With Regard To The Question Of Ensuring The Bank's Economic Security

Abstract

The article considers the basic conditions for maintaining the economic security of the bank, the importance of information flows in its internal control system and the main tasks of the integrated information system. The creation of such a system in the bank will allow harmonizing the management process within the framework of the concept of economic security. It has been revealed that today the issue of economic security of banks is under study and is the subject of increased attention of many modern scientists. The paper explores the model of “three lines of defence”, which regulates the elements of internal control; classification and key banking risks identified. The combination of banking risks leads to threats to the normal functioning of the bank and weakens the system of its economic security. Based on the study, the author developed a “four lines of defence” model of the bank, which includes both internal control within the bank and external control by the Bank of Russia, independent auditors and the Federal Tax Service. On its basis, risk management tools have been developed, which are presented in the model of organizing the system of internal and external control in the bank. Based on the study, recommendations are proposed aimed at improving the system of internal control of the bank.

Keywords: Internal control systemeconomic security of the bankinternal auditorfour lines of defence

Introduction

Today, the concept of "economic security" can be considered from the point of view of the state, a single enterprise or individual. In the first case, state economic security is a comprehensive system that ensures the proper functioning of public education, and also protects the level of political, legal, financial and economic spheres of life of the state. This system is aimed at the development of society, as well as its financial and socio-political stability. A high level of economic security of the state guarantees the population a stable and reliable functioning of the most important public institutions, as well as a decent standard of living.

In the second case, in enterprises, the economic security system is an internal mechanism of activity that ensures the sustainable development of the organization and allows you to protect its assets and functioning systems. An effective system of economic security means measures to protect long-term development, allowing not to confront threats and challenges, but to prevent them, eliminating the prerequisites for their occurrence. It is aimed at ensuring the stable and stable functioning and development of the organization, the implementation of the main commercial interests and goals of the authorized activities.

If we talk about the economic security of an individual, then it can be defined as a set of conditions under which a person’s social guarantees and protection against emerging risks and threats to his personal interests, needs and freedoms are ensured. To achieve the goals and objectives of this article, we will further consider economic security from the point of view of the enterprise.

Problem Statement

There are many works in modern economic literature devoted to the study of topical issues of improving the system of economic security of banks, building a system of internal control - this is primarily the work of Ackroyd and Marsden (2006), Adrian, Covitz, and Liang (2015), Ellul (2015), Fedotova, Chugumbaev, Chugumbaeva, Sukhinin, and Kuzmina (2019), Fedotova, Lomakin, Tkachenko, and Gontar (2019), Han (2018), Ostapiuk, Karmaza, Kurylo, and Timchenko (2017), Ryan (2018), Saltanova (2017), Suglobov and Svetlova (2015), Zyabrova and Vasilyeva (2016). Nevertheless, today there are still many unresolved issues related to problems of identification and neutralization of risks and threats, the establishment of an effective internal control system that provides stable and reliable protection of customer information, assets and personal data.

In the context of the aggravation of the macroeconomic situation, the imposition of sanctions and restrictions on settlement transactions, economic security in the banking sector is coming to the forefront, which allows for its development and prevention of risks and threats of both an external and internal nature. In the context of the development of the digital economy and the transfer of settlement operations to cashless or virtual form, the need to ensure the security of information systems, financial resources and property of banks by creating a financial security system is even more relevant.

Based on the study of the opinions of various authors, it is possible to specify the concept of economic security of the bank, which is understood as a comprehensive system that ensures the economic security of the bank from the negative effects of destabilizing factors, external and internal threats, and provides conditions for stable, efficient functioning and maximization of profit.

Research Questions

The economic success of a commercial bank directly depends on the quality of its economic security system in all areas of activity, which, in turn, is dependent on a large number of external and internal factors, among which it is worth highlighting personnel as an internal threat. Despite the active digitalization process, it is the activities of bank employees that are one of the key threats to economic security.

Economic security also covers the protection of the intellectual property of the organization. It ensures the safety of intangible assets, the development and maintenance of an information system, countering the risks and threats of theft of property, cash, development and technology, as well as financial schemes for interacting with customers

Purpose of the Study

The current state of the banking sector and the existing problems in ensuring economic security have determined the main goal of the study, which is to study the current state of development of the economic security system of a commercial bank, identify key risks and threats, and develop recommendations for improving the internal control system based on the model of four lines of defence.

Research Methods

The Bank’s internal control system (BICS) is being built taking into account the requirements of the Bank of Russia. Its primary tasks are ensuring the effective implementation of the bank's activities, rational management of its assets and liabilities, reducing banking risks to an acceptable level that allows for monetary transactions.

One of the functions of BICS is the information support of external and internal users. It is information generated inside the bank and coming from external sources that is the basis with which you can ensure and control the level of economic security of the bank. In this regard, the creation of a single integrated information system (IIS) will allow to achieve harmonization of the process of managing a commercial bank within the framework of the concept of economic security.

Findings

According to Suglobov and Svetlova (2015) a modern and effective IIS is aimed at ensuring the economic security of a commercial bank, supported by the information resources of financial, managerial, strategic and tax accounting.

