How Risk Management System Works in Freedom’s Ecosystem

Our holding consists of a large number of companies in various industries. The core group consists of financial institutions operating within a strict regulatory framework, which requires local risk management teams. These teams are focused on the specific tasks of their businesses.

At the holding level, my team and I are focused, first and foremost, on consolidating the overall risk picture for the group. What makes this complex is its diversity. The spectrum of risks is quite broad, spanning strategic and financial risks to reputational and operational ones. Our task is to integrate these aspects and present a comprehensive picture of the risk profile to the board of directors, the risk committee and senior management.

Along with building a common risk reporting system and implementing a unified approach to the group’s risk profile, my team and I are implementing uniform policies, principles and standards across the holding and its subsidiaries. Each year, we conduct a group-wide risk assessment to help us prioritize our methodological work on the overall risk management system.

The word “control” implies action after the fact. Something happens and we check the event against limits or reports. Risk management is much more useful when it becomes a planning and forecasting tool.

When we move from post-control to “what-if” scenario analysis, risk management becomes an essential element of strategic management. It’s looking forward, not backward. Moreover, looking forward is also essential for identifying hidden opportunities. After all, risk management isn’t always about losses; it’s also about lost profits. Good scenario analysis highlights situations where risk is justified and where additional capital can be safely invested in promising products or areas to extract maximum additional value.

This is a critically important factor. Mature risk management isn’t about internal prohibitions; it’s primarily an indicator that the company is a good one to deal with. It’s a signal for both employees and external stakeholders: investors, regulators and rating agencies.

The latter, by the way, play an important role by evaluating and transmitting this trust to the market. Last year, S&P revised the outlook for our main operating companies from “stable” to “positive,” based specifically on an assessment of our centralized risk management and compliance system within the group. Our efforts are bearing fruit, but more remains to be done.

The most difficult are probably reputational risks, followed by technological risks. On the other hand, financial risks are the most studied; there are well-established methodologies and strong regulations. Operational risks are largely a matter of implementation discipline.

Technological risks have come to the forefront over the past five to 10 years. We are a fintech holding company, and our products are provided online. This increases the speed and quality of service but at the same time creates interdependence: a single failure can lead to a chain reaction.

So, once again, reputational risk is the most complicated, I would say. We are perceived as a single entity, despite the positioning of individual companies. An incident in one part of the holding company can quickly be projected onto the entire group. The peculiarity of reputational risks is that events occur instantly, while the consequences take a long time to resolve. Reputational risks have become a significant factor for us, especially amid information attacks on our holding company. But at the end of the day, for us, this is not just a challenge; it is also an opportunity to learn and grow stronger.

Absolutely. One failure can trigger a chain reaction and lead to significant losses, reflected directly in monetary terms. There are many examples of such cases worldwide.

Overall, diversification reduces risks, but it can also create some complications at the intersections. When companies from different industries interact, they help each other and create cross-products. However, interconnected systems and processes can introduce integration risks.

We have two transaction committees: one under executive management and one under the board of directors. I am a member of the first committee as an expert, and my task is to review proposals submitted to the board of directors. My team and I review projects submitted to these committees, participate in discussions, ask difficult questions when adjustments are needed and request revisions. All significant strategic projects must go through this process.

Acquiring assets is a somewhat sporadic process; there might be several projects to review in a short period of time or just one over several months. Our colleagues from corporate development and mergers and acquisitions conduct a thorough initial screening. Most rejections occur at that stage. The selected projects are then sent to the committees, which more often require revisions than reject projects completely. Sometimes deals are approved on the condition that certain issues be addressed.

First and foremost, it’s a space for open discussion. Challenges and problems are not glossed over; they are discussed before they become reality. A healthy culture means that people understand risk appetite, information flows smoothly both top-down and bottom-up and risk escalation mechanisms are in place. A risk culture is most beneficial when risk management involves not only risk managers but also all decision-makers and those dealing with risks on a daily basis.

Metrics are easy to calculate; implementing them is a matter of data availability and reporting systems. Building processes require more effort, but it’s a matter of time, discipline, and thoughtful design. The hardest part is the mindset. People usually find it difficult to change their habits. Transforming mindsets occurs through trust, training and personal example. In this regard, what is crucial for risk management is the concept of “tone at the top.” In this case, a leader demonstrates to employees how to act, operate and perform through behavior and decisions.

It is true if three things are in place: stress testing and scenario analysis; a clear “Plan B”; and business continuity processes. When we understand how to regroup in the event of a negative scenario, we have a healthy attitude toward risk. And, of course, reporting. It shows our safety cushions, capital reserves and liquidity.

About 20 years ago, risk management was perceived as bureaucracy imposed by regulators, basically an obstacle. Since then, this perception has changed. By definition, the essence of any business is accepting risk for the sake of success. All entrepreneurs ask themselves the question: “What could prevent me from achieving my goals? How can I overcome these obstacles?” The answers to these questions constitute risk management.

Therefore, risk management is the responsibility of every employee, from salespeople to developers. And the job of professional risk managers is to provide methodology and tools to help make informed decisions, not to prohibit action.

Risk management is not an obstacle but a navigation and security system that allows a business to move toward its goals.

Yes, it does. This is the so-called professional deformation. I think in scenarios and probabilities everywhere, not just at work. “What will happen if…?” “What will I do in that case?” A decision tree automatically builds in my head without the emotional overtones of “good or bad.”

Family, sports and meditation. Pretty simple but it works. Professional deformation really gets in the way, so you need distractions. My most productive time is on weekends, which I try to dedicate entirely to my family.

The art of internal negotiation and empathy. You need to understand how the other person thinks and what’s important to them. We have a principle in our company: If you want to implement something new, you have to sell it to decision-makers. In a diversified holding, each company is led by true professionals. They don’t buy anything without a good reason. You have to be able to negotiate with them.