned scale and complexity of the proposed banking activities.
EC9	The licensing authority reviews pro forma financial statements and projections of the proposed bank. This includes an assessment of the adequacy of the financial strength to support the proposed strategic plan as well as financial information on the principal shareholders of the bank.
Description and findings re EC9	As indicated above, the CBR requires applicants to provide financial forecasts and calculations of capital adequacy. Part of this involves assessing the bank’s ability to reach and maintain profitability and to comply with the prudential rules during the start-up of operations. The CBR assesses the viability and sustainability of the proposed business plan, having regard to the strategy, organizational structure and volumes of business that the bank proposes to achieve and the expected outturn.
EC10	In the case of foreign banks establishing a branch or subsidiary, before issuing a license, the host supervisor establishes that no objection (or a statement of no objection) from the home supervisor has been received. For cross-border banking operations in its country, the host supervisor determines whether the home supervisor practices global consolidated supervision.
Description and findings re EC10	The procedure for the registration of lending institutions with foreign investments is established by CBR Regulation 437 of April 23, 1997.35 In accordance with the provisions of Chapter 2 of this regulation, the set of documents submitted to the CBR by prospective applicants includes written consent from the relevant home supervisor of the foreign legal entity for the participation in the initial capital of a lending institution located in the Russian Federation. It is worthwhile noting that credit institutions with a general license may set up branches or subsidiaries in a foreign state after obtaining permission from the CBR, and representative offices after notifying the CBR. The CBR shall inform the applicant in writing, no later than within three months from the moment of receiving the respective request, of its consent or refusal. The refusal shall be well-grounded. If the CBR fails to inform of the decision within the specified term, the respective permission of the CBR shall be considered obtained. (Article 35 of the banking law). The mission could not confirm whether, in the course of the licensing process, the CBR determines if the home supervisor practices global consolidated supervision.
EC11	The licensing authority or supervisor has policies and processes to monitor the progress of new entrants in meeting their business and strategic goals, and to determine that supervisory requirements outlined in the license approval are being met.
Description and findings re EC11	Based on the discussion with the CBR, it was not clear whether the CBR has established policies and processes to monitor the progress of new entrants in meeting their business and strategic goals, and to determine that supervisory requirements outlined in the license approval are being met.
Assessment of Principle 5	Largely Compliant
Comments	The Russian licensing regime for banks appears to be exhaustive. The legal and regulatory framework provides the CBR a set of instruments and tools to ensure that the licensing process is sound. The CBR retains adequate powers to require applicants and potential shareholders to submit all information required. In particular, the CBR makes sure that applicants submit, among other things, financial and business reputation information on the founders of the bank, the ownership structure of the bank, including information on the group, as appropriate. Further, the mechanisms for evaluating the business reputation of persons serving in the management bodies of lending institutions, including major owners of lending institutions is done at the licensing stage but also during the life cycle of the bank. Applicants must be fully current in any tax payments. Management and board members must meet fit and proper qualifications, including the absence of a criminal record. In that regard, in past FATF mutual evaluations, the Russian Federation was criticized for being vulnerable to criminal ownership of financial institutions.36 In 2013, amendments to the law were made to tighten the requirements for the senior managers, board members, and the founders (shareholders) of credit institutions. The threshold for approval of shareholders has therefore been lowered from 20 percent to 10 percent, improving the conditions to verify transparency in ownership structure. In its licensing process, the CBR also informed the mission that all efforts were made to ensure transparency in ownership structure of applicants. Over the past 5 years, the CBR registered 31 newly established credit institutions, of which 7 with the participation of foreign capital. In all cases, the CBR did not encounter problems in identifying the UBO. Nevertheless, there are a few aspects described below that would merit attention or further consideration from the authorities. The persons performing administrative and managerial functions (which include board members and senior managers) must satisfy the experience and integrity requirements established by Article 16 of the banking law. However, the mission observed the following aspects: The professional qualifications required for applicants could be strengthened. According to the banking law, Article 16, a prospective candidate for a banking license must have proper education background (e.g., a university degree in relevant fields) as well as at least one-year working experience in managing a credit institution and, in the absence of a “special education,” at least two-year working experience. It is a fact that there is no particular standard when it comes to the minimum qualification required for such positions and there are countries where the law does not require anything. But there are also instances where the minimum years of previous experience is higher than one year.37 Even though longer professional exposure does not necessarily guarantee the true suitability of a candidate, a threshold of one year may send a wrong signal that fit-and-proper requirements are not so important. Assessors are of the view that the high number of licenses revoked in Russia for mismanagement over the past years militates in favor of stricter requirements in that regard. The authorities are encouraged to reconsider the minimum legal requirement. In the same vein, according to the banking law, a nominee who has been found guilty of mismanagement (e.g., for causing the bankruptcy of a legal entity) in the five years preceding the day of submitting a petition for a license does not meet the criteria for business reputation. This seems to suggest that conversely, a person who mismanaged a company six years before petitioning is eligible for a bank license. The same holds true for nominees having committed no less than three times within the year preceding the day of submission an administrative offense in the area of finances, taxes, insurance, and securities market. In that regard, the mission welcomes the proposed revision of Federal Law 779566–6 to expand the term of prohibition to take a position of senior managers specified in Article 60 of CBL for persons found guilty of misconduct causing bankruptcy of legal entity, revocation of license of the credit institution, appointment of temporary administration, and other law violations from five to ten years. While the licensing procedures are thorough, in the case of incoming branches or subsidiaries of cross-border banking groups, the mission was not able to determine that the CBR routinely establishes whether the home supervisor practices global consolidated supervision (please see also CP12). The mission recognizes, however, that, at present, there are restrictions on foreign establishments in the Russian Federation. Once the license has been issued, there is no specific mechanism to monitor the progress of new entrants in meeting their business and strategic goals, and to determine that supervisory requirements outlined in the license approval are being met. Recommendations: The Russian authorities may wish to consider the following: amend the banking law to establish a life ban from the banking industry of people who have committed gross and recurrent violations;38 establish formal procedures to subject the newly established bank to follow up close offsite supervision and if necessary onsite inspection to ascertain that the bank is performing according to the terms and conditions of the license; establish formal mechanism at the CBR head office level for interviewing applicants. The content and objective of these interviews should also be specified; when a new bank belongs to a group, ensure that controlling/parent entity closely follow the performance of the new entrant.
Principle 6	Transfer of significant ownership. The supervisor39 has the power to review, reject and impose prudential conditions on any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties.
Essential criteria
EC1	Laws or regulations contain clear definitions of “significant ownership” and “controlling interest.”
Description and findings re EC1	The regime regarding transfer of significant ownership is governed by several provisions of the CBL, the banking law and CBR instruction 146-I of October 25, 2013 on “the procedure for receiving the CBR’s consent to acquisition of credit institutions’ shares”. Other relevant norms include CBR Regulation 2005-U and Regulation 345-P. These provisions empower CBR to (i) approve such transactions; (ii) lay out the criteria for approval of the transfer; (iii) stipulate the grounds for rejection of the transaction; and (iv) describe the possible sanction of an ownership interest gained without going through the regulatory process (Article 11 of the banking law). There is no specific definition of “qualifying interest” in the Russian law but it is understood that any acquisition of voting rights above 10 percent provides such qualification. A controlling interest is not defined either but it is also understood as a relationship in which a shareholder owns directly or indirectly the majority of voting rights (more than 50 percent), and de facto determines the policies or practices of the institution, or exercises control over it. CBR Instruction 146-I and other relevant norms40 refer in fact to the notions of control and significant influence as defined by the International Financial Reporting Standard (IFRS) 10 on Consolidated Financial Statements and IAS 28 on Investments in Associates and Joint Ventures. As indicated by the CBR, these criteria are dominant in deciding whether an investor is exercising control and/ or material influence. However, other evidence may also be taken into consideration to demonstrate the materiality of significant ownership. The concept of a group of persons/ entities is established in Article 9 of the Federal Law On Protection of Competition.
EC2	There are requirements to obtain supervisory approval or provide immediate notification of proposed changes that would result in a change in ownership, including beneficial ownership, or the exercise of voting rights over a particular threshold or change in controlling interest.
Description and findings re EC2	The regime contains provisions whereby changes in ownership or the exercise of voting rights over a certain threshold require CBR intervention. Such changes are made upon the written approval of the CBR issued in accordance with the Instruction 146-I, which gives the CBR to power to enforce the “fit and proper” requirement in case significant transfer of ownership has not been vetted by the CBR (Chapter 3 of the Instruction). As set forth in CBR Instruction 146-I and Article 11 of the banking law, a preliminary consent of the CBR is needed when the holdings of a natural or legal person are reaching or exceeding the thresholds of 10 percent of the shares. The same approval is required when holdings of the same persons mentioned above are becoming “qualifying.” In effect, as detailed below, the CBR’s preliminary consent is required when a buyer (legal entity or an individual) or a group of persons41 intend to acquire: more than 10 percent but not more than 25 percent of the stock of a lending institution; more than 10 percent but not more than one-third of the shares of a lending institution; more than 25 percent but not more than 50 percent of the stock of a lending institution; more than one-third but not more than 50 percent of the shares of a lending institution; more than 50 percent but not more than 75 percent of the stock of a lending institution; more than 50 percent but not more than two-thirds of the shares of a lending institution; more than 75 percent of the stock of a lending institution; more than two-thirds of the shares of a lending institution. For changes not exceeding 10 percent of holdings, a simple notification to the CBR is required. Instruction 146-I also defines circumstances for which a prior consent of the CBR will be needed. This includes entry of the credit institution’s shares into the authorized capital of legal entities which are not credit institutions (Section 1.1.7—see CP 7) or the acquisition of ownership by way of legal succession, as a result of reorganization of the credit institutions’ shareholders (partners) in the form of affiliation, branching off, division or merger. There are also cases for which subsequent consent from the CBR are necessary. It is the case for example where the establishment of control over the credit institution’s shareholders is effected in case of the public placement of shares. The petition for obtaining CBR prior consent should be submitted to the competent department at the CBR’s territorial institution that will perform the primary diligences and vetting process. A petition for CBR’s preliminary or subsequent consent for acquisition of shares by a non-resident legal or natural person shall be filed directly to the Licensing department of the CBR.
EC3	The supervisor has the power to reject any proposal for a change in significant ownership, including beneficial ownership, or controlling interest, or prevent the exercise of voting rights in respect of such investments to ensure that any change in significant ownership meets criteria comparable to those used for licensing banks. If the supervisor determines that the change in significant ownership was based on false information, the supervisor has the power to reject, modify or reverse the change in significant ownership.
Description and findings re EC3	As a result of the quality assessment of the proposed acquirer, the CBR will issue or refuse to issue the permission. Clearance will be given only if the CBR is assured of the suitability and adequacy of the quality of the proposed acquirer, including its financial strength and qualified experience. In that respect, CBR due diligence will be comparable to those applied for licensing. Pursuant to Regulation 146-I, the CBR assesses the petition and makes a determination based on a set of materials to be produced by the petitioner. The CBR staff pays due consideration to the financial position of the acquirer and to its business reputation (Chapter 3; also Article 11 of the banking law). The CBR will complete its evaluation of the project within ten calendar days from the day of obtaining the above enquiry. According to Article 11 of the banking law, as well as item 8.1 of Instruction 146-I, the CBR has the right to reject any proposal for a change in significant ownership or controlling interest in cases stipulated in the regulation: for example, if the financial standing of the acquirer is found to be unsatisfactory or if he has an unsatisfactory business reputation. The refusal can also be made in case of violation of antimonopoly rules and if the petitioner has been found guilty of causing losses to any lending institution in the performance of his duties as a member of the BoD, as the chief executive officer or a deputy chief executive officer, and/or as a member of a collegial executive body (executive board, senior management). The regulation also states that there are other grounds provided for by federal laws and regulatory acts of the CBR on which a rejection can be made. It can be inferred from this that the CBR can exercise its prudential judgment for assessing the project and rejecting a petition that may weaken bank’s depositors’ interest. This point was confirmed to the assessors during the mission. No later than 30 days after the receipt of a petition, the CBR is obliged to notify the applicant in writing of its consent or refusal. Should the CBR fail to make its decision known within the period indicated above, the corresponding transaction is deemed to be approved. As stipulated in the banking law (Article 11), the CBR is empowered to reverse a change that was based on false information. There are two ways to go about it (see EC 4 below). In 2015, territorial branches of the CBR issued 337 decisions in relation to transfers of ownership, of which 141 were rejected. The decisions (authorization or refusal) are captured in a registry along with the reasons for rejecting the petition. There is also a weekly reporting of all major transfers to CBR senior management.
EC4	The supervisor obtains from banks, through periodic reporting or onsite examinations, the names and holdings of all significant shareholders or those that exert controlling influence, including the identities of beneficial owners of shares being held by nominees, custodians and through vehicles that might be used to disguise ownership.
Description and findings re EC4	The reporting mechanism to the CBR is spelled out in Instruction 135-I that establishes the procedure for submitting information on shareholders to a regional office of the CBR. For a credit organization having the form of a joint-stock company, the reporting should include a list of participants in the bank. Any change that has occurred in the composition of the shareholders accounting for over 1 percent of the credit organization’s charter capital has to be reported within ten calendar days after the end of the quarter. All shareholders with a stake of more than 1 percent must be included, as well as beneficial owners. For a lending institution operating as a limited liability company, the report to the regional office of the CBR should include a list of participants. If a change has occurred in the composition of participants in the credit organization and/or the amounts of their stakes has changed, the information has to be reported within 10 calendar days after the time of the change, together with properly attested copies of documents confirming the acquisition of shares in the charter capital of the credit organization. In addition, the Law on Deposit Insurance,42 which regulates the transparency of ownership of insured institutions, is an important step forward in promoting greater transparency in banks’ ownership. CBR is entitled to obtain from banks that are participants in the deposit insurance system information about their ownership structure, including the ultimate beneficiaries, and to monitor on an ongoing basis the transparency of the ownership structure of these banks. Also, through the Directive 3277-U, the CBR has developed indicators for assessing transparency of the ownership structure and the methodology for their evaluation.
EC5	The supervisor has the power to take appropriate action to modify, reverse or otherwise address a change of control that has taken place without the necessary notification to or approval from the supervisor.
Description and findings re EC5	The banking law (Article 11–3 introduced in 2013) contains some enforcement provisions that allow the CBR to address changes of control above 10 percent that were not vetted by the CBR. In that case, the CBR can issue an order requesting the acquirer to submit a formal request to the CBR. This order will be sent to the interested parties no later than 30 days from the date on which the violation is discovered. The acquirer is required to correct the situation within 90 days of the date such a document is received. In the meantime, the acquirer has the right to vote only on the credit institution’s shares that do not exceed 10 percent. The remaining shares that have been wrongly acquired are not voting shares and are not taken into account in determining a quorum at the general assembly’s meeting. If the CBR order is ignored or not observed within the established deadline, the supervisor is entitled to turn to the court to nullify or rescind the voting rights in question. In that regard, it is important to note that Article 168 Civil Code (CC) provides that a transaction that does not meet the requirements of the law or other legal acts is null and void. During the discussion with the authorities, the mission was told that all CBR’s orders were followed in one way or another.
EC6	Laws or regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest.
Description and findings re EC6	There is no such requirement in the Russian law. However, as indicated by the authorities, within the context of the disclosure of information by lending institutions about the ownership structure, the CBR monitors changes in the composition of the stockholders of lending institutions and their ultimate owners.
Assessment of principle 6	Compliant
Comments	As described above, Regulation 146-I sets the procedure for preliminary approval by the CBR for the purchase of qualified holdings of credit institutions (over 10 percent) and establishment of direct or indirect control in respect to shareholders. On the basis of this law amended in 2013, if more than 1 percent of the shares of a credit institution is acquired, the CBR will need to be notified. If more than 10 percent is acquired, the CBR needs to give prior consent (Article 1). Prior consent is again required when 25 percent, 33 percent, 50 percent, 66 percent, and 75 percent are acquired. The Law also lays out the grounds for refusal, which are very broad and contain references to business reputation, previous convictions, lack of relevant education or experience. These same grounds can also be used to refuse a managerial or board position, or other controlling positions. Another important norm is provision 415 of February 2014 that establishes the procedure and criteria of financial standing of legal entities, individual shareholders, and individuals who enter into transactions aimed at acquiring qualifying interest and/or control. The possibility to reverse changes that were not approved by the CBR has also been introduced in the law. According to the CBR, in evaluating the project leading to the transfer of significant ownership or controlling interests, the competent CBR department applies the same requirements as required for licensing. In particular, the mission was told that attention is paid to the financial condition of the petitioner. The latter is required to demonstrate that his financial position is strong and that he has enough funds to acquire the intended qualifying interests. In the 2008 BCP report, several recommendations were made to streamline the vetting regime for transfer of significant ownership. It particular, it was suggested that, although the system for vetting of shareholders was reasonably effective, the rules could be made more clear, and the threshold of 20 percent should be lowered to at least 10 percent. As discussed under EC1, this threshold has been lowered to 10 percent. It was also observed at that time that the power to take appropriate action to modify, reverse, or otherwise address a change of control that had taken place without the necessary notification of the supervisor was based on some general provisions in the Civil code that did not provide a strong legal basis.43 This deficiency has also been addressed. A new provision has been included in Article 11 of the banking law in 2013 that empowers the supervisor to address changes of controls that were not vetted by the CBR. In light of the above improvements, this CP is rated “compliant.” Recommendation: Include an explicit requirement obliging banks to notify the supervisor as soon as they become aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest.
Principle 7	Major acquisitions. The supervisor has the power to approve or reject (or recommend to the responsible authority the approval or rejection of), and impose prudential conditions on, major acquisitions or investments by a bank, against prescribed criteria, including the establishment of cross-border operations, and to determine that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision.
Essential criteria
EC1	Laws or regulations clearly define: (a) what types and amounts (absolute and/or in relation to a bank’s capital) of acquisitions and investments need prior supervisory approval; and (b) cases for which notification after the acquisition or investment is sufficient. Such cases are primarily activities closely related to banking and where the investment is small relative to the bank’s capital.
Description and findings re EC1	The rules governing the conditions to approve or reject major acquisitions or investments by a bank can be found in the banking law (Article 11) as well as in CBR Regulation 290-P. According to Article 11 mentioned above, a prospective investor (e.g., a bank) should obtain prior consent of the CBR before acquiring more than 10 percent of shares in a credit institution and (or) establishing control over the shareholders. A notification of the CBR is required if the acquisition is between more than 1 percent and less than 10 percent of shares. CBR’s consent to a transaction aimed at acquiring more than 10 percent of capital in a credit institution may be obtained after the transaction if the acquisition of shares or controlling stakes are made through a public offering. However, there is no requirement that banks seek approval for significant acquisitions of nonbank financial institutions44 and the CBR is therefore unable to analyze impact of nonbank investments on the bank’s financial position. The conditions for investing in foreign banks and for establishing subsidiaries within foreign states are stipulated in detail in Article 35 of the banking law and the Regulation 290-P. A bank is required to report to the CBR on acquisition of shares in a foreign subsidiary within two months from the date of the acquisition. A bank is required to notify the CBR within 15 business days of any subsequent change in the size of its stake in the statutory capital of a nonresident subsidiary (indicating the absolute amount and the amount expressed as a percentage). If through disposal of shares or in another way a bank loses the status of parent company, the bank must also notify the CBR within 15 business days. Regulation 290-P also requires that the economic justification for the establishment of a subsidiary abroad must contain information on the system of RM on a consolidated basis, with consideration for the activity of the foreign subsidiary organization. If the RM system does not satisfy the goals of consolidated supervision, the CBR may refuse a permit. In addition, to acquire a permit to create a subsidiary organization in a foreign state a bank must provide its written consent to an examination of the subsidiary organization by ARs of the CBR. In the case the CBR detects that a buyer of shares in a credit institution has acquired controlling stakes without the vetting of the CBR, the CBR is empowered to instruct the bank to correct the violation either by obtaining CBR subsequent consent for the acquisition or to dispose shares. In case the buyer failed to timely fulfill CBR’s instruction, the CBR is entitled to file a claim for invalidation of the acquisition aimed at acquiring over 10 percent of shares in the bank.
EC2	Laws or regulations provide criteria by which to judge individual proposals
Description and findings re EC2	The conditions for judging individual proposals for major acquisitions are laid out in banking law Article 11. The CBR shall carry out an assessment based on the documents and information provided by the proposed acquirer, as well as on the basis of other information and documents. CBR will issue the approval having regard to the potential influence of the proposed acquirer on the credit institution in order to ensure its sound and prudent management. Due consideration will be paid to the suitability and financial soundness of the proposed acquirer. The authorization can be refused based on each of the following criteria: the reputation of the proposed acquirer; the financial soundness of the proposed acquirer; and the reputation and experience of the members of the management boards. Full list of documents required for major acquisitions proceeding is stipulated in several norms: (i) CBR Instructions 146-I; (ii) Regulations 415-P and 416-P (18.02.2014); and (iii) Regulations 408-P (25.10.2013). Major acquisitions file generally contains: petition of the acquirer for acquisition of more than 10 percent of share capital of credit institution; constituting documents and general info on acquirer (by-laws, certificate of incorporation, etc.) and shareholders list; information on ownership structure, including UBO; documents for financial standing assessment (i.e., annual and management reports, tax certificate, adjusted net assets calculation, etc.); antimonopoly conclusion on proposed acquisition; documents for business reputation assessment (profile and correspondent certificates) for legal entities and individuals (e.g., senior management of the acquirer). During the period from 2014 to the present the CBR has taken a total of 724 such decisions, including 437 in which approval was granted and 287 in which petition for approval was rejected.
