Risk Management System
Aeroflot Group has put in place an integrated risk management framework outlined in the Regulations on Aeroflot Group's Risk Management System approved by the Board of Directors of PJSC Aeroflot in 2015.
The principles of, and approaches to, the structure and operation of the corporate risk management system (CRMS) of Aeroflot Group are driven by the Guidelines on Drafting the Regulations on the Risk Management System of the Russian Ministry of Economic Development, Internal Control — Integrated Framework and Enterprise Risk Management — Integrated Framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO), ISO 31000 Risk Management — Principles and Guidelines, and the requirements of relevant provisions of the Corporate Governance Code.
Integration of risk management functions into business processes helps to promptly identify risks, assess their materiality, and efficiently respond to them to minimise their adverse impact and/or reduce the likelihood of risks being realised. Such tools as insurance, hedging, setting limits, and coverage requirements are used to mitigate risks. Other risk mitigants are personnel development, upgrading fleet and using advanced technologies in flight safety, aviation security, financial risk management, pilot training, etc.
CRMS operation is based on the following principles:
- continuity — the CRMS operates on an ongoing basis as part of financial and operational activities and management functions;
- integration — the CRMS forms an integral part of corporate governance system and financial and operational activities;
- consistency — processes in the CRMS are driven by approaches and standards that are consistent across Aeroflot Group. Practices and standards adopted by the aviation industry are used to manage industry-specific risks;
- goal linking — risk management is linked to the goals of Aeroflot Group;
- optimality — the following conditions are to be concurrently met:
- effect from the operation of the CRMS or its component exceeds the costs of implementing or operating the system or its component;
- the given level of costs for implementation and operation of the CRMS or its component helps achieve its maximum possible performance, or the given performance profile of operation of the CRMS or its component requires minimum potential costs for implementation and operation of the system or its component;
- reasonable approach to paperwork — the level of formalisation and documentation is aligned with the standards applicable at Aeroflot Group and ensures efficient operation of the CRMS;
- distribution of rights and obligations — rights and obligations are distributed among CRMS participants so as to minimise the risk that CRMS participants commit and conceal an error or unlawful (including criminal) actions (omission), and to ensure compliance with the CRMS operating principles;
- priority — risks are handled according to their significance;
- transparency — relevant and adequate CRMS is guaranteed by proper and timely involvement of stakeholders, in particular, decision makers of all levels;
- use of the best available information — any available information may be used for the CRMS, including oral and written, confirmed and unconfirmed, financial and non-financial information received from any sources, either internal or external. CRMS participants should be aware of all relevant properties and parameters of information they use;
- adaptability and development — the CRMS should constantly evolve and improve through digesting changes in the external and internal environment of Aeroflot Group; and
- reasonable assurance — estimates, conclusions, decisions and recommendations made in the course of the CRMS operation should be based on the necessary and sufficient amount and quality of evidence to consider them relevant, accurate, reliable, timely, and complete.
Risk Management Flow Chart
Risk management is applied across all management levels and functional and project areas. The respective functions are distributed among the Board of Directors, the Audit Committee, the Management Board, and all business units of PJSC Aeroflot. The Company runs both qualitative and quantitative risk assessment and has in place a framework to report on management of key risks across Aeroflot Group.
General Meeting of Shareholders tier:
- Making decisions on matters of the General Meeting of Shareholders.
Board of Directors tier:
- Determining key parameters of the CRMS (goals, tasks, operating principles, architecture, risk appetite, etc.);
- Managing risks within the authority of the Board of Directors;
- Making decisions on providing necessary resources to CRMS participants;
- Assessing CRMS performance;
- Reviewing the risk map.
Executive management tier:
- Operational management and monitoring of CRMS;
- Making decisions on management of risks within the authority of CRMS participants at the executive management level;
- Making decisions on allocation of resources among CRMS participants;
- Making decisions on identifying instruments and parameters for financial risk hedges.
