-(1)-(1).jpg)
The Russian banking sector continues to evolve, driven by a wide range of dynamic internal and external factors. Despite these substantial pressures, the sector demonstrated strong resilience in 2024. Data from the Bank of Russia suggests that net profit rose year-on-year to RUB 3.8 trillion.[1]
Meanwhile, market sentiment towards the economic outlook remains cautious and skeptical. A 2024 survey of Chief Financial Officers (CFOs) by B1 and NCR reveals that a more pronounced increase in the cost of risk is expected across all segments compared to the previous year. Inflationary pressures also remain elevated, while monetary policy easing is projected for late 2025 or early 2026.
This study aims to explore and compare banks’ expectations around systematic risk assessment and management, and to analyze challenges and opportunities currently shaping the agenda of Chief Risk Officers (CROs). The survey captures the perspectives of 24 credit institutions of varying size and structure. This is the first comprehensive study of its kind in the Russian market.
KEY FINDINGS AND INSIGHTS
- 88% – leadership expectations
- 71% – employee engagement
- 50% – regulatory requirements
- Enhancing capital management through advanced approaches
- Embedding new technologies and AI into core processes
- Significant effort needed to implement new regulatory requirements
- Persistent market volatility and growing relevance of credit and interest rate risks
- Low data management maturity, hindering the development of information systems and adoption of new technologies
- Upskilling employees and developing future-ready capabilities
- Strengthening risk culture across the first line of defense
-
CROs note the rising significance of traditional risks—credit, liquidity and interest rate risks—for maintaining effective banking operations and achieving strategic goals. This shift is largely driven by ongoing geopolitical tensions, monetary policy trends and an evolving regulatory landscape shaped by the Bank of Russia.
-
The emergence of new technologies—such as the use of artificial intelligence and machine learning in business and risk management processes, the digitalization and automation of data handling, import substitution, and the rollout of new IT systems—has a dual impact on risk management.
-
The persistent issue of immature data quality management is affecting more areas—from the automation of a growing range of regulatory reporting to the use of advanced risk assessment approaches, and the adoption of AI and machine learning. The Bank of Russia continues to place a strong emphasis on combating cyber fraud.
-
Emerging regulations around artificial intelligence in Russia could soon add new pressures on banks, potentially imposing stringent requirements that financial institutions need to start preparing for today.
-
Amid evolving regulatory landscapes, rapid tech adoption and rising competition, the foundation of an effective risk management system lies in people. Right now, building a solid risk culture and developing relevant skills among employees is more of a challenge than a strength for many banks
-
Priority areas for the development of banking risk management systems (as identified by CROs):
- Adapting to regulatory change
- Managing data quality
- Enhancing information security risk frameworks
- Optimizing capital allocation for risk coverage
- Deploying AI and machine learning in line with regulatory requirements and restrictions
- Building a stronger risk culture and upskilling staff
CRO PRIORITIES FOR THE YEAR AHEAD
Existing traditional risks are evolving, prompting the need to adapt current management methods and tools. For most CROs, priority risks include credit risk, interest rate risk in the banking book, liquidity and funding risk, information security risk (including cyber risk), and information technology risk.
TRENDS OBSERVED IN THE BANKING SECTOR
- Current monetary policy drives focus on managing credit risk, interest rate risk, and liquidity risk
- As digitalization accelerates, new vulnerabilities emerge, reinforcing the ongoing need for robust information security
- The evolution of information systems brings both new opportunities and additional risks
- Market players do not anticipate a significant impact from the materialization of conduct risk
- Banks primarily allocate their budgets to improving the management of traditional risks in the coming year
KEY DRIVERS OF THE SHIFT IN RISK MANAGEMENT
Management Board
Board of Directors
Employees
Bank of Russia
Clients
The emergence of new factors and drivers impacting the risk management system creates a clear need to enhance specific risk management tools.
Many of these changes stem primarily from the need to adapt to evolving regulatory requirements.
ADAPTING TO REGULATORY CHANGE
In the context of regulatory change and increasing capital requirements, including the introduction of additional capital conservation buffers, banks are seeking ways to optimize capital management, including through advanced risk measurement approaches. Some respondents aim to achieve optimization not only on a standalone basis, but also at the group level.