EC3	Consistent with the licensing requirements, among the objective criteria that the supervisor uses is that any new acquisitions and investments do not expose the bank to undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.45 The supervisor can prohibit banks from making major acquisitions/investments (including the establishment of cross-border banking operations) in countries with laws or regulations prohibiting information flows deemed necessary for adequate consolidated supervision. The supervisor takes into consideration the effectiveness of supervision in the host country and its own ability to exercise supervision on a consolidated basis.
Description and findings re EC3	In accordance with the requirements of Regulation 290-P, a bank projecting an acquisition must meet certain intrinsic pre-conditions. It must have been licensed and in operation for at least three years; it must meet the requirements (of financial soundness in particular) for participating in the deposit insurance system, and it must be in compliance with the reserve requirements of the CBR. The bank should not have any past-due financial obligations vis-à-vis the CBR and not to have debts with respect to the federal budget and the budget of the appropriate constituent entity of the Russian Federation among others. When reviewing the application for an approval, the CBR also takes into consideration external parameters like the economic feasibility of a bank’s plan to establish a subsidiary within a foreign state or to acquire the status of a parent company with respect to an existing nonresident financial institution. Such a plan is found to be economically sound if there are prospects for the long-term viability of the subsidiary as a financially stable institution. The CBR does not grant permission for the establishment of a subsidiary in states (territories) that have been classified as uncooperative jurisdictions from an AML/CFT perspective. The CBR can prohibit banks from making major acquisitions/investments (including the establishment of foreign branches or subsidiaries) in countries with secrecy laws or other regulations prohibiting information flows deemed necessary for adequate consolidated supervision. Nevertheless, a question still remains as to whether the CBR, before making its determination, takes into consideration the effectiveness of supervision in the host country and its own ability to exercise supervision on a consolidated basis. Lastly, the mission could not find any specific provision according to which the CBR also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.
EC4	The supervisor determines that the bank has, from the outset, adequate financial, managerial, and organizational resources to handle the acquisition/investment.
Description and findings re EC4	The notification to the CBR (by submitting an application) is the trigger for initializing the procedure for granting an approval for major acquisition in banks. According to the regulation, the CBR determines that the bank has adequate financial, managerial and organizational resources to handle the acquisition (see EC 1 above).
EC5	The supervisor is aware of the risks that non-banking activities can pose to a banking group and has the means to take action to mitigate those risks. The supervisor considers the ability of the bank to manage these risks prior to permitting investment in non-banking activities.
Description and findings re EC5	As indicated under EC1, acquisitions of banks in a non-financial company are not subject to supervisory approval. It is understood that CBR is now considering proposing to amendment the Banking Law whereby credit institutions would be required to obtain CBR approval for major acquisitions in domestic non-banks legal entities.
Assessment of Principle 7	Materially Non Compliant
	Foreign investments by Russian banks require prior approval by the CBR, when they lead to the establishment of a subsidiary abroad, or acquisition of the status of parent company of a nonresident entity. A domestic acquisition of shares in a bank above a 10 percent ownership requires prior CBR approval. Acquisitions of over one-percent share require ex-post notification to the CBR. However, the CBL does not establish requirements for banks to seek prior CBR approval when making domestic investments in nonbank financial institutions. As indicated in previous FSAPs, without such requirement the CBR is not able to measure the possible impact of acquisitions on a bank’s condition or to determine whether the acquisition will affect the transparency of the bank’s organizational structure and affect the ability of the CBR to supervise it. As a result, the previous rating assigned in 2011 to this CP cannot be upgraded. Recommendations: Require ex-ante CBR approval of acquisitions of domestic nonbank financial institutions. Subject major acquisitions in non-financial companies to enhanced CBR scrutiny, in particular with respect to the compliance with limits. Explore the possibility to set restrictions for major acquisitions in non-financial sectors deem to pose particular concern. Establish an explicit provision by which the supervisor determines, where appropriate, that new acquisitions and investments will not hinder effective implementation of corrective measures in the future, nor information flows deemed necessary for adequate consolidated supervision or the supervisor’s ability to exercise supervision on a consolidated basis. Subject any major acquisition to a formal follow up mechanism to ascertain that the new activities acquired do not expose the bank to undue risks.
Principle 8	Supervisory approach. An effective system of banking supervision requires the supervisor to develop and maintain a forward-looking assessment of the risk profile of individual banks and banking groups, proportionate to their systemic importance; identify, assess and address risks emanating from banks and the banking system as a whole; have a framework in place for early intervention; and have plans in place, in partnership with other relevant authorities, to take action to resolve banks in an orderly manner if they become non-viable.
Essential criteria
EC1	The supervisor uses a methodology for determining and assessing on an ongoing basis the nature, impact and scope of the risks: (a) which banks or banking groups are exposed to, including risks posed by entities in the wider group; and (b) which banks or banking groups present to the safety and soundness of the banking system The methodology addresses, among other things, the business focus, group structure, risk profile, internal control environment, and the resolvability of banks, and permits relevant comparisons between banks. The frequency and intensity of supervision of banks and banking groups reflect the outcome of this analysis.
Description and findings re EC1	The methodology for the supervisory assessment of banks’ activities is established by Ordinance 2005-U, which addresses the assessment of banks’ economic position (capital, asset quality, profitability, liquidity) as well as RM and internal audit systems by the CBR both for supervisory purposes and for assessing whether banks meet the deposit insurance system participation requirements (Ordinance 3277-U). According to Ordinance 2005-U, banks’ economic position is assessed using quantitative indicators on capital, assets, profitability, liquidity, interest rate risk, and concentration risk, and qualitative indicators with respect to RM and internal controls systems, strategic RM (“controlling strategic risk,” which includes business focus and development) and transparency of ownership structure. Banks’ compliance with prudential ratios, established by Instruction 139-I and whether any supervisory measures have been applied to the bank are also assessed. The AFSB system (see below) examines a bank’s condition based on a system of indicators in relation to volumes of business, asset quality, quality of capital, liquidity, earnings, and an identification of relationships between indicators, factors that influence the indicators and comparison with peer group and the banking system as a whole. Capital and profitability indicators are projected for the coming 12 months using trend analysis based on the previous two years of data with the aim of supporting a forward looking approach in order to identify problems at an early stage. Assessment and analysis of the banks using the methodology is performed quarterly and the indicators are monitored on a monthly basis – using monthly prudential data and the indicators are adjusted as necessary. This assessment generates a classification of the bank. The CBR uses an IT system software program—Analysis of Financial Condition of Banks (AFSB)—to perform the classification but the system permits supervisors to make adjustments to the inputs in order to reflect supervisory judgment. While the bank’s grading is refreshed on a quarterly basis it can be updated in the light of new information or data received within the period, including monthly reporting. The AFSB is available to all CBR territorial offices, facilitating peer group review and analysis. The assessors were able to view examples of the analysis based on the methodology and using the system. The methodology set out in Ordinance 2005-U creates a structured approach to scrutinizing the quality of internal controls, RM, strategy, ownership transparency and compensation practices. The extent to which the banks internal policies and procedures meet the standards and regulations set by the CBR is reflected in the methodology assessment, as are any inspection findings that reveal that a bank is not in compliance with its own policies or laws and regulations. For example, CG is monitored through review of documents and reports from the bank, including reports on steps taken to remedy any deficiencies notified to the bank in any previous onsite review. The classification, and any deficiencies identified by the supervisors, is reported to the bank’s CEO, who in turn is required to report the information to the bank’s Supervisory Board. The classifications used by the CBR in order to better differentiate its supervisory focus are as follows: Group 1–banks where no current difficulties have been identified; Group 2–banks where shortcomings, if not rectified, may lead to difficulties in the next 12 months. Group 2 banks are sub-divided into two subgroups; Group 3–banks where shortcomings, if not rectified, may lead to a situation threatening the interests of depositors and creditors over a 12-month period; Group 4–banks whose existing violations create an active threat to the interests of their depositors and creditors, and the elimination of which requires implementation of measures by the bank’s management bodies and shareholders); Group 5–banks whose present condition, if no measures are taken by the bank’s management bodies and (or) shareholders (partners), will lead grounds for the revocation of the bank’s license or bankruptcy prevention measures. More intensive oversight is exercised with respect to banks in classification groups 3–5, whose operations are more exposed to risks arising from defects in management systems and/or in internal bank systems. As part of an approach to differentiate the supervision of systemically important banks, the CBR has undertaken a number of initiatives: supervision of systemically important banks, identified based on their systemic importance in Russia-wide and also regional markets, has been transferred from the territorial offices to a central division at the CBR’s head office (SIBSD); and identifying banks of regional and federal significance (banks falling within the “second line” of supervision; CBR Order OD-819dsp), and ensuring that significant supervisory decisions are made with the participation of the CBR head office and management (Ordinance 3017-V of June 18, 2013, and Order OD-2043 of August 7, 2015). As of December 1, 2015, there were 740 banks in the Russian Federation, 10 of which are recognized as systemically important banks, and 140 of which are recognized as banks falling within the “second line” of supervision. SIBSD has been operational since October 2013 and currently supervises 15 banks, representing about two thirds of the assets and capital of the Russian banking sector. Ten of these banks are identified as systemically important banks under the CBR Ordinance 3737, which is based on the methodology published by the BCBS.
EC2	The supervisor has processes to understand the risk profile of banks and banking groups and employs a well-defined methodology to establish a forward-looking view of the profile. The nature of the supervisory work on each bank is based on the results of this analysis.
Description and findings re EC2	Supervisory functions are set out in Ordinance 3089-U. The objective of the offsite analytical work is to determine banks’ risk profile as well as the driving factors in the changes to risks and possible future trends over a one year projected horizon. Analysis is conducted in accordance with a set methodology which is executed by the Bank Financial Condition Analysis System (AFSB System) and as described in EC1. As also noted in EC1, analysis comprises a quarterly assessment of a bank’s compliance with required prudential ratios and an analysis of any change in the activity of the bank or its banking group. On a semi-annual basis there is a comprehensive analysis of the bank/banking group and the quality of the bank’s management. The analysis will, if appropriate, suggest changes to the supervisory plan taking a group wide perspective into account. As noted above, the analysis of the risk profile and risk drivers is “point in time” but it also has a forward looking aspect as 12-month projected values for capital and profitability are estimated (based on trend analysis and the previous two years’ data) and compared with current values. Where the actual and forecast value diverges beyond a specified threshold, this is a trigger for the CBR to undertake a closer analysis and examine the underlying factors at play. The CBR also operates an early warning system (EWS), based on indicator analysis, and which is described in its 2013 Letter 69-T on “Urgent measures of prompt supervision response.” The EWS approach examines a range of indicators, such as deposit growth, change in balance sheet structure using the AFSB system to calculate the indicators and flag cases where thresholds have been triggered, and prompt supervisory intervention is required. If the indicators set out in Letter 69-T are triggered the CBR is required to investigate the cause, obtain further explanation from the bank and initiate supervisory action as necessary. The AFSB system acts as a platform to generate, store, analyze and compare a range of data, information and reports on banks, facilitating peer group analysis, as well as analysis of an individual bank. For example, in addition to the analysis based on the methodology of 2005-U, the AFSB allows the supervisor to store all information on various aspects of the bank, whether internal administrative reporting, correspondence, external auditor reports (etc.). The AFSB also provides a database of information submitted by the bank in accordance with Ordinance 2181-U (February 9, 2009). The database also includes information on supervisory actions and responses. The frequency and target focus of inspections, consistent with Instruction 147-I, are determined through consideration of the risk profile, including sufficiency of capital adequacy, liquidity, volume of business and information on the banking group, as well as quality of management and controls of the bank. While every bank must be subject to an inspection at least every 24 months (Section 1.4), off-schedule inspections of banks are possible (Chapter 4) and can be triggered by violations of legislation and regulations or changes in the risk profile or condition of the bank as well as to check on the progress or completion of remedial actions required by the supervisor.
EC3	The supervisor assesses banks’ and banking groups’ compliance with prudential regulations and other legal requirements.
Description and findings re EC3	Under the CBL (Article 57.2) the CBR is required to assess a range of prudential standards including the quality of the RM, capital management and internal control systems of a bank, and its banking group, as well as the capital adequacy and liquidity of a bank. Should a bank fail to meet these standards, the CBR shall issue a direction to the bank. Ultimately, where prudential regulations have not been met, the CBR has the right to apply the corrective measures and sanctions set out in the CBL (Article 74), which are discussed more fully in CP11. The CBR uses both on and offsite approaches to assess the degree of compliance by banks with prudential regulations and legal requirements that are established in accordance with the CBL and the Federal Law on Banks and Banking Activity (BBAL). Banks’ reporting to the CBR and the findings from inspections are used in the supervisory assessments. One of the core purposes of a CBR inspection, as stated in Instruction 147-I, is for the supervisory authority to assess banks’ compliance with legal and regulatory requirements.
EC4	The supervisor takes the macroeconomic environment into account in its risk assessment of banks and banking groups. The supervisor also takes into account cross-sectoral developments, for example in non-bank financial institutions, through frequent contact with their regulators.
Description and findings re EC4	The macroeconomic context is taken into account through two main approaches. One is monitoring of risk indicators, including deeper analysis of and follow-up supervisory action with banks that contribute significantly to any negative trends. The CBR also undertakes banking sector stress testing on a quarterly basis for all operating banks. The results are published in the Report on the Development of the Banking Sector and Banking Supervision. Insights into the impact on banking and key trends in the banking sector are also examined in the CBR’s Financial Stability Report. The stress testing is further complemented by analytical work performed in respect of banks in which stress testing plays an important role in the RM system. Coordination with the non-bank financial regulators is achieved through internal procedures as, since September 2013, the CBR has been a unified single regulator for the financial markets. There is a practice of coordinated, simultaneous onsite inspections for the regulated financial entities in the banking groups, which facilitates the cross-sectoral dimension.
EC5	The supervisor, in conjunction with other relevant authorities, identifies, monitors, and assesses the build-up of risks, trends and concentrations within and across the banking system as a whole. This includes, among other things, banks’ problem assets and sources of liquidity (such as domestic and foreign currency funding conditions, and costs). The supervisor incorporates this analysis into its assessment of banks and banking groups and addresses proactively any serious threat to the stability of the banking system. The supervisor communicates any significant trends or emerging risks identified to banks and to other relevant authorities with responsibilities for financial system stability.
Description and findings re EC5	A system wide risk monitoring system based on banks’ reporting as well as wider sources of information has been created. The following risks are analyzed: corporate and retail credit risk, market risks, and liquidity risk. Analysis of the dynamics of banks’ capital adequacy is also performed. On the basis of the systematic analysis, banks with particular vulnerabilities are identified and additional supervisory work is done with these banks. With respect to credit risk, for example, trend analysis and scenario stress testing in the mortgage market are conducted. The sample of banks used for stress testing includes the largest banks, which account for approximately 79 percent of the loan debt in the mortgage lending segment. Analysis of systemic risks in the consumer lending segment is performed using a range of data, including reporting forms, survey data from retail banks, and materials provided by credit bureaus (National Bureau of Credit Histories (NBKI), Equifax). In 2016, there are plans to expand the model to incorporate the borrower’s income and regional location. Risk assessment in the corporate lending segment (not including nonfinancial corporations) uses banks’ reporting data, corporate sector reporting, and data obtained from direct company surveys. In 2016, a reporting form for individual operations will be introduced, which will allow for a more detailed assessment and forecasting of credit risks in the corporate sector. The CBR is represented on the National Council for Financial Stability, which also includes representatives of the Russian Federation MoF, the Russian Federation Ministry of Economic Development, the Deposit Insurance Agency State Corporation, the Executive Office of the President and members of the Russian Federation Government. The CBR provides the National Council for Financial Stability with consolidated data on systemic risks. Descriptions of the main direction of strategic policy (actions) of the CBR are provided to the Council. General information on the National Council to Maintain Financial Stability is publicly available and posted at: http://government.ru/department/271/.
EC6	Drawing on information provided by the bank and other national supervisors, the supervisor, in conjunction with the resolution authority, assesses the bank’s resolvability where appropriate, having regard to the bank’s risk profile and systemic importance. When bank-specific barriers to orderly resolution are identified, the supervisor requires, where necessary, banks to adopt appropriate measures, such as changes to business strategies, managerial, operational and ownership structures, and internal procedures. Any such measures take into account their effect on the soundness and stability of ongoing business.
Description and findings re EC6	At the present time all systematically important banks must develop and submit to the CBR financial stability recovery plans. The CBR has been receiving financial stability recovery plans from the systemic banks since 2013. However, the law does not yet require non-systemic banks to prepare and submit financial stability recovery plans. Non-systemic banks, at the demand of the CBR, must develop and submit recovery plans. Under the new legal regime for recovery and resolution, the CBR must issue regulations to address the design of recovery plans (form, content, deadlines for submission), a regulation setting out the methodology for the assessment of recovery plans by the CBR, and a regulation on the action plan of the CBR on resolution of the systemically important credit institutions (content, measures). Nevertheless, banks can develop and submit recovery plans to the CBR based on CBR Letter 193-T, even though the letter is not legally binding. As of January 1, 2016, 38 plans, including five prepared by the SIFIs, had already been submitted to the CBR. The CBR has already evaluated a number of these plans and issued recommendations for additional work on most plans. If a bank’s continuing viability is in doubt, the CBR has the right to demand a financial stability recovery plan (Article 189.10 of the Federal Law 127-FZ). Moreover, the CBR has the right to require a bank’s reorganization (Article 189.26 of the Federal Law 127-FZ). Furthermore, in the event of a threat to depositors or financial stability, the CBR is entitled to send to the DIA a proposal on its participation in taking measures aimed at preventing a bank’s bankruptcy (Article 189.47 of the Federal Law 127-FZ). However, the CBR’s powers to compel reorganization and restructure are predicated on the bank or banking group’s condition being a threat to its depositors or to financial stability. In other words, while a bank or banking group is in a stable and sound condition, and not, for example, being rated “doubtful” or “unsatisfactory” for the business plan, RM, and internal controls, or transparency of the ownership structure under the methodology of Ordinance 2005-U, or—in future when the provisions are fully in effect—failed to remedy deficiencies identified under Ordinance 3624-U, and is compliant with its supervisory and other legal norms, the CBR is limited to making only recommendations in relation to business strategies, managerial, operational and ownership structures, and internal procedures.
EC7	The supervisor has a clear framework or process for handling banks in times of stress, such that any decisions to require or undertake recovery or resolution actions are made in a timely manner.
Description and findings re EC7	Resolution and recovery matters are primarily governed by Federal Law 127-FZ. In particular, the law stipulates the grounds for the application of resolution (bankruptcy prevention) measures. Law 127-FZ establishes the sequence of actions for all the parties concerned—including both the authorities and the bank—should circumstances for resolution or rehabilitation arise. Under the law, the CBR has the authority to take a decision to send ARs of the CBR and DIA to examine a bank’s financial condition and prepare a joint report in order to support the decision making process on whether a proposal should be sent to the DIA regarding resolution measures. CBR Ordinance 3707-U establishes the procedures for the assessment of a Bank’s financial condition for the purpose of making a joint decision with the Deposit Insurance Agency on bank resolution. The CBR and DIA also share information on the existence of grounds indicating that a plan involving the DIA participation in resolution would be unsuccessful (Article 189.49, Clause 7, of Federal Law 127-FZ). In terms of the CBR’s own internal framework for dealing with banks at times of stress, any decision to examine a bank jointly with the DIA or to send the DIA a proposal for the DIA’s participation in resolution (implementing bankruptcy prevention measures or measures for settling a bank’s obligations) is taken by the CBR’s Banking Supervision Committee. Internal rules of procedure apply to the work of the BSC.
EC8	Where the supervisor becomes aware of bank-like activities being performed fully or partially outside the regulatory perimeter, the supervisor takes appropriate steps to draw the matter to the attention of the responsible authority. Where the supervisor becomes aware of banks restructuring their activities to avoid the regulatory perimeter, the supervisor takes appropriate steps to address this.
Description and findings re EC8	The CBR is a unified “mega regulator.” As such, in the view of the CBR, the potential for regulatory arbitrage opportunities to develop is limited and the CBR indicated that it had not had the occasion to intervene with banks that were restructuring their activities to avoid the regulatory perimeter. In terms of shadow banking, the CBR estimates that at the end of 2014, the shadow banking system represented less than 7 percent of financial system assets (approximately 10 percent GDP). More recent estimates are pending the adaptation of FSB monitoring techniques to the current Russian business environment. However, the CBR has clear powers to act. Under the BBAL (Article 4), should the CBR, in the course of its supervision, identify a potential entity that should be part of the banking group or bank holding company, it shall require the parent of the banking group or of the bank holding company and require compliance with the law (i.e., re-set the regulatory perimeter). In November 2015, the CBR, together with the Alliance for Financial Inclusion, hosted a conference on inclusion and shadow banking, noting that the CBR supported efforts of regulators and supervisors (following the FSB recommendation) to identify and monitor trends in shadow banking and advance proportionate regulations to address the risks to financial stability emerging outside the regular banking system while not inhibiting sustainable nonbank financing models that do not pose systemic risk.