Agreeing with the opinion of the authors Suglobov and Svetlova (2015), we consider it not entirely justified to separate strategic accounting into a separate category, since the concept of “managerial accounting” is broader than the concept of “strategic accounting”.

The authors of the article formed the main tasks of the IIS, presented in Figure 01 .

See Full Size >

Currently, most credit organizations in the world have introduced the “three lines of protection” model, which is a universal and fairly understandable mechanism that ensures the functioning of IIS and effective risk management. A feature of this model is the need for constant monitoring and adjustment for its proper functioning, as well as its lack of independence. In addition, the debatable issues of the functioning of the “three lines of defense” model are insufficient knowledge of risks and control procedures on the first line, insufficient level of professionalism on the second line and inadequate and biased risk assessment by the internal auditor.

In order to ensure its economic security, Sberbank PJSC introduced an IIS based on the “three lines of defense” model (Sberbank, 2011).

According to Zyabrova and Vasilyeva (2016) the economic security system of Sberbank PJSC is built on a three-level internal control system. In our opinion, one cannot underestimate the importance and role of external control exercised by the Bank of Russia, independent auditors, and the tax inspectorate as an essential element to ensure an effective system of economic security for the bank.

Figure 02 presents all levels of control over the activities of the bank aimed at maintaining and further developing it.

See Full Size >

Bank employees, performing their duties and carrying out banking operations, carry out operational control of the first level.

The second level control is carried out to identify and eliminate the identified deficiencies in the bank (Zyabrova & Vasilyeva, 2016) in two directions: control over the first line of defense and control carried out by the structural units of the bank, within the framework of their functional duties.

At this level, at all stages, along with other control measures, it is possible to apply an examination conducted in accordance with the bank’s regulatory documents by decision of the management or an authorized head of the unit (Zyabrova & Vasilyeva, 2016).

The most important in the control system are the first and second levels. No carefully designed action plans and programs can take into account all possible errors and circumstances. Control at the first and second levels is necessary in order to correct or solve problems to eliminate or reduce uncertainty. The control of the first level makes it possible to anticipate crisis situations, timely respond to negative trends and processes, preventing them. Errors and minor unresolved issues are always there and their number is very large, which exceeds the critical mass. Of course, this happens if they are not solved or solved much more slowly than they arise.

The control of the second level allows you to identify and eliminate errors even before their consequences lead to a crisis situation. At this level, the largest and most important part of control measures is carried out, ensuring that the first level error does not develop into an error that has significant consequences for the bank.

The third level control is carried out by the internal auditor or auditor, his task is to check the effectiveness of the organization of the economic security system, internal control and control the performance by employees and bank managers of their duties. In this regard, the role of the internal auditor is to verify the reliability of the functioning of banking structures and employees. Thus, a transition is being made from direct control measures to the control of activities and inspections conducted at the first and second levels. Auditors, analyzing the control of the first and second level, develop guidelines for employees aimed at preventing, eliminating and preventing future errors and threats identified.

The control of the fourth level is the external level of control exercised by the Bank of Russia, the Federal Tax Service, and the Federal Customs Service. This level of control has the highest level of independence and is an important element not only for the economic security system of the bank, but also for the entire management link as a whole.

The size and scale of the credit institution determine the structure of the economic security system and the number of personnel performing control functions. In accordance with the recommendations of the Basel Committee on Banking Supervision (BCBS), it is necessary to observe the principle of rationality in building the internal control system. Therefore, it is especially important to formulate such a control system in which the optimal ratio of costs for its maintenance to a positive result of the bank’s activities, ensured by an effective system of economic security, is achieved.

However, there are situations when medium-sized banks cannot afford to maintain a large staff of internal control staff in practice. Instructions and recommendations of the Bank of Russia force credit organizations to increase the staff of controlling divisions again and again. Maintaining a minimum number of employees of controlling divisions, in turn, leads to an increase in the load on inspections of banking business processes per employee, and this often causes difficulties, including due to the limited time for such inspections. Moreover, the process should be built in such a way that after the verification it is necessary to make sure that the recommendations of the controlling services are followed and that the violations identified are eliminated (Saltanova, 2017).

In the economic security system of a credit institution, a significant place should be allocated for risk management, including their identification, classification, as well as their assessment and analysis. Sberbank PJSC has developed its own risk management system, which is part of the bank’s overall management system and is aimed at ensuring sustainable development within the framework of the Development Strategy approved by the Sberbank Supervisory Board.

The risk management system in the bank is being formed in accordance with the requirements of the Bank of Russia, other regulatory legal acts, as well as the recommendations of the BCBS. Nevertheless, despite this, one of the main problems in the development of the banking sector is the violation of economic security associated with a lack of understanding and formation of a risk management strategy.

According to the report of Sberbank PJSC for 2018, the key risks are: credit, market, operational, liquidity and other risks, presented in table 01 .

Thus, the normal functioning of the internal control system directly affects banking risks. Each year, it is necessary to develop and modernize its policy to minimize and eliminate risks. Even despite the large number of risks, it is necessary for everyone to choose their own approach and management method.