Line management tier:
- Executing, following up, and continuously improving risk management procedures;
- Making decisions on management of risks within the authority of line management.
|Risk identification||Risk assessment||Development, implementation, and follow-up of risk management||Monitoring|
|Definitions and descriptions of risk elements (sources, events, causes, and implications).||Analysing risk, its implications, and forms of impact on achievement of Aeroflot Group's goals.||Developing, implementing, and following up risk management measures to achieve the goals of the Group and the risk management system, and linking risks to applicable risk appetite levels.||Supervising the identification, assessment, implementation, and follow-up of risk management.|
|Currency and commodity price risk||Currency risk is the risk of incurring losses from potential adverse fluctuations of exchange rates.
Commodity price risk is the risk of incurring losses from potential adverse changes in prices of commodities purchased.
|The Group pursues a policy of balancing proceeds and liabilities in each currency and also uses currency hedges.
See below a detailed overview of the impact the realised risk may have on the Group.
|Interest rate risk||Risk of incurring losses from potential fluctuations in market interest rates.||Hedging (transforming floating interest rates under existing lease agreements into fixed rates).
See below a detailed overview of the impact the realised risk may have on the Group.
|Credit risk||Risk of incurring losses from a potential failure by a counterparty to meet its contractual obligations to Aeroflot Group's companies.||A systemic approach including:
|Liquidity risk||Risk of incurring losses from inability of the company to fully meet its obligations as they fall due.||To mitigate the implications and/or the likelihood of these risks being realised, changes in Russian tax laws are monitored, tax systems in foreign jurisdictions and agreements signed by the companies are reviewed, etc.|
|Tax risks||Risks of incurring losses from possible misinterpretation of laws with respect to financial and operational activities resulting in financial uncertainties of such activities after tax.||To mitigate the implications and/or the likelihood of these risks being realised, changes in Russian tax laws are monitored, tax systems in foreign jurisdictions and agreements signed by the companies are reviewed, etc.|
|Capital markets access risks||Risks of incurring losses from the Group's inability to raise capital for its financial and operational activities on acceptable terms.||To mitigate the implications and/or the likelihood of these risks being realised, the market situation is monitored, a competitive environment for credit institutions is set up, and measures to enhance the Group's equity story and upgrade and/or maintain our credit rating are taken.|
|Other financial risks||Other risks that may affect financial performance.||To mitigate the implications and/or the likelihood of these risks being realized, the market environment is analyzed, the terms of service offered by financial institutions are monitored, payments for outstanding invoices are followed up on, etc.|
|Strategic risks||Risks of incurring losses from errors (flaws) made when making decisions on the Group's business and growth strategy.||To mitigate the implications and/or the likelihood of these risks being realized, the market situation is monitored, market players and analysts are consulted, judgements and opinions by leading global experts are used, necessity to upgrade the fleet is analyzed, and specialized business units are involved in strategic planning.|
|Route network planning risks||Risks of incurring losses from wrong decisions made when planning the route network.||To mitigate this risk such methods as requesting slots in advance when interacting with airports, providing standby aircraft, forecasting constraints, monitoring flight loads and the market situation are applied.|
|Service quality risks||Risks of incurring losses from potential refusal by consumers to buy goods or services of the Group's companies as a result of products and services offered by the companies failing to meet the quality requirements of consumers.||To mitigate the implications and/or the likelihood of these risks being realized, a process to obtain feedback from customers through a number of channels and ensure timely, full consideration of all incoming communications and complaints has been put in place. The demand for services offered by Aeroflot Group is also tracked, and measures to enhance service quality, improve consumer loyalty and experience, and monitor employee compliance with regulations are taken.|