Assessment of Principle 8	Largely Compliant
Comments	The CBR has developed its risk based approaches since the last assessment. An analytical methodology is applied to differentiate between banks with differing risk profiles and a dedicated department for systemic banks has been set up. The use of supervisory discretion has not, historically, been straightforward in the context of the Russian legal and regulatory system, but the approach articulated through Ordinance 2005-U creates a structured consideration of qualitative issues and appears to allow for the exercise of informed supervisory judgment based on documents the assessors were able to consider. The introduction of the supervisory review process (SREP) based on banks’ ICAAPs and integration with the risk assessment approach under Ordinance 2005-U is a further welcome evolution of a risk based supervisory approach. (Please see CP15 and 16 for more discussion of ICAAP and SREP). Where the CBR is less well advanced is in the field of resolution assessment and planning, although the CBR and indeed the banks themselves have by no means been inactive based on the early submission and evaluation of recovery plans prior to regulations being issued. Compliance with this principle is partly a matter of the remaining time needed to issue and implement outstanding regulations. However, the principle can only be met provided that the CBR ensures it assesses the resolvability and is able to require, where necessary, banks to adopt appropriate measures, such as changes to business strategies, managerial, operational, and ownership structures, and internal procedures. It is the assessors’ understanding that the CBR lacks the requisite power to require operational or institutional changes based on an assessment of the bank’s ability to recover. A legal amendment to ensure this power in place is important if the CBR is to be assessed as compliant with this CP in any future assessment. Shadow banking activities in the Russian financial sector appear to be low but not fully insignificant. A dependence on solo reporting using Russian rather than IFRS standards may encourage banks to move assets outside the prudential regulatory perimeter. It is therefore essential for the CBR to remain assiduous in using all forms of information available to it so that the potential for regulatory arbitrage does not arise. The CBR should not hesitate to use its powers under the BBAL (Article 4) if the need should arise. It would be important to ensure, when the CBR assesses the resolvability of a bank, that the CBR has the powers to require, where necessary, banks to adopt appropriate measures, such as changes to business strategies, managerial, operational, and ownership structures, and internal procedures.
Principle 9	Supervisory techniques and tools. The supervisor uses an appropriate range of techniques and tools to implement the supervisory approach and deploys supervisory resources on a proportionate basis, taking into account the risk profile and systemic importance of banks.
Essential criteria
EC1	The supervisor employs an appropriate mix of onsite46 and offsite47 supervision to evaluate the condition of banks and banking groups, their risk profile, internal control environment and the corrective measures necessary to address supervisory concerns. The specific mix between onsite and offsite supervision may be determined by the particular conditions and circumstances of the country and the bank. The supervisor regularly assesses the quality, effectiveness and integration of its onsite and offsite functions, and amends its approach, as needed.
Description and findings re EC1	The CBR supervises banks through a system of on and offsite supervisory techniques. Curator—offsite function The supervisory process is founded on the use of curators, a position established in 2007 (Regulation 310-P). The curators enable a single point of contact in the supervisory relationship and are appointed to perform the CBR’s oversight functions. All banks have an appointed curator and while a curator may have responsibility for more than one bank, it is recommended that an individual curator have the responsibility for all the banks within a single banking group to support the overall quality of oversight of the group. The curator’s main role is to exercise professional judgment, in a forward looking manner, on the condition of the bank he or she is responsible for, using all information obtained through the supervisory process. Deficiencies in the bank and potential supervisory solutions and remedies are proposed by the curator with the aim of achieving early intervention, though it should be noted that the curator does not possess delegated powers of decision making. The curator is also responsible for proposing the scope of onsite inspections and for drawing up any supervisory action plan. A Methodological Guide (a so-called curator’s handbook) has been prepared and covers issues relating to the collection and systematization of information on banks as well as analysis and assessment of quantitative aspects of financial soundness as well as qualitative issues around management and internal controls. Authorized representatives The CBR has the power to appoint an “authorised representative” to major institutions—defined as having assets equal to or greater than 50 billion rubles or retail (public) deposits equal to or greater than 10 billion rubles—or to banks that have received financial support. The purpose of authorised representatives is to allow the CBR access to real time information to facilitate timely supervsiory action. The CBR authorised representatives have wide ranging rights of access to the banks, including the right to obesrve (no voting power) the meetings of banks’ management bodies, as well as meetings of the credit risk committee and asset liability committes (ALCO), and all documents and records relating to the activity of the bank, including compensation packages for the executive management and boards. At the time of the assessment mission, the CBR has appointed authorised representatives to 158 banks, including to all banks of national or regional significance. The role of “authorized representative” is set out in Article 76 of the CBL and the procedures for appointment, performance of functions, and termination of role is further articulated through a number of ordinances, namely: Ordinance 2182-U; Ordinance 2181-U, and Ordinance 3057-U. The ordinances do not require the rotation of individuals who serve as an “AR.” It should be noted that the inspectors of the CBR are also termed “ARs” in the CBL, in Article 73, but the two functions are not the same. The assessors were able to review some examples of instruction mandates given to ARs, as well as reports submitted to the CBR by the representatives, which were informative, analytical and timely. Inspections The offsite analysis is complemented and informed by the work of the Chief Inspectorate. Following reforms, all inspectors of the CBR have been consolidated within the Chief Inspectorate rather than being part of the CBR territorial branch network. The CBR can carry out three kinds of inspections: comprehensive, thematic, and specialized (Section 1.4); however, coordination processes are set out (Section 3.1). Inspections can be either scheduled or unscheduled but frequency of inspections must be at least every 24 months (Instruction 147-I, Section 1.4). The ratio of unscheduled to total inspections is approximately one-third, which is consistent with the ratio at the time of the last full BCP assessment in 2008. For example, in 2014 there were 817 inspections, of which 266 were unscheduled. In terms of intensity, the range between the more targeted inspections and the full scope examinations is from two weeks to six months. The periodicity and scope of inspections are determined by taking into account: the financial condition and future outlook of the institution; the institution’s exposure to risks, and quality of management, which may include an evaluation of the RM system and the status of internal control; the reliability of accounting (reporting); and the results of previous inspections. The main objective of the CBR inspection is to determine the level of risks and evaluate the quality of management, including an evaluation of RM and internal controls as well as to evaluate the financial stability, economic position, and financial condition of the institution and its future outlook. (See Section 1.3 of Instruction 147-I.) The assessors were not able, owing to time constraints, to view many inspection reports. However, the reports that were viewed supported the description given by the CBR. In the reports seen by the assessors, careful attention had been paid to the institution’s adherence to its control environment, its adherence to regulations and laws, and the inspection focused thoroughly on the issues contained in the specific inspection mandate. Supervisory themes that have informed the scoping of inspections in the past couple of years include concentration risk and AML/CFT. Recent trends have also included the move to a greater use of coordinated inspections across an institution (and its branches) and financial groups. Concerns with asset quality and the need for banks to adhere to regulations are a constant theme.
EC2	The supervisor has a coherent process for planning and executing onsite and offsite activities. There are policies and processes to ensure that such activities are conducted on a thorough and consistent basis with clear responsibilities, objectives and outputs, and that there is effective coordination and information sharing between the onsite and offsite functions.
Description and findings re EC2	The Chief Inspectorate coordinates with other departments (e.g., SIBSD) in the CBR and the territorial offices in designing the overall inspection program for the year. Inspections are planned on an annual basis and managed through a “Summary Plan,” and a monitoring system is in place to ensure the relevance and timeliness of inspections. Instruction 149-I sets out the rubric for inspections, including the scoping and coordination processes. Planning procedures, for example, including for unscheduled inspections, are found in Chapters 2–4, and cooperation procedures for the “interregional” inspectorates are in Chapters 6–7. The scoping of the inspection is determined based on proposals made by the territorial offices but the final decision rests with the Chief Inspectorate (usually on a mutual consent basis). Scoping proposals and inspection decisions take into account the priority themes that have been set for the year by the Chief Inspectorate. In turn, these themes take into account inputs from the divisions responsible for supervision of systemic banks, licensing, and financial markets so that the inspection plan is responsive to current and emerging risks and vulnerabilities. Responsibility for monitoring the continuing need for an inspection and the relevance of the terms of reference lies with the territorial offices and SIBSD (i.e., offsite function), and this is complemented by a dedicated monitoring section within the Chief Inspectorate Division to ensure that the Summary Plan is progressing. Amendments to the CBR inspection plan are made as necessary (Instruction 149-I, Section 3.1). Monitoring of inspections is governed by procedures set out in Ordinance 3017-U and other internal documents. The monitoring of inspections entails the timely sharing of information between the onsite and offsite functions including the interim findings of an inspection, for the purpose of: guiding the inspection subdivisions in identifying the most problematic areas; and informing offsite supervisory subdivisions about violations and deficiencies to allow for the possibility of the timely adoption of supervisory decisions (if needed) before the completion of an inspection (e.g., arranging a meeting of onsite and offsite with or without inspected bank). At the close of an inspection, the findings are submitted to the offsite teams, who make decisions on whether supervisory measures are needed or whether further inspections may be needed.
EC3	The supervisor uses a variety of information to regularly review and assess the safety and soundness of banks, the evaluation of material risks, and the identification of necessary corrective actions and supervisory actions. This includes information, such as prudential reports, statistical returns, information on a bank’s related entities, and publicly available information. The supervisor determines that information provided by banks is reliable48 and obtains, as necessary, additional information on the banks and their related entities.
Description and findings re EC3	The principal task of the curators/offsite based supervision is to identify possible problems at the earliest stage, using all sources of information, and initiate supervisory action as appropriate. Offsite supervision constitutes the regular analysis and evaluation of reporting data, findings of inspections, and other relevant information. For banks where an AR has been appointed, there is a direct conduit of up to date information flowing to the curator and the assessors (as noted in EC1) were able to review some samples of this. Analysis seeks to identify any areas of elevated risk and deficiencies (violations). In the event of negative findings, the CBR will issue either an advisory letter or a formal order containing requirements for amendments by the institution. The principal sources of information used by the CBR are the reporting forms and financial statements from the supervised institution. Wider sources are also used, including open databases, official information resources of federal government authorities, including the Russian Federation Federal Tax Service, data from arbitration courts, the press, data from the CBR settlement network on payments, as well as information from supervisory authorities of foreign states. In a number of cases, reliability is ensured through cooperation with various institutions and control and supervisory bodies. The assessors noted that analytical documents prepared by the offsite supervisors routinely note the information sources used to support the descriptions, comments, and judgment. The CBR conducts regular analysis and assessment of the supervised institutions, taking into account the following information: composition of the banking group, information about the stockholders (partners) of group and banking entities within the group as well as affiliates, including data on their state registration and banking licenses; corporate and governance structures of the banking group and its entities (notably including information on the entities that provide risk and capital management systems, and internal controls); business plans and strategies; information on business models used in the group, and information on related business plans of banks within the banking group; internal documents such as the rules, regulations, ordinances, decisions, orders, methodologies, job descriptions from the banking group; consolidated financial statements and other information as specified by the CBR BoD; risk exposures; procedures for risk assessment and management; the results of internal procedures for evaluating capital adequacy, as well as reporting by major participants in the banking group and other information about the activities of major participants in the banking group; recovery and resolution plans of the banking group and the banking entities within it (where these exist); and other documents (information) concerning the banking group’s activities may be obtained through the supervisory process, such as auditor’s opinions regarding the accounting (financial) statements; press; rating agencies and other external sources. The CBR obtains its assurance of the reliability of information submitted by banks through its onsite inspections. Indeed, one of the principal objectives of bank inspections, as laid out in the general provisions of Instruction 147-I (Section 1.3) is to evaluate the reliability of the accounting (reporting) by a bank. Conclusions on the reliability of a bank’s accounting (reporting) are included in the final inspection report (Instruction 147-I, Section 7.5.2 and Section 1.12). Inspection procedures in respect of examining the reliability of reporting are covered in CBR Letter 77-T. The inspection team has extensive rights to request and obtain information in order to confirm and verify documents of the bank under inspection. This includes the right to request information from a range of individuals and entities that have contractual relationships with the bank. These include, the shareholders (partners), the customers and correspondents of the bank; banking payment agents and operators of payment infrastructure services (other than banks) used by the bank. (See Instruction 147-I, Section 2.7 and Annex 5) Also, information can be obtained from the following (See Instruction 147-I, Section 2.8 and Annex 5): other banks that are not customers and correspondents of the bank under inspection, at which accounts of customers and correspondents of the inspected bank are or were held; from banks participating in a payment system operated by the bank under inspection and/or which have been contracted by the bank as operators of payment infrastructure services; and from federal executive government bodies of the Russian Federation and law enforcement authorities. The inspection reports reviewed by the assessors illustrated a systematic and thorough approach capable of identifying, among other things and when relevant, issues of misreporting, misclassification, and miscalculations that would allow the offsite teams to determine whether a bank’s reporting could be relied upon or whether supervisory measures might be called for.
EC4	The supervisor uses a variety of tools to regularly review and assess the safety and soundness of banks and the banking system, such as: (a) analysis of financial statements and accounts; (b) business model analysis; (c) horizontal peer reviews; (d) review of the outcome of stress tests undertaken by the bank; and (e) analysis of CG, including RM and internal control systems. The supervisor communicates its findings to the bank as appropriate and requires the bank to take action to mitigate any particular vulnerabilities that have the potential to affect its safety and soundness. The supervisor uses its analysis to determine follow-up work required, if any.
Description and findings re EC4	Analysis of financial statements and accounts For the purposes of evaluating a bank’s financial condition, the CBR has developed a formal Methodology for Analysis of a Bank’s Financial Condition. This is discussed in more detail in CP8. However, the approach is based on an assessment of risks regulated by the CBR, and aimed at the performance of a comprehensive analysis of a bank’s financial condition on the basis of reporting, as well as other sources of official information about its activities. Summary analyses, as viewed by the assessors, can thus be prepared based on the use of this methodology, permitting a concise overview of an institution. As noted below, this methodology is not limited only to financial and quantitative elements. Also it is required for Curators to assess and analyze the annual reports and accounts (Regulation 310-P, Section 2.5). Business model analysis The methodology set out in 2005-U includes an assessment of the management of strategy within an institution (Annex 5). The curator’s handbook provides further guidance on how to evaluate strategy and business model, but this aspect of supervision is expected to be enhanced once the CBR starts to undertake the supervisory review process of the ICAAPs (i.e., the SREP). Nevertheless, SIBSD routinely requests the business plans and strategies for the purposes of assessing strategic risk using the 2005-U methodology. Also, the quality of the business plan (and the state of RM and internal control) is assessed within the Ordinance 3277-U for compliance with the terms of the credit institution’s participation in the deposit insurance system. Horizontal peer reviews The ASFB system provides all curators with the ability to interrogate the data base in order to undertake peer group analysis. It is standard practice of analysis for curators to assess banks against peer groups (regional, business type, etc.) and to identify outliers who may require more intensive scrutiny. Review of the outcome of stress tests undertaken by the bank Again, the methodology in Ordinance 2005-U assists a structured examination of a bank’s stress testing processes (Annex 6). The methodology seeks to ascertain that banks have put stress testing procedures in place and in evaluating this question, the CBR considers whether the stress tests are comprehensive, that is, whether they cover the principal risks inherent in the bank’s activities (credit, market, and interest rate risk; the risk of loss of liquidity; and operational and other risks associated with a bank’s activities). Furthermore, Ordinance 3624-U, which is not yet in force for all institutions, sets requirements for stress testing for significant risks and capital adequacy. Greater focus on the effectiveness of the banks’ stress testing will be introduced through the SREP process, which has not yet—formally—taken place for any bank (i.e., the first formal ICAAP submission is not until January 2017). Informally, however, ICAAPs have been submitted and the CBR has been able to consider and provide feedback on them. Analysis of CG, including RM and internal control systems Evaluation of CG is chiefly carried out through the prism of analysis of RM and internal control systems, which are also covered by the methodology, set out in Ordinance 2005-U, (Annexes 6 and 7). The CBR is concerned to ensure that the board is performing an active oversight function and places heavy emphasis on a bank drawing up an adequate quality of internal governance documents and abiding by them. In the view of the CBR, such internal documents carry almost as much significance as the bank’s Charter. Changes to such documents and any indirect evidence that controls and RM have weakened are taken as indications that CG has flaws. At a minimum on an annual basis, changes to control and governance procedures are documented so that inspectors can perform checks, but a review of RM, control, and governance is carried out on a quarterly basis in any case. Further information in the inspection and evaluation of the organization of internal control and RM is included in CBR Letters 47-T and 26-T. The results of an assessment performed by the CBR are communicated to the bank, and this includes information provided for the purpose of eliminating deficiencies and violations that have been identified. The findings of the offsite analysis in any case inform the scoping and terms of reference of the onsite inspections. Major deficiencies would result in an unscheduled inspection being organized. The assessors saw instances where such unscheduled inspections had been requested for this reason.
EC5	The supervisor, in conjunction with other relevant authorities, seeks to identify, assess and mitigate any emerging risks across banks and to the banking system as a whole, potentially including conducting supervisory stress tests (on individual banks or system-wide). The supervisor communicates its findings as appropriate to either banks or the industry and requires banks to take action to mitigate any particular vulnerabilities that have the potential to affect the stability of the banking system, where appropriate. The supervisor uses its analysis to determine follow-up work required, if any.
Description and findings re EC5	The CBR conducts a top-down, quarterly stress test for the banking sector with the objective of assessing systemic stability as well as assessing individual bank’s vulnerabilities to stress. The stress test results are used in the supervisor work of the CBR as an additional input. Thematic meetings are held with banks to discuss results and to provide recommendation. In 2014, for example, there was a series of meetings in respect of credit exposures to individuals.
EC6	The supervisor evaluates the work of the bank’s internal audit function, and determines whether, and to what extent, it may rely on the internal auditors’ work to identify areas of potential risk.
Description and findings re EC6	A bank’s internal control function is assessed as part of the framework of an evaluation of a bank’s economic position in accordance with CBR Ordinance 2005-U (PU5). The assessment takes place on a quarterly basis. The methodology for assessing the PU5 indicator is based on prevailing laws and regulations including Regulation 242-P and the relevant BCBS guidelines. Please see also CP26. The evaluation of internal control (PU5) is based on an assessment of the responses to questions in Annex 7 Ordinance 2005-U. These questions permit, inter alia, an evaluation of a bank’s internal documents governing the rules for the organization of an internal control system, including AML/CFT measures; a bank’s compliance with these rules; the effectiveness of the functioning of a bank’s internal control system (complete oversight of all of the areas of a bank’s activities); the role of a bank’s BoD (supervisory board) in overseeing the activities of the internal control function; organization of a bank’s AML/CFT efforts and the level of their effectiveness; a bank’s compliance with the legislation and regulatory acts of the CBR; as well as efforts to eliminate violations that are identified. As with the other indicators assessed under Ordinance 2005-U, responses to the questions are evaluated according to a four-point scale, and the PU5 score is the weighted-average value of the individual question scores. To illustrate the scale, a bank’s accounting and/or reporting are found to be unreliable (scoring 4) if it fails to comply with federal laws, standards, and rules established by the CBR, and the bank’s own accounting policy. A bank is also deemed unsatisfactory if deficiencies or errors have a significant impact on an assessment of its economic position, namely an impact on any one of the key quantitative indicators of the assessment of capital, assets, profitability, and liquidity, which would result in the assignment of an “unsatisfactory” rating to the overall result for the group as a whole, and/or to noncompliance with even one of the required ratios. Questions related to the effectiveness of the functioning of the internal control system are also examined in the course of the CBR’s inspections. The purpose of an inspection on the organization of internal control at a bank is to evaluate: the bank’s compliance with Regulation 242-P of December 16, 2003, on the Organization of Internal Control at Banks and in Banking Groups (this includes, for example, coverage, independence, and use of appropriate methodologies); the accuracy of reporting and other information submitted to the CBR regarding internal control at the bank; and the consistency of the organization of internal control with the nature, scale, and conditions of the bank’s operations. The CBR uses the Methodological Recommendations for the Review and Evaluation of the Organization of Internal Control at Banks (CBR Letter 47-T of March 24, 2005) when conducting its inspections.
EC7	The supervisor maintains sufficiently frequent contacts as appropriate with the bank’s board, non-executive board members and senior and middle management (including heads of individual business units and control functions) to develop an understanding of and assess matters such as strategy, group structure, CG, performance, capital adequacy, liquidity, asset quality, RM systems, and internal controls. Where necessary, the supervisor challenges the bank’s board and senior management on the assumptions made in setting strategies and business models.
Description and findings re EC7	The CBR holds meetings, typically annually, with the board, executive management, and also shareholders to evaluate CG and business strategy, as well as to discuss weaknesses and vulnerabilities in the bank. Meetings can also be held with the executive management or board during the course of an inspection if the head of the inspection team deems it to be necessary. This is in addition to any meetings that are held to communicate the preliminary findings of the inspection (See EC8 and Instruction 147-I Chapter 5, Section 5.4). Effective cooperation with a bank’s management is supported by the introduction of the curators, and for the banks that are systemic or weak, the presence of the ARs of the CBR. The curators operate in accordance with CBR Regulation 310-P, and ARs of the CBR are appointed to work with banks in accordance with CBR Ordinance 2182-U and CBR Ordinance 3057-U. The CBR maintains contact with the supervised banks (following Ordinance 3089-U of October 25, 2013, on the Procedure for the Supervision of Banking Groups, Section 2.7) at multiple levels including the management bodies of the consolidated banking group (including chairman, chief executive, members of the board) and key responsible managers within the bank, such as chief risk officer (CRO). The chief objective of such contact is to communicate the CBR’s assessment of any deficiencies identified in the bank, including any breaches of levels of risk that have been set by the CBR within the group or individual group entities. The frequency and extent of contact is determined by the responsible supervisory unit within the CBR and reflects the CBR’s assessment of the bank’s risk profile and potential impact of the bank on the financial system. However, in practice the CBR aims, both in its regional offices and SIBSD, to maintain continuous contact with the supervised institutions’ management bodies. Daily contact is normal practice for institutions in SIBSD.