On the basis of the study and the four-level control system of a commercial bank presented in Figure 02 , the author's model of the bank’s “Four lines of defense” was developed (Figure 03 ). The combination of banking risks leads to threats to the normal functioning of the bank and weakens the system of its economic security. That is why it is important to timely monitor the emergence of threats on the first line of defense.

See Full Size >

See Full Size >

The second line of defense will prevent threats that arise at the first level and prevent the development of negative consequences, as well as regulate the process of accepting risks, their limitation and control over them. In addition, at this level, to form an effective control system and to minimize potential conflicts of interest, the bank's organizational and managerial structure is formed taking into account the consolidation of functions and responsibilities between departments and employees in accordance with the principle of “Four lines of defense” presented in Figure 04 . The model is based on the Bank of Russia Annual Report for 2018 (The Central Bank of Russian Federation, 2019) and in accordance with the approved Risk and Capital Management Strategy of Sberbank Group PJSC. Each unit has the authority and responsibility to ensure economic security. Each department is subject to certain elements that are part of the bank's organizational management system.

Conclusion

Based on the conclusions presented above, the following recommendations can be made to improve the internal control system:

Thus, in the conditions of a constantly changing economic situation in the country and in the world in order to ensure the economic security of both the bank and the financial system of the country as a whole, the introduction of the “four lines of protection” system will allow commercial banks to create an effective control system, aimed not only at identifying existing errors, but also the prevention of emerging risks and threats, both long and short term.

References

• Ackroyd, P., & Marsden, S. (2006). Enhancing safety culture - simple, effective approaches to making improvement. Paper presented at the Institution of Chemical Engineers Symposium Series, 151, 479-501.
• Adrian, T., Covitz, D., & Liang, N. (2015). Financial stability monitoring. Annual Review of Financial Economics, 7, 357-395. DOI: 10.1146/annurev-financial-111914-042008.
• Ellul, A. (2015). The role of risk management in corporate governance. Annual Review of Financial Economics, 7:1, 279-299. https://doi.org/10.1146/annurev-financial-111414-125820
• Fedotova, G. V., Chugumbaev, R. R., Chugumbaeva, N. N., Sukhinin, A. V., & Kuzmina, E. V. (2019). Increase of economic security of internet systems of credit organizations. In E. Popkova (Ed.), The Future of the Global Financial System: Downfall or Harmony. ISC 2018. Lecture Notes in Networks and Systems, 57 (pp. 922-931). Springer, Cham. https://doi.org/10.1007/978-3-030-00102-5_98
• Fedotova, G. V., Lomakin, N. I., Tkachenko, D. D., & Gontar, A. A. (2019). Peculiarities of digital transformation of the system of bank’s economic security. In E. Popkova (Ed.), The Future of the Global Financial System: Downfall or Harmony. ISC 2018. Lecture Notes in Networks and Systems, 57 (pp. 1104-1112). Springer, Cham. https://doi.org/10.1007/978-3-030-00102-5_116
• Han, R. (2018). Financial internationalization and financial security issues. Open Access Library Journal, 5, e4874. https://doi.org/ 10.4236/oalib.1104874
• Ostapiuk, N., Karmaza, O., Kurylo, M., & Timchenko, G. (2017). Economic security in investment projects management: Convergence of accounting mechanisms. Investment Management and Financial Innovations, 14(3), 353-360. https://doi.org/ 10.21511/imfi.14(3-2).2017.06
• Ryan, S. (2018). Recent research on banks’ financial reporting and financial stability. Annual Review of Financial Economics, 10, 101-123. https://doi.org/10.1146/annurev-financial-110217-022700
• Saltanova, L. (2017). Organization of the internal control assessment process (for example, Sberbank of Russia PJSC). Economics and Society, 12(43). 969-975. [in Rus.].
• Sberbank (2011). The regulation on the internal control system at Sberbank of Russia dated October 17. 2289. 5-10. Retrieved from www.sberbank.com/common/img/uploaded/files/pdf/normative_docs/supervision_regulations.pdf Accessed: 02.09.19. [in Rus.].
• Sberbank (2019). Risk and capital management strategy of Sberbank Group dated April 16, 2019.11.23. Retrieved from www.sberbank.com/common/img/uploaded/files/pdf/normative_docs/risk-and-capital-strategy_rus.pdf Accessed: 02.09.19. [in Rus.].
• Suglobov, A. E., & Svetlova, V. V. (2015). Internal control in the system of ensuring economic security of credit organizations: monograph. Moscow: Publishing House "Gorodets". Retrieved from https://unitech-mo.ru/upload/iblock/c70/c7008f03d0a13374112afd2b163c423e.pdf Accessed: 02.09.19. [in Rus.].
• The Central Bank of Russian Federation (2019). Annual report of the Bank of Russia 2018. Retrieved from www.cbr.ru/Collection/Collection/File/19699/ar_2018.pdf Accessed: 02.09.19. [in Rus.].
• Zyabrova, N., & Vasilyeva, T. (2016). Organization of intra-bank control in the activities of a commercial bank. Actual Problems of the Humanities and Natural Sciences, 6-2, 59-62. [in Rus.].