FUIB has an effective risk management system in place that meets the requirements of NBU Regulation No. 64 dated 11 June 2018 "On the Organisation of the Risk Management System in Ukrainian Banks and Banking Groups". The risk management system is a part of the overall corporate governance system of the bank and is aimed at ensuring the stable development of the bank within the framework of the bank's development strategy in all business areas.

To implement all the requirements of the NBU, FUIB developed the following internal regulatory documents:

1. Declaration of risk appetite. The document defines:

- the aggregate level of risk appetite and types of risks that the bank intends to take and hold to achieve its business goals;

- maximum level of risk acceptable for the bank based on the amount of available resources (capital and liquidity needs);

- quantitative and qualitative indicators by types of material risks;

- individual level of risk appetite for each type of material risk;

- types of risks that the bank should avoid.

2. Risk Management Policy and Risk Management Strategy. The documents regulate the organisation of a clear process for effective risk management by setting boundaries and limit parameters for each type of risk, the purpose of which is to carry out a systematic process of identifying, measuring, monitoring, controlling, reporting and mitigating all types of risks at all organisational levels of the bank.

To ensure the stability and security of the bank's business, along with the risk management system, the bank has implemented an internal control system (ICS), which is regulated by the internal regulatory document "Policy on Organisation of the Internal Control System". The document fully complies with the requirements of the NBU Regulation No. 88 dated 2 July 2019 "On Organisation of the Internal Control System in Ukrainian Banks and Banking Groups". The ICS is based on a three-line defence model.

The first line of defence includes business and support units of the bank. The second line of defence is the risk management and compliance departments. The third line is the Internal Audit Department, which assesses the effectiveness of the risk management system of the first and second lines of defence and evaluates the effectiveness of the internal control system.

3 lines of protection provide:

• Identification of risks. The Bank's structural units that carry out banking operations and support them are involved in the process of identifying, assessing and monitoring risks, comply with the requirements of internal regulatory documents on risk management, and take into account the level of risk in carrying out operations.
• Risk management. The Risk Management and Compliance Departments develop risk management mechanisms, methodology, assess and monitor the level of risks, prepare risk reports, perform aggregate risk assessment, and evaluate the ratio of risk to the established risk appetite.
• Internal audit. It conducts an independent assessment of the effectiveness of the risk management system, corporate governance and internal control system, identifies violations and makes proposals for improving the risk management system.

To control and timely respond to any events that may affect the sustainable development of the bank, monthly, quarterly and annual reports are provided for, which are reviewed by the Management Board and the Supervisory Board of the bank. To regulate social issues, FUIB has developed and implemented the following regulatory documents:

• Code of Corporate Ethics
• Anticorruption program
• Corporate Governance Code
• Regulations on the settlement of conflicts of interest
• Порядок організації роботи лінії довіри СКМ
• Rules for financial monitoring
• Procedure for giving and receiving gifts and invitations
• The procedure for staff training
• Procedure for forming the staffing table

Regarding environmental issues, FUIB decided to develop the direction of sustainable development of the bank. Thus, the Declaration of Risk Exposure records the impact of climate risks on corporate credit risks in terms of loss of collateral, borrower default, lack of insurance of collateral; and operational risks in terms of loss of property and/or suspension of the bank's operations (assessing the direct impact of natural factors on business continuity) as a result of natural disasters. In 2021, FUIB developed and approved the concept of climate risk management. This is a new area that will be developed in the bank as part of the Risk Management System.

In 2021, the main risks were related to business continuity in the context of COVID-19. We implemented measures that allowed us to operate efficiently and without slowing down the pace of business. At the same time, the bank's customers were provided with comfortable and reliable remote and branch services.

In 2022, the list of the bank's material risks remained unchanged, but the causes of these risks changed as of 24 February 2022. Thus, for credit and operational risks, the main reasons for their growth were military operations and the introduction of martial law in Ukraine. Credit risks also increased due to the loss of customer solvency during the war. 78% of all actual losses from operational risk in 2022 were losses of property and assets due to hostilities.

In January 2022, FUIB developed and approved a clear response plan for all types of material risks in the event of a threat of hostilities. In terms of credit risks, algorithms for suspending customer lending and debt restructuring scenarios were developed in advance and implemented in March 2022 to reduce the credit burden on Ukrainian individuals and legal entities. To prevent the loss of property and assets, emergency evacuation plans for valuables and personnel were developed, as well as to ensure the continuous operation of critical processes and systems. As a result, the bank's losses were recorded only in the occupied territories and in the territories of hostilities in respect of property that could not be removed due to significant danger and in respect of buildings that were damaged/destroyed as a result of shelling.

Risk management policy

Supervisory Board and the Management Board of FUIB pay special attention to the development of activities on minimization and management of risks. The traditional approach to risk management is based on the fulfillment of regulative requirements of the National Bank of Ukraine, as well as in testing and implementing of global best practices regarding the assessment and management of risks.