EC8	The supervisor communicates to the bank the findings of its on- and offsite supervisory analyses in a timely manner by means of written reports or through discussions or meetings with the bank’s management. The supervisor meets with the bank’s senior management and the board to discuss the results of supervisory examinations and the external audits, as appropriate. The supervisor also meets separately with the bank’s independent board members, as necessary.
Description and findings re EC8	It is required for the CBR to inform the bank of the category to which the bank has been assigned using the methodology from Ordinance 2005-U. In future, when ICAAPs are assessed, the findings and outcome of the evaluation will also be communicated to the bank on a mandatory basis. The information is sent to the CEO, who is required to share this information with the board. Further, as a result of the ongoing assessment and analysis of the bank by the curator, any deficiencies and weaknesses and failures to meet the CBR regulations and standards that have been identified are notified to the bank (also with the requirement that the information must be shared with the board). Other information that is notified to the bank includes whether the CBR has established a supervisory team to focus on the banking group of which the bank is a member. In particular, representatives of the banking group (the manager, chairman, and/or members of the BoD (supervisory board) of the principal bank of the banking group, and key individuals from the wider banking group) may be invited to attend an annual meeting of the CBR supervisory group for the banking group. This meeting is to discuss the activities of the banking group, its risk profile, as well as a supervisory action plan. The findings of an inspection must be communicated to a bank in writing. However, it is not obligatory for an inspection to convene a closing meeting to deliver the conclusions of the inspection. Communication of the findings of an inspection to a bank must be done in writing and the bank must, in writing, acknowledge receipt of the report. The bank has 5 business days to make the acknowledgement (or 10 if it is a larger institution). The bank is not asked to confirm agreement with the substance of the findings, only acknowledgement of receipt, but is given a formal period (which is the same 5–10 business days) in which it can dispute the findings or provide evidence that errors have been made (i.e., objections to inspection results). These objections are taken into account when CBR makes decisions on supervisory measures. If necessary, a meeting can be arranged with the bank to discuss its objections (Instruction 147-I, Sections 9.2–9.3). However, the bank may provide objections to the inspection results later. For its part, the CBR is subject to a formal deadline to make decisions on supervisory measures. If, therefore, the bank chooses to submit further information or evidence of changes that it has made, then the CBR may tailor its measures and sanctions accordingly.
EC9	The supervisor undertakes appropriate and timely follow-up to check that banks have addressed supervisory concerns or implemented requirements communicated to them. This includes early escalation to the appropriate level of the supervisory authority and to the bank’s board if action points are not addressed in an adequate or timely manner.
Description and findings re EC9	The CBR communicates clear deadlines for the elimination of any deficiencies when it issues orders to banks. The assessment team was able to examine a number of examples of letters issued to banks with the deficiencies and follow up requirements clearly delineated. In face of persistent violations, the CBR escalates its supervisory procedures, including fines or, in more severe cases, may include restrictions and prohibitions are put into place. As also discussed in CP11, management failure to cooperate, or significant errors and risks in the bank’s operation, may lead to the CBR using its power to replace officials in the bank or restrict compensation packages (CBL, Article 60). As noted above, it is part of the protocol of the CBR to organize unscheduled inspections of banks (see Instruction 149-I, Sections 4.1 and 4.3) when there is information indicating that banks have not complied with orders issued by the CBR, or where there is a need to verify the successful compliance by banks with obligations they have assumed including, any obligations to implement action plans for the financial recovery of the banks, or to review a bank’s implementation of measures to prevent insolvency (bankruptcy) based on the issues established under item 4.2 of CBR Ordinance 1650-U.
EC10	The supervisor requires banks to notify it in advance of any substantive changes in their activities, structure and overall condition, or as soon as they become aware of any material adverse developments, including breach of legal or prudential requirements.
Description and findings re EC10	The CBR does not have a specific requirement that creates a general obligation on banks to provide advance notification of changes and material adverse developments. There is a specific requirement in relation to liquidity risk (LCR) if a bank is likely to fall below the required threshold. It may be noted that the regulatory system places an onus on timely ex post notification to the supervisor. The CBR noted that it was, in practical terms, in a bank’s interest to provide an early notification of difficulties to the supervisor, and broadly this was their experience. The CBR has a number of regulatory requirements concerning information on certain types of substantive changes in the activities, structure, and overall condition of a bank, particularly those related to reorganization and expansion of the range of banking operations performed, by virtue of the need to obtain a permit (license) from the CBR for said changes. In particular, the CBR requires immediate notification of a change in the composition of a banking group. Banks also provide monthly information on whether they have any violations of prudential standards (Form 0409135—information on required ratios and other indicators of a bank’s activities, which is submitted in accordance with CBR Ordinance 2332-U, indicating the numerical values of the standards that have been violated and the dates of the month on which they were violated). The CBR notes that in order to avoid the application of supervisory measures, banks provide timely notification of violations and the reasons for them frequently as part of a request not to apply enforcement measures. In addition, the CBR has the ability to identify substantive changes through a number of methods. For example, banks’ activities are monitored through reporting, and many banks are subject to daily reporting requirements. Information is also provided, for example, by the AR of the CBR, who has access to meetings of the bank’s board.
EC11	The supervisor may make use of independent third parties, such as auditors, provided there is a clear and detailed mandate for the work. However, the supervisor cannot outsource its prudential responsibilities to third parties. When using third parties, the supervisor assesses whether the output can be relied upon to the degree intended and takes into consideration the biases that may influence third parties.
Description and findings re EC11	Inspections (audits both scheduled and unscheduled) may also be performed by auditing firms on instructions from the CBR BoD (CBL, Article 73) and Regulation 442-P sets the procedure for selecting the audit firms (Regulation 442-P of November 30, 2014, on the Procedure for the Selection of Auditing Firms of the Performance of Audits of Banks (their Branches) on Instructions from the BoD of the CBR). Regulation 442-P sets out the criteria an audit firm must meet in order to be hired, and as a condition of hiring, the audit firm must meet these criteria throughout the duration of the inspection and review process (Regulation 442-P, Section 2.1 (or 2.2), 3.2, and 6.2). Inspections conducted by audit firms follow Instruction 147-I and take into account Ordinance 3463-U which establishes, among other things, the rights, responsibilities, and liability of the head and members of a group of auditors. As noted in CP10 EC 11, the power to use such experts has not yet been exercised.
EC12	The supervisor has an adequate information system which facilitates the processing, monitoring and analysis of prudential information. The system aids the identification of areas requiring follow-up action.
Description and findings re EC12	The CBR’s key information system is the “reporting automated workstation,” which is used by specialists in supervisory subdivisions of the CBR to access banks’ reporting data. The offsite supervisory function of the regional offices of the CBR perform a monthly analysis of the current financial condition of banks. The analysis is performed in accordance with the recommendations (methodology) for the analysis of the financial condition of a bank, which are (is) carried out using the AFSB System software. (Please see EC4 above.). The AFSB System is used for the processing of prudential reporting data and for the monitoring of changes in a bank’s financial condition through an analysis of trends in indicators describing the financial condition of banks, and also through the forecasting of their condition up to one year in advance. The main purpose of analyzing the financial condition of banks is to determine a bank’s exposure to various risks at the time that the analysis is performed, and to determine factors affecting a change in the nature of the risks assumed. Based on the results of an analysis, areas of elevated risk are identified, along with deficiencies and problems in the activities of banks that require the adoption of corrective measures on the part of the CBR. The CBR has developed and is continuing to improve the system for the Analysis of the Effectiveness of Supervisory Activities (AEND), which provides for the monitoring of the timeliness and adequacy of the principal supervisory actions taken by the dedicated supervisor for a bank.
Assessment of Principle 9	Largely Compliant
Comments	The CBR has developed a careful and scrupulous system of supervisory techniques, integrating on-and offsite approaches. Many of the risk principles of the BCP rely on whether the supervisor actively determines the quality of the banks’ practices. The Chief Inspectorate, supplemented by the AR where one is appointed, fulfils this function, and the assessors consider this to be the case. Existing practices largely meet the terms of the principle but, as the CBR matures and develops its experience with risk based supervision, there are some areas, in relation to the nature of communication and flexibility in the system as discussed in the paragraphs below, which merit attention to ensure that future practices remain as effective as necessary. There is no general obligation upon for banks to notify the CBR in advance of any substantive changes or of material adverse developments (EC10). Notification requirements, with some specific exceptions (e.g., LCR), are retrospective. By introducing this notification requirement, the CBR will be able to signal to banks that the responsibility for information exchange should be pro-active and not only focused on a backwards looking reporting regime, or investigations that the Chief Inspectorate conduct. The burden should not be solely upon the CBR to “find out” but also there should be some responsibility for the bank to “volunteer” and actively provide information. In terms of obtaining information from banks the CBR is, indeed, well placed owing to the work and insights of its offsite curators, its Inspectorate, and the role of ARs. This view is supported by the assessors’ consideration of documents the CBR made available. Roles, responsibilities, and processes are very clearly articulated through a number of CBR instructions and also made very transparent to the banks. The CBR should, though, consider rotation practices for the individuals serving as ARs. There are also two aspects of communication to banks that could be given more consideration. The CBR has multiple levels of contacts with firms and seeks, in general terms, to be transparent in communicating its expectations. Nevertheless, at a senior level, the CBR may wish to build on the recommendations of the FSB and reinforce the priority messages of supervisory concern, particularly with the systemic institutions, with the board (supervisory board). Numerous jurisdictions have found the contact between the most senior supervisors and the board to be one of the most effective modes of delivering a message and achieving the desired response and remedy from the bank. Greater contact with the boards may also foster the understanding that both the CBR and the banking sector should have a common interest in improved risk identification and RM. At a more operational level, meetings between inspection teams and the management or board of a bank are possible but not necessarily routine. A bank will receive a written report and requirement to remedy deficiencies and may provide objections to the written report, but requirements may already have been issued to the bank at this time, as the CBR has a deadline to issue its requirements to the bank based on the inspection. Meetings to discuss the findings with the institution are not, however, mandatory. This process emphasizes the importance of conforming with requirements but has less scope for dialogue and communication with the bank. In an increasingly risk based environment, it is therefore possible that the banks will comply with direct requirements but the banks’ understanding of the deeper risks and issues that are leading to deficiencies and violations may be weaker or may not be achieved. It is advisable for meetings with banks, for example, to be seen as routine even by the inspectorate, rather than a more exceptional “as necessary” event. In relation to flexibility, the assessors appreciate that it is important in the Russian system for there to be clear and formalized processes. For example, the overall inspection system is orderly and very well planned, supported by very explicit instructions in 149-I (and as noted in EC2, for example). As a general point, highly formalized systems can sometimes find it more difficult to respond to fast moving situations. The practical challenge, therefore, is to ensure that when critical issues are identified, they must be communicated and then escalated quickly and, if necessary, changes to supervisory actions are rapid. It is not clear to the assessors that present arrangements maximize the CBR’s ability to respond swiftly and nimbly to deficiencies or vulnerabilities that could deteriorate into violations or major future deficiencies. In the context of a supervisory system that is evolving further into the risk based approach and seeking to be more forward looking, it is worth, as a standard practice, reviewing existing protocols and regulations with a view to ensuring they not only permit but actively support sufficient flexibility and, in particular, timeliness for the CBR to act.
Principle 10	Supervisory reporting. The supervisor collects, reviews, and analyzes prudential reports and statistical returns49 from banks on both a solo and a consolidated basis, and independently verifies these reports through either onsite examinations or use of external experts.
Essential criteria
EC1	The supervisor has the power50 to require banks to submit information, on both a solo and a consolidated basis, on their financial condition, performance, and risks, on demand and at regular intervals. These reports provide information such as on- and off-balance sheet assets and liabilities, profit and loss, capital adequacy, liquidity, large exposures, risk concentrations (including by economic sector, geography, and currency), asset quality, loan loss provisioning, related party transactions, interest rate risk, and market risk.
Description and findings re EC1	The CBR has the power under the CBL (Articles 4 and 57) to perform banking supervision of the activities of banks on both a solo and a consolidated basis, namely: to establish rules for the performance of banking operations by banks and banking groups, for accounting, for the organization of internal control, for the compilation and submission of reporting, and for the calculation of equity (capital) and required ratios; and also to monitor compliance with the established rules and to take enforcement action as needed for violations that are identified. On the basis of Article 57, Ordinance 2332-U governs all reporting issues—including templates and instructions. A wide range of reporting forms for the purposes of supervision on a solo and a consolidated basis: the accounting balance sheet: full working register of accounts in a bank’s accounting system, which contains information about on- and off-balance-sheet assets and liabilities and sources of equity; financial performance, which contains detailed information about a bank’s income and expenditures; quality of assets, including, information about reserves that have been created for possible losses on loans and claims for interest income receivable; securities held, including the structure of a bank’s securities portfolios, the currency of their issue, the state registration numbers of issues, the volume of securities, the value, and the size of reserves created for possible losses; large exposures, including the 30 largest loans to non-bank legal entities and also including information about the borrower, and details on the loan such as purpose, interest rate, the date of issue, the maturity, the existence of any restructuring, the volume and duration of arrears, and the value of collateral; concentration of credit risk, including concentration of credit risk assumed by banks with respect to borrowers (groups of related borrowers), as well as parties related to the bank. This information is submitted on both h a solo and a consolidated basis for the purpose of the assessment of risks assumed by a group’s participants); liquidity coverage ratio (LCR, Basel III), including the LCR and other liquidity risk monitoring instruments; calculation of equity (Basel III), including information about the sources of base, supplementary, and additional capital, as well as sources excluded from this group; information on required ratios and other indicators of a bank’s performance, including information on compliance with banks’ required ratios and about indicators for calculating the amount of interest rate, stock, market, and FX risks; information on assets and liabilities by the time remaining to the demand date and maturity and including information about a bank’s liquidity position; interest rate risk, based on a gap analysis and containing, among other things, information about on- and off-balance-sheet instruments that are sensitive to a change in interest rates; information on contingent liabilities and derivatives; information on major depositors, includes concentration of a bank’s liabilities to depositors, the aggregate amount of liabilities to whom represents 10 percent or more of the bank’s total liabilities; information on funds placed and attracted, including sectoral, geographical and currency breakdown. report on open FX positions, including information on the FX risk assumed by a bank and a banking group with regard to the same set of participants for which a consolidated balance sheet is compiled; information on internal controls, including documents governing the functions of a bank’s internal control system and information about the internal control function; report on the entities in the banking group, including information on all of the legal entities (engaged in financial and nonfinancial activities, including nonresidents) that are controlled by the bank or over whose activities the bank has a significant influence, regardless of the inclusion of their reporting data in other consolidated prudential reporting, including information about the control methods, the size of investments in the statutory capital of other legal entities and the types of activities of the investees; information about securities issued by participants in a banking group and held by a bank and/or participants in a banking group; as well as information about investments by participants in a banking group in the statutory capital of the principal bank of the banking group and investments by the principal bank of the banking group and/or participants in the banking group in the shares of investment funds; On a consolidated basis: consolidated balance sheet, which includes information with a breakdown by group participants (residents and nonresidents) engaged in financial and insurance activities, financial intermediation, and ancillary activities, as well as those that are structured enterprises established for the purpose of performing certain financial operations (for example, the securitization of assets of the principal bank of a banking group and/or participants in a banking group) and/or nonfinancial operations (for example, real estate), grouped by types of business of the banking group participants; consolidated statement of financial performance, which includes information about a group’s financial performance for the same set of participants for which a consolidated balance sheet is compiled; calculation of equity (capital) and values of required ratios for a banking group, which contains information on the amount of a group’s capital, its compliance with the prudential standards established by the CBR, including compliance by the principal banks of banking groups that are systemically important banks, the liquidity coverage ratio, and capital adequacy ratios for the same set of participants for which a consolidated balance sheet is compiled; risks assumed, procedures for their assessment, and risk (including liquidity) and capital management procedures on a solo and consolidated basis. Prudential reports are checked to verify that they have been properly compiled, including internal checks for logical consistency. Reporting statements are checked, and their accuracy is also evaluated in the process of their analysis within the context of ongoing supervision, and in the course of inspections as discussed elsewhere.
EC2	The supervisor provides reporting instructions that clearly describe the accounting standards to be used in preparing supervisory reports. Such standards are based on accounting principles and rules that are widely accepted internationally.
Description and findings re EC2	Prudential reporting is based on Russian accounting standards, which are based on the International Financial Reporting Standards (IFRS) but not yet fully reconciled. All reporting data submitted by banks to the CBR must be compiled on the basis set out in Regulation 385-P, which sets out mandatory accounting rules for bank. When issuing accounting standards, the CBR is governed by the requirements of Federal Law 402-FZ on Accounting, with regard to the application of the IFRS as the basis for the development of federal and sectoral national accounting standards (see Section 4.4 of Ordinance 2851-U). The CBR is continuing its process of implementing IFRS standards. For example, IRFS based rules for hedge accounting by banks will be introduced in the first quarter of 2016. The CBR will issue regulations to implement IFRS9 as of January 1, 2018. At the present time, banking groups may, but are not obliged, to use IFRS for prudential indicators although the option does not support the comparability of indicators.
EC3	The supervisor requires banks to have sound governance structures and control processes for methodologies that produce valuations. The measurement of fair values maximizes the use of relevant and reliable inputs and is consistently applied for RM and reporting purposes. The valuation framework and control procedures are subject to adequate independent validation and verification, either internally or by an external expert. The supervisor assesses whether the valuation used for regulatory purposes is reliable and prudent. Where the supervisor determines that valuations are not sufficiently prudent, the supervisor requires the bank to make adjustments to its reporting for capital adequacy or regulatory reporting purposes.
Description and findings re EC3	The CBR has regard to the quality of valuation based on the CBL (in particular Article 72 but also 72,1 and 73). The CBR has issued Letter 37-T, on Measures to Monitor the Correct Reflection of Assets at Fair Value by Banks to provide guidance to the banks. It should, however, be noted that the CBR letter has the force of recommendation and is not a binding requirement. Nonetheless, 37-T (item 1.2) provides that the approved internal documents of a bank ought to contain: procedure and periodicity for evaluating the methodology for determination of the fair value of assets of each type, with a detailed description of the methods (models) employed for the measurement of assets at fair value, the source data, and assumptions used; quantitative threshold values (criteria), deviation from which may indicate inadequacy of the results of the measurement of assets at fair value in accordance with the approved methodology; and the procedure for the disclosure of information regarding methods for the measurement of assets at fair value. A bank is expected to take into consideration the degree of consistency between the source data used by the bank for the purpose of measuring the fair value of assets and the nature of the assets, the current status of the market, and source data and assumptions used by market participants for determining prices for similar assets, in accordance with the methodologies accepted for setting prices for financial instruments (regarding the level of risks associated with an asset, the status of and level of activity in the market, and the economic situation). The results of an assessment of the consistency of the source data should serve as the basis for a decision to make corrections in the source data (Section 1.3 of Letter 37-T). Active market prices are recommended as the most reliable source data, when assessing the consistency. Also absence of corrections in source data, when there are grounds to find that the source data are not consistent, serves as grounds for concluding that the fair value measurement of assets is not reliable. Banks are expected also to create databases to store information for at least five years on source data (market prices, the value of transactions with respect to a similar asset) and other information used in fair value calculations (Section 1.4 of CBR Letter 37-T). Banks’ management must ensure regular monitoring of the correct fair value measurement of assets and the methodology used for its application (verification, testing, monitoring) (Section 1.5 of CBR Letter 37-T). The accounting rules provide for the valuation of assets at their initial value at the time of their initial recognition. Subsequently, a bank’s assets are measured at fair value in accordance with the requirements of IFRS 13—Fair Value Measurement, which is officially recognized within the Russian Federation. Segregation of duties is considered as the methodology for determining the fair value of assets, and must be developed without the involvement of staff engaged in operations (transactions) related to the assumption of market risk and measurement of the value of trading book instruments (Section 3.4—Market risk Annex to Ordinance 3624-U). The methodology for determining the fair value of trading book instruments must provide that if a market for the financial instruments is no longer active, its prices no longer serve as a reliable input, and the bank must change the measurement method and uses several measurement methods, such as the market and income approaches, for example. The methodology for measuring the value of trading book instruments used by a subsidiary must be approved in writing by the principal bank of the banking group, and must be subject to periodic monitoring to ensure its suitability. Information about trading book instruments measured using quantitative measurement models must be communicated to the management bodies of a bank (principal bank of a banking group). A bank (principal bank of a banking group) develops a methodology for estimating the degree of uncertainty of measurements obtained using these models, and when necessary makes corrections to the value of instruments measured using the models. The internal audit function of a bank that uses quantitative market risk measurement models performs a quarterly assessment of the quality (accuracy) of these models based on historical data, and also based on current data in the course of ongoing activities. This check can also be performed by another division of a bank provided it is independent of the sections of the bank that actively assume market risk for the bank and of the section of the bank that develops quantitative market risk measurement models.