|Reputational risks||Risks that an organisation would incur losses as a result of negative perceptions of the organisation's image by customers, counterparties, shareholders (participants), business partners, regulators, and others.||To mitigate the implications and/or the likelihood of these risks being realized, procedures to monitor compliance with process flows and regulations and continuously monitor and analyze the information environment around Aeroflot Group, and maintain communications with NGOs are set up.|
|Operational risks (core business)|
|Aviation security risks||Risks of incurring losses from unlawful interference with aviation activities.||To mitigate the implications and/or the likelihood of these risks being realized, situation is monitored and analyzed and remedial measures to ensure safety at the base airport and destination airports are taken, airports are audited on a regular basis, the level of aviation security at destination airports and compliance with regulations are monitored, independent experts are engaged, and the state of external and internal access control systems is monitored on a 24/7 basis.|
|Flight safety risks||Forecast likelihood and severity of implications of one or several threats being realised with respect to: aviation activities related to aircraft operation or directly supporting such operation (flight and ground, commercial and technical).||To mitigate the implications and/or the likelihood of these risks being realized, aircraft condition, aircraft maintenance, and the operation of the corporate healthcare unit in terms of medical examination of flight crew are monitored, medical equipment is replaced, and operations and operating processes are continuously monitored.|
|Other operational risks (core and non-core business)||Operational risks (core business) are risks of losses that are explicitly due and directly related to air transportation of passengers, baggage, cargoes, and mail.Operational risks (non-core business) are risks of losses that are due, but not directly related, to air transportation of passengers, baggage, cargoes, and mail.||To mitigate the implications and/or the likelihood of these risks being realized, aircraft maintenance processes are monitored and coordinated in line with existing process flows for pre-flight management by the Group's business units and third parties, existing technologies are improved, personnel is selected, trained and provided with advanced equipment and special machinery as well as other necessary procedures are put in place. Key operational risks of the Group are insured.|
|ОOperational risks of support activities and other risks|
|IT risks||Risks of incurring losses from the use of information technologies by the company.||To mitigate the implications and/or the likelihood of these risks being realized, relations with IT vendors and developers have been established, channel redundancy and data backup procedures are implemented, skilled personnel is recruited and trained, and the causes of IT failures are investigated.|
|HR risks||A group of risks that arise from, or affect, the Group's personnel (or an individual employee), including the lack of required/appropriate number of employees as determined based on the current and forward-looking business plans and existing business processes. HR risks may be viewed as any action or omission by personnel (human resources).||To mitigate the implications and/or the likelihood of these risks being realized, an effective recruitment process has been put in place, training and professional development courses for our employees are organized. Also staff pay levels are monitored in order to remain in line with the market and a range of social benefits and guarantees is offered to employees. To mitigate the implications and/or the likelihood of corruption-related HR risks being realized, compliance with anti-corruption procedures and their conformity to anti-corruption (corruption prevention) laws are monitored and safe, confidential and easy-to-use whistle-blowing procedure to report violations of the law or internal procedures have been put in place.|
|Legal risks||Risks of incurring losses from failure to comply with laws; non-conformity of internal local regulations to laws; delays in bringing local regulations in compliance with laws; default on agreements;
risks connected with inconsistency or ambiguity of legislation or changes in laws that may adversely affect financial and business operations of Aeroflot Group.
