JSC "FUIB" has an effective risk management system that meets the requirements of the NBU Regulation No. 64 dated June 11, 2018 “On the Organisation of the Risk Management System in Ukrainian Banks and Banking Groups”. The Risk Management System is a part of the overall corporate governance system of the bank and is aimed at ensuring the stable development of the bank within the scope of the bank’s development strategy in all business areas.

To implement all the requirements of the NBU, the following internal regulatory documents have been developed by JSC "FUIB":

1. Declaration of risk exposure. The document defines:

- the aggregate level of risk appetite and the types of risks that the bank intends to take and hold to achieve its business goals;

- the maximum level of risk acceptable for the bank based on the amount of available resources (capital and liquidity needs);

- quantitative and qualitative indicators of risk appetite by types of material risks;

- individual level of risk appetite for each type of material risk.

2. Risk Management Policy and Risk Management Strategy. The documents regulate the organisation of a clear process for effective risk management by setting limits and thresholds for each type of risk, which aims to implement a systematic process of identifying, measuring, monitoring, controlling, reporting and mitigating all types of risks at all organisational levels of the bank.

RMS policy

To ensure the stability and security of the bank’s business, the internal control system (ICS) has been implemented along with the Risk Management System, which is regulated by the internal regulatory document “Policy on the Organisation of the Internal Control System”.

Policy of the ICS

The document fully complies with the requirements of the NBU Regulation No. 88 dated July 2, 2019 “On Organisation of the Internal Control System in Ukrainian Banks and Banking Groups”.

The ICS is based on the model of three lines of defence:

• the first line of defence is the business and support units of the bank;
• the second line of defence is the risk management and compliance management units;
• the third line is the Internal Audit Department, which assesses the effectiveness of the risk management system by the units of the first and second lines of defence and evaluates the effectiveness of the internal control system.

The 3 lines of defence provide:

• Risk identification. The bank’s structural units that carry out banking operations and provide support for them are involved in the process of identifying, assessing and monitoring risks, comply with the requirements of internal regulatory documents on risk management, and take into account the level of risk in the course of operations.
• Risk management. The Risk Management and Compliance Management develop risk management mechanisms, methodology, assess and monitor the level of risks, prepare risk reports, perform aggregate risk assessment, and evaluate the ratio of risk to the established risk appetite.
• Internal audit. Carries out an independent assessment of the effectiveness of the risk management system, corporate governance and internal control system, identifies violations and makes proposals for improving the risk management system.

The Bank maintains a high level of risk management culture, which is an integral part of the corporate governance system.

The Bank adheres to the principles of responsible risk management at all organizational levels and ensures the integration of a risk-oriented approach into management decision-making processes.

The main principles and components of risk culture are disclosed in the Declaration of Ensuring a High Level of Risk Management Culture of JSC "FUIB":

Risk Culture Statement

The Management Board and the Supervisory Board of the bank annually approve the results of the self-assessment of the level of risk culture development.

The bank's management creates the necessary atmosphere (tone at the top):

• adheres to defined corporate values;
• ensures that all employees understand their role and responsibility in risk management;
• ensures that all employees are regularly informed about the bank's strategy, policy, and approaches to risk management and conducts staff training and knowledge testing on risk management and compliance issues;
• encourages the free exchange of information on risks.

A high level of risk management culture contributes to ensuring the financial stability of the bank, protecting the interests of clients and shareholders, as well as compliance with the requirements of the legislation of Ukraine and regulatory legal acts of the National Bank of Ukraine.

To monitor and respond in a timely manner to any events that may affect the bank’s sustainable development, monthly, quarterly and annual reports are prepared and reviewed by the bank’s Management Board and Supervisory Board. JSC "FUIB" has developed and implemented the following regulatory documents to regulate social issues:

• Code of Corporate Ethics
• Anti-Corruption Programme
• Corporate Governance Code
• Conflicts of Interest Management Policy
• Regulations on the Organisation of the SCM Group Trust Line
• Regulations on Giving and Receiving Gifts and Invitations
• Staff Training Rules
• Regulations on the Organisation and Implementation of the Staff Adaptation Process
• Staffing Rules

Also, since 2024, JSC "FUIB" has introduced the management of environmental and social risks of the bank by assessing loan projects. To learn more about the basic principles of environmental and social risk management, please follow the link.

JSC "FUIB" has implemented and effectively operates a Business Continuity Management System to maintain the stability and reliability of financial services. The Business Continuity Management System covers all key processes of the bank, information systems and critical infrastructure, ensuring their resilience to potential failures and quick recovery in case of emergencies. The business continuity management system involves the development and regular testing of business continuity plans, reservation of critical resources and training of staff in crisis management.