EC4	The supervisor collects and analyses information from banks at a frequency commensurate with the nature of the information requested, and the risk profile and systemic importance of the bank.
Description and findings re EC4	The range of information banks must submit is discussed in EC1. In accordance with Ordinance 2332-U, the CBR receives prudential reporting with varying periodicity. Broadly speaking, the systemic banks are required to maintain a more frequent reporting schedule than other banks, with weekly and daily reporting being included if the CBR considers the need. The CBR has the right to require that bank submit reporting statements more frequently (Procedures for the Compilation and Submission of Reporting Forms). In the event of the rapid deterioration of a bank, particularly a member of the deposit insurance system, the CBR can require daily reporting. (Please also see CP8.) (Letter 69-T on Urgent Measures for a Prompt Supervisory Response.) As an example of differentiation in reporting, for banks defined as systemically important, reporting on the LCR on a consolidated basis was increased to monthly as of January 1, 2016. The largest Russian banks (including systemically important credit institutions) with total assets of RUB 50 billion or more and (or) retail deposits of RUB 10 billion or more have reported the LCR monthly on a solo basis since July 2014 (first reports as of August 1, 2014). Some reports are required only when there is a change in circumstances. For example, the report on the composition of participants in a banking group is submitted to the CBR when changes occur (i.e., within 10 days of the date of the change). In addition, and on the request of the CBR, banks submit reports on the composition of the banking group and open FX positions within 10 days of the receipt of a written request from the CBR, as well as duly certified copies of documents and other information from participants in a banking group that are not banks (residents and nonresidents), which were used in the compilation of the report. In terms of timely analysis and evaluation, prudential returns and reports are processed by the System for the Analysis of a Bank’s Financial Condition (the AFSB System). The AFSB System uses the methodology for analyzing the financial position of a bank that is consistent with the approach used by the curators (offsite function) for the analysis of the financial condition of a bank (Letter 15-5-3/1393). The AFSB System also uses the methodology for the evaluation of the economic condition of a bank in accordance with Ordinance 2005-U.
EC5	In order to make meaningful comparisons between banks and banking groups, the supervisor collects data from all banks and all relevant entities covered by consolidated supervision on a comparable basis and related to the same dates (stock data) and periods (flow data).
Description and findings re EC5	Banks that are the parent banks of banking groups submit reporting statements to the CBR on a solo and a consolidated basis. Consolidated reporting by banking groups includes: monthly—LCR and individual indicators used in its calculation, which is part of a report on capital adequacy and other required prudential ratios of the banking group (see also EC4); quarterly—asset quality, data on large loans, data on the concentration of credit risk, a consolidated balance sheet, a consolidated statement of financial performance, a report on the amount of equity (capital) and the values of the required ratios of the banking group, a report on open FX positions of the banking group, and explanatory notes regarding the consolidated reporting; semi-annual and annually—information about risks assumed, procedures for their assessment and for the management of risks and capital, consolidated financial reporting as part of a report on the financial condition of the bank, a report on aggregate income of the bank, a cash flow statement of the bank, a statement of changes in equity of the bank, interim consolidated financial statements, and in the event that an audit has been performed, the auditor’s opinion based on the results of a review audit of the reliability of the reporting. Annually, as part of the information on risks assumed, procedures for their assessment and for the management of risks and capital, a report on the financial condition of the bank, a report on aggregate income of the bank, a cash flow statement of the bank, a statement of changes in equity of the bank, annual consolidated financial reporting, and an auditor’s opinion regarding its reliability. The consolidated reporting forms have been developed on the basis of the forms for solo accounting (financial) statements of banks taking into consideration the specific aspects of consolidation and they consequently have the same format as the published reporting statements, they are compiled on the same date and for the same reporting period, and in connection with this, they provide comparable information for analysis.
EC6	The supervisor has the power to request and receive any relevant information from banks, as well as any entities in the wider group, irrespective of their activities, where the supervisor believes that it is material to the condition of the bank or banking group, or to the assessment of the risks of the bank or banking group or is needed to support resolution planning. This includes internal management information.
Description and findings re EC6	The CBR, in accordance with Article 57 of the CBL, has the right to request and receive from banks, parent banks of banking groups, and principal institutions of bank holding companies, the necessary information about their activities, including information about participants in banking groups and bank holding companies that are not banks, and to request explanations regarding this information. The CBR also has the right to receive information about the activities of a bank (the activities of a banking group) directly from its management (the management of the principal bank of a banking group). The CBR receives this information from ARs of the CBR, as well as, for example, in the context of meetings with the banks’ management of the banks, and written responses to inquiries by the CBR. A draft federal law has now been prepared that provides for amendments to Federal Law 127-FZ with regard to granting the power to representatives of the CBR and the DIA to also perform an analysis of the financial condition of legal entities that are financial institutions participating in the same banking group (holding company) as the bank whose financial condition is being analyzed, when performing an analysis of a bank’s financial condition within the framework of Article 189.47. In discussion with the CBR and also some market participants, it was indicated that the CBR did make use of the power to obtain management information.
EC7	The supervisor has the power to access51 all bank records for the furtherance of supervisory work. The supervisor also has similar access to the bank’s Board, management and staff, when required.
Description and findings re EC7	According to the CBL (Article 73) and Instruction 147-I, in the course of an inspection the CBR may request and receive from a bank all of the documents (information) for the period being inspected necessary to achieve the objectives of the inspection. This scope of information includes, for example, documents related to the state registration of the bank and obtaining a banking license; organizational and administrative documentation; instructions, regulations, orders, rules, and other internal documents; materials of the internal control function; analytical and summary accounting documents; accounting, statistical, and financial statements; explanatory notes; statements and written and oral explanations provided by the manager and employees of a bank; auditor’s opinions regarding financial (accounting) statements; reports and materials from inspections performed by the CBR and/or federal authorities; contracts; documents confirming that FX operations being performed are in compliance with the legislation of the Russian Federation and that the Law on AML/CFT is being observed; and other documents (information). A bank may be requested to provide documents (information) in hard copy or in electronic form. The CBL does not explicitly describe the CBR’s right of access to the board or senior management. However, a number of articles of the CBL establish the principle of the CBR’s right to access information and persons in a bank. Article 76, which establishes the position of AR (discussed in CP9) notes that the AR has the right to participate, on a non-voting basis, in the executive management meetings and decision making committees of the institution. Similarly, Instruction 147-I (Section 2.3) confirms that the head of an inspection team should have access to the persons with whom the inspection is coordinated: the chief executive officer, his deputies, and members of the executive board of a bank; the manager of a branch of a bank and his deputies; the head of a representative office and his deputies (referred to hereinafter as the manager of a bank); the chief accountant of a bank and his deputies. Further, the inspection team (Section 7.9) “shall be entitled if necessary to acquaint the head of the credit organization (its branch), the BoD (supervisory council) of the credit organization with the motivated judgments reflected in the report about the results of the inspection.” Although the assessors encountered different views on the matter in the course of their meetings and discussions in the mission it was not, though, the assessors’ overall impression that it was common for the inspection team to take this opportunity. (Please see comments CP9).
EC8	The supervisor has a means of enforcing compliance with the requirement that the information be submitted on a timely and accurate basis. The supervisor determines that the appropriate level of the bank’s senior management is responsible for the accuracy of supervisory returns, imposes sanctions for misreporting and persistent errors, and requires that inaccurate information be amended.
Description and findings re EC8	Reporting submitted by banks to the CBR in accordance with Ordinance 2851-U on the Rules for the Compilation and Submission of Reporting by Banks to the CBR must be signed by the CEO and the chief accountant, who are responsible in accordance with said ordinance for the timely, complete, and accurate submission of information to the CBR. If a bank is found to have submitted inaccurate reporting statements that contain incorrect data as a result of a violation of the established procedure for the maintenance of accounting records and/or for the compilation of reporting statements, including inaccurate information about financial condition and property status, the bank responsible for the misrepresentation of reporting data is required to correct the data (Section 5 of Ordinance 2851-U). Corrected reporting statements and indicators must be submitted (unless otherwise provided for by the procedure for the compilation and submission of reporting statements). The CBR has the right to apply enforcement measures against a bank in accordance with the CBL (Article 74) for a failure to submit reporting statements, for the submission of incomplete and inaccurate reporting statements, and for the submission of reporting statements in violation of the deadlines established by regulatory acts of the CBR. In the event that material inaccuracies are identified in the reporting data in accordance with the BBAL (Article 20), the CBR may revoke a bank’s banking license. Please see comments section in CP11 for greater detail. Further, the CBR has the right to apply measures against the parent bank of a banking group in the event that the parent bank of a banking group violates the requirements of federal laws in connection with its participation in the banking group, including a failure to submit information, the submission of incomplete or inaccurate information, a failure to perform a mandatory audit, and a failure to comply with orders by the CBR to eliminate violations related to its participation in the banking group, or if these violations threaten the lawful interests of creditors (depositors) of the given bank or of banks that are participants in the banking group (CBL, Article 74).
EC9	The supervisor utilizes policies and procedures to determine the validity and integrity of supervisory information. This includes a program for the periodic verification of supervisory returns by means either of the supervisor’s own staff or of external experts.52
Description and findings re EC9	As stated in Instruction 147-I (Section 1.3), one of the principal objectives of the CBR’s inspections is to evaluate the accuracy of the accounting (reporting) by a bank. This issue may be verified in the context of a thematic or a full-scope inspection of a bank. Information on the accuracy of accounting (reporting) by a bank is reflected in the analytical part of an audit report (Sections 7.5.2 and 1.12 of Instruction 147-I). The procedure for the organization and performance of an inspection of the accuracy of accounting (reporting) by a bank and for the reflection of the results of such an inspection is outlined in the Methodological Recommendations for the Organization and Performance of an Audit of the Accuracy of Accounting (Reporting) by a Bank (Branch) (CBR Letter 77-T). Inspections (including those for the purpose of evaluating the accuracy of accounting (reporting)) may also be performed by auditing firms on instructions from the CBR BoD. In connection with this, the CBR has published (CBL, Article 73, Part 2): CBR Regulation 442-P, on the Procedure for the Selection of Auditing Firms of the Performance of Audits of Banks (their Branches) on Instructions from the BoD of the CBR; Ordinance 3463-U. Verification of the correct compilation of reporting statements is also performed as part of offsite supervision: when receiving reporting statements, using internal arithmetic and logical control checks; and in the process of their analysis by dedicated supervisors using the AFSB System.
EC10	The supervisor clearly defines and documents the roles and responsibilities of external experts,53 including the scope of the work, when they are appointed to conduct supervisory tasks. The supervisor assesses the suitability of experts for the designated task(s) and the quality of the work and takes into consideration conflicts of interest that could influence the output/recommendations by external experts. External experts may be utilized for routine validation or to examine specific aspects of banks’ operations.
Description and findings re EC10	Inspections (both scheduled and unscheduled) may also be performed by auditing firms on instructions from the CBR’s BoD (CBL, Article 73, Part 2). The procedure for the selection of auditing firms for the performance of inspections of banks is established by CBR Regulation 442-P, which establishes the criteria that must be met by an auditing firm in order to be appointed. The CBR has been using this procedure in order to identify suitable audit firms but has not yet made any appointments to carry out tasks for the CBR. A draft contract for the performance of an inspection includes a requirement that an auditing firm must meet said criteria throughout the entire duration of its inspection of a bank and the review by the auditing firm of written objections or comments regarding the auditing firm’s report on the inspection of the bank (if applicable), (Section 6.2 of Regulation 442-P). When the CBR employs its powers to instruct auditors to carry out inspections, the inspections of banks must be carried out by auditing firms in accordance with Instruction 147-I, auditing standards, and the code of professional ethics of auditors, taking into account the specific considerations referred to in Ordinance 3463-U. Ordinance 3463-U establishes, among other things, the rights, responsibilities, and liability of the head and members of the team of auditors. Issues to be reviewed by an auditing firm when auditing a bank are specified in the inspection mandate (an addendum to the audit mandate) (Section 2.1 of Ordinance 3463-U).
EC11	The supervisor requires that external experts bring to its attention promptly any material shortcomings identified during the course of any work undertaken by them for supervisory purposes.
Description and findings re EC11	It is clear from Ordinance 3463-U (Section 3.5) that any expert who performs an inspection at the request of the CBR is required to provide information to the CBR regarding all of the issues related to the performance of the inspection. If material information falls outside of the scope of the inspection then it is not covered. Also there is no explicit requirement for the external expert to bring any matter promptly to the attention of the CBR. The CBR has not yet instructed any external experts to undertake any work for supervisory purposes, but at the time of the assessment it was planning to do so in the near future. As a matter of good practice the auditor may well raise any matter within the scope of its mandate as expeditiously as possible. Once the CBR has had the experience of working with appointed audit firms to carry out certain reports for it, it is to be expected that the relationship and mutual understanding of information flows between the audit community and the CBR will be more strongly established. It may be noted that the external expert is not without any ability to communicate with the CBR even though the EC is not met. Under Ordinance 3463-U (Section 3.5), the head of group of auditors has the right to send written appeals to CBR on all questions of carrying out the inspection, and also, as noted above, is obliged to provide to CBR information on all questions of carrying out the inspection at the request of the official of the CBR. According to Ordinance 3463-U (Section 6.8), a group of auditors can include in their concluding findings the professional judgments of the team (regarding going concern assumption), and also other data received during the audit work within the defined scope of the work. Other information can be reflected by the auditing organization in the modified audit opinion prepared (including statutory audit).
EC12	The supervisor has a process in place to periodically review the information collected to determine that it satisfies a supervisory need.
Description and findings re EC12	The CBR seeks to deliver a continuous process of streamlining its data requests and requirements from banks. Work is carried out with the participation of all relevant sections of the CBR, and aims to ensure that submissions to the CBR are relevant and meaningful—reflecting the complexity of and changes to banks and banking groups—as well as to eliminate duplication of information. In addition, based on the results of the ongoing analysis of the activities of banks, regional offices of the CBR prepare proposals for the revision of reporting forms to bring them up to date and into line with the supervisory needs, the risk profile, and the types of operations performed by banks. Issues related to the optimization of reporting are considered within the framework of a working group created within the CBR to address the development of statistical work and the optimization of reporting, with the participation of specialists from supervisory subdivisions of the CBR, as well as representatives of banks. The assessor’s discussions with industry participants suggested that at the present time there was scope to identify and eliminate some areas of overlapping and duplicative information requirements.
Assessment re Principle 10	Largely Compliant
Comments	The CBR has strong powers and rights of access to information and uses its inspection process to obtain assurance that it can depend on the substance and quality of information submitted by the banks. The CBR is in the course of introducing a number of important and valuable developments. These include the establishment of a dedicated department to the issue of valuation (covering all aspects); a move to an XBRL taxonomy for supervisory reporting; and the completion of scrutiny of audit firms who would be eligible to be instructed by the CBR to undertake specific inspections for supervisory purposes (i.e., firms who meet the criteria set out in Regulation 442-P). Not all of these developments can be finalized and implemented quickly—the XBRL project, for example, is expected to take two to three years. However, the changes are indicative of the CBR’s continuing progress. Equally, and where possible, the CBR adopts a professional approach to the introduction of new reporting requirements and the streamlining of existing requirements. It is, for example, the CBR’s practice when possible to test run new reporting requirements. It is also welcome that the CBR has an inter-departmental project to focus on the relevance and business need of the CBR’s existing reporting requirements. A continuing concern, and which persists since the last assessment, is that the CBR does not have the right to require the prompt notification of a material issue that has come to the attention of an external expert in the course of that expert’s work for the CBR on a supervisory matter. It may be stressed that an external expert has the right to contact the CBR and may of course exercise this option, but no obligation is placed on the external expert (except in cases of an official request from the CBR). At present the onus is, therefore, very much upon the CBR to request information, rather than imposing a notification obligation on either the supervised institution or a professional expert who has knowledge of the institution, to pro-actively inform the CBR of matters of material significance. It is strongly recommended that legislative amendments are made such that the CBR is able to impose this requirement. It is an issue of good practice that supervised institutions and professional service providers fully understand that they have a responsibility to ensure that the supervisor is in the position to exercise its own function as effectively as possible and in as timely a manner as possible. The CBR’s ability to intervene, for example, in a deteriorating situation is more likely to result in a successful outcome that protects the interest of depositors and the banking system, if the CBR is made aware of a material issue as soon as possible. This recommendation echoes the concerns and recommendations noted under CPs 9 and CP27.
Principle 11	Corrective and sanctioning powers of supervisors. The supervisor acts at an early stage to address unsafe and unsound practices or activities that could pose risks to banks or to the banking system. The supervisor has at its disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability to revoke the banking license or to recommend its revocation.
Essential criteria
EC1	The supervisor raises supervisory concerns with the bank’s management or, where appropriate, the bank’s board, at an early stage, and requires that these concerns be addressed in a timely manner. Where the supervisor requires the bank to take significant corrective actions, these are addressed in a written document to the bank’s board. The supervisor requires the bank to submit regular written progress reports and checks that corrective actions are completed satisfactorily. The supervisor follows through conclusively and in a timely manner on matters that are identified.
Description and findings re EC1	The legal foundation for corrective and sanctioning powers of the CBR is enshrined in Article 73 of the CBL according to which to fulfill its functions, the CBR “shall conduct inspection of credit institutions, give them instructions, which the credit institution must obey, to eliminated violations discovered in their work and involving the breach of federal laws and CBR’s regulations.” Article 74 of the same law determines the different types of measures at the disposal of the supervisors; some of them are preventive, others are coercive. However, whenever the CBR identifies a breach in prudential regulations or if the banks operate in a manner that jeopardize the interest of the depositors, the CBR by all means will resort to enforcement action. There is a constant dialogue between the relevant staff of the CBR (Credit Institutions Supervision Directorate) and representatives of the different hierarchy levels of every bank, which includes the supervisory board (BoD) and senior management. The intensity of this dialogue depends on the risk profile, size, and systematic importance of the different credit institutions. For systemic banks and banks that have received government funding support, the cooperation with the senior management of the banks is also carried out through the institution of dedicated supervisors and ARs of the CBR54 who constitute a permanent channel of communication (see below for more details). The CBR raises its supervisory concerns with the Bank’s management at different stages. This can take place during or at the end of the onsite visit (see CP8), as well as in an official letter in the cases when the deficiency is ascertained during the offsite analysis. Intensity of CBR’s intervention will depend on the seriousness of each case. If the deficiency identified by the CBR does not directly threaten the interests of the lending institution’s creditors and depositors and the further operation of the bank itself, the CBR will apply preventive measures in accordance with CBR Instruction 59 of March 31, 1997.55 These measures require full cooperation and commitment of the bank’s management bodies. The CBR’s concerns can be raised either during a meeting arranged with the bank’s management or in the form of a letter. The CBR will notify in writing to the Bank’s senior management the deficiencies identified and the action plan to be taken by the institution to redress the situation as well as a timetable for its implementation. This arrangement can also subject the bank to enhanced scrutiny until the final implementation of the action plan. In that regard, the monitoring of the fulfillment of remedial measures is ensured through regular written progress reports from the bank (item 1.12 of Instruction 59). In addition, the CBR can issue recommendations in certain particular circumstances, for example when the CBR has been tipped off by a third party. The bank will be recommended to take some corrective measures and in case of inaction, the CBR will resort to more prescriptive instruments. If the application of preventive measures described above does not attain the expected results, or in situations where the bank has committed serious breaches (e.g., violation of federal laws, regulatory acts or orders of the CBR, failure to submit compulsory information, submission of incomplete or inaccurate data, failure to disclose reporting statements or perform mandatory audits, etc.), the CBR will turn to enforcement measures as contemplated in the CBL, Article 74, Part 1. To that end, the CBR will issue an order containing detailed reference to specific provisions of federal laws and regulatory acts of the CBR that have been breached, the types of violations identified, the deadlines for their elimination, the specific compulsory measures being applied with respect to the breaches and a clear timetable for reporting to the CBR on progress made to restore the situation. More forceful sanctions, including revocation of the banking license (see EC 2 below) can be taken in case a bank does not comply with CBR’s orders or in cases where the bank operates in a way that poses a real threat to the interests of the depositors or to the stability of the system. In determining the type of sanctions to be applied, the CBR takes into account the nature and materiality of the violations and the factors contributing to their occurrence, the systematic nature of their commission, the overall financial condition of the lending institution, as well as its position in the regional and federal banking services market. The CBR Instruction 59 of March 31, 1997 spells out both preventive and coercive measures and stipulates the main conditions of their use. These enforcement measures are applied by the central administration and regional offices of the CBR. In accordance with the procedure established by CBR Directive 2387-U of January 26, 2010,56 enforcement measures are applied with respect to a lending institution as a whole, including those applied for violations committed by branches taken in aggregate. The CBR has also established mechanisms to monitor compliance with CBR’s orders or protocols. Its regional offices will follow up on the implantation by banks of their commitments. Said monitoring is performed on the basis of an analysis of the reporting statements submitted by lending institutions, sometimes on a daily basis. Further monitoring can also include onsite audits. The CBR is also able to regularly monitor remedial actions taken through its on-line “Remedial Measures Database.” This custom-developed software enables the CBR to determine progress on correcting enforcement actions at any bank through sorting information by institution, territorial office, or type of regulatory violation. As indicated at the beginning of this section, consultations are held regularly with the management, members of the BoD, and stockholders for the purpose of evaluating existing deficiencies and violations, discuss trends in risks and any strategy related issues. Effective cooperation with bank’s senior management is also carried out through the institution of dedicated supervisors57 and ARs of the CBR appointed for systemic banks and lending institutions that have received government funding support. These ARs of the CBR participate without voting rights in meetings of management bodies of lending institutions and also bodies of lending institutions that make decisions regarding lending issues and the management of its assets and liabilities. They play a role of interface between the CBR and the bank and can convey important messages to the credit institution, especially when there are matters of concerns (for more detail see the description of Criterion 1 of Principle 8). It is also noteworthy that, in accordance with CBR Directive 2005-U, the CBR performs at least once per quarter an evaluation of the economic condition of banks and a classification of banks. Information about the assignment of a bank to a classification group and about deficiencies in its activities that motivated its classification is sent by the CBR to the bank’s chief executive officer, with the recommendation that he communicates said information to members of the bank’s BoD (supervisory board) and to its collegial executive body.