|To mitigate the implications and/or the likelihood of these risks being realized, a system for informing the Group's business units on legislative changes has been put in place and contracts are analyzed for conformity to relevant legislative requirements.|
|Procedural risks||Risks of incurring losses from errors in internal processes of Aeroflot Group.||To mitigate the implications and/or the likelihood of these risks being realized, the business processes are analyzed and improved, compliance with the regulatory requirements is monitored, and personnel is provided with training.|
|Risks of quality of purchased spare parts, units, components and materials||Risks of losses due to quality and authenticity (originality) of spare parts and units purchased by Aeroflot Group and components and materials to support its core business.||To mitigate the implications and/or the likelihood of these risks being realized, quality of supplies and suppliers' operations is monitored and analyzed, and procurement and supplier selection procedures are improved.|
|Economic security risks||Risks of losses related to changes in the corporate internal and external environment that may lead to the relevant item losing its economic value.||To mitigate the implications and/or the likelihood of these risks being realized, an effective system to monitor, identify, localize and prevent threats and vulnerabilities has been put in place, and steps to monitor employee compliance with economic and information security requirements, and to identify and prevent offences on an ongoing basis are taken.|
|Legal risks of corporate executive bodies||Risks of losses related to potential civil or administrative prosecution of individuals that act as sole executive bodies or are members of collective executive bodies for action or omission committed by them when managing the company.||Aeroflot Group has launched a number of insurance programmes covering a broad range of operational risks of support operations, including motor insurance, comprehensive civil liability insurance, hazardous industrial facilities insurance, liability insurance for temporary storage owners, liability insurance for the Board of Directors and the Management Board, and property insurance.|
|Risks of impact by external (uncontrollable) factors||Risks of losses that have external (beyond control of the company) causes and are inherent to any type of activities (natural risks (natural hazards), risks of man-made disasters, etc.).||To mitigate the implications and/or the likelihood of these risks being realized, the necessary response measures, including flight suspension, route changes, extra measures to increase flight safety and to ensure aviation security, and to enhance sanitary and epidemiological control are taken.|
|Investment (project) risks||Risks of incurring potential unexpected losses from investment uncertainties.||To mitigate the implications and/or the likelihood of these risks being realized, the due diligence procedure has been set up, the progress of project implementation is monitored, the results are assessed and budget performance is monitored, etc.|
|Occupational safety risks||Risks of incurring losses from factors related to the Group's financial and business operations which may damage the health and life of employees at workplaces.||To mitigate the implications and/or the likelihood of these risks being realized, working conditions are improved and environmental management guidelines have been drafted in line with the requirements of ISO 14000 and approved. The fleet is upgraded by adding last generation aircraft that offer enhanced fuel efficiency and lower harmful emissions and comply with the requirements of Directive 2008/101/EC O, also other measures are taken.|
|Other operational risks||Other operational risks.||To mitigate the implications and/or the likelihood of these risks being realized, the operation of systems is monitored, measures to enhance efficiency and performance control are taken, relations with aviation authorities are maintained, and reporting system is improved.|
Impact of Key Financial Risks Realised in 2015
Financial risks are related to the likelihood that actual performance would differ from targets as a result of various financial and economic (primarily external) factors affecting the Group. Key financial risks of the Group include all types of the market risk (currency, price, interest rate risks).
Market risk factors that influence operations of Aeroflot Group comprise: currency exchange rates (EUR/RUB, USD/RUB, EUR/USD), fuel prices, and interest rates (mainly LIBOR).
The market risk management system primarily aims to reduce the Group's exposure to external risk factors.
In 2015, these risk factors had a major impact on the Group's performance due to considerable changes in exchange rates, fuel prices, and highly volatile foreign exchange and commodity markets. In 2015 (as at 31 December 2015 y-o-y),
- rouble depreciated against both US dollar (by 19.4%) and Euro (by 7.3%). Moreover, the reporting year saw the Euro weaken against the US dollar (by 11.4%) putting Aeroflot Group at a disadvantage as growth rates of USD-denominated costs outpace EUR-denominated revenue growth rates;
- Brent oil price fell 35%. However, price per fuelling in rouble terms was affected by rouble devaluation.
Currency and Price Risks
Aeroflot Group is exposed to currency risk as a considerable amount of income and expenses of the Company are affected by fluctuations of EUR/RUB and USD/RUB rates:
- the Company receives revenue from ticket sales. Tickets for most international flights are priced in euros;
- costs of fuel, lease payments and maintenance (key FX costs) are denominated in USD and EUR.