Seventy-nine percent of respondents already use or plan to adopt the Basel III Standardized Measurement Approach ILM[2] for operational risk assessment. Fifty-four percent apply or intend to apply the IRB approach.
Major banks that have already adopted the IRB approach report improvements in capital adequacy ratios, and average capital savings of approximately RUB 1.7 trillion[3] per institution.
New regulatory requirements for the IRB approach have posed several challenges for banks:
- Banks that have already transitioned to the IRB approach under Bank of Russia Regulation 483-P must now adapt their credit risk management systems to meet the updated standards.
- Banks preparing for the transition face a host of new priorities.
- The Bank of Russia has announced plans to mandate the adoption of the IRB approach by SIFIs in the near future, prompting banks to mobilize resources and align their methodologies, systems, data, internal documentation and processes with the new regulatory framework.
DATA MANAGEMENT MATURITY
Only 17% of surveyed banks reported advanced or leading maturity in data quality management within their risk frameworks. Lower maturity levels at other banks appear to be influenced by limited resources and legacy systems. Regulatory mandates and ongoing digital transformation, particularly in risk management, are expected to narrow this gap over the next 3–5 years.
The role of the CRO in data quality management varies with the scale of the bank. Given the heavy workload of IT teams, accountability for data quality management can become fragmented. A hybrid model may offer an optimal solution, with the CDO overseeing data strategy and the CRO accountable for data use within risk domains.
Basic
Developing
Established
Advanced
Leading
NEW TECHNOLOGIES: OPPORTUNITIES AND CHALLENGES FOR RISK FUNCTIONS
Successful adoption of new technologies depends on high data quality and a robust technological foundation. After major international software providers pulled out of Russia, banks were compelled to shift to domestic software or develop in-house solutions. Budgeting for import substitution varies depending on the bank’s size and readiness for the mandated transition to domestic platforms.
Several additional challenges complicate this transition:
- Fully replacing foreign software requires significant investment.
- There are no mature domestic alternatives for key software modules. Banks are focusing on maintaining current IT infrastructure, client solutions, and urgent regulatory priorities, such as adopting IRB models.
- The Bank of Russia permits temporary use of foreign software as long as data is stored within Russia and there is an action plan to migrate to domestic software by 2025–2027.
Russia’s National Development Goals target at least 80% import substitution among players in key sectors of the economy by 2030, with up to 95% adoption of domestic solutions planned for state-owned corporations and companies.
Artificial intelligence remains a key innovation in the banking sector. The technology is already widely used to automate document analysis, risk assessment, transaction monitoring, credit scoring, model validation, customer inquiry handling, and fraud prevention.
While AI helps optimize processes, its uncontrolled deployment—or implementation by employees lacking adequate expertise—can lead to systemic errors in lending, discriminatory scoring practices, data breaches, and other serious implications violating ethical principles of AI use. Instances have already emerged where excessive automation has compromised service quality and eroded customer trust in financial institutions.
RISK CULTURE AND TALENT: THE CORNERSTONES OF RESILIENCE
According to CROs, the current level of risk awareness and the knowledge and skills of staff in the first and second lines of defense remain insufficient to fully unlock the benefits of transforming risk management approaches.
It is important to highlight that CROs currently stress the critical need to both enhance existing competencies and acquire new skills across all lines of defense.
This skills gap is especially acute among business unit staff who have to combine commercial responsibilities with frontline risk identification and management, often without the specialized expertise needed for the task. More than 80% of respondents emphasize the need to build fundamental risk management competencies within the first line of defense, while over half also point to the importance of expanding existing skills with new capabilities.
Yet, the talent shortage remains a major roadblock to stronger risk management. As finding qualified professionals with sufficient knowledge proves difficult, banks should double down on comprehensive training and upskilling initiatives across all three lines of defense. These efforts are designed to close the skills gap and build competencies tailored to the unique needs of financial institutions. Still, high staff turnover continues to slow sustained progress in this area.
Show references
-
[2] ILM – Internal Loss Multiplier
-
[4] AML (Anti-Money Laundering) refers to a set of measures aimed at preventing money laundering and the financing of terrorism.
-(1)-(1).jpg)
CONTACTS
.png)
Gennadiy Shinin
B1 Partner
Financial Services Leader. Focus on auditing major financial institutions, banking groups and credit institutions
Contact