EC2	The supervisor has available58 an appropriate range of supervisory tools for use when, in the supervisor’s judgment, a bank is not complying with laws, regulations or supervisory actions, is engaged in unsafe or unsound practices or in activities that could pose risks to the bank or the banking system, or when the interests of depositors are otherwise threatened.
Description and findings re EC2	The Russian enforcement regime for banks is governed by the CBL (Article 74), the banking law (Article 19) and by other regulations (e.g., the AML law59). The CBR is empowered to impose measures (discussed right below) when a bank or any of its administrators or shareholders have committed certain offenses detailed in the law, consisting of, inter alia, violation of the banking law and other acts including AML law, the CBR regulations, by-laws, and orders. The same regime will apply wherever a bank is threatening depositor’s interest, providing or disclosing incomplete or inaccurate information, ignoring CBR orders, engaging in money laundering operations, and carrying out transactions outside the ambit of its license. The CBR has available a wide range of supervisory tools to address situations where banks do not comply with laws and regulations or where banks engage in unsound practices. The CBR may, depending on its view of the seriousness and nature of detected shortcomings, take one or more of a broad selection of supervisory measures, if deemed necessary. These measures are of different nature and include administrative compulsory measures and administrative penalties. For example, in the cases when the shortcomings in the work of a bank do not pose an immediate threat to the interests of creditors and depositors, the CBR can instruct the bank to address the situation by adopting a series of measures. The remedial measures can take various forms, including asking the bank to cease a particular conduct, to eliminate a specific violation or to take certain actions to bring the situation back to normal. In more serious scenarios, in particular if a bank is considered financially unstable or represents a material threat to the interests of its depositors, the CBR can: restrict or suspend the performance of certain bank’s operations,60 including lending activities for a period of up to six months; impose a ban on certain transactions for a period of up to one year; request additional capital under certain conditions; prohibit payment of dividends and request a reduction in variable remuneration; force the bank to change its internal organization; instruct the bank to replace bank’s officials; impose a limit on the interest rates, limit certain operations like opening accounts with correspondent banks and non-banking credit organizations; restrict branch expansion; impose a ban for a period of up to one year, on operations with the parent credit institution of the banking group; restrict any transactions and dividend flows between the bank and the parent entity; place the bank under provisional administration. The CBR has the power to force a bank or a banking group to change their organizational structure only in specific circumstances, for example if a bank fails to fulfill CBR orders, or when violations, banking operations, or transactions carried out by the bank pose a real threat to the interests of its depositors. Under the new ICAAP regime (Ordinance 3883-U of December 7, 2015) to be implemented from 2016, in the event that the risk and capital management and internal control systems are found to be unsatisfactory, the CBR is empowered to issue an order requesting the bank to make the necessary adjustments in light of the nature and scale of the risks. This can include an increase of CAR, even if it is above the minimum threshold. Since 2014, the CBR can also prohibit a bank that is a member of the deposit insurance system from attracting deposits from individuals if certain conditions are no longer met. It is worthwhile noting that the CBR can combine administrative compulsory measures and administrative penalties where needed. Under certain circumstances, for example when a bank displays signs of possible insolvency, the CBR can also appoint a temporary administration for the management of the lending institution for a period of up to six months. In 2016, for example, a bank (ranking 63) was placed under temporary administration after it stopped making payments due to a cash shortage. The CBR is also empowered to use other types of sanctions consisting of “administrative penalties.” In effect, the CBL contains several provisions according to which financial institutions can be subjected to fines up to 0.1 percent of the minimum amount of statutory capital. The Russian Federation Code on Administrative Offenses (RF CAO) also permits the CBR to apply administrative penalties against lending institutions and their officials in cases specified in the Code. Fines can also be imposed on banks and their officials for violations with AML/CFT requirements (see CP 29 for more details). Compulsory measures can be imposed on shareholders as well. Article 74 of the CBL allows the CBR to send orders to the shareholders asking them to take measures to address CBR concerns. In the event that a stockholder does not comply with an order by the CBR, the voting rights at a general meeting can be suspended until the order is complied with or rescinded. The shares of the given stockholder will not be treated as voting shares and not considered for the determination of the quorum. Finally, in the most extreme scenarios stipulated in the law, the CBR can revoke the license, via a decision to be made by the Bank Supervision Committee of the CBR. The banking law, in Article 20, defines several circumstances under which a bank license can be revoked: for example, if the capital adequacy ratio of the credit institution falls below 2 percent; the amount of the bank’s own capital is lower than the minimal level of capital set by the CBR in accordance with BBL; the information used when issuing the license has been found unreliable; reported data have not been accurate; the bank has performed activities outside the ambit of its authorization; a credit institution is unable to meet creditors’ claims on money obligations. Since the issuance of the Federal Law 484-FZ of December 29, 2014, repeated violations of the AML/CFT provisions also constitute a ground for the mandatory revocation of a banking license. A license cannot be revoked on grounds other than those specified by this Federal Law. There have been multiple examples over the past few months of licenses being revoked by the CBR for serious breaches with prudential regulations and/or for suspicious activities (see below, comments section). In practice, the process for taking corrective measures and imposing sanctions follows a bottom-up approach. Territorial units of the CBR have full autonomy to make certain decisions in their area of competence (banks with capital under 5 billion rubles); however, the decision is taken in a collegial manner. In the regions, there are committees to discuss the relevance of certain sanctions and Territorial offices will consult with the supervisory department at headquarters. More severe measures however will have to be agreed upon by the BSC. Other critical decisions fall under the exclusive responsibility of the BCS, such as revoking a license or imposing a ban on retail deposit taking. For systemic banks, preventive and enforcement measures are to be made by the deputy-governor of the CBR in charge of SIFIs and further-reaching measures rest with the first-deputy governor or the Governor of CBR. In any case, the nearest physical CBR branch office will apply the measures and conduct follow up. Measures taken by local offices, regardless of their nature (preventive or prescriptive), has to be reported to the central level. All measures are uploaded and kept in a central database. Further, it is worthwhile noting that the CBR is maintaining a database on persons holding positions in banks (CEO, senior managers, board members, members of collegiate bodies, chief accountants) whose activities contributing to damaging the financial position of a credit institution or violated Russian Federation law and CBR normative acts.
EC3	The supervisor has the power to act where a bank falls below established regulatory threshold requirements, including prescribed regulatory ratios or measurements. The supervisor also has the power to intervene at an early stage to require a bank to take action to prevent it from reaching its regulatory threshold requirements. The supervisor has a range of options to address such scenarios.
Description and findings re EC3	The CBR has a wide range of options to intervene at an early stage to require a bank to take actions if it falls below established regulatory threshold requirements. For the purpose of preventing the violation of prudential ratios by lending institutions, the CBR has the right to apply preventive measures with respect to lending institutions as stipulated in the CBR Instruction 59. Preventive measures are applied at the early stages of the appearance of deficiencies in the activities of a lending institution. The CBR can issue a written order instructing the bank to hold additional capital or to improve banks’ financial position. Under the new ICAAP regime, the CBR can also act even though a bank may fulfill minimum regulatory requirements. As indicated to the team, it is common practice for CBR to raise its supervisory concerns at an early stage with management—via ongoing dialogue—and to require that these concerns be addressed in a timely manner. In that respect, the presence of designated representatives in systemic banks allows permanent communication channels so that the CBR can act preventively. As mentioned under EC 2, Article 20 of the banking law also defines conditions for revoking a license if, for example, the value of all equity capital adequacy ratios of a credit institution falls below two percent or if a credit institution fails to comply within the term set by paragraph 41, Chapter IX of the Federal Law on the Insolvency (Bankruptcy) of Credit Institutions with the CBR’s demand for bringing in line its authorized capital with the law.61 Written orders do not emanate solely from the results of onsite examinations. The supervisor may deem them necessary as a result of the offsite analysis or the results of bottom-up stress tests of the institution, which would suggest that, for example, a capital inadequacy issue is looming. Over the past years, the CBR has requested banks to increase their capital in several instances. As of January 1, 2015, the number of banks with equity capital less than RUB 300 million was 13, of which, in 2015, 2 banks were reorganized through mergers, two banks raised their equity capital above 300 million rubles, three banks had their banking licenses revoked, and five banks changed their bank status to that of a non-bank credit institution.62
EC4	The supervisor has available a broad range of possible measures to address, at an early stage, such scenarios as described in essential criterion 2 above. These measures include the ability to require a bank to take timely corrective action or to impose sanctions expeditiously. In practice, the range of measures is applied in accordance with the gravity of a situation. The supervisor provides clear prudential objectives or sets out the actions to be taken, which may include restricting the current activities of the bank, imposing more stringent prudential limits and requirements, withholding approval of new activities or acquisitions, restricting or suspending payments to shareholders or share repurchases, restricting asset transfers, barring individuals from the banking sector, replacing or restricting the powers of managers, board members or controlling owners, facilitating a takeover by or merger with a healthier institution, providing for the interim management of the bank, and revoking or recommending the revocation of the banking license.
Description and findings re EC4	As discussed under EC2, the banking law, Article 19, defines the general principle that govern CBR enforcement powers; it reads: “in case a credit institution violates federal laws, CBR regulations or instructions, required ratios, or fails to provide information or presents incomplete or inaccurate information, fails to perform a mandatory audit, and to disclose statements and an auditor’s report, fails to provide information to a credit history bureau, or commits any actions creating a real threat to the interests of depositors and creditors, the CBR shall be entitled to take supervisory measures against the credit institution as stipulated by the Federal Law on the Central Bank of the Russian Federation.” These measures can be imposed also on the parent company in case of banking groups. Article 74 of the CBL also contains several provisions that empower the CBR to act quickly. For example, if a credit institution violates federal laws or CBR normative acts or orders, the CBR has the right to require the credit institution to eliminate the violations, charge a penalty of up to 0.1 percent of the minimum amount of authorized capital, or prohibit the credit institution from conducting some banking operations for up to six months, including operations with the parent credit institution of the banking group. Additional and more forceful measures (described in detail under EC2) are also available to the supervisor if the bank fails to fulfill CBR’s orders or if the bank pose a serious threat to the interests of its creditors. Under the law on bankruptcy, Article 189.30 offers the possibility to restrict powers of the executive body of the bank by subjecting decisions of senior management to the previous authorization of a temporary administrator. This includes decisions on the transfer of bank’s real property under a leasing arrangement or as collateral. It also covers transactions with affiliated and RPs. Recent measures have also been passed to increase CBR’s enforcement powers, for example in the area of AML/CFT. Also, for the banks that are participants in the deposit insurance system and in accordance with the recent CBR Directive 3229-U of April 5, 2014,63 the CBR can terminate the bank’s right to attract funds for deposit from individuals and to open and maintain bank accounts for individuals if certain conditions are not being met or in case of serious deficiencies that persist beyond a certain period of time established in the law (Article 48, Part 1 of the federal law on the Deposit Insurance System). It is worthwhile noting that before visiting a bank for onsite examination purposes, CBR inspectors will collect information on any previous sanctions issued against the bank by using a software elaborated on the basis of reporting forms # 0409637 on “Information on Imposed Sanctions….” (CBR Inspection methodology 26-T of March 23, 2007). In light of the above, the CBR enjoys a broad range of possible measures to address at an early stage the scenarios described in EC 2, above. These measures are graduated to the gravity of the situation.
EC5	The supervisor applies sanctions not only to the bank but, when and if necessary, also to management and/or the board, or individuals therein.
Description and findings re EC5	In accordance with Article 74, Part 2 of the CBR law, the CBR can impose sanctions on bank’s management if the credit institution did not observe supervisor’s orders to eliminate violations identified in bank’s activities or if its operations have created a real threat to the interests of the depositors. In those cases, the CBR has the right to require the replacement of bank’s officials (identified as such in Article 60 of the CBL). The list includes the following individuals: chief executive officer and his deputies; members of the collegial executive board; members of the BoD (supervisory board); chief accountant and his deputy; chief accountant of a branch. In addition, the CBR can set limits on the amount of compensation and/or incentive payments to the persons above for a period of up to three years. Moreover, in accordance with the CAO, the CBR has the right to apply administrative penalties against officials in the form of warnings and administrative fines (see EC 2). Sanctions are also possible against persons holding controlling interest in the bank, directly or indirectly. In accordance with Article 72, Part 7, of the Law on the Central Bank, the CBR has the right to impose a ban on the adoption of decisions by a lending institution to distribute earnings among its founders (partners) and to pay (declare) dividends, and also to impose a ban on the distribution of earnings among its founders (partners), on the payment of dividends to them, on the fulfillment of requests by founders for the allocation of their stake (or part of their stake) or the payment of its actual value, or on the repurchase of the lending institution’s stocks. Such a measure is introduced by the CBR at the same time as the suspension of payment of principal and/or interest on a debt owed under an agreement on a subordinated credit (deposit, loan) or on bonds In certain situations, the CBR can appoint a temporary administration for management of the lending institution for a period of up to six months. This can be the case, for example, if the lending institution does not comply with CBR’s requests to replace the bank’s manager. There have been a few cases recently where the CBR applied sanctions against managers.
EC6	The supervisor has the power to take corrective actions, including ring-fencing of the bank from the actions of parent companies, subsidiaries, parallel-owned banking structures and other related entities in matters that could impair the safety and soundness of the bank or the banking system.
Description and findings re EC6	In accordance with Article 74 of the CBL, the CBR has the right to limit the performance of certain operations between the bank and its parent company or affiliated companies for a period of up to six months or to prohibit the performance of certain banking operations for a period of up to one year. The CBR can also take all the measures necessary to protect banks and banking groups from risks arising from entities with which they have structural links. In particular, to ensure safety and soundness, the CBR has the right to take against the parent company measures concerning the group as a whole or its individual components
EC7	The supervisor cooperates and collaborates with relevant authorities in deciding when and how to affect the orderly resolution of a problem bank situation (which could include closure, or assisting in restructuring, or merger with a stronger institution).
Description and findings re EC7	According to Article 189.20, the CBR is entitled to send a credit organization a demand for taking measures aimed at its financial rehabilitation and according to Article 189.45 the CBR is allowed to demand a reorganization of a credit institution in the form of merger or affiliation. Not later than the day following the date of the relevant decision, the CBR shall inform the DIA about: the issuance of the CBR’s permit for the bank; the decision taken on carrying out an inspection of the bank on the DIA’s proposal; the appointment of temporary administration; the revocation (annulment) of a license; the imposition of a moratorium on a meeting creditor’s claims; the replacement of a license; and the imposition of a ban on attracting deposits. According to Article 189.47 of Federal Law 127-FZ, the CBR has the right to submit a proposal for the DIA’s participation in measures aimed at preventing a bank’s bankruptcy if there is evidence that it is in an unstable financial position. The CBR can also submit a proposal for the DIA’s participation in the settlement of a bank’s liabilities if there is evidence that bank’s conditions create a threat to the interests of its depositors. The Laws of the Russian Federation do not contemplate the creation of a bridge bank but there are conversations with the Minister of Finance to introduce bail-in procedures to be able to write down or convert unsecured liabilities, which could result in legislation changes in 12 to 18 months. When a bank exhibits signs of instability that can endanger the interests of its creditors (depositors) and/or the stability of the banking system as a whole, both CBR and DIA examiners team up to analyze the bank’s financial position. The outcomes of this joint evaluation will permit a decision on the type of actions required, preventing bankruptcy, or settling liabilities. In addition, according to Article 27 of Federal Law 177-FZ, the DIA is entitled to propose that the CBR inspects a bank or takes measures against a bank. According to Article 189.47, the decision by the CBR of the proposal to prevent the bankruptcy of a bank should be taken by the Banking Supervision Committee of the CBR. No later than ten days after receiving CBR’s proposal, the DIA should inform the CBR on its decision to participate or refuse to participate in preventing the bankruptcy of the bank or in the settlement of the bank’s liabilities.64 In the case of refusal, the reasons need to be substantiated. For the prevention of a bankruptcy and according to 189.49 of Federal Law 127-FZ, once the proposal is accepted, the DIA needs to propose an implementation plan to CBR within 20 days of the DIA’s decision to participate. Subsequently, CBR is required to express its adoption/approval or refusal of the plan within 10 days. The cooperation between DIA and CBR is very close. As of today, the DIA has not taken a decision on inexpediency of participation in taking measures aimed at preventing bank’s bankruptcy. Refusal to rehabilitate a bank by the DIA has only taken place five or six times, and some of the reasons were the impossibility of selling the assets of the bank. In this case, the CBR revoked the license and the DIA proceed with the pay-out of insured deposits. Decision on bankruptcy prevention measures between 2011 and 2014 were taken in connection with 15 banks (in only one of which a purchase-and-assumption transaction was used), and several of them are still undergoing rehabilitation. In the majority of cases, these banks were acquired by other banks with financing provided by the DIA.