Our currency risk management primarily focuses on reducing the Group's exposure to currency risk factors. As a result, Aeroflot Group pursues a policy of balancing proceeds and liabilities in each currency and also uses currency hedges. On top of that, Aeroflot Group is exposed to currency risks from revaluation of assets and liabilities in USD and EUR. The Company does not hedge this risk as it does not affect its actual cash flows. Aeroflot Group's price risk arises from the fuel purchase contracts as the contractual pricing formula is linked to global oil prices. In 2015, the Group's fuel expenses came at 25.4% of total operating expenses. The Group uses hedging instruments to manage price risks.
The risks have been realised. The positive FX effect on Aeroflot Group's revenue was RUB 66.3 billion. The negative FX effect on operating expenses was RUB 66.8 billion.
In 2015, fuel costs grew 8.2%. The positive effect of the declining oil prices (the decline in oil costs net of the FX effect was RUB 16.4 billion) and the positive effect of FX-denominated prices were offset by the rouble depreciation, and other factors that influenced the growth of the Group's operations.
The hedging policy was revised to reflect the current market situation. No risks for 2016 were hedged as at 31 January 2015. Risk hedging in 2016 may be resumed after the new hedging policy (still under development as at 31 December 2015) is approved. The new policy will reflect the company's adjusted risk profile in terms of the breakdown of FX proceedings and links between oil prices and the rouble exchange rate.
Interest Rate Risk
In 2015, PJSC Aeroflot took the following steps to develop comprehensive risk management:
- At its meeting of 26 November 2015 (Minutes No. 7), the Board of Directors approved, and the CEO of PJSC Aeroflot, by Order No. 438 of 29 December 2015, adopted the Regulations on Aeroflot Group's Risk Management System (the “Regulations”) compliant with the Guidelines on Drafting the Regulations on the Risk Management System of the Russian Ministry of Economic Development, Internal Control — Integrated Framework and Enterprise Risk Management — Integrated Framework of the Committee of Sponsoring Organisations of the Treadway Commission (COSO), ISO 31000 Risk Management — Principles and Guidelines, ISO 31010 Risk Management — Risk Assessment Techniques, and the requirements of relevant provisions of the Corporate Governance Code approved by the Board of Directors of PJSC Aeroflot and setting out the general principles of, and approaches to, the structure and operation of the risk management system. The Regulations lay down the fundamentals of a unified risk assessment and management methodology (goals, tasks, principles of organisation and operation of the corporate risk management system, and approaches to the distribution of rights, obligations and responsibilities of participants of the risk management system at PJSC Aeroflot and its subsidiaries);
- The resolution of the Board of Directors of 26 November 2015 (Minutes No. 7) sets up a standalone risk management unit (office) to:
- generally coordinate risk management processes;
- develop guidelines to govern risk management processes;
- arrange personnel training in risk management and internal control;
- review the risk portfolio and develop proposals on response strategy and reallocation of resources to manage respective risks;
- prepare consolidated risks reports;
- perform day-to-day monitoring of the risk management process in the Company's business units and in its controlled entities, as prescribed;
- prepare information and inform the Board of Directors and the executive bodies as to efficiency of the risk management process and on other matters contemplated by the risk management in Aeroflot Group.
- Comprehensive efforts to ensure that PJSC Aeroflot's business units identified and assessed risks (including their own risks) have been carried out
Plans for 2016
Aeroflot Group is committed to building a unified risk management framework across all airlines of the Group based on the approaches adopted by PJSC Aeroflot.
Risk management development plans for 2016 include improvements to the corporate risk management system both for individual and unit risks, as well as across Aeroflot Group in general.
2016 plans are as follows:
- Design and adopt elements of the unified risk management framework (methods to assess risk appetite, corporate risk and risk management system performance; a system of key risk indicators; and a risk management standard);
- Run an in-depth study of risks identified by business units, including risk identification, assessment and monitoring approaches, methods and procedures, and steps taken to reduce the risk level, and
- Prepare a risk map and a risk register.