Assessment re principle 11	Largely Compliant
Comments	Overview of corrective measures and sanction practices In practice, the CBR has used a wide variety of measures and sanctions over the past years as shown in the tables below, including—albeit rarely—against individuals. In 2014, preventive measures were actively applied to credit institutions: written notices were sent to the management of 873 supervised banks; and 444 meetings with banks were held. Compulsory measures in the form of orders to eliminate violations were applied to 546 banks, fines were imposed on 133 banks, restrictions on certain transactions were imposed on 209 credit institutions, some transactions were banned in 64 banks and 53 banks were prohibited from opening branches. In 2015, preventive actions were applied to 822 banks and 673 Credit institutions were subject to enforcement actions (see table below). The CBR has also imposed multiples fines on banks over the past five years, including on state-owned banks. 212 banks were fined in 2015, 133 in 2014, 171 in 2013, and 192 in 2012. While the relevant laws and codes define the ceiling for administrative fines, it is not clear whether the CBR uses some guidance to determine the quantum of a fine. It is up to the CBR to decide based on the frequency of the infringement. The mission was told that discussions are currently taking place at the CBR to define processes for determining fines in connection with AML/CFT breaches. Issues related to AML/CTF laws were also considered in 48 percent of all completed scheduled and unscheduled inspections of credit institutions. As a result, during 2014, the consideration of 1,120 administrative offense cases was completed, with 319 adjudications on imposing fines (including 62 rulings with regards to executives of credit institutions), 539 adjudications on issuing warnings (including 290 rulings with regards to executives of credit institutions), and 262 adjudications to close administrative cases (including 75 rulings with regards to executives of credit institutions). Table 1. Number of Credit Institutions that Committed Violations and thus Subjected to Enforcement Actions in 2015 on the Basis of Article 74 of the Federal Law “On the Central CBR Federation”65 # Violation Number of credit institutions subjected to enforcement actions Total Preventive actions Enforcement actions Total including Fines Restrictions on specific activities Prohibition of specific activities Requirements Total number of CI subjected to enforcement actions *) 832 822 673 212 243 73 623 including for 1 Violation of the requirements for registration, licensing and of expansion activities of the CI 69 61 11 4 3 1 8 2 Failure to comply with regulatory standards for CI activities (one or more) 41 28 20 7 8 5 9 3 Failure to comply with the procedure for calculating the regulatory standard (one or more) 21 15 14 1 3 1 14 4 Failure to comply with the reserve requirements 60 14 51 50 0 0 6 5 Violation of the procedure for formation of the reserves for possible losses 551 397 452 46 176 62 445 6 Providing false statements 178 144 63 12 11 5 57 7 Violation of the order and timing of statements, as well as of its publication in the open domain 411 399 41 20 6 1 26 8 Failure to comply with the requirements within the prescribed timeframe 44 18 38 6 14 13 32 9 Violation of the provisions of Article 189.10 of the Federal Law “On Insolvency (Bankruptcy)” 20 12 14 0 9 5 8 10 Violation of the provisions of Article 189.19 of the Federal Law “On Insolvency (Bankruptcy)” in terms of the implementation of bankruptcy prevention measures 18 15 6 0 2 0 4 11 Reduction of equity (capital) 18 7 16 0 4 1 15 12 Violation of the currency legislation of the Russian Federation and the currency regulation and currency control instruments 64 45 26 15 5 0 13 13 Violation of legal provisions in the field of counteraction to legalization (laundering) of proceeds from crime and financing of terrorism, as well as violation of the requirements stipulated by Articles 6 and 7 of the Federal Law “On counteraction to legalization (laundering) of proceeds from crime and financing of terrorism” with the exception of article 7, paragraph 3 of the Law 467 319 360 103 115 10 296 14 Inadequate quality of the internal control system 27 23 10 3 3 1 9 15 Violation of the requirements for the development of internal bank regulations 81 64 38 2 8 2 34 16 Formation of the equity (capital) (parts thereof) sources with investors using inappropriate assets 42 31 13 0 3 0 13 17 Violation of accounting and reporting rules 252 216 119 22 45 9 112 18 Violation of the requirements of the Federal Law of 27.06.11 161-FZ “On the National Payment System” or related bylaws 40 32 18 3 5 1 16 Revocation of licenses has been quite significant over the past years, with an acceleration during 2015. In 2014 and 2015, the CBR revoked multiple banking licenses (86 and 93 respectively), citing the unsatisfactory quality of banks’ assets, the loss of capital, risky lending practices, and involvement in money laundering activities. There seem to be different objective factors that can explain this massive revocation of banking licenses and banks’ closures. First, the supervisory role and powers of the CBR have been reinforced; second, the tightening control in general over the banking sector; and third, stricter requirements, particularly in terms of professional qualifications for banks’ senior management. This also reflects a much more rigorous approach to eradicating cases of misconduct, bad management, and fraudulent practices in banks. The CBR has definitely made a large-scale effort to reinforce the banking sector, especially since the appointment of the current CBR Governor. It is also noteworthy that the Central Bank and executive authorities initiated actions and legislation aimed at minimizing the consequences of international economic sanctions against Russia and creating favorable conditions for business development in the country. In that context, in his Address to the Federal Assembly on December 4, 2014, the President of the Russian Federation advanced several major initiatives aimed at improving the business climate, including the so-called “supervisory holidays.” This initiative allows a company that has acquired a reliable reputation and for three years had no significant complaints, to be free for the next three years of routine checks by the State, and there will also be no municipal control. The mission was told that the “supervisory holidays” do not apply to financial institutions. Decisions on sanctions are made public, which is a good practice in assessors’ opinion. They are disclosed on the CBR website, clearly stipulating the name of the bank, the type of sanction and the ground that led to the decision. CBR internal processes and enforcement powers All measures described under EC 2 are taken by the CBR at its own discretion, on a case by case basis, and in a collegial fashion. Article 74 of the CBL stipulates in that regard that the CBR “shall have the right to” or the CBR “shall be entitled to”. As a result, if a bank does not pose a threat to the system or if the violation is minor, the CBR can discuss options to address the problem. In more serious circumstances, the CBR will send an order to instruct the bank to take certain measures or to stop certain operations. If case of glaring deficiencies, the CBR adopts more forceful decisions. In making its determination, the CBR takes into consideration several factors or circumstances such as (i) the gravity of the violations and their occurrence; (ii) the general financial state of the bank; and (iii) its position in the market, either at federal or regional level. The authorities also look at issues from a bankruptcy perspective. In case of systemic banks, the potential impact of a sanction will be analyzed to avoid spill-over effects on the rest of the system. Instruction 59 of March 31, 1997 on “Penalizing Credit Organizations for Violating Prudential Standards” stipulates the cases in which preventive measures are preferable to coercive ones and vice versa, while leaving the CBR enough room to maneuver. It recommends using preventive measures as a first step in making the credit organization change its ways, provided that its management and, if necessary, participants (shareholders) act in a constructive and responsible manner. Coercive measures are recommended when the violations committed by a credit organization make such measures inevitable and when it is clear that preventive measures alone would not be enough to make the bank change its behavior. However, Instruction 59 has not been made public and up to now it has been an internal document only. The instruction is now being revised since a reform introduced in 2014 with the view to make the enforcement process more transparent. The new instruction is expected to be finalized sometime in the first half of 2016. The establishment of transparent procedures is highly desirable to establish stronger confidence among the industry in CBR’s processes in relation to sanctions. There is a sentiment among market participants that equal treatment by the CBR might not always be achieved. In that respect, a recent case was mentioned in which the Ninth Court of Appeals of the City of Moscow ruled in favor of a bank and overturned the decision of the first-instance court on the grounds that the CBR could have levied a lighter penalty. In 2014, 14 cases of revocation where challenged in justice, one was ruled against the CBR; in 2015, 22 cases took place with no overturn. As for orders against credit institutions (regional branches), 23 were challenged in 2014, 2 of which were overturned. In 2015, 3 cases were ruled against CBR out of 46. The BCP assessors also noted in the law the following limitations. Article 74 of the CBL stipulates that when a violation has been committed by a shareholder (e.g., failure to disclose information on controlling interest, failure to take prompt action to prevent bank’s bankruptcy or any misdeed causing the bank to violate prudential ratios), the CBR shall no later than 30 calendar days from the day of discovering the violation send an order to the shareholder to redress the violation; besides, the CBR’s order is possible if no more than one year has passed since the violation was committed. This provision suggests that any gross violation older than one year cannot be subject to any CBR action. Further, if the CBR misses the 30 calendar day’s window to act, it is considered to have violated the law and any interested party could sue the CBR for “inaction”. The CBR told the mission that this window of 30 days is large enough as it starts when the facts (justifying the issuance of an order) have been established; which give one month to process the order. The CBR also indicated that the window of 30 days has never been missed. In assessors’ opinion, this provision provides some form of impunity to negligent shareholders and creates a reputational risk—yet theoretical—for the CBR if the bank goes bankrupt. The mission was told that the legislator’s intention was to protect shareholders. Another limitation can be found in Article 74, last two paragraphs that limits the possibility of CBR to take any enforcement measures (contemplated in the same article) if five years have passed since the violation were committed. The same paragraph stipulates that the CBR “may appeal to court to recover a fine from a credit institution or apply some other sanctions against it, stipulated by federal laws, no later than six months after any of the violations (listed in parts one to four of Article 74) was recorded. The CBR told the mission that this limitation has no practical impact on CBR’s operations; since supervision is exercised on an ongoing basis and banks are subjected to an onsite visit every two years, the probability to discover violations older than five years is very low. Against this background, the five-year statute of limitation appears adequate. Recommendation: Explore possible amendments to the CBL to: - permit the CBR to take enforcement measures against shareholders who violated the law or CBR’s regulations, even if the violation is older than one year; - augment the 30-day timeframe during which the CBR has to send on order to a party who committed a violation; and - provide the CBR the possibility to impose changes in banks’ internal organization and structure. Complete the revision of Instruction 59 on “Penalizing Credit Organizations for Violating Prudential Standards” so that criteria for sanctions used by CBR become more transparent. Establish formalized guidelines for determining the quantum of an administrative fine. Increase number of sanctions against individuals (namely bank’s senior executives, board members and shareholders).
Principle 12	Consolidated supervision. An essential element of banking supervision is that the supervisor supervises the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential standards to all aspects of the business conducted by the banking group worldwide.66
Essential criteria
EC1	The supervisor understands the overall structure of the banking group and is familiar with all the material activities (including non-banking activities) conducted by entities in the wider group, both domestic and cross-border. The supervisor understands and assesses how group-wide risks are managed and takes action when risks arising from the banking group and other entities in the wider group, in particular contagion and reputation risks, may jeopardize the safety and soundness of the bank and the banking system.
Description and findings re EC1	Banks, banking groups and bank holding companies To preface the discussion on consolidated supervision, it may be helpful to note the specific powers granted to the CBR in respect of consolidated supervision under the CBL and certain specific definitions that are used in the BBAL. The CBR’s obligation to conduct consolidated and solo supervision flows from the CBL (Articles 4, 56, and 57). The CBL requires the CBR to exercise supervision over individual banks and banking groups. It further establishes the CBR’s right to obtain information and analyze the activities of “bank holding companies” for the purposes of banking supervision over credit institutions and banking groups integrated into bank holding companies. In other words, the CBR has direct powers of supervision in respect of individual banks and banking groups but has information gathering powers over bank holding companies (BHC). The BBAL provides the definition of a banking group and the definition of a BHC. Under the BBAL (Article 4), a banking group is defined as an association of legal entities in which one or more of the entities are under the control or significant influence of a bank. The definitions of control and influence are taken from IFRS. In terms of powers, the CBR has information gathering powers under the CBL (Article 57) in respect of banks and banking group, including the right to demand further elaboration and explanation of any information received. Thus, under Article 57, the CBR “shall have the right to request and receive from credit institutions, the parent credit institutions of banking groups and the parent organizations of bank holding companies’ information on the activities of credit institutions, banking groups and bank holding companies, respectively, including data on the members of banking groups and bank holding companies other than credit institutions, and demand elucidation of the information received.” Further, Article 57 clarifies that the CBR may set regulations that are “binding for bank holding companies, for compiling and presenting data required for assessing the risks of a bank holding company and conducting supervision of credit institutions participating in a bank holding company.” However, the term bank holding company, as defined by the BBAL (Article 4), does not denote an entity that is a holding company for a banking group. In practice the BBAL definition for a BHC describes what may be more readily understood as a “bank holding company group” rather than a parent entity of a bank holding group. The BBAL definition is noted below, for completeness, but in practice a “BHC group” contains at least one bank, which is not the parent entity, and which is under the control of a parent entity of a BHC group, and the overall balance of business in the BHC group must be no less than 40 percent banking activities, measured according to a CBR methodology that assesses the ratio of assets and/or revenues of the credit institutions to the BHC group as a whole. As in the case of banking groups, members of a BHC are identified by using definitions of control and significant influence in accordance with IFRS. The definition of BHC (BBAL, Article 4, as amended in 2013) is as follows: “the association of legal entities, with such an association not being a legal entity (afterwards referred to as the members of a BHC), including at least one credit institution controlled by a legal entity other than a credit institution (afterwards referred to as the parent organization of a BHC), as well as other (if any) legal entities (other than credit institutions) that are under control or significant influence of the parent organization of the BHC or participate in the banking groups of credit institutions that are members of the BHC, provided that the share of banking operations assessed on the basis of the CBR’ methodology, accounts for no less than 40 percent of the activities of the BHC.” Understanding the structure of banking groups Supervisory process: The CBR establishes supervisory groups responsible for consolidated supervision of banking groups that include representatives from different CBR’ Departments (Section 1.3, the CBR’ Regulation 3089-U). At the time of the assessment there were over 120 banking groups in Russia. There are a range of CBR regulations setting out the CBR’s supervisory and reporting requirements for banking groups, including prudential requirements. Reporting submissions are made by the parent entity of the banking group. The key regulations are: Regulation 3089-U re the procedure for supervising banking groups; Regulation 3876-U re disclosure of information for parent banks of banking groups; Regulation 2923-U re disclosure and submission of consolidated financial statements by the parent banks of banking groups; Regulation 509-P on capital, prudential ratios and limits of open FX positions of banking group; Regulation 510-P on the Liquidity Coverage Ratio on a consolidated basis for systemically important banks; Regulation 462-P on consolidated statement and other information on the activity of the banking group; Regulation 2332-U on reporting forms and submissions of banking groups. Reports made to the CBR by the parent of the banking group include: annually, or in the event of changes or at the CBR’s request: Statement on the composition of the members of the banking group; quarterly: Consolidated balance sheet; Statement on financial results, capital calculation, statutory requirements of BG and open currency positions; monthly: or in the event of non-compliance with the minimum requirements (actual or expected) or at the CBR’s request: Liquidity Coverage Ratio on a consolidated basis for systemically important banks. The CBR uses the reported information to identify the core activities of the banking group and of the major entities within the banking group. Asset size, concentration and location are included in the CBR assessment. RPs are also assessed (please see also CP 21) on the basis of information supplied in reporting submissions on lists of RPs and list of RPs of credit institution’s owners. Group wide risk management Under the CBL, notably Articles 571 and 572, the CBR sets the risk, capital management, internal controls, capital adequacy and liquidity standards for banking groups as well as for individual credit institutions. The CBR has articulated its standards in the following regulations: Regulation 3624-U and Regulation 3883-U On requirements for risk and capital management and ICAAP assessment; Regulation 242-P on internal controls; Regulations 509-P on calculation of required capital ratios and net open positions; Regulation 510-P with Annex 1 on the sound principles of liquidity RM in systemically important banks; and Regulation 3223-U On qualification requirements for significant individuals in the institution, including Head of Risk, Head of Internal Audit Division and Head of Internal Control. The supervisory process for banking groups is consistent with the supervisory approach described in CP8. There is quarterly monitoring of the banking group’s reporting, and on a semi-annual basis there is an assessment of the banking group. The assessment is based on Regulation 3089-U and includes, for example: an overview of BG’ structure; main activities (including foreign operations) and market position; an analysis of BG’ consolidated balance sheet (including dynamics and composition); consolidated financial results (including dynamics and composition); equity (capital) structure (including dynamics and composition); required ratios (for example, regarding credit risk, liquidity risk, FX risk); and main risks (in particular, credit risk, liquidity risk, market and FX risk, OR, contagion risk, reputation risk). As noted in CP9, the CBR aims to confirm its understanding through an onsite inspection program. The inspections are coordinated (by timing and scope) of the members of the banking group (banks and non-bank financial institutions) with the intention of obtaining a fuller picture that is not possible from stand-alone inspections of a banking entity. The Systemically Important Banks Supervision Department has already participated in and plans to continue to coordinate and develop bank and non-bank offsite supervision and inspections (banking groups’ members) with the responsible departments in the CBR. The main criteria in scoping the inspections was the significance of the influence of respective members of the financial group, though SIBSD’s view is that there are no non-bank members of the banking groups supervised by SIBSD that exert significant influence on the banking group activity. The Chief Inspectorate organizes the coordination based on proposals submitted by the relevant departments (as also discussed in CP9). To assist in the coordination of the joint inspections, the CBR creates an analytical group which organizes information exchange between the working groups which are conducting the coordinated inspections. Information exchange is performed at all stages of carrying out inspections (prior to, during and after the end of the inspections. The Chief Inspectorate of the CBR carried out the coordinated inspections of: 14 non-credit financial institutions and 12 credit institutions—in 2014; 18 non-credit financial institutions and 10 credit institutions—in 2015; and further coordinated inspections are planned in 2016. Coordinated inspections in support of consolidated supervision of banking groups are also performed. In 2014, there were coordinated inspections of 3 banks that were members of the same banking group, and in 2015, there were 4 such inspections, with 11 further inspections planned for 2016. Bank holding group The definition of a BHC is discussed above. The CBL (Article 57) empowers the CBR to set the standards for BHCs to submit information necessary for the CBR to conduct effective supervision of credit institutions who are members of BHC groups. The parent of a BHC is obliged to notify the CBR if a BHC is formed, and if a management company of the BHC is formed, including the authority assigned to such a management company (Regulation 3780-U). The parent of a BHC, pursuant to the BBAL (Article 43) and the CBR regulations (Regulation 3777- U) must submit semi-annual reports to the CBR on the risks. This comprises: information on the BHC’s risks (also at the request of the CBR); statement on the structure of the BHC and on the shares in investment funds (also at the request of the CBR); information on the parent organization of a BHC including its responsibilities. On an annual basis, the parent of the BHC submits financial statements, the independent auditor’s conclusion, (3087-U—on disclosure and presentation of consolidated financial statements by the parent entities of BHC groups) and information on the BHC’s risks, necessary for the supervision of the banks that are members of the BHC group. The CBR may also require information from the parent organizations of the BHC’s groups regarding the activity of these groups, including the information about the non-bank members of the group and any further necessary explanations. The CBR exercises these powers but does not meet with and may not conduct inspections of the parent organization of the BHC groups. In the event of any legal violations, the CBR has powers to restrict the operations between the bank and the members of the wider BHC group, including the parent entity, for up to one year should there be legal violations. For context, as of July 2015 there were 42 BHCs in Russia. The parent entities of these groups (that is 29 companies or about 70 percent of the total number) are active in a range of nonfinancial sectors (such as construction, commerce, advertising, food industry, agriculture, and broadcasting).
EC2	The supervisor imposes prudential standards and collects and analyses financial and other information on a consolidated basis for the banking group, covering areas such as capital adequacy, liquidity, large exposures, exposures to RPs, and lending limits and group structure.
Description and findings re EC2	As noted in EC1, the CBR’s powers to exercise supervision of banks and banking groups is established in the CBL (Article 56) and the reporting and information requirements are also discussed in EC1, above. The CBL (Article 62) grants the CBR the power to impose a range of required ratios at banking group as well as solo level. These include, maximum non-monetary contributions to the authorized capital of a bank; maximum risk per borrower or a group of related borrowers; the maximum amount of high credit risks; the liquidity ratios; the own funds (capital) adequacy ratios; the amount of FX, interest rate, and other financial risks; the minimum amount of provisions created for risks; the ratios for a credit institution to use its own funds (capital) to acquire shares (stakes) of other legal entities; the maximum amount of loans, bank guarantees, and sureties provided by a credit institution (a banking group) to its shareholders (members); and the maximum risk per counterparty related to the credit institution (group of parties related to the credit institution). Reporting is on a consolidated and standalone basis. The CBR analyses the information on liquidity on a consolidated basis for the banking groups. Additionally, BGs’ parent companies are required to submit, quarterly, information on risks, risks assessment, RM, and capital management (Regulation 3876-U). Group structure is reported and monitored for banking groups as noted in EC1 above.
EC3	The supervisor reviews whether the oversight of a bank’s foreign operations by management (of the parent bank or head office and, where relevant, the holding company) is adequate having regard to their risk profile and systemic importance and there is no hindrance in host countries for the parent bank to have access to all the material information from their foreign branches and subsidiaries. The supervisor also determines that banks’ policies and processes require the local management of any cross-border operations to have the necessary expertise to manage those operations in a safe and sound manner, and in compliance with supervisory and regulatory requirements. The home supervisor takes into account the effectiveness of supervision conducted in the host countries in which its banks have material operations.
Description and findings re EC3	The supervision over most foreign operations carried out by Russian banks is conducted by SIBSD, as volume of cross-border operations is a qualifying criterion for a bank to be recognized as a D-SIB and as a consequence to be supervised directly by the CBR head office. This also implies that the banks with significant volumes of foreign operations have an AR of the CBR (see CP1 EC5) able to provide additional information and insight into the operation and management of the banking group. In terms of powers and information gathering, CBL grants the CBR powers of group wide supervision covering, inter alia, RM and controls (Articles 571 and 572), and the BBAL imposes an obligation on banking groups to ensure adequate risk and control management, which is further elaborated in Regulation 242-P. The CBR obtains a range of information, such as: foreign operations of banks and banking groups—Regulation 2332-U); consolidated supervision reporting—Regulation 462-P; loan loss reserves in respect of residents in offshore zones—Regulation 1584-U; liquidity, where with the advent of the CBR’s implementation of the LCR on a consolidated basis for systemically important banks from January 1, 2016—Regulation 510-P—banking groups are required to manage their liquidity risk taking into account the availability of assets for transfer between the banking group member and the parent credit institution; and the CBR’ regulation also sets a treatment of the operations of the bank’s foreign branches and subsidiaries conduct for short-term liquidity purposes. Direct information on banks’ management of and oversight of risks in non-domestic subsidiaries is obtained through meetings and onsite inspections, the latter of which are used to examine the quality of banks’ documentation for internal risk governance (credit, market, exchange rate, liquidity risk, etc.), whether those documents conform to established standards, and whether the documents are adhered to in practice. The CBR has not been informed of any hindrance experienced by parent banks in obtaining information on their foreign branches and subsidiaries. With respect to the assessment of the quality of local management of cross border operations, the CBR’s policies and practices appear to be more limited. The CBR noted that it has regard to the qualifications for the heads of RM and internal audit and internal controls in banks—these qualifications are established by Regulation 3223-U—and assesses whether these standards are met in the course of its internal control assessments. The comments from the CBR indicated that the process is largely reliant on evaluation of RM and control systems, particularly through internal compliance documents. If the CBR notices risks or deficiencies that might affect the control of foreign operations, it may ask questions, point out failings, and of course if necessary adopt formal measures. Information could also be obtained through the ARs, and the CBR indicated that in case of concern the management would be called in for a meeting. The CBR’s approach to assessing the effectiveness of supervision conducted in the host countries in which its banks have material operations is primarily based on analysis of reports submitted by the banks and banking groups. These reports contain information on foreign operations and branches (Regulation 2332-U). The CBR also has right of access to internal documents of the banks and banking groups.
EC4	The home supervisor visits the foreign offices periodically, the location and frequency being determined by the risk profile and systemic importance of the foreign operation. The supervisor meets the host supervisors during these visits. The supervisor has a policy for assessing whether it needs to conduct onsite examinations of a bank’s foreign operations, or require additional reporting, and has the power and resources to take those steps as and when appropriate.
Description and findings re EC4	The CBR has the authority (CBL Article 73) to inspect the non-domestic activities of banks and their banking groups. Additionally, the CBR (CBL Article 51) may request supervisory information from the supervisory authority in the relevant jurisdiction concerning the non-domestic entities, including inspection reports. Such information is subject to professional secrecy constraints. Information exchange extends to non-domestic financial market regulators and is based on IOSCO multilateral MoUs; international treaties’ and bilateral treaties as relevant, providing that professional secrecy is observed. The CBR has limited experience of visiting the foreign operations of domestic banks. The assessors were informed of one example when, in 2014, an onsite inspection of the branch of a Russian bank located in Cyprus was carried out. The inspection was coordinated to take place simultaneously with an inspection of the parent bank. The Russian and Cypriot authorities cooperated, and exchanged information and inspection findings. In practical terms, the same regulations that govern inspections in the Russian Federation also govern the CBR in any inspection it would wish to undertake in another jurisdiction. (Regulation 147-I on inspection rubric and also Regulation 3463-U.) Any such inspections would also take place in the context of agreed MOUs. In identifying such inspections, the CBR would take into account the significance of the subsidiary or branch to the parent bank, financial condition of the bank, the reliability of its reporting, and results of previous onsite inspections when determining the frequency of its inspections. The CBR noted its practice would be to share and discuss the findings of such onsite inspections with the host supervisors.
EC5	The supervisor reviews the main activities of parent companies, and of companies affiliated with the parent companies, that have a material impact on the safety and soundness of the bank and the banking group, and takes appropriate supervisory action.
Description and findings re EC5	While Regulation 415-P is primarily aimed at assessing the suitability of a prospective shareholder taking a stake over 10 percent, it also includes criteria for assessing the financial position of corporate entities holding—directly or indirectly—over 10 percent of equities (shares) of the bank and measures aimed at improving the unsatisfactory financial position of the specified entities. Under the terms of Regulation 3089-U, the CBR (semi-annually) undertakes a supervisory assessment of banking groups, which contains, in particular, an overview of parent companies’ activity (see EC1). As noted above, the CBR coordinates onsite inspections for the members of a banking group or BHC group. There were a number of such onsite inspections during 2015, organized in different formats (duration, focus, etc.). However, intra-group transactions are a key focus of the onsite inspections, where the inspectors wish to determine that there is a valid economic rationale for transactions. On a related point, coordinated inspections of credit institutions facilitated the identification of signs of “circular” transactions within the banking group where the economic justification appeared insufficient; and also sought to identify where transactions between the bank and its clients might have a significant impact on the stability of the group. In other words, the general objective of the CBR inspections is to uncover the general risks of the banks in the group, whether banks are concealing the true levels of risk and the degree of banks’ involvement in related party lending.
EC6	The supervisor limits the range of activities the consolidated group may conduct and the locations in which activities can be conducted (including the closing of foreign offices) if it determines that: (a) the safety and soundness of the bank and banking group is compromised because the activities expose the bank or banking group to excessive risk and/or are not properly managed; (b) the supervision by other supervisors is not adequate relative to the risks the activities present; and/or (c) the exercise of effective supervision on a consolidated basis is hindered.
Description and findings re EC6	The CBR has ex ante powers to restrict the geographic reach of a bank but not of a non-bank member of a banking group or BHC group (please see CP7). The CBR must grant explicit permission for a bank to establish a non-domestic branch (BBAL Article 35). A bank must meet minimum criteria—Regulation 290-P—in order to obtain permission to create or acquire a subsidiary in a foreign jurisdiction (e.g., meeting the CBR reserve requirements). In such cases, the CBR must also consider the economic feasibility of the proposal. Should the proposal not meet these requirements or if the proposed subsidiary is in a country or territory classified by Russian Federation statues as non-cooperative for the purposes of AML/CFT, the CBR will deny permission. The quality of host-state supervision or the influence on the effectiveness of consolidated supervision are not factors that are explicitly considered. Should the CBR determine that the activities of a bank, a banking group, or a BHC group could endanger the interests of depositors or the banking system (CBL Article 75), its powers under CBL Article 74 are triggered. These powers provide that the CBR may restrict the activities of a bank in a number of respects, including the structure of its assets or its organization. However, although the activities and location of a bank and its branches can be addressed by CBL and, as noted above, the opening new branches may be explicitly prevented, the CBR lacks the powers to oblige the closure of a foreign branch or subsidiary. The powers under CBL Article 74 fall short of providing the CBR with the ability to limit the type or location of an activity by a non-bank member of the banking group or BHC group.
EC7	In addition to supervising on a consolidated basis, the responsible supervisor supervises individual banks in the group. The responsible supervisor supervises each bank on a stand-alone basis and understands its relationship with other members of the group.67
Description and findings re EC7	The CBL (e.g., Articles 57, and 57,1 and 572) establishes that the CBR exercises supervision in respect of individual banks and also banking groups. Pursuant to the CBL, the CBR conducts its supervisory activities on both a stand-alone and consolidated basis. Also, in accordance with the CBL (Article 67), the CBR applies a principle of capital conservation to ensure that a bank does not distribute profits to its parent entity until it has met the minimum level of capital adequacy. The CBR noted that its chief tool for intra-group transactions monitoring is through the supervision of a bank on a solo basis. The CBR monitors distribution of capital and liquidity through the group, not least through the monitoring and assessment of required ratios, and taking all risks into consideration, adjustments to the supervisory plan for a banking group are discussed at the relevant supervisory group meeting.
Assessment of Principle 12	Largely Compliant
Comments	The assessors agree that subsequent to the last assessment, the legal and regulatory framework in respect to consolidated supervision has been significantly developed and enhanced. A number of material deficiencies were noted in the targeted assessment of 2011 which have been resolved by the passage of legislation that was anticipated at the last assessment. Enhancements include: powers to act in the event of violations committed by the parent entity of a banking group, such as to impose restrictions on transactions between the bank and its the parent or group entities (CBL, Article 74); enhanced scope of information exchange with non-domestic regulatory agencies (CBL Articles 51 and 511); information exchange with domestic regulatory agencies facilitated by the merger of the sectoral regulators into the CBR; expanded definition of direct and indirect influence, based on IFRS (BBAL, Article 4); introduction of regime for Bank Holding Groups. The regulatory and legal changes are, nevertheless, still relatively recent and the practical application and supervisory practice based on the new framework is yet to be substantively demonstrated. The assessors believe that the CBR will build up its track record if it continues on its current path, but has not yet had the opportunity to do so. The assessors appreciate that the CBR has already instituted the practice of coordinated inspections of banking and nonbanking entities within consolidated groups. The assessors are also aware that much focus of inspection work is to uncover the nature and extent of intra-group exposures, including to wider group entities that fall outside of the banking consolidation. In considering this principle, the assessors noted that the cross-border dimension of consolidated supervision is still mostly undeveloped (for illustration, assets due to foreign individuals and entities, on a consolidated basis represent approximately 10 percent of the banking sector’s assets). The CBR does not conduct onsite inspections of foreign establishments of Russian banking groups and has not yet clearly scrutinized the Russian banking groups’ management abilities and oversight in managing their non-domestic interests and activities. The CBR has not explicitly considered whether the supervision and oversight by host supervisory authorities is effective or sufficient to the complexity and activities of the foreign establishments. Similarly, as noted in CP5, the mission could not determine whether the CBR routinely confirmed whether a home supervisory authority practiced consolidated supervision at the time a new branch or subsidiary wished to establish in the Russian Federation. In terms of whether cross border establishments are significant for the Russian banking group (or indeed for the host jurisdiction), these supervisory tasks may not be the most urgent priority in a risk based context, but such assessments are still necessary. Greater priority should be placed on establishing whether banking groups with foreign interests have the requisite skills and are exercising effective management and oversight of these subsidiaries and branches. Some legal gaps remain and are a hindrance to the CBR and relate to the perimeter of the consolidation. First, the supervisor may not require the closure of a foreign branch of a Russian bank. Secondly, the supervisor may not prevent the acquisition of a non-bank financial entity by a banking group. This second issue is discussed and graded in the context of CP7, but the issue is important in relation to the effectiveness of consolidated supervision as a banking group might expand in size or in its activities in directions that the group is not able to manage prudently. An ex-post power to restrict or close activities is a second best option in these situations because the damage to the stability of the banking group may already have been sustained.
Principle 13	Home-host relationships. Home and host supervisors of cross-border banking groups share information and cooperate for effective supervision of the group and group entities, and effective handling of crisis situations. Supervisors require the local operations of foreign banks to be conducted to the same standards as those required of domestic banks.
Essential criteria
EC1	The home supervisor establishes bank-specific supervisory colleges for banking groups with material cross-border operations to enhance its effective oversight, taking into account the risk profile and systemic importance of the banking group and the corresponding needs of its supervisors. In its broadest sense, the host supervisor who has a relevant subsidiary or a significant branch in its jurisdiction and who, therefore, has a shared interest in the effective supervisory oversight of the banking group, is included in the college. The structure of the college reflects the nature of the banking group and the needs of its supervisors.
Description and findings re EC1	The CBR, as home supervisor, has established supervisory colleges for two international banking groups (Sberbank and VTB) and participates in the college arrangements for a further ten international groups (domiciled in Austria, China, Cyprus, Germany, Hungary, India, Italy, Netherlands, and the U.K.). In order to enhance the supervision of banking groups, the CBR forms a supervisory team (described by the CBR as a form of domestic college arrangement) for a banking group when certain conditions are met. One of these conditions is whether the bank has a subsidiary on the territory of a foreign state which is supervised by a central bank or another supervisory authority of a foreign state authorized for banking supervision (point 1.3 of Regulation 3089-U). Representatives of a foreign state banking supervisory authority are included in its members subject to the consent of this authority (point 1.4 of the CBR Regulation 3089-U). With respect to domestic organization, the number and composition of the supervisory team for the banking group, including changes in its structure, and distribution of powers between its members, is defined taking into consideration the character and the scale of operations that are carried out in the banking group, and the level and the combination of risks accepted by the banking group. In passing, it may be noted that the other two conditions for a supervisory team to be formed are (a) when the parent bank is a systemically important credit institution as defined and (b) when the parent bank is formally identified by the CBR as exhibiting significantly negative signs. The scope of information that is provided to host supervisory authorities customarily covers the following issues: current situation and main risks of the Russian banking sector, an overview of banking supervision in Russia, regulatory framework, overall profile of the banking group, the role and position of the banking group in the Russian banking system, performance highlights of the banking group, and results of recent onsite inspections.
EC2	Home and host supervisors share appropriate information on a timely basis in line with their respective roles and responsibilities, both bilaterally and through colleges. This includes information both on the material risks and RM practices of the banking group68 and on the supervisors’ assessments of the safety and soundness of the relevant entity under their jurisdiction. Informal or formal arrangements (such as memoranda of understanding) are in place to enable the exchange of confidential information.
Description and findings re EC2	Cooperation, information exchange and interaction between the supervisory team responsible for a banking group with a non-domestic bank and the relevant foreign supervisory authority in the supervision of the banking group is set out in Regulation 3089-U (see, for example, Sections 4.1, 5.3, and 5.4). Based on recent legislative amendments (please see CP3, EC 5), the updated version of a draft MoU in banking supervision with a foreign supervisory authority includes provisions aimed at enhancing cooperation with foreign supervisory authorities specifically in relation to resolution and crisis management, including notification of resolution measures, measures to protect deposits in a parent institution, measures for cross border liquidity support, or other support measures. All information exchange must comply with national legislation, including professional secrecy and confidentiality. The updated version of the MoU, including the procedures for cooperation in resolution, was signed with the Financial and Capital Market Commission of the Republic of Latvia on October 2, 2015. As noted in EC 2 of CP 3, the practical implementation of cooperation agreements (MoUs) covers: the regular exchange of information on arising supervisory issues, with the closest cooperation links established with supervisory authorities of the following countries: Austria, China, Cyprus, CIS countries (especially countries of the Eurasian Economic Union—Belarus, Kazakhstan, Kyrgyzstan), Germany, Hungary, Latvia; regular high-level meetings and meetings of experts from supervisory authorities of Austria, China, Germany, Hungary, Kazakhstan; cooperation, meetings, and information sharing in the framework of supervisory visits and onsite inspections carried out by home country supervisors in Russian members of international banking groups; and regular update of lists of contacts. In practical terms, most exchange of information has been on the basis of bilateral contacts within the past five years. However, colleges of supervisors are held for the two internationally active Russian banking groups on a regular basis. Other, broader, college meetings for cross border banking groups have also been held recently, for example with the Kazakhstan National Bank in 2015 for banking groups that were active in both countries. Bilateral meetings are held with the Chinese Banking Regulatory Commission (CBRC) on a regular basis. The frequency of supervisory college meetings where CBR takes part as a host-member is defined by the home supervisory authority. The usual frequency is once or twice a year. In terms of general issues, it would be normal for the following to be discussed: evaluation of the financial situation of banks—members of the group; assessment of the financial position of the group on a consolidated basis; risk assessment—for some colleges the home supervisor asks all college members to complete questionnaires on risk assessment; plans for oversight activities; and recovery plans. The CBR is also in the process of seeking to establish a MoU with the ECB. Please see CP3 for a discussion of cooperation agreements.
EC3	Home and host supervisors coordinate and plan supervisory activities or undertake collaborative work if common areas of interest are identified in order to improve the effectiveness and efficiency of supervision of cross-border banking groups.
Description and findings re EC3	The CBR engages with foreign supervisors at both high level and expert level, and for jurisdictions where there are more significant home/host relationships, there is more consistent and regular contact, though it is more common to exchange information and discuss issues than plan supervisory activity. Collaborative work arrangements have not been pursued at this time. However, the MoUs signed by the CBR (available on the website) indicate the recognition of the value of such work and set out arrangements for how such collaborative activity would be managed. In some cases, the CBR has cooperated with foreign supervisors to develop more effective practices of consolidated supervision (covering a number of banks and thus covering situations both where the CBR is home and host supervisor).
EC4	The home supervisor develops an agreed communication strategy with the relevant host supervisors. The scope and nature of the strategy reflects the risk profile and systemic importance of the cross-border operations of the bank or banking group. Home and host supervisors also agree on the communication of views and outcomes of joint activities and college meetings to banks, where appropriate, to ensure consistency of messages on group-wide issues.
Description and findings re EC4	The framework of cooperation agreements and MoUs (now signed 38 such agreements and memoranda) determine the conditions of exchange of information between the CBR and the banking supervisory authority of the relevant foreign state. The MoUs are based on a standardized template and, broadly, they indicate that information exchange is upon request although certain information, such as in respect of concerns relating to the parent entity of a group would be notified to the other supervisory authority. The MoUs provide that in the event of concerns can be directed request to the appropriate supervisory authority which forwards the request to the bank. If necessary meetings with the banks and the supervisory authorities can be arranged. MoUs are typically annexed with lists of contact persons including direct contact details which are updated as needed. Communication strategies in respect of delivering supervisory messages to banks are not addressed by the agreement documents but the CBR was able to confirm that questions raised by supervised banks had been discussed in the context of college meetings.
EC5	Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities, develops a framework for cross-border crisis cooperation and coordination among the relevant home and host authorities. The relevant authorities share information on crisis preparations from an early stage in a way that does not materially compromise the prospect of a successful resolution and subject to the application of rules on confidentiality.
Description and findings re EC5	The CBR has a framework agreement in place with one host authority in relation to effective management of cross-border crisis. The CBR has thus, so far, signed an annex to the MoU with the CBRC on crisis management. Provisions on cooperation in the rehabilitation and restructuring of credit institutions are also included in the new version of the MoU with the Commission on the financial and capital markets of Latvia, signed in 2015.
EC6	Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities and relevant host authorities, develops a group resolution plan. The relevant authorities share any information necessary for the development and maintenance of a credible resolution plan. Supervisors also alert and consult relevant authorities and supervisors (both home and host) promptly when taking any recovery and resolution measures.
Description and findings re EC6	According to the CBL (Article 57) and the BBAL (Article 24), the CBR is entitled to demand that a credit organization develop and present to the CBR their Recovery Plans. At the present time all systematically important banks must develop and submit to the CBR financial stability recovery plans. As noted in CP8, currently the CBR is developing regulations to establish the methodology for developing resolution plans (including the content of such plans, and the procedure and timeframe for submission) but active work has not yet taken place on resolution planning. Hence, although there have been discussions on recovery and resolution in the context of the CBR’s cross border relationships, no resolution plans have yet been agreed. At present, institutions are expected to develop their recovery plans with reference to the CBR recommendations (Letter 193-T) in the field of recovery and resolution, and these are addressed to banks with respect to recovery plans. (“On the Methodical Recommendations for the Development of Plans for the Financial Stability Restoration of Credit Institutions,” September 29, 2012). As noted in EC5 above, the CBR has signed an MoU annex with the CBRC on crisis management, covering also recovery and resolution. The MoU with Latvia has also been updated in this regard in 2015. Other MoUs are to be updated. At the present time, the CBR does not participate in resolution colleges of banking groups which contain Russian credit institutions.
EC7	The host supervisor’s national laws or regulations require that the cross-border operations of foreign banks are subject to prudential, inspection and regulatory reporting requirements similar to those for domestic banks.
Description and findings re EC7	In Russia, a banking subsidiary of a foreign banking group is regarded as a domestic bank and therefore treated as a locally owned bank. This treatment is based on the CBL (Article 56), which establishes CBR supervision over banking activities on a stand-alone basis as well as of groups. The supervisory standards, practices, and processes are the same for foreign owned and for domestically owned banks. The supervisory process is based on Regulation 2005-U of April 30, 2008. Similarly, domestic standards (e.g., reporting, inspections) apply to a foreign owned branch located in the Russian Federation. Further details are available, for example, in Instruction147-I regarding onsite inspections of credit institutions (their branches). Russian law does not permit the presence of a foreign owned branch in the territory of the Russian Federation. All foreign owned banks are subsidiaries, which are incorporated locally and thus subject to national treatment.
EC8	The home supervisor is given onsite access to local offices and subsidiaries of a banking group in order to facilitate their assessment of the group’s safety and soundness and compliance with customer due diligence requirements. The home supervisor informs host supervisors of intended visits to local offices and subsidiaries of banking groups.
Description and findings re EC8	Under the CBL (Article 73), access to the premises of credit institutions located on the territory of the Russian Federation is granted to the foreign home state supervisory authorities, provided that the written consent of the bank that is established in the Russian Federation is obtained. The foreign supervisor is obliged to inform the CBR of the results of any such visit. The relevant arrangements are described in the standard MoU between the CBR and the supervisory authority from the country of origin of the bank. Thus the foreign supervisor has the right to check the activity of, and has access to premises of, the cross-border institutions (providing written consent is obtained), as well as other members of the relevant banking group. The foreign supervisor shall notify the CBR of its intention to conduct an inspection and will inform the CBR of the results of such an inspection. These provisions are reciprocal. In practical terms, the CBR has supported the work of foreign supervisory authorities in the context of performing asset quality reviews and has also met with supervisors who were making supervisory visits to representatives of Russian subsidiaries (Netherlands, Turkey). At least one further inspection by a home jurisdiction to the Russian subsidiary is already planned in 2016. For those cases where the CBR is the home supervisor, the CBR has informed the host authorities of a visit to local offices/subsidiaries. Please see CP12 EC4.
EC9	The host supervisor supervises booking offices in a manner consistent with internationally agreed standards. The supervisor does not permit shell banks or the continued operation of shell banks.
Description and findings re EC9	This criterion is not applicable to Russia (no existing shell banks).
EC10	A supervisor that takes consequential action on the basis of information received from another supervisor consults with that supervisor, to the extent possible, before taking such action.
Description and findings re EC10	A standardized MoU provides that supervisory authorities (home/host) shall inform each other, in good time and to the extent reasonable, about any event which has the potential to endanger the stability of credit institutions having cross-border establishments in the other country. According to the standardized MoU, CBR shall also notify a foreign supervisory authority of administrative penalties which it has imposed or other action which it has taken on such a cross-border establishment as host supervisor, or on the (parent) credit institution as home supervisor if the information is important to other authority. There is no recent (post 2014) experience of such information having been received.
Assessment of Principle 13	Largely Compliant
Comments	Removal of legislative obstacles to the exchange of supervisory information have allowed progress in the field of home and host supervisory cooperation. Supervisory expectations and practices have been improving globally over the past five years, as reflected in the 2014 publication of the BCBS principles for effective supervisory colleges (replacing the 2010 document on good practices of supervisory colleges). The CBR’s participation in a number of colleges, as the host supervisor, means that the CBR is informed of and involved with some of the latest developments and practices in respect of home and host cooperation and collaboration. In future it is hoped that greater opportunities for cross border collaboration and cooperation (joint inspections, inspections of non-domestic subsidiaries, and branches) will be pursued actively. While accepting that the CBR has approached the ECB in respect of signing an MoU and has notified the EBA of the 2013 legislative changes protecting the confidentiality of information (as discussed in CP3), and while it is to be hoped that future agreements will support home/host relationships with the EU, it is important for bilateral and college arrangements to be prioritized and college meetings to be re-instituted as soon as practicable for domestic banks with cross border activity and establishments, whether or not all relevant host authorities are able to participate. Initial moves have been made in terms of cross border crisis planning and involvement in recovery and resolution plans for cross border groups, now that the legal provisions are in place, but although the CBR has participated, as a host supervisor, in discussions on recovery and resolution, and has adjusted some MoUs, it has not been possible to achieve much progress at this stage. The CBL (Article 73) contains a potential obstacle to effective home host practices, as a foreign supervisory authority requires written consent to access the premises of a subsidiary established in Russia (foreign owned branch establishments are not permitted). In practice, it does not appear that credit institutions have withheld consent, as cross border supervisory visits have taken place. While it is understood that an institution that is incorporated in the Russian Federation is a Russian institution subject to Russian law, and should therefore be subject to Russian law consistently with other entities, it is recommended that the removal of this provision from the CBL be explored.